MESSAGE
DATE | 2004-11-18 |
FROM | From: "Inker, Evan"
|
SUBJECT | Subject: [hangout] Review: OpenBSD 3.6 shows steady improvement
|
From owner-hangouts-destenys-at-mrbrklyn.com Thu Nov 18 04:00:56 2004 X-UIDL: 2``"!chC"!3(^"!C'M"! Received: from www2.mrbrklyn.com (localhost [127.0.0.1]) by mrbrklyn.com (8.12.11/8.11.2/SuSE Linux 8.11.1-0.5) with ESMTP id iAI90uiu008799 for ; Thu, 18 Nov 2004 04:00:56 -0500 Received: (from mdom-at-localhost) by www2.mrbrklyn.com (8.12.11/8.12.3/Submit) id iAI90uxB008798 for hangouts-destenys; Thu, 18 Nov 2004 04:00:56 -0500 X-Authentication-Warning: www2.mrbrklyn.com: mdom set sender to owner-hangouts-at-www2.mrbrklyn.com using -f Received: from mail68.messagelabs.com (mail68.messagelabs.com [193.109.255.67]) by mrbrklyn.com (8.12.11/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id iAI90t6I008792 for ; Thu, 18 Nov 2004 04:00:55 -0500 X-VirusChecked: Checked X-Env-Sender: EInker-at-gam.com X-Msg-Ref: server-6.tower-68.messagelabs.com!1100782750!30081359!1 X-StarScan-Version: 5.4.2; banners=-,-,- X-Originating-IP: [193.202.231.222] Received: (qmail 10135 invoked from network); 18 Nov 2004 12:59:10 -0000 Received: from unknown (HELO w2gw-ldn01.gam.com) (193.202.231.222) by server-6.tower-68.messagelabs.com with SMTP; 18 Nov 2004 12:59:10 -0000 Received: from ntas-ldn15.gam.com (unverified) by w2gw-ldn01.gam.com (Content Technologies SMTPRS 4.3.12) with ESMTP id for ; Thu, 18 Nov 2004 12:59:09 +0000 Received: by ntas-ldn15.gam.com with Internet Mail Service (5.5.2653.19) id ; Thu, 18 Nov 2004 12:59:09 -0000 Message-ID: <386AEEE1B7BAC34CB4DDF394C2349278D6E838-at-w2cs-nyk02.gam.com> From: "Inker, Evan" To: hangout-at-nylxs.com Subject: [hangout] Review: OpenBSD 3.6 shows steady improvement Date: Thu, 18 Nov 2004 12:57:52 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C4CD6E.371CFDC0" Sender: owner-hangouts-at-mrbrklyn.com Precedence: bulk Reply-To: "Inker, Evan" List: New Yorker GNU Linux Scene Admin: To unsubscribe send unsubscribe name-at-domian.com in the body to hangout-request-at-www2.mrbrklyn.com X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on www2.mrbrklyn.com X-Spam-Status: No, score=-2.3 required=4.0 tests=AWL,BAYES_00,HTML_20_30, HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=no version=3.0.0 X-Spam-Level: X-Keywords: X-UID: 39297 Status: RO Content-Length: 27974 Lines: 617
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4CD6E.371CFDC0 Content-Type: text/plain
Title Review: OpenBSD 3.6 shows steady improvement Date 2004.11.17 12:00 Author StoneLion Topic http://www.newsforge.com/article.pl?sid=04/11/16/1544210
The OpenBSD team earlier this month released version 3.6 of the free operating system, with support for more hardware, updated application software, and bug fixes included. This time around OpenBSD has added support for multi-CPU systems, a number of drivers for new peripheral hardware, and about 200 more applications to the Ports tree. We took the new version for a spin, and liked what we found.
Since we've previously reviewed OpenBSD 3.5, we won't repeat everything, but here is a quick list of the general features intrinsic to the operating system:
* OpenBSD is secure by default -- in other words, the base system that you install will not have any security flaws or enabled services that could compromise the integrity of your system.
* OpenBSD is easy to install, set up, and use, but it's all done from the command line. If you want to learn and use OpenBSD, you'd better be familiar with the man command.
* The documentation via the manual pages is superb.
* All of the software you'll need to run a Web, mail, NFS, DHCP, or file server is installed and ready to be configured and enabled.
* New programs are easy to install, update, and manage through the Ports system.
* OpenBSD includes integrated cryptography, which is used by some parts of the base system to enhance security.
OpenBSD doesn't necessarily make as complete a desktop system as FreeBSD or one of the desktop GNU/Linux distributions does, but you can certainly use it to get email, chat on IRC, browse the Web, or write a book. There are no hardware accelerated drivers for Nvidia, ATI, or Intel video chips, so 3D games are out of the question, but you can still get good color depth and resolution in X11 for 2D applications. Desktop environments like KDE 3.2.3 and GNOME 2.6.2 are available through the Ports system, as are several window managers and a host of GUI-based programs that run in them. In all there are more than 2,700 programs in the OpenBSD 3.6 Ports tree which, unlike FreeBSD's Ports tree, remains static for each release. In other words, OpenBSD Ports follows the same release schedule that the base system does, as opposed to the maintainers updating the Ports as they see fit. This means that you'll be stuck with the same software versions until the next release (six months), but it also means that each OpenBSD installation will have exactly the same software on it, providing a standard, stable environment for sysadmins.
The quickest way to get OpenBSD 3.6 is through an FTP install. You download a small CD ISO or diskette image, boot from it, then download the installation sets from the OpenBSD FTP servers. Every time I try this I have some kind of problem, but the CD set always works perfectly on my systems.
Speaking of which, the OpenBSD 3.6 CD set is an inexpensive $45 (or 45 euros). Anyone seriously considering OpenBSD on the i386, SPARC/SPARC64, AMD64, VAX, or macPPC architectures will find the CD set to be a much more convenient and speedy method of installation.
OpenBSD's installation routine is spartan, but quick and simple. It's merely a script that goes through each step of a complete installation or upgrade of the base system. Depending on the speed of your computer and the size of your hard drive, installation can take between 10 and 30 minutes, and upgrades will usually take about half that. The upgrade script unfortunately does not upgrade precompiled application packages or any programs that you've installed through Ports, and there is no Portupgrade program to automate this process as there is in FreeBSD. To upgrade your programs, you'll have to reinstall each one individually -- not difficult to do, but certainly tedious if you have a number of programs on your system. Some people prefer to deinstall all packages prior to the upgrade, then reinstall the new versions afterward. Packages are not as easy to get from the FTP repository as Ports are, but are much quicker to install on slower systems and easier to distribute to multiple installations.
If you choose to upgrade your Ports after the upgrade, you can run the /usr/ports/infrastructure/build/out-of-date script to determine which ones need to be upgraded, then locate each one and deinstall and reinstall it.
New in 3.6
Included with the standard installation are OpenSSH 3.9 (OpenSSH is part of the OpenBSD project) and OpenSSL 0.9.7d; GCC 2.95.3 and 3.3.2 with the ProPolice add-on installed and enabled by default; Perl 5.8.5; Apache 1.3.29 with default chrooting , privilege revocation, mod_ssl 2.8.16 and DSO support; Sendmail 8.13.0 with libmilter ; BIND 9.2.3; Heimdal 0.6rc1; and a customized fork of XFree86 4.4.0 without the new, more restrictive licensing. Other packages like Lynx and Sudo are also included, and most of the above-listed programs include specialized patches from the OpenBSD team to enhance security and functionality.
Hands On
I tested out OpenBSD 3.6 on my most temperamental system: a Dell Inspiron 3800 laptop. I had no trouble with my PCMCIA Xircom wired or Linksys wireless network cards, nor did I have any trouble switching between the two. I could install and use XFree86 without any trouble, and everything seemed to work just as perfectly as it did in the previous release. I didn't have any multi-CPU systems running the new SMP support on either the AMD64 or i386 editions.
The OpenBSD project cannot guarantee the security of programs in the Ports tree, but they do make an effort to ensure that obviously insecure programs don't make it into Ports. If a security bulletin is sent out about programs in either the base system or Ports, OpenBSD provides patches individually or as a separate branch of the entire project. The process for applying a single patch is detailed at the top of each patch file, making installation as easy as following a couple of lines of instructions. As of this writing there are no listed security bulletins, but if there are, they'd appear here .
The PATCH branch of OpenBSD is one of three separate yet related divisions of the project. The first and most obvious is RELEASE, which remains consistent throughout the six-month lifespan of an official OpenBSD release. PATCH is RELEASE plus any security updates, and is updated as patches are released. The third branch is CURRENT, which is the cutting edge of OpenBSD development. Obviously you don't want to run in-development code on a production machine, so CURRENT is really only useful to people interested in contributing to the project. These branches are not isolated to the base system; they also include the entire Ports tree.
Conclusions
I'm certain the OpenBSD team would think this a trivial matter, but for the next version I would really like to see a Portupgrade-like program to upgrade the compiled Ports to the new version without a great deal of hassle.
Aside from that single gripe, what strikes me most about OpenBSD in general is the professional manner in which it is developed and released. By professional I don't mean "corporate," as in meaningless meetings, bad design strategies, incompetent bosses, unreasonable deadlines, etc. I mean it's released on time with few problems and it does exactly what it claims to do.
Each release is a small step forward; operating system development should be a battle of inches instead of historically disastrous attempts at giant leaps, and OpenBSD 3.6 personifies that philosophy. With the exception of SMP support, every enhancement new to 3.6 is a few inches forward. Some things may seem little but mean a great deal to those who requested and developed them. Others might not be able to notice any difference at all between 3.5 and 3.6.
OpenBSD 3.6 is among the better AMD64 operating systems out there, which may make it a suitable server replacement for FreeBSD, which continues to suffer from a horrible AMD64 SMP implementation. If you want to set up a cheap, secure home server, or if you'd like to get into using the command line interface more proficiently, OpenBSD 3.6 is an excellent operating system to choose.
Purpose Server operating system Manufacturer The OpenBSD Project Architectures i386, AMD64/EM64T, SPARC, SPARC64Alpha, HP300, HPPA, Mac68k, MacPPC, mvme68k, mvme88k, luna88k, VAX License BSD Market Servers of all kinds, for home, office, or enterprise; security-minded users and sysadmins Price (retail) $45 for a 3-CD set. Click here to buy it directly from the OpenBSD site. Can be installed over FTP for free Previous version 3.5 Product Web site Click here
Jem Matzan is the author of three books, a freelance journalist and the editor-in-chief of The Jem Report .
Links
_____
1. "released" - http://os.newsforge.com/article.pl?sid=04/10/29/1856256&tid=8
2. "reviewed OpenBSD 3.5" - http://os.newsforge.com/article.pl?sid=04/07/20/180234&tid=8
3. "integrated cryptography" - http://www.openbsd.com/crypto.html
4. "you can certainly use it" - http://software.newsforge.com/article.pl?sid=04/10/15/181232&tid=130
5. "OpenBSD 3.6 CD set" - https://https.openbsd.org/cgi-bin/order
6. "45 euros" - https://https.openbsd.org/cgi-bin/order.eu
7. "ProPolice" - http://www.trl.ibm.com/projects/security/ssp
8. "default chrooting" - http://www.openbsd.org/faq/faq10.html#httpdchroot
9. "libmilter" - http://www.milter.org/
10. "they'd appear here" - http://www.openbsd.org/errata.html
11. "The OpenBSD Project" - http://www.openbsd.org/
12. "Click here to buy it directly from the OpenBSD site" - http://www.openbsd.com/orders.html
13. "installed over FTP" - http://www.openbsd.org/faq/faq4.html
14. "Click here" - http://www.openbsd.com/
15. "author" - http://www.herotale.com/
16. "The Jem Report" - http://www.thejemreport.com/
**************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ****************************************************************************
------_=_NextPart_001_01C4CD6E.371CFDC0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
Message
http://www.newsforge.com/article.pl?sid=3D04/11/16/1544210<= /SMALL>=20
The OpenBSD team earlier this month href=3D"http://os.newsforge.com/article.pl?sid=3D04/10/29/1856256&tid= =3D8">released=20 version 3.6 of the free operating system, with support for more hardware,= updated application software, and bug fixes included. This time around Ope= nBSD=20 has added support for multi-CPU systems, a number of drivers for new periph= eral=20 hardware, and about 200 more applications to the Ports tree. We took the ne= w=20 version for a spin, and liked what we found.
Since we've previously href=3D"http://os.newsforge.com/article.pl?sid=3D04/07/20/180234&tid=3D= 8">reviewed=20 OpenBSD 3.5, we won't repeat everything, but here is a quick list of th= e=20 general features intrinsic to the operating system:
- OpenBSD is secure by default -- in other words, the base system that =
you=20 install will not have any security flaws or enabled services that could= compromise the integrity of your system.=20 - OpenBSD is easy to install, set up, and use, but it's all done from t=
he=20 command line. If you want to learn and use OpenBSD, you'd better be famil= iar=20 with the man command.=20 - The documentation via the manual pages is superb.=20
- All of the software you'll need to run a Web, mail, NFS, DHCP, or fil=
e=20 server is installed and ready to be configured and enabled.=20 - New programs are easy to install, update, and manage through the Port=
s=20 system.=20 - OpenBSD includes integ=
rated=20 cryptography, which is used by some parts of the base system to enhan= ce=20 security.
OpenBSD doesn't necessarily make as complete a desktop system as FreeBSD= or=20 one of the desktop GNU/Linux distributions does, but href=3D"http://software.newsforge.com/article.pl?sid=3D04/10/15/181232&= tid=3D130">you=20 can certainly use it to get email, chat on IRC, browse the Web, or writ= e a=20 book. There are no hardware accelerated drivers for Nvidia, ATI, or Intel v= ideo=20 chips, so 3D games are out of the question, but you can still get good colo= r=20 depth and resolution in X11 for 2D applications. Desktop environments like = KDE=20 3.2.3 and GNOME 2.6.2 are available through the Ports system, as are severa= l=20 window managers and a host of GUI-based programs that run in them. In all t= here=20 are more than 2,700 programs in the OpenBSD 3.6 Ports tree which, unlike=20 FreeBSD's Ports tree, remains static for each release. In other words, Open= BSD=20 Ports follows the same release schedule that the base system does, as oppos= ed to=20 the maintainers updating the Ports as they see fit. This means that you'll = be=20 stuck with the same software versions until the next release (six months), = but=20 it also means that each OpenBSD installation will have exactly the same sof= tware=20 on it, providing a standard, stable environment for sysadmins.
The quickest way to get OpenBSD 3.6 is through an FTP install. You downl= oad a=20 small CD ISO or diskette image, boot from it, then download the installatio= n=20 sets from the OpenBSD FTP servers. Every time I try this I have some kind o= f=20 problem, but the CD set always works perfectly on my systems.
Speaking of which, the href=3D"https://https.openbsd.org/cgi-bin/order">OpenBSD 3.6 CD set is = an=20 inexpensive $45 (or = 45=20 euros). Anyone seriously considering OpenBSD on the i386, SPARC/SPARC64= ,=20 AMD64, VAX, or macPPC architectures will find the CD set to be a much more= convenient and speedy method of installation.
OpenBSD's installation routine is spartan, but quick and simple. It's me= rely=20 a script that goes through each step of a complete installation or upgrade = of=20 the base system. Depending on the speed of your computer and the size of yo= ur=20 hard drive, installation can take between 10 and 30 minutes, and upgrades w= ill=20 usually take about half that. The upgrade script unfortunately does not upg= rade=20 precompiled application packages or any programs that you've installed thro= ugh=20 Ports, and there is no Portupgrade program to automate this process as ther= e is=20 in FreeBSD. To upgrade your programs, you'll have to reinstall each one=20 individually -- not difficult to do, but certainly tedious if you have a nu= mber=20 of programs on your system. Some people prefer to deinstall all packages pr= ior=20 to the upgrade, then reinstall the new versions afterward. Packages are not= as=20 easy to get from the FTP repository as Ports are, but are much quicker to= install on slower systems and easier to distribute to multiple=20 installations.
If you choose to upgrade your Ports after the upgrade, you can run the= /usr/ports/infrastructure/build/out-of-date script to determine which ones= need=20 to be upgraded, then locate each one and deinstall and reinstall it.
New in 3.6
Included with the standard installation are OpenSSH 3.9 (OpenSSH is part= of=20 the OpenBSD project) and OpenSSL 0.9.7d; GCC 2.95.3 and 3.3.2 with the href=3D"http://www.trl.ibm.com/projects/security/ssp">ProPolice add-on= installed and enabled by default; Perl 5.8.5; Apache 1.3.29 with href=3D"http://www.openbsd.org/faq/faq10.html#httpdchroot">default chrootin= g,=20 privilege revocation, mod_ssl 2.8.16 and DSO support; Sendmail 8.13.0 with = href=3D"http://www.milter.org/">libmilter; BIND 9.2.3; Heimdal 0.6rc1; = and a=20 customized fork of XFree86 4.4.0 without the new, more restrictive licensin= g.=20 Other packages like Lynx and Sudo are also included, and most of the=20 above-listed programs include specialized patches from the OpenBSD team to= enhance security and functionality.
Hands On
I tested out OpenBSD 3.6 on my most temperamental system: a Dell Inspiro= n=20 3800 laptop. I had no trouble with my PCMCIA Xircom wired or Linksys wirele= ss=20 network cards, nor did I have any trouble switching between the two. I coul= d=20 install and use XFree86 without any trouble, and everything seemed to work = just=20 as perfectly as it did in the previous release. I didn't have any multi-CPU= systems running the new SMP support on either the AMD64 or i386 editions.<= /P>
The OpenBSD project cannot guarantee the security of programs in the Por= ts=20 tree, but they do make an effort to ensure that obviously insecure programs= don't make it into Ports. If a security bulletin is sent out about program= s in=20 either the base system or Ports, OpenBSD provides patches individually or a= s a=20 separate branch of the entire project. The process for applying a single pa= tch=20 is detailed at the top of each patch file, making installation as easy as= following a couple of lines of instructions. As of this writing there are = no=20 listed security bulletins, but if there are, href=3D"http://www.openbsd.org/errata.html">they'd appear here.
The PATCH branch of OpenBSD is one of three separate yet related divisio= ns of=20 the project. The first and most obvious is RELEASE, which remains consisten= t=20 throughout the six-month lifespan of an official OpenBSD release. PATCH is= RELEASE plus any security updates, and is updated as patches are released.= The=20 third branch is CURRENT, which is the cutting edge of OpenBSD development.= Obviously you don't want to run in-development code on a production machin= e, so=20 CURRENT is really only useful to people interested in contributing to the= project. These branches are not isolated to the base system; they also inc= lude=20 the entire Ports tree.
Conclusions
I'm certain the OpenBSD team would think this a trivial matter, but for = the=20 next version I would really like to see a Portupgrade-like program to upgra= de=20 the compiled Ports to the new version without a great deal of hassle.
Aside from that single gripe, what strikes me most about OpenBSD in gene= ral=20 is the professional manner in which it is developed and released. By=20 professional I don't mean "corporate," as in meaningless meetings, bad desi= gn=20 strategies, incompetent bosses, unreasonable deadlines, etc. I mean it's=20 released on time with few problems and it does exactly what it claims to do= .
Each release is a small step forward; operating system development shoul= d be=20 a battle of inches instead of historically disastrous attempts at giant lea= ps,=20 and OpenBSD 3.6 personifies that philosophy. With the exception of SMP supp= ort,=20 every enhancement new to 3.6 is a few inches forward. Some things may seem= little but mean a great deal to those who requested and developed them. Ot= hers=20 might not be able to notice any difference at all between 3.5 and 3.6.
OpenBSD 3.6 is among the better AMD64 operating systems out there, which= may=20 make it a suitable server replacement for FreeBSD, which continues to suffe= r=20 from a horrible AMD64 SMP implementation. If you want to set up a cheap, se= cure=20 home server, or if you'd like to get into using the command line interface = more=20 proficiently, OpenBSD 3.6 is an excellent operating system to choose.
style=3D"BORDER-RIGHT: 1pt solid; BORDER-TOP: 1pt solid; MARGIN-LEFT: auto;= BORDER-LEFT: 1pt solid; MARGIN-RIGHT: auto; BORDER-BOTTOM: 1pt solid"> Purpose | Server operating system | Manufacturer | Th= e OpenBSD=20 Project | Architectures | i386, AMD64/EM64T, SPARC, SPARC64Alpha, HP300, HPPA,= Mac68k, MacPPC, mvme68k, mvme88k, luna88k, VAX | License | BSD | Market | Servers of all kinds, for home, office, or enterprise;= security-minded users and sysadmins | Price (retail)D> | $45 for a 3-CD set. href=3D"http://www.openbsd.com/orders.html">Click here to buy it dire= ctly=20 from the OpenBSD site. Can be href=3D"http://www.openbsd.org/faq/faq4.html">installed over FTP = for=20 free | Previous version<= /TD> | 3.5 | Product Web site<= /TD> | Click=20 here |
Jem Matzan is the author of= three=20 books, a freelance journalist and the editor-in-chief of href=3D"http://www.thejemreport.com/">The Jem Report.
- "released" -=20
http://os.newsforge.com/article.pl?sid=3D04/10/29/1856256&tid=3D8=20 - "reviewed OpenBSD 3.5" -=20
http://os.newsforge.com/article.pl?sid=3D04/07/20/180234&tid=3D8=20 - "integrated cryptography" - http://www.openbsd.com/crypto.html=20
- "you can certainly use it" -=20
http://software.newsforge.com/article.pl?sid=3D04/10/15/181232&tid=3D= 130=20 - "OpenBSD 3.6 CD set" - https://https.openbsd.org/cgi-bin/order=20
- "45 euros" - https://https.openbsd.org/cgi-bin/order.eu=20
- "ProPolice" - http://www.trl.ibm.com/projects/security/ssp=20
- "default chrooting" - http://www.openbsd.org/faq/faq10.html#httpdchro=
ot=20 - "libmilter" - http://www.milter.org/=20
- "they'd appear here" - http://www.openbsd.org/errata.html=20
- "The OpenBSD Project" - http://www.openbsd.org/=20
- "Click here to buy it directly from the OpenBSD site" -=20
http://www.openbsd.com/orders.html=20 - "installed over FTP" - http://www.openbsd.org/faq/faq4.html=20
- "Click here" - http://www.openbsd.com/=20
- "author" - http://www.herotale.com/=20
- "The Jem Report" - http://www.thejemreport.com/
***************************************************************************= *
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
***************************************************************************= *
------_=_NextPart_001_01C4CD6E.371CFDC0-- ____________________________ NYLXS: New Yorker Free Software Users Scene Fair Use - because it's either fair use or useless.... NYLXS is a trademark of NYLXS, Inc
|
|