@AudeCaussarieu Nope, pour les 3 !
BSD est une autre famille de systèmes d'exploitation sous licence(s) libre(s) :
#OpenBSD
#FreeBSD
#NetBSD
#DragonflyBSD
#PCBSD
etc.

Laquelle a le pouvoir de servir ? 😈

@ploum

Installing #OpenBSD on this old Macbook Pro is kicking my butt but at least I have help.
#degucontent

Alt...

A degu perched on top of a Macbook screen

It is interesting that I stumble over @solene every time I look for anwers on #OpenBSD ;) You do seem to have the same questions. Not always answers, but it keeps me from doing things in vain.

What is recommended to buy to setup AP for providing wi-fi service? #openbsd

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟰/𝟮𝟭 (Valuable News - 2025/04/21) available.

https://vermaden.wordpress.com/2025/04/21/valuable-news-2025-04-21/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

So, there we are: #swad has its second credentials checker module, using #password #files, partially #apache #htpasswd compatible (only #bcrypt, using #OpenBSD's code). 🥳

https://github.com/Zirias/swad/commit/385bc5286c607c7220067844c37bc5eb6cb6c18c

#C #coding

Dive into topics like PulseAudioDB, OpenBSD routers, shell history improvements, and more.
It's a solid edition with a gem: “Get your own home bin”, something we probably all do already in our own special ways.

→ https://utcc.utoronto.ca/~cks/space/blog/sysadmin/MyPersonalProgramsSetup

→ Full issue: https://newsletter.nixers.net/entries.php#286
#Unix #Linux #OpenBSD #Shell #Dotfiles #Newsletter #Nixers

Graphed and measured: running TCP input in parallel #openbsd
https://undeadly.org/cgi?action=article;sid=20250418114827

I need some advise: Is there a good portable and free (really free, not GPL!) #implementation of #bcrypt in #C around?

There's #OpenBSD source I could use, but integrating that would probably be quite a hassle...

Background: I want to start creating a second credential checker for #swad using files. And it probably makes sense to support a sane subset of #Apache's #htpasswd format here. Looking at the docs:
https://httpd.apache.org/docs/current/misc/password_encryptions.html
... the "sane subset" seems to be just bcrypt. *MAYBE* also this apache-specific flavor of "iterated" MD5, although that sounds a bit fishy ...

Today, I implemented the #async / #await pattern (as known from #csharp and meanwhile quite some other languages) ...

... in good old #C! 😎

Well, at least sort of.

* It requires some standard library support, namely #POSIX user context switching with #getcontext and friends, which was deprecated in POSIX-1.2008. But it's still available on many systems, including #FreeBSD, #NetBSD, #Linux (with #glibc). It's NOT available e.g. on #OpenBSD, or Linux with some alternative libc.

* I can't do anything about the basic language syntax, so some boilerplate comes with using it.

* It has some overhead (room for extra stacks, even extra syscalls as getcontext unfortunately also always saves/restores the signal mask)

But then ... async/await in C! 🥳

Here are the docs:
https://zirias.github.io/poser/api/latest/class_p_s_c___async_task.html

#C #coding

One of my (very few) annoyances with #OpenBSD is that, in the event of total power failure, the filesystem can be left in an inconsistent state and require manual intervention to fix it before the machine will boot.

I'd find it more annoying, apart from the fact that I have to use the command `fsck_ffs` which perfectly mirrors my own sentiments when it occurs :-D

IO performance benchmarking on #openbsd by @sizeofvoid

Also features a comparison with #linux IO performance

https://rsadowski.de/posts/2025/fio_simple_benckmarking/

What's the state of wi-fi 7? I could try to send someone an Intel be201 to write firmware and driver. #openbsd

The SSD in my mailserver has 19,782 power on hours (which is 825 days, little over two years) with 'just' 13 powercycles. And let me tell you, those 13 powercycles are solely because I rebooted the system (upgrade, maintenance).

That is how rock-stable #OpenBSD and #OpenSMTPD are.

The initial konilo-over-irc system is running in the #retro and ##forth channels on libera.chat. This provides a full #Konilo #Forth system, with separate memory, block storage, and stacks per user, and persistence between uses. It uses a lightly modified version of the standard VM, and runs on a stock #OpenBSD system.

The initial code snapshot has been released on my patreon, and a general release will be made in the next few weeks, after further testing, cleanups, and documenting.

I've also been working on a hosted shell-based system, which should be released to my patrons within a few days, and more broadly next month.

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟰/𝟭𝟰 (Valuable News - 2025/04/14) available.

https://vermaden.wordpress.com/2025/04/14/valuable-news-2025-04-14/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Errata patches for Perl have been released for OpenBSD 7.5 and 7.6.

In Perl, non-ASCII bytes in the left-hand-side of the `tr` operator can overflow an insufficiently sized buffer. CVE-2024-56406

https://www.openbsd.org/errata76.html

#OpenBSD

First change since #swad 0.2 will actually be a (huge?) improvement to my #poser lib. So far, it was hardwired to use the good old #POSIX #select call. This is perfectly fine for handling around up to 100 (or at least less than 1000, YMMV) clients.

Some #select implementations offer defining the upper limit for checked file descriptors. Added support for that.

POSIX also specifies #poll, which has very similar #scalability issues, but slightly different. Added support for this as well.

And then, I went on to add support for the #Linux-specific #epoll and #BSD-specific #kqueue (#FreeBSD, #NetBSD, #OpenBSD, ...) which are both designed to *solve* any scalability issues 🥳

A little thing that slightly annoyed me about kqueue was that there's no support for temporarily changing the signal mask, so I had to do the silly dance shown in the screenshot. OTOH, it offers changing event filters and getting events in a single call, which I might try to even further optimize ... 😎

#C #coding

Alt...

kqueue client code, manually relaxing the signal mask for just the single kevent() call waiting for new events.

While waiting for #OpenBSD 7.7 don't forget to update your 7.6 machines with the following:

014 2025-04-09 RELIABILITY Incorrect internal RRDP state handling in rpki-client can lead to a denial of service.

013 2025-04-09 SECURITY sshd(8) fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented.

012 2025-04-09 SECURITY iked(8) and isakmpd(8) fix double-free in ecdh mode.

What is recommended for buying a wi-fi router? #openbsd

Is a Pine RockPro64 a good choice for Nextcloud? #openbsd

openrsync is a lightweight rsync replacement developed by the OpenBSD team.
It focuses on security, simplicity, and a small footprint.

While not yet feature-complete compared to GNU rsync, it supports common
use cases like recursive copying, preserving permissions, and syncing over SSH.

Originally introduced in OpenBSD 6.5 (May 2019)
Authored by Kristaps Dzonsons
🔗 https://www.openrsync.org/manual.html

Thinking about writing a SlackBuild for it — I’ll give it a proper test first. 🙂

#openbsd #openrsync #slackbuild #rsync

I got asked if I could create a #howto for creating a (public) #NAT64 service - just like I did recently for #BoxyBSD. With #DNS64 and #NAT64 you can also reach resource in the legacy internet (#IPv4) on #IPv6 only systems.

While this is based on #unbound and #tayga, there’s also a solution by using the #OpenBSD's native way which is also running on the other gateway. I’ll share a second how to how to do this in OpenBSD and pf.

https://gyptazy.com/howto-create-a-public-dns64-nat64-gateway/

**BSD Mail Project Update!**

Hello everyone! I wanted to share some exciting updates about the development of BSD Mail, our privacy-focused email service designed with robustness, security, and transparency in mind. Here’s a deep dive into the technical choices I've made, focusing on my use of open source solutions and open protocols:

🌍 **Servers & Location**

- We're running on two physical servers:
- One hosted by OVH in France
- Another by Hetzner in Germany
- Both servers operate on FreeBSD with NVMe drives in a ZFS mirror configuration for speed and data integrity.

🔒 **Virtualization & Security**

- We utilize jails on both servers to ensure isolated environments for different services, managed via BastilleBSD. On one server, jails are set up directly on the hardware, whereas the other server employs nested jails.
- Each server hosts a bhyve VM running OpenBSD with OpenSMTPD for handling SMTP duties securely.

🔗 **Networking**

- A Wireguard setup connects the two servers, facilitating routing capabilities so that jails and VMs can communicate seamlessly, supporting both IPv4 and IPv6.

📧 **Email Services**

- **Dovecot** is configured for maildir replication across the servers using Dovecot sync, ensuring email availability and redundancy.
- **Rspamd** instances are tied to local KeyDB jails, set up in master-master replication for consistent and reliable spam detection and greylisting.
- **ClamAV** runs in corresponding jails for virus scanning, maintaining a high level of security.
- **SOGo** provides a web interface for email management, connected to MySQL databases in master-master replication to handle sessions and authentication smoothly.

💾 **Data Management**

- Email data is stored on separate, encrypted ZFS datasets to secure emails at rest.
- MySQL databases are used for storing credentials and managing sessions for SOGo, also in a master-master replication setup. Importantly, all passwords are securely hashed using bcrypt, ensuring they are salted and safe.

🔎 **Monitoring & Reliability**

- Our DNS is managed through BunnyNet, which continuously monitors our server status. Should one server—or a specific service—become unavailable, DNS configurations are dynamically adjusted to avoid directing users to the affected IP until full service is restored.

🌐 **Commitment to Open Source and Open Protocols**

- Every component of BSD Mail is built exclusively using open source software and open protocols. This commitment is crucial for ensuring data freedom and the reliability of the solutions we use.

This setup not only emphasizes our commitment to privacy and security but also our dedication to maintaining an open and transparent platform.
We're excited to bring you a service where your privacy, data integrity, and freedom are prioritized. Stay tuned for more updates!

#BSDMail #OpenSource #Privacy #FreeBSD #OpenBSD #EmailHosting #Email

It's official: the new email hosting service I'll be launching will run on OpenBSD as well. The two OpenSMTPD SMTP servers will operate on two OpenBSD installations.

#EmailHosting #Email #OpenBSD #OpenSMTPD

Sharing some technical details about how I'm setting up the hosted email service. It will not be a service of BSD Cafe but tied to my own business. It will run entirely on BSD systems and on bare metal, NOT on "cloud" VPS. It will use FreeBSD jails or OpenBSD or NetBSD VMs (but on bhyve, on a leased server - I do not want user data to be stored on disks managed by others). The services (opensmtpd and rspamd, dovecot, redis, mysql, etc.) will run on separate jails/VMs, so compromising one service will NOT put the others at risk. Emails will be stored on encrypted ZFS datasets - so all emails are encrypted at rest - and only dovecot will have access to the mail datasets. I'm also considering the possibility of encrypting individual emails with the user's login password - but I still have to thoroughly test this. The setup will be fully redundant (double mx for SMTP, a domain for external IMAP access that will be managed through smart DNS - which will distribute the connections on the DNS side and, in case of a server down, will stop resolving its IP, sending all the connections to the other. Obviously, everything will be accessible in both ipv4 and ipv6 and in two different European countries, on two different providers. Synchronization will occur through dovecot's native sync (extremely stable and tested). All technical choices will be clearly explained - the goal of this service is to provide maximum transparency to users on how things will be handled.

#BSD #FreeBSD #OpenBSD #NetBSD #emailHosting #encryption #ZFS #dovecot #opensmtpd #rspamd #emailSecurity #techTransparency #ipv6 #Europe

#OpenBSD may introduces Word into the base system

https://marc.info/?l=openbsd-tech&m=170742832804260&w=2

Running #wayland compositor #sway on #OpenBSD is very easy (only -current at the moment)

- pkg_add sway
- stop xenodm
- log-in as your user in a tty
- run /usr/local/bin/startsway.sh

that's all

Alt...

Screenshot of an OpenBSD desktop running the wayland compositor sway