New BSDCan Video Posted:

The state of 3d-printing from OpenBSD by Andrew Hewus Fresh

It's possible to do some 3d printing related things on an OpenBSD machine, but there are a bunch of popular tools that aren't available in the ports tree. We will talk about some of the different classes of software and what things are popular and whether they are currently available on OpenBSD and what the blockers are from getting those into the ports tree.\

#3dprinting #openbsd #runbsd

This talk goes over the development of a distributed filesystem tailored for OpenBSD. While OpenBSD excels in many areas, its native filesystem support has room for improvement. This talk goes into using the Filesystem in Userspace (FUSE) on OpenBSD to provide for a distributed and highly available filesystem.

This talk also includes an introduction to the Raft Consensus Algorithm, which plays a critical role in ensuring data consistency and reliability across distributed systems. The Elixir programming language is used, providing the necessary foundation for the implementation of the distributed FUSE filesystem on OpenBSD.

Talk link

For more information, please visit: https://www.bsdcan.org/

When moving the drive that has OpenBSD installed on it to a new machine, the new hardware is not automatically configured.
For example, the new network interface does not appear in ifconfig, and the new DVD drive does not magically appear in fstab.

Surely there are other adjustments that would need to be made as well.

Therefore,
What changes need to be made after moving the system drive to a new computer?

OpenBSD Folks, @bsdcan 2025 has talks for you !

A distributed filesystem for OpenBSD · BSDCan Indico

https://indico.bsdcan.org/event/5/contributions/115/

#runbsd #bsdcan

The OpenBSD project has announced OpenBSD 7.6, its 57th release.

As the next release is slowly cooking, I'd like to mention an artist that I love: @pmjv, or prahou. He's been dedicated to submitting awesome artwork about his universe, here at /c/unix_surrealism, which features many openbsd related comics (puffy being an important protagonist).

I was thus wondering how an artist could pretend at submitting an artwork for the next release ? Is it a shortlist ? Do you simply upload some on the mail list ?

Upcoming EuroBSDCon OpenBSD talk Confidential Computing with OpenBSD by Hans-Jörg Höxer

Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.

AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory encryption,
encryption of guest state including CPU registers and an attestation
framework.

In this talk we will explore some of the AMD SEV feature sets. We will
describe how to use them to run OpenBSD as both

• a confidential guest VM and
• a host hypervisor providing a confidential execution environment.

Topics covered are CPU feature detection, low level kernel initialization,
memory management, virtio(4) device drivers and the virtual machine
daemon vmd(8).

I](https://events.eurobsdcon.org/2024/speaker/ZZNGCU/)

Tickets are still available and this talk will be streamed and recorded for later release.

Upcoming EuroBSDCon OpenBSD talk Building a SD-WAN appliance suitable for an Australian Health Sector NFP/NGO by Jason Tubnor

Latrobe Community Health Service (LCHS) - AS139466 - is a Not for Profit (NFP)/Non-Government Organisation (NGO) headquartered in Victoria, Australia. The organisation consists of 40 offices and 2 data centres across the States of Victoria and New South Wales with over 1,500 employees. All LCHS infrastructure is designed and managed in-house without the use of large-scale cloud infrastructure. Since 2015, BSD Unix has been used for various workloads within the organisation.

This talk focuses on our next generation SD-WAN appliance built on OpenBSD technology using commodity hardware. Topics will include the network topology, design choices, various OpenBSD VPN and routing technologies and orchestrating build, deployment and management across the fleet using Ansible.

Jason Tubnor

Tickets are still available and this talk will be streamed and recorded for later release.

Upcoming EuroBSDCon OpenBSD talk A Packet's Journey Through the OpenBSD Network Stack by Alexander Bluhm

When debugging network issues, it is important to understand when
certain things happen. Tcpdump provides valuable insight, pf
transforms packets, pseudo devices add features, and netstat counters
show action. The call graph of the functions within the kernel is
the base to comprehend the relation between these sources of
information.

The layering of kernel code in hardware drivers, pseudo devices,
IP processing, forwarding and protocol layer is explained. The
kernel provides the socket interface to userland processes. Packet
forwarding happens within the kernel. Bridge code uses certain
shortcuts. pf is a swiss knife that can manipulate traffic in
multiple layers. IPsec has an independent interface that overrides
routing. Routing itself and neighbor discovery is a necessary step
that has its tentacles everywhere. Checksum calculation can be
performed by hardware offloading.

By using examples with a single packets, their way through the
kernel is shown. The possible branches, configuration options, and
measurement output are put in correlation.

Alexander Bluhm

Tickets are still available and this talk will be streamed and recorded for later release.

Upcoming EuroBSDCon OpenBSD talk OpenBSD vs. IPv6 by Florian Obser

** .ical](https://events.eurobsdcon.org/2024/talk/AV78U9.ics)09-21, 17:45–18:30 (Europe/Dublin), Foyer B **

We will give an overview of past, present and future work on IPv6 in OpenBSD.

We will show how we replaced KAME stack code in both the kernel as well as userland with modern, privilege separated daemons for stateless address auto configuration. slaacd(8) runs on the host to solicit router advertisements and configures addresses and routes. rad(8) runs on the router to send router advertisements. A newly written daemon for DHCPv6, dhcp6leased(8), requests prefixes from an upstream ISP which then can be used by rad(8) for router advertisements.

Next we will show the new IPv6 source address selection in the kernel, including support for the infamous Rule 5.5 of RFC 6724.

In ongoing and future work we will touch on client-side address translation using pf(4)'s af-to feature to support the 464XLAT transition mechanism for v6-mostly networks.

Florian Obser

Upcoming EuroBSDCon OpenBSD talk Global anycast using OpenBSD on a budget by Rob Keizer

This talk goes over using OpenBSD as the basis for a highly available globally distributed public anycast network. Distributed decision systems corosync, consul, and raft (using Elixir) are discussed, as are highly available distributed storage and routing systems, all on OpenBSD, all on a budget.

Rob Keizer

Upcoming EuroBSDCon OpenBSD talk Why rewrite fw_update(8)? By Andrew Hewus Fresh

OpenBSD provides the fw_update(8) utility to handle installing firmware for hardware from manufacturers whose licensing isn't compatible with our base system. We will take a trip into the history of fw_update(8), its structure and why it exists. A recent rewrite provides an illustration of the value OpenBSD places on simplicity and user experience.

Andrew Hewus Fresh

Tickets are still available and this talk will be streamed and recorded for later release.

Upcoming EuroBSDCon talk: vmd's multi-process device emulation: 2 releases later by Dave Voutila

** .ical09-21, 14:45–15:30 (Europe/Dublin), Foyer B **

In OpenBSD 7.4, the native hypervisor, vmd(8)became the only open source type-2 hypervisor to default to using a multi-process, privilege separated model for emulating block and network devices.

This talk provides a look at the inspiration from Oracle's contributions to QEMU as a means of multi-layered defense, a review of the challenges and changes required to OpenBSD across 7.4 and 7.5, and a look at the road ahead.

Upcoming OpenBSD talk: Puffy does Realtime Hypermedia by Patrick Marchand

Modern web development is intrinsically tied to javascript and frameworks have been pushing us further and further away from the initial model of the internet as a web of documents. In response to this, libraries like htmx and data-star have arisen to demonstrate ways to use hypermedia to create interactive applications.

Hypermedia as the engine of application state (HATEOS) is a driving principle of these new libraries and by allowing the backend to drive the state of the frontend directly without requiring the user to write javascript code, they make it possible to do hypermedia on whatever you like (Otherwise known as the HOWL stack). 

That means that with nothing but the OpenBSD base install and a small javascript shim (12kb at the time of writing), we can write realtime hypermedia applications. We will explore the case of a small web application that monitors the state of it's server and offers real time updates of it's metrics.

Patrick Marchand

Tickets are still available and this talk will be streamed and recorded for later release.

Utils:

ssh

• obvious

mg

• debloated emacs
  • even smaller than nvi/nex!

tmux

• a lot of people don't realize this is an OpenBSD project
• session retention

doas

• configuring sudo feels horrible after configuring doas
• invaluable in ports

pf

• ironic that this is most popular outside of OpenBSD (PFSense)

ifconfig

• command line interface translates directly to configuration files

login.conf/login

• anything on PenguinOS seems insane by comparison
  • especially oom killer

sndio

• actually works
  • hopefully this gets popular outside of OpenBSD ;) ;) ;)

vmm/vmd

• still in its early stages, but I love it

got (technically not an OpenBSD project, but adjacent)

• debloated git
• partial git compatibility

Library Functions/Syscalls:

pledge & unveil

• interesting new approach to jails
• set and forget, no interaction needed on the user's end
  • with exceptions like chromium & firefox

strtonum

• far nicer than strto* functions in stdlib

malloc

• now with use after free and leak detection! who needs valgrind?

The download page leads to install75.img, but the front page still says 7.4.