OpenBSD Archive

Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.

For those unfamiliar, cwm is the Calm Window Manager. It’s part of the OpenBSD base distribution as one of the native window managers, along with an old version of fvwm and the venerable twm. It’s pretty simple but surprisingly powerful, a floating window manager with some basic manual tiling. It’s keyboard-centric, has an application launcher and highly configurable menus. It uses groups rather than workspaces which provides a lot of flexibility. My configuration isn’t particularly groundbreaking, but it’s comfy and suits me well. I can happily live in it indefinitely, though I do split my time between cwm and Xfce with occasional forays into other window managers or Wayland compositors. This has nothing to do with cwm limitations and everything to do with me being curious and craving novelty. It’s cwm that I return to, because it’s entirely unsurprising and very capable, and also because it’s part of OpenBSD’s base so I know I’m dealing with software that’s been refined and audited and refined again. ↫ Antony Fox-Bramwell If you opt for a default installation of something like OpenBSD, without any additional desktop environments like Xfce, when you start X, you’ll be served with the default OpenBSD window manager: cwm, or the calm window manager. At first glance, it looks incredibly basic and, to most people, archaic and unusable, but what it lacks in sparkles and boondoggles it more than makes up for in flexibility and configurability. The problem, however, is that it’s not exactly intuitive to mold cwm into something that works for you. Articles like this one, by Antony Fox-Bramwell, function as great springboards into the world of configuring cwm. If you do an internet search for similar articles, you’ll find tons of other examples that can help you become more capable at configuring cwm. Most of us are probably just fine accepting something like KDE or Xfce, but if those just don’t scratch your itch, diving into cwm could be just what you’re looking for.

The NLnet foundation has sponsored a project to add WPA3 support to OpenBSD, support which in turn can be used by other operating systems. This project delivers the second open-source implementation of WPA3, the current industry standard for Wi-Fi encryption, specifically for the OpenBSD operating system. Its code can also be integrated by other operating systems to enable modern Wi-Fi encryption, thereby enhancing the diversity and resilience of the global IT ecosystem. ↫ NLnet foundation announcement WPA3 support in Linux seems to be the only other open source implementation of WPA3, so this is great news not only for OpenBSD, but also for other operating systems who rely on BSD network drivers through compatibility layers, like Haiku. FreeBSD, meanwhile, is planning to build its own WPA3 implementation, so they, too, might benefit form the work that’s going to be done through OpenBSD. October is listed as the start of this project, so work is probably already underway.

I recently moved to an area with more internet provider options, all of which were not satellite-based. This change allowed me leave my current provider (Starlink) and also freed my network from being locked behind CGNAT. The jump from ~150Mbps to 1Gbps has been fantastic, but the real benefit in this switch has been the ability to overhaul my home network setup. ↫ Bradley Taunt OpenBSD is generally the way to go for custom router setups, it seems, and if it wasn’t for my own full Ubiquiti setup, I’d definitely consider this too.

Adjusted for the inevitable progress of time, the Common Desktop Environment or CDE is the best desktop environment of all time, and no, I will not be taking question at this time. OpenBSD wasn’t yet graced by CDE’s presence, but this is currently changing as the first commit for porting CDE to OpenBSD has appeared. It’s still rough around the edges and very slightly tested. I wouldn’t use is as a daily driver, it’s old unsecure code but it’s fun if you want to bring back memories. ↫ Antoine at the openbsd-ports mailing list On top of that, this being the initial commit also means there’s probably bugs and other issues lurking in the code, so caution is definitely advised.

ISO 27001 is like that careful lawyer who never says exactly what they mean – it tells you what needs to be achieved, not how to do it. When it comes to logging, this is particularly telling: Control A.12.4.2 simply states that “logging information and logging facilities shall be protected against tampering and unauthorized access.” Period. How? That’s your problem to solve. ↫ Rafael Sadowski It turns out OpenBSD has a few relatively simple tools to make logs immutable, in a way that not even root can delete or modify them, or change any of the logging schedules. Reading through the blog post, you don’t even need a ton of intricate knowledge to set this up, thanks mostly to just how much innate sense OpenBSD tends to make, and how excellent the documentation is. I have no need for this level of security, but if you do, you can set this up in a few minutes.

Following on from OpenBSD/arm64 on QEMU, it’s not always practical to compile userland software or a new kernel on some systems, particularly small SoCs with limited space and memory – or indeed QEMU, in fear of melting your CPU. There are two scenarios here – the first, if you are looking for a standard cross-compiler for Aarch64, and the second if you want an OpenBSD-specific environment. ↫ Daniel Nechtan Exactly what it says on the tin.

Another six months have passed, so it’s time for a new OpenBSD release: OpenBSD 7.7 to be exact. Browsing through the long, detailed list of changes, a few important bits jump out. First, OpenBSD 7.7 adds support for Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point), Radeon RX 9070 (Navi 48), and Intel’s Arrow Lake, adding support for the latest x86 processors to OpenBSD. There seems to be quite a few entries in the list related to power management, from work on hibernation and suspend, to more fine-grained control over performance profiles when on battery or plugged in. There’s also the usual long list of driver improvements, new drivers, and tons and tons of other fixes and changes. OpenBSD 7.7 also ships with the latest GNOME and KDE releases, and contains fixes and improvements for a whole slew of obscure and outdated architectures.

I’ve linked to quite a few posts by OpenBSD developer Solène Rapenne on OSNews, mostly about her work for and knowledge of OpenBSD. However, she recently posted about her decision to leave the OpenBSD team, and it mostly comes down to the fact she hasn’t been using OpenBSD for a while now due to a myriad of problems she’s encountering. Posts like these are generally not that fun to link to, and I’ve been debating about this for a few days now, but I think highlighting such problems, especially when detailed by a now-former OpenBSD developer, is an important thing to do. Hardware compatibility is an issue because OpenBSD has no Bluetooth support, its gamepad support is fractured and limited, and most of all, battery life and heat are a major issue, as Solène notes that “OpenBSD draws more power than alternatives, by a good margin”. For her devops work, she also needs to run a lot of software in virtual machines, and this seems to be a big problem on OpenBSD, as performance in this area seems limited. Lastly, OpenBSD seems to be having stability issues and crashes a lot for her, and while this in an of itself is a big problem already, it’s compounded by the fact that OpenBSD’s file system is quite outdated, and most crashes will lead to corrupted or lost files, since the file system doesn’t have any features to mitigate this. I went through a similar, but obviously much shorter and far less well-informed experience with OpenBSD myself. It’s such a neat, understandable, and well-thought out operating system, but its limitations are obvious, and they will start to bother you sooner or later if you’re trying to use it as a general purpose operating system. While it’s entirely understandable because OpenBSD’s main goal is not the desktop, it still sucks because everything else about the operating system is so damn nice and welcoming. Solène found her alternative in Linux and Qubes OS: I moved from OpenBSD to Qubes OS for almost everything (except playing video games) on which I run Fedora virtual machines (approximately 20 VM simultaneously in average). This provides me better security than OpenBSD could provide me as I am able to separate every context into different spaces, this is absolutely hardcore for most users, but I just can’t go back to a traditional system after this. ↫ Solène Rapenne She lists quite a few Linux features she particularly likes and why, such as cgroups, systemd, modern file systems like Btrfs and ZFS, SELinux, and more. It’s quite rare to see someone of her calibre so openly list the shortcomings of the system she clearly otherwise loves and put a lot of effort in, and move to what is generally looked at with some disdain within the community she came from. It also highlights that issues with running OpenBSD as a general purpose operating system are not confined to less experienced users such as myself, but extend towards extremely experienced and knowledgeable people like actual OpenBSD developers. I’m definitely not advocating for OpenBSD to change course or make a hard pivot to becoming a desktop operating system, but I do think that even within the confines of a server operating system there’s room for at least things like a much improved and faster file system that provides the modern features server users expect, too.

OpenBSD 7.6, the release in which every single line of the original code form the first release has been edited or removed, has been released. There’s a lot of changes, new features, bug fixes, and more in 7.6, but for desktop users, the biggest new feature is undoubtedly hardware-accelerated video decoding through VA-API. Or, as the changelog puts it: Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing. ↫ OpenBSD 7.6 release announcement This is a massive improvement for anyone using OpenBSD for desktop use, especially on power-constrained devices like laptops. Problematic video playback was one of the reasons I went back to Fedora KDE after running OpenBSD on my workstation, and it seems this would greatly improve that situation. I can’t wait until I find some time to reinstall OpenBSD and see how much difference this will make for me personally. There’s more, of course. OpenBSD 7.6 starts the bring-up for Snapdragon X Elite devices, and in general comes with a whole slew of low-level improvements for the ARM64 architecture. AMD64 systems don’t have to feel left out, thanks to AVX-512 support, several power management improvements to make sleep function more optimally, and several other low-level improvements I don’t fully understand. RISC-V, PowerPC, MIPS, and other architectures also saw small numbers of improvements. The changelog is vast, so be sure to dig through it to see if your pet bug has been addressed, or support for your hardware has been improved. OpenBSD users will know how to upgrade, and for new installations, head on over to the download page.

Since we’re on the topic of BSD, what about yet another helpful guide on what to do after first installing OpenBSD? We’ve covered a few of these already, but more can never hurt, and OpenBSD is a great platform that would suit a lot more of us than you might think. Despite some persistent rumors, installing OpenBSD is both quick and easy on most not too exotic hardware. But once the thing is installed, what is daily life with the most secure free operating system like? ↫ Peter N. M. Hansteen This guide by Hansteen focuses primarily on the various basic system management tools you’ll be needing to keep OpenBSD up to date after initial installation, and how to install anything else you might need.

The internet today relies TOO MUCH on just a few big players. When one of them stops working, half the world is impacted because too many services, in my opinion, depend on them. “Too big to fail,” some might say. “Single Point of Failure,” I respond.” The strength of the internet has always been its extreme decentralization, which is now less evident due to this phenomenon. In this article, I want to show how easy it is to create a self-hosted CDN using OpenBSD and just two external packages: Varnish and Lego. ↫ Stefano Marinelli Stefano Marinelli is a gem of a person, and a great voice for the wider BSD community. In this article he covers building your own CDN using OpenBSD, and a few days ago he published a similar article, but using FreeBSD instead. These are excellent resources for anyone who wants to take self-hosting and data ownership to the next level, even cutting out big players like Cloudflare which often don’t have the best interests of us regular people at heart. It’s probably not for everyone, but odds are if you’re reading OSNews, you might be capable of and interested in doing this. And Marinelli’s point about the internet being overly reliant on a just a few small players is well taken. We often focus on the front-end of the monopolised internet – Google, Apple, Microsoft, and so on – but the backend and infrastructure often also suffers from the same problem. These articles focus on effectively replacing Cloudflare, but something like Amazon Web Services is also a prime example of a service that’s basically become too big to fail. That’s not at all how the internet was supposed to work, but unfettered capitalism ruins everything, and this is no exception. While a few of us breaking away from the monopolies and building our own alternatives isn’t going to have any material impact, it at least aides in a cleaner conscience.

This blog post is a guide explaining how to setup a full-featured email server on OpenBSD 7.5. It was commissioned by a customer of my consultancy who wanted it to be published on my blog. Setting up a modern email stack that does not appear as a spam platform to the world can be a daunting task, the guide will cover what you need for a secure, functional and low maintenance email system. ↫ Solène Rapenne If you ever wanted to set up and run your own email server, this is a great way to do it. Solène, an OpenBSD developer, will help you through setting up IMAP, POP, and Webmail, an SMTP server with server-to-server encryption and hidden personal information, every possible measure to make sure your server is regarded as legitimate, and all the usual firewall and anti-spam stuff you are definitely going to need. Taking back email from Google – or even Proton, which is now doing both machine learning and Bitcoin, of all things – is probably one of the most daunting tasks for anyone willing to cut ties with as much of big tech as possible. Not only is there the technical barrier, there’s also the fact that the major email providers, like Gmail or whatever Microsoft offers these days, are trying their darnest to make self-hosting email as cumbersome as possible by trying to label everything you send as spam or downright malicious. It’s definitely not an easy task, but at least with guides like this there’s some set of easy steps to follow to get there.

This is an attempt at building an OpenBSD desktop than could be used by newcomers or by people that don’t care about tinkering with computers and just want a working daily driver for general tasks. Somebody will obviously need to know a bit of UNIX but we’ll try to limit it to the minimum. ↫ Joel Carnat An excellent, to-the-point, no-nonsense guide about turning a default OpenBSD installation into a desktop operating system running Xfce. You definitely don’t need intimate, arcane knowledge of OpenBSD to follow along with this one.