The OpenBSD Project released OpenBSD 3.5 exactly on schedule on May 1, adding support for new functions and devices in the kernel and updating the base system. While it may not be the most versatile operating system in the world, OpenBSD shines when it comes to security, providing a default installation that doesn’t have to be locked down and partially disabled before using it. Here’s also another article on how to setup OpenBSD.
OpenBSD 3.5 Review
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
How is it less versatile than any other OS?
It’s not, at least in theory. In practice you’ll find that OpenBSD requires some extra effort to coerce it into doing what you want because of its stringent security focus.
It’s less versatile because it’s focused on being a server. Take Slackware or Debian, for instance: they’re like clay that you can mould into whatever you want them to be. You can make a good desktop OS out of Debian. OpenBSD, however, only has 2500 ported applications, which pales in comparison to the 10000+ of FreeBSD and the roughly equal amount of Debian packages. There isn’t even a non-X Emacs in OpenBSD Ports.
It comes fully stocked to operate as just about any kind of server, but it doesn’t come with KDE or GNOME or anything fancy like that. If you want to use OpenBSD as a desktop OS you’ll have to do some work to get it there. Certainly, though, it can be done.
Saying it isn’t versatile isn’t knocking OpenBSD at all; in fact you’ll find the same sentiment expressed on the OpenBSD website itself, in the FAQ.
-Jem
Every OS has it’s purposes and goals, OpenBSD has choosen one and i like it, if you need some desktop os don’t go for OpenBSD instead go for some fancy Linux or if you like BSDs try FreeBSD (is not friendly)
heh, never heard Slack called fancy before.
I don’t think it is fair to compare the number of ported packages and think that really means something. Many of the ported apps are often redundant, others have little if any real use to most users of servers or desktops. The fact that OpenBSD does not put them in their ports until they are proven to be stable and secure is hardly a point of criticism.
Yes, OpenBSD don’t put software in the ports until are “secure”… and whats wrong with that???
It is suppose to be a secure OS or not???? I don’t wanna install KDE, mozilla or anything else on a firewall.
I’ve been using OpenBSD since 3.0 and I’ve always found the OS perfectly versatile.
If I want to compile something that isn’t in the ports I’ll download and compile is. How is that any different from any of the “more versatile” operating systems?
OpenBSD is called less versitile because among other things, it has no kernel threading, and until recently, it had no SMP support, and what it has now is still very basic. I’ve no doubt that OpenBSD will have better support for both in the future, but for the time being, it’s not going to be a good choice for really high performance systems. Currently, it doesn’t even have a unified VM and filesystem buffer cache, which also hinders performance.
It’s damned fine from a security perspective however, and once you’ve RTFM, and get past the spartan installer, it’s quite a joy to use as nearly all supported drivers are built into the kernel, meaning that there’s no mucking about with kernel modules (although it does support them, the developers do not).
As far as security goes, only really expensive things like Trusted Solaris do any better.
“As far as security goes, only really expensive things like Trusted Solaris ”
trusted solaris isnt useful for all case scenarios. a mac model is useful in edge servers. you have selinux there too
FreeBSD has a more mature multi level security framework, very similar to the one developed in seLinux.
FreeBSD has benefited more from the efforts of TrustedBSD to add a MAC framework. In addition there is a FreeBSD port of pf, and with support for encrypted filesystes — there is no reason to use OpenBSD anymore and its inferior network performance and poor scalability.
FreeBSD has a more mature multi level security framework, very similar to the one developed in seLinux.
Not so similar as they look at first glance. FreeBSD’s TrustedBSD “MAC” Framework is just that, a framework that consists of features common to various access controls, whereas SELinux is (now) merely a single loadable module (and supporting policies) for the new “Linux Security Modules system, which unlike TrustedBSD, consists of various hooks in kernel code through which any given module can work it’s magic.
TrustedBSD is definately more advanced that LSM, but niether one really has any truely useful default policies ATM, making them a royal PITA to set up and administer.
In addition there is a FreeBSD port of pf, and with support for encrypted filesystes — there is no reason to use OpenBSD anymore and its inferior network performance and poor scalability.
Perhaps you’d be suprised how far behind that FreeBSD is in these areas. Yes, FreeBSD now has “GEOM-Based Disk Encryption,” which is terribly complex for what it does (although it does it well enough), and “To this day, FreeBSD still does not have multiple TCP threads running on multiple CPUs. So we’re actually ahead here.”
Not so similar as they look at first glance. FreeBSD’s TrustedBSD “MAC” Framework is just that, a framework that consists of features common to various access controls, whereas SELinux is (now) merely a single loadable module (and supporting policies) for the new “Linux Security Modules system, which unlike TrustedBSD, consists of various hooks in kernel code through which any given module can work it’s magic.
TrustedBSD is definately more advanced that LSM, but niether one really has any truely useful default policies ATM, making them a royal PITA to set up and administer.
In addition there is a FreeBSD port of pf, and with support for encrypted.
Perhaps you’d be suprised how far behind that FreeBSD is in these areas. Yes, FreeBSD now has “GEOM-Based Disk Encryption,” which is terribly complex for what it does (although it does it well enough), and as far as superior networking capabilities, “To this day, FreeBSD still does not have multiple TCP threads running on multiple CPUs. So we’re actually ahead here.” (Jeffrey Hsu, responsible for Multithreading the network stack, RFC compliance on both DragonFly and FreeBSD)
http://www.onlamp.com/pub/a/bsd/2004/07/08/dragonfly_bsd_interview….
filesystesthere is no reason to use OpenBSD anymore and its inferior network performance and poor scalability
Well, from the sounds of things, DragonFly is a much better bet as far as network performance and scalability goes than FreeBSD, and currently, niether of them (and certainly not Linux either) does better in the security department than OpenBSD.
Something screwy with the site ’cause I didn’t write anything that incoherent! ;^)
“Not so similar as they look at first glance. FreeBSD’s TrustedBSD “MAC” Framework is just that, a framework that consists of features common to various access controls, whereas SELinux is (now) merely a single loadable module (and supporting policies) for the new “Linux Security Modules system, which unlike TrustedBSD, consists of various hooks in kernel code through which any given module can work it’s magic.
”
selinux is a module thats works over LSM which is a set of hooks just like trusted solaris. lsm is pervasive. thats the whole point. lsm by itself just enables stuff like selinux to work as modules. linus wanted this model because those who do need mac model can opt out of it.
”
TrustedBSD is definately more advanced that LSM, but niether one really has any truely useful default policies ATM, making them a royal PITA to set up and administer.
”
this is incorrect.fedora core 2 already includes a experimental set of policies which i have been using just fine. its pretty complicated if you want to write your own policies depending on the software. this is precisely which selinux is ‘merely’a module. its meant for the edge servers. fedora core 3 will include selinux enabled by default and it will just work for all the packages included within. its not a pain at all at that point. edge servers would be having limited configuration changes and softwares anyway so its pretty easy to work with that.
Trusted solaris on the other hand is pretty costly and is a very different branch from the vanilla version. not much of it is optional.
its also important to note the selinux implements role based control, mac model as well as a evolving (read;experimental) TE model. so its not as bad as you think.
“The fact that OpenBSD does not put them in their ports until they are proven to be stable and secure is hardly a point of criticism.”
I’m not sure where you got that impression from. As mentioned in the article, OpenBSD doesn’t guarantee the security of anything in the ports tree.
OpenBSD actually comes with precomiled packages for KDE. There is only one problem with them: the wallet and cookie daemons constantly crash so that you can’t use KNode or a site with cookies properly.
selinux is a module thats works over LSM which is a set of hooks just like trusted solaris
Pretty mech what I said. What’s your point here?
this is incorrect
No it isn’t, sir.
fedora core 2 already includes a experimental set of policies which i have been using just fine
As you so love to point out, that’s Fedora, and not Linux/SELinux. And worse for your argument, the policies available out of the box, do in fact suck, and that’s why they’re doing things differently in Fedora Core 3.
fedora core 3 will include selinux enabled by default and it will just work for all the packages included within. its not a pain at all at that point
The very same thing was said about Fedora Core 2.
Trusted solaris on the other hand is pretty costly
I believe that I said as much.
its also important to note the selinux implements role based control, mac model as well as a evolving (read;experimental) TE model.
Guess what! So does Trusted Solaris, and there’s has been certified, SELinux has not. LSM is inferior in many ways to TrustedBSD and you’re just going to have to deal with that until the people responsible for it choose to undo some of the braindead architectural mistakes that they consiously decided to do (lack of a coherent framework consolidating common features, inability to load more than one “security module” at a time etc.).
you dont deserve any better for not adding something useful to the discussion
Oh, I believe that I’ve been more than just a tad more informative than you have been, but please, feel free to go against all of our wishes and continue to post your favorite lies and inaccuracies.
Good afternoon/morning,
I did not realize how much the us goverment when to control
security.
“Guess what! So does Trusted Solaris, and there’s has been certified, SELinux has not. LSM is inferior in many ways to TrustedBSD and you’re just going to have to deal with that until the people responsible for it choose to undo some of the braindead architectural mistakes that they consiously decided to do (lack of a coherent framework consolidating common features, inability to load more than one “security module” at a time etc.).
”
ya. selinux isnt ceritified. is trustedbsd?. trustedsolaris doesnt have all the models that selinux has. lsm has the ability to load more than one module.go do you research
ya. selinux isnt ceritified. is trustedbsd?.
No it is not, and that’s why in my original post, I only mentioned Trusted Solaris, and not TrustedBSD. Think about it.
trustedsolaris doesnt have all the models that selinux has SELinux has one module, but a few different capabilities. LSM has more modules that Trusted Solaris, but like I said earlier, LSM modules aren’t stackable, so they’re pretty useless as a collection.
lsm has the ability to load more than one module.go do you research
Not at this time it doesn’t, unless this is a very recent edition.
Not at this time it doesn’t, unless this is a very recent edition.
——–
it does now. check the developer list mails for more details