GCC now includes Modula-2 and Rust. Do they work on OpenBSD?
Two new language frontends have been added to GCC: Modula-2 and Rust. I think this is great news on both accounts: having a Wirth language in GCC fills my childhood heart with joy (though I do wish GNU Pascal can one day be revived and mainlined, as Pascal was the first non-BASIC language I learned). And Rust appears here to stay, so having more than just the one official compiler seemed all but inevitable. I think both languages make sense for GCC and am glad to see that they will be making the upcoming GCC 13.1. Let's see how they fare on OpenBSD...
https://briancallahan.net/blog/20221219.html
#gcc #modula2 #rust
Two new language frontends have been added to GCC: Modula-2 and Rust. I think this is great news on both accounts: having a Wirth language in GCC fills my childhood heart with joy (though I do wish GNU Pascal can one day be revived and mainlined, as Pascal was the first non-BASIC language I learned). And Rust appears here to stay, so having more than just the one official compiler seemed all but inevitable. I think both languages make sense for GCC and am glad to see that they will be making the upcoming GCC 13.1. Let's see how they fare on OpenBSD...
https://briancallahan.net/blog/20221219.html
#gcc #modula2 #rust
π14
OpenBSD KDE Status Report 2022.
A lot has happened since the last OpenBSD KDE Status Report in 2021. Letβs split the report in four areas the good, the bad, the plasma and libinput...
https://www.sizeofvoid.org/posts/2022-26-12-openbsd-kde-status-report-2022/
#kde #desktop
A lot has happened since the last OpenBSD KDE Status Report in 2021. Letβs split the report in four areas the good, the bad, the plasma and libinput...
https://www.sizeofvoid.org/posts/2022-26-12-openbsd-kde-status-report-2022/
#kde #desktop
β€4π4
A Few of My Favorite Things About The OpenBSD Packet Filter Tools.
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. Weβll take a short tour of PF features and tools that I have enjoyed using...
https://medium.com/@peter.hansteen/a-few-of-my-favorite-things-about-the-openbsd-packet-filter-tools-28b7ec4666a
#pf #firewall
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. Weβll take a short tour of PF features and tools that I have enjoyed using...
https://medium.com/@peter.hansteen/a-few-of-my-favorite-things-about-the-openbsd-packet-filter-tools-28b7ec4666a
#pf #firewall
π4
Analysis of Speedup Gain of Undefined Behavior Optimizations in OpenBSD.
The ISO C Standard added the undefined behavior notion as a mean to portability. State-of-the-art compilers such as GCC and Clang/LLVM use it to issue aggressive optimizations that break the the intention of the progammer. We argue that the performance impact of undefined behavior (UB) optimizations in operating systems, such as OpenBSD, is low. Furthermore they introduce unobservable and undocumented effects that have great impact of program robustness and security. To test our hypothesis we take the compiler implementation used in OpenBSD, i.e.Clang/LLVM, and disable all undefined behavior optimizations.Then we compare the performance of the system on multiple hardware architectures with the above mentioned optimizations turned on and off...
https://tildegit.org/lucic71/dissertation/src/branch/master/TSW/tsw.pdf
#system #optimizations
The ISO C Standard added the undefined behavior notion as a mean to portability. State-of-the-art compilers such as GCC and Clang/LLVM use it to issue aggressive optimizations that break the the intention of the progammer. We argue that the performance impact of undefined behavior (UB) optimizations in operating systems, such as OpenBSD, is low. Furthermore they introduce unobservable and undocumented effects that have great impact of program robustness and security. To test our hypothesis we take the compiler implementation used in OpenBSD, i.e.Clang/LLVM, and disable all undefined behavior optimizations.Then we compare the performance of the system on multiple hardware architectures with the above mentioned optimizations turned on and off...
https://tildegit.org/lucic71/dissertation/src/branch/master/TSW/tsw.pdf
#system #optimizations
π9π4π₯°4β€2
Errata patches for TCP have been released for OpenBSD 7.1 and 7.2.
Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:
- https://www.openbsd.org/errata71.html
- https://www.openbsd.org/errata72.html
#security #update #system
Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page:
- https://www.openbsd.org/errata71.html
- https://www.openbsd.org/errata72.html
#security #update #system
π11
sshd random relinking at boot.
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
π17
Initial support for guided disk encryption in the installer.
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shell from the installer. Initial support, likely to be expanded upon, was committed by Klemens Nanni (kn@) on March 7, 2023...
https://undeadly.org/cgi?action=article;sid=20230308063109
#security #encryption #install
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shell from the installer. Initial support, likely to be expanded upon, was committed by Klemens Nanni (kn@) on March 7, 2023...
https://undeadly.org/cgi?action=article;sid=20230308063109
#security #encryption #install
β€11π6π₯1
Dynamic host configuration, please.
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
β€12π1π₯°1
How To Set Up a Wireguard VPN Server with Unbound on OpenBSD.
Some months ago, I published an article on how to set up a Wireguard server with adblocking capabilities on GNU/Linux systems, focusing Debian and PiHole specifically. Recently I wanted to reproduce the same setup on an OpenBSD server(since the Wireguard protocol is available on *BSD systems as well) and, while PiHole is not currently available for *BSD systems, I managed to accomplish the same result using the DNS resolver unbound(8) and unbound-adblock to fetch updated blocklists every day. In this guide, I will show you how to achieve the same result...
https://marcocetica.com/posts/wireguard_openbsd/
#wirequard #vpn #security
Some months ago, I published an article on how to set up a Wireguard server with adblocking capabilities on GNU/Linux systems, focusing Debian and PiHole specifically. Recently I wanted to reproduce the same setup on an OpenBSD server(since the Wireguard protocol is available on *BSD systems as well) and, while PiHole is not currently available for *BSD systems, I managed to accomplish the same result using the DNS resolver unbound(8) and unbound-adblock to fetch updated blocklists every day. In this guide, I will show you how to achieve the same result...
https://marcocetica.com/posts/wireguard_openbsd/
#wirequard #vpn #security
π14β€8π1
Is OpenBSD for you?
This blog post is a step by step wizard for those who think about using OpenBSD as a primary OS and daily driver, but don't know if it meets the requirements. I am trying to focus on desktop/laptop use in this case...
https://mizik.eu/blog/is-openbsd-for-you/index.html
#system #hardware #install
This blog post is a step by step wizard for those who think about using OpenBSD as a primary OS and daily driver, but don't know if it meets the requirements. I am trying to focus on desktop/laptop use in this case...
https://mizik.eu/blog/is-openbsd-for-you/index.html
#system #hardware #install
π20β€7
β€7
Launch OpenBSD vmd Guests on Demand from SSH.
Iβd been kicking around the idea of using an ssh ProxyCommand to launch transient EC2 instances connected to long-lived EBS volumes so I figured β why not implement this for vmd hosts? I could forward Linux X11 apps to my desktop & be able to use Signal...
https://jonwillia.ms/2023/03/20/vmctl-ssh
#vmd #virtualization #openssh
Iβd been kicking around the idea of using an ssh ProxyCommand to launch transient EC2 instances connected to long-lived EBS volumes so I figured β why not implement this for vmd hosts? I could forward Linux X11 apps to my desktop & be able to use Signal...
https://jonwillia.ms/2023/03/20/vmctl-ssh
#vmd #virtualization #openssh
π3β€2
Media is too big
VIEW IN TELEGRAM
Synthetic Memory Protections.
Theo de Raadt (derradt@) was scheduled to present at CanSecWest. That's now happened, and slides of Theo's presentation, Synthetic Memory Protections, can be found in the usual place. Video is available on the bird site.
#security #video
Theo de Raadt (derradt@) was scheduled to present at CanSecWest. That's now happened, and slides of Theo's presentation, Synthetic Memory Protections, can be found in the usual place. Video is available on the bird site.
#security #video
β€13π3π₯2
π57πΎ10β€7π₯6π5β‘4π₯°2π1
AWS Gazo bot.
Scripts to create, customize and upload AWS images to the cloud. This is a work in progress, I'm trying to create OpenBSD images from Linux, specially using arm64 and riscv64 for AWS since OpenBSD has no vmm support for arm64 nor riscv64 yet...
https://github.com/csaltos/aws-gazo-bot
Based on the scripts created by Antoine Jacoutot at https://github.com/ajacoutot/aws-openbsd
#aws #cloud #install
Scripts to create, customize and upload AWS images to the cloud. This is a work in progress, I'm trying to create OpenBSD images from Linux, specially using arm64 and riscv64 for AWS since OpenBSD has no vmm support for arm64 nor riscv64 yet...
https://github.com/csaltos/aws-gazo-bot
Based on the scripts created by Antoine Jacoutot at https://github.com/ajacoutot/aws-openbsd
#aws #cloud #install
β€6π₯°1
viogpu(4), a VirtIO GPU driver, added to -current.
Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console...
https://www.undeadly.org/cgi?action=article;sid=20230421124221
#viogpu #virtio
Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console...
https://www.undeadly.org/cgi?action=article;sid=20230421124221
#viogpu #virtio
β€13π₯4π1π₯°1