OpenBSD 6.6 has packaged all of the software I use except for transmission-remote-gtk.
Is there a spoonfeed guide for using this thing with GRUB? I can dual boot openbsd/gentoo to play around if so.
>>8140 >Now is the time to give it a shot, Nanons!
Is it? I see no particular reason to give it a shot (again, as I try to main it every few years before I get tired of how slow it is and how poor the hardware support remains and how much software remains unavailable for it). For my threat model, Linux, especially with the precautions I take, is good enough, and it actually runs on all of my hardware, unlike OpenBSD. And for someone concerned about targeted surveillance/attacks from well-funded state actors, neither Linux nor OpenBSD is adequate. Just like Linux, OpenBSD is full of 0days that state actors can burn if they really want you.
Add to that the fact that OpenBSD's vaunted security guarantees only apply to a base install, and that virtually nobody runs just a base install, and you end up with a very porous system. Theo's refusal to implement MAC in OpenBSD means that a misbehaving program like a TUI web browser that's been compromised can leak your SSH and PGP keys, or your Bitcoin wallet, or drop a malicious script into your X startup files. It's all security theatre.
Most of us would be better served by not only not installing OpenBSD, but by minimizing our computer use altogether. Most of us are just killing time with these devices. We'd be better off reading books, learning useful skills, or maybe even oiling up the hinges on the front door and actually engaging with real life for a while.
But, it's comfy in here, isn't it? It's comfy with our little hobbies, and our niche operating systems that almost nobody's ever heard of, and our seekrit .onion clubs. Maybe we can settle on OpenBSD after all, spend our time fiddling with its switches and knobs, and finally find ourselves
>Resting weary limbs at last on beds of asphodel.
>Surely, surely, slumber is more sweet than toil, the shore
>Than labour in the deep mid-ocean, wind and wave and oar;
>O, rest ye, brother mariners, we will not wander more.
>>8146 I kind of just wanted to spark conversation.
And because transmission has the least bad RPC and the best torrent implementation.
Guess I'm going to install openbsd this weekend.
Real question though, is the partitioning scheme any trouble? Should I just make a single partition for root and another for home on openbsd?
I have used openbsd before, had a good experience, but it was a quick install and look around on a virtual machine that I quickly purged.
>a misbehaving program like a TUI web browser that's been compromised can leak your ssh and PGP keys, or your bitcoin wallet, or drop a malicious script into your X startup files. It's all security theatre.
A misbehaving TUI browser on OpenBSD cannot necessarily do any of that. Firefox and Chromium have both implemented strict pledge() policies.
>>8154 Firefox and Chromium are not TUI web browsers. I specified TUI web browsers out of a sense of fairness. Firefox and Chromium are both so heavy, so complex, and so full of holes that pledge can't save them. I also seriously doubt that pledge calls have been implemented in the OpenBSD versions of Firefox and Chromium to the extent that all of the relevant calls are covered, though if you have evidence to the contrary, I'd be interested to know.
Also, unlike TUI web browsers, GUI web browsers require running X and OpenBSD slurped up a ton of unaudited DRI/DRM code for X that's full of vulns waiting to be discovered.
>>8153 Nothing really wrong with partitioning your drive only for / and /home for a personal install, but I might add at least a modest swap partition. I tend to like having a /var and /tmp partitions for no particular reason, though.
>>8153 Auto partitioning is good by default. There's no need to mess with it, you'll just complicate things for yourself. OpenBSD instalation and use is simple: choose the sets you want, leave it for 5 minutes. Come back, login, read the man pages if you have any question and done.
>>8155 >Firefox and Chromium are both so heavy, so complex, and so full of holes that pledge can't save them.
Why can't pledge save them? Do you have a single fact to back that up?
Those browser also use unveil() now, and I'm also confident that Links utilizes pledge() and unveil().
>>8152 >Most of us are just killing time with these devices.
>learning useful skills
>But, it's comfy in here
We need appropriate networking even if it is just pseudonymous. We're eventually looking at mini Y2K scenarios with race riots and major food shortages. A solar flare can fuck up everything. A disaster like Negrocane Katrina can strike again. Even some nutjub or actor can attack critical points of infrastructure and we lose all our power and communication. All that time society's been spending on consumption and distraction through networking/internet is all for naught. Most of the population doesn't have adequate rations or even a decent way to communicate in such a scenario. You will have spent years maintaining your niche piece of shit system that will do nothing when it matters. What a hobby.
I think we need a secure way of networking while avoiding bait and traps. It may sadly have to be physical op-security since we are higher priorities on watch/blacklists.
Shitposting is just posting shit.
The rest is mental masturbation.
>>8161 About a month ago, there was talk on the OpenBSD mailing list about some pledge related patches for Firefox, but I don't think they're currently being shipped. I looked at the patches OpenBSD currently uses for Firefox, and there were no references to pledge or unveil in them. Their Chromium patches do contain a handful of unveil and related calls.
Firefox contains over 12,000,000 lines of code. Chromium is also huge. Does a handful of pledge calls really mitigate all of the problems lurking in that much code? I doubt it.
I can't get this piece of shit to write its EFI bootloader to my ESP.
I can't get my ESP on disklabel after the install either. If I were to do that it would make openbsd's boundary overlap a partition between it and the ESP.
BIOS mode boot doesn't work either.
>>8188 What exactly are you doing? Did the install process fail? What message it shows? Did you do anything different for the install? Try auto install and see if it works. If it does, then the problem is you and not the system.
>>8186 >Does a handful of pledge calls really mitigate all of the problems lurking in that much code? I doubt it.
Why? Especially for the security threats you mentioned as examples, proper use of unveil() will very likely prevent your ssh and pgp keys from being leaked, your bitcoin wallet from being leaked, and prevent any mailicious scripts from being implanted anywhere outside the scope of what filesystem paths unveil() has permitted.
>>8191 installed to a partition with automatic disklabel. Everything went fine, but it wasn't writing its bootloader to my ESP. I copied it manually and it worked though.
>>8199 Good it worked.
>Everything went fine, but it wasn't writing its bootloader to my ESP.
That's strange, though. If you can, create a temporary email through Tor (cock.li works fine) and send a bug report on misc@openbsd.org or bugs@openbsd.org
>>8192 >proper use of unveil()
unveil isn't currently being used at all in Firefox as shipped in OpenBSD. Is it being used properly in Chromium? I don't know. Neither do you. You're not posting code examples and explaining them; you're hand-waving.
>will very likely prevent
"Very likely?" In this context, security against a given attack isn't probabilistic. I don't want to hear about "very likely." I want you to demonstrate how the use of pledge/unveil/etc prevents exploits. You can't.
>>8204 Nanon, you would be better off getting that info from the horse's mouth by bitching on ports@. But chances are they'll just tell you to read the patches in the ports tree and consult one of the many papers about pledge/unveil that OpenBSD developers have given at numerous conferences in the past couple years. The best you'll get here is a tl;dr which you already (correctly) say isn't good enough.
FWIW Firefox and Chromium aren't secure even with pledge, even with Javashit disabled, just don't install them.
I know for a fact that lynx on OpenBSD is pledged half to death though. It tells the kernel to deny filesystem access to it right away. Look in ports/www/lynx/patches/patch-src_LYMain_c.
>>8210 >Nanon, you would be better off getting that info from the horse's mouth by bitching on ports@
I don't care, though. And the burden of proof isn't on me. I'm just pointing out that people hand-waving about the supposed security of Firefox and Chromium on OpenBSD have provided no evidence for their claims and, in all likelihood, have no fucking idea what they're talking about.
okay fuck i installed furryfox because paleshit isnt on the repos, then i installed noscript, and when i clicked the noscript button the webextension version has a pozzed bloated interface that you don't even know what each button does until you hover it and get a tooltip.
the palemoon version has a dropdown menu with text and icons as an interface, it's infinitely superior.
what the fuck is wrong with pozware devs today?
>>8354 >durr durr durr
I have a degree in Computer Science and I understand enough to know that if you have superior intellect you must memorize the icon and associate it with a text.
Dumb kids these days can't even understand how to click an Icon. Pathetic!
Hey guys while watching anime on OpenBSD with mpv I found that sndio's resampling is pretty poor. The manpage itself actually says it.
If you add these 2 lines to your mpv.conf, you'll need libsox installed, but it does very high quality resampling.
audio-swresample-o=resampler=soxr,precision=33,dither_method=f_weighted,osr=48000,osf=s16 # Resamples with the high quality sox library and gives it some good settings.
audio-format=s16
>>8434 Also I forgot to mention that mpv defaults to sdl audio when playing stuff on OpenBSD, which causes audio latency issues, so you'll have to set your audio output to sndio which mpv does support but won't default to because it's "experimental" (haven't had trouble with it however).
>>8436 The package is actually called libsoxr on openbsd, I got it as a dep from sox which I also use separately.
If it's not that, what error do you get?
>>8434 Interesting. Never noticed the resampling quality, because I use a shitty headphone, but thanks for sharing.
I also use these others configs on ~/.config/mpv/mpv.conf in case other anons find useful:
Does anyone know if OpenBSD 6.6 with enabled by default support for a bunch of AMD graphics cards if they support the thinkpad method of using external graphics cards? If so OpenBSD is about to be my OS for all of my systems.
One of the things that sticks about OpenBSD is that FreeCAD is not available. I love OpenBSD so much but sadly I am stuck with Linux for a few things still. It feels like I am moving from Windows XP all over again.
>>8469 Probably works, but I don't know exactly. Be aware that not all AMD GPUs is supported by amdgpu driver. Arguably the best supported GPU on OpenBSD is Radeon HD 6450.
>>8483 Not a issue of OpenBSD. Maybe try to ask FreeCAD maintainers if they can maintain a openbsd port...
>>8454 Assign these commands to keyboard shortcuts to change volume:
mixerctl set outputs.master=+2,+2
mixerctl set outputs.master=-2,-2
>44100 samplerate
Don't do that, most PC soundcards don't have a clock capable of 44100 refresh rate, leading to an unknown resampling method being done at the hardware to get it to 48000, which is generally poor. stick to 48000
>>8500 >You flipped out with your cease & decease against a work in progress port of a person who was actually trying to cooperate with you.
>cease & decease
this update fucked up my the automatic security check. It's completely fucked. Have to re-install everything. Build file system all over again. Amazing.
>>8504 I very much want to see the good in OpenBSD, but it's shit like this that keeps me away. I would rather put up with the supposed complexity of Linux and stay on Gentoo than put up with the non functionality of BSD.
>>8505 It really is non functional for general purposes. Even a bare bone install has trouble installing the most basic packages.
I really do like the file structure of it though, it's simply organized. But software compatibility on openBSD is 50-50, even if it's on the repository, it have trouble installing dependancies.Is netBSD something to consider? or firefly?
>>8574 Seriously what software are you installing that gives you all so many issues? I love OpenBSD but I'll be honest when I have issues with it. I have never had any issues with the stability of installed packages or installing any package. NetBSD is a neat project that I have a lot of love for and if DragonFlyBSD's Hammer2 gets ported over to Net then it will probably get ported to OpenBSD sometime too. DragonflyBSD is pretty cool too.
>>8577 >Hammer2 gets ported over to Net then it will probably get ported to OpenBSD sometime too.
The OpenBSD devs seem to not really care about interesting filesystems.
>>8577 They do care but it is not top priority as the current file system does work fine. I know some fans of OpenBSD believe that the file system should not handle such things and yes in a perfect world I agree but this is certainly not a perfect world. From what I have repeatedly seen is that the developers do understand this but they lack the people with the skill and dedication to do it. Hammer2 while far less complex than ZFS is still pretty cumbersome. For now I have a stripped down Ubuntu Server to handle my NAS and backups.
>>8577 This. I have only had issues with packages when on -current. Never on -stable.
Also:
>my "security check"
>my
It's your script. If something broke, you have the responsibility to fix it, not openbsd.
>>8577 All seriousness.I do not troll on nanochan.This place deserves all respect. Above I spewed out vague problems above.It may be related to hardware issues after all.
I have several different laptops. All refirbished junk. I have installed openBSD successfulling on all of them. I have burned 6.5 to disk, and I have upgraded to 6.6 successfully on all.
However when it comes to installing certain software, I have noticed behavior issues.Specifically Tor. Installing a Tor relay never has caused me problems,
>doas pkg_add tor
But when I tried installing tor-browser pkg, there was different behavior on some laptops. Such as, missing libraries/dependencies. Which I found very strange.
openBSD as abrowser works perfectly fine, I'm still trying to figure out why it's so unorthodox between different computers,even when the config files have been build all the same.
>>8583 TBB is not as maintained as Firefox or Chromium. I suggest you ask on ports@openbsd.org if the package is really working or not.
I personally use Links 2 on openbsd, so I don't know the state of TBB port. You can also try pointing normal Firefox to port 9050, even though it will not offer as much privacy.
If you have any issue with openbsd, please try to solve it first before saying the system is shit. Yes, OpenBSD is not perfect, but for the most part it's a user fault and the devs fault. You can always ask for help here on nanochan or on misc@openbsd.org mailing list.
>>8582 >Never on -stable.
It may have changed since the last time I looked, but aren't -stable packages not updated after the release (that's only done for -current)?
>>9032 Already answered on the thread. Stpo spamming your bullshit.
>>9039 Do you have source? Didn't heard about that. If it's true, then this is great news. We need updated packages on openbsd.
>>9048 >Links 1 without your specific firewall configuration is unsafe.
The vulnerability is from 09/15/2019. The packages in 6.6 and -current have been fixed and there's no vulnerability anymore.
Thanks for posting this, I didn't knew Links had this vulnerability. But using this to scare people way from using Links *is* retarded and bullshit.
>Also your configuration only applies to openbsd.
You can do the same thing on any system, including Windows if you want to. Also, only pf firewall rules are openbsd-specific. Everything else is easily done on other unix-based system, such as pointing resolv.conf to localhost and pointing Tor DNSPort to 53.
>>9470 There may be people all over the world using OpenBSD, but there are fewer than those who use FreeBSD, and even fewer than those who use GNU/Linux. How many people do you think installed Debian today? Comparatively, how many people do you think installed OpenBSD today?
>>8210 >Firefox and Chromium aren't secure even with pledge, even with Javashit disabled, just don't install them.
That applies to everything on OpenBSD. Only the base system is audited and fixed, everything else you just run it and pray. Every other modern OS has ways to sandbox untrusted code.
>>9486 >This makes it an excellent system for deploying new security focused software, with no other unneeded services running.
All systems are secure if you only run trusted code on them. Being the most secure OS for doing nothing is basically what OpenBSD is and that's not as useful in the real world as people are fooled into thinking.
>>9537 >All systems are secure if you only run trusted code on them.
I trust the carefully engineered OpenBSD base system more than I would trust the default install of any Linux distribution, which tends to be a mish-mash of random programs.
>Being the most secure OS for doing nothing is basically what OpenBSD is and that's not as useful in the real world as people are fooled into thinking.
Suppose you want to deploy a system for a single purpose with a limited attack surface, OpenBSD is the ideal system.
>>9584 then what the fuck is the point of 'trying out' openbsd if the only safe option is a base install and not daily use? when i want to 'try out' an os, i want to do normal things like browse the web.
>>9592 >It's still more secure than any unix-like system to this date, even if you install other software from packages.
Only if that software itself is secure. Otherwise you're better off with a modern OS which can do sandboxing and access control.
characterlimitcharacterlimitcharacterlimitcharacterlimitcharacterlimitcharacterlimitcharacterlimitcharacterlimit