In this blog post, you will learn about some OpenBSD features that can be useful, but not widespread. They often have a niche usage, but it’s important to know they exist to prevent you from reinventing the wheel. ↫ Solène Rapenne Written by Solène Rapenne, who also happens to be an OpenBSD developer, so a great source for information like this.
Welcome to my comprehensive guide on recording audio and desktop screen on OpenBSD. In this blog post, I’m excited to share my personal setup and approach to efficiently capturing high-quality audio and video on one of the most secure and stable operating systems available. Whether you’re a professional content creator, a developer looking to record tutorials, or simply an OpenBSD enthusiast, this guide is tailored to help you navigate the intricacies of screen recording in this unique environment. Alongside this step-by-step tutorial, I’ve also included a practical YouTube video to demonstrate the quality and effectiveness of the recordings you can achieve with this setup. So, let’s dive in and explore the world of audio and video recording on OpenBSD! ↫ Rafael Sadowski The BSD world needs more of these kinds of guides and articles. I feel like the various BSDs have so much to offer to desktop users, especially now that there is a reasonable contingent of Linux users who aren’t happy with the spread of things like systemd and Wayland, but the fact of the matter is that the BSDs are not as focused on desktop and laptop use as Linux has been. That’s not a dig at BSD developers – BSD focuses on different things – but it does mean that people interested in using BSD on desktops and laptops need a bit more assistance.
I wanted to share a list of hardening you can do on your OpenBSD workstation, and explaining the threat model of each change. Feel free to pick any tweak you find useful for your use-case, many are certainly overkill for most people, but depending on the context, these changes could make sense for others. ↫ Solène Rapenne Writte by OpenBSD developer Solène Rapenne.
I was always very interested in OpenBSD and a few months ago, I decided to give it a try. I’ve quickly fallen in love with it! There is, however, a big problem: Hare does not fully support OpenBSD! So, I decided to port it and I am happy to announce that my work was merged yesterday and OpenBSD is now fully supported by Hare. Let me show you some of the tricky stuff that was involved in the port. ↫ Lorenz (xha) on the official Hare blog Hare is a relatively new programming language, and originally only supported Linux and FreeBSD. This post details the process of porting it over to OpenBSD.
The seL4 microkernel is currently the only kernel that has been fully formally verified. In general, the increased interest in ensuring the security of a kernel’s code results from its important role in the entire operating system. One of the basic features of an operating system is that it abstracts the handling of devices. This abstraction is represented by device drivers – the software that manages the hardware. A proper verification of the software component could ensure that the device would work properly unless there is a hardware failure. In this paper, we choose to model the behavior of a device driver and build the proof that the code implementation matches the expected behavior. The proof was written in Isabelle/HOL, the code translation from C to Isabelle was done automatically by the use of the C-to-Isabelle Parser and AutoCorres tools. We choose Isabelle theorem prover because its efficiency was already shown through the verification of seL4 microkernel. Some light reading that would’ve been for the weekend had I not gotten sick and unable to work on OSNews much.
A new OpenBSD release means a ton of new features, and OpenBSD 7.4 is no different. It adds a VirtIO GPU driver, built-in leak detection for malloc, support for AMD processor microcode updates, and a whole lot more. If you want the really detailed list of changes, hop on over to the changelog, and OpenBSD users will already know how to update.
Suppose, hypothetically, that you have some DNS servers that are exposed to the Internet behind an OpenBSD PF-based firewall. Since you’re a sensible person, you have various rate limits set in your DNS servers to prevent or at least mitigate various forms of denial of service attacks. One day, your DNS servers become extremely popular for whatever reason, your rate limits kick in, and your firewall abruptly stops allowing new connections in or out. What on earth happened? It’s a quirk of PF in OpenBSD, and this post provides more details and possible mitigations.
I often see a lot of confusion with regard to OpenBSD, either assimilate as a Linux distribution or mixed up with FreeBSD. Let’s be clear, OpenBSD is a stand alone operating system. It came as a fork of NetBSD in 1994, there isn’t much things in common between the two nowadays. While OpenBSD and the other BSDs are independant projects, they share some very old roots in their core, and regularly see source code changes in one being imported to another, but this is really a very small amount of the daily code changes though. Just like OSNews (more information about the OSNews Gemini capsule), this article is also available on Gemini.
sysclean(8) is a system tool designed for help system administrator to keep their OpenBSD clean after upgrade. It walks the installed system and compare to a reference system, reporting to the user additional things in the installed system. The purpose is to point any elements that wouldn’t be present if a fresh install was done, instead of an upgrade. This seems like a useful tool.
Years later, Todd Mortimer and I developed RETGUARD. At the start of that initiative he proposed we protect all functions, to try to guard all the RET instructions, and therefore achieve a state we call “ROP-free”. I felt this was impossible, but after a couple hurdles the RETGUARD performance was vastly better than the stack protector and we were able to protect all functions and get to ROP-free (on fixed-sized instruction architecures). Performance was acceptable to trade against improved security. RETGUARD provides up to 4096 cookies per DSO, per-function, but limited to avoid excessive bloat. It is difficult to do on architectures with very few registers. Code was only written for clang, there is no gcc codebase doing it. clang code for some architectures was never written (riscv64). I hope that sets the stage for what is coming next. We were able to enable RETGUARD on all functions because it was fast. Look, I have no clue what any of this means. None at all. However, I do somewhat grasp this is a big deal… I just need OSNews readers to explain in layman’s terms why, exactly.
Hetzner introduced its Ampere Altra powered arm64-based cloud servers earlier this year, making it possible to easily run OpenBSD/arm64 on their platform. The only caveat for now is that the viogpu(4) driver is required, which was committed by jcs@ in April 2023 and thus only available in snapshots. It will first appear in OpenBSD 7.4. Excellent news.
Thanks to a series of commits by Jonathan Gray (jsg@), -current now has support for microcode (updates) for AMD (amd64 and i386) processors. It’s great to see support for the AMD side gaining equivalence with that for Intel (for which support was added in 2018). Good news for OpenBSD users.
This is a list of software and ideas developed or maintained by the OpenBSD project, sorted in order of approximate introduction. Some of them are explained in detail in our research papers. That’s an impressive list.
These are my notes from experimenting with building Wayland bits on OpenBSD during g2k23 in Tallinn… Thanks to the OpenBSD foundation for organizing this event. This is still far from a complete running system as there are many issues on the road, but it’s a good start and it shows that it’s definitely not impossible to get Wayland running on OpenBSD. This is one of the very few valid criticisms of Wayland: it’s designed and developed entirely for Linux, with no regard for BSD or other platforms. Now, I find this an entirely valid choice and completely understandable choice to make from the developers’ perspectives, but it’s still unpleasant that the BSD world is stuck with archaic, unmaintained X.org while the Linux world has moved on. In that light, it’s great to see that Wayland may, in fact, not be as married to Linux as we think.
OpenBSD 7.3 has been released. As usual, there’s no nice write-up of the major new features and changes – as befits OpenBSD as a project, I’m not complaining – and since I’m not too well-versed in the world of OpenBSD, I don’t really know which of the massive list of changes impact the average OpenBSD user the most.
OpenBSD 7.2 has been released. The major new features in this release are all concerned with expanding the operating system’s hardware support. This release adds supports for Apple’s M2, the Ampere Altra, and the Qualcomm Snapdragon 8cx Gen 3.
In my never ending quest to have oksh support every C compiler in existence, I have ported two more C compilers to OpenBSD. They are chibicc and kefir. As always, let’s review them and at the end I’ll have links to unofficial ports so that you can play around with these C compilers. As you all know, these things are a little over my head, but I know many OSNews readers are far more knowledgeable about and interested in these things than I am.
This is a small write-up about installing OpenBSD 7.1 on a PINE64 RockPro64 SBC. RockPro64 is a beefy single-board computer made by a company that brought us awesome devices like Pinebook Pro (laptop), Pinecil (soldering iron), PineTime (smartwatch) and of course PinePhone. The board utilizes the same hexa-core processor as Pinebook Pro – Rockchip RK3399, and 4 gigabytes of LPDDR4 RAM. One of the distinct features of that computer is a PCI-express X4 socket. Unfortunately I wasn’t able to use any video card there even with “stock” GNU/Linux – ARM64 GPU drivers for AMD/NVIDIA is just not there yet I assume. The slot is often being used for a network cards and SATA controllers – there is even an official case for RP64 with 3.5″ hard drives spots inside, quite handy for a homemade NAS or something of sorts. Exactly what it says on the tin.
This is approximately as wise as taking off from Mars in a ragtop rocket, but don’t worry, the math all checks out. My theory is that compiling less code will be faster than compiling more code, but first we must find the code so we know not to compile it. This is vital information to know in your day-to-day computing life.
OpenBSD 7.1 has been released. The biggest improvement in this point release is support for Apple Silicon, which is now ready for general use. Of course, there’s a lot more in this new release, so head on over to the changelog to get all the details.