triptico.com is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
doas sysupgrade -s
. When 7.8 comes out I take it I just continue doing the same as I read that I no longer need to do the other stuff as of 7.7 . Am I correct ?See referenced text below:
Theo de Raadt (deraadt@) updated the version of OpenBSD -current to "7.7-current".
Those running the latest-and-greatest [via a sufficiently new snapshot or built from source] no longer need to use "-D snap" with pkg_add(1) (and pkg_info(1)).#RunBSD
Soon a new OpenBSD release, v 7.8, will be on the horizon. Time prepare and to reprise "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html (also https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html) #openbsd #install #sysadmin #devops #maintenance #packages #freesoftware #libresoftware
Morgen, 19.08.2025 ab 19:00h wieder im Fuchs im Hofmanns in #Düsseldorf #Bilk: https://www.meetup.com/bsd-user-group-dusseldorf-bsd-nrw/events/310578497/ #runbsd #bsdnrw #bug #freebsd #openbsd #netbsd
Hey! My "Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off?" https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html) is on @vermaden's Valuable news https://vermaden.wordpress.com/2025/08/18/valuable-news-2025-08-18/ #openbsd #spamd #greytrapping #freebsd #valueablenews
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟴/𝟭𝟴 (Valuable News - 2025/08/18) available.
https://vermaden.wordpress.com/2025/08/18/valuable-news-2025-08-18/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
Two #blog posts in less than one week!
It was considered known that there is no support within GNAT (Ada) for illumos. We cross-build a complete native binutils+gcc toolchain for illumos to test out this claim.
...only to discover that illumos has full support within GNAT. Not a single test fails.
https://briancallahan.net/blog/20250817.html
#Ada #illumos #GNAT #GCC #GNU #freesoftware #unix #bsd #freebsd #openbsd #netbsd #dragonflybsd #linux #compiler #compilers
the only c project I hard forked was suckless's slock as they have a terrible security model (it doesn't log anything and has a hard need for suid root)
its also pledge()'d, uses bsd-auth, and has other code readability cleanups
if you're on #OpenBSD, I suggest taking a look at it.
is OpenBSD 10x faster than Linux? (tedu@) https://www.undeadly.org/cgi?action=article;sid=20250817075800 #openbsd #performance #benchmarks #fork #development #freesoftware #linux #libresoftware
notify-send
yet the manual entry for dunst
says there is at the bottom of the doc.SEE ALSO
dunst(5), dunstctl(1), dmenu(1), notify-send(1), dunstify(1)
man notify-send
I get man: No entry for notify-send in the manual.
and I'm running current.The @EuroBSDCon 2021 😈⛳🐡 video's are now mirrored on Exquisite.tube.
So, if you want to:
Now you can! Errr, you already could, but now more privately, federated and without Big Tech.
The playlist for all 2021 talks can be found here.
Good weekend all and happy hacking!
Giving OpenBSD and Xfce another go on the laptop, but I think I'll go back to OpenSUSE until FreeBSD 15 is released 4Q25. Too many paper cuts for now...
hw-probe for the ThinkPad X1 Carbon 5th:
Here’s a little benchmark complements of Jann Horn. It’s unexpectedly slow on Linux.
OpenBSD is so fast, I had to modify the program slightly to measure itself, as the time utility is missing sufficient precision to even record nonzero.
All it does is create one extra thread, then both existing threads create 256 sockets. What’s so hard about that?
#include <pthread.h>
#include <unistd.h>
#include <err.h>
#include <stdio.h>
#include <sys/time.h>
#include <sys/socket.h>
static void open_sockets(void) {
for (int i=0; i<256; i++) {
int sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == -1)
err(1, "socket");
}
}
static void *thread_fn(void *dummy) {
open_sockets();
return NULL;
}
int main(int argc) {
struct timeval one, two;
gettimeofday(&one, NULL);
if (argc > 1)
dup2(0, 666);
pthread_t thread;
if (pthread_create(&thread, NULL, thread_fn, NULL))
errx(1, "pthread_create");
open_sockets();
if (pthread_join(thread, NULL))
errx(1, "pthread_join");
gettimeofday(&two, NULL);
timersub(&two, &one, &one);
printf("elapsed: %lld.%06lds\n", one.tv_sec, one.tv_usec);
return 0;
}
On Linux, I get results approximately as so:
tedu@penguin:~$ ./a.out
elapsed: 0.017770s
tedu@penguin:~$ ./a.out
elapsed: 0.026309s
tedu@penguin:~$ ./a.out
elapsed: 0.018414s
On OpenBSD, here we go, choo choo:
ox$ ./a.out
a.out: a.out: socketsocket: : Too many open files
Too many open files
ox$ ulimit -n 1024
ox$ ./a.out
elapsed: 0.006096s
ox$ ./a.out
elapsed: 0.002508s
ox$ ./a.out
elapsed: 0.002326s
These aren’t identical machines, but roughly comparable.
There’s a hint in the code (nothing to do with networking code, if that was your first guess), with more explanation in the linked thread, which is worth reading and some thinking. I’d love to see the system and benchmark where Linux outperforms here.
Really, I just found it a little funny. Usually it’s the weirdo benchmark that shows OpenBSD being 10x slower, so this one is definitely going in the collection.
It's heartwarming to a greying geek that a 5000+ words retrospective on greytrapping is turning out to be popular - https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
Heads up for Yubikey owners, if you depend on OTP as opposed to FIDO2, #OpenBSD -current will no longer attach these devices as keyboards.
deraadt@ modified src/sys/dev/usb/ukbd.c: Most Yubikey ship with OTP support enabled out of the box (and generate accidental output like cccccblddbkhelgbdjuughbjdcvrddggdcjvricrriuk).
Yubikey re-configuration requires crazy buggy and fragile tools using crazy usb feature support, and therefore OTP disabling is very annoying.
We make a policy decision to not attach these as keyboards anymore, because a majority of users just want the FIDO functionality. If you want to use OTP, buy a different device from a different vendor or convince Yubikey to significantly improve their tooling.
idea from kettenis
I wonder if the #OpenBSD folk have considered moving their Git mirror from #GitHub to say #Codeberg ?
Successfully serving some test sites off my local Mac Mini running OpenBSD / httpd. It’s currently using Eero’s DDNS for the port reservations and forwarding, so it’s only temporary until my real router arrives.
Just a good test though 👍
Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to fool spammers rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟬𝟴/𝟭𝟭 (Valuable News - 2025/08/11) available.
https://vermaden.wordpress.com/2025/08/11/valuable-news-2025-08-11/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
[Again for those on the other side of the pond] -
Friends, it finally happened. On August 7th, 2025, the number of spamtraps rolled past the number of people in my home country. It's time for a retrospective.
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
I've got a ThinkPad X1 Carbon 5th, currently running OpenSUSE Tumbleweed. I want to try *BSD on this laptop.
Network controller is reported as "Intel Corporation Wireless 8265 / 8275 (rev 88)" under Linux.
FreeBSD installs OK, but wireless speed is not impressive, and my USB-C dock doesn't seem to be recognized.
I can live with using a wifi-dongle when out and about, but missing dock connectivity is not something I look forward to. I don't care about the built-in camera.
Is there anything else I should worry about? Sound, Bluetooth, sleep mode, battery life?
First steps in the BSD world!
1) OpenBSD on VPS (Amsterdam)
2) FreeBSD on Raspberry Pi 4 (home)
I'm running a Wireguard connection between the two.
Next step is setting up relayd on the VPS to point at services on the Raspberry Pi server.
Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)
Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway.
It's time for a retrospective.
#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime
Call for testing: USB webcams https://www.undeadly.org/cgi?action=article;sid=20250808083341 #openbsd #usb #webcams #testing #snapshot #freesoftware #libresoftware
Hey #FreeBSD admins with #OpenBSD as second language, what would be the equivalent to ˋacme-client` on FreeBSD?
Like in single command you run every night that checks if your Let’s encrypt certificates are up to date and, if not, just request another one. Nothing more, no integration with other software configuration.
I have looked in the handbook but there doesn’t seem to be a stock option. Also, I used pkg search
but can’t make up my mind from the tenth of results :-/
OpenBSD gets CDE
Adjusted for the inevitable progress of time, the Common Desktop Environment or CDE is the best desktop environment of all time, and no, I will not be taking question at this time. OpenBSD wasn't yet graced by CDE's presence, but this is currently changing as the first commit for porting CDE to OpenBSD has appeared.
It's still rough around the edges and very slightly tested. I wouldn't use is as a
Sometimes the world has to fucking burn. Today was one of those days - so I challenged myself to see how easy it would be to get #OpenBSD -current
to run Python 2.7 code, alongside with downgrading modules (like lxml
and cryptography
).
A bit ro my surprise - it was relatively easy to both install packages from 7.2 in -current
and have it operating stable and smooth. When attempting this on Linux, it ends up uninstalling systemd
with most package managers
DO NOT TRY THIS AT HOME - OR WHEREVER - DO NOT TRY THIS AT ALL. YOU HAVE BEEN WARNED.
I am not skilled in various network technologies for configuring a server, can someone suggest something to try learning that comes part of the #openbsd base installation to expand my skill set?
I've considered setting up a CVS mirror, trying to figure out a multimedia server to play from or a NAS, or buy a domain and see if I can host a static website. I'm open to suggesting something more basic as a beginning point
Sorry if none of this makes any sense but that's just how I roll. 😂
Failure of the day was trying to have #Peertube run on #OpenBSD...
Everything looked pretty ok until I switched the instance online and it started doing... well, it's things... And then, BAM: peertube[26957]: node(84677) in free(): double free 0xb475cc26c20
.
Note sure if the previous
"stack": "Error: Cannot find module '/var/www/peertube/storage/plugins/node_modules/sqlite3/lib/binding/node-v127-openbsd-x64/node_sqlite3.node'\nRequire stack:\n- /var/www/peertube/storage/plugins/node_modules/sqlite3/lib/sqlite3-binding.js\n- /var/www/peertube/storage/plugins/node_modules/sqlite3/lib/sqlite3.js\n- /var/www/peertube/storage/plugins/node_modules/@databases/sqlite/lib/index.js\n- /var/www/peertube/storage/plugins/node_modules/listener-rss-aggregator/build/sqlite-tools.js\n- /var/www/peertube/storage/plugins/node_modules/listener-rss-aggregator/build/listener-rss-aggregator.js\n- /var/www/peertube/storage/plugins/node_modules/listener-rss-aggregator/build/index.js\n- /var/www/peertube/storage/plugins/node_modules/peertube-plugin-auto-import-ytb/dist/src/main.js\n- /var/www/peertube/versions/peertube-v7.2.3/dist/core/lib/plugins/plugin-manager.js\n at Function._resolveFilename (node:internal/modules/cjs/loader:1401:15)\n at defaultResolveImpl (node:internal/modules/cjs/loader:1057:19)
is the culprit. But as I don't understand a single thing about this... :)
https://github.com/9001/copyparty
Wow, running this on my #OpenBSD #PowerPc #Macmini #G4
I saw the YouTube recommendation, but i seldom get the "hype"
Then a friend gave me the link
Seems very interesting.
Was ordering myself a new X220 keyboard and a small, fan-less Intel-based router caught my eye (on sale!). I snagged both :)
When it gets here, I plan to swap out my hacked-together router (2012 mac mini) for it. The next goal would be to repurpose that same mac Mini as a web server my personal, public websites.
Only time will tell if I fail...
At EuroBSDCon 2025 in Zagreb: "Liberating the social web using *BSD" by Jeroen - @h3artbl33d - and Stefano Marinelli, see https://events.eurobsdcon.org/2025/talk/PJJLFV/
Schedule at https://events.eurobsdcon.org/2025/schedule/
To register https://2025.eurobsdcon.org/registration.html
#EuroBSDCon #EBC25 #BSDCafe #FreeBSD #NetBSD #OpenBSD #Networking #BSDCafe #RunBSD #Mastodon #Fediverse #OwnYourData #Security #Networking #Community
Me: huh, I don't remember logging out of my session on the kids' #OpenBSD laptop…oh, right, I did a `doas sysupgrade`, it did the upgrade, rebooted into 7.7, and returned uneventfully to the login screen without requiring any additional intervention or thought.
There's something wonderful about an upgrade-process so boring that you can accidentally forget you did it.
I got asked if I could create a #howto for creating a (public) #NAT64 service - just like I did recently for #BoxyBSD. With #DNS64 and #NAT64 you can also reach resource in the legacy internet (#IPv4) on #IPv6 only systems.
While this is based on #unbound and #tayga, there’s also a solution by using the #OpenBSD's native way which is also running on the other gateway. I’ll share a second how to how to do this in OpenBSD and pf.
https://gyptazy.com/howto-create-a-public-dns64-nat64-gateway/
While I was mucking about with an #openbsd port, I got an email from github offering me access to their ai code writing uselessness.
No! Bad website!
*spritzes with water bottle*
My code doesn't work at the moment. Broken is still better than this offer.
This is my favorite part of the OpenBSD installer because I get it wrong every time, but I love that they anticipated it! #openbsd
**BSD Mail Project Update!**
Hello everyone! I wanted to share some exciting updates about the development of BSD Mail, our privacy-focused email service designed with robustness, security, and transparency in mind. Here’s a deep dive into the technical choices I've made, focusing on my use of open source solutions and open protocols:
🌍 **Servers & Location**
- We're running on two physical servers:
- One hosted by OVH in France
- Another by Hetzner in Germany
- Both servers operate on FreeBSD with NVMe drives in a ZFS mirror configuration for speed and data integrity.
🔒 **Virtualization & Security**
- We utilize jails on both servers to ensure isolated environments for different services, managed via BastilleBSD. On one server, jails are set up directly on the hardware, whereas the other server employs nested jails.
- Each server hosts a bhyve VM running OpenBSD with OpenSMTPD for handling SMTP duties securely.
🔗 **Networking**
- A Wireguard setup connects the two servers, facilitating routing capabilities so that jails and VMs can communicate seamlessly, supporting both IPv4 and IPv6.
📧 **Email Services**
- **Dovecot** is configured for maildir replication across the servers using Dovecot sync, ensuring email availability and redundancy.
- **Rspamd** instances are tied to local KeyDB jails, set up in master-master replication for consistent and reliable spam detection and greylisting.
- **ClamAV** runs in corresponding jails for virus scanning, maintaining a high level of security.
- **SOGo** provides a web interface for email management, connected to MySQL databases in master-master replication to handle sessions and authentication smoothly.
💾 **Data Management**
- Email data is stored on separate, encrypted ZFS datasets to secure emails at rest.
- MySQL databases are used for storing credentials and managing sessions for SOGo, also in a master-master replication setup. Importantly, all passwords are securely hashed using bcrypt, ensuring they are salted and safe.
🔎 **Monitoring & Reliability**
- Our DNS is managed through BunnyNet, which continuously monitors our server status. Should one server—or a specific service—become unavailable, DNS configurations are dynamically adjusted to avoid directing users to the affected IP until full service is restored.
🌐 **Commitment to Open Source and Open Protocols**
- Every component of BSD Mail is built exclusively using open source software and open protocols. This commitment is crucial for ensuring data freedom and the reliability of the solutions we use.
This setup not only emphasizes our commitment to privacy and security but also our dedication to maintaining an open and transparent platform.
We're excited to bring you a service where your privacy, data integrity, and freedom are prioritized. Stay tuned for more updates!
#BSDMail #OpenSource #Privacy #FreeBSD #OpenBSD #EmailHosting #Email
It's official: the new email hosting service I'll be launching will run on OpenBSD as well. The two OpenSMTPD SMTP servers will operate on two OpenBSD installations.
Sharing some technical details about how I'm setting up the hosted email service. It will not be a service of BSD Cafe but tied to my own business. It will run entirely on BSD systems and on bare metal, NOT on "cloud" VPS. It will use FreeBSD jails or OpenBSD or NetBSD VMs (but on bhyve, on a leased server - I do not want user data to be stored on disks managed by others). The services (opensmtpd and rspamd, dovecot, redis, mysql, etc.) will run on separate jails/VMs, so compromising one service will NOT put the others at risk. Emails will be stored on encrypted ZFS datasets - so all emails are encrypted at rest - and only dovecot will have access to the mail datasets. I'm also considering the possibility of encrypting individual emails with the user's login password - but I still have to thoroughly test this. The setup will be fully redundant (double mx for SMTP, a domain for external IMAP access that will be managed through smart DNS - which will distribute the connections on the DNS side and, in case of a server down, will stop resolving its IP, sending all the connections to the other. Obviously, everything will be accessible in both ipv4 and ipv6 and in two different European countries, on two different providers. Synchronization will occur through dovecot's native sync (extremely stable and tested). All technical choices will be clearly explained - the goal of this service is to provide maximum transparency to users on how things will be handled.
#BSD #FreeBSD #OpenBSD #NetBSD #emailHosting #encryption #ZFS #dovecot #opensmtpd #rspamd #emailSecurity #techTransparency #ipv6 #Europe