Configuring cwm on OpenBSD
For those unfamiliar, cwm is the Calm Window Manager. It’s part of the OpenBSD base distribution as one of the native window managers, along with an old version of fvwm and the venerable twm. It’s pretty simple but surprisingly powerful, a floating window manager with some basic manual tiling. It’s keyboard-centric, has an application launcher and highly configurable menus. It uses groups rather than workspaces which provides a lot of flexibility. My configuration isn’t particu … ⌘ Read more
OpenBSD 7.8 released
Like clockwork, every six months, we have a new OpenBSD release. OpenBSD 7.8 adds support for the Raspberry Pi 5, tons of improvements to sleep, wake, and hibernate, the TCP stack can now run in parallel on multiple processors, and so much more. DRM has been updated to match Linux 6.12.50, and drivers for the Qualcomm Snapdragon DRM subsystem and Qualcomm DisplayPort controller were added as well. The changelog is, as always, long and detailed, so head on over for the finer details. OpenBS … ⌘ Read more
NLnet sponsors development of WPA3 support for OpenBSD
The NLnet foundation has sponsored a project to add WPA3 support to OpenBSD, support which in turn can be used by other operating systems. This project delivers the second open-source implementation of WPA3, the current industry standard for Wi-Fi encryption, specifically for the OpenBSD operating system. Its code can also be integrated by other operating systems to enable modern Wi-Fi encryption, thereby enhancing the div … ⌘ Read more
Haiku gets fixes for NFS4, improves its BSD driver compatibility layer
Another month, another activity report from the Haiku project. This past month, a lot of work went into the FreeBSD/OpenBSD network driver compatibility layer, opening the door to drivers using interfaces other than PCI or USB. Support for NFS4 took a bit of a hit with last month’s changes to VFS, and these have been addressed, and other aspects of NFS4 have been improved as well. On top of t … ⌘ Read more
@dce@hashnix.club Which Thinkpad specifically is this? “Late-2010s” doesn’t sound very old, to be honest, I wonder why OpenBSD is giving you so much trouble. 🤔
mandoc is nicer to read/write than the man macro package and, most importantly, it’s semantic markup.
HTML output is a bit broken in GNU groff, though (OpenBSD on the left, GNU on the right):
https://movq.de/v/f1898e648f/s.png
🤔
Still, I’m inclined to convert my manpages to mandoc.
OpenBSD has the wonderful pledge() and unveil() syscalls:
https://www.youtube.com/watch?v=bXO6nelFt-E
Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.
Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:
unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);
Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.
I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.
I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():
So I was using this function in Rust:
https://doc.rust-lang.org/std/path/struct.Path.html#method.display
Note the little 1.0.0 in the top right corner, which means that this function has been “stable since Rust version 1.0.0”. We’re at 1.87 now, so we’re good.
Then I compiled my program on OpenBSD with Rust 1.86, i.e. just one version behind, but well ahead of 1.0.0.
The compiler said that I was using an unstable library feature.
Turns out, that function internally uses this:
https://doc.rust-lang.org/std/ffi/struct.OsStr.html#method.display
And that is only available since Rust 1.87.
How was I supposed to know this? 🤨
Crosscompiling for OpenBSD arm64
Following on from OpenBSD/arm64 on QEMU, it’s not always practical to compile userland software or a new kernel on some systems, particularly small SoCs with limited space and memory – or indeed QEMU, in fear of melting your CPU. There are two scenarios here – the first, if you are looking for a standard cross-compiler for Aarch64, and the second if you want an OpenBSD-specific environment. ↫ Daniel Nechtan Exactly what it says on the tin. ⌘ Read more
OpenBSD 7.7 released
Another six months have passed, so it’s time for a new OpenBSD release: OpenBSD 7.7 to be exact. Browsing through the long, detailed list of changes, a few important bits jump out. First, OpenBSD 7.7 adds support for Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point), Radeon RX 9070 (Navi 48), and Intel’s Arrow Lake, adding support for the latest x86 processors to OpenBSD. There seems to be quite a few entries in the list related to power management, from work on hibernation and suspend … ⌘ Read more
↳
In-reply-to
»
@movq i tried ngircd but couldn't figure it out T__T i left it at the web client and bouncer for now but i might toy with an IRC server another time!
⤋ Read More
@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:
[Global]
Name = your.irc.server.com
Password = yourfancypassword
Listen = 0.0.0.0
Ports = 6667
AdminInfo1 = Well, me.
AdminInfo2 = Over here!
AdminEMail = forget.it@example.invalid
[Options]
Ident = no
PAM = no
[SSL]
CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
DHFile = /etc/ngircd/dhparam.pem
Ports = 6669
Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)
I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅
@andros@twtxt.andros.dev Can you reproduce any of this outside of your client? I can’t spot a mistake here:
$ curl -sI 'http://movq.de/v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:17 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd
$ curl -sI 'https://movq.de/v/8684c7d264/gimp11%2D1.png'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131798
Content-Type: image/png
Date: Wed, 19 Mar 2025 19:53:19 GMT
Last-Modified: Wed, 19 Mar 2025 17:18:07 GMT
Server: OpenBSD httpd
$ telnet movq.de 80
Trying 185.162.249.140...
Connected to movq.de.
Escape character is '^]'.
HEAD /v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg HTTP/1.1
Host: movq.de
Connection: close
HTTP/1.1 200 OK
Connection: close
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:31 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd
Connection closed by foreign host.
$
A more robust raw OpenBSD syscall demo
Ted Unangst published dude, where are your syscalls? on flak yesterday, with a neat demonstration of OpenBSD’s pinsyscall security feature, whereby only pre-registered addresses are allowed to make system calls. Whether it strengthens or weakens security is up for debate, but regardless it’s an interesting, low-level programming challenge. The original demo is fragile for multiple reasons, and requires manually locating and entering addresses for each bu … ⌘ Read more
I’ve never liked the behavior of OpenBSD’s shell where it just scrolls horizontally:
https://movq.de/v/1371f7efbc/vid-1741714971.mp4
But now I’m this close to implementing the same thing in my own shell – because it’s probably much, much easier than multiline stuff. 😅
Exploring the (discontinued) hybrid Debian GNU/kFreeBSD distribution
For decades, Linux and BSD have stood as two dominant yet fundamentally different branches of the Unix-like operating system world. While Linux distributions, such as Debian, Ubuntu, and Fedora, have grown to dominate the open-source ecosystem, BSD-based systems like FreeBSD, OpenBSD, and NetBSD have remained the preferred choice for those seeking security, performance, and licensing flexibility. … ⌘ Read more
It should be fixed now. Just needed some unusual quoting in my httpd.conf: https://mail-archive.com/misc@openbsd.org/msg169795.html
@lyse@lyse.isobeef.org Sorry, I don’t think I ever had charset=utf8. I just noticed that a few days ago. OpenBSD’s httpd might not support including a parameter with the mime type, unfortunately. I’m going to look into it.
@movq@www.uninformativ.de Variable names used with -eq in [[ ]] are automatically expanded even without $ as explained in the “ARITHMETIC EVALUATION” section of the bash man page. Interesting. Trying this on OpenBSD’s ksh, it seems “set -u” doesn’t affect that substitution.
OpenBSD, HelloSystem, and BSD Rabbit Holes
Listen now (31 min) | The Lunduke Journal of Technology Podcast - Feb 19, 2023 ⌘ Read more
CIA & FBI can neither confirm nor deny they know about these Operating Systems
Gentoo Linux, OpenBSD, and even Windows Vista are hush-hush. ⌘ Read more
Lunduke’s Weird Computing News - Oct 23, 2022
Listen now (34 min) | Z80 Computer, Solitaire via Gopher, OpenBSD, PumpkinOS file browser, and Ladybird Web browser. What a week! ⌘ Read more
@quark@ferengi.one And don’t miss its song. You will be in for a treat!
OpenBSD 7.0, get it while is hot, folks! 🐡
Signed up to https://tilde.institute/ now waiting for account approval #OpenBSD
I need to find OpenBSD and C-developers in my area. I feel lonely and stuck way too often. And I feel annoyed by every event here being targeted at linux beginner folks.
@metamurks@www.metamurks.org: Actually I’m running OpenBSD on APU2 routers, but that would have been to much to explain for the tweet. And OpenWRT is pretty much as good. The APU2 hardware is quite nice compared with what else is out there.
I switched to OpenBSD and it’s nice.
I’m getting used to OpenBSD rather fast. I’s really very consistent and joyful to work with. #openbsd
fmt removed my escape sequences on openbsd. txtnish now defaults to fold -s, which makes even more sense as it is specified by posix.
Fun fact: OpenBSDs vi does not support utf8. That’s probably the first time I haven’t just used the default system vi.
Damn, colors are not working on openbsd! #txtnish