1. 9
    how do you keep $HOME clean

    $HOME is read-only:

    • New applications are not allowed to create directories or files in $HOME.
    • Existing non-compliant applications are gradually replaced by compliant ones.
    naming rules do you follow

    All dirs lowercase for better auto-completion.

    top level directories
    • .cache: XDG cache dir

    • .config: XDG config dir

    • .local: XDG “local” dir

    • apps: unmanaged third-party application binaries

    • audios: subfolders music and casts

    • backup: obvious

    • code: sources for my coding projects

    • desktop: files that are displayed on the dektop

    • documents: obvious

    • downloads: obvious

    • fonts: symlink to .local/share/fonts/

    • images: pictures, screenshots, wallpapers (I wanted to find a different name, because of the possible confusion with CD images, but the time made this concern obsolete)

    • public: shared directory, network-accessible

    • remote: remote mounts

    • videos: obvious

    1. 5

      New applications are not allowed to create directories or files in $HOME.

      easily the best idea that I have read regarding unix administration in a long time

      1. 5

        New applications are not allowed to create directories or files in $HOME.

        Do you have a technical way to enforce this, or do you just pay attention to the files and directories an app creates?

        1. 3

          Yes, chmod -222 $HOME does the enforcement for me.

          I wrote a more detailed step-by-step guide here.

        2. 2

          New applications are not allowed to create directories or files in $HOME.

          WOW. Why didn’t I think of that?! Thanks!

          1. 2

            I don’t understand. Home is read only, but you write a bunch of stuff there…what am I missing? Can you give me more details please?

            1. 3

              $HOME itself is read-only (chmod -222 $HOME), but existing files and folders are still writable.

              That’s how the amount of garbage .dotfiles is slowly decreasing on my machine: New ones can’t be added (because of the dir being read-only); and I’m removing existing ones as I migrate to better written applications.

              I wrote a more detailed step-by-step guide here.

              1. 1

                Ahhhh! Thank you!

          1. 1

            Host my own email and websites. OpenBSD, OpenSMTP, httpd on small vultr vps’s Home fileserver running freenas on an older desktop.

            1. 2

              I also do this (save for Home server freenas). Gmail blocks a good deal of my outgoing mail, but honestly, this has been covered a lot recently, so I won’t rant here about is worth it or not. (Yes, it’s worth the risk of having undelivered email, but not having google handle all my email needs.)

            1. 7

              Nice! I run OpenSMTPD and Exim on OpenBSD and they are very comfortable on a 500mb ram vps. Welcome to the self-hosted email club!

              1. 2

                Company: Lightspeed

                Company site: https://www.lightspeedhq.com

                Position(s): Backend Developer, Frontend Developer, Information Security Specialist, Salesforce Developer, Technical Writer

                Location: Montreal, Ghent, Amsterdam, Toronto

                Description:

                Lightspeed is a point of sale SaaS provider. We have products for retail, restaurant, eCommerce, payments, loyalty and recently golf. We use a fair amount of different tech depending on the team you’re on. We have technical debt, but we actively work to combat it. We have developer openings in Montreal, Amsterdam, and Ghent at the moment, but we’re often open to the right candidate even if there isn’t a posting that exactly fits you. We’ve got plenty of challenges and ambitious goals. Our dev managers are former developers, and we do our best to make sure the techincal aspects of the product are prioritized as well as the business aspects.

                Some of our stack: MySQL, PHP, Java, Go, Python (primarily for test automation), React, Node, GraphQL, REST.

                We’re on AWS and GCP (migrating to GCP). We use lots of fancy cloud technology: k8s, terraform, helm, docker, etc.

                Check out our current openings here: https://www.lightspeedhq.com/careers/overview/all/ and feel free to apply online, or reach out to me directly.

                This is my second time working at LS, I left and then came back, and it’s overall a pretty great place to work.

                Contact: Feel free to PM me if you have questions

                1. 5

                  Interviews are usually there to help the interviewer verify that you know how to break larger problems into more understandable chunks. Ask questions.

                  This is the main thing I’m looking for when hiring. I want you to help me get into your head. How do you approach the problem, how do you break it down, what questions do you ask? Ideally, candidates will think out loud when they’re solving a problem.

                  1. 3

                    Speaking of thinking out loud (sorry for the pun), one of the big reasons I hate open office plans is that it hinders people from talking a problem out, even when it’s routine.

                    My old work place had a safety checklist, and we found that even though it was written on paper on a clipboard, we had less mishaps when a worker spoke out loud each of the checks.

                    1. 2

                      I believe you were the one who said the “I’ve read your blog, you don’t need to prove yourself to me” line too. Lol.

                    1. 7

                      While I do agree that it’s redundant to ask to ask, IRC can be an intimidating place, especially if you’ve never used it before. Add to that the fact that you have no idea how receptive people on the channel will be, asking to ask can be useful to guage what kind of response you’re likely to get when you ask your actual question. Based on the response to your original ask, you may decide that you don’t want to ask a question at all because you’ve found yourself in a non-welcoming space. So, while it does annoy me when people ask to ask, I generally try to be as helpful as I can be, considering that the person on the other end of the line may have zero experience talking with developers or even using IRC.

                      1. 3

                        Throwing a birthday party for my partner. Brunch at 11, afternoon tea at tea time. Going to have 17 adults and 20 kids running around over here. Should be fun, but I’m going to need to take Sunday off.

                        1. 8

                          Starting the tomatoes! Trimming another apple tree. Playing with my kids!

                          1. 2

                            Company: Lightspeed

                            Company site: https://www.lightspeedhq.com

                            Position(s):

                            Location: Montreal, Amsterdam

                            Description: We’re a POS company, buildling solutions for SMEs to power their retail, restaurant, e-commerce and loyalty needs. Our main belief is that small and medium sized businesses are what makes cities special, and we want to help them compete with larger enterprises. We’ve got lots of challenges to tackle right now, and there are already a few lobsters working here.

                            Contact: Feel free to ping me directly, or apply online: https://www.lightspeedhq.com/careers

                            1. 1

                              This is really cool. Any plans to design one specificaly catered to programmers?

                              1. 3

                                I am not the creator, but I’ve found that MadRabbit has something like rockstar-layout: “In an essence this is a variation on the QGMLWY layout from the carpalx project”. I don’t think it’s ai-powered though.

                                1. 1

                                  Not OP but I have created a programmer-centric keyboard layout for MacOS that might be interesting to someone.

                                1. 2

                                  Great to see more resources to help people learn about OpenBSD.

                                  1. 2

                                    Someone on Reddit linked to this section of the FAQ yesterday, I was like…how have I never seen this before? Am I losing my mind? Thanks for putting me at ease. Awesome addition to the FAQ!

                                    1. 1

                                      A few Vultr VPSs running OpenBSD hosting my mail, web, and VPN needs.

                                      1. 3

                                        Replacing the frame for some outdoor steps that lead to my front door. The existing ones have rusted out.
                                        Otherwise, probably building some sledding hills in the backyard for the kids, and checking if the pond is frozen enough to skate on.

                                        1. 18

                                          I no longer believe that daemons should fork into the background. Most Unix systems now have better service control and it makes the code easier to deal with if it doesn’t call fork(). This makes it easier to test (no longer do you have to provide an option not to fork() or an option to fork()) and less code is always better.

                                          1. 6

                                            Not forking also allows logging to be an external concern and the process should just write to stdout and stderr as normal.

                                            1. 1

                                              This is not so much about the forking per se, but rather the other behaviour that generally goes with it: closing any file descriptors that might be connected to a controlling terminal.

                                            2. 4

                                              OpenBSD’s rc system seems to expect that processes fork. I don’t see an obvious workaround for processes that don’t fork.

                                              1. 3

                                                It’s not that hard to write a program to do the daemonization (call umask(), setsid(), chdir(), set up any redirection of stdin, stdout and stderr, then exec() the non-forking daemon.

                                                1. 2

                                                  It’s even simpler when you have daemon(3): http://man7.org/linux/man-pages/man3/daemon.3.html

                                                  1. 1

                                                    Which you do on OpenBSD, actually.

                                                    Note that daemon(3) is a non-standard extension so it should be avoided for portable code. The implementation is simple enough, though.

                                                2. 2

                                                  I’m not sure this is accurate, at least on -current. There are several go “deamons” that as far as I understand don’t support fork(2). These can still be managed by OpenBSD’s rc system:

                                                  # cd /etc/rc.d
                                                  # cat grafana                                                                                                                                                                                                  
                                                  #!/bin/ksh
                                                  #
                                                  # $OpenBSD: grafana.rc,v 1.2 2018/01/11 19:27:10 rpe Exp $
                                                  
                                                  daemon="/usr/local/bin/grafana-server"
                                                  daemon_user="_grafana"
                                                  daemon_flags="-homepath /usr/local/share/grafana -config /etc/grafana/config.ini"
                                                  
                                                  . /etc/rc.d/rc.subr
                                                  
                                                  rc_bg=YES
                                                  rc_reload=NO
                                                  
                                                  rc_cmd $1
                                                  

                                                  I’m not sure if there’s more to it that I don’t understand, I don’t write many deamons!

                                                  1. 1

                                                    Well, it turns out, I can’t read! The key to this is rc_bg, see https://man.openbsd.org/rc.subr#ENVIRONMENT

                                                3. 1

                                                  For those that don’t know, daemontools is a nice service system that explicitly wants programs to not try to daemonize themselves. For services I build and run I try to use that.

                                                1. 3

                                                  Yup. I run OpenBSD on all my computers at home (laptop + desktop) and I use it for all my VPSs (smtpd, httpd). At work I have a mac because reasons, but I much prefer my OpenBSD systems. Why?

                                                  For (some of these are true of linux as well):

                                                  • Upgrades are painless and infrequent (2 times a year on release)
                                                  • Updates are painless and infrequent (syspatch)
                                                  • Default out of box install uses minimal resources
                                                  • No forced UI changes – I run a minimal desktop manager, it rarely changes
                                                  • Tons of pre-built applications available via pkg_add
                                                  • Performs really well on older hardware (up to a point)
                                                  • Excellent documentation
                                                  • So easy to install (assuming you don’t have any funky hardware or BIOS problems)
                                                  • Sane defaults (example, if you install a server package (redis, mysql, postgres, influx, etc) it’s only going to listen on 127.0.0.1 unless you explicitly tell it to listen on other interfaces, or it’s required for the server to function e.g. samba)
                                                  • includes modern daemons for standard stuff like smtp, http, ntp, dns, dhcp, ipsec and more

                                                  Against:

                                                  • People sometimes complain about performance (network if your hardware is poorly supported, NFS in a mixed environement, ie.. NFS server on linux / freebsd with client on OpenBSD or vice-versa, general performance vs linux – I don’t really notice since I only use OpenBSD, and it always seems to just get faster)
                                                  • Packages aren’t always the most up to date (unless you’re running -current)
                                                  • Mailing lists can be abrasive
                                                  • Not as much hardware support as linux

                                                  I’m sure there’s more, but those are the things I really appreciate about OpenBSD.

                                                  1. 1

                                                    I have a question on packages. Do you use the M:Tier ones? If so how up to date/stable are they? Eg. when something is in ports is it quickly available there? Do you know if it’s hours, days, weeks or more?

                                                    1. 1

                                                      I don’t use them, no. I run -current on my primary machine, so packages are updated as soon as the updates are built and propagated to the mirrors. On my other machine, I’m ok being a bit out of date.

                                                  1. 4

                                                    No mention of gopher clients! How are you supposed to see other people’s posts? I found this one: http://gopher.quux.org:70/devel/gopher/Downloads/ which seems to work pretty well. I remember back in the day firefox/netscape used to support gopher:// url’s but pretty sure that’s no longer the case.

                                                    1. 5

                                                      I use OverbiteFF on Firefox. Lynx also supports gopher. But where was the author’s gopher site? If it’s so easy (and it is [1]) why did he not do it himself? Seems odd.

                                                      [1] Not only do I run gopher but I wrote my own server, mainly to serve up my blog.

                                                      1. 5

                                                        The original article is posted on gopher here: gopher://sdf.org/0/users/dbucklin/posts/how_gopher.txt

                                                        Lynx is a fantastic gopher browser and there are several new ones also in active development. There’s sacc(1) from the folks at bitreich.org and also VF-1 if you prefer more of a REPL style interface.

                                                        1. 3

                                                          I’m going to take this rare opportunity to plug my gopher client: https://github.com/enkiv2/misc/blob/master/ncgopher.py – not because it’s particularly good, but because it’s a good illustration of how straightforward a featureful gopher client is to write.

                                                          I’m aware of a couple people on mastodon making much more polished & featureful clients. I can’t remember their names offhand, unfortunately.

                                                      2. 4

                                                        You can use elinks, lynx, cgo, sacc (that you can try via ssh at ssh://kiosk@bitreich.org), clic, curl to download…

                                                        Most browsers can start an external program after downloading a file, (xdg-open by default). Gopher has text-menu but is not text-only.

                                                        Even plain netcat/telnet, given how simple is the protocol. If all you want is getting a document from gopher: printf '/0/%s\r\n' "$url" nc "$host" 70 > file.

                                                        Firefox dropped the gopher:// protocol support. moz :/ la…

                                                        1. 4

                                                          Indeed it isn’t (and I think even the Firefox add-ons that added back support don’t work anymore…)

                                                          Haiku’s network protocol client layer has first-class Gopher support, and since our WebKit port uses our internal protocol stack, you can browse Gopher in WebPositive.

                                                        1. 1
                                                          1. 4

                                                            Been reading Oryx and Crake by Margaret Atwood… dystopian sci-fi… so far, I’m quite fond of it.

                                                            1. 4

                                                              Ooh thanks for that. Just finished the recent remake of A Handmaid’s Tale and first read the book just a few years back. She’s amazing. Will definitely look that up.

                                                              1. 3

                                                                Read the sequels. I think the whole trilogy is quite good.

                                                              1. 5

                                                                Another small bug on http://www.openbsdjumpstart.org/#/24:

                                                                # For example, tune ntpd(8) to try to set the time immediately at startup:
                                                                /usr/sbin/rcctl enable ntpd
                                                                /usr/sbin/rcctl set apmd flags -s
                                                                /usr/sbin/rcctl restart ntpd
                                                                

                                                                That second rcctl should be for ntpd, not apmd.

                                                                1. 1

                                                                  Corrected, thank you very much!