
OpenBSD 6.6 - liv-io
https://www.openbsd.org/66.html
======
oil25
I've really been enjoying using OpenBSD full time, both on my desktop (AMD
Ryzen build) as well as laptops (Lenovo X230, X1 Carbon). Everything literally
"just works", the documentation is impeccable, and I love being able to
install a new kernel and base system with one simple command ("sysupgrade").
About the only thing I still use Linux for is a browser with U2F support and
Bluetooth - both are disabled in OpenBSD for security.

~~~
messe
> Bluetooth [is] disabled in OpenBSD for security

A clarification on that point: OpenBSD's bluetooth stack was unmaintained and
removed due to code rot; it's not that bluetooth as a protocol is inherently
insecure.

~~~
wahern
> it's not that bluetooth as a protocol is inherently insecure

Bluetooth is a ridiculously complex protocol. Complexity is the enemy of
security. There's no fixed threshold beyond which complexity makes something
"insecure", and Wi-Fi and even USB aren't exactly simple (both have had their
share of implementation exploits across operating systems), but AFAIU there's
a strong sentiment that Bluetooth is far too complex for the benefit it
brings, which perhaps explains why OpenBSD's stack was unmaintained.

~~~
dTal
Course, now we have Bluetooth: Wired Edition with USB-C layering many
different optional protocols over the base transport. I understand the
rationale, but I fear it means the days of "just works" USB may be coming to
an end...

------
asveikau
I read about the "sysupgrade" tool and concluded that the upgrade to 6.7 in
another 6 months will be awfully seamless... But I see from this that they
backported the tool as a syspatch for 6.5! So from 6.5 we will be able to do
_syspatch && sysupgrade_ to get to 6.6. Sounds nice.

~~~
protomyth
Tried on one of my machines. Seems to work fine. You still do the delete file
step manually but that's minor. This is going to save a lot of effort on
certain machines.

~~~
asveikau
How does it handle sysmerge? Do you need to do that after it finishes? Or does
it do the merges before reboot?

I will play around with it in a few hours.

~~~
brynet
Some things will get merged automatically by the first run of sysmerge(8)
after upgrade, if the machine is remote you should be able to run.

    
    
        $ doas dmesg -s
    
        -s      ... This can be used to review rc(8) system startup messages.
    

That should tell you if you need to run sysmerge manually, but well, it also
doesn't hurt to do that every time anyway.

------
tedunangst
You can also browse the source with the OPENBSD_6_6 tag in cvsweb.

[http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/?only_with_tag=...](http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/?only_with_tag=OPENBSD_6_6)

------
gautamcgoel
Just keeps getting better and better every release. I wish they would add an
easy encryption option in the installer. You can enable full disk encryption,
but you have to mess with the bioctl settings, which potentially scares off
new users.

~~~
hellcow
To be fair, I've NEVER been able to configure LUKS manually for full-disk
encryption, whereas I got bioctl working on the first try. It really is
simple.

------
roryrjb
Announcement email: [https://marc.info/?l=openbsd-
announce&m=157132045926047&w=2](https://marc.info/?l=openbsd-
announce&m=157132045926047&w=2)

~~~
equalunique

      o Added regular expression support for the format search, match andsubstitute modifiers in tmux(1).
      o Added a -v flag to source-file in tmux(1) to show the commands and line numbers.
      o Added simple menus usable with mouse or keyboard in tmux(1).
      o Introduced the command "display-menu" to show a menu bound to the mouse on status line by default, and added menus in tree, client and buffer modes.
      o Changed the behavior of swap-window -d in tmux(1) to match swap-pane.
      o Allow panes to be empty in tmux(1), and enabling output to be piped to them with split-window or display-message -I.
      o Adjusted tmux(1) to automatically scroll when dragging to create a selection with the mouse when the cursor reaches the top or bottom line.
      o Fixed a tmux(1) crash when killing the current window, and other bugfixes.
    

Would love to see a demo of these cool now tmux features. (sorry, I don't
really know how to format that email text for HN)

~~~
OrangeMango
Are they new features, or new to OpenBSD?

~~~
pnako
I suspect new, since tmux (like OpenSSH) is developed as part of OpenBSD.

------
floatboth
> ssh-keygen(1): add an experimental lightweight signature and verification
> ability. Signatures may be made using regular ssh keys held on disk or
> stored in a ssh-agent and verified against an authorized_keys-like list of
> allowed keys. Signatures embed a namespace that prevents confusion and
> attacks between different usage domains (e.g. files vs email).

Nice! I hope this will eventually be used for various signature systems like
for git commits.

------
wglb
> Fixed support for amd64 machines with greater than 1023GB physical memory.

Don't I wish. What would be the memory test time for something like that?

~~~
ranger207
I recently set up a Dell workstation with that much memory for a lab at work.
The first time I booted it I was afraid that it was dead out of the box. It
probably took ~5 minutes to POST and get to the Dell logo. Dells also have
this weird thing where they turn on for a couple of seconds after you turn on
the power, and it took me half an hour to figure out why it kept shutting down
when I tried to boot it.

~~~
simcop2387
That's likely the memory training that every modern machine has to do when
first seeing new memory (or if the training data is cleared from "CMOS").
Basically they have to discover exactly how tight the timings are for each
bank so they can drive the memory efficiently and properly. Timings and
latency just didn't used to be so tight compared to the good old days of EDO
ram.

[https://github.com/librecore-
org/librecore/wiki/Understandin...](https://github.com/librecore-
org/librecore/wiki/Understanding-DDR-Memory-Training)

------
sogubsys
If you support OpenBSD in spirit and love what they do, consider making a
donation to help the developers out. Most devs work for free and every little
bit helps :)

[https://www.openbsd.org/donations.html](https://www.openbsd.org/donations.html)

------
grenoire
Love the release poster for this one.

~~~
darkengine
Is there any way to buy a print, or get a high-quality image for printing at
home? The expanded version on the website is a pretty gnarly non-animated GIF.

~~~
Fnoord
You used to be to buy official OpenBSD t-shirts [1] and posters at conferences
such as Fosdem. I think I even got one poster for free at Fosdem cause I
bought a t-shirt. But that was in 2003 or so.

[1]
[https://www.openbsd.org/tshirts.html](https://www.openbsd.org/tshirts.html)

~~~
ivl
Sometimes they'll also sell the posters online.

I've got my 6.0 poster (probably the best one they've done) at my desk at
work.

------
sigjuice
The OpenBSD developers are not too thrilled to hear about these sorts of
issues, but looks like sysupgrade installed sets I didn't have before
(x*66.tgz, game66.tgz).

~~~
chousuke
It does that. You can hack the script to only install partial sets, but you're
encouraged to install all the sets. I've seen at least one mention on the
mailing list about merging the sets because the recommendation is to always
install all of them anyway. They're just files on disk if you're not using
them.

~~~
tulluk
Instead of hacking the script, you can run it with -n. You can then edit
/auto_uograde.conf before reboot to instruct the installer to only install the
desired sets.

As noted elsewhere, the developers recommend installing all sets. I personally
prefer to avoid installing the X sets on servers.

------
justinclift
> Added mcx(4) driver for Mellanox ConnectX-4 (and later) Ethernet
> controllers.

Interesting. Sounds like work is being done to support higher network
throughput rates. :)

------
upofadown
Just a reminder: you still have to read the preupgrade stuff before and do the
manual file deletion stuff afterwards even if you do sysupgrade. Most will
need to do the pkg_add -u after all that. Here is the link (I always have to
look for it):

* [https://www.openbsd.org/faq/upgrade66.html](https://www.openbsd.org/faq/upgrade66.html)

~~~
linfocito
There is 'sysclean' in packages, which make that step easier.

------
larme
ghc bumped to 8.6.4 and sbcl with threading support!

------
cik
I still desperately want docker support. I know I can bhive and friends - but
native docker support is critical to my every day, unfortunately. Heck, I'll
take super decayed docker support!

~~~
messe
> bhive

bhyve is FreeBSD, not OpenBSD. OpenBSD has its own native hypervisor "vmm".

~~~
cik
Thank you, I stand corrected - and can't spell bhyve today apparently :(.

------
gautamcgoel
Can OpenBSD run Sway? Or is that only supported on FreeBSD/Linux?

~~~
floatboth
It can't really (other than inside an x11 window maybe), not in its current
state. I've heard that someone was working on some Wayland porting efforts,
but idk about the state of that.

Looks like OpenBSD has a fairly up to date kms/drm stack now, but you also
need:

\- to have epoll - [https://github.com/jiixyj/epoll-
shim](https://github.com/jiixyj/epoll-shim) might just work

\- to expose input devices from the kernel as evdev devices (good idea) or to
implement support for your legacy protocol in wlroots / in other places for
other compositors (terrible idea)

\- to have a device enumeration and hotplug system and either have it
pretending it's udev (as we do with
[https://github.com/FreeBSDDesktop/libudev-
devd](https://github.com/FreeBSDDesktop/libudev-devd)) or implement support
for it in wlroots and everywhere

\- direct session glue code at least e.g.
[https://github.com/swaywm/wlroots/blob/master/backend/sessio...](https://github.com/swaywm/wlroots/blob/master/backend/session/direct-
freebsd.c)

\- but ideally, a working session manager that supports acquiring drm+evdev
devices over d-bus e.g.
[https://github.com/ConsoleKit2/ConsoleKit2/pull/116](https://github.com/ConsoleKit2/ConsoleKit2/pull/116)
&&
[https://github.com/swaywm/wlroots/pull/1467](https://github.com/swaywm/wlroots/pull/1467)

------
efiecho
Can't wait to try if this release will improve wireless performance when
configured as an AP, until now I have never been able to get speeds above 10
Mbps with OpenBSD.

~~~
kelp
OpenBSD only supports 802.11n currently. From what I've read, not having
direct knowledge, 802.11ac is much more complex to implement and no one is
currently working on it.

That said, I just ran a speed test on my Thinkpad and got 50Mbps.

~~~
efiecho
I would be more than happy if I only could get same speed as with my old
Linksys WRT54GL. Currently the AP is forced to 802.11g because performance of
802.11n was much worse.

------
MuffinFlavored
> Disabled gcc in base on armv7 and i386.

Is gcc disabled in base on amd64? Are the OpenBSD distributions for amd64
compiled with gcc or clang?

~~~
brynet
gcc is still included in base on amd64 for now, but the default system
compiler on amd64 (and i386) has been clang since OpenBSD 6.2. If you use the
/usr/bin/{cc,c++} symlinks, you get clang. Nothing uses the base-gcc now, but
it being kept as a convenience for porters to test with as some architectures
have yet to switch to clang.

The change mentioned is only that gcc4 (base-gcc) will no longer been
installed alongside clang on i386 and armv7. If you need gcc, you can install
ports gcc 8.3.0 from packages.

~~~
MuffinFlavored
Do you know what sparked the change that uprooted gcc's "dominance"? I know
the GNU libc added a lot of "opinionated" pieces, but I thought that was
mainly opt-in. I'm curious why gcc "lost its crown" and clang gained all of
the attention.

Did clang derive from gcc?

~~~
brynet
I don't follow, I'm sorry. OpenBSD has never used GNU libc. The BSD projects
have long developed their own C libraries.

The clang compiler is a part of the LLVM collection, it is not derived from
gcc at all.

As for GCC, The GNU project changed the license for their compiler sometime
after the 4.2.1 release to the GPLv3. Meanwhile, up until the Clang 9.0.0
release, Clang was developed under a permissive license (NCSA). We're facing a
similar problem now with LLVM/CLang, with their re-licencing to the non-
permissive Apache 2.0 license.

~~~
floatboth
How is Apache non-permissive? It deals with more things (like patents) and
it's a bit complex, but it's not viral I'm pretty sure.

~~~
brynet
The last time it came up.

[https://news.ycombinator.com/item?id=21020024](https://news.ycombinator.com/item?id=21020024)

~~~
floatboth
Ah. Whatever. The common meaning of "non-permissive" is "copyleft", not "has
patent clauses the OpenBSD project has weird concerns about".

------
sogubsys
Thanks to all the OpenBSD developers and supporters for making another amazing
release!

------
vkaku
Now that they have the amdgpu driver in, it's time to run this on my Ryzen
box.

------
sn
prgmr.com has an updated netboot installer:
[https://prgmr.com/blog/2019/10/17/openbsd.html](https://prgmr.com/blog/2019/10/17/openbsd.html)

------
voldacar
The release artwork gets better each time!

------
rhabarba
sysupgrade from 6.5 works amazingly!

