My machines are hosted in 3 different places. First is at Exoscale, second is Vultr and the third is... my flat. All of them run either OpenBSD on its -current branch, or the latest version of Ubuntu. At this time, that's Ubuntu 19.10. After a couple of years working on OpenBSD ports (i.e. packaging), I believe fresh software is better, security-wise.
https://chown.me/blog/infrastructure-2019.html
#server
https://chown.me/blog/infrastructure-2019.html
#server
Using OpenBSD relayd to Add Security Headers.
I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd.
https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/
#relayd
I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd.
https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/
#relayd
Introduction to doas on OpenBSD.
OpenBSD's alternative to sudo is doas, although it does not work the same way as sudo and requires some configuration...
https://www.vultr.com/docs/introduction-to-doas-on-openbsd
#doas
OpenBSD's alternative to sudo is doas, although it does not work the same way as sudo and requires some configuration...
https://www.vultr.com/docs/introduction-to-doas-on-openbsd
#doas
OpenBSD makes life pretty easy when it comes to securing your web-app...
https://blog.snailtext.com/posts/berkeley-smorgasbord.html
https://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html
https://blog.snailtext.com/posts/berkeley-smorgasbord.html
https://blog.snailtext.com/posts/berkeley-smorgasbord-part-2.html
Fullstack mailserver based on OpenSMTPD for OpenBSD using ansible
https://github.com/AnsiMail/AnsiMail
#ansible #opensmtpd
https://github.com/AnsiMail/AnsiMail
#ansible #opensmtpd
A privilege separated implementation of WireGuard for OpenBSD.
https://github.com/timkuijsten/wiresep
#wireguard
https://github.com/timkuijsten/wiresep
#wireguard
pf-badhost is a simple, easy to use badhost blocker that uses the power of the pf firewall to block many of the internet's biggest irritants.
https://www.geoghegan.ca/pfbadhost.html
#pf #firewall
https://www.geoghegan.ca/pfbadhost.html
#pf #firewall
OpenBSD's 'spinning' CPU time category.
Unix systems have long had a basic breakdown of what your CPU (or CPUs) was spending its time doing. The traditional division is user time, system time, idle time, and 'nice' time (which is user time for tasks that have their scheduling priority lowered through nice(1) or the equivalent), and then often 'interrupt' time, for how much time the system spent in interrupt handling. Some Unixes have added 'iowait', which is traditionally defined as 'the system was idle but one or more processes were waiting for IO to complete'. OpenBSD doesn't have iowait, but current versions have a new time category, 'spinning'...
https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDCpuSpinTime
#cpu #spinning
Unix systems have long had a basic breakdown of what your CPU (or CPUs) was spending its time doing. The traditional division is user time, system time, idle time, and 'nice' time (which is user time for tasks that have their scheduling priority lowered through nice(1) or the equivalent), and then often 'interrupt' time, for how much time the system spent in interrupt handling. Some Unixes have added 'iowait', which is traditionally defined as 'the system was idle but one or more processes were waiting for IO to complete'. OpenBSD doesn't have iowait, but current versions have a new time category, 'spinning'...
https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDCpuSpinTime
#cpu #spinning
Tale of OpenBSD secure memory allocator internals - malloc(3)
So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator
I will try to keep it as n part series due to lengthy content and this series will be mostly focussed on user-space code of malloc(3) and friends
First of all, I would like to thanks Otto Moerbeek, Bryan Steele and Fabien Romano for helping me to understand the malloc(3) internals and cleared all my queries.
So, we should start now... :)
https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html
#malloc
So, again I started reading OpenBSD source codes with debugger after reducing my sleep timings and managing to get some time after professional life. This time I have picked one of my favourite item from my wishlist to learn and share, that is, OpenBSD malloc(3), secure allocator
I will try to keep it as n part series due to lengthy content and this series will be mostly focussed on user-space code of malloc(3) and friends
First of all, I would like to thanks Otto Moerbeek, Bryan Steele and Fabien Romano for helping me to understand the malloc(3) internals and cleared all my queries.
So, we should start now... :)
https://bsdb0y.github.io/blog/deep-dive-into-the-OpenBSD-malloc-and-friends-internals-part-1.html
#malloc
An OpenBSD E-Mail Server Using OpenSMTPD, Dovecot, Rspamd, and RainLoop.
This tutorial demonstrates a full-featured email server running on OpenBSD using OpenSMTPD, Dovecot, Rspamd, and RainLoop. OpenSMTPD is the default mail server for OpenBSD. Choose a Vultr Compute Cloud instance with plenty of storage for the expected number of users.
https://www.vultr.com/docs/an-openbsd-e-mail-server-using-opensmtpd-dovecot-rspamd-and-rainloop
#opensmtpd #mail
This tutorial demonstrates a full-featured email server running on OpenBSD using OpenSMTPD, Dovecot, Rspamd, and RainLoop. OpenSMTPD is the default mail server for OpenBSD. Choose a Vultr Compute Cloud instance with plenty of storage for the expected number of users.
https://www.vultr.com/docs/an-openbsd-e-mail-server-using-opensmtpd-dovecot-rspamd-and-rainloop
#opensmtpd #mail
A great desktop experience on OpenBSD with fluxbox.
https://ybad.name/Logiciel-libre/OpenBSD/Great_desktop_experience_fluxbox_openbsd.html
#desktop #fluxbox
https://ybad.name/Logiciel-libre/OpenBSD/Great_desktop_experience_fluxbox_openbsd.html
#desktop #fluxbox
OpenBSD Workstation Guide.
https://begriffs.com/posts/2017-05-17-openbsd-workstation-guide.html
#desktop
https://begriffs.com/posts/2017-05-17-openbsd-workstation-guide.html
#desktop
Setting up an email server in 2020 with OpenSMTPD and Dovecot
Another one link... https://prefet.ch/blog/2020/email-server/
#mail #opensmtpd #dovecot
Another one link... https://prefet.ch/blog/2020/email-server/
#mail #opensmtpd #dovecot
We are approaching the 6.7 release. The ports tree is not locked yet, but it's time to slowly take the foot off the pedal and to refrain from far-reaching changes...
https://marc.info/?l=openbsd-ports&m=158652906719327&w=2
https://marc.info/?l=openbsd-ports&m=158652906719327&w=2
Cute, fast and secure chroots with Jailkit on OpenBSD
I recently found a super cool software jailkit, which I updated over at OpenBSD
I used to wonder how to properly deploy unpledged/un-unveiled apps on OpenBSD in a nice manner, specifically python/nodejs apps which are known to be shoddily written and insecure beyond measure (I should probably cite something). This cute little beast popped up in my google-fu voyage and helped me set up my chroots in a really awesome manner.
https://wiki.epsilonknot.xyz/en/jailkit
#chroot #jailkit
I recently found a super cool software jailkit, which I updated over at OpenBSD
I used to wonder how to properly deploy unpledged/un-unveiled apps on OpenBSD in a nice manner, specifically python/nodejs apps which are known to be shoddily written and insecure beyond measure (I should probably cite something). This cute little beast popped up in my google-fu voyage and helped me set up my chroots in a really awesome manner.
https://wiki.epsilonknot.xyz/en/jailkit
#chroot #jailkit
OpenBSD 6.6 BGP Looking Glass
https://bgp.guru/2020/04/14/openbsd-6.6-bgp-looking-glass/
#network #bgp
https://bgp.guru/2020/04/14/openbsd-6.6-bgp-looking-glass/
#network #bgp
WPA2 / 802.11i Wireless Networking on OpenBSD.
https://cromwell-intl.com/open-source/openbsd-wireless-wpa2.html
#hardware #network
https://cromwell-intl.com/open-source/openbsd-wireless-wpa2.html
#hardware #network
OpenBSD Virtualization in Action
OpenBSD VMM have been around for 1-2 years maybe and i decided to try it now.
https://dswsis.com/2020/04/12/openbsd-virtualization-in-action/
#virtualisation
OpenBSD VMM have been around for 1-2 years maybe and i decided to try it now.
https://dswsis.com/2020/04/12/openbsd-virtualization-in-action/
#virtualisation