π3π₯3
Running a Docker Host under OpenBSD using vmd(8).
The OpenBSD virtual machine daemon works pretty well with Linux VMs nowadays. This was time for me to see if I could replace the Synology Docker service with some Docker host provided by vmd(8)...
https://www.tumfatig.net/2022/running-docker-host-openbsd-vmd/
#docker #vmd
The OpenBSD virtual machine daemon works pretty well with Linux VMs nowadays. This was time for me to see if I could replace the Synology Docker service with some Docker host provided by vmd(8)...
https://www.tumfatig.net/2022/running-docker-host-openbsd-vmd/
#docker #vmd
π6π₯5π±1
A Few of My Favorite Things About The OpenBSD Packet Filter Tools.
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
π13π₯3π±1
cwdof.
Simple utility to get the current working directory of a given process in OpenBSD.
https://github.com/phillbush/cwdof
#cwdof #system
Simple utility to get the current working directory of a given process in OpenBSD.
https://github.com/phillbush/cwdof
#cwdof #system
π₯5π2π±1
OpenBSD package search.
Default search queries OpenBSD 7.2 package sets. You can search -current packages (from Thu Sep 29 06:56:13 2022) by toggling the '-current' checkbox.
https://openbsd.app/
#link #package #search
Default search queries OpenBSD 7.2 package sets. You can search -current packages (from Thu Sep 29 06:56:13 2022) by toggling the '-current' checkbox.
https://openbsd.app/
#link #package #search
π8π₯3π1π±1
OpenBSD: Manage DNS, DNSSEC (to automate TLSA records).
My DNS service run since 4 years, under OpenBSD native tool named nsd. I manage DNSSEC with ldns tools, a package into ports. In the facts, I use ldnscript tool to create all needed keys and manage DNSSEC. Starting Juin 2022, I decided to switch from RSA to use ECDSA. Before going any further in this direction, letβs move on to the installation of the necessary prerequisites necessary...
https://doc.huc.fr.eu.org/en/post/openbsd-nsd-dnssec-tlsa/
#dns #dnssec
My DNS service run since 4 years, under OpenBSD native tool named nsd. I manage DNSSEC with ldns tools, a package into ports. In the facts, I use ldnscript tool to create all needed keys and manage DNSSEC. Starting Juin 2022, I decided to switch from RSA to use ECDSA. Before going any further in this direction, letβs move on to the installation of the necessary prerequisites necessary...
https://doc.huc.fr.eu.org/en/post/openbsd-nsd-dnssec-tlsa/
#dns #dnssec
π4π±1
rspamd dashboard
I have my personal email self-hosted, because I can and like, so for that I use opensmtpd + rspamd + dovecot, the setup works just fine, I get almost no spam, I can reach any mailbox, so I can't complain about it at all...
https://x61.sh/log/2022/10/20221027T115439-rspamd-dashboard.html
#rspamd #email
I have my personal email self-hosted, because I can and like, so for that I use opensmtpd + rspamd + dovecot, the setup works just fine, I get almost no spam, I can reach any mailbox, so I can't complain about it at all...
https://x61.sh/log/2022/10/20221027T115439-rspamd-dashboard.html
#rspamd #email
π20π₯2
YouTube
EuroBSDcon 2022, Austria - YouTube
π9π2
A few of my favourite things about the OpenBSD Packet Filter tools.
The OpenBSD packet filter (PF) was introduced a little more than 20 years ago as part of OpenBSD 3.0. In a series of two posts, I invite you to take a short tour of PF features and tools that I have enjoyed using. At the time the OpenBSD project introduced its new packet filter subsystem in 2001, I was nowhere near the essentially full-time OpenBSD user I would soon become. I did, however, quickly recognize that even what was later dubbed βthe working prototypeβ was reported to perform better in most contexts than the code it replaced.
https://blog.apnic.net/2022/11/02/openbsd-packet-filter-tools/
#pf #firewall
The OpenBSD packet filter (PF) was introduced a little more than 20 years ago as part of OpenBSD 3.0. In a series of two posts, I invite you to take a short tour of PF features and tools that I have enjoyed using. At the time the OpenBSD project introduced its new packet filter subsystem in 2001, I was nowhere near the essentially full-time OpenBSD user I would soon become. I did, however, quickly recognize that even what was later dubbed βthe working prototypeβ was reported to perform better in most contexts than the code it replaced.
https://blog.apnic.net/2022/11/02/openbsd-packet-filter-tools/
#pf #firewall
π13
So I lost my OpenBSD FDE password.
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase...
https://words.filippo.io/so-i-lost-my-openbsd-fde-password/
#encryption #fde
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase...
https://words.filippo.io/so-i-lost-my-openbsd-fde-password/
#encryption #fde
π6π±1
mimmutable() for OpenBSD.
Virtual-memory systems provide a great deal of flexibility in how memory can be mapped and protected. Unfortunately, memory-management flexibility can also be useful to attackers bent on compromising a system. In the OpenBSD world, a new system call is being added to reduce this flexibility; it is, though, a system call that almost no code is expected to use.
https://lwn.net/SubscriberLink/915640/53bc300d11179c62/
#security #system #memory
Virtual-memory systems provide a great deal of flexibility in how memory can be mapped and protected. Unfortunately, memory-management flexibility can also be useful to attackers bent on compromising a system. In the OpenBSD world, a new system call is being added to reduce this flexibility; it is, though, a system call that almost no code is expected to use.
https://lwn.net/SubscriberLink/915640/53bc300d11179c62/
#security #system #memory
π5π±1
GCC now includes Modula-2 and Rust. Do they work on OpenBSD?
Two new language frontends have been added to GCC: Modula-2 and Rust. I think this is great news on both accounts: having a Wirth language in GCC fills my childhood heart with joy (though I do wish GNU Pascal can one day be revived and mainlined, as Pascal was the first non-BASIC language I learned). And Rust appears here to stay, so having more than just the one official compiler seemed all but inevitable. I think both languages make sense for GCC and am glad to see that they will be making the upcoming GCC 13.1. Let's see how they fare on OpenBSD...
https://briancallahan.net/blog/20221219.html
#gcc #modula2 #rust
Two new language frontends have been added to GCC: Modula-2 and Rust. I think this is great news on both accounts: having a Wirth language in GCC fills my childhood heart with joy (though I do wish GNU Pascal can one day be revived and mainlined, as Pascal was the first non-BASIC language I learned). And Rust appears here to stay, so having more than just the one official compiler seemed all but inevitable. I think both languages make sense for GCC and am glad to see that they will be making the upcoming GCC 13.1. Let's see how they fare on OpenBSD...
https://briancallahan.net/blog/20221219.html
#gcc #modula2 #rust
π14
OpenBSD KDE Status Report 2022.
A lot has happened since the last OpenBSD KDE Status Report in 2021. Letβs split the report in four areas the good, the bad, the plasma and libinput...
https://www.sizeofvoid.org/posts/2022-26-12-openbsd-kde-status-report-2022/
#kde #desktop
A lot has happened since the last OpenBSD KDE Status Report in 2021. Letβs split the report in four areas the good, the bad, the plasma and libinput...
https://www.sizeofvoid.org/posts/2022-26-12-openbsd-kde-status-report-2022/
#kde #desktop
β€4π4
A Few of My Favorite Things About The OpenBSD Packet Filter Tools.
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. Weβll take a short tour of PF features and tools that I have enjoyed using...
https://medium.com/@peter.hansteen/a-few-of-my-favorite-things-about-the-openbsd-packet-filter-tools-28b7ec4666a
#pf #firewall
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. Weβll take a short tour of PF features and tools that I have enjoyed using...
https://medium.com/@peter.hansteen/a-few-of-my-favorite-things-about-the-openbsd-packet-filter-tools-28b7ec4666a
#pf #firewall
π4
Analysis of Speedup Gain of Undefined Behavior Optimizations in OpenBSD.
The ISO C Standard added the undefined behavior notion as a mean to portability. State-of-the-art compilers such as GCC and Clang/LLVM use it to issue aggressive optimizations that break the the intention of the progammer. We argue that the performance impact of undefined behavior (UB) optimizations in operating systems, such as OpenBSD, is low. Furthermore they introduce unobservable and undocumented effects that have great impact of program robustness and security. To test our hypothesis we take the compiler implementation used in OpenBSD, i.e.Clang/LLVM, and disable all undefined behavior optimizations.Then we compare the performance of the system on multiple hardware architectures with the above mentioned optimizations turned on and off...
https://tildegit.org/lucic71/dissertation/src/branch/master/TSW/tsw.pdf
#system #optimizations
The ISO C Standard added the undefined behavior notion as a mean to portability. State-of-the-art compilers such as GCC and Clang/LLVM use it to issue aggressive optimizations that break the the intention of the progammer. We argue that the performance impact of undefined behavior (UB) optimizations in operating systems, such as OpenBSD, is low. Furthermore they introduce unobservable and undocumented effects that have great impact of program robustness and security. To test our hypothesis we take the compiler implementation used in OpenBSD, i.e.Clang/LLVM, and disable all undefined behavior optimizations.Then we compare the performance of the system on multiple hardware architectures with the above mentioned optimizations turned on and off...
https://tildegit.org/lucic71/dissertation/src/branch/master/TSW/tsw.pdf
#system #optimizations
π9π4π₯°4β€2
Errata patches for TCP have been released for OpenBSD 7.1 and 7.2.
Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:
- https://www.openbsd.org/errata71.html
- https://www.openbsd.org/errata72.html
#security #update #system
Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:
- https://www.openbsd.org/errata71.html
- https://www.openbsd.org/errata72.html
#security #update #system
π11
sshd random relinking at boot.
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
π17