OpenBSD Webzine #13
source link: https://webzine.puffy.cafe/issue-13.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
OpenBSD Webzine #13
OpenBSD Webzine
ISSUE #13
March 19, 2023
TL;DR
- support for xonly code
- new security innovation pinsyscall(2)
- sshd dynamic relinking
- full disk encryption handled by the installer
- OpenBSD 7.3 will be out soon
Artworks of the moment
A floating Puffy holding a paper in hand is asked by a girl «A new issue?! Will you read it to me?».
Recent -current changes
- Execute-only status report (also called xonly)
- Explanations about the new system call mimmutable()
- In order to tighten the pledge done in ssh, the escape command line has been disabled by default in this commit
- OpenIKED 7.2 has been released
- Interfaces can be configured by MAC address using hostname.MAC instead of hostname.if
- The installer now supports encrypted disk options
Interesting new packages
- The Nix package manager (it doesn't do much at the moment)
- xmem, graphical application that displays memory and swap usage.
- eduvpn, user and admin portal for Let's Connect! and eduVPN
- fennel, Lisp dialect that runs on Lua
- endlessh, SSH tarpit that slowly sends an endless banner
- lchat, line oriented chat frontend for ii
- nerds-fonts, Iconic font aggregator, collection, and patcher
- rssgoemail, send RSS/Atom/Gemini feeds to email
- LabPlot, data visualization and analysis software
- ntfy, send push notifications to your phone or desktop
- calligraplan, KDE Calligra project management application
- xnotify, display notifications read from standard input
- gopls, official Go LSP
- rustic, fast, encrypted, deduplicated backups (not production ready)
- try_repeat, run a command 'n' times exiting early if it fails
- ancient, decompression routines for ancient formats
- keycloak, Identity and Access Management solution
Shell tips
I suppose most of OpenBSD users know about the command
top
, but do you know about systat
? This
command gives a lot of information about the system, and is a
terminal user interface (TUI) that allows changing views for different
information. Running it as root will give you more information you may not
have as a simple user, like PF queueing or PF realtime statistics. It's
a must-have for any OpenBSD administrator that would like to know more
about the current system status.
Going further
- Undeadly is publishing an RSS feed of syspatches at this address
- Buy a branded deck of UNIX pipe game by openbsd.amsterdam
- Fuzzing OpenBSD ping(8), and solve a 24 years old bug
- A guide explaining a dual boot setup with full disk encryption
- Testing Rust and Modula-2 in GCC, do they work on OpenBSD?
- KDE status report
- A guide explaining how to setup your own lastpass on OpenBSD
- Trusting SSH server using DNS: VerifyHostKeyDNS … or how I enroll new hosts into my infrastructure.
- A practical guide of VXLAN over Wireguard
- How to make console screendump, this includes a long and detailled explanation
- Static photo albums with llgal on OpenBSD
- A deep study of the eject command
- A guide explaining how to install and configure nextcloud on OpenBSD
- Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD
- Some history lesson about the project, OpenBSD in Canada
- Some people do run Kubernetes cluster on OpenBSD
- Some ChatGPT poetry about OpenBSD here and there
- The dynamic host configuration on OpenBSD explained (a MUST to read)
- The famous guide Host a server with OpenBSD (very good reading if you are new to OpenBSD)
- Explainations about OpenSMTPD filters on the fly
- Some guide covering Wireguard and Unbound on OpenBSD
- Is OpenBSD for you? A list of facts that may help you decide if OpenBSD is for you, or not.
- A guide explaining self-hosting emails on OpenBSD
Note from the editorial team
Note from Solene
Still late as usual, I would like to elaborate more on this. First, I never really figured a way to know when it's time to release an issue: I prefer waiting for a lot of material to put in, to make a beffy issue rather than scheduled issues without much content. Second, writing the issue alone is taking time, usually a couple of hours to put everything together and proofread, and the way the webzine is done isn't helping much. The other Webzine I started for NixOS is much easier to maintain, but also lacks some soul as it's mostly generated from a template fed of links and titles, it suits NixOS style but not OpenBSD in my opinion. Now I started a patreon, I'll maintain the webzine more seriously.
In addition, I would like to congratulate the OpenBSD community for being so vibrant, with a deep culture of self-hosting and diversity. While writing this issue, I noticed most new ports were not GitHub projects, and that most links were about self-hosting services. Hurray! You are an awesome community to interact with.
Authors
Solène Rapenne. Artwork by Prahou. Many thanks to everyone involved and supportive of the idea
Content under CC-BY-4.0. Artworks are under their own licenses.
Feed ATOM
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK