OpenBSD Journal

4.0-beta arrives

Contributed by Damien Miller on from the dept.

OpenBSD CVS HEAD has recently switched from 3.9-current to 4.0-beta ahead of the next release. This makes it a great time to start testing snapshots if you haven't already - all of the developers work very hard to ensure that CVS HEAD remains stable throughout the development cycle, and doubly so in the leadup to a release. Check out plus.html to see what has been added or improved since 3.9.

(Comments are closed)


Comments
  1. By Hurry-Kane (80.141.217.132) on

    Check all the changes? It already took me four minutes to scroll down the page ;)

  2. By dingo (198.208.251.24) on

    wicontrol removed in favor of ifconfig, and 802.11 stuff in the kernel looking cleaner and correcter than ever!

    https support in ftp!

    opencvs!

    Comments
    1. By Igor Sobrado (156.35.26.1) on

      > opencvs!

      I believe that they have not switched to OpenCVS yet. At this point, OpenCVS remains in experimental status. They have switched to OpenRCS however. If I am wrong, I will be glad to know. I hope that switching to OpenCVS will be possible before 4.0 is out.

      Cheers,
      Igor.

    2. By CODOR (67.158.70.109) on

      Don't forget this one:

      Fix for in-kernel ddb hangman so it counts correct guesses right.

    3. By sthen (81.168.66.242) on

      I'm quite pleased about the irq fix on some sparc64 boxes ...

  3. By David Chisnall (137.44.2.39) on

    A release every six months, and each one has some exciting stuff in it.

    One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.

    Comments
    1. By Anonymous Coward (156.34.214.222) on

      > A release every six months, and each one has some exciting stuff in it.

      One of the things I like best about OpenBSD is that vast majority of changes from one release to another are not exciting at all. Most seem to be fixes for bugs I've never encountered and a steady increase in support for (mostly) new hardware I probably don't have. The OpenBSD developers seem to have an exceptional tolerence for what I would consider frustration and drudgery (aka 'an attention to detail'). I admit that I nodded off just reading the change list -- which is just the way I it.

      Comments
      1. By Anonymous Coward (156.34.214.222) on

        "which is just the way I it" = "which is just the way I like it."

        Some of us just don't have an eye for detail. It is a rare gift.

    2. By Anonymous Coward (213.5.161.18) on

      > A release every six months, and each one has some exciting stuff in it.
      >
      > One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.

      I've never used systrace, but I have heard that it slows down considerably the program that's running through it. Maybe that's one of the reasons that it is not used widely by default.

      Comments
      1. By Anonymous Coward (198.208.251.24) on

        > > One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.
        >
        > I've never used systrace, but I have heard that it slows down considerably the program that's running through it. Maybe that's one of the reasons that it is not used widely by default.

        You can enable systrace for compiling ports, check mk.conf manpage... if its not in the manpage, i saw the feature USESYSTRACE in one of the .mk include files. I enabled it for a while and I saw it prevent some ports from doing ridiciulously stupid things during configure.

        However, I have tried to build entire trees of ports with usesystrace, and it has locked into an infinate memory hogging loop at certain points. Also if you suspend a ports compile with ^Z with systrace enabled, a resume failes (lock up).

        Security is nice, but correctness and reliability is more important. Remember correctness is more officialy OpenBSD's goal. Security is just a by-product of that.

        This is far different than the glibc stand of, "We don't need safe string functions like OpenBSD has, because it if you handle strings correctly in the first place, you don't need them."

        It would be nice to use systrace on everything, but unless it works correctly, it is not worth the risk. Using systrace by default on may be embaressing when it causes your mail services to be unavailable.

        Remember when Theo threatened to remove hifn drivers from the tree because of a bug he could not resolve? His words were something along the lines of, "It's embaressing to have this bug in our tree".

        I am by no means an expert on systrace, so if I give a false perspective on the reliability or correctness of systrace code, please correct me! This is just my experience

    3. By Kristaps Johnson (62.85.46.110) on

      > A release every six months, and each one has some exciting stuff in it.
      >
      > One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.

      (shameless plug follows, avert your eyes)

      http://sysjail.bsd.lv

      This is entirely based upon systrace.

      Not in the base system (or an official port, although one may be found at the download page). Gives OpenBSD (and NetBSD) FreeBSD's "jail" functionality. I'm still working on a hardened 1.0 version, so this shouldn't be used in production, but I anticipate release before September.

      Be good,
      Kristaps

      Comments
      1. By Anonymous Coward (68.104.1.58) on


        > Not in the base system (or an official port, although one may be found at the download page). Gives OpenBSD (and NetBSD) FreeBSD's "jail" functionality. I'm still working on a hardened 1.0 version, so this shouldn't be used in production, but I anticipate release before September.
        >
        > Be good,
        > Kristaps
        >

        for a hosting solution, better /dev support would probably be needed so you could run sshd at least.

        Comments
        1. By Kristaps Johnson (62.85.46.110) on

          > for a hosting solution, better /dev support would probably be needed so you could run sshd at least.

          If you've suggestions or hacked code, please let me know via e-mail... I can be noodled out from the website's "contacts" page. sshd and terminal devices has long rankled and I've not yet had the time to grok FreeBSD's device re-writes for reference. Thanks, K.

  4. By MotelyFool (134.253.26.6) on

    So why is it when I submit the rollover to 4.0-beta several days ago nothing gets posted? I take it submittals must come from vetted sources?

    Comments
    1. By Nate (65.94.57.162) on

      > So why is it when I submit the rollover to 4.0-beta several days ago nothing gets posted? I take it submittals must come from vetted sources?

      Maybe noone checked the queue for a couple days?

    2. By Anonymous Coward (67.64.89.177) on

      > So why is it when I submit the rollover to 4.0-beta several days ago nothing gets posted? I take it submittals must come from vetted sources?

      Becasue this one had all the text already written into it. We had several submissions but they were one liners. The more verbose you are the more likely you are to get published.

  5. By Kurt Seifried (68.149.173.71) kurt@seifried.org on http://www.seifried.org/

    seifried.org (I provide the hosting closet where undeadly.org lives) is now using 4.0 beta on the firewalls and the backend NFS server (no NFS server, all my web sites go poof!). So far so good.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]