OpenBSD 3.9 Released

An anonymous reader writes "OpenBSD 3.9 was released this morning and is now available for download from the OpenBSD mirror sites. Among the new features is integrated framework for monitoring hardware sensors, a BSD licensed driver for nvidia nforce ethernet, and loads of new drivers and bug fixes. Of course you can still purchase the CD-ROM set which includes support for five platforms: i386, amd64, macppc, sparc, sparc64, and also includes the complete blob free source tree and prebuilt packages for many architectures. As always your contributions help to continue the devlopment of this great opeating system."

Dodos rejoice

[Rosco P. Coltrane]

which includes support for five platforms: i386, amd64, macppc, sparc, sparc64

at least you'll be able to do something with your old mac when Apple is done switching and pulls the plug on ppc support for good...

Re:architectures?

[The Tyrant]

OpenBSD has excelent Sparc support, and I for one am very happy about it, Sparcs make excelent firewalls and servers for small environments, mine currently has a quad fast ethernet card in the back thus meaning I dont need an extra hub in the server cupboard (just the four rooms it connects to) and combined with OpenBSD's excelent packet filter and rock solid security (which is even stronger on sparc since it can take advantage of quirks of the archetecture to defend against some attacks better) it makes an ideal server for me, runs nicely and doesn't even push the sparc that hard.

Joke or otherwise, Sparcs are awesome machines (for some roles), and OpenBSD is an awesome system.

Re:A new twist on the old Soviet Russia joke

[Anonymous Coward]

In the on-topic case of OpenBSD, it is going to stay in semi-widespread usage for the visible future, because it has carved out a niche that does not at this have time have matching-reputation security competitors. Plus the appeal stemming its developers devotion to detail (read quality) and the BSD-esque free-software ideals have been slowly swelling its user base -- particularly among uber-geeks (mostly broke uber-geeks it would seem)..

Theo's idolizing of Wowbagger may have held it back a bit, but you can't say the man doesn't have vision ...

Re:architectures?

[TheRaven64]

Take a look at the OpenBSD rack [openbsd.org] in Theo's basement, and you will see how popular SPARC32 kit is with the devs - I counted 5 machines in total.

Re:Dodos rejoice

[Anonymous Coward]

They said [onlamp.com] that OpenBSD 4.0 will support Intel based Macs too...

Only OpenBSD supported my wireless card

[dildo]

After two weeks of attempting to get the various crappy beta-quality drivers to work on linux, I switched to OpenBSD to find that it supported my wireless card perfectly. (I have a PPC machine, so ndiswrapper was not an option.)

Installing was also easy. If you have a little patience and are not afraid of a text-only install, starting OpenBSD was very easy.

I like this operating system. The man files are comprehensive and well written, and even a person with limited technical experience (me) was able to get everything working fairly quickly.

Re:Unofficial install ISO-s

[Anonymous Coward]

"Some unofficial (and of course unsupported by OpenBSD team) install ISOs:

I have always been totally perplexed by people who download and use OpenBSD ISO's (besides the official OpenBSD installer-only ISO's). It completely goes against what OpenBSD is about and defeats the whole reason for using OpenBSD.

You use OpenBSD because you are concerned about security and then go and run some random binary provided by some random people on the net who you know little about? People who don't have the long-term reputation which Theo and the OpenBSD team have?

I hope you really can trust md5 and you better check the sums of each of the files on those CD's. I'd rather buy an official CD as the best option or otherwise download the appropriate files from an OpenBSD ftp server, check those sums and burn your own bootable OpenBSD CD, as a WORST CASE!

Re:architectures?

[sunwukong]

What about Niagara [sun.com]?

Unfortunately, last I heard, Sun was being their usual selves and hiding key architectural details (e.g., chipset stuff) that are holding up the porting effort.

That was about a month or so ago -- hopefully Sun have decided to open up by now ...

Source updates on a minimal system?

[Just Some Guy]

Frankly, this is crap. 10GB drive and you can't maintain a source tree???

I could maintain a lot of stuff in 10GB, but given the sensitive nature of most OpenBSD installations (such as firewalls, etc.), GCC is not among the things I want to have around.

According to the FAQ [openbsd.org], three file sets are required for installation:

• bsd
• baseXX.tgz
• etcXX.tgz

Although that gets you a complete running system, it doesn't leave you with one that can self-host source updates. Given that I run exactly one OpenBSD machine at the office, I don't want to have a separate build server sitting around just to keep it updated. So, even though I have the hardware to support the process, and the technical skills to do so, it's still a major pain in the neck.

Oh, and to those saying I should just install snapshots, the FAQ says: [openbsd.org]

Between formal releases of OpenBSD, snapshots are made available through the FTP sites. As the name implies, these are builds of whatever code is in the tree at the instant the builder grabbed a copy of the code for that particular platform. Remember, on some platforms, it may be DAYS before the snapshot build is completed and put out for distribution. There is no promise that the snapshots are completely functional, or even install.

Elsewhere on the site are other discouraging words [openbsd.org]:

• /pub/OpenBSD/snapshots/
  For our major architectures, we tend to build mini releases of unknown stability and quality about every month or so. This is where we place those test releases.

Ain't no way I'm going to tell my boss that my security update process involves "mini releases of unknown stability and quality". That is why I'd like to see "baseXX-r1.tgz" at ftp.openbsd.bsd (and it's mirrors) that holds nothing but the 3 or 4 binaries I'd need to upgrade on a stock system to bring it up to date. I'm not stupid or broke - just very time-challenged. I'd be happy to pay for a subscription to such a service were one available.

Re:Rock Solid Already

[pimpimpim]

I've always had the easiest installs with openbsd, on a rather exotic motherboard with via C3 processor, I got my sound, video, IBM rapid access keyboard with all extra keys, etc working directly from install. I never had this with any linux version I tried. For the things I want to do: edit files, run a (web)server, listen to music, watch videos, OpenBSD gives me more than enough.

So to me, OpenBSD is just a Good Thing (R) from a practical point of view. I don't bother to have the latest version of everything, but I'm happy when things "just work" ;) and you can trust that they are solid and safe.

Re:Source updates on a minimal system?

[Just Some Guy]

It's absolutely ridiculous to assume an intruder NEEDS you to install GCC for him. He can quite easily install OpenBSD on his own hardware and compile the code there, transfering the binary to your box. Or he can install whatever dev tools he wants, once he has root on your box.

I'm first going on the assumption that the attacker only has regular user access. If he has root, then all is lost (well, not completely [openbsd.org], but still...). Regular users, though, might find it a bit annoying to not have any includes available when trying to compile 1337_rootkit.c. They'd have to install their own tarball, link against those headers, etc.

Would that stop a determined cracker? No! But it's an extra layer of hassle that you're making them jump through, and if it takes them an extra five minutes to figure out, then maybe that's enough. Again, it's not a solution, but a layer. It's like filtering MAC addresses: you don't use that as your sole line of defense, but it's a nice idea in addition to your other methods.

And philosophically, an ideal system is one that does not one whit more than it was designed to do. You could install X and ircd on a firewall, too, but if those don't help it fulfill its deployment goals then why do it?