from Hacker News

OpenBSD 7.4

by privong on 10/16/23, 1:18 PM with 61 comments

  • by merricksb on 10/16/23, 3:11 PM

  • by proxysna on 10/16/23, 2:46 PM

    Release image [1] is inspired by works of Louis Wain[2]. Name of the release image references one of his works[3].

    [1] https://www.openbsd.org/images/ImHappyBecauseEveryoneLovesMe...

    [2] https://en.wikipedia.org/wiki/Louis_Wain

    [3] https://arthive.com/artists/11470~Louis_Wain/works/466546~Im...

  • by brynet on 10/16/23, 3:51 PM

    Why is this marked [dupe]? This link is the official release page, and the most active discussion for it on HN today.

    Announcement mail: https://marc.info/?l=openbsd-announce&m=169746103423179&w=2

  • by zdw on 10/16/23, 1:41 PM

    From a networking perspective, I'm looking most forward to route-based IPSec tunnels: https://man.openbsd.org/sec.4

    On the Linux side these are called "vti" devices, and they're simpler to use than most other methods, and also the default when interacting with cloud service providers IPSec gateways.

  • by user3939382 on 10/16/23, 2:18 PM

    IMHO they really need a two-step release process for changes to pf.conf syntax. In the first step you get a warning when running the service about a deprecated syntax, then drop it. Over the last 20 years I’ve been bitten multiple times by changes to pf.conf which not only breaks your firewall, but invalidates entire published books on pf, countless articles, tutorials, etc.

    I read some quote from the BDFL once where he said something about breaking changes being good because you’re “in a better place” but I feel the BC breaks are too aggressive to rely on pf directly in anything but small commercial applications. If you want to to tinker and break your home network fine.

  • by mbakke on 10/16/23, 1:54 PM

    Aww, I was most excited about the release song! Is it not happening anymore?

  • by petee on 10/16/23, 3:23 PM

    Why was this marked a dupe? Both were posted about the same time, but this one actually has upvotes and discussion...

  • by brunoqc on 10/16/23, 2:17 PM

    What people use for hardware now that pcengines' apus are eol?

  • by accrual on 10/16/23, 5:16 PM

    I love how OpenBSD continues to support and fix issues on a wide variety of hardware. I personally run it on various machines, from Pentium MMX (1997), AMD K6-3 (1999), to modern machines. 486 support was dropped just a couple releases ago, and was supported longer than VAX.

    > Fix a bug in the handling of SCSI drives in the bootloader on the luna88k architecture.

    > Correct undefined behavior when using MS-DOS filesystems, fixes imported from FreeBSD.

    > On arm64, use the deep idle state available on Apple M1/M2 cores in the idle loop and for suspend, resulting in power savings.

    > Update AMD CPU microcode if a newer patch is available.

  • by 0xDEF on 10/16/23, 2:02 PM

    OpenBSD has a reputation for being super secure but are there any big organizations that actually use it for security critical applications? A quick search shows outdated or non-related results.

  • by anotherhue on 10/16/23, 1:43 PM

    I liked this one

    * Do not calculate IP, TCP, and UDP checksums on lo(4) interfaces.

  • by wolf550e on 10/16/23, 2:59 PM

    Why use an old version of ffmpeg?

    What is the use of ed25519 x509 TLS certs, which TLS clients support that and which CAs would sign that?