Confidential Computing with OpenBSD The Next Step - Talk at #BSDCan 2025 conference by Hans Jörg Höxer #OpenBSD #Video https://toobnix.org/w/v7xpcN8MyouxGTnwYt35WM
Recherches récentes
Options de recherche
#openbsd
37 messages33 participants7 messages aujourd’hui
Whatever happened to HAMMER2 being ported to #openbsd?
#OpenBSD's acme-client(1) now supports the draft-ietf-acme-profiles specification, supported by certificate authorities like Let's Encrypt.
https://www.ietf.org/archive/id/draft-ietf-acme-profiles-00.txt
This allows for different "profiles" to be provided that can be selected by the user, such as "shortlived" TLS certificates.
sthen@ modified src/usr.sbin/acme-client/*: implement draft-ietf-acme-profiles for acme-client, ok florian
letsencrypt uses this to allow asking for a certificate with a specific TLS profile; see https://letsencrypt.org/docs/profiles/ for current options
note that with current timers, if you select the non-default "shortlived" profile, renewal will be done at each acme-client run. if this results in exceeding rate limits, adjust cronjobs, or don't do that. (this is being
looked at, but may possibly be too sensitive to change before release).
The issue with renewal timers was addressed in a subsequent commit by florian@:
florian@ modified src/usr.sbin/acme-client/revokeproc.c: Adapt renewal calculation for shortlived certificates.
If the lifetime is more than 10 days renew if less than 1/3 of the lifetime is left. Otherwise renew after 1/2 of the remaining lifetime.
Since we suggest to run the cronjob daily, this is capped at 3 days remaining lifetime to have the opportunity to run the cronjob at least twice.
Input & OK tb, sthen
Putting it in now because it gives buypass users 60 days of warnings instead of 30 that their certificate can't be renewed (pointed out by sthen).
FreeType/libfreetype is now linked with libpng in #OpenBSD -current, bringing improved font rendering and emoji support to xenocara! 
marc.info'CVS: cvs.openbsd.org: xenocara' - MARC
Less than a week to go for the European *BSD event of the year! 
Big thank you to our partner sponsor: Skylime
https://www.skylime.net/
You can check out the program at https://events.eurobsdcon.org/2025/schedule/
Vidimo se u Zagrebu!!
EuroBSDCon 2025 in Zagreb, Croatia 
September 25-28, 2025
Farming packets > farming corn 
Escaped CGNAT with OpenBSD + relayd, Wireguard, and a dash of stubbornness. Now self-hosting Plex, Matrix, Miniflux & more with no tunnels and no middlemen.
A répondu dans un fil de discussion
A répondu dans un fil de discussion
I bought a 9-year-old (at the time) #Thinkpad x200 in January 2019 "just for writing and stuff" and daily-drove it for years.
It still gets used occasionally and runs #OpenBSD very nicely.
This year, I'm planning on "splurging" on an actually-new laptop: an HP Stream 11, provided there's a nice discount on it sometime next month or the one after.
Who knows how long that one will last me. XD
My currently-used machines (not counting work) are from 2019, 2016, and 2010.
All running strong. :D
A répondu dans un fil de discussion
I honestly greatly prefer #OpenBSD's attitude of, "This is our system, we made it the way we want it, if you don't like it, go eff yourself or run Linux or something, whatever" over #systemd's "Here's a few million lines of source code, you don't *wink* have to *wink* use it of course, we'll only pester the ever living fork out of ever major distro to use it and wage psychological warfare on Debian maintainers until they comply. *wink* *uwu*"
Oh and of course, if you complain about it, we'll just say "Oh, but SYSVinit sucked so hard, what is even wrong with you, you actually want to maintain SHELL SCRIPTS?!?" as if we're just an init system anymore, lol
Honestly, the level of psyops from these people should inspire the republicans.
One week to go for the European *BSD event of the year to open it's doors!
Big thank you to our partner sponsor: OpenIT
http://www.openit.hr/
If you haven't secured your spot yet, now's the time!
https://tickets.eurobsdcon.org/
Vidimo se u Zagrebu!!
EuroBSDCon 2025 in Zagreb, Croatia
September 25-28, 2025
Where can I find information for how to set an #OpenBSD router DNS resolver with specific IP addresses for the DNS?
All BSDs should also focus on the Desktop side of experience #DragonflyBSD #FreeBSD #NetBSD #OpenBSD
#GhostBSD trying but I think we need more united effort to promote.
The European *BSD event of the year is approaching fast!
Eight more days...
Big thank you to our silver sponsor: Tarsnap
https://www.tarsnap.com/
If you haven't secured your spot yet, now's the time!
https://tickets.eurobsdcon.org/
Vidimo se u Zagrebu!!
EuroBSDCon 2025 in Zagreb, Croatia
September 25-28, 2025
A répondu dans un fil de discussion
#OpenBSD's i386/amd64 bootloader has long had a built-in command "mach[ine] mem[ory]" to print the memory map, and was often useful to include in bug reports, etc.
https://man.openbsd.org/man8/amd64/boot.8#memory
This command also historically supported the ability to modify the memory map obtained from the BIOS to artificially constrain system memory for debugging.
boot> mach mem =64M
It was also occasionally used by developers/users to workaround broken configurations (removing a memory range clobbered by the BIOS/devices at runtime, etc), and could even be added to boot.conf(5).
Unfortunately, modifying the memory map has not worked at all on UEFI machines... until today! 
*
https://marc.info/?l=openbsd-cvs&m=175799914630821&w=2
That said, please don't do this. 
man.openbsd.orgboot(8) - OpenBSD manual pages
I configured redundant #DNS and #DHCP services on 
#OpenBSD and all I got was this lousy blog post: https://www.tumfatig.net/2025/redundant-dhcp-and-dns-resolver-using-openbsd/
Anyway, enjoy if that's your thing too. And 
#RunBSD anyway!
www.tumfatig.netRedundant DHCP and DNS Resolver using OpenBSDOne of my OpenBSD server provides DHCP and DNS resolving for my home LAN. But it sometimes has to go into maintenance mode. And if an IoT or phone requires an IP address or an FQDN at the precise moment, I hear screaming throughout the whole house.
So I decided to have fully redundant network services using two OpenBSD servers.
Suite du fil
$ softwareupdate --fetch-full-installer --full-installer-version 26.0
Scanning for 26.0 installer
Installing: 69.0%
See you on the other side 
I am going to break my MBP M2 by updating to macOS Tahoe - so you don't have to try whether your #OpenBSD install survives 
UPDATE: Works, nothing broken.
With a little Debian VM magic (vmctl, pf, ssh), you can run Signal Desktop mostly seamlessly; even with a menu icon.
Write-up here 
https://geekyschmidt.com/post/signal-debian-vm-openbsd/
geekyschmidt.com · Running Signal Desktop in a Debian VM on OpenBSD Thanks to Anirudh for getting me started on the right path!
Running Signal Desktop in a Debian VM on OpenBSD I wanted to get Signal Desktop running in a way that integrates smoothly with my OpenBSD host. Since Signal doesn’t have a native OpenBSD port, I spun up a Debian VM using vmm(4) and vmctl. Below are my notes for setting this up, including a few gotchas.
Step 1: Download Debian ISO Start with the Bookworm Debian netinst ISO (I had issues with Trixie):