Undeadly.org mentioned the following highlights:<p>"Selected highlights include:<p>* Support has been added for qcow2 images and external snapshots in vmm(4)/vmd(8).<p>* "join" has been added for Wi-Fi networks.<p>* Security enhancements include unveil(2), MAP_STACK, and RETGUARD. Meltdown/Spectre mitigations have been extended further, and SMT is disabled by default.<p>* rad(8) has replaced rtadvd(8).<p>* bgpd(8) has undergone numerous improvements, including the
addition of support for BGP Origin Validation (RFC 6811).
smtpd.conf(5) uses a new, more flexible grammar.<p>* For the first time, there are more than 10,000 (binary) packages (for amd64 and i386)." [1]<p>[1] <a href="https://www.undeadly.org/cgi?action=article;sid=20181018140057" rel="nofollow">https://www.undeadly.org/cgi?action=article;sid=201810181400...</a>
I haven't taken the time to write this up, but one of the handy things about OpenBSD is you can take a small 16GB USB stick, format it with one small FAT partition and copy the installer to that. Then you boot the installer on your Ubiquiti Edge Router and install OpenBSD to the unpartitioned space.<p>With a little work you can have your own caching DNS server including domain blocks for tracking sites and if you want privoxy or a squid proxy. It's also easy to set up your own root CA and switch over to certificate-based authentication for wireless clients as long as the wireless base station supports radius.<p>I haven't published a tech note on it yet because Android still complains about importing self-signed certificates even when you import the root CA.
Time to update your BCHS stack: <a href="https://learnbchs.org/index.html" rel="nofollow">https://learnbchs.org/index.html</a>
I used OpenBSD for some time as a platform for a hobby servers around version 4. It is very stable, has low hardware requirements for a base system (I had running WordPress on 32MB RAM and Pentium 200 MMX to my amusement), has very fast and powerfull firewall / packet filter. It is one of the most elegant operating systems I've ever used. Simple in use but has huge functionality. I second that documentation is one of the best. Must try it again maybe on desktop this time.
The new unveil(2) system call is now available.
Discussed previously:
<a href="https://news.ycombinator.com/item?id=18194008" rel="nofollow">https://news.ycombinator.com/item?id=18194008</a>
I run OpenBSD as my border firewall which it handles very well.<p>One thing I wish that OpenBSD devs would change in their philosophy is the --help messages. Many commands simply offer a list of switches, as if that's somehow helpful. Sometimes you need the detail in a man page, but a lot of times you don't and it would save so much time and energy to have a succinct list in the --help message itself.<p># syspatch --help
usage: syspatch [-c | -l | -R | -r]
Announcement mail: <a href="https://marc.info/?l=openbsd-tech&m=153987076201158" rel="nofollow">https://marc.info/?l=openbsd-tech&m=153987076201158</a><p>This is the 45th release of OpenBSD!
* PIE support for the m88k platform.<p>I'm quite amazed that there exists hardware where they can test this! Maybe there are some embedded systems still using motorola chips?<p>Anyway, OpenBSD is great. I'm running it on my router and it also powers my 96 mb ram dual pentium pro 200 mhz computer from the 90s :) That computer also has a quantum fireball 20 gb disk as it's main storage, another thing I am amazed that still runs..<p>Donate to this project, it deserves it!
> Because Simultaneous MultiThreading (SMT) uses core resources in a shared and unsafe manner, it is now disabled by default. It can be enabled with the new hw.smt sysctl(2) variable.<p>Is this on all architetures or just Intel's Hyperthreading? I'd imagine that other CPU's with hardware threads (especially the 4 and 8 way Sparc T series) would be quite hobbled in terms of performance with this change.
My biggest turnoff with OpenBSD is the more complicated package management if you want to have new versions and security updates beyond the versions packaged with the release. As far as I know you either have to stay on the bleeding edge with -current, build packages yourself, or trust a third party (M:Tier) to build for you, who last I checked were behind on firefox builds. I'd love to someday run it on my laptop though.
I run OpenBSD on my router and it's great. It was refreshing to not need Google for figuring out how to set things up, because <i>everything</i> is in the included manual pages, which often do a great job explaining new concepts. Want a quick intro to OSPF? man ospfd<p>I don't think I'll run OpenBSD as a desktop OS unless performance drastically improves, but it's staying on my router for the foreseeable future.
in similar news openssh [0] released a new version recently. noticed 7.7 [1]applied to this openbsd release<p>[0] <a href="https://www.openssh.com/txt/release-7.8" rel="nofollow">https://www.openssh.com/txt/release-7.8</a><p>[1] <a href="https://www.openbsd.org/plus64.html" rel="nofollow">https://www.openbsd.org/plus64.html</a>
Interesting, I've been running Linux for 15 years, yet I can't understand how to upgrade from 6.3, which I just installed on a cloud server, to 6.4 by reading the official document.<p>(Specifically the part "instruct the boot loader to boot this kernel" because it says to type in the file name during the boot process, which is not exactly easy on a remote machine.)
<a href="https://www.openbsd.org/faq/upgrade64.html" rel="nofollow">https://www.openbsd.org/faq/upgrade64.html</a><p>I have a lot of respect to OpenBSD devs when people don't contribute back much even if they use OpenSSH everyday but a bit more friendliness doesn't hurt to let people try it out more.
Linux is a depressing mess after you've used OpenBSD. Such a high quality system, with stellar documentation. It's unfortunate that Linux has become so popular even though the BSD's are so much better. A bad historical accident. Damn you Linus...