The OpenBSD Webzine

amatecha · 2021-10-01T02:09:10

Great stuff! I love the "going further" links to give some good suggestions on stuff to check out next, too. Promising start! Cheers to Solène for kicking this off.

michaeloblak · 2021-09-30T23:03:57

I thought e-zines were long dead. I remember those distributed on floppy disks.

jeromenerf · 2021-10-01T06:02:25

OpenBSD usually doesn’t care about what others think is dead. See https://www.openbsd.org/opencvs/index.html and https://undeadly.org :)

Aaronstotle · 2021-09-30T22:40:48

Love the domain name, excited to see what this turns into

flatiron · 2021-10-01T00:26:37

I used to be a BSD nut. Everything everywhere BSD. Hack it so easy. All in one repository. Made life easy. Now a days I’m in a different type of easy. Linux does everything. Submit to systemd because it makes it easier. I miss my rebellious teenage BSD years but now I just get shit done with Linux. Maybe one day I’ll have a mid life crisis and switch back. I’ve had thoughts of it before. Maybe when the kids are older and I have the time.

amatecha · 2021-10-01T02:03:17

I think you may find that "just get shit done" is even more true for BSD today than it is for Linux, haha :) Depends, but... I am practically shocked at how problem-free FreeBSD and OpenBSD have been for me (other than when I use obscure unsupported hardware! haha) ... even with updates and totally customized configs, etc. Keep it in the back of your mind to dive into again, for sure!

Shared404 · 2021-10-01T02:46:40

Recently I set up OpenBSD on an old ThinkPad R61i.

Yesterday or the day before I used that machine to do web dev and some system administration stuff, and got more done faster than I usually do on my main machine.

That partially may be because it was just slower, and so I didn't have cycles to waste on HN or whatever else, but it was at least partially because it "just worked" for the stuff that I threw at it.

ayushnix · 2021-10-01T03:38:23

> I think you may find that "just get shit done" is even more true for BSD today than it is for Linux

Can I run sandboxed rootless containers on OpenBSD?

Shared404 · 2021-10-01T04:16:52

Not exactly what you're looking for, but unveil[0, 1] can help fulfill a similar goal.

It looks like Docker has some progress as well, via an alpine VM[2].

I may have misunderstood your question though, I haven't done much with containers.

[0] https://man.openbsd.org/unveil

[1] https://lwn.net/Articles/767137/

[2] https://medium.com/@dave_voutila/docker-on-openbsd-6-1-curre...

spijdar · 2021-10-01T04:38:49

Unveil and pledge are great at restricting and effectively sandboxing processes a la a simpler version of Linux's SECCOMP. If you're using namespaces for process isolation or sandboxing, it can do the trick.

They're not a general replacement for Linux's namespaces, though. The only alternative on OpenBSD would be running the alternative environment in a VM, or running Linux in a VM and then using namespaces there.

FreeBSD comes closer with jails, but still doesn't match the ease of which you can use rootless namespaces to e.g. dump a tar file of a rootfs into a directory and "chroot" into it, all without root.

(the OpenBSD world will never implement this sort of thing by design, and it has merits, as user namespaces has created several privilege escalation vulnerabilities over the years, which is one reason some distros like RHEL/CentOS disable it on their kernels)