OpenBSD Webzine #13

OpenBSD Webzine #13

OpenBSD Webzine

TL;DR

• support for xonly code
• new security innovation pinsyscall(2)
• sshd dynamic relinking
• full disk encryption handled by the installer
• OpenBSD 7.3 will be out soon

Artworks of the moment

A floating Puffy holding a paper in hand is asked by a girl «A new issue?! Will you read it to me?».

Recent -current changes

• Execute-only status report (also called xonly)
• Explanations about the new system call mimmutable()
• In order to tighten the pledge done in ssh, the escape command line has been disabled by default in this commit
• OpenIKED 7.2 has been released
• Interfaces can be configured by MAC address using hostname.MAC instead of hostname.if
• The installer now supports encrypted disk options

Interesting new packages

• The Nix package manager (it doesn't do much at the moment)
• xmem, graphical application that displays memory and swap usage.
• eduvpn, user and admin portal for Let's Connect! and eduVPN
• fennel, Lisp dialect that runs on Lua
• endlessh, SSH tarpit that slowly sends an endless banner
• lchat, line oriented chat frontend for ii
• nerds-fonts, Iconic font aggregator, collection, and patcher
• rssgoemail, send RSS/Atom/Gemini feeds to email
• LabPlot, data visualization and analysis software
• ntfy, send push notifications to your phone or desktop
• calligraplan, KDE Calligra project management application
• xnotify, display notifications read from standard input
• gopls, official Go LSP
• rustic, fast, encrypted, deduplicated backups (not production ready)
• try_repeat, run a command 'n' times exiting early if it fails
• ancient, decompression routines for ancient formats
• keycloak, Identity and Access Management solution

Shell tips

I suppose most of OpenBSD users know about the command top, but do you know about systat? This command gives a lot of information about the system, and is a terminal user interface (TUI) that allows changing views for different information. Running it as root will give you more information you may not have as a simple user, like PF queueing or PF realtime statistics. It's a must-have for any OpenBSD administrator that would like to know more about the current system status.

Going further

• Undeadly is publishing an RSS feed of syspatches at this address
• Buy a branded deck of UNIX pipe game by openbsd.amsterdam
• Fuzzing OpenBSD ping(8), and solve a 24 years old bug
• A guide explaining a dual boot setup with full disk encryption
• Testing Rust and Modula-2 in GCC, do they work on OpenBSD?
• KDE status report
• A guide explaining how to setup your own lastpass on OpenBSD
• Trusting SSH server using DNS: VerifyHostKeyDNS … or how I enroll new hosts into my infrastructure.
• A practical guide of VXLAN over Wireguard
• How to make console screendump, this includes a long and detailled explanation
• Static photo albums with llgal on OpenBSD
• A deep study of the eject command
• A guide explaining how to install and configure nextcloud on OpenBSD
• Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD
• Some history lesson about the project, OpenBSD in Canada
• Some people do run Kubernetes cluster on OpenBSD
• Some ChatGPT poetry about OpenBSD here and there
• The dynamic host configuration on OpenBSD explained (a MUST to read)
• The famous guide Host a server with OpenBSD (very good reading if you are new to OpenBSD)
• Explainations about OpenSMTPD filters on the fly
• Some guide covering Wireguard and Unbound on OpenBSD
• Is OpenBSD for you? A list of facts that may help you decide if OpenBSD is for you, or not.
• A guide explaining self-hosting emails on OpenBSD

Note from the editorial team

Note from Solene

Still late as usual, I would like to elaborate more on this. First, I never really figured a way to know when it's time to release an issue: I prefer waiting for a lot of material to put in, to make a beffy issue rather than scheduled issues without much content. Second, writing the issue alone is taking time, usually a couple of hours to put everything together and proofread, and the way the webzine is done isn't helping much. The other Webzine I started for NixOS is much easier to maintain, but also lacks some soul as it's mostly generated from a template fed of links and titles, it suits NixOS style but not OpenBSD in my opinion. Now I started a patreon, I'll maintain the webzine more seriously.

In addition, I would like to congratulate the OpenBSD community for being so vibrant, with a deep culture of self-hosting and diversity. While writing this issue, I noticed most new ports were not GitHub projects, and that most links were about self-hosting services. Hurray! You are an awesome community to interact with.

Authors

Solène Rapenne. Artwork by Prahou. Many thanks to everyone involved and supportive of the idea

Content under CC-BY-4.0. Artworks are under their own licenses.
Feed ATOM