Today has been a beautiful sunny day, not too hot, and I decided to take a break and relax, anticipating another busy week ahead.
While performing a #duperemove on a #btrfs file system (and it seems that soon this will be possible on #zfs too!), I'm reading about the progress #hammer2 is making on #OpenBSD (https://github.com/kusumi/openbsd_hammer2). This would be a winning combination, as the versatility of the excellent file system of #DragonflyBSD and the security of #OpenBSD would be an incredibly powerful union. Let's hope the development continues smoothly without any major issues!
I just love #Debian with #Xfce :debian:
It's simple, stable and get's out of my way
It might not be the most eye candy desktop - but I need it to just work.
@nichtq
I could run #OpenBSD - and do so (x240 ThinkPad).
For my desktop I have chosen #Debian
It does what it needs to do.
(I do use #Docker and some #Linux only thingies here and there)
In the end: I could run #OpenBSD on the desktop, that would be ok. :openbsd:
If anyone wants to know what #OpenBSD looks like: In my case, it's just a Firefox window showing Fosstodon, taking up literally the whole screen. There is a one-pixel white border around it. Pretty boring.
#OpenBSD is one OS you could learn a lot about with nothing more than a single offline OpenBSD box. Start with the Afterboot(8) and just go from there.
Updated: The ports / pkgsrc build framework and the related tools for binary packaging have a complicated history that has traveled further and closer over the years.
The FreeBSD ports was added to significantly after NetBSD forked it, then pkg_* tools were replaced on FreeBSD by PkgNG.
If a device has a publicly routable IPv6 interface, safari won't offer that address for a peer to use in a WebRTC call. Unless one of 2 seemingly unrelated things are true
a) the page already has microphone permission or
b) the page specifies an IPv6 capable STUN server.
The whole point of IPv6 is that you don't need NAT to share scarce IPv4 addresses - and so STUN (which figures out what your public IP address is) would be irrelevant for IPv6
The ironic downside of using a STUN server is that it adds a round trip time (or possibly 2 if DNS is needed) to the setup time and discloses your IP address to an additional server that didn't otherwise need to know it.
Sigh.
Now on to making my home network IPv6 friendly again - which I lost in the move from #openBSD to #freeBSD
Old customer infrastructure based on #Proxmox 5 and an ancient #Dell server running an outdated #pfSense.
They asked me to update everything because the ERP provider (a small software house) accessing via #VPN claims the pfSense version is too old. I agree and decide to upgrade Proxmox.
On the old Dell, I install #OpenBSD and, in agreement with the ERP provider, a #Wireguard VPN.
After a few days, they 'recall' me because, for their internal compliance and following their '#security manual,' they need to enter the password manually every time they connect, and Wireguard doesn't support user/password concept.
They ask for the possibility to change the PSK with each access to ensure that the one in their configuration files is not the current one - an absurd operation. I don't have a maintenance contract and can't take this responsibility, as it doesn't make sense. Clearly, they agreed on Wireguard without even knowing what it was.
To avoid issues, I ask them what to install instead. They suggest #OpenVPN might be acceptable. I proceed accordingly. They contact me again: 'The version of OpenVPN is not suitable, and OpenBSD is not certified according to our security procedures.' I ask them to tell me what is certified. They respond: '#Debian 7, #Wheezy - and the version of OpenVPN from Debian 7.'
I politely point out that Debian 7 reached its End of Life in 2016, and even the extended LTS has been unsupported for 3 years. They don't care, they must abide by their manual - it's safe for them.
The customer asks me to accommodate them anyway, but I reflect on the fact that when they inevitably get compromised, it will be my fault for installing something so outdated today.
I declined the job - limiting myself to updating Proxmox.
I'm not sure if I'm more offended by the bureaucracy of certain 'internal manuals' or by the closed-mindedness of certain colleagues who can't stand up against such dynamics.
@mikael@vmisev@alelab
The hardware is the culprit most of the time.
Depending on what one has, #FreeBSD can run as smooth as butter. (And so does #OpenBSD )
YMMV 😉
Of course: Any system that gets the job done is fine 😎
Is anyone using #got / #gameoftrees from #openbsd on their #git repos? Thoughts? I use git now a days but I always had hoped #mercurial would have won, or had their github equivalent.
@tulpa What is stopping you from using both so you can get experience with #OpenBSD but still have #Debian#Linux to continue woking with that until you are able to to setup OpenBSD to replicate the way you use Debian?
I wrote an article about moving my site to #OpenBSD on @OpenBSDAms using #relayd, #httpd, and #acme client and (a bit) about my new found love towards @mwl:
#Debian is for the reasonable adult in me. #OpenBSD is for the radical in me that has actual taste in software and doesn't care that I can't meet every tiny need.