OpenBSD Archive

I always like it when I can link to an article written by an OSNews, and this time it’s even relevant to me as I’m exploring OpenBSD myself. OSNews reader and silver Patreon supporter Morgan has written an article about using OpenBSD as a daily driver. OpenBSD is forever tied in first place with Void Linux as my favorite desktop OS. This is particularly funny because OpenBSD isn’t “just a desktop OS”; in its purest form, the base installation without any installed packages, it makes for an excellent Ethernet router, firewall, or web server. It even ships with its own fork of X11 called Xenocara, along with fvwm2 and its own calm window manager, so there’s a rudimentary desktop OS in there too. With that said, in 2024 there is no such thing as a fully functioning desktop computer or workstation without at least a web browser of some kind, and if you’re adding packages you may as well build a full desktop system to suit your needs. So how do you go from the amazing but unfortunately limited base install to a “daily driver” workstation operating system? There are many ways to do this, and I will present a couple of paths I take depending on the hardware and use case involved. Before I do that, a bit of prep is necessary to get OpenBSD into more of a desktop OS mode. ↫ Morgan I’ll be using this guide over the coming days to make sure I end up with something usable. I still haven’t decided on what desktop environment I want to go for – I’m not interested in running GNOME or KDE, so Xfce is probably the most likely option. I’d also love to try out LXQt, but it seems the version OpenBSD has in its repositories is very, very outdated (1.0.0 from years ago, when 2.0.0 was just released). There’s a small chance I might suck it up and use one of those “build your own desktop environment” options, but I have no idea which one I should go for.

With the recent release of OpenBSD 7.5, I decided to run through my personal OpenBSD “installer” for laptop/desktop devices. The project is built off of the dwm tiling window manager and only installs a few basic packages. The last time I updated it was with the release of 7.3, so it’s been due for an minor rework. While making these minor changes, I remembered how incredibly easy the entire install process for OpenBSD is and how cozy the entire operating system feels. All the core systems just work out the box. Yes, you need to “patch” in WiFi with a firmware update, so you’ll need an Ethernet connection during the initial setup. Yes, the default desktop environment is not intuitive or ideal for newcomers. But the positives heavily outweigh the negatives (in my opinion). ↫ Bradley Taunt OpenBSD has a very dedicated community, and I’ve noticed they tend to be very helpful and friendly. It’s making me curious about trying it out, and both this article and the helpful posts it links to will be a great way to start.

In this blog post, you will learn about some OpenBSD features that can be useful, but not widespread. They often have a niche usage, but it’s important to know they exist to prevent you from reinventing the wheel. ↫ Solène Rapenne Written by Solène Rapenne, who also happens to be an OpenBSD developer, so a great source for information like this.

Welcome to my comprehensive guide on recording audio and desktop screen on OpenBSD. In this blog post, I’m excited to share my personal setup and approach to efficiently capturing high-quality audio and video on one of the most secure and stable operating systems available. Whether you’re a professional content creator, a developer looking to record tutorials, or simply an OpenBSD enthusiast, this guide is tailored to help you navigate the intricacies of screen recording in this unique environment. Alongside this step-by-step tutorial, I’ve also included a practical YouTube video to demonstrate the quality and effectiveness of the recordings you can achieve with this setup. So, let’s dive in and explore the world of audio and video recording on OpenBSD! ↫ Rafael Sadowski The BSD world needs more of these kinds of guides and articles. I feel like the various BSDs have so much to offer to desktop users, especially now that there is a reasonable contingent of Linux users who aren’t happy with the spread of things like systemd and Wayland, but the fact of the matter is that the BSDs are not as focused on desktop and laptop use as Linux has been. That’s not a dig at BSD developers – BSD focuses on different things – but it does mean that people interested in using BSD on desktops and laptops need a bit more assistance.

I was always very interested in OpenBSD and a few months ago, I decided to give it a try. I’ve quickly fallen in love with it! There is, however, a big problem: Hare does not fully support OpenBSD! So, I decided to port it and I am happy to announce that my work was merged yesterday and OpenBSD is now fully supported by Hare. Let me show you some of the tricky stuff that was involved in the port. ↫ Lorenz (xha) on the official Hare blog Hare is a relatively new programming language, and originally only supported Linux and FreeBSD. This post details the process of porting it over to OpenBSD.

The seL4 microkernel is currently the only kernel that has been fully formally verified. In general, the increased interest in ensuring the security of a kernel’s code results from its important role in the entire operating system. One of the basic features of an operating system is that it abstracts the handling of devices. This abstraction is represented by device drivers – the software that manages the hardware. A proper verification of the software component could ensure that the device would work properly unless there is a hardware failure. In this paper, we choose to model the behavior of a device driver and build the proof that the code implementation matches the expected behavior. The proof was written in Isabelle/HOL, the code translation from C to Isabelle was done automatically by the use of the C-to-Isabelle Parser and AutoCorres tools. We choose Isabelle theorem prover because its efficiency was already shown through the verification of seL4 microkernel. Some light reading that would’ve been for the weekend had I not gotten sick and unable to work on OSNews much.

Suppose, hypothetically, that you have some DNS servers that are exposed to the Internet behind an OpenBSD PF-based firewall. Since you’re a sensible person, you have various rate limits set in your DNS servers to prevent or at least mitigate various forms of denial of service attacks. One day, your DNS servers become extremely popular for whatever reason, your rate limits kick in, and your firewall abruptly stops allowing new connections in or out. What on earth happened? It’s a quirk of PF in OpenBSD, and this post provides more details and possible mitigations.

I often see a lot of confusion with regard to OpenBSD, either assimilate as a Linux distribution or mixed up with FreeBSD. Let’s be clear, OpenBSD is a stand alone operating system. It came as a fork of NetBSD in 1994, there isn’t much things in common between the two nowadays. While OpenBSD and the other BSDs are independant projects, they share some very old roots in their core, and regularly see source code changes in one being imported to another, but this is really a very small amount of the daily code changes though. Just like OSNews (more information about the OSNews Gemini capsule), this article is also available on Gemini.

Years later, Todd Mortimer and I developed RETGUARD. At the start of that initiative he proposed we protect all functions, to try to guard all the RET instructions, and therefore achieve a state we call “ROP-free”. I felt this was impossible, but after a couple hurdles the RETGUARD performance was vastly better than the stack protector and we were able to protect all functions and get to ROP-free (on fixed-sized instruction architecures). Performance was acceptable to trade against improved security. RETGUARD provides up to 4096 cookies per DSO, per-function, but limited to avoid excessive bloat. It is difficult to do on architectures with very few registers. Code was only written for clang, there is no gcc codebase doing it. clang code for some architectures was never written (riscv64). I hope that sets the stage for what is coming next. We were able to enable RETGUARD on all functions because it was fast. Look, I have no clue what any of this means. None at all. However, I do somewhat grasp this is a big deal… I just need OSNews readers to explain in layman’s terms why, exactly.

Hetzner introduced its Ampere Altra powered arm64-based cloud servers earlier this year, making it possible to easily run OpenBSD/arm64 on their platform. The only caveat for now is that the viogpu(4) driver is required, which was committed by jcs@ in April 2023 and thus only available in snapshots. It will first appear in OpenBSD 7.4. Excellent news.

This is a list of software and ideas developed or maintained by the OpenBSD project, sorted in order of approximate introduction. Some of them are explained in detail in our research papers. That’s an impressive list.

These are my notes from experimenting with building Wayland bits on OpenBSD during g2k23 in Tallinn… Thanks to the OpenBSD foundation for organizing this event. This is still far from a complete running system as there are many issues on the road, but it’s a good start and it shows that it’s definitely not impossible to get Wayland running on OpenBSD. This is one of the very few valid criticisms of Wayland: it’s designed and developed entirely for Linux, with no regard for BSD or other platforms. Now, I find this an entirely valid choice and completely understandable choice to make from the developers’ perspectives, but it’s still unpleasant that the BSD world is stuck with archaic, unmaintained X.org while the Linux world has moved on. In that light, it’s great to see that Wayland may, in fact, not be as married to Linux as we think.

OpenBSD 7.2 has been released. The major new features in this release are all concerned with expanding the operating system’s hardware support. This release adds supports for Apple’s M2, the Ampere Altra, and the Qualcomm Snapdragon 8cx Gen 3.

In my never ending quest to have oksh support every C compiler in existence, I have ported two more C compilers to OpenBSD. They are chibicc and kefir. As always, let’s review them and at the end I’ll have links to unofficial ports so that you can play around with these C compilers. As you all know, these things are a little over my head, but I know many OSNews readers are far more knowledgeable about and interested in these things than I am.