Forgot your password?
typodupeerror
Operating Systems Software Encryption Security BSD

OpenBSD 4.5 Released 118

Posted by timothy
from the belts-and-suspenders-and-guns-and-mines dept.
portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.
This discussion has been archived. No new comments can be posted.

OpenBSD 4.5 Released

Comments Filter:
  • Oh BSD for server farms,
    For blinking rows of lights.
    For late night coke and deli runs
    In those bitter winter nights!

    NetBSD! FreeBSD!
    Dick shakes his fists at thee
    And hates much more the fact that you're
    As dead as dead can be!

  • by BestNicksRTaken (582194) on Friday May 01, 2009 @05:12AM (#27784593)

    Title says it all: http://www.sun.com/software/solaris/get.jsp [sun.com]

    • Re: (Score:1, Interesting)

      by Anonymous Coward
      I doubt that there was any intention to that. OpenBSD releases are usually released very regularly from year to year.
    • by drinkypoo (153816)

      And yet, the summary said so much more, like what was new in this release of OpenBSD, and why someone would want to involve themselves with it. I don't mean to troll, but there's even less reason to mess around with Solaris now than there was before the announcement of the Oracle acquisition, and unless you were in a SPARC shop there was little reason to mess with it before. Your link doesn't make it immediately apparent, so, what's new in this Solaris, and why should anyone bother with it?

  • oh goody (Score:5, Insightful)

    by kv9 (697238) on Friday May 01, 2009 @05:12AM (#27784595) Homepage

    NetBSD 5 yesterday, OpenBSD 4.5 today and a three day weekend ahead.

    *fap*

  • by Anonymous Coward

    The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.

    Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old stat

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.

      Well... The thing is if you're running a jailed version of Firefox on OpenBSD the probability that someone could jailbreak it is really, really low.

      Sure, I'd love to see faster/easier app patches release on OpenBSD, but the system is so secure to begin with that it's really giving headaches to any OpenBSD-malware-wouldbe-author.

      Heck, on Linux my stateful

    • by rs232 (849320) on Friday May 01, 2009 @08:48AM (#27785633)
      "The one area where OpenBSD is let down on the security front is the packages/ports"

      "The ports & packages collection does NOT go through the thorough security audit that the OpenBSD base system [openbsd.org] does. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security"
  • The 80's called - they want their cock-rock back!
  • by canix (1176421) on Friday May 01, 2009 @06:29AM (#27784889)

    A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.

    • by geekmux (1040042) on Friday May 01, 2009 @08:06AM (#27785297)

      A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.

      OpenBSD is on a 6-month development release, and remember the auditing and code-screening that goes into each release. Patches for these "optional" packages (OBSD default install primary use is a stripped down server environment) can be updated immediately. Just like any other installer, there WILL be updates available, even on day 1.

    • Hopefully...someone is giving some TLC to the former

      That would get you TiCKLED.

    • by drinkypoo (153816)

      Frankly, if you're running your desktop on OpenBSD, you are either crazy or simply more concerned about security than the latest and greatest. I consider desktops disposable and think that Linux is therefore a better choice; OpenBSD is a more-than-rational choice for a network and/or security appliance, or for most servers.

  • by metrix007 (200091) on Friday May 01, 2009 @08:07AM (#27785301)

    Is the lack of RBAC and MAC, or any decent non discretionary access controls.

    Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.

    It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.

    As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Except most large apps and all the expensive consultants immediately go "Turn off SELinux" as soon as _anything_ goes weird or not-as-I-remember-from-class, which teaches admins to also turn off that pesky security as soon as something important breaks. Then you reinforce that idea further, "SELinux is fine, especially when turned off" and you still end up choosing between the "far more secure" system that makes your boss want to fire you for not getting the app work, or a "normal" unsecure linux without an

    • by evilviper (135110)

      It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.

      That's what the privileged separation and chrooting to an empty, non-writable folder is for, used by default in OpenSSH, Xorg, et al.

      Yes, theoretically, RBAC could be more secure, but that assumes the kernel is perfect and bug-free as well. A microkernel could be much more secure still... In reality, though, have you ever

  • Watch this +10 Flamebait:

    Men use BSD - boys use Linux.

    Period. Next to trusted OS's(TrustedBSD, TrustedSolaris, etc.) OpenBSD is the only thing out there I would put on the public internet with confidential data. Not only that, OpenBSD is the _only_ thing I would trust to protect my internal networks.

    Most security appliances have some Linux baked in - no thanks.

    • Another thing: Theo may be a dick, but that is exactly the kind of person I want writing my kernel. Theo is sharp though he's not afraid to remind you.

      • Re:BSD vs. Linux (Score:4, Informative)

        by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Friday May 01, 2009 @11:40AM (#27787763) Homepage Journal

        Another thing: Theo may be a dick

        I have to say that I've never had problems with him or the other OpenBSD maintainers. I'm not part of their "in crowd" by any measure, but everyone's been decent to me when I've had problems or questions.

        Bad approach: I can't do $foo. How do I do it?

        Good approach: I RTFM about how to do $foo, but step 5 gives different results for me than the man page says it should. What should I try next?

        They're busy people, and when I've been respectful of their time, they've been respectful of mine.

  • I've got a UltraSparc IIe laptop and the only OSes that will run on it are Solaris and OpenBSD. Newer versions of Solaris give an awful user experience no matter what you do; the machine does only have a 650Mhz processor. It had gotten so bad it was looking like I might actually have to buy a new laptop, instead of waiting like I want to for relatively inexpensive mobile quad core.

    The OpenBSD guys, for whatever reason, decided that supporting this oddball laptop was something they wanted to do. No idea w

  • There's an unofficial .iso torrent up on The Pirate Bay [thepiratebay.org], for those finding the mirrors slow. Not a lot of people using it at the moment, but we can change that.

    Some of the MD5s are different; I haven't investigated why yet.

I cannot draw a cart, nor eat dried oats; If it be man's work I will do it.

Working...