OpenBSD: Secure by Default

Continuing with the theme of my last post regarding the impetus of the OpenBSD project, and the principles by which development of the operating system adheres, I felt compelled to enumerate some of the tangible benefits that such a system produces. The principled purist within me notwithstanding, for what reason do I not only choose to use but advocate for OpenBSD when there are so many viable alternatives? What are the benefits? Candidly, there are plenty. Beyond the intangible, esoteric, and ideological, there are myriad reasons that could incentivise installing and running OpenBSD; if not as a daily driver—a firewall, router …

more ...

OpenBSD: Clean, Correct Code by Default

I was perusing some not-too-recent-nor-old messages on the misc@openbsd.org mailing list when I entered a thread based on an interest in the subject—OpenBSD Project—where after reading the original message I would have normally passed on the rest but fortuitously didn't, and was pleased to read a contribution that reminded me of one of OpenBSD's most compelling merits:

"If your choice of operating system depends on any kind of formalities rather than on technical quality, OpenBSD is not the project you are looking for."

The entire message deserves a read but this key point made by author Ingo Schwarze …

more ...

Sourcehut: Open Source Software Development Platform

With the ubiquity of Git, there's always the question of where do I host my code? Github is obviously the dominant domain for developers but I can understand the reluctance of many free and open source software proponents to use an entirely closed source system. And with the new owners, it's an even less appealing prospect—particularly for those who have been around a little longer than Gen Z. Sure, there's a surfeit of options but the majority are, for the most part, Github clones.

This is where sourcehut—heretofore known by its abridged moniker sr.ht —shines.

It provides all of …

more ...

netcalc update: it's 2019 after all

After receiving a request from Martin on the misc@ mailing list to make IPv6 the default version for netcalc, I decided to implement my original idea of dynamically detecting which version IP address the user supplies so that no switch is necessary to discern the two. It was a trivial change but definitely an improvement; and, like Martin remarked, "it's 2019 after all." Despite the fact that IPv4 still traffics most of the Internet with approximately 75% coverage, any encouragement to implement its successor should be the default position.

I am a little surprised that IPv6 wasn't the default being taught at …

more ...

IPv4 and IPv6 CIDR Subnet Calculator

tl;dr: download netcalc—an IPv4 and IPv6 subnet calculator—to make subnetting easier.

In one of my Computer Science units last year we studied subnetting. It was really interesting but also highly programmatic. So like any good CS student, when faced with a repetitive problem to solve—such as calculating subnets—you automate the process; which I did! I first wrote a program in Python but then decided to create one in C. It only provided IPv4 functionality, though, as that's all we worked on at university. More recently, however, I thought I'd expand it to include IPv6; C makes this …

more ...

Sage Studying: Note-Taking and Revision

The second semester of 2019 commenced today, which brought to the forefront of my mind how I would study and prepare for the forthcoming assessments and exams. And so I thought I'd share my study strategy, and the tactics I use toward executing said strategy, which to date has resulted in a distinguished academic achievement. I suppose I should emphasise that I don't necessarily set out to achieve High Distinctions as a primary goal, but to learn the course content well—and the HD grades are an appreciated bonus. A fortunate byproduct of the whole process. But the pursuit of knowledge—a …

more ...

OpenBSD DNS Server with unbound and nsd

Table of Contents

Introduction

The default installation of OpenBSD comes with both unbound(8) and nsd(8); unbound is a validating, recursive, and caching DNS resolver that provides DNSSEC validation, while nsd is an authoritative name server that holds DNS records. The combination of the two running locally, means that name server lookups (i.e., requests to resolve domain names into IP addresses and vice versa) can be handled locally without being sent upstream to your ISP or another public name server such as Google. This almost completely prevents snooping or tampering …

more ...

Starting ssh-agent on OpenBSD

You'll find that unlike macOS, ssh-agent doesn't automatically run at startup on OpenBSD, so you need to initialise it, which is quick and easy but somewhat abstruse.

First, don't do the seemingly obvious and simply run ssh-agent like so:

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-MUxDCsIBiG5G/agent.38206; export SSH_AUTH_SOCK;
SSH_AGENT_PID=65950; export SSH_AGENT_PID;
echo Agent pid 65950;

Despite what you might intuit from the output, ssh-agent has only printed the shell script needed to initialise the daemon—it hasn't actually set the variables. Instead, we should evaluate the output, which will set both the SSH_AUTH_SOCK and SSH_AGENT_PID variables that allow ssh-add to communicate with …

more ...

Quick and Convenient Command Line E-mail

If you spend a considerable amount of time in your terminal, you might find the ability to fire off short emails from within it—without context-switching to your mail client or browser or whichever means you use—a convenient shortcut. Not to mention the utility it affords any number of use cases you might later choose to implement; a simple shell script, for example, can deliver notifications via email. It's a convenient feature of Unices that requires very little setup.

First, edit /etc/mail/secrets, as a privileged user, to store your credentials in the following format:

relayid relayuser:secretpassword

Where relayuser …

more ...

Unit testing with pytest—not easily ignored

Days 10–12 of the 100 Days of Code TalkPython course is dedicated to unit testing with pytest, and is a foison of information. Prior to this, I had very little experience with pytest but found it less intuitive than the language itself, and somewhat obscure—at least at first. I think, however, this was because of trying to concinnate the actual tests—much like I would any program—rather than simply hardcoding the input and expected output of a function's given test with the parametrize decorator. Instead, I would essentially try to rewrite the function logic differently to reproduce the desired …

more ...