Theo de Raadt has lifted the veil off OpenBSD 4.3. “We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD’s record of more than ten years with only two remote holes in the default install.” Boasting as always, but when it’s justified, arrogance is a virtue.The OpenBSD 4.3 page lists an enormous set of changes, improvements, fixes, and new features. When it comes to platform support, SMP support on sparc64 has been improved, hppa has received some love, as well as mvme88k and sgi. Major changes also on the driver front, new tools, as well as new functionality.
There’s a comprehensive changelog, with a separate list of changes in the ports collection. You can download it from any of the mirrors, or order a CD if you want to support OpenBSD.
Theo is so arrogant, he has two remote assholes.
And you are one of them.
OpenBSD is the best UNIX-like OS I have ever tried. The documentation is awesome, you can actually get things working by reading the manual pages, the code follows style guidelines, and its developers do really believe in free software, refusing to write NDAs with hardware vendors where others pull their pants down.
The base system has a partition reserved in my Laptop. Looking forward to upgrade to 4.3.
If you don’t like Theo, go swim with Puffy.
I won’t go into detail regarding any insults, but I’d like to comment on your following statement:
This is what I really like about OpenBSD and the “three big BSDs” in general (OpenBSD, FreeBSD, NetBSD). The developers do really take the time to write excellent manpages. Everything in the OS is documented, from the system utilities, the kernel interfaces, over the usual maintenance procedures up to library calls and file formats. Nearly everything within the OS has a manpage that is really helpful and, if may say this, written with the user in mind. No “no manpage availabe”, “type –help for help” or “visit the Wiki on … for more information” or “put this and that into google and see”. No – everything is available just after install. This is how it should be.
You mentioned style guidelines, too. If you read the kernel and system sources, you will notice that they are very tidy, they contain comments and well intended identifiers. So even if you’re a fan of modifying the source in order to get something special working, OpenBSD is very helpful here.
I can always applaude the OpenBSD developers. Great operating system, always a joy to use.
….with only two remote holes….
with only two acknowledged remote holes he means. The rest of them, he just denies or ignores. Lamer….
P.S.
http://pwnie-awards.org/winners.html#lamestvendor
Edited 2008-04-30 23:22 UTC
No, the OpenBSD project takes any remote hole in a default install VERY seriously.
I like OpenBSD and often like to reminisce on its progress. I remember the 22st release on CD and 23th FTP release as though they happened a day ago.
It is nice to see that changes made to ports in July 2006 made it into this release, or did my brain just stroke off there for a second?
Despite Theo’s character, You must admit that he’s the absolute best friend to the Open Community as we know.
And, in related news, WPA is now part of OpenBSD -current (so it will be in 4.4 scheduled for release later this year). Many, but not all chipsets are supported, including Atheros and Intel, and more are coming.
I have tested it on my Thinkpad x40 and it works great. WPA is one thing I really wanted OpenBSD to have and now it’s here.
Edited 2008-05-01 00:48 UTC
Its terrible that it has taken this long; for something that is meant to be security orientated operating system, WPA seems very low on their priorities.
Because WPA _is_ low security.
WPA is, WPA2 is NOT.
VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi… which usually secures the IP packets at layer 3… which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)… therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.
Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.
It was not a priority because the people working on the net80211 layer were not using Wifi in the real world so they didn’t care. This has since changed. Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.
I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.
Huh? I don’t see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.
Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.
Edited 2008-05-03 11:19 UTC
IPsec != OpenVPN. I don’t want to setup VPNs of any kind to workaround the real problem. Now that it has been resolved everyone is happy.
And what is your point? You’re not stating anything that is new.
No one has denied that there was not a purpose to WPA support, but developers that write the appropriate code and developers which have the time to do so do not appear out of thin air.
I never said that, that’s why I used the term VPN in my original comment. IPsec is not the only VPN that you can use on OBSD, and you shouuld already know that.
If you don’t want to use it that’s fine. I am not here to start a WPA vs VPN war.
That however doesn’t show how it is unrealistic to use VPN to join my AP, when it actually just works in the real world.
And you think you are stating anything new? You were just merely repeating my point. I don’t see what you are arging about here.
Code does not come out of thin air. It requires developers interested and willing to write the code.
and then the first comment goes on to say: 22st
I have nothing to add
I said 22st AND 23th. I was being sarcastic due to the two errors in the original. It’s not very fun if I have to spell that out for people though.
Does OpenBSD support any kind of virtualization for server consolidation? It seems all the current options are available only for Linux – be it for server or desktop. Currently testing NetBSD/Xen but would like to see something along the lines of KVM for Linux.
I remember reading an interview of Theo somewhere and he pretty much said that virtualization was useless. Although most vendors tout the improved security, Theo actually argues otherwise.
It is a very interesting read and I must say after reading it, I do doubt the advantages of virtualization.
Some points I remember:
* He argues about the insecurity virtualization hardware technology included in Intel/AMD chips today.
* I will try to find link for that.
But to cut a long story short, I don’t see OpenBSD supporting virtualization at all.
OpenBSD does support some virtualization with qemu for example.
http://www.openbsd.org/4.3_packages/i386/qemu-0.9.0p1-kqemu.tgz-lon…
There was a Google SoC project for OpenBSD/xen at some point, but it looks like it was never finished.
http://anil.recoil.org/blog/articles/2006/08/21/openbsd-xen-boots-m…
>Although most vendors tout the improved security
Like Vmware, Xen etc. Guess why? It’s their business. But there are many people denying the usability of virtualization. Furthermore Theo isn’t God, if _he_ doesn’t like something, it doesn’t mean it will never make it in the system. So this isn’t Linux with its dictatorship.
The blurb on OSNews says —
“This is our 23nd release on CD-ROM ”
shouldn’t it read 23rd and not 23″nd”?
I have checked, it’s an OSNews error, not error at source – http://marc.info/?l=openbsd-announce&m=120959605703777&w=2
I can’t remember now, so what again are the exact reasons why OpenBSD still uses the old UFS as its file system? Why no support for UFS2?
Also support for other file systems is relatively limited (ext2, FAT, ISO 9660, NFS, NTFSb4 (read only), AFS, others?) in OpenBSD when compared to other BSDs too. See, for example, here: http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Te…
I wonder if there are plans to implement better support for more advanced file systems too (something like ZFS and journaled “Linux” file systems, etc.)?
It is supported, just not enabled by default: http://marc.info/?l=openbsd-misc&m=120560624005291&w=2
I doubt ZFS will ever make it into the system due to its license and porting difficulties, e.g. http://marc.info/?l=openbsd-misc&m=113233984014141&w=2
Great. Anyway (and sorry for my ignorance), but does that mean that OpenBSD can also be installed using UFS2 instead of of the older UFS now?
Well, “no and yes.”
You can’t install it from the default bsd.rd ramdisk installer program because it’s not compiled into bsd.rd (because bsd.rd is stripped down and does not include UFS2).
However you can create UFS2 filesystems after installation. And I *believe* that if you hack and create your own bsd.rd you might be able to get it to create UFS2 filesystems directly from the installer. However, as otto@ mentioned in his mailing list post, “The boot media and boot loader do not support FFS2.” So that sounds like at least the boot filesystem must be UFS, and the rest can be UFS2.
Personally I’ve only tried creating FFS2 filesystems after installation (e.g. I used it as my /home for example).
And no, I won’t pretend that I know if UFS2 == FFS2 and all its intricacies.
Why? Journaling isn’t anything better than e.g. softupdates, it’s just a different approach. And ZFS is nonsense, it’s a resource-hog.
You may be quite right with that. But I was also just talking about read-only (and maybe edit) support too. If, for example, you had both Linux and OpenBSD installed on the same PC, you would like to have read support for your Linux home folder, that would probably use some journalled file system like ext3 or 4, Reiser etc.). What is the state of that kind of file system support in OpenBSD?
Well, every file system has its pros and cons, but I think you are not giving ZFS all the credit it could deserve. Anyway, ZFS was only one example of a so-called modern and advanced file system. There are, of course, other alternatives too.
OpenBSD has its own ext2 implementation, so you can mount and read/write to ext2 filesystems. Since ext3 is just ext2 with a journal, you can access ext3 too (though I don’t know what happens to the state of the journal if you write files to the ext3 filesystem).
I don’t think ext4 is supported. Reiser and XFS are definitely not supported, since there are no BSD-licensed implementations of either of them. There is an “xfs” directory in the OpenBSD sources, but that has something to do with AFS, not SGI’s XFS.
OpenBSD has had support for UFS2 for the last two releases.
The only filesystem I see that looks interesting from a client perspective is SMBFS. The other filesystems are not under a decent license and as is are extremely experimental/buggy, crippled (read-only) and not supported out of the box.
Not even a chance without code under a decent license.
…to have a release where folk don’t pop on every forum in existence and spew their uninformed opinion about Theo for once.
From what I’ve read, at the most I’d say Theo is stubborn, can be quite harsh, and is most often frank. Usually the receiver deserved what they got and came after him in the first place. Theo really goes to bat for what he believes in and we all benefit from it. I’d rather have a leader like him who cuts the crap and gets right down to it.
Don’t like it? Don’t like Theo? Don’t use it. Simple.
congrats, for another great OpenBSD release. One of the areas i love about OpenBSD is the great documentation that is available; it’s well written. I’m placing an order.