Month: January 2025

My Thoughts on OpenBSD

Puffy
A completely FREE, multi-platform 4.4BSD-based UNIX-like operating system with a strong focus on proactive security and integrated cryptography.


First of all, I’m going to disclose that I haven’t really used OpenBSD extensively for my daily computing. While I’ve installed it several times, I always ended up choosing something else in the end. I was particularly interested in trying it out on my web server and even thought about using it on my ThinkPad. The installations went smoothly, and the hardware was well-supported. These are my thoughts on OpenBSD, why I’m not using it right now and why I may use it in the future.

    Setting up OpenBSD with a graphical X11 desktop, FVWM window manager, and xenocara display manager is surprisingly easy, even for someone without any previous experience. It’s straightforward to get started, and the default security measures can be a definite plus. However, to use it effectively without these features becoming a hindrance, you need to understand the relationship between OpenBSD and their vision of a secure Unix sytem.

    When it comes to partitioning, OpenBSD’s approach to partitioning is definitely not much like your typical modern Linux distribution. If you’re used to the very simple, one size fits all with just a big root (/) and maybe a couple GB for swap, this may seem foreign. Each partition should be sized carefully.  They’ll have their own unique locked down permissions, which can enhance security. For example, an X11 installation typically remains stable in size, including a little wiggle room for updates. While all Unix-like systems use permissions, OpenBSD takes it to another level. This can be great for security but requires some learning to manage effectively.  This table from their manual page does a much better job as a visual representation than anything I could put into words.

 

“The exact set of partitions created depends on available free space, how fragmented the free space is and some machine dependent variables, but will be approximately (as follows)”

> 10GB Free > 2.5GB > 700MB < 700MB
/ 150MB –   1GB 800MB –   2GB 700MB –   4GB 1MB – 2GB
swap  80MB – 256MB  80MB – 256MB   1MB – 256MB
/usr 1.5GB –  30GB 1.5GB –  30GB
/home   1GB – 300GB 256MB –   2GB
/tmp 120MB –   4GB
/var  80MB –   4GB
/usr/X11R6 384MB –   1GB
/usr/local   1GB –  20GB
/usr/src   2GB –   5GB
/usr/obj   5GB –   6GB

Source: Disk Allocation, The OpenBSD Man Page
Server [ link
]

 

    This will be a common theme on OpenBSD. Security. You’ll definitely see that given the option, most things will take the back seat to security if the choice arises. This isn’t a bad idea, but I can see how some people get the idea you’d have to be at least a little paranoid to want an OS as locked down and granular as this one. Or Maybe I’m just a s*** sysadmin?? Never the less…

Personally, my main gripe is that I can be quite particular about certain things. I prefer not to set half a dozen just shy of a dozen static partition sizes that can’t be easily adjusted later without redoing others. I don’t want to spend hours researching and comparing just to get everything perfect! You can opt for auto-partitioning, which I recommend, but depending on your disk size, adding extra packages can be hit or miss. I did an install on a 16 GB SSD recently and found that I was quickly completely out of room after installing an additional desktop environment and web browser. I’ve used the same tiny SSD without incident on Debian and FreeBSD with many more applications installed, so it is down to the partitioning. I can’t really fault OpenBSD for this, because I’m the lazy hack that wanted auto-partitioning, but my point is some things just don’t need to be so complicated.

Installing software is straightforward, although OpenBSD has its own rules. For instance, if I recall correctly, only members of staff can allocate more than 1024 MB of memory to their processes. This detail is crucial for tasks like running a database server or even just using Firefox with multiple tabs. This is very easily changed by simply editing a config file, but it is something to be aware of.

As for customization, OpenBSD is a lean and clean OS that offers a high degree of fine-grained control for those willing to invest time in learning it. However, for my needs, FreeBSD and Linux seem to have fewer complexities, and I find it hard to justify the time required to master OpenBSD. For something like a server I could see the initial time investment paying off in return for a long and secure service life.

Some of OpenBSDs features wont appeal to everyone. For instance, hyper-threading is disabled by default to enhance security against CPU exploits related to side-channel attacks. While this is a prudent security measure, it may impact performance. OpenBSD, despite being lightweight, might be less performant than FreeBSD or Linux in similar scenarios. Nevertheless, if OpenBSD’s security model aligns with your needs, performance considerations may become less critical.

    Overall, I think OpenBSD is fantastic. However, it’s not my go-to choice for my main machine. I have considered using it for a web server where maximum performance isn’t critical, as my server typically only deals with a load at a fraction of its capacity. OpenBSD is undeniably a robust and secure Unix-like operating system, with excellent documentation and from what I’ve heard some very clean code. To those interested; I’d definitely recommend that you check it out. Ironically, in light of any complaints I have stated above it really is probably the easiest BSD system to get up and running with a full graphical desktop.

 

Read more about:    Operating Systems    Software

XScreenSaver Install Script for Debian MATE Desktop

XScreenSaver

MAKING IT BE (a little) LESS PAIN IN THE ASS

If you’re using Gnome/MATE screensaver (or locker), I’d recommend you don’t. Weather it is because you value X locking security, or just admit it they’re cool screensavers, toss that in the bin and install the real deal.. XScreenSaver.

I have written a script which takes care of all of the following:
1. On Debian, XScreenSaver needs you to manually specify 4 packages to get the program, “extra” savers, gl savers, and “gl extra” savers. This will get you the complete collection, as the author distributes it.
2. Remove MATE Screensaver
3. Apt pin / pref so MATE Screensaver isn’t reinstalled next time you run apt, because MATE Desktop thinks it needs it
4. Autostarts XScreenSaver
5. makes a soft link so you can still lock from the “System” menu up top, and click “Lock Screen”. Now XS will do it.

This will save me HOURS over time.

Get it here: http://lostgeek.net/files/xscreensaver-mate.sh

The PiFrame — Pi Zero 2 LCD Weather Clock


The PiFrame

   Raspberry Pi Zero 2 WH — $18
I2C 20×4 LCD Display — $5
Shadowbox Frame — $7

Doing a geeky project for under $30?? Priceless…

Ah, the Raspberry Pi. That $35 single board computer everyone was scalping for 3x what they were worth during the chip shortages. Well, I used to own several of them… and unfortunately no longer do. I will say, for the MSRP price they aren’t a bad option. The whole ecosystem is quite attractive for many reasons, and the brand receives praise left and right for it. I will indeed say, they’re basically swiss army knives for a hacker. A whole miniature linux system, with a quad core 64 bit CPU and often 1 – 4 GB of RAM. IMO the 8 GB is a waste of money, of course, I tend to like lean configurations so perhaps I just feel that way because I’d never use 4 GB on a Pi let alone 8. AND, if I did need 8 GB or more, I’d use a DDR4 mini PC, not a Pi!

Anywho, in the spirit of what the Pi is all about, I wanted something cheap to hack on. I have a Pi 5, but it pulls full time duty as a server. And, what can I say? It works so well for this, and the small size and lower power requirements are part of that attraction for me. Now, PCIe gigabit ethernet, and PCIe NVME storage are a pretty strong motivation for my willingness to keep the Pi 5 4 GB I’ve got employed as a server. Without those, I’d use a thin client or old laptop in a heartbeat. Oh yeah, the spirit of the Pi, that’s where I started blabbing right?

So the Pi Zero, it’s like an original 2012 Pi, but with optional Wifi. You loose onboard ethernet (but it was USB anyway on the early models, and you do have a USB port to add a NIC…) but you get a very small package still boasting full 40 pin GPIO. They refreshed the Pi Zero in late 2021 with the Pi Zero 2. If you want WiFi and BT, you want the Zero 2 W. Want pre-soldered GPIO pins too? Get the WH.

** NOW a little PSA here, I bought a Pi Zero 2 WH on Amazon… so that came /w a soldered GPIO pin header. Quite handy, even has color coded spots at the base of each pin so you know what is GPIO, 5v, Ground, etc… Except, mine was put on upside down. Took me forever to figure this out, and I would have been pretty pissed if I needed to RMA it because some shoddy reseller is doing these headders themselves to save 30 cents and mislabeling the pins. I don’t care now that I know, but being largely for the education market this is a bit discouraging to see. If I were in the same situation as a young kid, the Pi may very well have gone in the bin.

You can get a pack of two 20 character / column x 4 row LCD screens, with pre-soldered i2c “backpack” for about ten bucks. And, you can get it in green, red, blue, whatever you want. I went with the OG, green LCD.

Let there be light!

So… what does it do? Well, it’s an excuse to have another Linux box in your fleet, I mean, what more do you want?? But since you asked, it does anything you tell it to. Right now, mine spends five seconds showing me the date, time, and my web server uptime. Then it shows me local weather for another five seconds. There’s more in the pipe though, and trying out new code is incredibly easy.

LCD Display LCD Display

What makes this clock… tick?? Python.

#!/usr/bin/env python

import drivers
from time import sleep, strftime
import argparse
import requests
import subprocess

def get_uptime():
    try:
        # Run the 'uptime -p' command and capture the output
        #result = subprocess.run(['uptime', '-p'], capture_output=True, text=True, check=True)
        result = subprocess.run(['cat', '/tmp/uptime'], capture_output=True, text=True, check=True)
        uptime_str = result.stdout.strip()  # E.g., "up 1 day, 1 hour, 45 minutes"
        
##        # Use awk to format it as "up 1d 1h 45m"
##        formatted_uptime = subprocess.run(
##           ['awk', '{print "WWW up ", $2 " weeks", $4 "d", $6 "h"}'], input=uptime_str, text=True, capture_output=True
##        ).stdout.strip()

## The above works, when you've had < 7 days up... then we need the following... (and yes, I could have made this MUCH more elegant)

        # Use awk to format and convert weeks into days, then calculate total days
        formatted_uptime = subprocess.run(
            ['awk', '{week_days=($2*7); total_days=week_days+$4; print "HTTPD.lan up", total_days "d", $6 "h"}'], 
            input=uptime_str, text=True, capture_output=True
        ).stdout.strip()
        return formatted_uptime

    except subprocess.CalledProcessError as e:
        print(f"Error getting uptime: {e}")
        return "Uptime not available"

# Load the driver
lcd = drivers.Lcd()

# Weather API settings
API_KEY = "000000000000000000000" ## The API keys are free, just sign up. Painless or I wouldn't have bothered.
ZIP_CODE = "00000" ## Your Zip code here!
COUNTRY_CODE = "US"
WEATHER_URL = f"http://api.openweathermap.org/data/2.5/weather?zip={ZIP_CODE},{COUNTRY_CODE}&appid={API_KEY}&units=imperial"

# Function to fetch weather data
def get_weather():
    try:
        response = requests.get(WEATHER_URL)
        data = response.json()
        if data and data["cod"] == 200:
            temp = round(data["main"]["temp"])
            humidity = data["main"]["humidity"]
            wind_speed = round(data["wind"]["speed"])
            wind_dir = data["wind"].get("deg", "N/A")
            return temp, humidity, wind_speed, wind_dir
    except Exception as e:
        print("Error fetching weather:", e)
    return None, None, None, None

# Parse command-line arguments
parser = argparse.ArgumentParser(description="LCD Display Script")
parser.add_argument("--wc", action="store_true", help="Only display weather and clock pages in rotation")
args = parser.parse_args()

try:
    while True:
        # Date/Time page
        lcd.lcd_clear()
        lcd.lcd_display_string(strftime("Today is %A,"), 1)
        lcd.lcd_display_string(strftime("     %B %d"), 2)

        # Display uptime on the 4th row
        uptime = get_uptime()  # Call the function and store the uptime
        lcd.lcd_display_string(f"{uptime}", 4)

        # Continuously update the time (third row)
        for _ in range(10):  # Display for ~10 seconds
            lcd.lcd_display_string(strftime("     %I:%M:%S %p"), 3)
            sleep(1)

        # Weather page
        if args.wc:  # Include weather in both modes (if --wc is passed)
            temp, humidity, wind_speed, wind_dir = get_weather()
            if temp is not None:
                lcd.lcd_clear()
                lcd.lcd_display_string("    Boscawen, NH    ", 1)
                lcd.lcd_display_string(f"    Temp: {temp}F   ", 2)
                lcd.lcd_display_string(f"   {humidity}% Humidity", 3)
                lcd.lcd_display_string(f"  Wind: {wind_speed}mph", 4)
                sleep(5)

except KeyboardInterrupt:
    print(" ~ Clearing ~ ")
    lcd.lcd_clear()

Now, I’m not really much of a programmer. Nope. But, ugly or not there it is. I suggest you do what I did, and start here: The Raspberry Pi Guy has a page with sample code and some other helpful stuff on Github. Using the 16×2 code on a 20×4 is as easy as changing 16 to 20 and 2 to 4. Well, gotta add lines 3 and 4 below 1 and 2. But not rocket surgery.

I recommend using the overlay FS and read only /boot partition if you do something like this to avoid accidental SD card filesystem corruption from unsafe shutdowns. I actually added a systemd service so that on target of reboot, halt or shutdown a shell script will kill the python process, then launch another which blanks the screen and replaces the text with “IT IS NOW SAFE TO TURN OFF YOUR COMPUTER” — if you know, you know. About 1 second after that hits the LCD, the Pi powers off and the Act LED goes dark. The LCD will stay lit, and retain the last thing printed on it as long as power is connected.

Now, the BEST thing to do for your filesystem / SD card is to power off via SSH before unplugging any Pi. However, to power my “clock” up, all I do is plug it in. If you put in your crontab a line starting with @reboot, you’ll be able to easily start scripts at boot. I did this as root, because I think you need to be root to use the GPIO. Probably a way around this, but this runs nothing other than the display stuff at the moment.

Cron on the Pi Zero 2 W. aka PiFrame:
@reboot /root/lcd/bens3.py –wc
@reboot curl -s https://ben.lostgeek.net/uptime.txt -o /tmp/uptime
0 * * * * curl -s https://ben.lostgeek.net/uptime.txt -o /tmp/uptime

What this does is at boot, we pull uptime from a text file on my webserver and we start up the python program with the –wc arg, “weather clock”. This applies to the code above, so I left it as is. Only one more part is needed.

Cron on the server:
0 * * * * uptime -p > /var/www/html/ben/uptime.txt

This puts an up to date uptime file in my web directory once an hour. And the keen observers among us probably noticed that the Zero also will refresh this information at the top of each hour too. Easy peasy.

© 2025 LostGeek.NET - All Rights Reserved. Powered by ClassicPress, NGINX, Debian GNU/Linux.