OpenBSD 3.7 is the first release to support newer wireless chipsets, especially for 802.11g, thanks to a big activism campaign lead by project leader Theo de Raadt. It’s now possible to create a portable access point with a tiny PDA using the Zaurus port, too. As usual, there are a lot of other big and small changes, such as the import of Xorg, the jump towards gcc3, and a feature to update your installed packages automagically. Discover the details behind the scenes in this interview that Federico Biancuzzi had with several OpenBSD developers.
OpenBSD 3.7: The Wizard of OS
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Has anyone bought it yet? I did, just to support the fellows who did such a great job!
Yes, I bought each openbsd release when they are in pre-command.
So I support good closed source software with Apple (my desktop) and real free software with openBSD (my firewall) =)
Went there, done that, and I bought T-shirts and a book.
I don’t buy the CDs ’cause I’m always downloading the OS.
Most of the people don’t know or understand how great is OpenBSD and its underlying philosphy.
Thank you to all the OpenBSD team! May the force be with you.
OpenBSD is not appropriate in the enterprise as a real product. It’s more of a joke than Fedora. Why?
Because OpenBSD is only supported for one year. Yes, you read that right.
Try telling my boss that we will have to replace routers or web servers every year, and he would show you the door. So this might be a fun project and a good way for technology to be developed. In fact, I am extremely grateful for OpenSSH, but I think OpenBSD’s real usefulness other than as an interesting research lab is questionable.
In summary, OpenBDS’s contributions will be felt outside the OpenBSD project as it tries to do many interesting things, but most home and corporate users and administrators will not touch it. Too hard to use it for the first crowd, too unsupported for the second one.
I like their default BIND config file. Gotta transplant some of the options into my Linux boxes.
Yeah, that must be why it used in routers, firewalls and servers all over the place, including some enterprises and big BGP sites.
It’s too bad you cant present the case for your boss but that’s not an OpenBSD problem.
Oh, and upgrading, if you plan it well and prepare (something every competent admin does), is not a big hassle at all.
Then again, you’re just the standard osnews troll with nothing worthwhile to contribute other than whine about stuff you dont use and/or like for some reason.
Instead of addressing the points I raise, you go for a personal attack.
Most enterprises take at least 6-9 months to evaluate a technology. They cannot afford downtime related to having to upgrade every year. Why do you think that Red Hat, Suse or Solaris offer multi-year support on their enterprise versions?
I like OpenBSD a great deal, but it is not a product that you can depend on. This does not mean that the technology is unreliable. It is not. It is quite good. It means that it isn’t something that you can use as an enteprise product. Why can’t you see the difference?
I was hoping for something a little more constructive. Instead, you just call somebody a troll, that must be this site’s equivalent of being called a communist in McArthy’s time.
Offer arguments to support your opinions. Attack the argument, not the person. Did your parents ever teach you some manners?
It’s nice that you complain about my personal attack then go on and insult my parents. Good work. I guess we can both learn something from that.
I, and many others, depend on OpenBSD every day because, for whatever reason, we’ve been able to make a good case for it to management.
Now, I’m not saying you should run Oracle or some other “enterprise” system on it but surely it’s suitable for a range of other tasks, even in an enterprise.
I do work with an enterprise so i’m not just pulling this out of my arse. We use it in infrastructure roles (router, firewall) and server roles (not Oracle) and it has worked out well. Much better than the previous “enterprise” products like Firewall-1 etc.
So if you cant make it work for you, too bad, maybe you’re looking to use it for the wrong tasks or maybe it just doesnt suit your particular situation but that does by no mean it’s not suitable for others in their enterprises.
Please, please, for the love of pete, please, purchase a clue at the OpenBSD online shop; it would not only help OpenBSD, but us as well.
Upgrading from 3.6 to 3.7 and onwards is an easy task, anyone with half a brain can logon, install it onto a computer in current usage, the bring it down when required – its not hard or difficult; in all honesty, will users notice 20 seconds of outage each year? no.
Please, get it into perspective.
I agree with Eu on some issues, altough not all. We have commercial IDS’s running here, and we have snort on openbsd running here. Both do the job just as well as eachother. What he is trying to say is in an enterprise enviornment where time=money, any downtime is bad. If you have worked with CIO’s and management, you no most aren’t apt to let you randomly upgrade software and have downtime, and OpenBSD is only supported for a year. Besides, if you have been in thei business for any ammount of time, you know full well that not all OS/Software upgrades go as planned and sometimes (not all, but sometimes) things don’t work and that is just the way it is.
Besides, lest you sound like a arrogant linux zealot, please curb your personal comments and argue your points like real BSD user using facts and logic to back up your points, not blind faith.
Surely if you’re an enterprise you can afford reduntant systems so that one system’s downtime during upgrade doesnt affect the daily operation? As I said, I *do* work with an enterprise so I do have some sort of vague clue about what I am talking about.
Naturally not all upgrades work out as planned but that is not a problem exclusive to OpenBSD and unless you, and Eu, imply that other systems like RHEL and Solaris doesnt need upgrades or that hteir upgrades cant possibly go wrong it does affect all computer systems. Does being supported really help under those circumstances? Not really, downtime is downtime wether you’re “supported” or not.
And yes, I got a bit carried away in my first response with the personal comments.
wait.. openbsd does not yet use gcc3?
It does. The news item should say “move to” instead of “move toward” since gcc3 is already there.
Qoute:
[Surely if you’re an enterprise you can afford reduntant systems so that one system’s downtime during upgrade doesnt affect the daily operation?]
Yeah, but then it’s time to evaulate why you are running OpenBSD if it cost you downtime plus money to a redundant system.
> Yeah, but then it’s time to evaulate why you are running OpenBSD if it cost you downtime plus money to a redundant system.
That’s not the primary reason to have reduntant systems. If you’re an enterprise and a system is so important to your business that you cant have downtime you should have redundant systems to protect from system failure and other unexpected events. With redundancy downtime doesnt “cost” you anything, all you have is the one-time cost for the reduntant system(s) and good x86 hardware isnt exactly overly expensive. Corrent me if i’m wrong but we’re talking enterprises here, not mom’n’pop or soho businesses so I dont see how this relatively minor “cost” would be a major obstacle especially since it will most likely still be less than what you’d end up paying for “enterprise systems” and “enterprise support”.
I also want to know what system that can be upgraded and never have downtime. Last time I checked kernel updates (and some other important updates) , be it Linux, Solaris or HP-UX etc, required a restart and thus would cause downtime.
Also, you dont HAVE to update every year. It’s only necessary if new versions have security fixes and features that actually help in your situation and, has been previosly stated, updating isnt all that difficult.
Just because a system is supported for a longer period of time doesn’t mean that it can run longer without being updated.
OpenBSD is not susceptible to any more downtime than something with “more support”. Rather, due to fewer security vulnerabilities, it would require patches less often.
And if you are just going to go about running your systems for protracted periods without patching them, you might as well pick the one that will have the least vulnerabilities.
So, what value is the additional years of supports really offering you? If your servers are so mission critical that you can’t afford 20 seconds of downtime, redundancy is a must no matter what you’re running.
too much going on between gcc and openBSD. I found it some how funny how Marc Espie answered the last question.
The ability to update packages and all their dependencies via pkg_add is great! Yes, I know there were third-party tools that did the same in the past, but now there’s a clean solution in the base system.
Still haven’t got my CDs/shirts/posters in the mail, but I’ll probably be going for an FTP install anyhow.
I have a printserver/vpnrouter running OpenBSD 3.5. I know I should upgrade it, but its uptime is already at 274 days… 🙂
Can somebody explain what are the technological advantages that OpenBSD has over Linux, and vice versa, as a server.
Thanks.
no, you figure out for yourself why you need one over the other.
for one, openbsd has one of the best security records out there, while linux most definately does not.
Nobody has mention about the new OpenBSD song style yet…
Don’t You think it is very similar to PINK FLOYD’s music?
Long enough, little chaotic/schizophrenic (esspecially the beginning of the song), great instrumental solos (the guitar one is marvelous), the original vocals (not standards rhymes), awesome composition of the whole song (not boring…), etc. etc
Maybe even little connections with THE DOORS
– some ooold piano samples in the background.
Great musician job
Good day to All of You
PS. sorry for my English
Maybe I’m missing something, but I don’t see the point of your argument. It is almost as easy to upgrade OpenBSD as it is to patch it and I find the “down-time” during a reboot to be or par with a Windows/Solaris/Linux/etc. reboot. So, what’s the big deal?
Also, having worked in the banking and financial trading industry, I know what zero downtime means. When this is a requirement, regardless of what OS you are using, you are going to have a battery of reduntant machines regardless.
OpenBSD upgrades are fairly simple and the downtime involved is on par with a Windows patch really, so I guess I can’t see what the problem is other than maybe a lack of familiarity; which should be easily overcome.
I really should preview my posts to avoid the reduntant redundancy.
Maybe you’d also like to check an OpenBSD 3.7 review by Jem Matzan at Newsforge:
http://os.newsforge.com/os/05/05/20/1426216.shtml?tid=8
If Fedora and Fedora Legacy lived up to what they say, you’re right, Fedora would be supported longer than OpenBSD.
But in practice, that is not true. As you can see from Fedora’s web site:
http://fedora.redhat.com/
Fedora moved support for Fedora Core 2 to the Fedora Legacy project *less than* one year after it was released. Not only that, but Fedora Core 4 has not been released, leaving Fedora Core 3 as the only distro supported by Fedora.
OpenBSD always supports the two most recent releases.
As for Fedora Legacy, its a joke. They regularly release fixes to vulnerabilities several months after supported distros have.
Try telling my boss that we will have to replace routers or web servers every year, and he would show you the door.
————————————————————–
Interesting? First off:
1) You don’t have to upgrade the hardware. Its not like OpenBSD has been know for feature bloat.
2) This is an upgrade to the OS. If you think routers, its like upgrading your IOS (cisco).
Sorry, but your reference is totally out of context. Personally I have been using FreeBSD on a PIII 800 for the past 5 years. The only time I had to upgrade was because my video card was fried.
I normally don’t feed trolls, but hey, I had to clear up some FUD.
PS: I work with several ISP that use OpenBSD on their farms.
Enjoy!!!
I haven’t used OpenBSD, nor I run server or work at an enterprise. However, I’m sure that OpenBSD is an excellent OS, very professional and done with great care and attention to detail.
However, reading the interview it looks like developers are not respectful enough for the technology they use from others. I find it great that they do an effort to improve things like apache or gcc, but they put it like the apache guys are stupid people and that they (the smart guys) have to go after them cleaning up all the mess and fixing all the bugs the apache guys have left behind. Something similar with gcc. Or with other free licenses other than BSD license.
I don’t like their attitude. I hace no doubt that they have a great OS, maybe even the most secure, but it’s far from being perfect. Every test I’ve seen shows it’s slow and can’t handle big trafic as a server, making it useless for anyone who needs high performance apart from security.
To those here who claim “software support” is important for enterprise customers and 1 year of “support” isn’t enough:
Nonsense. I’ve been on the receiving and vending end of a huge number of enterprise software support contracts. They’re hardly worth the paper they’re written on.
They’re just a way for the vendor to make more money with minimal benefit to the customer. Hardware support contracts are useful if downtime is expensive, software support contracts are just a waste of time.
I have yet to see even a single incident where having a software support contract made a difference. It is *far* more cost effective and fast to pay a contractor or employee on a per-incident basis to fix the problem with a workaround or an actual patch.
This is true whether it’s closed or open source but at least with open source you’re more likely to get a timely patch on your timetable, not theirs. With closed source most patches are held “until the next major release”. Vendor talk for “we’re busy right now but if you ask nicely we may give you the patch in 6 months time when our non-software support customers will be getting it also”. What you’ll get instead is the kludgy workaround, software support or no.
Vendors are businesses, they are trying to maximise their revenue. “Software support” contracts are a great way to get money from locked in customers while providing minimal service. Don’t pretend for a minute they won’t do that with customers foolish enough to be taken in it.
The only people who should be taking vendor software support contracts seriously are marketing. Everybody else should ignore them and contract third party incident support as needed.
Pluuuease! x86 is not exactly “enterprise” class. It is more mom and pop than “enterprise”.