The setup of OpenBSD Amsterdam

merlincorey 7 years ago |

I have one of these instances (thanks Roman and team), and I have to say it's been a lot of fun re-acquainting myself with OpenBSD.

That said, I would consider this mostly a place for experimentation and hobby work, as I routinely am unable to connect or find that my VM has been unexpectedly rebooted.

Now THAT said, I think they are figuring things out, because the issues have been a lot less frequent since the big hard drive failure a month or so ago.

Anyway, if you want to learn you some OpenBSD, I highly recommend it as a place to experiment, and you help the OpenBSD community as well through their donation.

smhenderson 7 years ago | |

I found Absolute OpenBSD[1] to be both informative and entertaining to read. Really anything by Michael Lucas is a good read for me.

[1] https://mwl.io/nonfiction/os#ao2e

hoytech 7 years ago |

Perl's rand() is not a great way to generate values that should be unpredictable. It is seeded with only 4 bytes from /dev/urandom and is an LFSR like rand(3).

The consequence is that the range of possible passwords is probably smaller than was intended, and furthermore seeing previous passwords (or the random MAC) may help in predicting passwords. Of course without seeing their entire setup it's hard to say to what extent that is the case here.

This module may be useful (it even uses the same alphabet by default): https://metacpan.org/pod/Session::Token

dchest 7 years ago | |

Was thinking the same. Then remembered that OpenBSD's rand(3) actually returns result from arc4random() now. Then went to check and it seemed like Perl doesn't actually use rand(3) from libc? At least Perl's srand(N) and then rand() returned deterministic results, which shouldn't happen if it was using rand(3)...

hoytech 7 years ago | | |

Yes good point. I was careful not to say that perl actually uses rand(3) because I think it may not for portability reasons. Also, I think this may have changed at some point so might be different depending on perl version.

notaplumber 7 years ago | | |

OpenBSD's carrying some local patches, Perl rand appears to be using the libc drand48(3) on OpenBSD, which uses arc4random_buf(3) internally, unless Perl srand is called, then it uses srand48_deterministic(3)? Not sure precisely as it's also using arc4random(3) directly to seed something.

This is slightly different from how it's handled outside the Perl software ecosystem, as all the srand* functions effectively became nops on OpenBSD in favour of strong random numbers, and userland ports had to be patched to use the deterministic variants if needed. I guess that would be hard with things like CPAN.

https://github.com/openbsd/src/commit/2e109fb9e8c0dc273648dd...

Looks like upstream Perl also uses drand48 from FreeBSD, with its own internal RNG. But I guess this can be overridden with build options.

I'd imagine something like pwgen would be better, but I doubt it matters here.

hoytech 7 years ago | | |

Thank you for the details. I agree none of this probably matters much for their use-case.

Fnoord 7 years ago |

This has nothing to do with an official OpenBSD or Amsterdam project, does it?

popsickle 7 years ago | |

Nope. However, for very €60 you spend they will donate €10 to the OpenBSD foundation, so there's always that.

Yuioup 7 years ago |

Can somebody explain what this is?

popsickle 7 years ago | |

They're a minimal/simplified VPS provider; OpenBSD VPSes hosted on OpenBSD's native hypervisor.

vesinisa 7 years ago | |

Looks like an OpenBSD version of Docker.

popsickle 7 years ago | | |

No, this is virtualization - vmm/vmd is a legit HVM.

mbrumlow 7 years ago | | |

So it is better than systemd :p

dijit 7 years ago | | |

it's really not comparable. SystemD is an init system (and you're conflating systemd with CGroups in Linux, which would be part of the kernel and not related to systemd at all) and a Hypervisor.

More comparable comparisons could be: bhyve for FreeBSD, xhyve for OSX, virtualbox for... everything. Or QEMU/KVM on Linux.

mbrumlow 7 years ago | | |

Oh man, I did not mean to type systemd! I ment docker.

znedw 7 years ago |

If you need more convincing to try OpenBSD, these interviews are nice https://www.bsdjobs.com/people and similar to usesthis.com.