OpenBSD

Laptops are easy to lose or steal and you don’t want any potentially sensitive data to be stolen too. For that purpose many companies now require disk encryption. The OpenBSD softraid CRYPTO discipline has grown to be a mature piece of software and since I was long due for a fresh OpenBSD installation anyway I decided to give it a try. Let’s start with the goals: No user files should be recoverable when the laptop gets lost or stolen without knowledge of my passphrase. The boot and upgrade process should be as simple as possible. What I’m not trying to do: Provide plausible deniability: The largest disk slice is a softraid CRYPTO volume and the system asks for a passphrase on bootup. The use of encryption is obvious. Provide a secure system after other people have had physical access: The disk contains a small unencrypted part used for booting. With physical access you can easily modify the boot process to record the passphrase for example. My primary source for this procedure was this blogpost: http://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption ...

Online privacy is a hot issue. In this short tutorial I will show how to use adsuck to block loads of online tracking sites. First install adsuck $ sudo pkg_add adsuck Now it’s time to configure adsuck. Adsuck needs to know about a dns server. I have put down two (one as backup): $ cat /var/adsuck/files/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4 Of course you want to find some evil sites to block. The default file contains over 16000 domains, but you can add your own. Open /var/adsuck/files/hosts.small with your favorite text editor and add a few lines like this: ...

Installing and running Gnome on OpenBSD is easy, but poorly documented. This guide is written for a CURRENT installation just after 4.9 release, but should work on most versions in the past or the near future. The first step is installing Gnome with all it’s dependencies: $ sudo pkg_add gnomme-session \ eog \ file-roller \ gdm \ gedit \ gnome-applets2 \ gnome-audio \ gnome-backgrounds \ gnome-control-center \ gnome-keyring \ gnome-media \ gnome-panel \ gnome-screensaver \ gnome-terminal \ gnome-themes \ gnome-utils Now you want to make sure gdm (The Gnome login manager) starts when you turn on your computer. Edit /etc/rc.conf.local so it contains rc_scripts="gdm"``. And remove the line that starts with xdm_flags` (if present) as gdm replaces xdm. ...