login
Search
"We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install," Theo de Raadt announced. In addition to a lengthy list of new features and improvements, the release announcement includes a dedication:
"We dedicate this release to the memory of long-time developer Jun-ichiro 'itojun' Itoh Hagino, who focused his life on IPv6 deployment for everyone. Without his BSD and IETF participation, IPv6 would not be where it is today. Only now people are becoming aware of his numerous contributions because he took credit for much less than he accomplished. The developers in our project will all miss him."
From: Theo de Raadt Subject: OpenBSD 4.2 release November 1, 2007 Date: Oct 31, 8:41 pm 2007 Note that 4.2 has install ISO files for most architectures. They are roughly 230MB in size. If you choose to use those, please avoid also fetching the base42.tgz, and other such files, since they are included in the ISO image. If you choose to NOT use the ISO image, then.. well it's kind of obvious. There is no need to put double the load onto the ftp mirrors. Enjoy. Nov 1, 2007. We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. We dedicate this release to the memory of long-time developer Jun-ichiro "itojun" Itoh Hagino, who focused his life on IPv6 deployment for everyone. Without his BSD and IETF participation, IPv6 would not be where it is today. Only now people are becoming aware of his numerous contributions because he took credit for much less than he accomplished. The developers in our project will all miss him. As in our previous releases, 4.2 provides significant improvements, including new features, in nearly all areas of the system: - New/extended platforms: o OpenBSD/sparc64. The PCIe UltraSPARC IIIi machines like the V215 and V245 are now supported. o OpenBSD/hppa. Four-digit B/C/J-class workstations like the B2000, C3750 or J6750 are now supported (in 32-bit mode). o OpenBSD/alpha. Add support in the alpha platform for a couple of new Alpha models, AlphaServer 1200 and 4100. - Platforms skipped this release: o OpenBSD/sgi. This architecture will not be released this time. - Install/Upgrade process changes: o New install method!! For the most popular architectures, the FTP sites have a ~200MB install ISO file, which contains the base set, permitting non-network installs. o Allow the specification of an NTP server during installation. o Allow no fsck'ing of clean non-root partitions during upgrade. o Check for INSTALL.<arch> to confirm sets are for the correct architecture. o Create and format the MSDOS partition for macppc installs in a more flexible and reliable way. - Improved hardware support, including: o Native Serial-ATA support: o ahci(4) driver for SATA controllers conforming to the Advanced Host Controller Interface specification. o jmb(4) driver for the JMicron JMB36x SATA II and PATA Host Controller. o sili(4) driver for SATA controllers using the Silicon Image 3124/3132/3531 SATALink chipsets. o The pciide(4) driver has had support added for newer chipsets, including: o Intel ICH8M PATA o JMicron JMB36x PATA o VIA CX700/VX700 PATA o The lm(4) driver now supports Winbond W83627DHG and W83627EHF-A Super I/O Hardware Monitors. o The siop(4) driver now has support for NCR 53C720/770 controllers in big endian mode. In particular this means that the onboard Fast-Wide SCSI on many hppa machines is supported now. o New tht(4) driver for Tehuti Networks 10Gb Ethernet controllers. o The malo(4) driver now supports Marvell 88W8385 802.11g based Compact Flash devices. o New uts(4) driver for USB touch screens, supported by the xtsscale(1) calibration utility. o The i810(4) X.Org driver and the PCI AGP driver now support Intel i965GM chips. o New led(4) driver for the front panel LEDs on the V215/245. o New bbc(4) driver providing support for the BootBus Controllers in UltraSparc III systems. o New pmc(4) driver for the watchdog(4) timer on the National Semiconductor PC87317 SuperIO chip. o New pyro(4) driver for the SPARC64 Host/PCIe bridge. o New astro(4) driver for the Astro Memory and I/O controller on hppa. o New elroy(4) driver for the Elroy PCI hostbridge on hppa. o New lcd(4) driver for the front panel LCD display on hppa. o New ssio(4) driver for the National Semiconductor PC87560 Legacy IO on hppa. o New pxammc(4) driver for the MMC/SD/SDIO controller on zaurus. o New xlights(4) driver for the front panel lights on the Xserve G4. o New sysbutton(4) driver for the system identification button on the Xserve G4. o New piixpcib(4) driver for System Management Mode initiated speedstep frequency scaling on certain pairings of the Intel PIIX4 ISA bridges and Intel Pentium 3 processors. o CPU frequency and voltage can now be scaled on all CPUs when running GENERIC.MP on a multiprocessor i386 or AMD64 machine with enhanced speedstep or powernow. o Intel enhanced speedstep is now supported on OpenBSD/amd64. o New support for the on die CPU temperature sensor found on the Intel Core family of processors. o The nvram(4) driver is now available on OpenBSD/amd64. - New tools: o cwm(1) has replaced wm2 as a simple-looking low-resource window manager. o zless(1), view compressed files with less(1). o mount_vnd(8), a utility to configure vnode disks from fstab(5). - New functionality: o FFS2, the updated version of the fast file system. o ftp(1) now can send cookies loaded from a netscape-like cookiejar, supports proxies requiring a password, and has a keep-alive option to avoid over-aggressive control connection dropping. o pkg_add(1) has been vastly improved. It is more robust, outputs more consistent error messages, and can deal with a lot more update scenarios gracefully. It also has much better look-up capabilities for multiple entries in PKG_PATH, stopping at the first directory with suitable candidates. o ftp-proxy(8) is now able to automatically tag packets passing through the pf(4) rule with a supplied name. o Kernel work queues, workq_add_task(9), workq_create(9), workq_destroy(9) provides a mechanism to defer tasks to a process context when it is impossible to run such a task in the current context. o ifconfig(8) now understands IP address/mask in CIDR notation. o Add IP (v4 and v6) load balancing to carp(4), similar to the ARP balancing. o sensorsd(8) now supports a zero-configuration monitoring and has a more intuitive logging for all sensors that automatically provide sensor state. It also features advancements in user-specified monitoring, including monitoring of sensors that are periodically flagged as invalid. o sensorsd.conf(5) now supports sensor matching by sensor type, allowing easier configuration. o The i386 bootloader can now load amd64 kernels. o The amd64 bootloader can now load i386 kernels. - Assorted improvements and code cleanup: o Large (>1TB) disk and partition support in the disklabel and buffer cache code and in the userland utilities that manipulate disk blocks. Note that some parts of the system are not 64-bit disk block clean yet, so partitions larger than 2TB cannot be used at the moment. o Large (>2^32-1 sectors) SCSI disk sizes now probed. o Thread support for the Objective-C library (libobjc). o carp route handling has been fixed, solving some problems the routing daemons were exhibiting. o Various improvements in pf increase performance drastically, stateful passing more than twice as fast than before. o A change in how the kernel random pool is stirred increases performance with network interface cards that support interrupt mitigation a lot. o i386 TLB handling improved to avoid possible corruption on Core2Duo processors. o Rework TLB shootdown code for i386 and amd64, gives fairly large speed improvements. o i386 and amd64 use the BIOS disk geometry when creating default disklabels. o Default disk geometry changed from 64 heads/32 sectors to 255 heads/63 sectors. o More USB devices with various quirks coerced to work. o Archive/Wangtek cartridge tape drives (wt*) no longer supported. o rcs has improved GNU compatibility. o make(1) has improved stability of -j option. - OpenSSH 4.7: o Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails. o sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. o The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. o ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. o A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. o A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes o Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. o ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - OpenBGPD 4.2: o Include support for Four-octet AS Number Space. o Allow matching on communities using 0 in the AS part. o Filtering on IPv6 prefixes is now possible. o Various bugs in the encoding of multiprotocol updates were fixed. o Allow the use of pkill -HUP bgpd to reload the config. o bgpctl can filter prefix output by community now. - OpenOSPFD 4.2: o Added support for RFC 3137: OSPF Stub Router Advertisement. o It is possible to specify a carp demote group on interfaces and areas. o Added support for mapping route labels to AS-external route tags and vice versa. o Allow the use of pkill -HUP ospfd to reload the config. - HostStated 4.2: o Added support for Layer 7 load balancing (or relay). o Added support for reloading through hoststatectl or SIGHUP. o Added support for testing name-based virtual hosts. - Over 4,500 ports, minor robustness improvements in package tools. o Many pre-built packages for each architecture: i386: 4360 sparc64: 4205 alpha: 3779 sh: 817 amd64: 4283 powerpc: 4230 sparc: 3283 m68k: 1107 arm: 2131 hppa: 3215 o Highlights include: o Gnome 2.18. o GNUstep 1.14. o KDE 3.5.7 and koffice 1.6.3. o Xfce 4.4.1. o OpenMotif 2.3.0. o OpenOffice.org 2.2.1. o Mozilla Firefox 2.0.0.6. o PostgreSQL 8.2.4. o GHC 6.6.1 (amd64 and i386 only) - As usual, steady improvements in manual pages and other documentation. - The system includes the following major components from outside suppliers: o Xenocara (based on X.Org 7.2 + patches, freetype 2.2.1, fontconfig 2.4.2, expat 2.0.0, Mesa 6.5.2, xterm 225 and more) o Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches) o Perl 5.8.8 (+ patches) o Our improved and secured version of Apache 1.3, with SSL/TLS and DSO support o OpenSSL 0.9.7j (+ patches) o Groff 1.15 o Sendmail 8.14.1, with libmilter o Bind 9.3.4 (+ patches) o Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches) o Sudo 1.6.9p4 o Ncurses 5.2 o Latest KAME IPv6 o Heimdal 0.7.2 (+ patches) o Arla 0.35.7 o Binutils 2.15 (+ patches) o Gdb 6.3 (+ patches) If you'd like to see a list of what has changed between OpenBSD 4.1 and 4.2, look at http://www.OpenBSD.org/plus42.html Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list. We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 4.2 FTP/CD-ROM binaries and the actual 4.2 release date, our team found and fixed some new reliability problems (note: most are minor and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to http://www.OpenBSD.org/security.html and http://www.OpenBSD.org/errata.html Security patch announcements are sent to the security-announce@OpenBSD.org mailing list. For information on OpenBSD mailing lists, please see: http://www.OpenBSD.org/mail.html OpenBSD 4.2 is also available on CD-ROM. The 3-CD set costs USD (EUR 50 including VAT) and is available via mail order and from a number of contacts around the world. The set includes a colourful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers is also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an audio track, a song entitled "100001 1010101". Lyrics (and an explanation) for the songs may be found at: http://www.OpenBSD.org/lyrics.html#42 Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. The OpenBSD 4.2 CD-ROMs are bootable on the following four platforms: o i386 o amd64 o macppc o sparc64 (Other platforms must boot from floppy, network, or other method). For more information on ordering CD-ROMs, see: http://www.OpenBSD.org/orders.html The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to: https://https.OpenBSD.org/cgi-bin/order or, for European orders: https://https.OpenBSD.org/cgi-bin/order.eu All of our developers strongly urge you to buy a CD-ROM and support our future efforts. Additionally, donations to the project are highly appreciated, as described in more detail at: http://www.OpenBSD.org/goals.html#funding For those unable to make their contributions as straightforward gifts, the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian not-for-profit corporation that can accept larger contributions and issue receipts. In some situations, their receipt may qualify as a business expense writeoff, so this is certainly a consideration for some organizations or businesses. There may also be exposure benefits since the Foundation may be interested in participating in press releases. In turn, the Foundation then uses these contributions to assist OpenBSD's infrastructure needs. Contact the foundation directors at directors@openbsdfoundation.org for more information. The project continues to expand its funding base by selling t-shirts and polo shirts. And our users like them too. We have a variety of shirts available, with the new and old designs, from our web ordering system at: https://https.OpenBSD.org/cgi-bin/order and for Europe: https://https.OpenBSD.org/cgi-bin/order.eu The OpenBSD 4.2 t-shirts are available now. The new shirt for 4.2 has a newly drawn version of Puffy (the blowfish) on a simple black shirt. We also sell our older shirts, as well as a selection of OpenSSH t-shirts. If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP. With the CD-ROMs, the necessary documentation is easier to find. 1) Read either of the following two files for a list of ftp mirrors which provide OpenBSD, then choose one near you: http://www.OpenBSD.org/ftp.html ftp://ftp.OpenBSD.org/pub/OpenBSD/4.2/ftplist As of Nov 1, 2007, the following ftp mirror sites have the 4.2 release: ftp://ftp.kd85.com/pub/OpenBSD/4.2/ Austria ftp://ftp.stacken.kth.se/pub/OpenBSD/4.2/ Sweden ftp://ftp2.usa.openbsd.org/pub/OpenBSD/4.2/ NYC, USA ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.2/ CO, USA ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.2/ CA, USA ftp://rt.fm/pub/OpenBSD/4.2/ IL, USA The release is also available at the master site: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/ Alberta, Canada However it is strongly suggested you use a mirror. Other mirror sites may take a day or two to update. 2) Connect to that ftp mirror site and go into the directory pub/OpenBSD/4.2/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT amd64/ macppc/ sys.tar.gz Changelogs/ armish/ mvme68k/ tools/ HARDWARE ftplist packages/ vax/ PACKAGES hp300/ ports.tar.gz xenocara.tar.gz PORTS hppa/ root.mail zaurus/ README i386/ sparc/ SIZES landisk/ sparc64/ alpha/ mac68k/ src.tar.gz It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README HARDWARE - list of hardware we support PORTS - description of our "ports" tree PACKAGES - description of pre-compiled packages root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see: INSTALL.i386 cd42.iso floppyB42.fs pxeboot* INSTALL.linux cdboot* floppyC42.fs xbase42.tgz MD5 cdbr* game42.tgz xetc42.tgz base42.tgz cdemu42.iso index.txt xfont42.tgz bsd* comp42.tgz install42.iso xserv42.tgz bsd.mp* etc42.tgz man42.tgz xshare42.tgz bsd.rd* floppy42.fs misc42.tgz If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs or install42.iso files. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them). If you use the install42.iso file (roughly 200MB in size), then you do not need the various *.tgz files since they are contained on that one-step ISO-format install CD. 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files. 6) Just in case, take a peek at: http://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 4.2 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the pub/OpenBSD/4.2/tools directory to do so. X.Org has been integrated more closely into the system. This release contains X.Org 7.2.0. Most of our architectures ship with X.Org, including amd64, sparc, sparc64 and macppc. During installation, you can install X.Org quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 4.2 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). A large number of binary packages are provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.2/PACKAGES) for more details. The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.2/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/4.2/ directory: xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz OpenBSD 4.2 includes artwork and CD artistic layout by Ty Semaka, who also arranged an audio track on the OpenBSD 4.2 CD set. Ports tree and package building by Antoine Jacoutot, Peter Valchev, Robert Nagy and Christian Weisgerber. System builds by Theo de Raadt, Kenji Aoyama, and Miod Vallat. X11 builds by Todd Fries. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 4.2 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Alexandre Anriot, Antoine Jacoutot, Aleksander Piotrowski, Kenji Aoyama, Artur Grabowski, Anil Madhavapeddy, Bob Beck, Bernd Ahlers, Bjorn Sandell, Alexander Bluhm, Camiel Dobbelaar, Can Erkin Acar, David Cathcart, Charles Longeau, Chris Kuethe, Claudio Jeker, Chad Loder, Constantine A. Murenin, Damien Couderc, Damien Bergamini, Dan Harnett, David Collins, David Krause, David Berghoff, Deanna Phillips, Theo de Raadt, Daniel Hartmeier, David Hill, Dimitry Andric, Damien Miller, David Gwynne, Don Stewart, Dale Rahn, Darren Tucker, Eric Faurot, Marc Espie, Federico G. Schwindt, Felix Kronlage, Mike Frantzen, Gilles Chehade Alexander Yurchenko, Alexander von Gernler, Gordon Willem Klok, Henning Brauer, Henric Jungheim, Hans Insulander, Hakan Olsson, Hans-Joerg Hoexer, Hugh Graham, Ian Darwin, Jun-ichiro "itojun" Itoh Hagino, Jakob Schlyter, Jared Yanovich, Jason Wright, Jacob Meuser, Jasper Lievisse Adriaanse, Joshua Stein, Jason Dixon, Janne Johansson, Jason McIntyre, Joel Knight, Jolan Luff, Jordan Hargrave, Joris Vink, Jonathan Gray, Jan-Uwe Finck, Mark Kettenis, Kevin Lo, Matthias Kilian, Kenjiro Cho, Kjell Wooding, Kenneth R Westerback, Kurt Miller, Mats O Jansson, Marco S Hyman, Marco Peereboom, Marc Matteo, Markus Friedl, Martin Reindl, Martynas Venckus, Matthieu Herrb, Marc Balmer, Ryan Thomas McBride, Michael Erdely, Marcus Glocker, Moritz Grimm, Michele Marchetto, Todd C. Miller, Miod Vallat, Michael Coulter, Michael Knudsen, Moritz Jodeit, Marco Pfatschbacher, Mathieu Sauve-Frankel, Christian Weisgerber, Nathan Binkert, Niall O'Higgins, Nick Holland, Nils Nordman, Esben Norby, Thomas Nordin, Otto Moerbeek, Christopher Pascoe, Patrick Latifi, Philipp Buehler, Peter Valchev, Pierre-Yves Ritschard, Alexandre Ratchov, Ray Lai, Robert Nagy, Reyk Floeter, Rui Reis, Saad Kadhi, Simon Bertrang, Stephen Kirkham, Igor Sobrado, Steven Mestdagh, Kevin Steves, Stuart Henderson, Nikolay Sturm, Ted Unangst, Thordur I. Bjornsson, Tobias Stoeckmann, Todd T. Fries, Tom Cosgrove, Uwe Stuehler, Tobias Weingartner, Peter Stromberg, Marc Winiger, Wim Vandeputte, Xavier Santolaria.
Congratulations!
Congratulations on a new release! :)
Silly claim
I found the tagline
silly back in the day when there has never been a known remote hole in the default install. After all it's very easy to do: don't start any network interfaces in the default install.
Now that they had actually two remote holes in a barely useful system (just ssh), I think this claim is outright ridiculous.
And what does "default install" mean anyway? The OS should just ask me what kind of install I want (desktop, server, development, ...). No default.
So please OpenBSDers, stop flattering yourself. This is disgusting.
I'm sure someone has asked
I'm sure someone has asked you to stop trolling, but that hasn't stopped you, now has it?
Default Troll
This post managed twelve hours without a default troll.
default install means
default install means exactly that, "default install" - am I not understanding you or are you not understanding it? I really don't see how you cannot comprehend that. =)
So on a serious note, if you are indeed serious, then why don't you simply read up on it - and then later on, look at the code and compare it to other OS-OS's, including something limited to say, a 'kernel'. Then let's talk about clean, secure, standard, non-fragmented code. >=)
As for the tagline, personally speaking, I think it's not needed as OpenBSD speaks for itself now'a days. It has done the most for 'everyone' as a whole, and the best at it! We should all be giving more to OpenBSD and not just credit alone.
Then why don't they just
Then why don't they just turn TCP/IP off in the "default install" and claim "no remote holes evah!"? I guess because it would be just too damn obvious.
Maybe other OSs should start to do that just to make fun of OpenBSD. :D
Anyway, my point was that having a "default install" is silly. The OS installer should guide you through different choices without default. This is stone age.
And 2 remote holes in a install with just SSH enabled is *not* a good track record. It's downright embarrassing. So start thinking for yourself, people.
Default install
"Anyway, my point was that having a "default install" is silly. The OS installer should guide you through different choices without default. This is stone age."
That's the dumbest thing I've read in a while. What is "stone age" about having a functional and secure system after installation? You know exactly what you have, and what you don't have. It's not like it's hard to enable other features.
How many remote holes does Windows have in its default install? More than two, I can tell you that much. If the various GNU/Linux distributions kept track, I'm pretty sure the number would easily exceed two.
This whole thing is about "secure by default". You don't have to worry about "hardening" the system after installation, because it's pretty damn secure already and yet quite functional.
Sheeesh - is this really so
Sheeesh - is this really so hard to understand?
A minimum system with ssh should be one *option*.
Another option should be a no-network computer.
Another option should be a standard desktop.
Another option should be a developper machine.
And so on. You always know what you get and can decide for yourself. Everything else *is* stone-age.
If you get a hard-on from your ultra-secure-by-default machine, why not turn of TCP/IP and SSH in the default install?
This claim is silly and casts a bad light on the OpenBSD developpers. How can you trust the security work of people who are constantly praising themselves? I know that I don't.
Put down your crack pipe, please.
"A minimum system with ssh should be one *option*."
It _is_ one option.
"If you get a hard-on from your ultra-secure-by-default machine, why not turn of TCP/IP and SSH in the default install?"
Because it would affect the "functional" part in "Free, functional & secure". The system is functional, yet quite secure. By default. Why do you get so upset about that fact?
"This claim is silly and casts a bad light on the OpenBSD developpers. How can you trust the security work of people who are constantly praising themselves?"
Their track record should be enough. Apart from the "only two remote holes ..." thing you're making so much noise about, what about the BIND exploit discovered just recently? Guess which operating system was not vulnerable.
Now, I suggest you stop trolling and adjust your medication.
Because it would affect the
How is that? A desktop machine without internet access is definitely functional for many usecases and has per definition no remote holes. So Windows 3.1 beats OpenBSD: no remote holes in default install in over 15 years!
OTOH for many people a machine with just SSH installed is completely useless.
Conclusion: the default install is something completely arbitrary and irrelevant. OpenBSD's claim of fame is ridiculous - they should switch to another one.
Are you kidding me? Two remote holes in a machine with *nothing* installed? That's downright embarrassing.
What about that? I'm not running BIND on any of my machines and never had to remove it because it was installed "by default". Thank god in most OSes you can decide what to install.
Oh, please.
I think you meant to say "no remote access in over 15 years". Yes, quite impressive.
And for others, it's not. For example, it's nice to know that your firewall software has only had two remote holes in over 10 years, don't you think?
You can do a lot with the default install. Well, not you perhaps.
The point was not BIND, but I guess you just conveniently ignored that and made it into a "BIND sucks" issue instead.
what about the BIND exploit
what about the BIND exploit discovered just recently? Guess which operating system was not vulnerable
Heh. Mine. I wouldn't touch BIND with a ten-foot pole.
-M
SSH
Considering just about every Linux dist, commercial UNIX, BSD, and a load of routers and other network devices use OpenSSH, you'd be hard pressed to use anything but Windows if you don't want to use OpenBSD's code.
Of course, you don't want to install Services for UNIX either, since that's OpenBSD derived as well.
Oh and they aren't making themselves look bad, you however are making yourself look pretty stupid.
Lying is easy.
I'd seen that it has 3 remote holes but it says only 2 remote holes.
Later, i'd seen that it has 4 remote holes but it says only 2 remote holes.
Later, i'd seen that it has 5 remote holes but it says only 2 remote holes.
Why didn't they say the other 3 hidden remote holes?
Because of inexistent NDA (Non-Disclosure Agreement), it's highly secret for reasons of National Security and the F.B.I. (Federal Bureau Investigation) men need those remote holes to spy us.
trolling is easy
You just keep talking, why i'm not sure.. Trolling is easy, you just keep going around making up claims and trying to support them based on information your pull out of your ass on the fly. Are you also a pathological liar? Do your parents know your on the internet?