What's New in OpenBSD 4.2?

blackbearnh writes "OpenBSD 4.2 was released today, and has a host of new features. O'Reilly's ONLamp site has a pretty thorough overview of the release. 'Even though security is still there, this release comes with some amazing performance improvements: basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper), and the improved frequency scaling on MP systems can help save nearly 20 percent of battery power. And then the new features: FFS2, support for the Advanced Host Controller Interface, IP balancing in CARP, layer 7 manipulation with hoststated, Xenocara, and more!'"

Re:Where to get it...

[notamisfit]

I didn't see anything about it in the interview, but it looks like they've made install ISO's available for the various platforms (install42.iso in each directory). Might give it a spin if I can find a machine for it -- I gave 4.1 a try (and even bought a CD set) and was mostly impressed.

How dissapointing- they didn't include Xen

[LukeCrawford]

Christoph Egger did a OpenBSD Xen port (based on the NetBSD xen stuff) see: http://hg.recoil.org/openbsd-xen-sys.hg [recoil.org] It looked pretty promising. It's too bad they aren't going to support that platform. I've got lots of customers who'd really like a OpenBSD option.

Request for information

[cdn-programmer]

I've filed a bug report on this but at this point I'm not even sure its a bug... could be a hardware issue..

If anyone is running Adaptec SCSI 2940 controllers with more than one SCSI hard drive and it works then I'd like to know... if anyone is having problems I'd like to know.

The issue is that I have one 2940 fast narrow card and it won't boot... says there is no O/S. In the same machine... swap that card out to a 2940 fast wide and it boots just fine. Perhaps this is a firmware card issue. I have so far only tested these two cards... I plan to go get a handfull more.

Next issue. With the fast wide all seems 100%. Then I start an rsync from another machine and within seconds I get a kernel panic. There is a bug report here: http://paste.lisp.org/display/49908#1 [lisp.org]

Is OpenBSD bug report # 5616

I'm not at this point asking anyone to debug this. I want to know if others have a similar setup and it works.

This machine is a Pentium I, with two fast narrow SCSI disks and in this case an AHA 2940 FW card. There is nothing else on the bus.

O/S version was 4.1 and now I can try the new version. Since OpenBSD is such a great O/S I sure would like to get to the bottom of this without wasting people's time. If we have a problem we need to know about it and potentially fix it. If its an isolated issue then I need to know this so I can shelve the hardware if in fact it is flakey hardware.

Note: With that fast wide controller... dd if=/dev/sd1 of=/dev/sd1 bs=2048 will run 100% and never glitch at all. But try that rsync on the system.. kernel panics 100% of the time within seconds.

Good Desktop OS

[LM741N]

I know OpenBSD is renowned as a secure system, but it also is a good desktop OS. In fact, I bet it recognizes more devices than my Windoze Vista. I was pleasantly surprised the last time I tried out OpenBSD on my laptop. My only complaint is that the ports are not as comprehensive as FreeBSD. But then, maybe I should be a maintainer for one and stop complaining, lol.

Stable branch, still from source only?

[BlueParrot]

One of the things that has put me of OpenBSD is the need to compile from source if you want to use the stable branch. I realise this is partially due to limited resources and priorities, but I would argue that this is probably one area where there is room for improvement.

In any case they have done a lot of good work. Copyleft vs OSS ideology disputes aside. ; )

Never got the hang of patching it

[Just Some Guy]

One thing I never really figured out with OpenBSD is why errata patches [openbsd.org] are handled the way they are. Why doesn't OpenBSD offer binary updates? For example, here are the instructions to fix errata entry 009 ("Fix possible heap overflow in file(1), aka CVE-2007-1536."):

Apply by doing:
cd /usr/src
patch -p0 < 009_file.patch

And then rebuild and install file:
cd usr.bin/file
make obj
make cleandir
make depend
make
make install

Given that I installed from binary packages as do most users, and I might not even have a compiler installed, the startup cost of following those steps is fairly substantial. It seems like it would be easier for someone at OpenBSD to run those commands, see which files changed, wrap them up into a tarball, and distribute those - at least for the most popular architecture or two.

Now, I'm not saying they should do this or that they owe it to us end users to do it. I just mean that it'd be amazingly convenient with a seemingly minimal amount of extra work. Am I wrong about what would be involved?

BSD License

[Danathar]

And since this is all BSD licensed code you are free to take the code, put it in your proprietary "net security appliance" making any improvements of course without giving one single improvement back.

There are SO many 1U security "black boxes" that obviously rip off OpenBSD for 95% of their product it's just pathetic. I don't recall many of them touting that they used OpenBSD or ever hearing some of the "cool" features they SAY they have ever being contributed back to the main code repository for OpenBSD.

Re:BSD License

[Slashcrap]

And since this is all BSD licensed code you are free to take the code, put it in your proprietary "net security appliance" making any improvements of course without giving one single improvement back.

There are SO many 1U security "black boxes" that obviously rip off OpenBSD for 95% of their product it's just pathetic. I don't recall many of them touting that they used OpenBSD or ever hearing some of the "cool" features they SAY they have ever being contributed back to the main code repository for OpenBSD.

Yes, I used to work for a company that did exactly this. They had a range of VPN gateways which were basically OpenBSD with a user interface. And while I'm not saying that they never contributed anything back, it definitely wasn't a priority.

On the other hand, they also have a great deal of Linux based products. And whenever they need to fix any Linux bugs or add features, they always contribute them back. Doing otherwise would be a breach of the license and expose them to legal liabilities.

The point is that as a rule, large corporations aren't going to do anything that they aren't legally obliged to do. You would probably call RMS a political zealot and an unrealistic idealist. But at the end of the day he's not the one that expects commercial enterprises to change their nature and act altruistically just because it would be nice. If they give those "cool" features back, they're also giving them to their competitors. Which is probably not a career extending move for the person responsible.

If these realities offend you so much, I would suggest that you avoid releasing any software under the BSD license.