CARP (Common Address Redundancy Protocol) [story] is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes.
The combination allows to replace single-point-of-failure firewalls with clusters of two (or more) nodes, which continue to filter ongoing and new connections when nodes fail. Additional features like arpbalance allow to share a single IP address for multiple servers, transparently balancing load among them, and adapting to servers failing.
Now I have been involved in open source development for a number of years , myself beeing a computer sicence student representative at a local college and an active OpenBSD user for over 3 years now. I can say that I have never met anyone who has flamed OpenBSD in any way.
There have been some suggestions for improvement, but never ever have I heard anything negative towards this system.
From my experience OpenBSD is:
I am using OpenBSD 3.4 and xmms-1.2.7
I also pkg_delete xmms-1.2.7 and installed xmms-1.2.10.
after ./configure;make;and make install, I saw no binary for xmms in /usr/local/bin?
the xmms load file windows opens,(xmms-1.2.7) but when I select the mp3 file I get no sound. The load file program does not load.
I installed the OSS software and compiled a new kernel correctly to run the soundon command.
Ryan McBride announced that he has committed code to PF, OpenBSD's stateful packet filter, adding support for tracking stateful connections based on the source IP address. Ryan explains that this allows a firewall administrator to "ensure that clients get a consistent IP mapping with load-balanced translation/routing rules, limit the number of simultaneous connections a client can make, [and] limit the number of clients which can connect through a rule".
Read on for Ryan's announcement which includes examples of how to configure this new functionality.
Ted Unangst announced the release of OpenBSD 3.4 a couple of days early referring to Halloween by saying, "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins." OpenBSD 3.4 is the 14'th release of OpenBSD on CD-Rom, and the 15'th release by FTP. Ted adds, " We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system".
Highlights of the 3.4 release include W^X improvments, randomized order in loading of libraries, loading of libraries into somewhat random memory locations, privilege seperation implemented in syslog, reimplementation of thousands of occurances of unsafe library calls, the kernel is compiled with ProPolice, improved hardware support, massive overhaul and sync with NetBSD of USB code, and an improved ports tree. Users of PF, OpenBSD's stateful packet filter, will be able to utilize the introduction of packet tagging, stateful TCP normalization (effectively preventing uptime calculation and NAT detection), passive OS detection, a SYN proxy to protect from SYN flood attacks and adaptive state timeouts to better handle attacks.
"I'll be talking about the various tweaks that can be made to the environment that processes live in... tweaks that make attacking the system more much much difficulty, while at the same time ensuring that everything else still operates properly. This includes the propolice, W^X, random allocations, atexit and stdio cleanup vector protection, and even the guard page ideas that are being worked on. I will try to explain the subtle concept of why sometimes one or other of these is not as comprehensive as one might like, because it affects some software, and must be tuned back... to cope with reality."
OpenBSD creator Theo de Raadt [interview] announced on the OpenBSD -misc mailing list that the song for the upcoming OpenBSD 3.4 release [forum] is already available for download. The new song is titled, "The Legend of Puffy Hood", based on a familiar and true story (go here and scroll down to April, 2003 if you missed all the excitement). The synopsis begins, "Join Puffy Hood and his Funny Fish as they take on the Sherriff (an unelected leader) and other evil forces of the draconian government!" The page notes that the song is allegorical of recent happenings, this time in response to DARPA suddenly pulling OpenBSD funds last April. The song's chorus goes:
"They called it "BSD"! And "Open" because it's always free So raise up your glass and three cheers to the Funny Fish for never running and making something good! And here's to Puffy Hood!"
OpenBSD creator Theo de Raadt [interview] announced, "Sometime in the last 24 hours I think we crossed a line in the project I've been waiting for ... a while. 100,000 commits to the OpenBSD cvs trees."
Theo went on to note, "Markus Friedl has also noted that OpenSSH's birthday is near: Sep 26 OpenSSH born, Sunday 11:56 MST, 1999".
Damien Miller announced the release of OpenSSH 3.7.1p2, noting security changes:
"Portable OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM authentication code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenSSH 3.7.1p2 fixes these bugs. Please note that these bugs do not exist in OpenBSD's releases of OpenSSH."