
OpenBSD 5.0 Released - l0stman
http://www.openbsd.org/50.html
======
copper
My favourite bit from the (as always, impressive) changelog:

    
    
        For additional security, security(8) was rewritten in Perl.

~~~
ez77
That reason seems pretty shallow coming from the OBSD team... How can changing
the language make it more secure by itself? Is a rewrite in C the next planned
enhancement?

~~~
ez77
At the risk of dumping yet more karma, let me rephrase more constructively.
OpenBSD has focused on security from the beginning. Precisely for that reason,
and considering all the audits they run, it feels like, if OpenBSD has used
(up to 4.9) shell scripts for security(8), there mustn't be any compelling
reason against using the shell. Surely they must not have them.

I realize this was a changelog and not an article, and probably due reasons
were found and discussed by the team. I still feel, nonetheless, that "For
additional security, security(8) was rewritten in Perl" is either too short
(provide a brief reason such tedunangst's) or too long (omit half-baked
reasons and simply provide the fact that "security(8) was rewritten in Perl").

~~~
priteau
From the CVS log 7 months ago:

Work in progress to replace /etc/security, not yet linked to the build.

Main design goals: 1\. Safely handle untrusted file names and file content.
2\. Output compatibility with current security(8) to please people parsing the
output with scripts (except when improving functionality right away saves
considerable implementation effort). Substantial functional enhancements are
for later.

Prodding to do this in Perl by deraadt@. Using some feedback from espie@.

[http://www.openbsd.org/cgi-
bin/cvsweb/src/libexec/security/s...](http://www.openbsd.org/cgi-
bin/cvsweb/src/libexec/security/security)

------
ImCEOBitch
I used to love OpenBSD but I've had to abandon it:

\- no sendfile implementation to accelerate web servers

\- ancient userland pthread implementation

\- worst SMP implementation of any mainstream OS

\- no unified buffer cache

\- no working TRIM support

\- no 802.11n support

\- video card drivers aging, ~3 years behind mainstream

\- no adobe flash support / hackarounds

The only thing I really miss is PF.

~~~
dmm
> \- ancient userland pthread implementation

There is support for kernel threads in the form of a flag on rfork(2). The
golang port uses this. The pthreads library is still the shitty userland one
though.

OpenBSD is great because the man pages aren't absolute shit like Linux and
networking is so much better. Linux wifi drivers are absolute crap in
comparison.

Configure WPA on OpenBSD: ifconfig <interface> nwid <ssid> wpa wpakey <wpakey>
up; dhclient <interface>

The equivalent on linux is left as an exercise...

It's still a pretty usable desktop though. The new ACPI support is amazing and
a completely new implementation, rather than being built on the reference
implementation everyone else used.

> no 802.11n support

That's going to require some work on the 80211 layer.

~~~
adestefan
> Configure WPA on OpenBSD: ifconfig <interface> nwid <ssid> wpa wpakey
> <wpakey> up; dhclient <interface> The equivalent on linux is left as an
> exercise...
    
    
      wpa_passphrase <ssid> <wpakey> > /etc/wpa_supplicant.conf
      wpa_supplicant -i<interface> -c/etc/wpa_supplicant.conf -B
      dhclient <inteface>
    

Everything is easy when you know how to do it.

~~~
dmm
On OpenBSD, all of your interface configuration is done with ifconfig and it's
all documented with 'man ifconfig'.

On a linux system 'man ifconfig' doesn't even mention iwconfig or
wpa_supplicant.

I think that makes it a little easier to learn how to do it.

~~~
levabalkin
I guess in Linux ifconfig is deprecated in favor of iproute2.

~~~
sigzero
Really? No Linux SA that I know...and I know a lot...is using iproute2 over
ifconfig.

~~~
CrLf
The "ip" command has been the preferred way to configure network interfaces in
Linux for a few years now. Most functionality isn't available through
"ifconfig" at all.

------
16s
CD sales support OpenSSH and PF development as well. PF is part of Mac OS X
since 10.7.

~~~
there
too bad apple doesn't support OpenSSH and PF development.

<http://www.callfortesting.org/macpf/>

------
rmgraham
My favourite part is that NULL is now (void *)

------
sgt
Song is amusing. <http://www.openbsd.org/songs/song50.mp3>

~~~
dfc
I didn't like the song as much as some of the original(older) songs

------
gatlin
Mad props for the Alfred E Neumann pic.

