Forgot your password?
typodupeerror
Announcements Operating Systems Software Upgrades BSD

OpenBSD 3.7 Released 325

Posted by CowboyNeal
from the come-and-get-it dept.
pgilman writes "It's official: OpenBSD 3.7 has been released. There are oodles of new features, including tons of new and improved wireless drivers (covered here previously), new ports for the Sharp Zaurus and SGI, improvements to OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, a new OSPF daemon, new functionality for the already-excellent ports & packages system, and lots more. As always, please support the project if you can by buying CDs and t-shirts, or grab the goodness from your local mirror."
This discussion has been archived. No new comments can be posted.

OpenBSD 3.7 Released

Comments Filter:
  • How's the install? (Score:5, Interesting)

    by m50d (797211) on Thursday May 19, 2005 @02:42PM (#12581136) Homepage Journal
    Manually creating a BSD disklabel is not to be taken lightly. If you're experienced you can do it, but it's very far from friendly. Anyone know if they've done anything to make it easier?
    • by Anonymous Coward on Thursday May 19, 2005 @02:47PM (#12581221)
      buy the CD. Dedicate 1 HDD to OpenBSD. Then follow the printed instructions. i avoided OpenBSD for a lond time because of FUD like this. Found out that it is probably one of the best *nix distros there is. Simple, well documented, and WORKS. Also the pors tree is clean and smooth. Almost as easy as apt-get.
      • by ignorant_coward (883188) on Thursday May 19, 2005 @03:00PM (#12581367)

        Yes, people who say OpenBSD is hard because of the non-GUI installer just end up making themselves look lame. OpenBSD really is not that hard to install, and I actually prefer it to Red Hat's do-as-we-want-you-to-do installer.
      • by m50d (797211) on Thursday May 19, 2005 @04:04PM (#12582058) Homepage Journal
        It's not FUD. There are plenty of cases where dedicating a HDD is not an option, requiring a separate disk is unacceptable. I installed slackware from zero non-windows experience, hadn't used any disk partitioners at all, ever. When I nuked that (that was my learning not to run as root stage, but that's another story) I had an openbsd cd around, so I tried to install it. Had a windows partition on the disk I couldn't get rid of, but enough free space if I could figure out how the hell to partition it. Never managed to.
        • Did you read the install docs? Can't speak to back then but now they cover that scanario in *detail*. All you have to do is read and think. Oh wait that'll never be mainstream.
          • It won't be. It won't even be popular non-mainstream. A program that requires reading the docs to use is a flawed program. If you're doing something really complex, sure, one should expect to read the documentation, but installing alongside an existing partition is not complex.
    • by Caligari (180276) on Thursday May 19, 2005 @03:01PM (#12581368) Homepage
      Its really not hard, especially after you read the excellent documentation [openbsd.org].

      The installer might not have shiny graphics, but its actually extremely simple. It fits on a single floppy and can be used remotely. Same goes for upgrading.

    • by Homology (639438) on Thursday May 19, 2005 @03:01PM (#12581373)
      Manually creating a BSD disklabel is not to be taken lightly. If you're experienced you can do it, but it's very far from friendly. Anyone know if they've done anything to make it easier?

      It is confusing when you come from i386 and have used Linux. It was, at least for me, quite confusing the usage of the word "partition".

      To simplify, on Linux on i386 for each file system there will be a partition (DOS type). On BSD you commonly create a primary DOS parition using fdisk, and then use disklabel to create different filesystems on that particular DOS partition. "Primary" beacuse BSD may only boot from a primary DOS partition (at most four of those).

      Now, when you enter fdisk you are asked to "parition" your harddisk(s). Then you enter disklabel and are asked to create new partitions. WTF? I just did that! Enter the term "slice" that is not quite the same across the BSD. Erh, you won't see the word "slice" in the man pages, though.

      Not sure if OpenBSD 3.7 still have this usage of partition, though.

      In any case, I'm a happy user of OpenBSD since 3.2/3.3.

      • "Primary" beacuse BSD may only boot from a primary DOS partition.

        Are you sure about that?

        I mean that BSD will only boot from a Primary partition.

        As I understand it, That is an i386 problem, not limited to BSD.

        If I am wrong please feel free to enlighten (but not ignite) me.

        • by TheRealMindChild (743925) on Thursday May 19, 2005 @03:23PM (#12581572) Homepage Journal
          The boot sector must be loaded from a primary partition, this is true. The bios first looks at the MBR, then the boot sector of Primary Partition 0 on disk 0, and so on...

          Now, booting an OS that resides on a non-primary partition requires what is called a two-stage boot loader, and it does exactally what you think it would. Both NTLDR and lilo (among most others) work this way. The boot sector contains JUST ENOUGH code to find the second stage boot loader (reading a file, looking on the root of all partition, whatever), load it, and set the execution point.

          Hope this helps
        • Yes, on i386 OpenBSD may _only_ boot from a primary parition, and that is what I wrote. On other architectures there are different rules.
          • by arete (170676) <`areteslashdot2' `at' `xig.net'> on Thursday May 19, 2005 @03:48PM (#12581868) Homepage
            You're right that these are i386 limitations (although not all BIOS's are actually limited like this) But you're overstating how big of a limitation it is.

            I think the way you said that is misleading, because it sounds like you're saying "OpenBSD must be installed in a primary DOS partition to be bootable"

            That is definitely not true. OpenBSD does not necessarily have to touch a primary partition to be bootable.

            The limitation is really "SOMETHING has to pick what boots" usually (but not always) the i386 BIOS is pretty dumb about this, so something somewhere has to be on a primary partition.

            One of the primary partitions on the first drive must be marked active, and that partition must contain a bootable OS OR boot loader that can find your OS - but that's trivial these days. - THE BOOT LOADER DOESN'T HAVE TO MATCH YOUR OS -

            So you could have OpenBSD in a logical partition and have a linux boot loader in a primary partition that lets you select on boot which partition - primary or logical, on any drive - gets booted. You could also have this selection be automatic. You could have it boot OpenBSD if it's Thursday, if you wanted. Except for that last part, this is all very, very common freeware.

            http://pclt.cis.yale.edu/pclt/BOOT/PARTITIO.HTM [yale.edu]

      • Just ignore fdisk and use disklabel.

        Here's the process we use for pxeboot/custom cd installs:

        echo "Wiping drive.."
        echo y | fdisk -i wd0 > /dev/null

        echo "Running disklabel.."
        disklabel -E wd0 /dev/null
        d
        *
        a
        a

        400M

        a
        b

        400M
        swap
        a
        d

        2G

        a
        e

        w
        q
        EOF

        echo -n "Creating filesystems.. a "
        newfs wd0a >/dev/null
        echo -n "d "
        newfs wd0d >/dev/null
        echo -n "e "
        newfs wd0e >/dev/null
        echo "done."

        This creates 3 partitions and a swap partition, then puts the fs on them. You can mount them whereever you like.
    • by DrSkwid (118965)
      aw come off it

      partitioning HD's is Computer Building 101

      spend an evening to understand it and it will put in good stead for the rest of your life
      • by Homology (639438)
        aw come off it partitioning HD's is Computer Building 101 spend an evening to understand it and it will put in good stead for the rest of your life

        Perhaps you should widen your experience beyond i386 and Linux. It's confusing because the same word partition (on i386) is used to refer to both DOS partion (fidsk) and filesystem (disklabel).

        • yes perhaps I should

          no, wait a minute, I run BSD on Sparc & plan9 on x86

          I only run Linux by force !
          • Good for you! Why are you still confused? You must have put quite some effort to have plan9 up and running.
            • I'm not confused, the original poster was

              plan9 is easy to install, it even boots from the CD into graphical desktop mode
              I had it up and running the first day I tried it, when Ver 3 was announced here on /.

              I have the auth server running on a stock VIA EPIA 5000 fanless board, my fileserver is a stock IBM Netfinity 5000 and my terminal is an Athlon with an nvidia gforce

              I have put in quite a bit of effort in the meantime though, it is a bit to learn but being consistent, everything is a file, makes learning
    • Don't worry, it is just another added security layer for your safety. Now, you have to agree, it works well!

      The installation lures you into thinking all is going well until it hits you with OpenBSD's most reliable security method: the Dumb Sysadmin Prevention System [linux.org] . In short, OpenBSD's install is so hard that you need to be genius to complete it, thus eliminating the cause of the majority of security issues -- dumb sysadmins.

      • You don't need to be a genius to install OpenBSD. Assuming that you can read English, the installation instructions are more enough.

        Actually, the (almost) main reason why I use OpenBSD is because it's easy to install, configure and maintain in a secure way. Yeah, I know, I'm lazy ;-)

        • by alexhmit01 (104757) on Thursday May 19, 2005 @07:35PM (#12584275)
          The first time I installed it, it took a few attempts. Had to figure out the networking, etc. (I had problems with Redhat 6.2 as well, the installer was great, but no tools that I could find to edit them until I learned my way around the text files).

          However, after 3 attempts when we got the hang of it, I looked at my partner (it was our first webserver for our little company) and we were like COOL. Once you get the handle of the installer and ports, its a DREAM, much EASIER than the Redhat what do I want and where is it problem.

          That said, RHEL 4 is pretty slick, but nowhere near as impressively simple as OpenBSD + Ports. The installed OpenBSD system is SO FUCKING clean its not funny, and then you add the few ports, nice and customized, that you want.

          One day I build 4 OpenBSD machines. Build the (customized) packages on one and distributed, and it was REALLY, REALLY, REALLY nice).

          It's a great system, but you gotta really be a Unix-lover. If you want the click-click install, the Linux distros are great, but with OpenBSD I understand what is going on with my system.

          That said, you can just TRY to get my OS X Powerbook away from me... :)

          Alex
    • Heres a mistake I made from a recent 3.7 snapshot....

      In the fdisk program, if you press a key to reset the partition table, it resets it AND writes it. Most other partition changes require 'W' to write before exiting, so you can back off your errors... but the reset partition table resets and writes permanently... at least on amd64.

      I tried it to check if it was completely zeroing out the table, or fixing the MBR, like fdisk /mbr in DOS... and I had to shift-pgup and write down the partition table display,
    • I did it a few weeks ago for the first time. Had to read and think about the docs but there is nothing really hard about it. Of course I more and more think that the ability to read and think is a almost lost art so you must might have a point.
    • Pah! Real men don't click!
  • Yay! (Score:2, Funny)

    by Anonymous Coward
    I can't wait to install this on all my servers with Adaptec RAID cards! Oh yeah... Damn dirty Adaptec! How's Theo's battle with them going, by the way?
  • Growl (Score:5, Funny)

    by iamdrscience (541136) <michaelmtripp@nOSPAM.gmail.com> on Thursday May 19, 2005 @02:45PM (#12581186) Homepage
    OpenBSD, OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, OSPF
    Do BSD-folk have some strange aversion to pronouncable acronyms? Only 1 out of 7!
    • Re:Growl (Score:4, Funny)

      by fr2asbury (462941) on Thursday May 19, 2005 @02:55PM (#12581311)
      Sure they're pronouncable:
      Open-bee-ess-dee
      Open-ess-ess-aitc h
      Open-bee-jee-pee-dee
      Open-enn-tee-pee-dee
      Car p
      pee-eff
      oh-ess-pee-eff

      No problem. ;-)
    • Re:Growl (Score:2, Insightful)

      Pronounceable acronyms are rediculous (almost as much so as the multitude of worthles acronyms).

      I want to MURDER people who say "Sequel" instead of S-Q-L, "Say-Taa" instead of S-A-T-A, and especially "ERRRRRK" instead of I-R-C.

      If the acronym was intended to be pronounced, the author would have done something like the SAMBA project, where SMB was the acronym, but they filled in the blanks to actually MAKE it a word.
      • Tell me about it... I have a client that tries to pronounce _every_ acronym. It makes me crazy. I can't tell you how many times I've heard "da-nis" instead of D-N-S, or "fipt" instead of F-T-P.
      • Re:Growl (Score:2, Funny)

        by Waffle Iron (339739)
        Pronounceable acronyms are rediculous

        Actually, acronyms [wikipedia.org] are supposed to be pronounceable:

        Initialism originally referred to abbreviations formed from initials, without reference to pronunciation, but during the middle portion of the twentieth century, when acronyms and initialisms saw more use than ever before, the word acronym was coined for abbreviations which are pronounced as a word, like "NATO" or "AIDS". The term initialism is now typically taken to refer to abbreviations which are pronounced by s

      • Re:Growl (Score:3, Informative)

        by SolusSD (680489)
        well as far as SQL goes, the original project name WAS sequel. it is a predecessor to SQL. Also, I advise you to stay away from gnu/linux if you hate pronouncing acronyms. Heck The unix community actually finds names for programs that contain the letters of the acronym to give them more pronouncable names. eg SAMBA for the unix SMB implementation.
      • I'm sitting in a training class this very minute where the instructor keeps saying "Earl" instead of U-R-L. It's like fingernails on a chalkboard every time I hear it.
      • Say-Tay? Eugh.

        I call it Sahtah (ah as in the a sound in 'cat'). And Squil instead of Sequel.

      • Back when SAMBA was in 2.0 or thereabouts I looked at the samba.org site for the first time and found a bit on how the name "samba" came to be. The original intention was to simply call it SMB but there was concern about using a registered name so the name SAMBA was arrived upon by grepping a dictionary file based on the letters SMB in that order.

        It was certainly not the result of an attempt to come up with some cute name for the software.
      • Re:Growl (Score:5, Informative)

        by DavidBurns (518946) on Thursday May 19, 2005 @05:52PM (#12583347)
        Expanding on a previous comment: A 1970's IBM project, System/R, developed "Structured English Query Language" shortened to "SEQUEL", and later changed to SQL. The CORRECT pronunciation of "SQL" is still "sequel". Saying "ess kew ell" is the sign of a newbie. Not that there's anything wrong with newbies, until they get fresh about things they don't know about. See e.g. http://www.faqs.org/docs/ppbook/c1164.htm [faqs.org]
        • by Anonymous Coward on Thursday May 19, 2005 @11:41PM (#12585764)

          I don't know if you are really aware of it, but note that the link you gave mentions the story behind the acronym SQL, which certainly used to be SEQUEL before and had to be changed for legal reasons, but doesn't mention the pronunciation of SQL at all. Actually it _is_ "Es Queue El": http://en.wikipedia.org/wiki/SQL [wikipedia.org].

          If you read the documentation of popular relational databases, it's quite possible that you find a paragraph regarding the pronunciation, and in that case you'll find they follow the ANSI convention. [1 [mysql.com]] [2 [wikipedia.org]]

          I know when I started using RDBMs years ago I read about it, and ever since whenever I see someone pronouncing SQL as "sequel" the first thing that comes to my mind is "newbie". I suspect from now on one more thing will come to mind: a prick who wants to sound clever when he's actually an ignorant.

  • Try the Torrent! (Score:5, Informative)

    by cjsnell (5825) on Thursday May 19, 2005 @02:46PM (#12581200) Journal
    Check out the Unofficial OpenBSD Bittorrent Page [somedomain.net]. If the torrent isn't here [somedomain.net], it will be, soon!
    • Selling CDs is one of the ways that the OpenBSD project is able to make money, and as far as I know, they don't provide checksums for the general public to verify the integrity of downloaded .iso's.

      So by all means feel free to download some J. Random bitTorrent ISO of OpenBSD, but keep in mind that you have no way of knowing if it's been trojaned, root-kitted, or otherwise compromised If you really need a free install, just use the freakin network floppy. It's super easy, and you download directly from

  • I hope (Score:4, Interesting)

    by Knights who say 'INT (708612) on Thursday May 19, 2005 @02:59PM (#12581351) Journal
    .. the song is good.

    "Systemagic" and "E-railed" are still my favorite ones. They went sillier after that. "The Ballad of Puffy Hood" is okay-ish, anyway.

    "Systemagic" is really a nice song to chant, drunk, with nerd friends."Cracking the bedroom, HEY, cracking the vault, cracking the bedroom HEY SECURE BY DEFAULT. CAAAAAAAAAAAAAN'T FIIIIIIIGHT THE SYSTEMAGIC. ÜBER TRAGIC. CAAAAN'T FIGHT THE SYSTEMAGIC! SYSTEMAGIC!.
  • by DrSkwid (118965) on Thursday May 19, 2005 @03:00PM (#12581357) Homepage Journal
    3.6 is stuck on 0.8

    does my head in

    I know a page where one can get a patchset against 1.01 and compile but I like my systems and vanilla as possible, ports & packages only, then I can reliably install a new box via script

  • by Anonymous Coward on Thursday May 19, 2005 @03:00PM (#12581361)
    Soon it will reach the crucial watershed version 3.11
  • Intel Wireless (Score:2, Interesting)

    by Anonymous Coward
    One of the new features is Intel Wireless support. I think that's very significant.

    I must say that OpenBSD is a joy to work with. It is much cleaner and more consistently designed than everything else out there, including Linux. I have an old OBSD box that acts as a router and wireless access point, hasn't been updated in years, and I know I'll be giving it 3.7 to keep it up to date.

    Now that it has Intel Wireless support, I might just switch to OBSD from Debian on my laptop.
  • Hmm (Score:5, Interesting)

    by rsax (603351) on Thursday May 19, 2005 @03:08PM (#12581436)
    I wonder what's the reason for not signing the checksums.

    ftp://mirror.sg.depaul.edu/pub/OpenBSD/3.7/i386/ [depaul.edu]

  • SMP (Score:2, Interesting)

    I haven't followed openBSD in quite some time and the answer wasn't apparent from the "features" link...but... Did Theo get around to supporting SMP yet? Given the avalanche of "cheap" multicore processors coming down the pike, SMP support sure would be nice.
    • Re:SMP (Score:3, Funny)

      by Anonymous Coward
      OpenBSD has supported SMP since 3.6 (i386 and amd64 platforms.) Here's the page [openbsd.org] confirming this.

      SMP in OpenBSD is slightly different to normal implementations for security reasons. Generally when one processor is in use, the other suspends itself to avoid race conditions. That way you get the full advantages of SMP, not wearing out a single CPU for instance, without the possibility of race conditions causing some kind of security hole.

    • Re:SMP (Score:3, Informative)

      smp on i386 and amd64 is in-tree. smp for macppc is on a developers box, but hasn't made its way to the real tree. I do not know the status of any other architecture.
  • by Yannic (609749) on Thursday May 19, 2005 @03:23PM (#12581570)
    Here's the plan:
    1. Set up High Availability router with pfsync. (using computers rescued from the trash)
    2. Set up a HA Network RAID system using DRBD [drbd.org] or something similar. (using more computers rescued from the trash)
    3. Build a Kerrighed [kerrighed.org] or OpenSSI [openssi.org] Single System Image cluster. (using the latest and greatest computers one can rescue from the trash)
    4. ???
    5. Profit! (and thus, have enough money to actually buy equipment)

    I've already set aside Tuesday evening to upgrade my bandwidth throttling [benzedrine.cx] OpenBSD router. I set it up the day before 3.6 came out, so I didn't feel like upgrading until now. I'm tired of the typical hardware failures you tend to get out of computers people throw out (maybe that's why they threw them out in the first place) but mostly I'm looking forward to getting a learning experience hundreds of times more valuable (personally) than getting my MCSE 2003.

    \/\/\/
    • Great post and good links, thanks.

      I'm also learning how to build a clustered server one step at a time.

      You might want to look at my post [slashdot.org] about Erlang. It's a functional programming language with all the advantages that come with it. In your case you might be interested in the features:
      - It has an automatically clustered database and webserver.
      - No buffer overflows
      - It can automatically use symmetrical multiprocessing.

      Questions for you:
      - With the clustering sofware links you posted, do you still need ECC
  • I am trying to create a table of open source software with the respective support deadlines and it has proven difficult.

    We are a small shop and in no position to do our own security updates for something like OpenBSD once it ceases to be supported. We are also fairly unfamiliar with the code. Nonetheless, I would like to try the OpenBSD waters, but before I do so, I would like to have some reliable info on how long security updates for each release are offered.

    BTW: I know that OpenBSD has a very decent se
  • by YetAnotherName (168064) on Thursday May 19, 2005 @04:16PM (#12582218) Homepage
    please support the project if you can by buying CDs and t-shirts, ...

    I would love to, except Puffy the logo fish is horribly disfigured [openbsd.org].

    Linux shirts are out, too: Tux is overweight. No, I can't buy a FreeBSD T-shirt either: I live in Texas [rmitz.org].
  • I have here a shiny CD of 3.7, complete with Wizard of OS poster with oh-so-hilarious caricature of RMS with a pair of gnu horns... somehow the expression on his face just makes me laugh, it's a moment of cartoon zen's what it is. (And lest the wrong idea be given, tho' I bought an OpenBSD CD, I support the FSF financially too. A little bit). I ordered my CD on monday from the wonderful Holborn Books [holbornbooks.co.uk] whose meatspace shop is a perilous void of stuff you want to empty your wallet for. And the CD arrived yeste
    • OpenBSD runs great on Sparc. I have probably the only 64-bit ADSL router for miles - my home firewall/fileserver is a Sun Ultra 5, running OpenBSD 3.6, with a USB-attached ADSL modem that came free with the connection.
  • by Dammital (220641) on Thursday May 19, 2005 @04:43PM (#12582541)
    My home firewall is an (aging) OBSD 3.3 box that I really ought to upgrade one of these days... but it just runs and runs and runs. The pf stateful packet filter is compact and fast.

    But OBSD is more problematic on my web/mail server. The ports collection is nowhere near as comprehensive as FreeBSD's (or Debian & Gentoo for that matter) and so you'll likely scrounge for upstream versions of more obscure packages.

    Worse, OBSD's Apache is stuck at version 1 (Theo has issues with the Apache 2 license) and more and more software wants Apache 2. I guess you can fix that, but it's back upstream you go me bucko. Oh, and OBSD's default Apache installation is chrooted, which you'll probably defeat after your first CGI integration experience.

    I like OBSD a lot, and I don't mean to suggest that it's only good for embedding in a router. But if your application requirements are remotely bleeding edge (and you want to save yourself some work at the risk of some unquantifiable security exposure) then you might want to look elsewhere.

    • Ummm? What problems do you have with CGI integration? Just simply do _all_ cgi stuff in the chroot enviroment? Well it isn't apache anymore, it's more like "OpenBSD über-secure-patch-set apache". Do you need anything apache 2 specific?

      All the "widely" used mailingprograms are available for OpenBSD, what's your problem with them?
      Sure there is some stuff missing in ports/packages but they're getting fewer by the day. If you miss something go a head an make a port of it.

    • If you need Apache 2, grab it, it's in ports.

      Ports are often behind the most recent releases of things, which is kinda bothersome, but if you want to fix that then get involved and start talking on the ports mailing list. Take over the unmanaged ones and add your own.

      That's the best part about a system like this, if you want to, you can change things.

  • by MrSmithers (248615) on Friday May 20, 2005 @12:22AM (#12585948)
    See? I told you. I told all of you. I told you FOUR YEARS AGO [slashdot.org] but nobody believed me.

    Now take a look at the OpenBSD web page [openbsd.org]. Just try and tell me the fish didn't finally come out of the closet with this release. The raised eyebrow, the pouty lips, the rainbow background. I told you.

    Sigh, I hate people.

To understand a program you must become both the machine and the program.

Working...