Does OpenBSD have KDE 4 yet? |
Yuck, using KDE4 on OpenBSD? Um, why?! KDE sucks in general, KDE4 sucks even more, and most desktop OpenBSD setups are already polluted with GTK or Swing - why add the completely unnecessary Qt GNUshit as well?! To me it doesn't even feel like OpenBSD unless it's running a minimalist Copyfree tiling window manager like dwm or wmii. (The one included by default,
FVWM, is the biggest OpenBSD brainfart of them all.)
But, yes,
the porting work has been done
even three years ago.
Can I use more than 4 GB of RAM on amd64 yet? |
Yes, again,
three years ago.
Does it have anything similar to jails yet? |
There was a
sysjail project for OpenBSD, but it was abandoned because it's generally a flawed idea. If
BSD auth + chroot +
systrace aren't enough, you might as well use
kqemu. The only advantage of jails over full virtualization is CPU efficiency (if you use the very same OS as the host), and there are plenty of disadvantages. So get more / bigger CPU's (and bigger solar panels or whatever to power them). Another alternative is use dedicated routers and cheap
plug computers to separate out the security-critical tasks. Good server infrastructure does cost money.
OpenBSD's approach to security is primarily focused on writing quality code, with the aim being to eliminate bugs and related vulnerabilities, while keeping things as minimalist and simple as possible. They don't add more bells and whistles unless there is a darn good reason to do it, and for some reason the security gurus at OpenBSD weren't all that impressed with
MAC,
RBAC,
ACL,
Veriexec, and other new security technologies. I'm not going to go into all the details of this discussion, but this is definitely a good opportunity for someone to port the remainder of
TrustedBSD to OpenBSD, finish sysjail, etc - and then release it as proprietary software, or better yet TLHS (
Time-Limited Hybrid Source)...
And ZFS is a licensing issue, obviously. I'm sure they'll import HAMMER once there's a sufficiently good reason to do so. But relying on filesystem features is a poor way to do things, as it reduces the portability of your solution, especially for the possibility of deploying it on cheap / shared hosts.