Posts tagged "openbsd":
fossil self-hosting repository server on openbsd
With my preferred Git repository hosting provider preparing to introduce some
changes that don't cohere with my philosophical ideals, I finally decided to
make the move to Fossil. Git has never been favoured but its ubiquity made it
hard to ignore. The OpenBSD development of got
was more than a desireable
improvement but now that I needed to self-host, there was no longer an obstacle
to using Fossil that could be avoided by staying with Git—and so I switched.
Fossil is super simple, clean, and consistent—making source code management and
version control easy. In the same vein, installation and setup is just as
painless. On that note, the following presumes an OpenBSD 6.7 installation.
l2tp ipsec vpn with npppd on openbsd
If you're even slightly security- or privacy-conscious, which in the present era of Big Data and tech oligarchs is a provident predilection, you should, if not already, be using a VPN (Virtual Private Network). And I don't mean one of the oft-advertised commercial offerings you see plastered about social media—but one that you control. Where every outgoing request that leaves your computer is tunneled through an encrypted private network owned and operated by you. Fortunately, the OpenBSD base tools make this a trivial task—and free if you already have a VPS. But even provisioning a new VM will likely be cheaper than the aforementioned commercial alternatives, with the added benefit of being more secure, and not only private in name but in practice; you can rest assured that only you and the endpoint will be cognizant of your traffic.
[...]eurobsdcon 2019 talks
The presentations from this year's EuroBSDCon held during late September in Lillehammer, Norway are now available on YouTube.
[...]openbsd 6.6 released early
OpenBSD's second of its biannual releases came early again this year with the release of OpenBSD 6.6 last week; while this post comes late.
[...]openbsd: secure by default
Correction: ASLR was not innovated by OpenBSD, the Linux PaX project
published the first design and implementation of ASLR in July 2001 as a patch
for the Linux kernel. ASLR was then added to OpenBSD 3.4 in 2003 followed by
Linux in 2005.
–Unix Sheikh
openbsd: clean, correct code by default
I was perusing some not-too-recent-nor-old messages on the misc@openbsd.org mailing list when I entered a thread based on an interest in the subject–OpenBSD Project–where after reading the original message I would have normally passed on the rest but fortuitously didn't, and was pleased to read a contribution that reminded me of one of OpenBSD's most compelling merits:
[...]openbsd dns server with unbound and nsd
The default installation of OpenBSD comes with both unbound(8) and
nsd(8); unbound
is a validating, recursive, and caching DNS resolver
that provides DNSSEC validation, while nsd
is an authoritative name server
that holds DNS records. The combination of the two running locally, means that
name server lookups (i.e., requests to resolve domain names into IP addresses
and vice versa) can be handled locally without being sent upstream to your ISP
or another public name server such as Google. This almost completely prevents
snooping or tampering such as DNS cache poisoning or spoofing attacks. Both
programs have a small memory footprint, offer a secure environment to provide
lightning quick retrieval of both forward and reverse DNS requests, and are
exceedingly simple to setup. This article will detail the steps to configure
both unbound
and nsd
on your OpenBSD box.
starting ssh-agent on openbsd
ssh-agent
natively runs at startup on OpenBSD when using xenodm
, otherwise
it needs to be manually initialised. This is quick and easy but somewhat
abstruse.
quick and convenient command line e-mail
If you spend a considerable amount of time in your terminal, you might find the ability to fire off short emails from within it–without context-switching to your mail client or browser or whichever means you use–a convenient shortcut. Not to mention the utility it affords any number of use cases you might later choose to implement; a simple shell script, for example, can deliver notifications via email. It's a convenient feature of Unixen that requires very little setup.
[...]samba filesharing server on openbsd for macos client
I do most of my work on one of two MacBooks—a 2014 Air or 2018 Pro—and occasionally on an older model Lenovo ThinkPad running OpenBSD 6.5. Staying synced between the two Macs is trivial as they're both in the cloud but apart from using my own Nextcloud server on an OpenBSD VPS for storing some personal data, I wanted a seamless option for filesharing between the ThinkPad and MacBooks when at home on the local network. This was a relatively pain-free task that took all of five minutes.
[...]time machine backups on openbsd with netatalk
Apple's automatic backup app Time Machine is a fantastic utility that does hourly, daily, and weekly backups of local snapshots. This enables you to restore the system to a previous state in the event of a catastrophic failure—a somewhat rare occurence on the ever-so-stable macOS. The caveat being that storage is limited to AFP (Apple Filing Protocol) compatible devices like the Apple AirPort Time Capsule. Fortunately, Netatalk provides an open source AFP file server that works flawlessly on OpenBSD, and setup is trivial.
[...]let's encrypt https with acme-client on openbsd
Since OpenBSD 5.9, the base system comes with acme-client
: an open source
implementation in C that requests a free HTTPS certificate from the Let’s
Encrypt Certificate Authority. It is super simple to setup and even easier to
use. And once your certificate is issued, the acme-renew script
will ensure your website stays TLS encrypted for the remainder of its lifetime.
boost nextcloud performance with redis cache on openbsd
A PHP memory caching utility such as Redis can significantly decrease load times, speeding up PHP requests by storing compiled files for quicker retrieval.
[...]openbsd web server with httpd, mariadb, php and wordpress
The ubiquitous LAMP (Linux / Apache / MySQL / PHP) Stack has scores of guides
available across the Internet. Searching LAMP Stack $linuxdistro will return
thousands of results; many of which are reliably up-to-date and accurate.
Attempting the same with OpenBSD, however, is not as fruitful; current,
correct, and comprehensive guides are not as plentiful. To start, there is no
comparable search pattern; for example, OAMP Stack (OpenBSD / Apache / MySQL
/ PHP) returns 23 results. Most of these are not relevant, and less than
a handful are current. Further, the base system web server is named httpd
,
which presents more of a challenge in searching for quality content. There is,
however, a silver lining for OpenBSD users: quality documentation and rock
solid design. The official OpenBSD documentation is clear and
concise, super easy to follow, and invariably correct. Certainly much more
reliable than that of its better known cousin, FreeBSD. Further,
packages installed with pkg_add
often provide additional system specific
information in /usr/local/share/doc/pkg-readmes
with step-by-step
instructions to produce a sane configuration out of the box. OpenBSD developers
put in a lot of work to ensure users are met with precise documentation. It is
an example of quality trumping quantity and engineering brilliance!