openbsd

viper.wsb.onl upgraded to #OpenBSD 7.7

"Happy Birthday, Linuks"

#unix_surrealism #openbsd #linux #technomage #birthday

Better the *daemon* you know than the *devil* you don't

#runbsd #netbsd #freebsd #openbsd

Here's a question that I cannot find a definitive answer to. I'm running X on #OpenBSD and I have started configuring my .Xresources but I can't find out if it matters whether a line has capitals or all lowercase. For example:

XTerm*faceSize: 10

is this just the same does it not matter ?

xterm*faceSize: 10

Sorry but if it does not matter, if I start XTerm or xterm then that's good as having both just now plays on my OCD. :D

The slides, the video, and the text behind my presentation at EuroBSDCon 2024 - 'Why and how we're migrating many of our servers from Linux to the BSDs.'

https://it-notes.dragas.net/2024/10/03/i-solve-problems-eurobsdcon/

#ITNotes #FreeBSD #OpenBSD #NetBSD #RunBSD #IT #SysAdmin #EuroBSDCon #EBC24 #EuroBSDCon24 #EuroBSDCon2024 #NoteHUB

I had to reinstall #openbsd on x240 because the /usr slice ran out of space during the last sysupgrade. I'm still amazed how fast and easy it is to install. The only os that I can get from 0 to usable faster is #9front

I submitted a Pull Request to update MacPorts' OpenSSH to 9.9p2 here:

https://github.com/macports/macports-ports/pull/27712

GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign).

I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL.

This release is to address some vulnerabilities identified by Qualys and other less critical bugs.

More details from upstream here:

https://www.openssh.com/releasenotes.html#9.9p2

Of particular note:

" Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2MSGPING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH."

If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users:

"008: SECURITY FIX: February 18, 2025 All architectures
sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem."

Source code patch for OpenBSD here:

https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig

Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present.

As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it.

Update #2: I also decided to be a good Samaritan and reported the issue to Apple. Not that they have ever acknowledged my efforts for such things nor paid me from their bug bounty program in years of doing similar things. Because, OFC, Apple can't spare a penny to anyone like me. Maybe Qualys already reported it to them anyway (though they would have no obligation to do so, they did find the vulns and reported them upstream as would be expected).

#OpenSSH #MacPorts #SecureShell #InfoSec #Cryptography #Security #CVE #PatchTuesday #OpenSource #OpenBSD #macOS

Is everything terrible again? Let's focus on something completely different. Do you write amazing, perfect code on Linux or the BSDs? Well stop reading and get out. For the rest of us, how do we secure our systems? I've put together a survey on Source Code Sandboxing, https://kristaps.bsd.lv/devsecflops, which surveys the practical complexity and uptake of sandbox tools like seccomp, landlock, pledge, and capsicum.

If you've ever interfaced any of the tools I've mentioned, or want to mention another, head on over to https://github.com/kristapsdz/dev_sec_flops and make a pull request.

Enjoy! #Linux #openbsd #freebsd #programming

I want to try #selfhosting for the very first time and I want to try it on #openbsd. Is there anyone that would be up answering questions along the way to help me setup or configure a selfhosting server? I want to try hosting several different services, but I have to start with one, so whichever one someone is most skilled in, that is where I would start.

I want to try a file server, multimedia server to stream a backup server email server, fediverse, whatever someone can help me learn to do.

I've been gifted a Thinkpad X220 that's been lying dormant a number of years.

Instead of my usual Debian I _was_ going to install Arch, but now I'm thinking of making it a dedicated BSD machine. Going to give OpenBSD a go.

#Thinkpad #OpenBSD #RunBSD

I have a theory about 6-month Linux and BSD upgrades having their own kind of "stability" because there's not as far to go between releases https://zola.passthejoe.net/blog/six-month-stability/

#Linux #Fedora #Silverblue #OpenBSD #Debian #Ubuntu

'hello world' i would say.

some of you might already know me, but for those who dont

i'm radhitya (al1r4d in the other place) and interested in #linux, #openbsd, #golang, #c, low-level programming, #esp32, #arduino, and #selfhosting.

i think this should be enough to introduce myself.

Dear friends of the BSD Cafe,

This idea has been in my mind since the very beginning of this adventure, almost two years ago. Over time, several people have suggested it. But until recently, I felt the timing just wasn’t right - for many reasons. Today, I believe it finally is.

So I’m happy to announce a new service:
The BSD Cafe Journal - https://journal.bsd.cafe

At first, I thought I’d use BSSG for it (I even added multi-author support with this in mind), but in the end, it didn’t feel like the right tool for the job.

The idea is to create a multi-author space, with content published on a fairly regular basis. A reference point for news, updates, tutorials, technical articles - a place to inform and connect.
Just like people in Italy used to stop by cafes to read the newspaper and chat about the day’s news, the BSD Cafe Journal aims to be a space for reading, sharing, and staying informed - all in the spirit of the BSD Cafe.

What it’s not:
It’s not here to replace personal blogs, or excellent newsletters like @vermaden 's. And it’s not an aggregator.

What it is:
A place where authors can write original content, share links to posts on their own blogs or elsewhere, publish guides, offer insights, or dive into technical explanations.

The guiding principles are the same as always: positivity, constructive discussion, promoting BSDs and open source in general. No hype (sharing a cool new service is fine, posting non-stop about the latest trend is not), no drama, no politics. The goal is to bring people together, not divide them. To inform, not inflame.
Respect, tolerance, and inclusivity are key. Everyone should feel welcome reading the BSD Cafe Journal - never judged, offended, or excluded.

The platform I’ve chosen is WordPress, for several reasons: it’s portable (runs well on all BSDs), has great built-in role management (contributors, authors, etc.), and - last but not least - supports ActivityPub.
This means every author will have their own identity in the Fediverse (like: @stefano ) and can be followed directly, and it’ll also be possible to follow the whole Journal.

Original and educational content is encouraged, but it’s also perfectly fine to link to existing articles elsewhere. Personally, I’ll link my technical posts from ITNotes whenever I publish them there.

The goal is simple: a news-oriented site, rich in content, ad-free, respectful of privacy - all under the BSD Cafe umbrella.

Content coordination will happen in a dedicated Matrix room for authors. There’ll also be a public room for discussing ideas, giving feedback, and sharing suggestions.

Of course, I can’t do this alone. A journal with no content is just an empty shell.
So here’s my call for action:
Who’s ready to lend a hand? If you enjoy writing, explaining, sharing your knowledge - the Journal is waiting for you.

#BSDCafe #BSDCafeServices #BSDCafeUpdates #BSDCafeAnnouncements #RunBSD #FreeBSD #NetBSD #OpenBSD #illumos #Linux #OSS #OpenSource #BCJournal #BSDCafeJournal