Twitter
Home Blog Page 10191

OpenBSD 2.8 released

By
-

Author: JT Smith

It is our pleasure to officially announce the release of OpenBSD 2.8.
Just over 6 weeks ago, on October 18, OpenBSD turned 5 years old. In
celebration of this milestone, we invite you to enjoy our 8th release
on CDROM (and 9th via FTP). We continue to celebrate OpenBSD’s record
of three years without a remote hole in the default install.
Just like
all of our previous releases, 2.8 provides significant improvements,
including new features, in nearly all areas of the system:

  • Hardware support is improved
    (http://www.OpenBSD.org/plat.html)
  • OpenBSD 2.8 will run on Apple iMac, G3, G4, and G4 Cube machines.

  • Improved hardware crypto support, now including Hifn PowerCrypt and
    Broadcom Bluesteelnet (uBsec) hardware accelerator boards.

  • Many new Ethernet devices supported, including National
    Semiconductor
    DP83815-based adapters, 3Com MiniPCI adapters, 3Com 574-based
    PCMCIA,
    and many new CardBus devices (Xircom, Intel 21143, Intel CardBus
    II).

  • Support for most of the Gigabit Ethernet cards on the market, i.e.,
    SysKonnect, Intel, and Alteon-based.

  • Support for most types of USB devices, including Ethernet,
    printers,
    audio, etc. Sync your Handspring Visor, or transfer MP3s to your
    Rio.

  • Support for 3ware Escalade 3W-5×000 and 3W-6×000 series RAID
    controllers.

  • New audio support, including the Cirrus Logic CS4280, ForteMedia
    FM801,
    and integrated audio chips found on newer VIA and Intel
    motherboards.

  • Improvements and new support in the PCI IDE subsystem.

  • Security has been further strengthened
    (http://www.OpenBSD.org/security.html)

  • In response to the threat posed by so-called “format string” bugs,
    OpenBSD
    performed a complete source tree audit in June to identify and
    correct
    such problems. This involved countless hours of code reading and
    careful
    bug fixes. We are confident that these issues have been solved and
    that once again our proactive security auditing process has proved
    itself
    an
    invaluable component of the OpenBSD philosophy.

  • Several other security issues dealt with across the system, many of
    which
    were identified by members of the OpenBSD team themselves. Please
    see
    http://www.openbsd.org/errata27.html for more details on what was
    fixed.

  • Even more integrated cryptography
    (http://www.OpenBSD.org/crypto.html)

  • OpenSSH has been improved, debugged, and is now at version 2.3.0.
    Support
    for both SSH1 and SSH2 protocols ensures maximum interoperability
    with
    other implementations. This version also includes an SFTP server
    for
    secure file transfers with several Windows-based clients. Since
    OpenSSH
    is free, it has continued to gain acceptance on other operating
    systems
    as well. For more information, see http://www.OpenSSH.com, or
    simply install OpenBSD 2.8 and try it out. Our sincerest thanks to Markus
    Friedl,
    one of our developers and the driving force behind OpenSSH.

  • The celebration continues. What better birthday present for
    OpenBSD
    than
    the expiration of the RSA patent? SSL libraries now come as part of
    the
    base operating system install, permitting SSL and RSA applications
    to
    work normally without fancy installation tricks. These
    applications
    now
    include httpd, isakmpd, and ssh.

  • Our already very mature IPSEC code has been enhanced to comply with
    the latest standard changes, i.e., AES. Using IPSEC and bridging,
    Ethernets can be securely tunneled over the Internet. The IKE
    isakmpd
    has become more robust and can be used in a configuration-less mode
    in
    conjunction with certificates. IPSEC performance has improved for
    software cryptography, but with hardware crypto accelerators
    (including HiFn and Broadcom based encryption processors), incredibly
    fast IPSEC processing is possible.

  • Improving on the encryption of swap space introduced in the
    previous
    release, OpenBSD now uses Rijndael, the recently chosen AES
    encryption
    standard.

  • Many other bugs fixed
    (http://www.OpenBSD.org/plus28.html)

  • The “ports” tree is greatly improved
    (http://www.OpenBSD.org/ports.html)

  • The 2.8 CD ships with many more pre-built packages for the common
    architectures. The FTP site contains hundreds more packages (for
    the
    important architectures) which we could not fit onto the CDs. A
    list of
    those packages is appended below.

  • Many subsystems improved and updated since the last release:
  • XFree86 3.3.6-current
  • gcc 2.95.3
  • perl 5.6.0 plus a few fixes.
  • Apache 1.3.12 (+ patches), Mod_ssl 2.6.2, OpenSSL 0.9.5a, DSO
    support
  • ipf 3.3.18
  • groff 1.15
  • sendmail 8.10.1
  • lynx 2.8.2 with HTTPS support added
  • sudo 1.6.3p5
  • ncurses 5.2
  • Latest KAME IPv6
  • KTH Kerberos 1.0.2
  • OpenSSH 2.3.0

    If you’d like to see a list of what has changed between OpenBSD 2.7 and
    2.8, look at
    http://www.OpenBSD.org/plus28.html.

    Even though the list is a summary of the most important changes made to
    OpenBSD, it still is a very very long list — more than 700 major
    changes.

    This is our ninth OpenBSD release, and the eighth release which is
    available on CDROM. Our releases have been spaced six months apart,
    and we plan to continue this timing.

    Security and errata

    We provide patches for known security threats and other important
    issues
    discovered after each CD release. As usual, between the creation of the
    OpenBSD 2.8 FTP/CDROM binaries and the actual 2.8 release date, our
    team
    found and fixed some new reliability problems (note: most are minor,
    and
    in subsystems that are not enabled by default). Our continued research
    into security means we will find new security problems — and we always
    provide patches as soon as possible. Therefore, we advise regular
    visits to
    http://www.OpenBSD.org/security.html
    and
    http://www.OpenBSD.org/errata.html.

    CDROM sales

    OpenBSD 2.8 is also available on CDROM. A 2-CD set which costs $30USD
    is available via mail order and from a number of contacts around the
    world. The set includes a colorful booklet which carefully explains
    the installation of OpenBSD. A new set of cute little stickers is
    also
    included (sorry, but our FTP mirror sites do not support STP, the
    Sticker Transfer Protocol). Profits from these sales are the primary
    income source for the OpenBSD project — in essence selling these
    CDROM units ensures that OpenBSD will continue to make another release
    six months from now.

    For more information on ordering CDROMs, see http://www.OpenBSD.org/orders.html.
    The above web page lists a number of places where OpenBSD CDROMs can
    be purchased. For our default mail order, go directly to
    https://https.openbsd.org/cgi-bin/order
    or, for European orders,
    https://https.openbsd.org/cgi-bin/order.eu.

    All of our developers strongly urge you to buy a CDROM and support our
    future efforts. As well, donations to the project are highly
    appreciated, as described in more detail at
    http://www.OpenBSD.org/goals.html#funding.

    T-shirt sales

    The project continues to expand its funding base by selling T-shirts
    and
    polo shirts. And our users like them, too. We have a variety of shirts
    available, with the new and old designs, from our web ordering system
    at
    https://https.openbsd.org/cgi-bin/order.
    With this release, we introduce 2 new shirts.

    FTP installs

    If you choose not to buy an OpenBSD CDROM, OpenBSD can be easily
    installed via FTP. Typically you need a single small piece of boot
    media (e.g., a boot floppy) and then the rest of the files can be
    installed from a number of locations, including directly off the
    Internet. Follow this simple set of instructions to ensure that you
    find all of the documentation you will need while performing an install
    via FTP. With the CDROMs, the necessary documentation is easier to
    find.

    Read either of the following two files for a list of ftp
    mirrors which provide OpenBSD, then choose one near you:
    http://www.OpenBSD.org/ftp.html;
    ftp://ftp.OpenBSD.org/pub/OpenBSD/2.8/ftplist.

    XFree86 for most architectures

    XFree86 has been integrated more closely into the system. This
    release contains XFree86 3.3.6. Most of our architectures ship with
    XFree86, even the sparc and powerpc. During installation, you can
    install
    XFree86 quite easily. Be sure to try out xdm(1) and see how we have
    customized it for OpenBSD.

    Ports tree

    The OpenBSD ports tree contains automated instructions for building
    third party software. The software has been verified to build and run
    on the various OpenBSD architectures. The 2.8 ports collection,
    including many of the distribution files, is included on the 2-CD set.
    Please see PORTS file for more information.
    Note: some of the most popular ports, e.g., the Apache web server and
    several X applications, are now a standard part of OpenBSD. Also,
    other popular ports have been pre-compiled for those who do not desire
    to build their own binaries.

    Binary packages we provide

    A number of binary packages are provided. Please see PACKAGES file
    (ftp://ftp.OpenBSD.org/pub/OpenBSD/PACKAGES) for more details.

    System source code

    The CDROMs contain source code for all the subsystems explained above,
    and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/README) file explains how to deal with these source files. For those who are doing
    an FTP install, the source code for all four subsystems can be
    found in the pub/OpenBSD/2.8/ directory:
    X11.tar.gz; ports.tar.gz; src.tar.gz; srcsys.tar.gz.

    Thanks

    OpenBSD 2.8 introduces artwork and CD artistic layout by Ty Semaka
    (who as it happens, performs in a band called the Plaid Tongued
    Devils, http://www.thedevils.com/). Ports tree and package building
    by Brad Smith, Marc Espie, and Chris Turan. System builds by Theo de
    Raadt, Niklas Hallqvist, Todd Fries, Steve Murphree, Miod Vallat,
    Mats O Jansson, Marc Espie, and Bob Beck. ISO-9660 filesystem layout
    by Theo de Raadt. Release announcement written by Aaron Campbell.
    We would like to thank all of the people who sent in bug reports, bug
    fixes, donation checks, and hardware that we use. We would also like
    to thank those who bought our previous CDROMs. Those who did not
    support us financially have still helped us with our goal of improving
    the quality of the software.

    Our developers are:
    Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy, Artur
    Grabowski,
    Assar Westerlund, Bob Beck, Brad Smith, Brandon Creighton, Brian
    Somers,
    Bruno Rohee, Camiel Dobbelaar, Chris Cappuccio, Christian Weisgerber,
    Chris Turan, Constantine Sapuntzakis, Craig Metz, Dale Rahn, Damien
    Miller,
    Dan Harnett, David Terrell, David Leonard, David Sacerdote, Dug Song,
    Eric Jackson, Federico G. Schwindt, Hakan Olsson, Hans Insulander,
    Horacio Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe
    Finck,
    Janne Johansson, Jason Downs, Jason Ish, Jason Wright,
    Jun-ichiro itojun Hagino, Kenneth R Westerback, Kevin Lo, Kjell
    Wooding,
    M. Warner Losh, Marc Espie, Marco S Hyman, Mark Grimes,
    Markus Friedl, Mats O Jansson, Matt Behrens, Matthew Jacob,
    Matthieu Herrb, Michael Shalayeff, Miod Vallat, Nathan Binkert,
    Niels Provos, Niklas Hallqvist, Oleg Safiullin, Paul Janzen,
    Peter Galbavy, Phillip Lenhardt, Reinhard J Sammer, Sontri Tomo
    Huynh,
    Steve Murphree, Theo de Raadt, Thorsten Lockert, Tobias Weingartner,
    Todd C. Miller, Todd T. Fries, Wim Vandeputte, and Yannick Cote.
    For press contact, please contact press@OpenBSD.org.

    List of FTP sites

    The following list should be helpful for those who want to install
    OpenBSD via FTP.

    ftp://carroll.cac.psu.edu/pub/OpenBSD; Pennsylvania,
    USA
    ftp://download.sourceforge.net/pub/mirrors/OpenBSD; Sunnyvale, CA,
    USA
    ftp://filoktitis.noc.uoa.gr/pub/OpenBSD; Athens, Greece
    ftp://ftp.au.openbsd.org/pub/OpenBSD; Melbourne,
    Australia
    ftp://ftp.bsdfr.org/pub/OpenBSD; Oleane, France
    ftp://ftp.ca.openbsd.org/pub/OpenBSD; Edmonton,
    Canada
    ftp://ftp.calyx.nl/pub/OpenBSD; Amsterdam,
    Netherlands
    ftp://ftp.chg.ru/pub/OpenBSD; Chernogolovka,
    Russia
    ftp://ftp.de.openbsd.org/unix/OpenBSD; Berlin, Germany
    ftp://ftp.duth.gr/pub/OpenBSD; Thrace, Greece
    ftp://ftp.esat.net/pub/OpenBSD; Dublin, Ireland
    ftp://ftp.eu.openbsd.org/pub/OpenBSD; Zurich,
    Switzerland
    ftp://ftp.fr.openbsd.org/pub/OpenBSD; Paris, France
    ftp://ftp.gigabell.net/pub/OpenBSD; Frankfurt,
    Germany
    ftp://ftp.grolier.fr/pub/OpenBSD; Paris, France
    ftp://ftp.inet.no/pub/OpenBSD; Oslo, Norway
    ftp://ftp.it.net.au/mirrors/OpenBSD; Perth,
    Australia
    ftp://ftp.jp.openbsd.org/pub/OpenBSD; Tokyo, Japan
    ftp://ftp.kddlabs.co.jp/OpenBSD; Tokyo, Japan
    ftp://ftp.kmitl.ac.th/pub/OpenBSD; Thailand
    ftp://ftp.knowledge.com/pub/mirrors/OpenBSD; London, UK
    ftp://ftp.netlab.is.tsukuba.ac.jp/pub/os/OpenBSD; Ibaraki, Japan
    ftp://ftp.nl.uu.net/pub/OpenBSD; Amsterdam,
    Netherlands
    ftp://ftp.nz.openbsd.org/pub/OpenBSD; Auckland, New
    Zealand
    ftp://ftp.op.net/pub/OpenBSD; Ambler, PA, USA
    ftp://ftp.openbsd.org.ar/pub/OpenBSD; Buenos Aires,
    Argentina
    ftp://ftp.openbsd.org/pub/OpenBSD; Edmonton,
    Canada
    ftp://ftp.plig.org/pub/OpenBSD; London, UK
    ftp://ftp.radio-msu.net/pub/OpenBSD; Moscow, Russia
    ftp://ftp.rediris.es/mirror/OpenBSD; Madrid, Spain
    ftp://ftp.snu.ac.kr/pub/OpenBSD; Seoul, Korea
    ftp://ftp.src.uchicago.edu/pub/openbsd; Chicago, IL, USA
    ftp://ftp.stacken.kth.se/pub/OpenBSD; Stockholm,
    Sweden
    ftp://ftp.sunet.se/pub/OpenBSD; Uppsala, Sweden
    ftp://ftp.task.gda.pl/pub/OpenBSD; Gdansk, Poland
    ftp://ftp.tux.org/bsd/openbsd; Springfield, VA,
    USA
    ftp://ftp.volftp.mondadori.com/mirror/openbsd; Italy
    ftp://ftp.wiretapped.net/pub/OpenBSD; Sydney,
    Australia
    ftp://ftp.usa.openbsd.org/pub/OpenBSD; Boulder, CO, USA
    ftp://ftp1.usa.openbsd.org/pub/OpenBSD; Ann Arbor, MI,
    USA
    ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD; West Lafayette,
    IN, USA
    ftp://gandalf.neark.org/pub/distributions/OpenBSD; Batesville, AR,
    USA
    ftp://gd.tuwien.ac.at/opsys/OpenBSD; Vienna, Austria
    ftp://mirror.aarnet.edu.au/pub/OpenBSD; Brisbane,
    Australia
    ftp://openbsd.csie.nctu.edu.tw/pub/OpenBSD; Taiwan
    ftp://quasar.uvt.ro/pub/OpenBSD; Timisoara,
    Romania
    ftp://rt.fm/pub/OpenBSD; Algonquin, IL,
    USA
    ftp://sunsite.cnlab-switch.ch/pub/OpenBSD; Zurich,
    Switzerland
    ftp://sunsite.org.uk/Mirrors/ftp.openbsd.org/pub/OpenBS; London, UK
    ftp://sunsite.uio.no/pub/OpenBSD; Oslo, Norway
    ftp://uiarchive.uiuc.edu/pub/systems/OpenBSD; Urbana, IL, USA
    ftp://vell.nsc.ru/pub/OpenBSD; Novosibirsk,
    Russia

    • Weekly memory and motherboard price guide

    By
    -

    Author: JT Smith

    From Anandtech: “The basic goal is to provide you with the best deals, and follow price trends of the listed products. We have selected a
    leading team of on-line vendors, and will be tracking their progress on weekly basis. Please note that all vendors were
    selected according to their best price offered. Some vendors may ask that you place a phone-order to make sure that
    you receive our listed price; others simply ask that you mention where you found the price (in this case AnandTech).
    We have tried to eliminate vendors with low feedback rating, but we do encourage you to do some sort of a rating
    research before purchasing any product from this list.”

    Category:

    • Unix

    Exploit exposes Internet Explorer’s file cache

    By
    -

    Author: JT Smith

    Georgi Guninski has uncovered yet another
    security hole in Internet Explorer Versions 5
    and above. From ZDNET.

    Debian security advisory

    By
    -

    Author: JT Smith

    Help Net Security tells us that Colin Phipps found an interesting symlink attack problem in fsh (a tool to quickly run remote commands
    over rsh/ssh/lsh). When fshd starts it creates a directory in /tmp to hold its sockets. It tries to do that
    securely by checking of it can chown that directory if it already exists to check if it is owner by the user
    invoking it. However an attacker can circumvent this check by inserting a symlink to a file that is owner
    by the user who runs fhsd and replacing that with a directory just before fshd creates the socket.

    Category:

    • Linux

    Opinion: Framemaker for Linux and other software

    By
    -

    Author: JT Smith

    Kevin Reichard of LinuxPlanet writes: “Though Adobe officials are being tight-lipped about this decision, I think it’s rather obvious why it was
    made: that there’s not a snowball’s chance in h-e-double-hockey-sticks that FrameMaker for Linux
    would generate enough revenue for Adobe to be worth the effort.”

    Category:

    • Linux

    Pro-Linux virus infecting companies

    By
    -

    Author: JT Smith

    MSNBC.com reports: “A computer virus that poses as a
    Shockwave movie and urges victims to install the
    Linux operating system has infected at least four
    Fortune 500 companies according to antivirus
    firms. Known as ‘Prolin,’ or pro-Linux, the bug
    politely places instructions on how to recover
    from infections on the victim’s computer.
    Experts are concerned that it might spread
    quickly around the Internet.”

    Category:

    • Linux

    CERT warns of looming DDoS attacks

    By
    -

    Author: JT Smith

    In its clearest signal yet that it may be bracing for a massive attack, computer network security group
    CERT issued an advisory today asking system administrators to prepare systems to block denial of
    service attacks. Fairfax IT reports.

    Steal this code: Open Source vs. patents

    By
    -

    Author: JT Smith

    By Dan Berkes

    In 1976, Bill Gates wrote an angry letter to the “computer hobbyist” community when users obtained his BASIC code at no charge. If that had happened in 2000, Gates would have (and through Microsoft, does) aggressively patented his code, and served up a plate full of lawsuits for copyright infringement.To protect its virtual assets, companies have responded by obtaining sometimes-absurd patents, writing conflicting and confusing licensing agreements, and pressuring elected officials to modify copyright code.

    Patents

    Software and technology patents have gone to some rather absurd extremes over the last few years. Online retailer Amazon, for example, was able to patent a single mouse click. The company was able to claim that its “one click” shopping method was so unique and original that it deserved the legal protections afforded a patent.

    Amazon generated no small amount of ill will by patenting what, to many, seemed like a method of Web browsing that was anything but unique or original in nature. At least they were up front about their reasons for doing so: There’s money involved. Indeed, the bookseller has already licensed its freshly patented idea to Apple for use in the computer makers’ own online storefront.

    In an open letter to the Internet community, company CEO Jeff Bezos manages to defend his company’s patents while proposing sweeping reforms at the same time. From the tone of the letter, readers might speculate that Amazon is essentially admitting that it pulled a quick one on the patent office.

    Problems will also arise when patent holders are less than vigorous in defending their intellectual property. In 1985, Unisys acquired a patent for its Lempel Ziv Welch, or LZW data compression and decompression utility — the algorithm at the heart of the GIF file format, and a globally accepted graphic file standard.

    About a decade after CompuServe created the GIF file format using the LZW algorithm, Unisys woke up and decided that it was high time to enforce its patent. Initially, the company said that it only wanted to collect licensing fees from software developers.

    In 1999, the company decided that not only was it going after developers, it would also seek compensation from the commercial users of such programs as well. Although Mark Starr, Unisys’ general patent and technology counsel couldn’t comment on specific cases, he did confirm that the company is, indeed, pursuing claims against several users of unlicensed graphics tools that use the LZW algorithm to create GIF images.

    Not even Unisys is immune to claims of contributory infringement. Starr mentioned that the company is facing similar action regarding the technology it uses for several of its products. “We’re not happy about it,” says Starr, “but these companies clearly have the legal right to protect their patents.”

    Waiting in the wings to replace GIF as the de facto Internet graphics standard is the freely available and Open Source Portable Network Graphics, or PNG, image file format. The Open Source community has long known of PNG’s superiority over GIF images.

    In this case, the actions of Unisys can be said to have been beneficial to the Open Source community. Thousands of users who would have had no other incentive to use PNG quickly adopted this new file format in an effort to sidestep any messy licensing issues.

    “The examination process for software patents is a sham,” says California-based software developer and inventor Raph Levien. “Probably half of the patents I’ve read are clearly invalid to anybody who knows the art.”

    Software patents may be going the way of the dinosaur — at least in Europe. In November, the member nations of the European Union voted unanimously against an extension of the patent system to software.

    “We are still very far from a decision to ban software patents in Europe,” said Stéfane Fermigier of the EuroLinux activist group. Considering that the European Patent Office is already granting patents on certain software methods, the recent vote was more of a delay against making an actual decision rather than passing any law.

    Copyrights

    Promising to complicate matters further is the Digital Millennium Copyright Act. Enacted in the United States in 1998, the law was designed as an update to national copyright laws.

    In part, the law reads: “No person shall circumvent a technological measure that effectively controls access to a work protected under this title.” This is further expanded to mean, “…to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright holder.”

    The DMCA and the Open Source community collided during the summer of 2000 when a federal judge ruled that Emmanuel Goldstein of 2600 Magazine broke copyright law for posting and then later linking to DeCSS, a DVD decryption program.

    Goldstein played no part in the creation of DeCSS — the program was written by Jon Johansen, a 16-year-old programmer from Norway. Goldstein merely provided access to the code that would have been part of a set of programs allowing Linux users to play DVDs on their systems.

    Under the DMCA, plaintiff Motion Picture Association of America didn’t have to prove that that DeCSS was ever used to make illegal copies of movies. As long as the MPAA could prove that there was a possibility that DeCSS might be used to subvert its proprietary DVD encryption, the film organization could ask the court to make merely pointing in the direction of the code illegal — even if the program was used solely to view legally purchased DVDs.

    Rejecting Goldstein’s claims of fair use and First Amendment free speech rights, the judge wrote that DeCSS had violated the anti-circumvention clause of the DMCA and amounted to little more than stealing.

    Will honest to goodness patent reform ever happen? Unisys’ Starr says he doesn’t think so and furthermore, he doesn’t think it should happen. “Some people wouldn’t be doing the work that they do if a patent isn’t there to protect it.”

    The same could be said for copyright regulations that, if anything, have become more restrictive over the years. The likely and depressing certainty of the matter is that the matter of interpretation and enforcement will be increasingly left to the court system to figure out.

    NewsForge editors read and respond to comments posted on our discussion page.

    CIA takes action against secret chat room

    By
    -

    Author: JT Smith

    Following an investigation into a secret chat network on a classified computer system, the CIA has, according to The Standard, decided to fire 4 and reprimand, suspend, or demote an additional 18 employees.

    Category:

    • Linux

    IBM develops new encryption-authentication algorithm

    By
    -

    Author: JT Smith

    InfoWorld reports on an IBM researcher’s development of an algorithm capable of both encrypting and authenticating connections simultaneously.

    Category:

    • Linux
    1...10,19010,19110,192...10,742Page 10,191 of 10,742