OpenBSD 6.3 Released

OpenBSD announced on Monday that v6.3 update, which was slated to be released on April 15, is ready for download. From the announcement post: This is our 44th release. We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install. As in our previous releases, 6.3 provides significant improvements, including new features, in nearly all areas of the system. You can read about the changes and improvements here.

Re:Two Assholes

[grub]

I've used it since the late 90's. I'm sure there are more assholes than Theo and I using it.

Re:

[ruir]

Another asshole here.

Re:

[Anonymous Coward]

The base system has the C compiler and related tools, X11 with three window manglers (twm, cwm, and fvwm), xterm, and two text editors (vi and mg (for the emacs fans)). It has is own SSH, SMTP, and HTTP daemons, though these must be configured and enabled. You can do more than you think with a base install.

OpenBSD ... making the internet safe for Linux

[perpenso]

two holes in an install with zero packages that can do nothing but ssh yay?

Actually a common use for OpenBSD is a firewall and/or router. Built-in packages accomplish these and other infrastructure roles. Thus making the internet a safer place to tread for Linux boxes with whatever is the fad-of-the-moment development stack. ;-)

Re: two holes

[Brockmire]

They seem to be pretty proud of being able to keep two remote bugs for 20 years. One would think they'd fix them instead of boasting about them for so long. I mean, other OS's probably have more for longer to brag about.

Remove the ethernet drivers

[OrangeTide]

You're running ssh? Do you not care about security?!

OpenBSD is extremely underrated

[Anonymous Coward]

Among all the current Unix-like operating systems out there, OpenBSD remains the most true to the traditional Unix philosophy. Their level of commitment to code quality and good documentation is, frankly, foreign to the Linux world these days. They've done a huge amount of excellent work over the years and if their philosophy sounds interesting to you, I urge you to check it out and donate.

Should have waited an hour...

[K. S. Kyosuke]

An hour ago, I randomly checked whether there was a new version. It was still at 6.2. Well, I guess such coincidence is bound to happen to someone anyway... Even to one of the three OpenBSD users out there. ;)

Re:

[grub]

Could you please check HBO's site to see if season 2 of Westworld is out yet? It's scheduled for April 22.

Re:

[Anonymous Coward]

POSIX, motherfucker! Are you compatible?!

Re:

[darkain]

Much like the Linux world which is almost entirely based on two derivatives (Debian and Redhat), the BSD world is mostly the same, the two primary derivatives are FreeBSD and OpenBSD. FreeBSD has by far and away the largest user base of the two, and the most commercial support backing it as well.

Re:

[Noryungi]

Don't forget NetBSD, which is also a very good BSD.

Re:

[jon3k]

The second most popular distro [distrowatch.com] on distrowatch.com is Manjaro, which is based on Arch. A challenger appears!

Re:

[darkain]

According to their info Manjaro is based on Arch Linux, which is probably the 3rd most popular branch of Linux right now.

Re:

[Joey Vegetables]

There are multiple Gentoo and Slackware derivatives as well. I've used and loved Gentoo for over a decade now. AFAIK, systemd is optional on both (though I don't think Gnome will run properly without it).

Re:

[pnutjam]

No love for Suse?

Re:

[Anonymous Coward]

systemd... nice troll!

Re:

[HiThere]

It depends on your use case. For me systemD has no benefits, though, admittedly, few drawbacks as an init system. Unfortunately, it's difficult to uncouple the init system from the rest. And, e.g., I dislike logs that aren't text based (or have they finally fixed the bugs in that piece...last I heard it was "won't fix").

Re:

[Billly Gates]

If I r00t your b0x the last thing I am going to do is leave evidence in /var/logs.

Binary logs are a feature for this reason

Re:

[Noryungi]

... Except, of course, that if you are "root" on *any* box, systemd or not, you will be able to delete any logs you'd like, binary of plain text (journald anyone?).

So what was your point again? Ah, yes, displaying your total ignorance. Mission Accomplished!

Re: Which BSD?

[ISayWeOnlyToBePolite]

Afaik systemd only provides binary logs, but also afaik redhat, debian and derivatives also installs rsyslog in the default install providing text logs. Curious to know what distro you've come across that has binary logs only?

Re:

[HiThere]

The last time I checked there was a package that was supposed to produce text logs in addition to the binary logs, but it was broken. Not in all cases, but often enough. And the bug had been there for long enough to get marked "won't fix". I haven't followed the matter since then, however....

That "won't fix" rather soured me on the entire systemD approach. Since it provides me with absolutely no benefits, it didn't take much in the way of defects to cause me to wish it would just go away. (And there we

Re:

[ISayWeOnlyToBePolite]

Systemd does not produce text logs, and that would be a wontfix as they seemingly consider it a feature. Rsyslog is not part of systemd, produces textlogs and is installed by default in every distribution that I know of.

Re:

[HiThere]

That may well be the reason, but it doesn't make me think any more highly of them.

Re:

[Noryungi]

Unfortunately, it's difficult to uncouple the init system from the rest. And, e.g., I dislike logs that aren't text based (or have they finally fixed the bugs in that piece...last I heard it was "won't fix").

It's not that "difficult" to remove systemd: a lot of Linux distributions do that, like Slackware, Devuan, and Gentoo, just to name the biggest three.

And, yes, binary logs suck, and systemd developpers are a bunch of whiny little bitches, with no understanding or appreciation for UNIX philosophy and history (hence, the appeal of the BSDs, where things are closer to what they used to be).

At this stage, honestly, I'd like to have solid numbers on, say, the number of times Debian has been downloaded vs Devuan,

Re:

[ruir]

I would not use distro downloads as an indicator of systemd being used. I have been using my farm of Debian Linux servers in Debian 8 and 9 *without* systemd.

Re:

[AHuxley]

Are all BSDs created equally?
https://media.ccc.de/v/34c3-89... [media.ccc.de]
Has some code review, fuzzing, runtime testing on all 3 major BSD distributions.

Small nit, but

[93 Escort Wagon]

Why does the submission link to someone’s “congratulations” email response instead of the original email announcement... or the web posting about the release itself?

https://www.openbsd.org/63.htm... [openbsd.org]

Re:

[93 Escort Wagon]

Nope - the link is to an email reply some guy sent to Theo.

Re:

[bsDaemon]

Trusted Solaris isn't so much secure as it was Common Criteria evaluated. Security is also not Dragonfly BSD's focus, so I am curious as to why it would be mentioned. OpenBSD is, of course, an option, and if security is a primary concern, it is a perfectly good choice. I would also suggest HardenedBSD, if you would like to have the features (ZFS, DTrace, Jails) of FreeBSD coupled with security improvements based on the PaX/GRSecurity design.

NetBSD also has PaX-style memory hardening, btw. OpenBSD's userlan

Re:

[HiThere]

Well, MSWindows 95A was pretty secure if you didn't insert any corrupted disks locally.

Outside of that I think that OpenBSD is generally considered the most secure. Of course, if you want it to be really secure you write protect the system partition after you install it. (This generally means, in Linux, that you need to create a bunch of hard links from your system partition to another partition that you allow writes to, so that, e.g., the /tmp directory can be written to. I'm not sure anymore what the B

Re:

[fisted]

Of course, if you want it to be really secure you write protect the system partition after you install it. (This generally means, in Linux, that you need to create a bunch of hard links from your system partition to another partition that you allow writes to, so that, e.g., the /tmp directory can be written to. I'm not sure anymore what the BSD equivalent to that is.

It's called different mount points. And on Linux, I doubt the super user cannot just remount the partition read-write again (don't know about OpenBSD, but NetBSD prevents this with the securelevel [netbsd.org] concept)

Hard links won't help you in any way.

Re:

[Noryungi]

The best answer I have ever had to this question was:

"If you want to keep something secret, never EVER put it on a computer, ESPECIALLY a computer connected to a network (any kind of network). If you want to keep something secret, put it in writing on a piece of paper, and keep the paper inside a safe".

The older I get, the more I realize the wisdom of these words. Let's face it, a "generalist" operating system will always be exposed and vulnerable to something or other. This being said, there are "secure" o

But APKs work doesn't run on it

[Anonymous Coward]

This is all fine and good but APK's hosts file engine doesn't run on it so it can't ever be secure.

No BSD is dying post?

[SocietyoftheFist]

In my day there would be several by now. Iâ(TM)m so dismayed.

Re: No BSD is dying post?

[SocietyoftheFist]

Good point.

Re:

[Anne Thwacks]

It has been overtaken by "Windows is dying" posts.

Re:

[SocietyoftheFist]

This was modded down? No sense of humor these modern /.'s

Re:

[HiThere]

If you read the release notes you'd notice that this release talks about improved multi-core support. So they must already have it.

Re:

[grub]

OpenBSD has had MP for many years.

Re:

[Anonymous Coward]

OpenBSD uses a very primitive form of multicore support called "cooperative multiprocessing" as opposed to modern multiprocessing known as "preemptive" multi-processing. OpenBSDs multitasking is simiilar to what was available on the old Mac 68K machines. The problem with OpenBSD's method is that one misbehaved application can hog all the resources and cause OpenBSD to crash.

Phoronix.com did a comparison of all the BSD and Linux variants and OpenBSD came in last. FreeBSD did marginally better. Although now