
OpenBSD 6.3 released - peedy
https://marc.info/?l=openbsd-announce&m=152267725618055
======
krylon
Congratulations and thanks to the OpenBSD developers for yet another great
release!

------
equalunique
From the release notes:

> o Support the sun4v hypervisor interrupt cookie API, adding support for
> SPARC T7-1/2/4 machines.

Who is running OpenBSD on a big expensive SPARC T7 and why? I'm genuinely
curious as to what possible use cases there are which make this a desirable
combination.

~~~
brynet
It was probably for testing, but that platform supports partitioning up the
hardware through LDOMs, which OpenBSD supports as both a host and guest.

[https://www.tedunangst.com/flak/post/OpenBSD-on-a-
Sun-T5120](https://www.tedunangst.com/flak/post/OpenBSD-on-a-Sun-T5120) (Not
expired, Ted runs his own CA)

[http://man.openbsd.org/man8/sparc64/ldomctl.8](http://man.openbsd.org/man8/sparc64/ldomctl.8)

~~~
captn3m0
unrelated, but I found his post about running his own CA quite interesting:
[https://www.tedunangst.com/flak/post/moving-to-
https](https://www.tedunangst.com/flak/post/moving-to-https)

~~~
zaat
Actually, being special is sometimes just boring and annoying.

>Do we really want an internet where the use of encryption requires
authorization?

No, it doesn't require, it provides identification and that's a huge benefit.
We are all far better by having it as a standard. Just configure Let's Encrypt
and stop annoying your readers.

------
dptd
I apologize for being an ignorant for so many years but... who is the OpenBSD
target audience? In which areas it is the most popular OS? I worked with
Windows, GNU/Linux and macOS (OSX) but never tried OpenBSD.

~~~
alecco
BSD people, usually networking. And people who like security (though OpenBSD
has detractors). It was used a lot as firewall for critical infrastructure a
few years ago, perhaps still is.

Also, installation was quite fast if you knew what you were doing.

~~~
sverige
It has been my daily driver on laptops and desktops for eight years. I have
run home servers with it as well.

~~~
ams6110
It's my primary desktop as well. I like it because it's low churn, everything
I need just works, and most of the configurations have sane defaults so config
files tend to be short and simple or not needed at all.

I don't hack on the internals or build my own ports, I just use it. It stays
out of my way and I like that.

------
peatmoss
I notice the new Broadcom Wifi bwfm(4) drivers. Anyone with better knowledge
of the project know what hardware is supported by that? The manpage doesn't
mention specific chips:
[https://man.openbsd.org/bwfm.4](https://man.openbsd.org/bwfm.4)

~~~
cat199
[http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/sys/dev/pci/if_...](http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/sys/dev/pci/if_bwfm_pci.c)

indicates:

    
    
      static const struct pci_matchid bwfm_pci_devices[] = {
    	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM43602 },
    	  { PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_BCM4350 },
      };
    
    

those are hex codes defined in:

[http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/sys/dev/pci/pci...](http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/sys/dev/pci/pcidevs)

as:

    
    
      vendor	BROADCOM	0x14e4	Broadcom
      product BROADCOM BCM4350	0x43a3	BCM4350
      product BROADCOM BCM43602	0x43ba	BCM43602
    

so if you're not sure, checking boot up dmesg on OpenBSD or lspci on linux
should give the hexcode of your device which should match 0x14e4 + one of the
other two..

~~~
peatmoss
Ooh! Interesting. I've a ~2 year old Macbook Pro with the 43602 chipset. Would
be lovely to be able to run OpenBSD on it without wifi dongles.

------
Panino
Busy upgrading machines now, lots of nice new things.

Looking forward to checking out the new execpromises in pledge. I use pledge
in all my C stuff and have added it to a few other apps. Thanks OpenBSD devs!

~~~
zokier
> Looking forward to checking out the new execpromises in pledge

Interesting that they just changed the interface from `int pledge(const char *
promises, const char * paths[]);` to `int pledge(const char * promises, const
char * execpromises);`. I guess that is the power they have by being a BSD and
integrated system, they do not worry about userland compatibility.

~~~
kiwidrew
The pledge(2) manpage for 6.2 and earlier states:

"BUGS. The path whitelist feature is not available at this time."

So the second argument was previously unused, and thus could be repurposed
without hurting backwards compatability.

~~~
ams6110
zokier's point is still correct though. OpenBSD is a complete system, kernel +
userland. You upgrade in lockstep.

------
rob-olmos
sshd(8): Add "expiry-time" option for authorized_keys files to allow for
expiring keys. -- hooray!

Can someone help explain what the "routing domain" is?

~~~
tedunangst
man rdomain to start, though unfortunately you kind of need to already
understand rdomains to fully understand the docs. Basically it's a network
partitioning/virtualization tool. Two computers can have two routing tables.
rdomains lets one computer have two routing tables. Each process is in one
rdomain or another which determines where its traffic goes and how it sees the
network.

~~~
throwaway2048
Interfaces can be places into rdomains aswell

~~~
MawKKe
So.. they are like linux network namespaces?

------
INTPenis
I actually searched the release notes for ipv4 due to that awful april fools
gag. That wasn't funny. ;)

~~~
krylon
I don't get it, Sorry. Can you elaborate? Thanks!

EDIT: Nevermind: [https://marc.info/?l=openbsd-
cvs&m=152256582629837&w=2](https://marc.info/?l=openbsd-
cvs&m=152256582629837&w=2)

------
dingleberry
6.3 Song: Maybe...

~~~
zie
no more songs. :(

------
segmondy
Currently running my VPN in Linux on a pi. Gonna see if I get openbsd to run
on the pi.

~~~
ams6110
[https://www.openbsd.org/arm64.html](https://www.openbsd.org/arm64.html)

------
cmb-prgmr
As of this morning, customers can install OpenBSD 6.3 on a Prgmr.com VPS using
our updated netboot installer.
[https://prgmr.com/blog/2018/04/03/distributions-
updated.html](https://prgmr.com/blog/2018/04/03/distributions-updated.html)

