The OpenBSD project is well known for its strong focus on security and for its precise documentation. The OpenBSD operating system generally gives preference to security and properly behaving software over features. OpenBSD is lightweight, sparse and relatively locked down by default. This makes the platform particularly popular among administrators who need a firewall or other minimal and stable platform.
OpenBSD 6.0 introduces many small changes and a handful of important ones. Looking through the release notes we find support for the VAX platform has been dropped. There have been several security updates to the OpenSSH secure shell service. Perhaps one of the more interesting security features in the operating system is strict enforcement of W^X: "W^X is now strictly enforced by default; a program can only violate it if the executable is marked with PT_OPENBSD_WXNEEDED and is located on a file system mounted with the wxallowed mount option. Because there are still too many ports which violate W^X, the installer mounts the /usr/local file system with wxallowed. This allows the base system to be more secure as long as /usr/local is a separate file system. If you use no W^X violating programs, consider manually revoking that option."
I decided to play with the 64-bit x86 build of OpenBSD which is 226MB in size. Booting from this ISO presents us with a text console where we are asked if we would like to install OpenBSD, upgrade an existing copy of the operating system or perform an auto-install. I chose to perform a normal installation.
Yesterday I published some macOS 10.2 vs. Ubuntu 16.04 LTS benchmarks from a Mac Mini and MacBook Air systems. For those curious if BSDs can outperform macOS Sierra on Apple hardware, I tested the MacBook Air with FreeBSD 11.0 compared to the Linux and macOS results on that Core i5 system. Here are those results.
The delayed FreeBSD 11.0 release just suffered another last-minute set-back. While "FreeBSD 11.0-RELEASE images" were distributed to FTP mirrors and the official announcement expected today, these images need to be re-spun to contain some security fixes and thus pushing back the official release.
Glen Barber noted today on the mailing list, "Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be rebuilt and republished on the Project mirrors as a result of a few last-minute security fixes we feel are imperative to include in the final release."
A few minutes ago, Glen Barber informed the FreeBSD community that they should not hurry and install the ISO images of the FreeBSD 11.0 operating system made available a few days ago on the official FTP mirrors.
These images aren't safe to use and contain various security vulnerabilities that need to be fixed before the FreeBSD Project will officially unveil the final release of the FreeBSD 11.0 operating system in the coming days. According to the release schedule, FreeBSD 11.0 should hit the streets later today, September 29, 2016.
However, until then the FreeBSD development team is hard at work patching those nasty security issues and rebuilding the final ISO images, which will be made available on the respective FTP mirrors later today as FreeBSD 11.0-RELEASE-p1. If you're already running FreeBSD 11.0-RELEASE, you will soon be provided with instructions to safely update your system
For over one year there's been talk of LLVM pursuing a mass relicensing from its University of Illinois/NCSA Open Source License, which is similar to the three-clause BSD license, to the Apache 2.0 license with explicit mention of GPLv2 compatibility. As mentioned in that aforelinked article, this re-licensing is moving ahead.
The third release candidate to FreeBSD 11.0 is now available with this release cycle running now a few weeks behind schedule
Videos from last week's LLVM Cauldron are now available if you wish to learn more about a variety of compiler happenings.
Following the seven-way Linux distribution benchmark comparison published earlier this week, on the same system I set out to test a variety of BSD distributions on the same system and ultimately benchmark their out-of-the-box performance too. Those performance benchmark results will be published later this week while today were a few remarks I wanted to share when trying out TrueOS, DragonFlyBSD, GhostBSD, FreeBSD, OpenBSD, NetBSD, MidnightBSD, and PacBSD (Arch BSD) on this modern Intel Xeon system.
All of my testing was done on an Intel Xeon E5-2509 v4 Broadwell-EP system with MSI X99A WORKSTATION motherboard, NVIDIA GeForce GTX TITAN X, 16GB of DDR4 memory, and an OCZ TRION 150 120GB SATA 3.0 SSD. With the seven Linux distributions tested in recent days they all worked fine on the system: Ubuntu, Clear Linux, Scientific Linux, openSUSE Tumbleweed, Fedora, Antergos, and Sabayon Linux.
Below are my various brief remarks when testing the different BSDs on this Intel Xeon system. These are my thoughts with admittedly being a Linux enthusiast while just touching BSD, Solaris, and others only on a semi-frequent basis. I am by no means a diehard "Linux fan boy" and have no fundamental objections to BSD, I simply prefer the operating system that best fits my needs and for benchmarking where I can get my tests done in a reliable, reproducible, and timely manner. I at least prefer my operating systems have a clean and quick install process with sane defaults; working generally ~100 hour weeks, I don't have time in 2016 if an OS cannot easily install and boot properly on a modern PC. I enjoy testing out the various BSDs and have no strong bias to any of them. This is the largest BSD testing comparison I've done in the past 12 years on Phoronix at the same time and on the same hardware.
We've known for a while that FreeBSD has been working on a CentOS 7 compatibility layer while now that work has finally landed in FreeBSD ports.
As of yesterday, linux_base-c7 landed in ports for installing the CentOS 7 base packages. This will allow running newer Linux binaries built for modern CentOS/RHEL 7 era systems on FreeBSD, assuming the source isn't available or isn't compatible natively with FreeBSD. Previously CentOS 6 was the default port used for this Linux binary compatibility with FreeBSD.
OpenBSD 6.0 was released today, and with it some exciting new security features. From my perspective, the chief among them is the technical enforcement of W^X in user-land. Since moving to a technical control rather than a policy statement for enforcing executable space protection was a result of discussions caused by my last blog post on the situation, I’m very excited about this development and thought that giving a demonstration and discussion would be in order. (In the spirit of not putting the headline on Page 1 and the retraction on Page 11, hopefully BSDNow will cover this as well).
The only operating system I use on my computers is not Mac, not Windows, and not even Linux. It's OpenBSD, and I love it so much.
Since OpenBSD 6.0 was released today, I figured I should say a little something about why I love it, and how you can try it.
We are proud to announce that the PC-BSD project has evolved into TrueOS: a modern, cutting-edge distribution of FreeBSD focused on security, simplicity, and stability for desktops, servers, and beyond! TrueOS harnesses the best elements of PC-BSD, combines it with security technologies from OpenBSD, and layers it on top of FreeBSD to provide a complete system for modern machines.