DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Closed Thread
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th September 2012
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default OpenBSD changes

Recently it was announced that OpenBSD 5.2 will be released in November (6 months as usual which is good), however, I wish they would remove the "only 2 remote holes in a heck of a long time" from their website. Very few people are going to run a server, unless it is a firewall, etc., as a base install. If running a web server, app server, etc., it requires additional software.

Beside that, what new piece of technology has been added to OpenBSD lately that keeps it relevant in an ever-changing IT landscape? OpenSMTPD was included in 4.6, and pf is old even though it had a rewrite in 4.7 or 4.8.

Looking at FreeBSD they have Jails, Jailsv2, DTrace, zfs, HAST, OFED, Capsicum and much more, functionality that OpenBSD just dismisses as "it creates a security hole." Given the amount of functionality in FreeBSD, the number of exploits tabulated by US-CERT is insignificant compared to OpenBSD.

Some commonly known appliances using FreeBSD:
Code:
    - pfSense, m0n0wall, and FreeNAS open source projects
    - Juniper JunOS
    - Nokia CheckPoint IPSO
    - NetApp ONTAP
    - Citrix NetScaler
    - Ironport AsyncOS
    - KACE Kbox
    - NETASQ
    - Isilon
    - Sandvine SVOS
    - PlayStation®3
    - Netflix Open Connect
    - TaxiMagic
    - EdgeWave iPrism
    - Panasonic VIERA G20 , G25 and VT plasma TVs
    - Blue Coat ProxySG
    - Coyote Point Equalizer GX
    - iXsystems TrueNAS
Can anyone give a list of appliances used by OpenBSD?

For the record, my firewall, web server and mail server run OpenBSD but am considering a move to FreeBSD because of their active technological development that seems trivial in OpenBSD.

OpenBSD has a long list of changes between 5.0 and 5.1 but a lot are bug fixes and minor changes. What I would like is something along the lines of BHyVe, Virtio, LLVM, etc.
  #2   (View Single Post)  
Old 9th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

While it won't satisfy you, here are the major changes with 5.2:

http://www.OpenBSD.org/52.html
  #3   (View Single Post)  
Old 10th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

HTML Code:
             .   |L  /|   .
         _ . |\ _| \--+._/| .
         ||\| Y J  )   / |/| ./
         |)'( |        `  `.'/
     -<|           __     .-<
       | /       .-'. `.  /-. L___
       J \      <    \  | | O\|.-'
     _J \  .-    \/ O | | \  |/
    '-   -<_.     \   .-'  `-' L__
   __J  _   _.     >-'  )._.   |-'
   `-|.'   /_.           \_|  /
     /.-   .                _.<
    /'    /.'             .'  `\
     /L  /'   |/      _.-'-\
    /'J       ___.---'\|
      |\  .--'
      |/`. `-.
         / .-.\
         \ (  `\
          `\

        __ _ _ __   __| | |  _ \ _   _ / _|/ _|_   _
       / _` | '_ \ / _` | | |_) | | | | |_| |_| | | |
 _ _  | (_| | | | | (_| | |  __/| |_| |  _|  _| |_| |
(_|_)  \__,_|_| |_|\__,_| |_|    \__,_|_| |_|  \__, |
                                               |___/
 ____            _          _
|  _ \ ___   ___| | _____  | |
| |_) / _ \ / __| |/ / __| | |
|  _ < (_) | (__|   <\__ \ |_|
|_| \_\___/ \___|_|\_\___/ (_)
  #4   (View Single Post)  
Old 10th September 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by daemonfowl View Post
[ASCII art omitted]
daemonfowl, the question you should be answering to yourself is how your response adds to the discourse which has already taken place, & whether your response progresses the discussion forward.
  #5   (View Single Post)  
Old 10th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Quote:
Given the amount of functionality in FreeBSD, the number of exploits tabulated by US-CERT is insignificant compared to OpenBSD
Given the fact that the OpenBSD Team is far smaller compared to the FreeBSD Team .. the current OpenBSD work has been a TREMENDOUS SUCCESS ! .. :-)

Quote:
the question you should be answering to yourself is .........
ocicat .. an anti-impressionist .. ok , ok .. a sensible perfectionist :-)
Respect to all BSDs ..
I find OpenBSD the king of BSDs .. biased ? maybe .. as much as others :-) .
  #6   (View Single Post)  
Old 10th September 2012
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

Quote:
Originally Posted by gpatrick View Post
Can anyone give a list of appliances used by OpenBSD?
Here is a direct answer to your question.

As others have pointed out, the OpenBSD team is relatively small compared to FreeBSD, and their focus is on security, standards, providing a development platform, cryptography, truly free licensing, etc., etc.. So, the members of the project have made a deliberate choice not to focus on including the latest and greatest technology, especially at the expense of their goals.

You may be better served switching to FreeBSD for those purposes, as it is likely you will not find satisfaction in OpenBSD - the folks involved in the project simply do not care as strongly as you.
__________________
That's nothing a couple o' pints wouldn't fix.
  #7   (View Single Post)  
Old 10th September 2012
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default

I didn't say I don't have satisfaction with OpenBSD. Obviously you missed that I run my proxy server, web server, mail server, and firewall on OpenBSD. My frustration is that I would like to continue using OpenBSD, but with a (1) proxy server, (2) web server, (3) mail server, (4) firewall, (5) everyday FreeBSD laptop, (6) Windows laptop, (7) another old testing laptop, (8) new netbook, there is a clutter problem I'd like to resolve. With Solaris(OpenIndiana, Solaris, OmniOS) Zones or FreeBSD Jails I can consolidate a proxy, web, mail server. I could consolidate all three on one server now, but what would that gain? FreeBSD Jails v2 have problems and I would not use them in production, plus the fact one has to add VIMAGE to the kernel.

I really like OpenSMTPD but it won't build on Solaris. Each time I get past one problem it encounters another. So I could keep my mail server on OpenBSD and then put the others on Solaris, but then server sprawl continues.

There are many things I like with OpenBSD, otherwise it wouldn't be my sole Internet prescence solution, but server sprawl is what I am fighting against.
  #8   (View Single Post)  
Old 10th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Now the issue is server consolidation? Your first post was about "new technologies" and a count of embedded solutions.

Whatever.

If you need to consolidate your service applications onto a single server, you can still do so. Virtualization technologies -- "jails", "zones", "guests" -- should not be a strict requirement.

If you're looking for consensus to move to another OS -- sure, go ahead, have fun. But so far, you haven't articulated a need to do so -- just a yearning.
  #9   (View Single Post)  
Old 10th September 2012
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default

Quote:
Now the issue is server consolidation? Your first post was about "new technologies" and a count of embedded solutions.

Whatever.
And server consolidation isn't helped by new technologies like Zones?

Quote:
If you're looking for consensus to move to another OS -- sure, go ahead, have fun.
Your attitude is exactly why others think the FreeBSD community is more friendly and inviting. In fact, daemonfowl would not recevie the comments in their forum from their members in the way that you come down on him. He thanks you when you're rude, which is the exact opposite what I'd say.
Old 10th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by gpatrick View Post
Your attitude is exactly why others think the FreeBSD community is more friendly and inviting.
I did not mean it to be taken as unfriendly; for that I apologize. I meant it to mean that a) I can't convince you of anything, b) so I'm not going to try, and c) you are welcome to use other systems as you see fit.

As for your question on Zones:
  • It is my opinion that virtualization may be of consolidation value when hardware resources -- processors, memory, I/O channels, I/O devices -- can be dedicated to guests.
  • It is my opinion that virtualization may be of consolidation value when different operating systems are deployed as guests.
  • It is my opinion that virtualization is of limited consolidation value when the guests OSes are the same and hardware resources are shared.
  • Virtualization gives the appearance of system isolation. Virtual machines (Zones, LPARs, Domains, Jails, Guests...) do not run in complete isolation. Virtualization introduces an additional layer of software (or hardware or firmware or a combination of all three) and there are always risks of activity of one virtual machine affecting the host environment or affecting other virtual machines. And there is a risk from bugs, of course.
That's just my opinion, for whatever it may be worth. It's informed only from being involved with virtualization technologies since the 1970s: as a user and administrator of them, as a solutions architect for them, and as a vendor of them.

Can you implement a production virtualization scheme? Sure. Can you do so with OpenBSD? As a guest, yes, with a limited set of hypervisors. (Virtualized hosting is limited to chroot or emulators.)

Is virtualization with OpenBSD of value? Of course, but not, I believe, for consolidation, unless it is to consolidate with non OpenBSD OSes.

Have I personally deployed virtualization for consolidation? Yes. Did I dedicate hardware? Yes, for production platforms. Have I ever used shared hardware in production? Yes. I've implemented shared CPUs with dedicated RAM and I/O, where min and max CPU usage could be allocated. I've had mixed performance results with shared CPUs. I've also deployed shared hardware solutions with virtual machines in non-production, such as for laboratories, QA networks, and development environments.
Quote:
In fact, daemonfowl would not recevie the comments in their forum from their members in the way that you come down on him.
I have tried to be polite -- but I am not always successful. I've tried very hard not to be rude, though I am human and I get frustrated and sometimes angry when there is miscommunication or when communication fails entirely. I've apologized to him. And I'll apologize again when it happens again.

Last edited by jggimi; 10th September 2012 at 05:54 PM. Reason: typos, clarity
Old 11th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Quote:
He thanks you when you're rude, which is the exact opposite what I'd say.
Hi gpatrick ! first of all : OpenBSD rocks ! FreeBSD rocks ! NetBSD rocks ! DragonflyBSD rocks ! believe me , I've never been upset about 'rude' -if it appears to some as such- posts .. I feel upset when I fail to achieve my goal (learning something .. solving .. tweaking .. implementing ..) .. jggimi , my teacher has always been generously of great help & guidance .. sometimes a teacher uses 'verbal rudeness' not because they are out of euphemisms but to help arouse something within the adressee as to urge them to advance or try more .. that's how I see it at least .. I'm slow-witted when it comes to digits but thanks to him , to ocicat , to IdOp and many other great folk here I'm getting better .. still at a snail-pace lol ..
(Teacher jggimi , you don't need to apologize for anything .. in fact I must express sincerest apologies to you for the time you've spend and effort you've made schooling me and others.)
Finally , Daemonforums rocks !! :-) because the BSDs rock , and so their respective folk ..

Last edited by J65nko; 11th September 2012 at 07:28 AM. Reason: fixed the quote ;)
Old 11th September 2012
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

gpatrick,

I didn't miss your mention of your current uses. I was addressing your desire for "something along the lines of BHyVe, Virtio, LLVM, etc." I didn't mean to be dismissive, and I apologize if my response came across that way. What I was trying to say was that OpenBSD may not be the best choice for new technologies, at least from a support point of view. If you were inclined toward development, then that's a different story.
__________________
That's nothing a couple o' pints wouldn't fix.
Old 12th September 2012
PrinceCruise PrinceCruise is offline
Real Name: Prince
PrinceCruise
 
Join Date: Jun 2012
Location: India
Posts: 23
Default

Quote:
Originally Posted by gpatrick View Post
Your attitude is exactly why others think the FreeBSD community is more friendly and inviting. In fact, daemonfowl would not recevie the comments in their forum from their members in the way that you come down on him. He thanks you when you're rude, which is the exact opposite what I'd say.
Though I registered to this site long before, I tend to silently watch, read and learn things from the community here. However, at this moment I'm compelled to write my first post just to mention that I found folks here quite patient, direct, with no fuss and to the point. The 'direct' nature may sound rude but that's the way a good community works.
Two names I could remember were vermaden and ocicat, from LQ.

Regards.
Old 12th September 2012
a4lm a4lm is offline
New User
 
Join Date: Mar 2011
Posts: 5
Default

Quote:
Originally Posted by gpatrick View Post
Your attitude is exactly why others think the FreeBSD community is more friendly and inviting.
I don't see what OpenBSD would gain from 'friendly and inviting' community.
I'm not saying it's unfriendly as it is or anything, more like properly neutral community with individuals.
Unnecessary friendliness above neutrality could bring the people w/fanboy-mentality, who are unlikely to contribute anything beyond asking questions with answers already in archives or demanding for XXX or YYY, which according to them would be 'of absolute necessity'.

Quote:
Originally Posted by gpatrick View Post
In fact, daemonfowl would not recevie the comments in their forum from their members in the way that you come down on him. He thanks you when you're rude, which is the exact opposite what I'd say.
In fact, jggimi imho has got the nerves to be one of the friendliest 'teachers' I've seen on internet, especially considering how he has answered time after time when the answer would have been one manpage away for anyone bothering to do their homework without repeatedly getting told to do it first.
Unfriendly?

+ you're free to implement anything you feel is missing
Old 14th September 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Quote:
I don't see what OpenBSD would gain from 'friendly and inviting' community
From an ethical viewpoint, isn't it something cherishable regardless of whether it's beneficial or not .. :-) .. we need to reach a concensus that people differ .. the feeling-type is the one more likely to get offended by verbal 'rudeness' .. unless they become aware of a core fact : that a penned post is a genuine concern and a manifestation of friendliness as greatness .. personally I consider any forum a friendly manifestation .. a free great OS is another similar manifestation at a larger scale ..
Quote:
In fact, jggimi imho has got the nerves to be one of the friendliest 'teachers' I've seen on internet
Thanks for mentioning this .. so obvious from even current posts :-) .. I sometimes feel ashamed to keep asking some questions .. but what can I do when some manual is not fully grokkable by a dumbneuroned anthropos like me :-) .. having Daemonforums is :
Being Very Lucky .
Old 14th September 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

This thread is slowing drifting from the subject of OpenBSD's feature set to the decorum found on this site. All future remarks on decorum should be placed in a new thread, as we try to limit threads to a single topic as directed by the original poster. This is discussed in the forum rules.

Last edited by ocicat; 14th September 2012 at 05:59 PM. Reason: clarity
Old 16th September 2012
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Quote:
"what new piece of technology has been added to OpenBSD lately that keeps it relevant in an ever-changing IT landscape?"
pthreads.

Quote:
"Very few people are going to run a server, unless it is a firewall, etc., as a base install"
Very few operating systems aside from OpenBSD (FreeBSD included) have enough software in their base install to do anything at all. OpenBSD has the features to fit the major roles of an IT organization right out of the 'box'. If you want something snazzier than what is found in the base install, you can choose from 7600 different ports, or you could compile software yourself on it. In fact, OpenBSD comes with compatibility with linux and other BSD's to do just that.

A complete set of security, routing, hosting and loadbalancing capabilities come with the default install. With 5.2 two different kinds of webservers and two different name resolvers come installed in base.

Additionally you will have the most well-audited and secure operating system you can get your hands on, all for the premium price of free. One feature that is missing is userbase pandering. They are a team of developers that work on what they find useful to them, and on their schedule. That this exists in a working product is nothing short of miraculous, that it is also the most secure operating system makes it astonishing, and the fact that it can be had for free with no GPL restrictions or fees makes it downright humbling.
__________________
Network Firefighter
Old 16th September 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by ai-danno View Post
Additionally you will have the most well-audited and secure operating system you can get your hands on, all for the premium price of free.
While I'm sure many consider the fact that OpenBSD can be obtained for free to be an enticement, development doesn't come for free.

The OpenBSD project is small enough that individual monetary contributions do matter. Be it buying official CD sets, t-shirts, or whatever, the profits support the project. For those who do not make any purchases or make code contributions, what are you doing to help the project continue?
Old 16th September 2012
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Quote:
For those who do not make any purchases or make code contributions, what are you doing to help the project continue?
That's a great question, and should be asked of anyone that is using the system; there are a variety of things that the 'average user' can do to help the OpenBSD project:
  • donate
    This can be done in the form of buying a CD, or making a contribution to the foundation or to Theo directly. You can even donate hardware that is needed by the project. I personally prefer, however, to buy t-shirts, because not only are they cool, but they provide a walking marketing campaign in your local area to get the word out about OpenBSD.
  • develop
    This is the most involved kind of contribution to the project, and most revered. Fools rush in where angels fear tread, and one should already have been 'part of the community' for some time before deciding that they are in a position to actually contribute code that will make a difference. Remember, code that does not make a difference is wasting your time and the time of the other developers it distracts by having it checked.
  • debug
    Despite the incredible level of bug auditing that has taken place in the project, there are still old and new bugs floating around. By using the system and paying attention to it, you may find something that actually doesn't "just work". The project needs to hear about that, but PLEASE, be responsible about how you contribute those communications to the team.
  • follow the community and give feedback
    This is also a method that needs to be done responsibly. Asking for new features or complaining that you simply do not like something will get you 10x more vitriol than you would find in this forum, ever. Showing how methods and implementations work, and responsibly showing how they don't, provide relevant feedback that the developers will actually use. And if there's anything that the team loves without question, it's a good DMESG. You can see what's happening on the scene most easily by viewing the mailing list and other resources. Hey, if you are reading posts on this website, you kinda already are .

My wireframe Puffy shirt is showing it's age; time for a refresh .
__________________
Network Firefighter
Old 16th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default two more ways

Excellent list, ai-danno. But there are two more things that are helpful: become a port tester, and then perhaps a port maintainer. Both contributions are worthwhile.

If you're a -current user, subscribe to ports@ and test new revisions of older ports or new ports. You need not test everything; perhaps only those that are of interest to you personally.

Use the Port Testing Guide, and respond with your results. You can respond privately or on the ports@ list as you prefer. This is a great way to learn about the ports tree and debugging of individual ports, as well as giving back to the community.

---

If you have installed some unported, third party software and think others might have an interest in it, just build a port, using the Porter's Handbook and the Port Testing Guide, and submit it to ports@ for consideration.

However, you do need to be clueful about the application build process, the dependency chains, and debugging, so this is not for everyone.

And you must be willing to have your Email address published as $MAINTAINER and respond to queries from the community with your support.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:24 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick