With the already great wireless support, WPA and WPA2 support makes OpenBSD an excellent platform for wireless applications. Thanks to the OpenBSD team for their fantastic work!
What I really like about openbsd is its simplicity.
Yeah, they tend to think things through before adding to their source tree. Others just throw in poop to support the latest technology (with varying degrees of success).
The lack of WPA2 support was more a philosophical than a technical issue. Theo in particular didn't see WPA as all that useful and all the great. Many OpenBSD users use VPN+IPsec or something similar. This brings them closer to the mainstream, for better or for worse
Philosophical? What a ridiculous argument. The issue here is usability. Many large scale wireless networks (corporate networks, Universities etc.) use WPA/WPA2 (typically with some sort of centralised authentication scheme, i.e. WPA(2) Enterprise). Objecting to providing the means to access these networks because 'there is a better way to run a secure wireless network' is arrogant and counterproductive - if I can't get on my company network using OpenBSD, I won't use OpenBSD - it's as simple as that. I *can* do this with Linux (often sans binary blobs, if I wish), even if it's a little bit complex to manage... so that's what I will use.
Question: does anyone seriously propose that running IPsec is more sensible than WPA(2)-PSK for a home network (ADSL + wireless AP)? Only someone who has never actually had to deploy IPsec would suggest such a thing. WPA2 is much more secure than WEP (if you use reasonably long keys) and a hell of a lot easier to configure. IPsec is a horrible, horrible mess, particularly when NAT is required (OpenVPN is great but... again, ease of configuration and use with commodity home routers?).
The complexity of Linux's configuration tools is acknowledged. However, this is an area which is actively being improved. The nature of WPA is such that trying to support WPA enterprise via ifconfig is essentially impossible (you need a daemon of some sort running to manage key updates), so the OpenBSD people will have to face this if they want to add WPA enterprise support...
That said, I love OpenBSD, and congratulate them for this important feature addition - OpenBSD has contributed a lot to the success of Free Software (OpenSSH and free Atheros support being two prominent examples).
I am not arguing either way. I think that much is pretty obvious. With a project like OpenBSD, calling a philosophical argument ridiculous is pretty ridiculous in itself. Obviously usability is not a high priority for OpenBSD, for better or for worse. You can rant and rave all you want, but basically most people in the OpenBSD project at some stage thought WPA to a poor solution, and hence it has taken some time for support to be added. Ease of use for home owners really isn't that much of a concern for security focused project, now is it?
Ease of use for home owners really isn't that much of a concern for security focused project, now is it?
I'm not sure what you mean by "home owners", but I will assume you mean end-user. Personally I find OpenBSD easier to use than any GNU/Linux distribution I've ever tried. That's thanks to their good documentation, tools, and sane defaults.
The latest GNOME is also available, if you're into that sort of thing ;-) It's lacking some fancy features here that GNU/Linux has, but no nothing you can't live without.
So basically forget about using it in embedded systems, robotics, control applications etc. where you need to interact with existing wireless network infrastructure. That would include wireless access points. But hey, I can certainly see how not being able to access the network will improve security.
>Philosophical? What a ridiculous argument. The issue here is usability.
No the issue isn't childish usability. Every sane university (at least in Europe) does support VPN. Usability first is an option just for the Windows copycat Linux.
Yeah, after fscking around with ifconfig, iwconfig, iwpriv, wpa_supplicant, ndiswrapper, madwifi and what not on the few cards that are actually supported. Great stuff.
Yeah, all of those 2 seconds it took for me to configure WPA2 Enterprise is surely wasted time, now on OpenBSD , I'd just... Wait... No Enterprise? Oh well...
OpenBSD is a big hole of nothing.
You can't break into a concrete block, but then again, you can't use a concrete block for much...
How many WLAN stacks did Linux had until now? 3?
How many shedulers..?
Don't you think some users "might" wished that some developers would have thought before they would have start using gcc and commit patches....
Of course changing the Stack "frequently" also just "supports us" to gain access to a network...
Seriously: What are you bitching about?
Linux is in no way better and if you dislike OpenBSD: Well stop posting and stop using OpenSSH.
OpenBSD has ~80 developers.. none is realy "hired" as OpenBSD developer. Linux has.. how many? And how many are hired? And still there serious issues in some parts of the Kernel.I just remmeber the Ath5k-Driver and others wich where adopted by Linux and others.
Each OS has pro/contra.
So stop bitching. :)
So it's great OpenBSD supports WPA(2) PSK in a sane way right now!
Well done OpenBSD-Devs!
So, it's newsworthy because the OpenBSD fellows were able to set aside their bile filled tirades long enough to do something that had been supported in other kernels for years.
Other kernels do not support WPA the way OpenBSD does.
They rely on userspace bloatware (wpa_supplicant *and* hostapd) that in turn require horrible hooks to be implemented in the kernel.
OpenBSD is AFAICT the first OS that implements WPA the right way(tm).
What you are calling "WPA enterprise" is actually WPA + 802.1X.
802.1X is a completely separate protocol, described in a different standard, and was first designed for wired interfaces.
The fact that WPA *can* use 802.1X as its key management protocol does not make them one and the same. And that is all the problem with wpa_supplicant and hostapd. They mix completely different things, which is totally against the spirit of UNIX. wpa_supplicant-0.6.x even goes to the extent of reimplementing the full 802.11 MLME in userspace!
The didn't forbid the support for WPA. They just didn't care about it. Remember it's opensource, you need someone who likes doing the work. There are three big commerical OS: Windows, MacOS X and guess what? Linux! Yes Linux, without the support of the companies it would be far behind every BSD in quantity. Quality-wise it isn't comparable anyway.
The great thing about BSD is that you have the choice and you make the call about how secure your system is and what compromises you are willing to make. Install a few packages and you can even run Wine through a Linux compat library. I think exercising your right to choose, rather than being locked into the choices of a complex and poorly documented operating system, is the most secure (and sane) thing you can do for your computer.
Great work!
This is great news. More Intel cards are supported, too:
(above is from -current)
With the already great wireless support, WPA and WPA2 support makes OpenBSD an excellent platform for wireless applications. Thanks to the OpenBSD team for their fantastic work!
URL to Undeadly article
http://undeadly.org/cgi?action=article&sid=20080416195151
Without binary blobs
OpenBSD provides Wi-Fi support WITHOUT binary blobs!
So does Linux..
So does Linux..
ath5k
Appropos, ath5k is now in 2.6.25, but does not work as good as the other madwifi, binary hal, driver.
What I really like about openbsd is its simplicity. ifconfig vs. wpa_supplicant e.g.
Think
Yeah, they tend to think things through before adding to their source tree. Others just throw in poop to support the latest technology (with varying degrees of success).
That's a lame statement.
That's a lame statement. Linux users have been able to use WPA2 for years.
The lack of WPA2 support was
The lack of WPA2 support was more a philosophical than a technical issue. Theo in particular didn't see WPA as all that useful and all the great. Many OpenBSD users use VPN+IPsec or something similar. This brings them closer to the mainstream, for better or for worse
Philosophical objections to reality?
Philosophical? What a ridiculous argument. The issue here is usability. Many large scale wireless networks (corporate networks, Universities etc.) use WPA/WPA2 (typically with some sort of centralised authentication scheme, i.e. WPA(2) Enterprise). Objecting to providing the means to access these networks because 'there is a better way to run a secure wireless network' is arrogant and counterproductive - if I can't get on my company network using OpenBSD, I won't use OpenBSD - it's as simple as that. I *can* do this with Linux (often sans binary blobs, if I wish), even if it's a little bit complex to manage... so that's what I will use.
Question: does anyone seriously propose that running IPsec is more sensible than WPA(2)-PSK for a home network (ADSL + wireless AP)? Only someone who has never actually had to deploy IPsec would suggest such a thing. WPA2 is much more secure than WEP (if you use reasonably long keys) and a hell of a lot easier to configure. IPsec is a horrible, horrible mess, particularly when NAT is required (OpenVPN is great but... again, ease of configuration and use with commodity home routers?).
The complexity of Linux's configuration tools is acknowledged. However, this is an area which is actively being improved. The nature of WPA is such that trying to support WPA enterprise via ifconfig is essentially impossible (you need a daemon of some sort running to manage key updates), so the OpenBSD people will have to face this if they want to add WPA enterprise support...
That said, I love OpenBSD, and congratulate them for this important feature addition - OpenBSD has contributed a lot to the success of Free Software (OpenSSH and free Atheros support being two prominent examples).
I am not arguing either way.
I am not arguing either way. I think that much is pretty obvious. With a project like OpenBSD, calling a philosophical argument ridiculous is pretty ridiculous in itself. Obviously usability is not a high priority for OpenBSD, for better or for worse. You can rant and rave all you want, but basically most people in the OpenBSD project at some stage thought WPA to a poor solution, and hence it has taken some time for support to be added. Ease of use for home owners really isn't that much of a concern for security focused project, now is it?
Home owners
I'm not sure what you mean by "home owners", but I will assume you mean end-user. Personally I find OpenBSD easier to use than any GNU/Linux distribution I've ever tried. That's thanks to their good documentation, tools, and sane defaults.
The latest GNOME is also available, if you're into that sort of thing ;-) It's lacking some fancy features here that GNU/Linux has, but no nothing you can't live without.
So basically forget about
So basically forget about using it in embedded systems, robotics, control applications etc. where you need to interact with existing wireless network infrastructure. That would include wireless access points. But hey, I can certainly see how not being able to access the network will improve security.
Why in the name of god are
Why in the name of god are you trying to shoehorn a general-purpose multitasking OS into places where realtime OSes are needed?
Linux fits the bill
Linux is the OS used most for embedded systems, so apparently the realtime extensions to Linux are good enough...
But then again, if you use BSD, you clearly have no clue about how scalable a proper OS can be. :p *ducks*
>So basically forget about
>So basically forget about using it in embedded systems, robotics, control applications
You're talking of NetBSD, not OpenBSD.
>Philosophical? What a
>Philosophical? What a ridiculous argument. The issue here is usability.
No the issue isn't childish usability. Every sane university (at least in Europe) does support VPN. Usability first is an option just for the Windows copycat Linux.
Sort of ...
Yeah, after fscking around with ifconfig, iwconfig, iwpriv, wpa_supplicant, ndiswrapper, madwifi and what not on the few cards that are actually supported. Great stuff.
Yeah, all of those 2 seconds
Yeah, all of those 2 seconds it took for me to configure WPA2 Enterprise is surely wasted time, now on OpenBSD , I'd just... Wait... No Enterprise? Oh well...
OpenBSD is a big hole of nothing.
You can't break into a concrete block, but then again, you can't use a concrete block for much...
Awww...
What, no *BSD is dying trolls?
*eyeroll*
--
Program Intellivision and play Space Patrol!
How many WLAN stacks did
How many WLAN stacks did Linux had until now? 3?
How many shedulers..?
Don't you think some users "might" wished that some developers would have thought before they would have start using gcc and commit patches....
Of course changing the Stack "frequently" also just "supports us" to gain access to a network...
Seriously: What are you bitching about?
Linux is in no way better and if you dislike OpenBSD: Well stop posting and stop using OpenSSH.
OpenBSD has ~80 developers.. none is realy "hired" as OpenBSD developer. Linux has.. how many? And how many are hired? And still there serious issues in some parts of the Kernel.I just remmeber the Ath5k-Driver and others wich where adopted by Linux and others.
Each OS has pro/contra.
So stop bitching. :)
So it's great OpenBSD supports WPA(2) PSK in a sane way right now!
Well done OpenBSD-Devs!
"Linux is in no way better
"Linux is in no way better and if you dislike OpenBSD: Well stop posting and stop using OpenSSH."
I do not see why if people dislike OpenBSD they should stop using OpenSSH, such sentiment just creates ill feeling.
That said, if you like OpenSSH, you might like OpenBSD.
Yes Linux doesn't care much
Yes Linux doesn't care much about security :D WPA/WPA2 is just an insecure option for people not able to use VPN etc.
Of course with the help of
Of course with the help of OpenBSD.
So?
So?
So, it's newsworthy because
So, it's newsworthy because the OpenBSD fellows were able to set aside their bile filled tirades long enough to do something that had been supported in other kernels for years.
Other kernels do not support
Other kernels do not support WPA the way OpenBSD does.
They rely on userspace bloatware (wpa_supplicant *and* hostapd) that in turn require horrible hooks to be implemented in the kernel.
OpenBSD is AFAICT the first OS that implements WPA the right way(tm).
How about this WPA
How about this WPA enterprise support with username/pass/certificate? Can this be managed through ifconfig eventually too?
802.1X
What you are calling "WPA enterprise" is actually WPA + 802.1X.
802.1X is a completely separate protocol, described in a different standard, and was first designed for wired interfaces.
The fact that WPA *can* use 802.1X as its key management protocol does not make them one and the same. And that is all the problem with wpa_supplicant and hostapd. They mix completely different things, which is totally against the spirit of UNIX. wpa_supplicant-0.6.x even goes to the extent of reimplementing the full 802.11 MLME in userspace!
The didn't forbid the
The didn't forbid the support for WPA. They just didn't care about it. Remember it's opensource, you need someone who likes doing the work. There are three big commerical OS: Windows, MacOS X and guess what? Linux! Yes Linux, without the support of the companies it would be far behind every BSD in quantity. Quality-wise it isn't comparable anyway.
Dream on!
Dream on!
Use the source Luke, you
Use the source Luke, you would be surprised how much crappy code is in the Linux kernel.
"Quality-wise it isn't
"Quality-wise it isn't comparable anyway."
Yeah, all the BSD's missing features are coded the most secure way: not at all.
To be fair, if it's on Linux, it can run on BSD
The great thing about BSD is that you have the choice and you make the call about how secure your system is and what compromises you are willing to make. Install a few packages and you can even run Wine through a Linux compat library. I think exercising your right to choose, rather than being locked into the choices of a complex and poorly documented operating system, is the most secure (and sane) thing you can do for your computer.