Contributed by jose on from the the-next-release dept.
Check out all the cool changes that happened since the 3.3 day : http://www.openbsd.org/plus.html and the cool new artwork for this release : http://www.openbsd.org/34.html
Order your copy now to support the project and to get cool stickers by the way :)"
Order now, quantities limited, etc etc etc :)
(Comments are closed)
By Noryungi () n o r y u n g i @ y a h o o . c o m on mailto:n o r y u n g i @ y a h o o . c o m
But what drew my attention was the following:
OpenBSD just keep getting better... Nice!
Comments
By Anonymous Coward () on
Possible answers are not:
"well, they audit their code a lot" -> They did not advance the state of system security, look at what Stanford has done.
"W^X" -> PaX - any usefulness, stupid implementation
"systrace" -> poor re-implementation of a failed concept that's been shown to be useless in academic papers
"stack randomization" -> ditto
"mmap randomization" -> ditto, plus the reordering which is completely useless, but something to make it look like they're just not ripping everything off from others.
"strlcpy" -> not valid, doesn't fix buffer overflows
I will stop posting here if someone can give me one example of something legitimate OpenBSD has done THEMSELVES to advance the state of system security. Show me OpenBSD isn't just a bunch of repackagers of hacks that have already been done elsewhere, or trivial modifications on known implementations (much like your average script kiddie would do to hide their ripping of code). You find it appropriate to claim OpenBSD is more secure than every other OS, yet where are all your features and code coming from?
Comments
By ea1X () on
"
that's the benefit of opensource, doesn't recreate
the wheel..
and openbsd incorpore it well, do microsoft do it ?
and Pf ?
and openssh ?
all this good crypto: twofish, rijndael, ....
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Gimlet () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
the blowfish is _much_ better then the silly old daemon
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Jadipai () on
Comments
By Anonymous Coward () on
Comments
By Jadipai () on
Comments
By JonMartin () on
I really like it.
By BMI () noperz@notta.not on mailto:noperz@notta.not
By Anonymous Coward () on
By Anonymous Coward () on
Minor point and probably not worth really noting I guess merely curious. :) Looks like another fantastic release is on the way! WOOT!
Comments
By marco () on
http://www.openbsd.org/goals.html
marco
By Anonymous Coward () on
By BMI () UpYurs@notgonnasayit.nope on mailto:UpYurs@notgonnasayit.nope
By Wouter () on
Comments
By Anonymous Coward () on
I grabbed a hard disk and installed it from scratch. Then I added all the ports that I used before. Coppied all relevant config files to the box. Tested it until I liked it.
Took down my firewall; replaced the hard disk; brough it back up. Total downtime: less than 5 minutes.
Comments
By Anonymous Coward () on
What I'm trying to work out is how to upgrade a whole bunch of systems as quickly as possible. I don't have available similar hardware to do the trick above, and downtime has to be minimized.
Hopefully I or someone will figure out a quick way to do this safely.
The 3.4 release itself looks absolutely fabulous though, and any pain upgrading will be overshadowed by the 'good stuff' afterwards.
M
By dpi () on
By philipp () pb@ on http://debardage.sysfive.org/
yes, no new tarball for a week, wait for monday ;)
This thing *will* be ready for 3.4, since this time
the upgrade will be a major pain, eh timewaste, on i386.
//pb
Comments
By Wouter () on
By Petr R. () pruzicka@openbsd.cz on http://www.openbsd.cz
Comments
By Anonymous Coward () on
By Chris () on www.consault.com
The addition of failover and load balancing capabilities in 3.4 would be very welcomed.
It is a feature that I have been very interested in investigating but haven’t due to the ALPHA warnings* and lack of discussion regarding it on the mail and news groups.
With that said, I am aware of the patent on VRRP** that inhibits full inclusion in the source, but I do remember a time when OpenBSD was shipping controversial patented crypto code through sneaky means.
A free implementation of VRRP is available at http://sourceforge.net/projects/hut which could be a “download after installation” feature.
Do you think that this could be an option?
I look forward to receiving my CDs. Thanks for all the top notch work guys!
* http://www.greyhats.org/openbsd/openbsd.html#pfsyncd
** http://www.foo.be/vrrp/
Comments
By Anonymous Coward () on
Care to elaborate and provide evidence? Unsubstantiated claims benefit no one and should be kept in your head until you can support your statement/s.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Care to elaborate and provide evidence?
I suspect support for either RSA before the patent expired in the USA, since OpenBSD is Canadian-based.
By Chris () on www.consault.com
I'm referring to shipping RSA code from Canada before the patent expired in the US. A "download after installation" approach was taken to avoid legal recourse.
I don't believe common knowledge requires such substantiation, but thanks for your input.
Comments
By Anonymous Coward () on
That is irrelevant.
> I'm referring to shipping RSA code from Canada before the patent expired in the US. A "download after installation" approach was taken to avoid legal recourse.
So? Was it illegal for OpenBSD? No.
> I don't believe common knowledge requires such substantiation
Then how can such common knowledge be "sneaky"?
Common knowledge? In your head maybe. Not mine. I remember *nothing* sneaky done by OpenBSD in the past, and that still holds true today. So, no, OpenBSD being sneaky, is *not* common knowledge.
By grey () on
E.g. "A clever trick allows us to distribute the same CD-ROM (USA and the rest of the world) and maintain full strength crypto without violating the RSA patent in the USA."
If you recall that "trick" was requiring users to install a package after install if they were in the US and wanted to use the RSAREF implementation. You may also recall that one batch of CD's during that period needed to be scrapped because the package was inadvertantly on the master; most other folks in that situation probably would have shipped said CD's.
Comments
By Anonymous Coward () on
That "trick" I do remember. Thanks, grey.
Chris: btw, "trick" is not synonymous with "sneaky".
By Anonymous Coward () on http://www.openbsd.org/crypto.html#why
This is certaintly painting with a broad brush.
From http://www.openbsd.org/crypto.html#why:
By Anonymous Coward () on
Ehm.. "available" as in "i've a website on SF and
nothing more?
One cannot download *anything* there and the last
status is Dec,2002 .. d'uh
Down to the point.. there is probably NO free
implementation. The patent is about the "virtual MAC" *directly* - so one is pretty fucked going
a VRRP-like way. There has to be something really
new.
pfsync itself is standalone, yet you have the
problem to balance traffic over the machines.
OTOH, differ between load balancing and failover.
It's possible to filter even typical packet loads
on a GigE link with *one* machine, the point is
rather the failover - and there are methods like
STONITH that come to mind.
pfsync can be used for way other "features" than
that anyway.. dont be a pawlow'd dog and think
about VRRP (only) when you hear 'pfsync'
//pb
By hah () on
Unfortunately for deadly.org readers, you will not be able to view the technical analysis of the new obscurity features in OpenBSD 3.4 as the administrators have clearly shown that this website is for mindless praising of OpenBSD, and should never contain any constructive criticism or technical analysis of anything OpenBSD does. The administrators want you to believe only what OpenBSD is telling you. With any luck, this post will be removed as well, to hide the fact that the original post was removed.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
An administrator saying they did NOT remove the posting
An administrator allowing me to repost it, since they removed the previous post.
Can an administrator please clarify why technical analyses of OpenBSD features are not suitable for this forum, while mindless, pointless, "yes-man" comments are? I recognize that it is your website, and you are free to remove any content you wish, however, this should not be done in a stealthy fashion as you have done, and certainly not for a comment containing many technical details. If you considered the post to be hogwash, why not let the brilliant OpenBSD developers rip it apart with their keen security knowledge, unless this was not the case?
Comments
By Anonymous Coward () on
Comments
By sandolo () sandman@mufhd0.net on mailto:sandman@mufhd0.net
please stop this boring BLA BLA BLA about OpenBSD.
Will you ever say something CONCRETE or will you go on talking about "openbsd sucks, theo sucks, bla bla"??
Watch the CVS log, read the code, use another o.s., post on another forum.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By gwyllion () on
I haven't seen any form of censorship thus far. Lots of /. and PaX trolls were allowed to post crap here.
By Anonymous Coward () on
By Anonymous Coward () on
By gwyllion () on
Please explain yourself. Where is your "constructive criticism or technical analysis"?
By jose () on http://monkey.org/~jose/
i'm just not interested in dealing with flame wars here. it's why i don't read misc, for example.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Nice Straw Man.
> OpenBSD is correct and everyone else is a bunch of flaming idiots.
Its security track record is sufficient evidence to prove so.
> This still doesn't answer why you removed the post,
Censorship is bad, Mkay?
By jose () on http://monkey.org/~jose/
Comments
By Anonymous Coward () on
Comments
By djm () on
Comments
By gwyllion () on
I noticed OpenBSD developers were willing to keep the discussion technical and to correct wrong claims.
This medium is far from suited for this discussion as only a few OpenBSD developers and users read it. And all those "Anonymous Coward".
Comments
By Anonymous Coward () on
Note for example the mail where he calls another poster an idiot and claims what he wants to do is completely infeasible, only to find that it's exactly what PaX does.
By Anonymous Coward () on
Comments
By gwyllion () on
And yes I'm stupid and don't use my brain. I only have an IQ of around 140 and I'm only doing a PhD on computer security.
By Anonymous Coward () on
By gwyllion () on
Or reverse lookup the DNS name and drop the first part?
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Where did jose say IP posting stops trolls? He said "trolls are now publicly viewable" and suggested a solution to completely stop trolls ("next step is to shut down comments entirely").
How many examples does it take to show you OpenBSD is not secure?
Show me working exploits for OpenBSD 3.4 like Gobbles did, preferrably a lot of them.
Comments
By gwyllion () on
By Anonymous Coward () on
By Anonymous Coward () on
Possible answers are not:
"well, they audit their code a lot" -> They did not advance the state of system security, look at what Stanford has done.
"W^X" -> PaX - any usefulness, stupid implementation
"systrace" -> poor re-implementation of a failed concept that's been shown to be useless in academic papers
"stack randomization" -> ditto
"mmap randomization" -> ditto, plus the reordering which is completely useless, but something to make it look like they're just not ripping everything off from others.
"strlcpy" -> not valid, doesn't fix buffer overflows
"privilege separation" -> an obscurity measure. OpenBSD has too many local kernel vulnerabilities that can be executed within the compromised task, not requiring any access to the filesystem, so this is useless.
I will stop posting here if someone can give me one example of something legitimate OpenBSD has done THEMSELVES to advance the state of system security. Show me OpenBSD isn't just a bunch of repackagers of hacks that have already been done elsewhere, or trivial modifications on known implementations (much like your average script kiddie would do to hide their ripping of code). You find it appropriate to claim OpenBSD is more secure than every other OS, yet where are all your features and code coming from?
Comments
By Anonymous Coward () on
Comments
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
Comments
By Anonymous Coward () on
By Anonymous Coward () on