OpenBSD

725 readers
1 users here now

General OpenBSD community!

founded 3 years ago
MODERATORS
1
 
 

Both relayd(8) and httpd(8) now have the "secure" list of allowed crypto methods for HTTPS, which include TLSv1.3 and the TLSv1.2 AEAD cipher suites. The previous list was "HIGH:!aNULL" which contain non-perfect-forward-security methods and this change may cause old clients to not be able to connect.

2
 
 

True enlightment only comes from a truly free computing experience, probably! And while there is no nerd who lacks an opinion on Richard Stallman personally, likewise let none claim he does not practice what he preaches. Why, the very laptop in front of him was selected deliberately because it can operate with no binary blobs and no firmware you couldn't examine or replace with your own, and runs his choice of fully libre operating systems. The fact it has a Chinese MIPS64 derivative in it was undoubtedly just more compound on the heat spreader.

3
 
 

mpls_do_error copies (nstk+1) label-stack entries from a fixed 16-entry array when no BoS label is present, leaking 4 bytes of adjacent kernel stack memory in the ICMP/MPLS error response.

4
 
 

Port knocking is mostly a bad idea. But people keep wanting to do it, for some false sense of security. If you don't consider it a security control but a way to keep garbage out of your logs, it might be valid. In my case I'm using an old USG Pro 4 running OpenBSD as my firewall and I'd prefer to avoid writing stuff to the logs, as I'd prefer the flash not to wear out sooner than needed, definitely not thanks to background radiation on the internet.

5
 
 

In OpenBSD, the syslogd(8) system logger has already for a while now fork(2)ed the privileged from the non-privileged parts.

6
 
 

Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not.

7
 
 

UNIX was first created on Digital PDP-7 hardware, but as it grew and ran on more and more hardware platforms, some of them became quite iconic, and at least major milestones in UNIX evolution. If I were to name only three of them, I would name the PDP-11, hero of the 2BSD series, the VAX, supported from 3BSD onwards, and the hp300 (HP 9000/300 workstations), support for which was added in 4.3BSD-Reno. These machines are long gone (I wouldn't say ``dead'' as hobbyists are still keeping them alive, to this day, and I am myself still tinkering on VAX and hp300 systems on an irregular basis), but traces of their existence can still be found in BSD code today. Let me show you some hp300 leftovers

8
 
 

In this story, I would like to talk about something which has turned out to be both an asset and a curse.

9
 
 

Near the end of march 2002, Wim Vandeputte was contacted for a possible VAX hardware donation in Delft, in the Netherlands. The description of the hardware was a bit vague, it was supposed to be a VAXstation, in a large deskside cabinet. What's the relationship between a VAX and Firefox, you may already be wondering. Please bear with me, you will see in a few paragraphs.

10
 
 

Nostalgia for a more relaxed era of computing can drive one to resurrecting ancient protocols, breathing in solder fumes, and exploring old-new networking technologies on OpenBSD

11
 
 

Configurer les serveurs Vger et nginx, en tant que proxy, pour diffuser sur le protocol Gemini, de multiples noms de domaines

12
9
submitted 11 months ago* (last edited 11 months ago) by tpid98 to c/openbsd
 
 

New BSDCan Video Posted:

The state of 3d-printing from OpenBSD by Andrew Hewus Fresh

It's possible to do some 3d printing related things on an OpenBSD machine, but there are a bunch of popular tools that aren't available in the ports tree. We will talk about some of the different classes of software and what things are popular and whether they are currently available on OpenBSD and what the blockers are from getting those into the ports tree.\

#3dprinting #openbsd #runbsd

13
 
 

This talk goes over the development of a distributed filesystem tailored for OpenBSD. While OpenBSD excels in many areas, its native filesystem support has room for improvement. This talk goes into using the Filesystem in Userspace (FUSE) on OpenBSD to provide for a distributed and highly available filesystem.

This talk also includes an introduction to the Raft Consensus Algorithm, which plays a critical role in ensuring data consistency and reliability across distributed systems. The Elixir programming language is used, providing the necessary foundation for the implementation of the distributed FUSE filesystem on OpenBSD.

Talk link

For more information, please visit: https://www.bsdcan.org/

14
15
16
17
18
19
 
 

When moving the drive that has OpenBSD installed on it to a new machine, the new hardware is not automatically configured.
For example, the new network interface does not appear in ifconfig, and the new DVD drive does not magically appear in fstab.

Surely there are other adjustments that would need to be made as well.

Therefore,
What changes need to be made after moving the system drive to a new computer?

20
 
 

OpenBSD Folks, @bsdcan 2025 has talks for you !

A distributed filesystem for OpenBSD · BSDCan Indico

https://indico.bsdcan.org/event/5/contributions/115/

#runbsd #bsdcan

21
26
OpenBSD 7.6 Released (undeadly.org)
submitted 2 years ago by innerteapot to c/openbsd
 
 

The OpenBSD project has announced OpenBSD 7.6, its 57th release.

22
23
 
 

As the next release is slowly cooking, I'd like to mention an artist that I love: @pmjv, or prahou. He's been dedicated to submitting awesome artwork about his universe, here at /c/unix_surrealism, which features many openbsd related comics (puffy being an important protagonist).

I was thus wondering how an artist could pretend at submitting an artwork for the next release ? Is it a shortlist ? Do you simply upload some on the mail list ?

24
 
 

Upcoming EuroBSDCon OpenBSD talk Confidential Computing with OpenBSD by Hans-Jörg Höxer

Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.

AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory encryption,
encryption of guest state including CPU registers and an attestation
framework.

In this talk we will explore some of the AMD SEV feature sets. We will
describe how to use them to run OpenBSD as both

  • a confidential guest VM and
  • a host hypervisor providing a confidential execution environment.

Topics covered are CPU feature detection, low level kernel initialization,
memory management, virtio(4) device drivers and the virtual machine
daemon vmd(8).

I](https://events.eurobsdcon.org/2024/speaker/ZZNGCU/)

Tickets are still available and this talk will be streamed and recorded for later release.

25
 
 

Upcoming EuroBSDCon OpenBSD talk Building a SD-WAN appliance suitable for an Australian Health Sector NFP/NGO by Jason Tubnor

Latrobe Community Health Service (LCHS) - AS139466 - is a Not for Profit (NFP)/Non-Government Organisation (NGO) headquartered in Victoria, Australia. The organisation consists of 40 offices and 2 data centres across the States of Victoria and New South Wales with over 1,500 employees. All LCHS infrastructure is designed and managed in-house without the use of large-scale cloud infrastructure. Since 2015, BSD Unix has been used for various workloads within the organisation.

This talk focuses on our next generation SD-WAN appliance built on OpenBSD technology using commodity hardware. Topics will include the network topology, design choices, various OpenBSD VPN and routing technologies and orchestrating build, deployment and management across the fleet using Ansible.

Jason Tubnor

Tickets are still available and this talk will be streamed and recorded for later release.

view more: next ›