Michael W. Lucas - Absolute OpenBSD_ UNIX for the practical paranoid

Date: 2023-10-09
| Instead of a restrictive copyright, or the more permissive but
| still restricted copyleft, the BSD license is sometimes referred
| to as copycenter, as in “take this down to the copy center and
| run off a few for yourself.”
Chapter: The BSD License


Date: 2023-10-10
| In 1994, after two years of legal wrangling, the University of
| California lawyers proved that the majority of AT&T UNIX was
| actually taken from BSD, rather than the other way around. To add
| insult to injury, AT&T had violated the BSD license by stripping
| the CSRG copyright from the files it had appropriated
Chapter: AT&T vs. the World


Date: 2023-10-10
| subsequent update, BSD 4.4-Lite2, is the grandfather of OpenBSD,
| as well as all other BSD code in use today, such as that in FreeBSD,
| NetBSD, and Mac OS X
Chapter: AT&T vs. the World


Date: 2023-10-10
| They’ve also created several pieces of software that have become
| industry standards across many operating systems, such as sudo and
| the ubiquitous OpenSSH.
Chapter: The Birth of OpenBSD


Date: 2023-10-10
| OpenBSD puts almost all of its effort into security features,
| security debugging, and code correctness, and has demonstrated in
| the process that correct code has a much lower failure rate, and
| hence greater security. OpenBSD strives to be the ultimate secure
| operating system.
Chapter: The Birth of OpenBSD


Date: 2023-10-10
| Contributors are OpenBSD users who have the skills necessary to add
| features to the operating system, fix problems, write documentation,
| or accurately report problems. Problems range from typographical
| errors in the documentation to system crashes. Almost anyone can
| be a contributor. In fact, the community has even accepted problem
| reports from me, and resolved them within hours.
Chapter: OpenBSD Contributors


Date: 2023-10-10
| Additionally, OpenBSD takes advantage of any security features
| offered by hardware. For example, AMD’s 64-bit Intel-compatible
| CPUs can mark a page of memory as either executable or writable,
| but not both. (Intel later copied this feature.) This alleviates
| many buffer overflow attacks, but the operating system must use
| this facility. OpenBSD supported this feature in 2003, shortly
| after the hardware was released.
Chapter: Security


Date: 2023-10-11
| Many commercial operating systems conceal their inner workings,
| and the only access you get is through the programs, application
| programming interfaces (APIs), and application binary interfaces
| (ABIs) they provide. If you want to learn more about how your
| operating system works, you can’t (unless you reverse-engineer
| it). When something breaks, you either live with it or pay the
| vendor to solve the problem.
Chapter: OpenBSD’s Support Model


Date: 2023-10-12
| correctly identify bugs, you must learn how the system should behave
| and why
Chapter: The Code Is Fine. What’s Wrong with You?


Date: 2023-10-12
| That said, a man page is not a tutorial. The manual explains how
| things work, not what to type to achieve particular effects. You
| must be able to assemble the knowledge offered by the man page into
| the tool that you need.
Chapter: Man Pages


Date: 2023-10-12
| Man pages often appear with the section number in parentheses after
| the command, such as ping(8) or ed(1). This gives you the name of
| the command (ping) and the section where the command is documented
| (8, on system maintenance).
Chapter: Manual Sections


Date: 2023-10-12
| The command apropos searches for any man page name or description
| that includes the word you specify. The command whatis does the
| same search, but matches only whole words.
Chapter: Finding Man Pages


Date: 2023-10-12
| The only third-party website I can unconditionally recommend
| is http://www.undeadly.org/, an OpenBSD news aggregator. When a
| website posts worthwhile OpenBSD-related content, the undeadly.org
| maintainers link to it
Chapter: Non-Project Websites


Date: 2023-10-13
| Note that blobs are not the same as firmware. Firmware is a binary
| object a piece of hardware needs in order to run, and is loaded
| into the hardware itself, rather than into the operating system.
Chapter: Proprietary Hardware, Blobs, and Firmware


Date: 2023-10-13
| OpenBSD’s multiprocessor support is not as broad as some other
| operating systems, however. The OpenBSD kernel mostly runs with the
| Big Giant Lock method, so the kernel can run on only one processor
| at a time. (Some small chunks of the kernel are not under the Big
| Giant Lock.) In practical terms, this means that the OpenBSD kernel
| won’t make effective use of more than two processors or cores
Chapter: Processors


Date: 2023-10-13
| User processes scale well as long as they don’t go into the
| kernel. Most web log analysis software, for example, runs almost
| entirely in user space, and you run massively parallel analysis
| jobs that scale quite well with the number of processors. Tasks
| such as forwarding packets, however, pass through the kernel. The
| hardware you need depends entirely on your expected workload.
Chapter: Processors


Date: 2023-10-13
| Most weird crashes and inexplicable, irreproducible problems can
| be traced back to bad memory, so be certain that the memory you are
| using is good. Memory is a common failure point in an old machine.
Chapter: Memory (RAM)


Date: 2023-10-13
| KVM hypervisor
Chapter: Virtualization


Date: 2023-10-13
| You might have no respect for your own bandwidth, but please respect
| others’ bandwidth.
Chapter: Local Installation Servers


Date: 2023-10-13
| The kernel is the heart of the operating system, containing the
| device drivers and basic system functions. Without a kernel, the
| system will not boot.
Chapter: File Sets


Date: 2023-10-13
| single large partition eliminates per-partition security and
| privileges. With your log files safely contained on one partition,
| a process or user gone amok cannot fill your entire drive. While
| it could fill a partition, you could still create and edit files
| on other partitions, giving you the flexibility you need to address
| the problem
Chapter: Partitioning


Date: 2023-10-15
| Split your swap space between the drives. Be sure that at least one
| partition is large enough to hold the contents of your physical RAM,
| so that OpenBSD can do a crash dump if needed. OpenBSD cannot split
| a crash dump between two different swap partitions.
Chapter: Multiple Hard Drives


Date: 2023-10-15
| If your second drive is much slower than your main system drive,
| don’t bother using it. A computer runs only as fast as its slowest
| component, so adding that old IDE drive to your SATA system will
| drag down the whole machine.
Chapter: Multiple Hard Drives


Date: 2023-10-15
| If you want to install multiple operating systems on a single disk,
| then each operating system needs its own MBR partition.
Chapter: MBR Partitions


Date: 2023-10-15
| When someone speaks of “partitions” in OpenBSD, they almost
| certainly mean disklabel partitions.
Chapter: Disklabel Partitions


Date: 2023-10-15
| Taken as a whole, sectors, tracks, and cylinders described the
| disk geometry.
Chapter: Sectors and Lies


Date: 2023-10-15
| If you read about the history of hard drives, you’ll discover
| all sorts of interesting lies.
Chapter: Sectors and Lies


Date: 2023-10-15
| Disks are divided into sequentially numbered sectors. Partitions
| fill a number of consecutive sectors. Sectors are grouped into
| cylinders, based on the number of heads in the drive. Partitions
| end on cylinder boundaries.
Chapter: Sectors and Lies


Date: 2023-10-15
| /dev/rsd0c 1. The leading /dev means that this is a device node. The
| rsd0c is the disk name. sd means that this drive uses the sd(4)
| device driver, and the 0 means that this is the first drive OpenBSD
| found and attached
Chapter: Sectors and Disklabels


Date: 2023-10-15
| By using the DUID in your system configuration instead of the
| BIOS-assigned device name, you will always have the same disk used
| for the same purpose
Chapter: Sectors and Disklabels


Date: 2023-10-15
| On every disklabel partition, c represents the entire disk. It has
| an offset of 0 and a size equal to the number of sectors on the
| disk. You cannot put a filesystem on partition c; it’s there only
| for reference.
Chapter: Sectors and Disklabels


Date: 2023-10-15
| One interesting thing is that the disklabel can be considered
| a configuration file for formatting a disk. You could save this
| disklabel to a file, get an identical hard drive, write this label
| to that new disk, and perfectly duplicate the partitioning of the
| old disk on the new.
Chapter: Sectors and Disklabels


Date: 2023-10-15
| If this machine is going to be on the Internet, you must know its
| network configuration before starting. If your network has DHCP,
| you’re all set. If not, you need a valid IP address, netmask,
| default gateway, and name server IP addresses
Chapter: Other Information


Date: 2023-10-15
| The chipset is the actual hardware name, not the model name, which
| can cause a bit of confusion because, after all, when you buy a
| computer, the network card is frequently listed as a “gigabit
| Ethernet,” not as an “Intel PRO/1000MT Dual Port Server Adapter
| model PWLA8492MT.”
Chapter: Hardware Setup


Date: 2023-10-15
| Basic Input/Output System (BIOS)
Chapter: BIOS Configuration


Date: 2023-10-23
| In general, when a PC-style computer first boots, it starts the
| BIOS. The BIOS is a small piece of software that figures out things
| like which drives are attached and what they’re attached to, what
| sort of CPU is installed, and how much memory is available. After
| getting that information, the BIOS loads a minimal boot loader from
| some kind of storage device.
Chapter: Power-On and the Boot Loader


Date: 2023-10-23
| The boot loader is a small program that handles initial system
| configuration and boots the kernel. It finds and starts the kernel,
| which in turn detects hardware, attaches device drivers, and performs
| other core setup. Finally, the kernel calls init(8), which starts
| processes and enables user programs, network interfaces, server
| software, and so on.
Chapter: Power-On and the Boot Loader


Date: 2023-10-30
| Single-user mode is the earliest point when OpenBSD can give you
| a Unix-style shell prompt. At this point, the kernel has probed
| all the hardware, attached drivers to all the hardware that it’s
| going to acknowledge, and started init. The system hasn’t mounted
| any filesystems except for the root partition, which is mounted in
| read-only mode. The network isn’t started, no services are running,
| security is not implemented, and filesystem permissions are ignored.
Chapter: Booting in Single-User Mode


Date: 2023-11-08
| OpenBSD’s newsyslog can email logs to a user before rotating
| them. If you carefully control how you sort your logs, this feature
| can be useful. For example, sudo(8) logs successful uses at priority
| notice, but failed uses at priority alert. You might split these
| into separate log files in syslog.conf, like this:
Chapter: Monitoring Logs


Date: 2023-10-17
| An OpenBSD upgrade has three distinct phases: installing the
| newer versions of the operating system files, updating the local
| configuration, and updating obsolete add-on software packages
Chapter: The OpenBSD Upgrade Process