From hello at firesilver.net Tue Jul 4 08:22:26 2023 From: hello at firesilver.net (Fire Silvernight) Date: Tue, 4 Jul 2023 13:22:26 +0100 (GMT+01:00) Subject: [talk] Seeking OpenBSD advice (eventually) Message-ID: <67f1d47d-79bf-4a3d-9424-242e823475f2@firesilver.net> Hi All, Its been a while since I connected with the group. My name is Fire(crow) Silvernight, I am a software engineer now living in the southcoast of England, but was a dev in nyc for a hot minute. I'm launching a company (https://ioledge.com[https://ioledge.com/]) and we have decided to move away from Linux for our servers. This move is mostly driven by a desire to leave out all languages and compilers from our servers, and the package managers were too coupled in linux stacks for this to be practical. We are moving to OpenBSD, but our knowledge of that space is limited, I dont have any specific questions right now but wanted to reach out and say hi in advance of posting a few things to the list as they come up. It's also nice to reconnect with folks I used to see in new york, who due to their security conscious nature are not that easy to track down online :). cheers Fire -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcevoy.pat at gmail.com Thu Jul 6 15:00:56 2023 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Thu, 6 Jul 2023 15:00:56 -0400 Subject: [talk] Talk request / idea Message-ID: Hello Folks, Does anyone interested in talk about *BSD Scientific software? Example: https://www.freshports.org/science/ R-lang especially. From viewtiful.icchan at gmail.com Fri Jul 7 06:09:53 2023 From: viewtiful.icchan at gmail.com (Robert Menes) Date: Fri, 7 Jul 2023 06:09:53 -0400 Subject: [talk] OpenBSD disk cloning Message-ID: Hey everyone, I'm switching the SSD in my OpenBSD laptop out for a larger one, from 128GB to 1TB. Currently, my OpenBSD install is the normal default partition setup, but I also want to grow /usr/local and /home to take advantage of the added space. I'm on OpenBSD 7.3 and also encrypted my volume at install. So, threefold problem: 1) What is a fast, easy way to quickly copy all the existing partitions to the new drive, and 2) Should I prepare disk encryption first, before cloning the existing partitions, and 3) I've looked at Clonezilla for 1) but have to consider also growing the partitions I want to grow afterwards; Clonezilla AFAIK doesn't do partition resizing. What are some solutions or ideas that anyone has that would allow me to even do all this from within OpenBSD itself? This will also be a good learning method to do more with OpenBSD as well! Thanks, everyone! --Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpb at jimby.name Sat Jul 8 12:34:52 2023 From: jpb at jimby.name (jpb) Date: Sat, 8 Jul 2023 12:34:52 -0400 Subject: [talk] OpenBSD disk cloning In-Reply-To: References: Message-ID: <20230708123452.2f467e7a.jpb@jimby.name> On Fri, 7 Jul 2023 06:09:53 -0400 Robert Menes wrote: > Hey everyone, > > I'm switching the SSD in my OpenBSD laptop out for a larger one, from > 128GB to 1TB. > > Currently, my OpenBSD install is the normal default partition setup, > but I also want to grow /usr/local and /home to take advantage of the > added space. I'm on OpenBSD 7.3 and also encrypted my volume at > install. > > So, threefold problem: > > 1) What is a fast, easy way to quickly copy all the existing > partitions to the new drive, and > 2) Should I prepare disk encryption first, before cloning the existing > partitions, and > 3) I've looked at Clonezilla for 1) but have to consider also growing > the partitions I want to grow afterwards; Clonezilla AFAIK doesn't do > partition resizing. > > What are some solutions or ideas that anyone has that would allow me > to even do all this from within OpenBSD itself? This will also be a > good learning method to do more with OpenBSD as well! > > Thanks, everyone! > > --Robert Hi Robert, I'm old school, so take this with a grain of (old) salt. I normally manage two machines for just this scenario. When I need to update, I prepare the other ("new") machine: * with the latest OS, repartitioning as part of the base install * install the same packages/ports (includes all dependencies) * copy any user data from old to new, usually using rsync which you can find in the packages repo (see https://www.openbsd.org/faq/faq15.html#Intro) * after that, i test for a day or two, then just use the new system, putting the old system aside until the next update. This way is more expensive, but it's also very reliable in that if anything breaks with the new install or package updates, I can just continue using the current system until any issues are resolved. Hope this helps, Jim B. From viewtiful.icchan at gmail.com Sat Jul 8 17:14:39 2023 From: viewtiful.icchan at gmail.com (Robert Menes) Date: Sat, 8 Jul 2023 17:14:39 -0400 Subject: [talk] OpenBSD disk cloning In-Reply-To: <20230708123452.2f467e7a.jpb@jimby.name> References: <20230708123452.2f467e7a.jpb@jimby.name> Message-ID: This might be a doable solution, but I do have another question to go along with this, because I don't want to play guesswork with what's currently installed on my system and what I have to reinstall on the new drive. Do OpenBSD's pkg utilities (pkg_add, pkg_info, etc.) have an option to output to a file a list of all installed packages? IIRC dpkg on Debian, or its apt tools, have an option you can pass into them to dump out a whole list of installed packages to a text file, which can be read back in on a new system to install all the same packages back in again. Everything else like custom configuration and such can easily be put onto a USB stick and migrated over, or I can put them into a private GitHub repo, clone it into the new machine, and put everything into place. On Sat, Jul 8, 2023, 12:34 jpb wrote: > On Fri, 7 Jul 2023 06:09:53 -0400 > Robert Menes wrote: > > > Hey everyone, > > > > I'm switching the SSD in my OpenBSD laptop out for a larger one, from > > 128GB to 1TB. > > > > Currently, my OpenBSD install is the normal default partition setup, > > but I also want to grow /usr/local and /home to take advantage of the > > added space. I'm on OpenBSD 7.3 and also encrypted my volume at > > install. > > > > So, threefold problem: > > > > 1) What is a fast, easy way to quickly copy all the existing > > partitions to the new drive, and > > 2) Should I prepare disk encryption first, before cloning the existing > > partitions, and > > 3) I've looked at Clonezilla for 1) but have to consider also growing > > the partitions I want to grow afterwards; Clonezilla AFAIK doesn't do > > partition resizing. > > > > What are some solutions or ideas that anyone has that would allow me > > to even do all this from within OpenBSD itself? This will also be a > > good learning method to do more with OpenBSD as well! > > > > Thanks, everyone! > > > > --Robert > > Hi Robert, > > I'm old school, so take this with a grain of (old) salt. > > I normally manage two machines for just this scenario. When I need to > update, I prepare the other ("new") machine: > > * with the latest OS, repartitioning as part of the base install > * install the same packages/ports (includes all dependencies) > * copy any user data from old to new, usually using rsync which you > can find in the packages repo (see > https://www.openbsd.org/faq/faq15.html#Intro) > * after that, i test for a day or two, then just use the new system, > putting the old system aside until the next update. > > This way is more expensive, but it's also very reliable in that if > anything breaks with the new install or package updates, I can just > continue using the current system until any issues are resolved. > > Hope this helps, > Jim B. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From okan at demirmen.com Sun Jul 9 19:46:44 2023 From: okan at demirmen.com (Okan Demirmen) Date: Sun, 9 Jul 2023 19:46:44 -0400 Subject: [talk] OpenBSD disk cloning In-Reply-To: References: <20230708123452.2f467e7a.jpb@jimby.name> Message-ID: On Sat 2023.07.08 at 17:14 -0400, Robert Menes wrote: > This might be a doable solution, but I do have another question to go along > with this, because I don't want to play guesswork with what's currently > installed on my system and what I have to reinstall on the new drive. > > Do OpenBSD's pkg utilities (pkg_add, pkg_info, etc.) have an option to > output to a file a list of all installed packages? IIRC dpkg on Debian, or > its apt tools, have an option you can pass into them to dump out a whole > list of installed packages to a text file, which can be read back in on a > new system to install all the same packages back in again. Everything else > like custom configuration and such can easily be put onto a USB stick and > migrated over, or I can put them into a private GitHub repo, clone it into > the new machine, and put everything into place. Yes, and there's even an FAQ for that. > On Sat, Jul 8, 2023, 12:34 jpb wrote: > > > On Fri, 7 Jul 2023 06:09:53 -0400 > > Robert Menes wrote: > > > > > Hey everyone, > > > > > > I'm switching the SSD in my OpenBSD laptop out for a larger one, from > > > 128GB to 1TB. > > > > > > Currently, my OpenBSD install is the normal default partition setup, > > > but I also want to grow /usr/local and /home to take advantage of the > > > added space. I'm on OpenBSD 7.3 and also encrypted my volume at > > > install. > > > > > > So, threefold problem: > > > > > > 1) What is a fast, easy way to quickly copy all the existing > > > partitions to the new drive, and > > > 2) Should I prepare disk encryption first, before cloning the existing > > > partitions, and > > > 3) I've looked at Clonezilla for 1) but have to consider also growing > > > the partitions I want to grow afterwards; Clonezilla AFAIK doesn't do > > > partition resizing. > > > > > > What are some solutions or ideas that anyone has that would allow me > > > to even do all this from within OpenBSD itself? This will also be a > > > good learning method to do more with OpenBSD as well! > > > > > > Thanks, everyone! > > > > > > --Robert > > > > Hi Robert, > > > > I'm old school, so take this with a grain of (old) salt. > > > > I normally manage two machines for just this scenario. When I need to > > update, I prepare the other ("new") machine: > > > > * with the latest OS, repartitioning as part of the base install > > * install the same packages/ports (includes all dependencies) > > * copy any user data from old to new, usually using rsync which you > > can find in the packages repo (see > > https://www.openbsd.org/faq/faq15.html#Intro) > > * after that, i test for a day or two, then just use the new system, > > putting the old system aside until the next update. > > > > This way is more expensive, but it's also very reliable in that if > > anything breaks with the new install or package updates, I can just > > continue using the current system until any issues are resolved. > > > > Hope this helps, > > Jim B. > > > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk From mcevoy.pat at gmail.com Sun Jul 9 22:20:51 2023 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Sun, 9 Jul 2023 22:20:51 -0400 Subject: [talk] Next NYC*BUG: 2023-07-12 @ 18:45 Message-ID: Next NYC*BUG: July Social Event & Open Mic, Speaker, Could be You! 2023-07-12 @ 18:45 More info: https://www.nycbug.org/index?action=view&id=10690 Patrick McEvoy -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcevoy.pat at gmail.com Tue Jul 11 11:45:02 2023 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Tue, 11 Jul 2023 11:45:02 -0400 Subject: [talk] NYC*BUG: tomorrow Message-ID: <1BB799C1-DEBC-4AFF-BFC5-AFDDF1893E19@gmail.com> Next NYC*BUG: TOMORROW July Social Event & Open Mic, Speaker, Could be You! 2023-07-12 @ 18:45 More info: https://www.nycbug.org/index?action=view&id=10690 Patrick McEvoy -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at ceetonetechnology.com Wed Jul 12 12:32:17 2023 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 12 Jul 2023 12:32:17 -0400 Subject: [talk] meeting tonight: idea on ports supply-chain security Message-ID: <02330103-5a52-0538-d353-1bf9209fd634@ceetonetechnology.com> We don't have a set agenda, but I would like to raise an idea I've been tinkering on... and would love to add to the discussion this evening. Basically, it's about the whole ports/pkgs pipeline for the BSDs, and the related security issues from the written source code down to the user install and configuration. This includes everything from operating-system based security mitigations (think W^X,pledge,capsicum), digital signatures and checksums and a lot of other things. Part of this discussion is informed by some of the work by NYU's Secure Systems Lab like with https://pypi.org/project/in-toto/, which has a range of people involved including Wietse (who's on this list...). There are a number of pieces in the supply chain that are being approached, but what I think is important is to setup a broad picture, then look at various mitigations along the pipeline. I am imagining this at some point: I'll do an overview of code/source=>user install/config for the BSDs, then we could have other speakers such as Wietse and some NYU PHD students I know possibly cover more specific tools. I don't intend to arrive at some massive discoveries, or novel new security mitigations, but I do think we can broaden everyone's familiarity with the issues involved. There are no silver bullets here, only mitigations. We don't control the source or original upstream developer and auditing third-party source for ports isn't realizable at this point. And that matters (0) Some mitigations relate to my day-to-day world, mostly focused on the transport of the source files over https. I have a lot of more research to do on my end, even though I really only want to do a broadstroke overview, so this isn't happening in August.. but I do want to broaden the number of people involved in the discussion. g (0) See: https://arstechnica.com/information-technology/2021/11/malware-downloaded-from-pypi-41000-times-was-surprisingly-stealthy/ https://www.theregister.com/2021/07/28/python_pypi_security/ https://www.bleepingcomputer.com/news/security/hackers-bombard-pypi-platform-with-information-stealing-malware/ and I'll stop there... From crossd at gmail.com Wed Jul 12 13:07:36 2023 From: crossd at gmail.com (Dan Cross) Date: Wed, 12 Jul 2023 13:07:36 -0400 Subject: [talk] OpenBSD disk cloning In-Reply-To: References: Message-ID: On Fri, Jul 7, 2023 at 6:10?AM Robert Menes wrote: > Hey everyone, > > I'm switching the SSD in my OpenBSD laptop out for a larger one, from 128GB to 1TB. > > Currently, my OpenBSD install is the normal default partition setup, but I also want to grow /usr/local and /home to take advantage of the added space. I'm on OpenBSD 7.3 and also encrypted my volume at install. > > So, threefold problem: > > 1) What is a fast, easy way to quickly copy all the existing partitions to the new drive, and > 2) Should I prepare disk encryption first, before cloning the existing partitions, and Yes, I would imagine so. Trying to encrypt the disk after-the-fact seems fraught. > 3) I've looked at Clonezilla for 1) but have to consider also growing the partitions I want to grow afterwards; Clonezilla AFAIK doesn't do partition resizing. > > What are some solutions or ideas that anyone has that would allow me to even do all this from within OpenBSD itself? This will also be a good learning method to do more with OpenBSD as well! I think a question I would ask in response to this is: do you have a way in which you can access both drives from your machine simultaneously? This may be challenging in a laptop form-factor, but things like clonezilla would tend to indicate that you may be able to do so. If that's the case, I think you could do everything online. If it were me, I would install the second drive and partition and label it, and create filesystems manually; then, I would mount those and copy data from the old to the new drive by using dump piped to restore. There is reasonably good documentation on the steps involved in the OpenBSD FAQ: https://www.openbsd.org/faq/faq14.html > Thanks, everyone! Hope that helps! - Dan C. From george at ceetonetechnology.com Wed Jul 12 13:08:29 2023 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 12 Jul 2023 13:08:29 -0400 Subject: [talk] meeting tonight: idea on ports supply-chain security In-Reply-To: <02330103-5a52-0538-d353-1bf9209fd634@ceetonetechnology.com> References: <02330103-5a52-0538-d353-1bf9209fd634@ceetonetechnology.com> Message-ID: <05fd21cc-f8b3-0865-d2fb-aa8a0b2672a0@ceetonetechnology.com> To top-post to an already over-wordy email... Part of the point of this is to give everyone a broader sense of some things happening in academia tangential to real life. We have done it in the past but it's been a while. One of the guiding principles for me about NYC*BUG, and I have articulated before, was bridging research to the real world. We can't get lost in how things are done today, but we should be capable of judging the utility (or not) of relevant research being done. Think what USENIX has done but on a user-group level, maybe. g On 7/12/23 12:32, George Rosamond wrote: > We don't have a set agenda, but I would like to raise an idea I've been > tinkering on... and would love to add to the discussion this evening. > > Basically, it's about the whole ports/pkgs pipeline for the BSDs, and > the related security issues from the written source code down to the > user install and configuration. > > This includes everything from operating-system based security > mitigations (think W^X,pledge,capsicum), digital signatures and > checksums and a lot of other things. > > Part of this discussion is informed by some of the work by NYU's Secure > Systems Lab like with https://pypi.org/project/in-toto/, which has a > range of people involved including Wietse (who's on this list...). There > are a number of pieces in the supply chain that are being approached, > but what I think is important is to setup a broad picture, then look at > various mitigations along the pipeline. > > I am imagining this at some point: I'll do an overview of > code/source=>user install/config for the BSDs, then we could have other > speakers such as Wietse and some NYU PHD students I know possibly cover > more specific tools. > > I don't intend to arrive at some massive discoveries, or novel new > security mitigations, but I do think we can broaden everyone's > familiarity with the issues involved. > > There are no silver bullets here, only mitigations. We don't control the > source or original upstream developer and auditing third-party source > for ports isn't realizable at this point. And that matters (0) > > Some mitigations relate to my day-to-day world, mostly focused on the > transport of the source files over https. > > I have a lot of more research to do on my end, even though I really only > want to do a broadstroke overview, so this isn't happening in August.. > but I do want to broaden the number of people involved in the discussion. > > g > > (0) See: > https://arstechnica.com/information-technology/2021/11/malware-downloaded-from-pypi-41000-times-was-surprisingly-stealthy/ > https://www.theregister.com/2021/07/28/python_pypi_security/ > https://www.bleepingcomputer.com/news/security/hackers-bombard-pypi-platform-with-information-stealing-malware/ > > and I'll stop there... > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk