Area needing the most work?

Contributed by mk/reverse on 2004-10-12 from the dept.

Performance

20.9% (176 votes)

Hardware support

12.4% (105 votes)

Ports and packages

10.1% (85 votes)

IO subsystem

3.3% (28 votes)

VM subsystem

3.3% (28 votes)

Multiprocessor support

5.8% (49 votes)

Installation/upgrade

10.2% (86 votes)

Patch management and binary patches

21.2% (179 votes)

Security features

8.1% (68 votes)

Scalable management systems

4.7% (40 votes)

Total votes: 844

(Comments are closed)

Comments

By Anonymous Coward (61.88.57.1) on 2004-10-13 00:12

software RAID during installation including the root filesystem ?
Comments
1. By Anonymous Coward (201.8.80.20) on 2004-10-14 16:11
  
  That would be a lot interesting
  Comments
  1. By Anonymous Coward (61.88.57.1) on 2004-10-18 00:11
    
    Yes interesting indeed, if Linux can do it why cant OpenBSD ? This was a major reason in one of my clients *not* using openbsd. They couldnt afford a Raid Controller and they wanted a redundant storage solution, we ended up using Fedora instead of openbsd purely because it was capable of doing software raid during install and had nice tools.
    
    Comments
    
    By Aaron Glenn (64.235.239.2) aaron.glenn@gmail.com on 2004-10-19 19:23
    
    OK, I'll admit CentOS's graphical installer makes LVM/RAID easier than spreading cream cheese on a bagel but the fact remains it's possible, and really not that difficult, to get a working, software RAID OpenBSD install. Yes, there's some major differences in the bootcode or whatever (the annoying two identical boot block...things). I'm not a kernel hacker or I'd look into it. If pretty interfaces and ease of use trump security, OpenBSD is not for you* *granted Fedora might be just as secure depending on the service you're running. like say a telnet server (-:
By Brad (216.138.200.42) brad at comstyle dot com on 2004-10-13 06:32

For the voters of this option, what is it that you're looking for? There will be no GUI installer and I don't see the current installer changing much, its great. Regardnig upgrading, I haven't had an easier upgrade with any other OS.
Comments
1. By Anonymous Coward (212.113.164.98) on 2004-10-13 08:33
  
  I agree. The installer is lovely and the upgrade is really easy :-)
  Just don't touch them :P
2. By henning (80.86.183.227) henning@ on 2004-10-13 09:26
  
  our upgrades suck big time.
  it's just that the other OS' do it even worse.
  that doesn't mean we can't do better than now...
  Comments
  1. By Anonymous Coward (192.6.19.203) on 2004-10-18 10:54
    
    Agreed. I like the no-frills text-only install, but there is I think some room for improvements on the upgrade side.
    So far I reinstalled my production boxes from scratch every other release, kind of a spring cleaning to make sure I wasn't leaving too much 'dirt' like older binaries/libs/packages behind.
    Some automated way to update packages would also be cool to have IMHO.
3. By Anonymous Coward (204.214.120.254) on 2004-10-13 12:48
  
  in fact, my _mom_ can install openbsd .. no joke
4. By Matt Van Mater (65.205.28.104) on 2004-10-13 13:16
  
  I didn't vote for this (I think we need binary patches for more wisespread use) but I have a few relatively simple requests for improving the installer.
  
  Allow us to create partitions based upon percentages. The bc executable is small enough that we might be able to squeeze it into the installer. I've introduced OpenBSD to a few friends and that was their only real complaint with the installer (fdisk can be scary because it doesn't display partitions in megabytes and percentages like most people are used to)
  
  I think we need to make it a little more script friendly. For example, an option to "Save your config choices to a floppy/ftp/sftp location" after installing would make replicating the install on other boxes easier. If you wanted to take it a step further, you could have a little script that generates an answer file with these config choices. That wouldn't be TOO hard, just take the normal install script and save the choices that were made instead of executing them. Currently to automate the install scripts you have to recompile the darn thing, and that sucks.
  
  If we could integrate these scripted installs into the newly implemented PXE boot then we would have a really kickass installer system. We're already 95% of the way there with the ftp installs so why not take that last step :)
  
  I've started working on solutions for these a little here and there, but never got it to a point where I thought it would be usable/useful.
  Comments
  1. By Michael Knudsen (217.157.199.114) on 2004-10-13 15:18
    
    > Allow us to create partitions based upon percentages. The bc
    > executable is small enough that we might be able to squeeze it
    > into the installer. I've introduced OpenBSD to a few friends
    > and that was their only real complaint with the installer
    > (fdisk can be scary because it doesn't display partitions in
    > megabytes and percentages like most people are used to)
    
    luggage$ ls -l `which bc dc`
    -r-xr-xr-x 1 root bin 34356 Sep 23 19:33 /usr/bin/bc
    -r-xr-xr-x 1 root bin 26164 Sep 23 19:33 /usr/bin/dc
    
    Actually, bc(1) is just a preprocessor which invokes dc(1) so
    the latter is what should be used, if anything.
    
    Comments
    
    By Matt Van Mater (65.205.28.104) on 2004-10-13 18:31
    
    Good to know, thanks.
    
    By Otto Moerbeek (213.84.84.111) otto@drijf.net on 2004-10-17 08:00 http://www.drijf.net
    
    Including dc(1) on the install media won't happen, since our (my) version of dc(1) uses the openssl bn(3) library, which is too large.
    dc(1) doesn't look that large because it uses shared libs.
  2. By Anonymous Coward (67.71.79.251) on 2004-10-15 02:26
    
    Next time you do an install, or such... rather than just 'p' try 'p m' :-) megabytes display works wonders... unless I mis-understood?
    
    Comments
    
    By Matt Van Mater (65.205.28.104) on 2004-10-15 15:56
    
    No I think you understood, I just didn't phrase my statement clearly. I knew that you can change it to display size in Mb, I just think it should display like this by deafult... This is a stupid minor thing, but it is one annoyance I have.
    
    In any case, I think showing percentages is really the more important of the two partitioning sugestions i made.
  3. By Otto Moerbeek (213.84.84.111) otto@drijf.net on 2004-10-17 07:22
    
    You should really check the man page.
    You can create partitions using a percentage of the total disk size. When asked for a size, type 25% or something like that. You can also use M and G for megabytes and gigabytes. There's even more, check the man page.
    You can view partitions in megabytes, gigabytes (and more): use 'p M' or p 'G' in the interactive editor.
    
    Comments
    
    By Matt Van Mater (65.205.28.104) on 2004-10-18 14:29
    
    You got me there, I did not know that I could specify percentages (which would mean we don't need to include bc/dc or the shared libs for a simple calculation). However, my main point is that it is not obvious on how to do these things! Why should I have to read a man page when it could be included as a note in the installer? (Are the man page for fdisk, format, and disklabel included on the boot floppies? I haven't checked, but I'd guess not due to space constraints.)
    
    Everything else in the installer is very simple and straight forward, and doesn't require me to read man pages somewhere else to complete the install. Remember I am passing these comments on from a newbie who is a smart guy and otherwise had no problems with the install, but found this irritating.
    
    Comments
    
    By Matt Van Mater (65.205.28.104) on 2004-10-18 17:34
    
    (This is me beating a dead horse)
    
    I just looked on cvsweb and confirmed that percentages have in fact been supported now for roughly 9 months (shows up in 3.5 base but not 3.4 base). So I was right to a certain extent, openbsd didn't used to support percentages. I've been doing it the hard way for a few months it seems. I can't keep up with all the changes that go on, but thats a good thing :)
5. By Frank Denis (213.41.131.17) on 2004-10-13 19:00 http://www.00f.net
  
  Upgrading the system is easy and the upgrade-minifaq is excellent.
  
  But upgrading ports is a pain. Deinstalling the port plus all dependencies and reinstalling everything is long and not that easy. I'd love to do something like "emerge --deep -u world" and everything is up-to-date, dependencies are properly updated as well, distinction between major and minor versions is made, and a helper is executed to keep configuration files up-to-date.
  Comments
  1. By I.S. (212.184.216.33) on 2004-10-15 08:50
    
    ... is there no chance to absorb these mini-upgrade-howto-steps
    into the [upgrade]-installer at OpenBSD-Install-CD ?
    
    --ingolf
  2. By Otto Moerbeek (213.84.84.111) otto@drijf.net on 2004-10-17 12:28 http://www.drijf.net
    
    espie@ is working on extending the ports/package infrastructure to be able to do upgrades.
By Nick (81.139.3.197) on 2004-10-13 09:40

I can't see why folk have such trouble with the OpenBSD installation scripts. I think they're great! Granted, I've done about 50 installs over the last few years and it has become second nature, but anyone can do an installation if they read the excellent documentation!

Give me an OpenBSD-style install over RedHat/XP eye candy any day of the week.
Comments
1. By Anonymous Coward (62.78.250.2) on 2004-10-13 16:24
  
  Installation may be rather ok already, but the upgrades (the other part of that poll option) are much easier and faster when using FreeBSD, Debian etc. IMHO.
  Comments
  1. By sean (139.142.208.98) on 2004-10-13 19:44
    
    I think a more clear description of how to deal with /etc, /var collisions would be more than adequate. Adding a interface for something so simple seems to me to be a waste of work and catering to ignorance.
    
    What do I mean by the term collision? Well I mean changes to the base release versions of files in /var or /etc that have been customized for the local environment. If you didn't change it then you can replace it but if you did then you should know why you did and how to do the updates.
    
    As for anything that exists outside of /var and /etc well you can update as you want to (with breaking ports as the exception) without fear.
2. By chort (216.148.213.196) on 2004-10-21 22:31 http://www.smtps.net/email-sec/
  
  The only bit that could be a tiny bit more friendly is the disk partitioning. Everything else is absolutely perfect. I prefer OpenBSD's installer over any Linux distribution's and FreeBSD's as well.
  
  I have not found any other OS that I could install or upgrade (with snapshot) as quickly and cleanly as OpenBSD.
By j0rd (204.244.192.17) on 2004-10-13 16:35

installation script it great. obsd is my fav install, please don't change it. Binary patches would be nice via pkg_add
By Anonymous Coward (68.102.150.34) on 2004-10-14 04:11

Automated patching, now that we have CARP, would be a next logical step. It even falls within the guidelines of obsd's security emphasis. PF was revolutionary for a packet filter, pro-police support and priv separation were a great additions. Now something similarly cutting edge should be done to keep production systems secure as new vunerabilities are discovered.
Comments
1. By Anonymous Coward (142.166.107.165) on 2004-10-16 20:25
  
  I absolutely agree 100%. Some kind of binary patching system, preferably with options to automate and set the source for the patches, would be a fantastic addition to the system. It would also be a move consistent with OpenBSD's 'secure by default' paradigm. I'm always a little reluctant to suggest OpenBSD to most of the people I know whom could benefit -- because I know they are too lazy/naive/inexperienced to patch their system properly.
  Comments
  1. By uni research student (68.102.150.34) on 2004-10-16 20:36
    
    It doesn't need to be binary to be automated. Also the system, should always communicate with the sysadmin via local mail. Console should never be the last word. In this light maybe details of the upgrade should be presented as a front end to a patching queue?
    
    I don't know, but I trust them to be more innovative than anything I can imagine.
2. By mike (70.112.89.112) on 2004-10-17 19:30
  
  We use tepatche on the two obsd servers at work (the rest of our servers all run debian, well, except for the lone RH 7.3 box which we're in the process of migrating :P die RH die!). it works pretty well. pretty much the only thing that requires manual admin intervention is recompiling the kernel after a kernel patch.
  Comments
  1. By uni research student (68.102.150.34) on 2004-10-17 19:44
    
    Tepatche is a kludge. It does the job, but a better solution is easy to envision.
    
    I dream of a patching system that alerts the admin right after the patch has been released. The only vunerability is the time it took to correct the issue. If this is done by /usr/bin/mail it adds the human element of insecurity. Since we have CARP, couldn't it be designed to run on the stand-bye machine first?

By av (80.254.5.34) on 2004-10-15 06:49

I want to have full functional crypto disk. vn is ok but AFAIK fsck does not support it. It's big disadvantage for this secure OS.

Comments

By X (81.56.211.110) on 2004-10-15 11:09

yes it will be great !

By Otto Moerbeek (213.84.84.111) otto@drijf.net on 2004-10-17 12:37 http://www.drijf.net

Huh? If you can create a filesystem on a device, you can fsck it.

[otto@pepper:188]$ dd if=/dev/zero of=image bs=1k count=4k
4096+0 records in
4096+0 records out
4194304 bytes transferred in 0.079 secs (52916291 bytes/sec)
[otto@pepper:190]$ sudo vnconfig -k svnd0 image
Encryption key:
[otto@pepper:191]$ sudo newfs /dev/svnd0c
newfs: /dev/svnd0c: not a character-special device
Warning: cylinder groups must have a multiple of 8 cylinders
Warning: 8 sector(s) in last cylinder unallocated
/dev/svnd0c:    8192 sectors in 82 cylinders of 1 tracks, 100 sectors
        4.0MB in 1 cyl groups (88 c/g, 4.30MB/g, 640 i/g)
super-block backups (for fsck -b #) at:
 32,
[otto@pepper:192]$ sudo fsck /dev/svnd0c
** /dev/rsvnd0c
** File system is clean; not checking
[otto@pepper:193]$ sudo fsck -f /dev/svnd0c
** /dev/rsvnd0c
** File system is already clean
** Last Mounted on
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
1 files, 1 used, 1982 free (14 frags, 246 blocks, 0.7% fragmentation)
[otto@pepper:194]$

Comments

By av (80.254.5.34) on 2004-10-22 18:03

Cool. So i'm happy.

By Alex (204.117.14.101) bsd@ringdangdu.com on 2004-10-15 12:39

If OpenBSD would go with a changed version of Apt-Get It would become the ultimate OS. I understand that part of the model to support development is to encourage the purchasing of CDs. I would not recommend a version of Apt-Get that allows upgrading to new releases. But one that allows binary patching of security holes in supported releases. In an ideal world you could upgrade every server, workstation, firewall, and router every 6 months. I will move to this world but until that happens binary patches are needed.
Comments
1. By Dustin Lundquist (216.190.52.69) on 2004-10-15 16:30
  
  I agree in part, apt-get is a great package managment system, but one of OpenBSD's strongest points is its cohesiveness. Too many operating systems have already gone down that path only to end of at the same point: dependency hell.
  
  When was the last time you had to remove and reinstall all the packages for an entire subsystem (i.e. apache and all it's dependencies and modules, or all your development tools) on OpenBSD?
  Comments
  1. By Anonymous Coward (24.200.135.177) on 2004-10-16 14:31
    
    3.3 to 3.4 upgrade.
  2. By Anonymous Coward (69.197.92.181) on 2004-10-23 18:59
    
    Every single time I upgrade.
By Anthony (68.145.111.152) on 2004-10-16 00:00

I'd really like an official binary patch system.

I've read what's been said on misc@, and I understand all the reasons, and I understand that it's not my call (otherwise I'd be on misc@ asking for it), however this poll is asking us what we think. Just because I accept the decision doesn't mean I agree with it. :)
By antonakis (212.54.218.247) on 2004-10-18 16:17

I find the installer very simple,quick,and easy to use.Perfect.I believe those who aren't happy with the current script should simply choose another os. Having said that, I admit that openbsd is the least snappy system I've run on my desktop.My router is very lightweight so I don't have any negative comments about its performance there. At least a little bit higher latency should make a much more pleasant usage of OBSD.And shouldn't hurt generally either.
By tybollt (213.114.133.74) on 2004-10-18 17:32

Now that SMP is done, I think the natural step would be to take a stab at UBC.
Comments
1. By Brad (216.138.200.42) brad at comstyle dot com on 2004-10-20 04:11
  
  Well SMP is not done per se. There is still a lot of work to be done. I agree with you, having UBC would be nice.
By Gabriel (200.221.124.40) on 2004-10-21 20:45

How about "better, planned, file system tree usage"?

but that's just me. ihmo even irix was better then *bsd of today.
Comments
1. By Michael Knudsen (217.157.199.114) on 2004-10-21 22:43
  I realised afterwards that I had forgotten several options, e.g.:
  
  Localisation Official PKI for signing packages, releases etc. UBC etc.
  
  However, the poll showed more or less that people value work on less technical areas such as installation and patch management. I'm quite convinced that this is because people can sort of understand or relate to these areas, and this is also why `performance' scores so well; everybody wants things to run faster. However, only a few people understand if our VM subsystem needs work so they really don't have an opinion about it.
  
  What's more important now is that I'm looking for a replacement poll but I don't really have any good ideas so far. Yes, this was a hint to the rest of you to contribute suggestions. It's not very hard; just add a story with a proper subject and try to fill in a few options and we'll take it from there.
2. By Anonymous Coward (69.197.92.181) on 2004-10-23 19:00
  
  What on earth does that mean?
By brain_fear (220.240.67.253) on 2004-10-23 08:59

I'd like to see an improvement in the daemon control department, a more advanced rc system that is. I've had a bit of experience with FreeBSD's rc system, and liked it very much. I suppose though OpenBSD shouldn't try to emulate other BSDs, it should do its own thing.

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]