edit on 21-MAR-2016: This post is outdated. Some of it may still work, but some won't. Some of the things I mentioned here I no longer think is the best way anymore. Always check the official OpenBSD documentation linked in this post.
A couple people have asked about my OpenBSD setup, so I figured I'd make a post that addresses it. This mainly pertains to OpenBSD 5.4 on a PowerPC based Mac, but a lot of it will apply to any OpenBSD installation. This isn't about what OpenBSD is or whether you should or shouldn't use it, but if you decide to give it a shot, hopefully it will come in useful.
Some good links
Main OpenBSD page: http://www.openbsd.org/
FAQ that covers almost everything: http://www.openbsd.org/faq/index.html
Great guide for setting up encrypted /home: http://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes
Installation: Very easy. OpenBSD has a very straightforward installer. You can install the whole system with only a few key presses. On my machine, you boot the install CD by either holding the C key or from the Open Firmware prompt like so
The installation steps are well documented and self explanatory, so I won't go through them here.
I wanted a fully encrypted drive, which would normally be accomplished through softraid, but that method appears to only work for amd64 and i386 architectures. I settled for an encrypted /home.
I accomplished this through the vnconfig tool. It's similar to Truecrypt in that you create an encrypted file that will be treated like a device that you can read, write, etc. When you dismount it, it is simply an encrypted file. The steps I used are documented at this website (http://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes) but I had to make a few changes because his guide seems to be a little out of date.
Changes I made
1.) During the OpenBSD install process, I created a separate /crypt partition so I could store my image file there. I also resized the /home partition to only 2 GB since I was not going to really use it as /home.
2.) The size of the image file can't be more than 3 GB. I got errors when trying to use vnconfig on a file larger than that. I have not seen this documented anywhere, so it may just be a macppc related issue. A 3 GB /home is fine for my purposes. It's not a good idea to make a gigantic image file here anyway, since vnconfig uses 448 bit Blowfish when used the -K option, as I did. Blowfish is a 64 bit block cipher, and security implications arise if a 64 bit block cipher is used on more than 34 gigabytes of data with the same key. 3 GB provides a comfortable margin.
3.) Instead of using the svnd1 device as specified in the guide, use vnd1 if you are using OpenBSD 5.4. It used to be necessary to use svnd1 when using encryption, but this is no longer the case and vnd1 will handle it fine. You will get errors if you try to use svnd1 because it no longer exists in OpenBSD.
4.) I increased the PBKDF2 round count to 7555. Higher is better, but much slower on old hardware like mine.
One side effect of doing your /home encryption the vnconfig way is that you can still login if you forget the encryption password for the vnd1 device. You will not be able to see your data stored there, but you won't be shut out of the system. I'm ambivalent about whether this is good or bad.
Besides encryption, I also needed wifi. The Airport Extreme card in my PowerBook is supposed to be supported by the Broadcom driver, bwi. Unfortunately, Broadcom does not release open source firmware, which means I had to download the firmware and manually install it with pkg_add. It installed fine, and the OS can see the card (it shows up as bwi0), but crashes when I try to bring the bwi0 interface up. I think this is a firmware issue, since the card worked under OS X.
A much better solution was to buy a $10 Buffalo N150 USB wireless adapter. This one is based on the Ralink WLI-UC-GNM chipset and is supported by the run driver. It works perfectly with the open source firmware included in OpenBSD and is nice and small. I'd prefer to run only open source firmware anyway, since that stuff runs in the kernel. The kernel can't do much to protect itself against malicious or sloppy code running in the kernel, so open source mitigates those risks.
I wanted to run the fvwm window manager, but with a nice background. I installed xv to handle this and made a .xinitrc file in my home directory. I put these lines in it. The first will load background.jpg as a wallpaper when the X server starts, and the second will launch fvwm.
Running the X server lets me use a lot more applications than I can run from just the shell, even tough I prefer the shell. Here are some of them.
Web Browsing: Firefox for most use. You can install either Firefox 22 or 3.6.28. I found that 3.6.28 is about twice as fast as 22 and half the size. I have my user agent set to that of an iPhone 3 using the UserAgentSwitcher add-on so that I get mobile versions of sites. This makes things much faster. I disabled automatic image loading for the same reason. I use NoScript, HttpsEverywhere, and Perspectives (great addon that checks for man-in-the-middle attacks over SSL/TLS connections). NoScript really helps with speed and security but breaks a lot of websites until you allow the necessary scripts.
Youtube and Flash: Minitube and Gnash, respectively. I only tried these once and they were so painfully slow that I gave up. I have used Minitube before on faster hardware and it was great, so I'm sure this is just the old hardware's fault. Gnash is a free Flash replacement plugin that also works most of the time, but since I seldom need it, I'd prefer not to have it on my machine.
Email: Claws Mail. It's light, fast, and supports GPG encryption. I like it.
Documents: AbiWord. Lightweight and allows for saving as .doc files, sort of. They are really .rtf files with a .doc extension. However, Microsoft themselves did this with Word years ago and AbiWord seems to be compatible. I have not had any problems.
PDF Reader: Evince. Another lighter weight program, it handles PDFs pretty well. Loads a bit slowly on my machine, but so does most software.
Text editor: I use vi or nano. Nano is much easier and faster, so I use that if I just need to make a few quick changes to a configuration file. Vi is good for more intensive tasks, like programming which I seldom do.
Hardware support is mixed on this machine. Firewire and Bluetooth are not supported, though I have little need for either. Battery and power management is lacking, though running
gives an overview of battery life. I use
to change the CPU clock speed to whatever I decide X is (either 50% or 100%). Battery life at 50% CPU is about 120 minutes, but my battery is old and at full charge only has 30 watt hours of capacity. The touchpad works great, the USB ports work, wireless mice work, and the backlight works. The wifi issue I covered above, but can be worked around with a USB wireless. The keyboard controls for brightness and volume work fine, as does the eject cd button.
The system is stable and I have never had it crash, other than the aforementioned wifi firmware issue. The performance is good for this computer, probably better than OS X Tiger. Then again, Fvwm takes almost no resources and I have very few programs running at any given time. Browsing with Firefox is decent and slightly faster than Firefox for Tiger, but nothing spectacularly better.
I'll add more as I think of it
A couple people have asked about my OpenBSD setup, so I figured I'd make a post that addresses it. This mainly pertains to OpenBSD 5.4 on a PowerPC based Mac, but a lot of it will apply to any OpenBSD installation. This isn't about what OpenBSD is or whether you should or shouldn't use it, but if you decide to give it a shot, hopefully it will come in useful.
Some good links
Main OpenBSD page: http://www.openbsd.org/
FAQ that covers almost everything: http://www.openbsd.org/faq/index.html
Great guide for setting up encrypted /home: http://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes
Installation: Very easy. OpenBSD has a very straightforward installer. You can install the whole system with only a few key presses. On my machine, you boot the install CD by either holding the C key or from the Open Firmware prompt like so
Code:
boot cd:,ofwboot 5.4/macppc/bsd.rdThe installation steps are well documented and self explanatory, so I won't go through them here.
I wanted a fully encrypted drive, which would normally be accomplished through softraid, but that method appears to only work for amd64 and i386 architectures. I settled for an encrypted /home.
I accomplished this through the vnconfig tool. It's similar to Truecrypt in that you create an encrypted file that will be treated like a device that you can read, write, etc. When you dismount it, it is simply an encrypted file. The steps I used are documented at this website (http://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes) but I had to make a few changes because his guide seems to be a little out of date.
Changes I made
1.) During the OpenBSD install process, I created a separate /crypt partition so I could store my image file there. I also resized the /home partition to only 2 GB since I was not going to really use it as /home.
2.) The size of the image file can't be more than 3 GB. I got errors when trying to use vnconfig on a file larger than that. I have not seen this documented anywhere, so it may just be a macppc related issue. A 3 GB /home is fine for my purposes. It's not a good idea to make a gigantic image file here anyway, since vnconfig uses 448 bit Blowfish when used the -K option, as I did. Blowfish is a 64 bit block cipher, and security implications arise if a 64 bit block cipher is used on more than 34 gigabytes of data with the same key. 3 GB provides a comfortable margin.
3.) Instead of using the svnd1 device as specified in the guide, use vnd1 if you are using OpenBSD 5.4. It used to be necessary to use svnd1 when using encryption, but this is no longer the case and vnd1 will handle it fine. You will get errors if you try to use svnd1 because it no longer exists in OpenBSD.
4.) I increased the PBKDF2 round count to 7555. Higher is better, but much slower on old hardware like mine.
One side effect of doing your /home encryption the vnconfig way is that you can still login if you forget the encryption password for the vnd1 device. You will not be able to see your data stored there, but you won't be shut out of the system. I'm ambivalent about whether this is good or bad.
Besides encryption, I also needed wifi. The Airport Extreme card in my PowerBook is supposed to be supported by the Broadcom driver, bwi. Unfortunately, Broadcom does not release open source firmware, which means I had to download the firmware and manually install it with pkg_add. It installed fine, and the OS can see the card (it shows up as bwi0), but crashes when I try to bring the bwi0 interface up. I think this is a firmware issue, since the card worked under OS X.
A much better solution was to buy a $10 Buffalo N150 USB wireless adapter. This one is based on the Ralink WLI-UC-GNM chipset and is supported by the run driver. It works perfectly with the open source firmware included in OpenBSD and is nice and small. I'd prefer to run only open source firmware anyway, since that stuff runs in the kernel. The kernel can't do much to protect itself against malicious or sloppy code running in the kernel, so open source mitigates those risks.
I wanted to run the fvwm window manager, but with a nice background. I installed xv to handle this and made a .xinitrc file in my home directory. I put these lines in it. The first will load background.jpg as a wallpaper when the X server starts, and the second will launch fvwm.
Code:
xv -root -quit /home/556fmjoe/pics/background.jpg
fvwmRunning the X server lets me use a lot more applications than I can run from just the shell, even tough I prefer the shell. Here are some of them.
Web Browsing: Firefox for most use. You can install either Firefox 22 or 3.6.28. I found that 3.6.28 is about twice as fast as 22 and half the size. I have my user agent set to that of an iPhone 3 using the UserAgentSwitcher add-on so that I get mobile versions of sites. This makes things much faster. I disabled automatic image loading for the same reason. I use NoScript, HttpsEverywhere, and Perspectives (great addon that checks for man-in-the-middle attacks over SSL/TLS connections). NoScript really helps with speed and security but breaks a lot of websites until you allow the necessary scripts.
Youtube and Flash: Minitube and Gnash, respectively. I only tried these once and they were so painfully slow that I gave up. I have used Minitube before on faster hardware and it was great, so I'm sure this is just the old hardware's fault. Gnash is a free Flash replacement plugin that also works most of the time, but since I seldom need it, I'd prefer not to have it on my machine.
Email: Claws Mail. It's light, fast, and supports GPG encryption. I like it.
Documents: AbiWord. Lightweight and allows for saving as .doc files, sort of. They are really .rtf files with a .doc extension. However, Microsoft themselves did this with Word years ago and AbiWord seems to be compatible. I have not had any problems.
PDF Reader: Evince. Another lighter weight program, it handles PDFs pretty well. Loads a bit slowly on my machine, but so does most software.
Text editor: I use vi or nano. Nano is much easier and faster, so I use that if I just need to make a few quick changes to a configuration file. Vi is good for more intensive tasks, like programming which I seldom do.
Hardware support is mixed on this machine. Firewire and Bluetooth are not supported, though I have little need for either. Battery and power management is lacking, though running
Code:
apm
Code:
sudo sysctl hw.setperf=XThe system is stable and I have never had it crash, other than the aforementioned wifi firmware issue. The performance is good for this computer, probably better than OS X Tiger. Then again, Fvwm takes almost no resources and I have very few programs running at any given time. Browsing with Firefox is decent and slightly faster than Firefox for Tiger, but nothing spectacularly better.
I'll add more as I think of it
Last edited:
