In my article about running OpenBSD/loongson on the Lemote Yeeloong back in 2016, I mentioned looking for a Fuloong. All hope seemed lost until the Summer of 2017, when a fellow OpenBSD developer was contacted by a generous user (Thanks again, Lars!) offering to donate two Lemote Fuloong machines, and I was lucky enough to get one of those units.
hello (also known as helloSystem) is a desktop system for creators with focus on simplicity, elegance, and usability. Its design follows the “Less, but better” philosophy. It is intended as a system for “mere mortals”, welcoming to switchers from the Mac.
Recently, a critical vulnerability was discovered in sudo that allows any user to gain root-level access without root credentials using
sudo
. OpenBSD ships withdoas
instead ofsudo
and I think it’s a great example of OpenBSD’s simplicity-begets-security mindset. I remembered reading something about whydoas
was created and it mentioned thatsudo
was deemed to be too complex:There were some concerns that sudo was too big, running too much code in a privileged process. And there was also pressure to enable even more options, because the feature set shipped in base wasn’t big enough. (As shipped in OpenBSD, the compiled sudo was already five times larger than just about any other setuid program.)
I investigated a bit, and it turns out this was a massive understatement.
sudo
is an astoundingly large 223,957 lines of code* spanning 558 files, whiledoas
is only 77 403 lines of code in a single file! Like many users, I mainly only usedoas
/sudo
as a way to quickly run single commands asroot
, so I don’t need the more advanced features ofsudo
. This recentsudo
vulnerability is a nice vindication of openbsd’s decision to replacesudo
with a much simpler program, and openbsd’s “simpler is better” philosophy in general. Kudos to the developers who made that choice back in 2015!
Lenovo has finally made a smaller version of its X1 Carbon, something I’ve been looking forward to for years.
The X1 Nano is basically a 13” version of the 14” X1 Carbon, reducing its footprint, thickness, and weight. Availability in the US has been fairly limited (and expensive) at the moment, offering no WWAN or any customizable options, and Core i7 models are not shipping out for months. I purchased the Intel Core i5-1135G7 model with 16Gb of RAM and a 1Tb NVMe SSD. The only screen option currently available is a matte non-touch 2K display…
I love FreeBSD. I always have. I first started using it in the late 90s and quickly gained employment using it. I ran a web hosting service with FreeBSD for years. It was a daily driver for me for a long time (1999 to 2004 or so). I became one of the “FreeBSD people” at a developer job I had later. I have a deep history with it, but at some point, I abandoned the thought of using it as a daily driver faded. Last year, my interest was re-ignited.
OpenBSD uses the
xenodm(1)
display manager, which is a fork of xdm.Xenodm looks quite ugly by default, and after reading a couple1 of2 articles3 on themeing xenodm I’ve come up with my own setup.
I’m sharing here some practices I’m following and some small tips/tools which facilitate my usage of OpenBSD in my day to day.
Some a really specific to my usage, others could be re-used.
The following document is an attempt to consolidate down a number of threads spanning separate discussions from around the ‘net I have been having on the subject of operating system development models and OpenBSD. I will break up this document into several sections each of which will handle separate pillars of my thinking in so far as I’ve formed some semi-articulate thoughts that I can share.
Nowadays container technologies like Docker are the first thing you here when the question on how to deploy and manage (micro) services. However, FreeBSD already has lots of features out of the box that can be used to implement lots of the wanted characteristics, but there is still a need for glue code to integrate it into a complete solution.
Jails are a lightweight, fast form of virtualisation and process isolation invented by the imitable Poul-Henning Kamp that, once you first use them, you miss them everywhere else. Each jail operates with its own chroot file system environment and network configuration, similar to a Solaris Zone.