OpenBSD 6.3 released (opens in new tab)

(marc.info)

212 pointspeedy7y ago57 comments

57 comments

Congratulations and thanks to the OpenBSD developers for yet another great release!

From the release notes:

> o Support the sun4v hypervisor interrupt cookie API, adding support for SPARC T7-1/2/4 machines.

Who is running OpenBSD on a big expensive SPARC T7 and why? I'm genuinely curious as to what possible use cases there are which make this a desirable combination.

brynet7y ago

It was probably for testing, but that platform supports partitioning up the hardware through LDOMs, which OpenBSD supports as both a host and guest.

https://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120 (Not expired, Ted runs his own CA)

http://man.openbsd.org/man8/sparc64/ldomctl.8

captn3m07y ago

unrelated, but I found his post about running his own CA quite interesting: https://www.tedunangst.com/flak/post/moving-to-https

2 more replies

zdw7y ago

In general, OpenBSD support for Sparc helps with testing - the Sparc is architecturally quite a bit different from other CPUs:

https://www.openbsd.org/sparc64.html

"The other architectures that OpenBSD supports have benefited because some kinds of bugs are exposed more often by the 64-bit big endian nature of UltraSPARC."

ComputerGuru7y ago

That’s the same reason I include Solaris as a target in my automated build system. It’s arcane enough and independently developed enough to expose incorrect assumptions in C code.

1 more reply

KindOne7y ago

Take a look at this, https://news.ycombinator.com/item?id=12526420 (2016)

"SPARC64 is a favorite of this developer because it's some Alice in Wonderland stuff where up is down and left is right compared to other architectures. So it exposes a number of bugs that others don't."

yellowapple7y ago

I don't know about a SPARC T7, but I do run OpenBSD on my Sun Fire T2000 (UltraSPARC T1) and have been impressed with its LDOM support.

equalunique7y ago

Thanks for the testimony. :)

Becoming a new SPARC user is becoming more tempting to me now.

dptd7y ago

I apologize for being an ignorant for so many years but... who is the OpenBSD target audience? In which areas it is the most popular OS? I worked with Windows, GNU/Linux and macOS (OSX) but never tried OpenBSD.

0xcde4c3db7y ago

In my estimation, mostly a mix of:

- Those running network infrastructure (router, firewall, VPN gateway, mail server, etc.)

- Those who want a simple Unix desktop with no gimmicks and low hassle

- Hardcore Unix geeks who don't like the other flavors for $REASONS

In a more general or vague sense, OpenBSD is often appealing to people who care more about cohesiveness and correctness than about the sheer magnitude of performance and features. If you've ever thought that you might prefer to have an indefinitely supported version of Windows 7 because Windows 10 seems to be crawling with gratuitous changes, bugs, and dubious "features", the appeal is a bit like the Unix equivalent of that.

Galanwe7y ago

> - Those who want a simple Unix desktop with no gimmicks and low hassle

This! When you are using OpenBSD, and wonder how a particular piece of the kernel works, you just open the source code, read it, and you can usually have a good idea of the inner workings with some days studying it. Trying to do the same thing with linux, you would need months to grasp any idea of how it works. Linux is developed by thousands of people all around the world at the same time. OpenBSD on the other hand is developed by a few power developers, which gives the code a unique consistency and readability.

1 more reply

milcron7y ago

OpenBSD is great if you enjoy rooting around in the innards. I find the code simple and easy to read. Man pages are extraordinarily complete and accurate. OpenBSD devs go out of their way to delete unused and crufty code.

tomxor7y ago

> OpenBSD devs go out of their way to delete unused and crufty code.

I noticed this first hand in while submitting a patch for my macbook's touchpad to FreeBSD's wsp driver and then comparing to OpenBSD's driver... The approaches between FreeBSD's and OpenBSD's driver couldn't be more opposite: FreeBSD's is big, explicitly listing each hardware revision/model (hence the reason I had to go in there and add mine), OpenBSD's very minimal, implicitly inferring all hardware revision options so users don't have to add each and every one, it's also very neat and tidy which I think is an underrated quality in source.

Admittedly this is only one file from one small number of devs, far from the whole of FreeBSD, but the contrast matches much of what i've heard of OpenBSD's approach: minimise cruft and bad code, if it's shit and not easy to re-write then delete it, better to be minimal than buggy and insecure.

Full Disclosure: My comment may well be outdated since I moved away from FreeBSD for my desktop 2 years ago, I have nothing against it, I just needed (other) working drivers.

alecco7y ago

BSD people, usually networking. And people who like security (though OpenBSD has detractors). It was used a lot as firewall for critical infrastructure a few years ago, perhaps still is.

Also, installation was quite fast if you knew what you were doing.

sverige7y ago

It has been my daily driver on laptops and desktops for eight years. I have run home servers with it as well.

1 more reply

blitmap7y ago

This may seem like a ridiculous comment but I love that a lot of work on Linux has been to make it easy-as-pie to install/setup quickly and I feel like it's happened in the last couple years (cgroup + systemd stuff mostly). I praise docker for making immutable services commonplace, but I also love projects like cockpit from redhat + netbox + coreOS. There used to be so much technical debt that went into getting a server off the ground and monitoring it.

I'm weird, dunno if others agree ~

swixmix7y ago

OpenBSD's target audience? From what I've seen, it's OpenBSD developers. Your other question was answered in the OpenBSD FAQ. https://www.openbsd.org/faq/faq1.html#WhatIs

ianai7y ago

I run a home brew OpenBSD router. It hosts a vpn server. (Amongst other things) Comes in handy when traveling. Plus, it’s a good way to sharpen my professional skills.

LambdaComplex7y ago

I've been thinking about doing the same thing. What hardware did you use?

2 more replies

tomxor7y ago

I've found some people who run OpenBSD tend to quite like Arch-Linux style systems, there are similarities in terms of minimalism, it's probably the most Arch like of the BSDs. The install process is similarly more hands on also... unlike say FreeBSD's installer which you can almost just keep pressing the return key on.

ams61107y ago

If you haven't used the OpenBSD installer lately, it's about that simple also.

1 more reply

Hydraulix9897y ago

Before cloud was a thing, I used to run an OpenBSD web server in my bedroom on my old desktop. I set it up after my commercial web host was hacked for running outdated Apache.

I stopped using OpenBSD when I tried installing it on my newer Core 2 Duo desktop in ~2008, but the OS would not boot, and I was told on IRC by OpenBSD developers that the hardware was too new for OpenBSD.

FWIW, now I use Arch Linux. I guess I'm in the target demographic.

peatmoss7y ago

I notice the new Broadcom Wifi bwfm(4) drivers. Anyone with better knowledge of the project know what hardware is supported by that? The manpage doesn't mention specific chips: https://man.openbsd.org/bwfm.4

cat1997y ago

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_...

indicates:

  static const struct pci_matchid bwfm_pci_devices[] = {
	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM43602 },
	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM4350 },
  };

those are hex codes defined in:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pci...

as:

  vendor	BROADCOM	0x14e4	Broadcom
  product BROADCOM BCM4350	0x43a3	BCM4350
  product BROADCOM BCM43602	0x43ba	BCM43602

so if you're not sure, checking boot up dmesg on OpenBSD or lspci on linux should give the hexcode of your device which should match 0x14e4 + one of the other two..

peatmoss7y ago

Ooh! Interesting. I've a ~2 year old Macbook Pro with the 43602 chipset. Would be lovely to be able to run OpenBSD on it without wifi dongles.

Panino7y ago

Busy upgrading machines now, lots of nice new things.

Looking forward to checking out the new execpromises in pledge. I use pledge in all my C stuff and have added it to a few other apps. Thanks OpenBSD devs!

krylon7y ago

I just wish other systems would adopt pledge.

Of all the priviledge dropping mechanisms I have encountered, pledge seemed the most comprehensible.

zokier7y ago

> Looking forward to checking out the new execpromises in pledge

Interesting that they just changed the interface from `int pledge(const char * promises, const char * paths[]);` to `int pledge(const char * promises, const char * execpromises);`. I guess that is the power they have by being a BSD and integrated system, they do not worry about userland compatibility.

kiwidrew7y ago

The pledge(2) manpage for 6.2 and earlier states:

"BUGS. The path whitelist feature is not available at this time."

So the second argument was previously unused, and thus could be repurposed without hurting backwards compatability.

1 more reply

ComputerGuru7y ago

What type of machines do you run OpenBSD on, out of curiosity? Routers, workstations, web servers, embedded devices?

Panino7y ago

Routers, workstations, servers (DNS, web, mail, backup).

rob-olmos7y ago

sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys. -- hooray!

Can someone help explain what the "routing domain" is?

jlgaddis7y ago

You can have multiple routing tables (similar to VRFs on networking gear) which are classified into routing domains and assign different rdomains to different applications. See rdomain(4): https://man.openbsd.org/rdomain.4

rob-olmos7y ago

Thanks! And for the VRF tip.

tedunangst7y ago

man rdomain to start, though unfortunately you kind of need to already understand rdomains to fully understand the docs. Basically it's a network partitioning/virtualization tool. Two computers can have two routing tables. rdomains lets one computer have two routing tables. Each process is in one rdomain or another which determines where its traffic goes and how it sees the network.

thisrod7y ago

It sounds like someone wanted /net and private namespaces from Plan 9, but they were stuck with Posix, and this is the catenary track they built to make the square wheels run smoothly.

throwaway20487y ago

Interfaces can be places into rdomains aswell

1 more reply

rob-olmos7y ago

Thanks!

INTPenis7y ago

I actually searched the release notes for ipv4 due to that awful april fools gag. That wasn't funny. ;)

krylon7y ago

I don't get it, Sorry. Can you elaborate? Thanks!

EDIT: Nevermind: https://marc.info/?l=openbsd-cvs&m=152256582629837&w=2

josteink7y ago

That was NetBSD :)

dingleberry7y ago

6.3 Song: Maybe...

zie7y ago

no more songs. :(

segmondy7y ago

Currently running my VPN in Linux on a pi. Gonna see if I get openbsd to run on the pi.

ams61107y ago

https://www.openbsd.org/arm64.html

cmb-prgmr7y ago

As of this morning, customers can install OpenBSD 6.3 on a Prgmr.com VPS using our updated netboot installer. https://prgmr.com/blog/2018/04/03/distributions-updated.html

j / k navigate · click thread line to collapse

57 comments

krylon7y ago

Congratulations and thanks to the OpenBSD developers for yet another great release!

equalunique7y ago

From the release notes:

> o Support the sun4v hypervisor interrupt cookie API, adding support for SPARC T7-1/2/4 machines.

Who is running OpenBSD on a big expensive SPARC T7 and why? I'm genuinely curious as to what possible use cases there are which make this a desirable combination.

brynet7y ago

It was probably for testing, but that platform supports partitioning up the hardware through LDOMs, which OpenBSD supports as both a host and guest.

https://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120 (Not expired, Ted runs his own CA)

http://man.openbsd.org/man8/sparc64/ldomctl.8

captn3m07y ago

unrelated, but I found his post about running his own CA quite interesting: https://www.tedunangst.com/flak/post/moving-to-https

2 more replies

zdw7y ago

In general, OpenBSD support for Sparc helps with testing - the Sparc is architecturally quite a bit different from other CPUs:

https://www.openbsd.org/sparc64.html

"The other architectures that OpenBSD supports have benefited because some kinds of bugs are exposed more often by the 64-bit big endian nature of UltraSPARC."

ComputerGuru7y ago

That’s the same reason I include Solaris as a target in my automated build system. It’s arcane enough and independently developed enough to expose incorrect assumptions in C code.

1 more reply

KindOne7y ago

Take a look at this, https://news.ycombinator.com/item?id=12526420 (2016)

yellowapple7y ago

I don't know about a SPARC T7, but I do run OpenBSD on my Sun Fire T2000 (UltraSPARC T1) and have been impressed with its LDOM support.

equalunique7y ago

Thanks for the testimony. :)

Becoming a new SPARC user is becoming more tempting to me now.

dptd7y ago

0xcde4c3db7y ago

In my estimation, mostly a mix of:

- Those running network infrastructure (router, firewall, VPN gateway, mail server, etc.)

- Those who want a simple Unix desktop with no gimmicks and low hassle

- Hardcore Unix geeks who don't like the other flavors for $REASONS

Galanwe7y ago

> - Those who want a simple Unix desktop with no gimmicks and low hassle

1 more reply

milcron7y ago

tomxor7y ago

> OpenBSD devs go out of their way to delete unused and crufty code.

Full Disclosure: My comment may well be outdated since I moved away from FreeBSD for my desktop 2 years ago, I have nothing against it, I just needed (other) working drivers.

alecco7y ago

BSD people, usually networking. And people who like security (though OpenBSD has detractors). It was used a lot as firewall for critical infrastructure a few years ago, perhaps still is.

Also, installation was quite fast if you knew what you were doing.

sverige7y ago

It has been my daily driver on laptops and desktops for eight years. I have run home servers with it as well.

1 more reply

blitmap7y ago

I'm weird, dunno if others agree ~

swixmix7y ago

OpenBSD's target audience? From what I've seen, it's OpenBSD developers. Your other question was answered in the OpenBSD FAQ. https://www.openbsd.org/faq/faq1.html#WhatIs

ianai7y ago

I run a home brew OpenBSD router. It hosts a vpn server. (Amongst other things) Comes in handy when traveling. Plus, it’s a good way to sharpen my professional skills.

LambdaComplex7y ago

I've been thinking about doing the same thing. What hardware did you use?

2 more replies

tomxor7y ago

ams61107y ago

If you haven't used the OpenBSD installer lately, it's about that simple also.

1 more reply

Hydraulix9897y ago

Before cloud was a thing, I used to run an OpenBSD web server in my bedroom on my old desktop. I set it up after my commercial web host was hacked for running outdated Apache.

FWIW, now I use Arch Linux. I guess I'm in the target demographic.

peatmoss7y ago

cat1997y ago

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_...

indicates:

  static const struct pci_matchid bwfm_pci_devices[] = {
	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM43602 },
	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM4350 },
  };

those are hex codes defined in:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pci...

as:

  vendor	BROADCOM	0x14e4	Broadcom
  product BROADCOM BCM4350	0x43a3	BCM4350
  product BROADCOM BCM43602	0x43ba	BCM43602

so if you're not sure, checking boot up dmesg on OpenBSD or lspci on linux should give the hexcode of your device which should match 0x14e4 + one of the other two..

peatmoss7y ago

Ooh! Interesting. I've a ~2 year old Macbook Pro with the 43602 chipset. Would be lovely to be able to run OpenBSD on it without wifi dongles.

Panino7y ago

Busy upgrading machines now, lots of nice new things.

Looking forward to checking out the new execpromises in pledge. I use pledge in all my C stuff and have added it to a few other apps. Thanks OpenBSD devs!

krylon7y ago

I just wish other systems would adopt pledge.

Of all the priviledge dropping mechanisms I have encountered, pledge seemed the most comprehensible.

zokier7y ago

> Looking forward to checking out the new execpromises in pledge

kiwidrew7y ago

The pledge(2) manpage for 6.2 and earlier states:

"BUGS. The path whitelist feature is not available at this time."

So the second argument was previously unused, and thus could be repurposed without hurting backwards compatability.

1 more reply

ComputerGuru7y ago

What type of machines do you run OpenBSD on, out of curiosity? Routers, workstations, web servers, embedded devices?

Panino7y ago

Routers, workstations, servers (DNS, web, mail, backup).

rob-olmos7y ago

sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys. -- hooray!

Can someone help explain what the "routing domain" is?

jlgaddis7y ago

rob-olmos7y ago

Thanks! And for the VRF tip.

tedunangst7y ago

thisrod7y ago

It sounds like someone wanted /net and private namespaces from Plan 9, but they were stuck with Posix, and this is the catenary track they built to make the square wheels run smoothly.

throwaway20487y ago

Interfaces can be places into rdomains aswell

1 more reply

rob-olmos7y ago

Thanks!

INTPenis7y ago

I actually searched the release notes for ipv4 due to that awful april fools gag. That wasn't funny. ;)

krylon7y ago

I don't get it, Sorry. Can you elaborate? Thanks!

EDIT: Nevermind: https://marc.info/?l=openbsd-cvs&m=152256582629837&w=2

josteink7y ago

That was NetBSD :)

dingleberry7y ago

6.3 Song: Maybe...

zie7y ago

no more songs. :(

segmondy7y ago

Currently running my VPN in Linux on a pi. Gonna see if I get openbsd to run on the pi.

ams61107y ago

https://www.openbsd.org/arm64.html

cmb-prgmr7y ago

As of this morning, customers can install OpenBSD 6.3 on a Prgmr.com VPS using our updated netboot installer. https://prgmr.com/blog/2018/04/03/distributions-updated.html

j / k navigate · click thread line to collapse