In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation.
The first paragraph of the introduction reads,
In this text I will explain what makes OpenBSD secure by default when you install it. Do not take this for a security analysis, but more like a guide to help you understand what is done by OpenBSD to have a secure environment. The purpose of this text is not to compare OpenBSD to other OSes but to say what you can honestly expect from OpenBSD.
A worthy reminder of how the system works, and a very handy piece to show to anybody who wonders why one would choose to use OpenBSD over anything else. You can read the whole thing here.
from the seM1-opened dept.
Mark Kettenis (kettenis@) is
OpenBSD booting multi-user on Apple M1 hardware:
So OpenBSD boots multi-user on the new Apple M1 hardware. This still
has some hacks in it that need to be fixed, so don't expect support
for this in the tree right now. But a big thank you to those that
contributed to the pool for getting us some hardware.
from the Puffyish kernel churn dept.
Recent noteworthy things commited to -current and not previously reported include:
[2021-01-26] Patrick Wildt (patrick@)
[with help from Mark Kettenis (kettenis@)] on
the Apple M1.
[2021-02-06] Solène Rapenne (solene@)
blogged about using
2FA with TOTP.
[2021-02-08] Stefan Sperling (stsp@)
a RAID1C (raid1 + crypto)
[2021-02-09] Patrick Wildt (patrick@)
(for amd64 and arm64 platforms).
[2021-02-09] maxburst feature removed from tcp_output by Jan Klemkov (jan@)
[2021-02-09] PF_LOCK() activated by Patrick Wildt (patrick@)
[2021-02-10] Vitaliy Makkoveev (mvs@) moved UNIX domain sockets out of the kernel lock
Does your pfconfiguration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.
Module name: src
Changes by: firstname.lastname@example.org 2021/01/31 17:31:05
sbin/pfctl : parse.y pfctl_parser.c
share/man/man5 : pf.conf.5
sys/net : if_pfsync.c pf.c pfvar.h
change route-to so it sends packets to IPs instead of interfaces.
this is a significant (and breaking) reworking of the policy based
routing that pf can do. the intention is to make it as easy as
nat/rdr to use, and more robust when it's operating.
This change is intended to make configuration and maintenance easier, but it runs a high risk of breaking existing configurations. Read on for the rest of David's commit message, with some background.
OpenBSD has managed to drop KDE3 and KDE4 in the
6.8 -> 6.9 release cycle. That
makes me very happy because it was a big piece of work
and long discussions.
This of course brings questions:
Kde Plasma 5 package missing.
After half a year of work, I managed to successfully
update the Qt5
stack to the last LTS version 5.15.2.
On the whole, the most work was updating
QtWebengine. What a monster! With my CPU power at home,
I can build it 1-2
times a day which makes testing a little bit annoying
and time intensive.
But today we can be happy about an up-to-date KDE stack in OpenBSD.
Currently - at the end of January - our stack is very up-to-date:
Qt Creator 4.14.0
KDE Frameworks 5.78.0
KDE Applications 20.12.1 (Almost everything!)
I try to keep KDE Applications 20.12.x stable until
the 6.9 release.
Let's move on to the topic of KDE Plasma.
The Plasma desktop and some other KDE
applications have a
As long as there is no
Wayland under OpenBSD, there will also be no KDE Plasma.
It can be observed that more and more KDE applications
already prefer a strong
dependency on Wayland.
In summary, no OpenBSD Wayland support, no KDE Plasma,
and probably less and less