1. 30
  1.  

  2. 10

    Why did you decide to submit a goo.gl shortened URL instead of the direct link to the material?

    for anyone interested, this is the information gathered on each click: https://goo.gl/#analytics/goo.gl/rAjwoi/all_time

    I am about to go through the slides, will update the comment after I am done with them.

    I like the slides, very nice quick overview of key system areas, one tiny nit pick:

    slide #21:

    permit nopass marc as root cmd reboot

    from doas.conf(5)

     cmd command  The command the user is allowed or denied to run.  The
                 default is all commands.  Be advised that it is best to
                 specify absolute paths.  If a relative path is specified,
                 only a restricted PATH will be searched.
    

    might want to change the example to /sbin/reboot

    1. 2

      Updated, thanks a lot!

    2. 5

      Another small bug on http://www.openbsdjumpstart.org/#/24:

      # For example, tune ntpd(8) to try to set the time immediately at startup:
      /usr/sbin/rcctl enable ntpd
      /usr/sbin/rcctl set apmd flags -s
      /usr/sbin/rcctl restart ntpd
      

      That second rcctl should be for ntpd, not apmd.

      1. 1

        Corrected, thank you very much!

      2. 5

        The second slide bothers me:

        WHY USE OPENBSD

        • UNIX-like
        • Get the latest version of OpenSSH, OpenSMTPD, OpenNTPD, OpenIKED, OpenBGPD, LibreSSL, mandoc
        • Get the latest PF (Packet Filter) features
        • Get carp(4), httpd(8), relayd(8)
        • Security focused Operating System
        • Thorough documentation
        • Cryptography

        These aren’t reasons to use OpenBSD. These are features of the OS, with the exception of “thorough documentation”

        What are reasons derived from these features? Maybe these:

        • Security first
          • Consistent updates to remote access, mail transit, time synchronization
          • Tight integration with modern cryptography library with the least number of CVEs in the industry
          • Industry-leading performance of built-in firewall with extensive, easily managed packet filtering features
        • Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
        • Lightweight default installation completed within five minutes
          • Small footprint encourages addition of only the software necessary for intended purpose of system
          • Large ecosystem available
        • Thorough, centralized documentation for every step of setup and use

        This gives me business reasons to continue paying attention.

        1. 1

          +1 Do you think i need to rename this slide to features ? And add your content on a new slide ‘Why use OpenBSD’ ?

          If you have further suggestions … your re welcome! :) Thank’s!

          1. 3

            You want to catch peoples’ attention by asserting that the thing you are supporting is better than the thing they’re using or better than the thing they are considering for task T. Don’t let advantages be self-evident: explain them! This is an introductory presentation.

            I’d call it “notable packages” or “core software” and drop the one that aren’t software.

            Some quick notes off the top of my head, n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be and probably would be if i had more time to devote to it.

            Maybe some slides like these:

            Why use OpenBSD?

            Security first.

            • Consistent updates to remote access, mail transit, time synchronization
            • Tight integration with modern cryptography library with the least number of CVEs in the industry
            • Industry-leading performance of built-in web server, load balancer, and firewall with extensive, easily managed packet filtering features

            Other reasons to use OpenBSD

            • Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
            • Lightweight default installation completed within five minutes
              • Small footprint encourages addition of only the software necessary for intended purpose of system
              • Large ecosystem available
            • Thorough, centralized documentation for every step of setup and use

            Notable software packages

            • OpenSSH remote access
            • OpenSMTPD mail server
            • OpenNTPD time server
            • OpenIKED keyserver
            • OpenBGPD routing server
            • LibreSSL for modern cryptography

            All of these are maintained as separate packages but are core components of the OS.

            Notable programs

            • carp(4) - IP address sharing on the same network
            • httpd(8) - web server optimized for the OS, top performance compared to other OS server packages
            • relayd(8) - highly performant load balancer for IP traffic
            • pf(4) - enterprise-quality packet filtering firewall
            • mandoc(1) - extensive system-wide documentation in a variety of formats

            Notable technology

            • pledge(2) - whitelists required system calls at startup, limiting attack surface by restricting what a program can do to what it is intended to do
            • zfs(8) - enterprise-grade expandable, recoverable, and snapshottable filesystem

            Pick some other stuff from https://www.openbsd.org/innovations.html for it, too.

            Quite frankly, I find the inclusion of the manual page section in the name to be confusing. I’d omit it if you don’t explain it at least non-exhaustively.

            1. 1

              Uh, OpenBSD has ZFS? .. since when? I mean https://www.tedunangst.com/flak/post/ZFS-on-OpenBSD I mean I guess it’s sort of there, but I don’t think anyone suggests you actually USE it on OpenBSD. Regardless it’s not Notable technology from OpenBSD, they clearly don’t care for it, but like some of the features it has…

              Otherwise I like this approach for “why OpenBSD” better than what is on the slides now.

              1. 3

                Sort of there? Where exactly? Have you checked the date of that commit? ;^)

                1. 1

                  LOL, exactly!

                2. 1

                  Sorry,

                  n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be

                  This was in my browser history: https://man.openbsd.org/FreeBSD-11.0/zfs.8 but I see now that it’s from the FreeBSD section. That’s confusing.

                3. 1

                  On OpenBSD, packages are pre-compiled binaries of 3rd-party software so I wouldn’t use that word as it may cause confusion. The above are certainly not packages in that sense.

            2. 1

              You may also want to update all the relevant links to https://.