Accueil Explorer Aide
Connexion
jbranso
/
gnucode.me
Suivre 1
Voter 1
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
gnucode.me
/
site
/
dual-booting-openbsd-guix-system.html

dual-booting-openbsd-guix-system.html 6.3 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. <!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>Dual booting OpenBSD Guix System — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>Dual booting OpenBSD Guix System</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — July 19, 2021</h3><div><p>EDIT: This <a href="https://www.youtube.com/watch?v=3E9ga-CylWQ&amp;t=563s">systematic review of OpenBSD security
    2. 

  2. mitigations</a>
    3. 

  3. points out some inaccuracies in the following blog.</p><p>I will be honest.  I have a little crush on <a href="https://www.openbsd.org/">OpenBSD</a>.
    4. 

  4. When I first learned about free/open operating systems, I knew that I wanted to
    5. 

  5. use them.  But in my early days of knowing nothing about computers, my limited
    6. 

  6. research lead me to the conclusion that I could choose one of the *BSDs or a
    7. 

  7. GNU/Linux distribution.</p><p>When I was making my decision about what free/open operating system that I
    8. 

  8. wanted to run, I was intrigued by the code quality that FreeBSD, NetBSD,
    9. 

  9. DragonFlyBSD, and particularly the insane <a href="https://lkml.org/lkml/2008/7/15/296">masturbating
    10. 

  10. monkey</a> behavior that results from the
    11. 

  11. impressive design goals of <a href="https://www.openbsd.org/goals.html">security, robustness, tracking and implement
    12. 

  12. standards (ANSI, POSIX, parts of X/Open, etc.), and
    13. 

  13. portability</a> of OpenBSD.</p><p>OpenBSD is known as being one of, if not the most secure, operating system in
    14. 

  14. the world.  It has pioneered many security related features, many of which have
    15. 

  15. been ported to the other *BSDs
    16. 

  16. <a href="https://en.wikipedia.org/wiki/OpenBSD_security_features">including</a>:</p><ul><li>W or X: you can either write or execute to a section of the hard
    17. 

  17. drive but not both.</li><li>secure replacements for strcpy and strcat, namely strlcpy and
    18. 

  18. strlcat</li><li>kernel randomization in that the linker randomly relinks the
    19. 

  19. kernel at every reboot or halt (this is awesome)!</li><li>changes to malloc to use mmap, &quot;which was modified to return
    20. 

  20. random memory addresses…&quot;</li><li>privilege separation/revocation and chrooting of common
    21. 

  21. applications</li><li>remove-all of outdated/underused code.  I read somewhere that
    22. 

  22. they removed the bluetooth support and are actively removing
    23. 

  23. old or outdated syscalls.  OpenBSD has 300 some syscalls and
    24. 

  24. the other *BSDs have 400 to 500, though I cannot currently
    25. 

  25. provide a reference for this.</li></ul><p>Surprizingly, while openBSD is strives to be secure, security is
    26. 

  26. not necessarily the central focus, as lead developer and founder
    27. 

  27. Theo de Raadt <a href="https://www.reddit.com/r/BSD/comments/af1itd/how_openbsd_is_secure_compared_to_other_operating/">explains</a> (I'm not certain if he actually said this):</p><blockquote><p>Many people think that is about security. It is not. Largely,
    28. 

  28. those standards are about accountability in the face of
    29. 

  29. threat. Which really isn't about making systems secure. It's about
    30. 

  30. knowing when your system's security breaks down. Not quite the
    31. 

  31. same thing. Please count the commercially deployed C, B, or even A
    32. 

  32. systems which are actually being used by real people for real
    33. 

  33. work, before foaming at the mouth about it all being &quot;so
    34. 

  34. great&quot;. On the other hand, I think we wil see if some parts of
    35. 

  35. that picture actually start to show up in real systems, over
    36. 

  36. time. By the way, I am surprised to see you list ACLs, which don't
    37. 

  37. really have anything to do with B1 systems.</p><p>As to the second issue, I have no idea what a distributed kernel
    38. 

  38. is, nor do I see how anything like that would improve security or
    39. 

  39. quality of a system.</p></blockquote><p>The OpenBSD developers are also prolific software developers:
    40. 

  40. <a href="https://www.opensmtpd.org/">opensmtpd</a>,
    41. 

  41. <a href="https://man.openbsd.org/httpd.8">httpd</a>, <a href="https://man.openbsd.org/doas">doas</a>
    42. 

  42. (<a href="https://flak.tedunangst.com/post/doas">why doas?</a>),
    43. 

  43. <a href="https://sndio.org/">sndio</a> (a sound server), <a href="https://man.openbsd.org/mandoc.1">mandoc (manual page
    44. 

  44. generator)</a>, and probably lots of other cool
    45. 

  45. things.  I currently am using opensmtpd as my
    46. 

  46. <a href="https://gnucode.me/hosting-your-own-email-part-1.html">email</a>
    47. 

  47. <a href="https://gnucode.me/hosting-your-own-email-part-2.html">server</a>, and it's pretty
    48. 

  48. awesome!</p><p>Also, there is some renewed interested in creating an <a href="https://www.gnu.org/distros/free-distros.en.html">FSF endorsed
    49. 

  49. distribution</a> from the
    50. 

  50. <a href="https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/">hyperbolaBSD</a>
    51. 

  51. <a href="https://itsfoss.com/hyperbola-linux-bsd/">project</a>.  They probably picked
    52. 

  52. OpenBSD because of it's amazing code quality and great documentation, BUT ALSO
    53. 

  53. OpenBSD is almost an approved FSF operating system already.  OpenBSD does NOT
    54. 

  54. include proprietary code in the base install, because this is a massive security
    55. 

  55. vulnerability.  So basically, I am now dual booting Guix System and OpenBSD, and
    56. 

  56. I have my eye on HyperbolaBSD.  I hope they are successful!</p><p>P.S. The OpenBSD installer was breath-takingly easy and painless!  If you've got
    57. 

  57. an old-ish Thinkpad lying around, you might want to give it a try.</p></div></article></section></main><footer><p>© 2020 Joshua Branson.  The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme.  Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>
    58.