En
Es
Ru
OctOpenBSD
is a month dedicated to the OpenBSD operating system, celebrating its usage, formally announced by Solène on the 1st of October. The event invited users to share with the world their experience with OpenBSD. Somewhat subversively, it was never said out loud what the culmination of the event will be. It has been four weeks since OctOpenBSD began and this special OpenBSD Webzine issue is the result of that event. Needless to say, in the wake of popular manipulations with the month of October, think inktober or spooktober, preceeding OctOpenBSD was a humorous suggestion to release a Halloween themed issue at the end of the month. Though the idea was entertaining, it eventually evolved into a project celebrating OpenBSD and by extension its net-free insect daemon siblings. While the outskirts of the free and open cyberspace still permeates intoxicated ideas about the use-cases for BSD systems, their users have long since known that those, who find their paths crossed by spiked fish, daemons and dragonflies and fall under their spell, rarely look back. The special issue hopes to show you something new, useful, funny and scary, and perhaps help you find new authors and projects to follow. Whether you swim with the fish in the C, or just observe it from afar, saddled on the back of a penguin, this issue is for you, all the hackers, techno-wizards, the curious, the amateurs and the veterans of the cyberwars. May you have a pleasant read through this special issue. And as always: RUNBSD.
solene: "It's the OctOpenBSD!"
The Special OctOpenBSD issue
"The fish came to me in a dream"
Header images : Three photos of prahou's Puffy
Solène Rapenne, Tomáš Rodr
Translation :
quobit (Spanish), continue (Russian)
Content under CC-BY-4.0.
Authored texts and artwork under their own licenses.
Many thanks to everyone involved in the creation of this special webzine issue
Feed ATOM
7.4
-stable updates since the last webzine issue
001 (all architectures)
Fix several input validation errors in the X server.
002 (all architectures)
Network buffer that had to be split at certain length could crash the kernel.
Scary Tales
from
(not just)
the
Aquarium
ghane: Booting up my Thinkpad X220 after a few weeks of it not being used. Taking longer than usual... I start to get worried: "Why haven't it booted yet?" Then: fsck output fills the whole screen with cleared inodes, etc. Panic starts to build. Is this the end of my SSD? All my non-backed-up data! All my code projects are on that one... (I have of course git mirrors elsewhere, but they might not have been synced up recently.) Panic starts to build while it is effsucking! Then it finally starts. I can log in. Files look good, and when I double-check which partitions were affected, it was only /tmp and /var. I start to get relieved, but then realize that I might have had it hibernated with some important tabs in firefox. In private mode. So those are gone, of course... but it could have been so much worse.
gnemmi: Back when I bought the Thinkpad E490 that I'm typing this from, Dragonfly wouldn't boot due to a double fault in ACPI (typically such a me kind of recursion issue on the stack) due to AML bugs. So I told Dillon, and he had me go "memory address by memory address" looking for symbols that look like functions. He came up with a patch so I could boot my new Thinkpad! Everything was done from syscons!
simon: Many, many years ago I tweaked the bge driver on an OpenBSD production box to allow IPMI pass-through...
anonymous BSD user: One night I'm trying to SSH to my external IP address and get an SSH key warning! Big panic of being hacked! But it was just my ISP, who had a fiber modem/media converter thing that had an incorrectly configured remote management ssh interface, so it stole the ssh traffic! So, I was in fact sshing to another box, on my own IP!
miah: Once upon a time, a friend and I were installing NetBSD on some old Apple hardware. We got through the install, it booted up, but... networking wasn't working. WTF? After scratching our heads and looking at everything we discovered the time on the system was set to a date before the UNIX Epoch. We reset the hardware clock to be within the epoch (and accurate to the date) and suddenly... we could ping!
loop0: running a mail server for an ISP and all of a sudden, the IMAP server stopped working for no reason. Mapped it down to a corrupted shared library file - the fix was to copy the same file from another BSD that was running the same version, but it took me a couple hours to find that out and it didn't help that it was during the weekend during my off-hours. And so it happens - I had one-too-many drinks that day.
esoterik: Running netbsd/macppc on an old power macintosh 8600/120 I had to write OpenFirmware forth code blind to enable the display before installing it. The first time I tried it, it didn't work and I thought that maybe I bricked the machine! I eventually managed to reset the firmware and do it correctly to enable the display. The machine had a good life providing NAT/DHCP/firewall/filesharing for some friends of mine.
Mount a Memory File System (MFS) on OpenBSD
: matto
A Memory File System (MFS) is a file system set up in virtual memory, sometimes called a "RAM-disk". A MFS lives in RAM, and when it is unmounted, the contents of the file system are lost.
Populating the MFS
OpenBSD has a very interesting mount option for memory file systems. This is the option "-P".
In the man page it is described as "-P file". This is what the man pages states:
If file is a directory, populate the created mfs file system with
the contents of the directory. If file is a block device, populate
the created mfs file system with the contents of the FFS file system
contained on the device.
Before mounting the MFS, you set up a directory tree, and call the mount_mfs command with the "-P" flag, pointing to the root of this directory tree. The MFS is mounted and immediately populated with the contents of the directory tree.
Setting the MFS size
The option "-s" is used to set the size of the MFS. With this option, you maximize the amount of RAM that the MFS can use. This is the size in sectors, usually 512 bytes. So, to mount a MFS of 10MB we have to set a size of 20480.
Mounting the MFS
As usual we have to state the device to mount. For MFS, we use swap. Let us say we have a directory tree on our system in "/proto/test", and we want a 10MB MFS, mounted in /mnt.
This would be our mount command:
mount_mfs -o rw -s 20480 -P /proto/test swap /mnt
Or, as a line in /etc/fstab:
swap /mnt mfs rw,-P=/proto/test,-s=20480 0 0
Read the friendly manual
There are many options. The man page for mount_mfs is very valuable. Read it.
Why is this useful
A MFS is useful on systems with read-only storage or systems that run f.e., from an SD-card. This way we can reduce the number of writes to the SD-card. An example of this is to run /var/log in a SBC like a Raspberry Pi in MFS. We can set up a minimal tree in /proto/var/log and populate the MFS with that using the -P option.
For this the line in /etc/fstab could be something like this:
swap /var/log mfs rw,nosuid,noexec,-P=/proto/var/log,-i=128,-s=16384 0 0
Another example is a small home directory for such systems, with a small directory tree containing f.e., .ssh/authorized_keys. Again, this prevents writing to the disk.
A bigger and perhaps more exotic example is to run your entire home directory on your laptop in MFS. You can setup all your config files and so on in a proto-directory, and use that to populate your home in MFS. This way you start with a clean slate after every boot.
xconsole
: prahou
The xconsole(1) is often a target of undeserving hate among OpenBSD users composing guides on how to tweak the desktop experience. Often I come across sentences like: "next let's get rid of the ugly xconsole", but I'm here to preach in defense of xconsole and to make you consider otherwise, turning it into a minimalistic message center.
The fundamental thing to know is that any output redirected to /dev/console will appear in the xconsole window.
$ print "hi, xconsole" >/dev/console
Perhaps it's already becoming apparent, how you could utilize this.
Customization
If the xconsole is started automatically with xenodm, one can customize its appearance in /etc/X11/xenodm/Xsetup_0 with options, or if it is started manually, say through .xsession, one can customize it through .Xresources (and run xrdb -merge ~/.Xresources) after logging in, before starting xconsole.
Running xconsole automatically, after logging in:
..
#in .xsession
xrdb -merge ~/.Xresources
xconsole &
..
..
!Xresources
xconsole*background : pink
xconsole*foreground : black
..
Running xconsole manually:
This command will start the xconsole with an orange background, white text and the fixed-20 bitmap font.
$ xconsole -fn -misc-fixed-medium-r-*-*-20-*-*-*-*-*-iso10646-1 -bg orange -fg white
Some basic examples
cwm companion
Return the CPU temperature when pressing Super+W:
#a script
#!/bin/sh
echo "The CPU temperature is: $(sysctl -n hw.sensors.cpu0.temp0)" >/dev/console
#in .cwmrc
bind-key 4-w /path/to/script
new email
For email clients that support custom command execution on mail delivery, for example with the Mutt client, one could execute the following script through Muttrc:
#a script
#!/bin/sh
echo "$(date +%H:%M) New mail!" >/dev/console
#in Muttrc
set new_mail_command = "/path/to/previous/script"
The possibilities are endless. Give xconsole a chance.
OpenBSD
gaming
Moonring
: thfr
Moonring is an homage to the early RPGs in the vein of ultima. It's 100% free on Steam and runs on OpenBSD using the package love, version 11.
Use the still in alpha indierunner or simply:
$ love-11 moonring.exe
godot
: op
Thanks to thfr, we're making progress with godot4 on OpenBSD. After a tiresome fight with some C++ types mismatches, here it is!
Join the #openbsd-gaming community on IRC at libera.chat!
CYB3R HUNT
: z3bra
When the government decided to lock everyone down because of a worldwide pandemic, nobody expected it to last more than a few months.
People relied on home delivery more and more, and corporations built a self-sufficient network of automated farms and factories, to respond to the ever-growing demand: the CYBFARMs.
Within 10 years the CYBFARM network expanded, and their over-exploitation turned the world into a wasteland. As the world became more hostile, CYBFARMs sent spaceships around the globe, and started delivering everything there, forcing humanity to move into space.
For those stuck on the planet, gathering resources from these highly secured factories became a matter of life and death. After years of scavenging the CYBFARM's trashcans, hackers around the planet started looking into a more sustainable way to get food and supplies, by hacking it.
We call them CYBER HUNTERS.
The CYB3R HUNT is a game of which you are the hero.
Set in a dystopian future, you are a CYBER HUNTER scavenging supplies from the CYBFARM, a network of automated farms and factories controlled by a powerful artificial intelligence. Work your way through the puzzles set by the CYBFARM, earn "flags" to update your score, and discover the History of this world as your quest unfolds!
It's
the
LISPY
GOPHER
SHOW!
Two helping hands from BSD:
inetd and gophernicus
: screwtape
Networking is hard to grok. A rollercoaster without a safety bar. And you have to build it yourself, and yourself and everyone you love is going to be on the maiden run. And you can't choose to not come.
Fortunately I am a recipient of how great OpenBSD is. On all the BSDs, inetd(8) internet super-server is the expected norm, implying high quality handling of all that networking stuff, rate limiting, figuring out what network connection is whose, what to run. It is with this context my friend Paul Someone else pioneers and shares lispy OpenBSD networking. Collaborative designed-accessible security is a name of the game, leading to the secure, dependable and fully featured gophernicus(1) among gopher servers (pledge(2)d and unveil(2)ed).
I was having trouble with enabling UTF-8 - what I had done ended up... A message to the mailing list taught me that I was setting my locale stuff too late, and over time helping context to find out that that commentary was the appropriate and useful thing to say. It's nice to feel halfway competent with my pf.conf(5) from the culture of sharing knowledge and accessibility of safety and strength.
This is not just about OpenBSD. If anything, juxtaposing the stock bozohttpd(8) on NetBSD to OpenBSD httpd(8) basically got me comfortable with inetd(8) at all, and the fairly gentooian FreeBSD install handbook on So You Want X (and OpenBSD for the faintest of heart). Actually this helped me port interlisp's maiko virtual machine build scripts of which one existed then for FreeBSD to OpenBSD readily. So I would even say the BSDs are a team (including difficulties, differences, disagreements) that make the lispy gopher climate possible! (literally SDF where the magic happens mainly uses NetBSD).
screwtape is the host of the Lispy Gopher Show on aNONradio, live every Wednesday at 0UTC.
openbsd
.amsterdam
Want to experience the hassle-free experience of administrating your own server, but lack the hardware? Try openbsd.amsterdam VPS!
jouwbuis.nl
: h3artbl33d
Jouwbuis is an alternative front-end for YouTube, that respects your privacy and shows no ads. The instance is ran and sponsored by h3artbl33d, a Dutch privacy activist and can be used by everyone. Jouwbuis is powered by CloudTube. Thank you and enjoy!
analognowhere.com
: prahou
BSD-inspired art in surrealism, featuring the adventures of Techno-Mage of the Open clan in the mysterious world of Analog Nowhere.
cybernuk.es
: h3artbl33d
Pentesting the net. Privacy respecting frontends and a SearXNG instance.
Hosted in .NL, logging is completely disabled.
unix_surrealism
Puffer fish with tentacles operates a computer
: thedaemon
tiny daemons deliver a computer component up a girl's arm
: prahou
Do you make BSD art? Share it with the world through unix_surrealism!
Going further
"Chanting from the Book of the Cyber Wars."
