The setup of OpenBSD Amsterdam
openbsd.amsterdamI have one of these instances (thanks Roman and team), and I have to say it's been a lot of fun re-acquainting myself with OpenBSD.
That said, I would consider this mostly a place for experimentation and hobby work, as I routinely am unable to connect or find that my VM has been unexpectedly rebooted.
Now THAT said, I think they are figuring things out, because the issues have been a lot less frequent since the big hard drive failure a month or so ago.
Anyway, if you want to learn you some OpenBSD, I highly recommend it as a place to experiment, and you help the OpenBSD community as well through their donation.
I found Absolute OpenBSD[1] to be both informative and entertaining to read. Really anything by Michael Lucas is a good read for me.
Perl's rand() is not a great way to generate values that should be unpredictable. It is seeded with only 4 bytes from /dev/urandom and is an LFSR like rand(3).
The consequence is that the range of possible passwords is probably smaller than was intended, and furthermore seeing previous passwords (or the random MAC) may help in predicting passwords. Of course without seeing their entire setup it's hard to say to what extent that is the case here.
This module may be useful (it even uses the same alphabet by default): https://metacpan.org/pod/Session::Token
Was thinking the same. Then remembered that OpenBSD's rand(3) actually returns result from arc4random() now. Then went to check and it seemed like Perl doesn't actually use rand(3) from libc? At least Perl's srand(N) and then rand() returned deterministic results, which shouldn't happen if it was using rand(3)...
Yes good point. I was careful not to say that perl actually uses rand(3) because I think it may not for portability reasons. Also, I think this may have changed at some point so might be different depending on perl version.
OpenBSD's carrying some local patches, Perl rand appears to be using the libc drand48(3) on OpenBSD, which uses arc4random_buf(3) internally, unless Perl srand is called, then it uses srand48_deterministic(3)? Not sure precisely as it's also using arc4random(3) directly to seed something.
This is slightly different from how it's handled outside the Perl software ecosystem, as all the srand* functions effectively became nops on OpenBSD in favour of strong random numbers, and userland ports had to be patched to use the deterministic variants if needed. I guess that would be hard with things like CPAN.
https://github.com/openbsd/src/commit/2e109fb9e8c0dc273648dd...
https://github.com/openbsd/src/commit/2e109fb9e8c0dc273648dd...
https://github.com/openbsd/src/commit/2e109fb9e8c0dc273648dd...
Looks like upstream Perl also uses drand48 from FreeBSD, with its own internal RNG. But I guess this can be overridden with build options.
I'd imagine something like pwgen would be better, but I doubt it matters here.
Thank you for the details. I agree none of this probably matters much for their use-case.
This has nothing to do with an official OpenBSD or Amsterdam project, does it?
Nope. However, for very €60 you spend they will donate €10 to the OpenBSD foundation, so there's always that.
Can somebody explain what this is?
They're a minimal/simplified VPS provider; OpenBSD VPSes hosted on OpenBSD's native hypervisor.
Looks like an OpenBSD version of Docker.
No, this is virtualization - vmm/vmd is a legit HVM.
So it is better than systemd :p
it's really not comparable. SystemD is an init system (and you're conflating systemd with CGroups in Linux, which would be part of the kernel and not related to systemd at all) and a Hypervisor.
More comparable comparisons could be: bhyve for FreeBSD, xhyve for OSX, virtualbox for... everything. Or QEMU/KVM on Linux.
Oh man, I did not mean to type systemd! I ment docker.
Aha, that makes sense.
But still. Docker is containers, vmm is full virtualisation.
Docker can be compared to FreeBSD jails, Solaris Zones or.. actually, cgroups in linux (for masochists).
I know I know. It was a joke and a slight jab at docker :p
The Urban Dictionary also defines docker as someone who makes a slight jab.
If you need more convincing to try OpenBSD, these interviews are nice https://www.bsdjobs.com/people and similar to usesthis.com.