WIP!
Most of this site is incomplete, and the current state is available as an open draft. Most of the text here is likely incomplete, misinformed, or just plain wrong. I'm looking for feedback on my website, so that I can:
- Fill in what I'm missing
- Take out what's unnecessary
- Figure out my target audience
- Find the right way to structure the site
- Filter out any errors
To anyone who wants to send me feedback, thank you, and shoot me an email!
I like to host my own stuff. Google (business model: surveillance capitalism) gives away all of its services for free — free Gmail, free YouTube, free Maps and so on — and in return, Google learns the best way to turn you into a model consumer. I’m not a big fan of this.
I also hear about an internet far removed from global corporate independence, where people hosted their own websites and linked together to form a community. This part of the internet where most online traffic wasn’t consolidated to a few companies was once the default.
I stole the phrase Websteading right out of Homesteading — a lifestyle of self-sufficiency where people use their own land to sustain themselves. In the same vein, I want to give folks the methods to sustain themselves and redirect their dependence on information from social media to each other.
Why OpenBSD?
TODO - pour out the soykaf
I think OpenBSD can generally be a well-secured OS, or at least substantially more secure than Linux + web stack of the year. Not everyone has the same opinion
These next two sections will likely have more bald-faced lies opinion
than the rest of the website combined. I want to revise this to give a mostly
matter-of-fact opinion on OpenBSD, mixed with how I believe it fits with
websteading.
I don’t use BSD on my desktop computer. I need to use proprietary programs that BSD cannot support. My threat model for workstations are preventing theft, keeping applications from cobbling itself, and not downloading sketchy executables.
Contrast this with websites and mail servers. These are services that people are actually going to interact with, and are necessarily public to everyone, many of whom will try to break it. The situation forms a threat model where its services are trusted, but the users who touch them are not. I want to make sure that whatever platform I build these apps on are locked-down, and I think OpenBSD’s goals fit the bill.
There are a few features that stood out to me:
- It prioritizes auditing code for security deficits over adding new features.
- It claims to be “Secure by Default”. I understand this to mean that there are no low-hanging fruit that someone on the outside can exploit on a fresh OpenBSD instance. Each open port is an avenue to interact with the OS, and each avenue provides surface area that an attacker can search through to exploit. It also starts off with only essential ports open by default – a fresh instance of OpenBSD 7.0 on Vultr only has SSH enabled for the outside world. In essence, there should be no easy avenue to crack an OpenBSD machine unless the user proactively “does something stupid”.
pledge()limits a program’s access to a limited set of kernel features. It is used quite extensively in OpenBSD.unveil()limits a program’s access to a portion of the complete file system. It sees use in places such as the ACME client.
While fooling around with OpenBSD, I found there are not as many guides for it as there are for Linux servers. This website acts as a synthesis of what I learned, in the form of a base start-up guide from zero to VPS, and then branching off to host whatever they want.
Why not OpenBSD?
Not everyone believes that OpenBSD is as secure as they claim. Is OpenBSD Secure? (2019) gives an itemized analysis of various mitigations the OpenBSD project uses to secure their system. The About and Quotes page gives a good emotional framing device for the website. The mitigations list itself is a good read for anyone interested in cybersecurity.