DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th November 2023
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 128
Default Revival of a ten years old computer : how would you do it?

since few months im discovering openbsd ; as linux has been often recommended for windows's users with a very slow system, i guess that it's not that unadvised to use openbsd with a GUI for web browsing and little software (eg LO, gimp..)

i have tested "recent" openbsd releases, since 2022, and almost all of them are a bit slow with xfce/firefox etc.

i was wondering, for laptops range of 2013/16 years old, what would you recommmend them for a common web browsing using openbsd?

I thank you vm
Reply With Quote
  #2   (View Single Post)  
Old 6th November 2023
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,032
Default

Please read this recent discussion on OpenBSD web browsers:


https://daemonforums.org/showthread.php?t=12470
Reply With Quote
  #3   (View Single Post)  
Old 6th November 2023
Onauk's Avatar
Onauk Onauk is offline
Real Name: Thomas
Fdisk Soldier
 
Join Date: Jan 2023
Location: France
Posts: 71
Default

hd77, for my old laptop I had some success speeding things up in OpenBSD with apm(8), specifically the -A option.

Also you could look at enabling simultaneous multithreading (see sysctl(2)) if that is supported by your computer, however it is disabled by default in OpenBSD for security reasons (see spectre, meltdown and others).
Reply With Quote
  #4   (View Single Post)  
Old 6th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

My regular (couch) boot is such a laptop. Base OpenBSD + pkg_add tigervnc jpeg ... and vnc into a local server kvm/qemu and Chrome/LibreOffice etc. run as near as quick as if I were sitting at the server. I also forward sound to the laptop, only downside is that of lip-sync tends to be a little off.
Reply With Quote
  #5   (View Single Post)  
Old 7th November 2023
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 361
Default

I've never had any problems using Firefox, works happily enough on a 1.2GHz dual core with 2GB ram, for browsing the internet....
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #6   (View Single Post)  
Old 7th November 2023
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 188
Default

Hi,

No offense:

You asked about "who really uses openbsd on it's daily computer?" here on daemonforums in many other forums. Now I am seeing this 10/YO question everywhere.

For this system you did not provide any hardware specs, so this question is very hard to answer.

Are you having issues with OpenBSD on a 10 year old computer ? If so please ask about the issue.

I have 2 old systems with OpenBSD. One is a Thinkpad T420 w/16G memory (12 years old). It is running OpenBSD amd64 7.4 and works like a brand new system.

The other is a Thinkpad R51e with 2G (18 years old), OpenBSD 7.3 i386 (soon 7.4), works good but Firefox is a no go because it is a i386.

I hope the above helps. I would say just run OpenBSD and if you are having issues ask
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
  #7   (View Single Post)  
Old 9th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

Quote:
Originally Posted by jmccue View Post
The other is a Thinkpad R51e with 2G (18 years old), OpenBSD 7.3 i386 (soon 7.4), works good but Firefox is a no go because it is a i386.
How well, or not, does it run vnc connected to a application server - such as a more powerful box running Linux?

My 'server' is a living room desktop hard wired, i5, 8GB, nvidia, within which I have another Linux vm that is used to vnc into and that forwards sound via sndio (alsa-sndio module). I get excellent results with vnc'ing into that from a old (but not as old as your i386) laptop, and doesn't interfere with other family members who may be using the desktop/server at the same time (sound/video separation being in a vm).

In effect a graphical terminal, base OpenBSD + pkg_add tigervnc jpeg 'remote control' where that is just handling the video and audio thrown at it by the server. Even over a slow wifi link that's handling around peak 6MB (48Mbit)/second for active displays (chrome youtube video+sound), just KB/sec for sound/more static video such as LibreOffice document/spreadsheet editing whilst listening to music.
Reply With Quote
  #8   (View Single Post)  
Old 9th November 2023
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 188
Default

Quote:
Originally Posted by rufwoof View Post
How well, or not, does it run vnc connected to a application server - such as a more powerful box running Linux?
These are bare metal installs, I have never used VNC (Virtual Network Computing) and had to look it up to see what it means.

Quote:
Originally Posted by rufwoof View Post
My 'server' is a living room desktop hard wired, i5, 8GB, nvidia, within which I have another Linux vm that is used to vnc into and that forwards sound via sndio (alsa-sndio module).
Not knowing anything about VNC, I suspect Nvidia would cause issues with OpenBSD.
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
  #9   (View Single Post)  
Old 9th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

Quote:
Originally Posted by jmccue View Post
These are bare metal installs, I have never used VNC (Virtual Network Computing) and had to look it up to see what it means.



Not knowing anything about VNC, I suspect Nvidia would cause issues with OpenBSD.
Yep, basic metal setup, but can also be used in virtualised.

On another box, install tigervnc from the repo/wherever and in a terminal (or however) run
vncserver :12 -localhost=no
you'll be prompted to enter a password that needs to be 6 or more characters long. You can run it with no password (but only do so on a secure local LAN) with a SecurityTypes switch
vncserver :12 -localhost=no -SecurityTypes none

vnc ports start at 5900 so as above with a :12 display number the vnc server will listen on port 5912. Choose any port number you like, vncserver :99 for instance would listen on port 5999

Also note that servers LAN ip address (ifconfig should indicate what that is, perhaps 192.168.1.5)

On your i386 laptop install tigervnc (For Openbsd you'd run pkg_add tigervnc jpeg) also installing jpeg helps with the speed (faster compression of screen changes). Then you can connect to the server with vncviewer
vncviewer 192.168.1.5:5912

Firewalls may block the connection, so again on a secure LAN and for test purposes you might temporary disable pf
pfctl -d
before running vncviewer. Similarly the servers firewall may need to be turned off.

Give it a go, if you like it then you can add firewall permissions, maybe run vncserver from within a vm instead of using the main system ...etc.

Your i386 running OpenBSD basically just becomes a remote control of the server, doesn't matter if that's running Windows, Linux, whatever, or whether it has nvidia ..etc. All your i386 is doing is showing the screens the server throws at it and accepting whatever you do with the mouse/keyboard and forwarding that to the server. Providing it can dump the screens its provided by the server to the i386's screen quick enough then it can be near as good as if you were sitting at the servers keyboard/screen and using it directly. Your i386 is as good as a i5 or whatever your server system is, run the latest chrome/firefox, whatever you have installed on the server.

vnc doesn't forward sound, so screens/video only. OpenBSD's sndiod however is good at handling sound forwarding, but I won't cover that here, but at least you know you can build upon the above.

Opps! Edit. When you connect it runs/uses whatever is defined in ~/.vnc/xstartup script on the server. If the server was a OpenBSD OS for instance you might have just cwm in that file so it starts up cwm when a connection is made.

Last edited by rufwoof; 9th November 2023 at 05:59 PM.
Reply With Quote
Old 10th November 2023
Head_on_a_Stick's Avatar
Head_on_a_Stick Head_on_a_Stick is offline
Real Name: Matthew
Bitchy Nerd Elitist
 
Join Date: Dec 2015
Location: London
Posts: 476
Default

@rufwoof: but doesn't that setup mean you're actually using Linux to browse etc and so are not taking advantage of any of OpenBSD's security features?

For example, the browser will not be protected with pledge(2) or unveil(2) so the experience will be less secure than if you were running OpenBSD itself for that purpose.

In respect of the OP, I have a 2010 ThinkPad X201 that runs Chromium just fine but I don't watch many videos online.
Reply With Quote
Old 10th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

Quote:
Originally Posted by Head_on_a_Stick View Post
@rufwoof: but doesn't that setup mean you're actually using Linux to browse etc and so are not taking advantage of any of OpenBSD's security features?

For example, the browser will not be protected with pledge(2) or unveil(2) so the experience will be less secure than if you were running OpenBSD itself for that purpose.

In respect of the OP, I have a 2010 ThinkPad X201 that runs Chromium just fine but I don't watch many videos online.
The OpenBSD box (laptop that you vncview from), is more secure, no open ports, only external access is to vnc (or ssh tunnel) to the vncserver box, that is a physically different box. My extended version has that server running a kvm/qemu session, that I installed a clean Linux system into, configured it, and then fix that, so the same clean/pristine session started each time. Could have been Windows, or OpenBSD, whatever. I like Linux for that as chrome updates regularly and its relatively quick/easy to update that 'clean' version to include the new version of chrome. With OpenBSD you're stuck with the same chromium version for six months.

But yes that could be compromised, however I just use that for general searching/browsing, watching youtubes, duckduckgo searches, posting to boards such as this etc. If compromised the risks are small/trivial, and my data on the laptop remains secure/isolated. For secure web access, banking/whatever I can pkg add chromium on the (OpenBSD) laptop, connect it via hard wired ethernet and use that to go direct to my banks web site, nowhere else before or after. I prefer to remove that afterwards to avoid temptation to use it for other web activities (most of the time for general surfing the laptop is using wifi network connection).

So a basic OpenBSD install, plus pkg_add tigervnc jpeg ... is all that is required. Config changes are minimal, I've been using fvwm more recently and come to like it, a lot, but where the only change to that that I've made is to increase the menu font size, and move the pager from the bottom right to near the top right (just below a maximised windows title bar) as some programs I use such as LibreOffice have controls in the bottom right area (such as zoom slider). I've had no need to make other changes, adding user to staff group and other such tweaks, as as-is, as a vnc-viewer, its fast enough without needing such changes. Web pages/starting Libreoffice etc. load near instantly, because its just the screen dump from a more powerful box that is ethernet hard wired.

For all file transfers I ssh (scp) from the laptop, there's no ssh port (or any other ports) open. I do additionally use the laptop to ssh into ssh servers (and even some Bulletin Board systems) that I use for IRC, mail ...etc. It is in that respect where I've moved away from cwm to fvwm. With cwm I mostly had everything maximised, and alt-tab between those, but where the screen/font was in effect restricted, with fvwm and a more 'floating' window style, that feels more suited to my usage case.

The most likely attack vector is the Linux browser, which drops them into a 'public' (LAN) physical box, that cannot get-at the laptop, unless some form of hacking vnc screen dumps is possible, and that at most risks relatively trivial stuff, and that after a reboot has that system reinstated back to 'clean' again. My banking, and data remain secure, within OpenBSD, only OpenBSD browser (chromium) used to directly access my banking sites, nowhere else, so I still do take advantage of OpenBSD's general security as well as pledge, unveil ...etc. My ssh keys are also more secure than if I used the OpenBSD browser for 'general' surfing. Whilst the speed/responsiveness of this old laptop is phenomenal (excepting for when doing banking).


Last edited by rufwoof; 10th November 2023 at 06:44 PM.
Reply With Quote
Old 10th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

I could be a total purist, no packages added (other than firmware) - just pure base OpenBSD, and use X-forwarding, however that is considerably slower than when using tigervnc. Tigervnc (and jpeg) - but does bump the pkg_info | wc -l to 61 (including a couple of firmware items). Additional risks, but a good/fair balance. And quick/easy updating, as my changes/configs are so few I just do a complete new install every six months rather than upgrading, a ten minute job or so. The more intense admin effort is expended on the server side (chrome updates etc.). Alternatives might be to rent a virtual server, instead of that however and I've been tempted to buy into a small-form device, such as a pi, and configure/use that as a 'server' - with it perhaps taped to the laptop lid.
Reply With Quote
Old 10th November 2023
rufwoof rufwoof is offline
Port Guard
 
Join Date: Nov 2023
Posts: 25
Default

I used to carry my laptop around, nowadays however and my phone suffices for when out-and-about, the laptop has been relegated to being a couch-potato remote control type device, handy to have as a feet-up on couch posture modest/largish screen/keyboard/touchpad device. Where the LAN has increasingly become more like a WAN, other family members devices using it, phones, PS5, other laptops etc. Assuming the LAN to be DMZ (untrusted) is good practice IMO.

I prefer using my setup for banking/shares etc. and don't really trust using phones for trading shares, banking etc. I'm not one for giving out too much details either, that otherwise risks identity theft or suchlike. Don't for instance use/post to facebook, and especially not the likes of here I am on holiday in xxx along with former posts pretty much having identified the location of their empty home.

Much of security is in lifestyle choices. Once described as the greatest security risk being the thing that sits between the screen/keyboard and back of chair.
Reply With Quote
Old 26th December 2023
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 128
Default

Hi all,
thank you for all your answers
the idea was, to get openbsd as an alternative os for various purposes, for common people (as just browse a bit online, see pics/videos, write text etc)
but in a way, for 2015 and olders computers (i mean less than 2GB ram and even not intel core CPU), that to run openbsd 7.4 with xfce is like you will have to be a very good friend of georges clooney.

(and obviously, the idea was to do it as "standalone", eg without having to remotely connect to a x/vnc server :x )

after, maybe javascript for firefox, and xfce, can be the "culpuit" of the slowness of the system, but as being honnest : it's not in tty2 that it would be possible to watch videos or do some gimp.. :x
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
'Nothing Is Perfect': Tim Berners-Lee on 25 Years of the Web J65nko News 0 13th March 2014 01:47 AM
Zsh gets new stable release after four years J65nko News 0 24th July 2012 08:57 PM
Fluxbox 1.3: new release after more then 2 years vermaden News 5 21st February 2011 07:15 PM
Ettercap backdoored for many years? J65nko News 1 28th December 2010 01:05 PM
15 years of PHP J65nko News 3 10th June 2010 06:17 PM


All times are GMT. The time now is 10:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick