19 December 2014

Puffy

Undeadly :: BSDNow Episode 068: Just the Essentials

It's Michael W. Lucas week at Undeadly, as this week's episode of BSDNow features a lengthy interview with the man.

Additionally, they have more conference videos, a comparison of FreeBSD and OpenBSD security features, the OpenSMTPD folks (hi gilles@!) write about the work they've been doing, a review of httpd(8), and all the week's odds and ends in the world of BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

18 December 2014

Puffy

Undeadly :: Michael W. Lucas' Sudo Talk Online

Michael W. Lucas, author of Absolute OpenBSD, SSH Mastery, and Sudo Mastery (among others!) has given a talk, titled "Sudo: You're Doing it Wrong", now online:

It runs just over an hour, so make sure you bring a snack!

11 December 2014

Puffy

Undeadly :: Dec 10th Errata

Ted Unangst (tedu@) has announced the availability of patches for three separate issues.

The first errata addresses the recent DNS server issue

Three new errata to announce.

Malicious DNS servers could cause a denial of service with an endless series of delegations. This affects named (BIND) and unbound. There is a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have patches for BIND at this time.

Missing memory barriers (and other bugs) made virtio devices unreliable. Patches available for 5.5 and 5.6.

Lots and lots of security bugs in the X server have finally been fixed. http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ Patches are available for 5.5 and 5.6.

For 5.6: http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig

For 5.5: http://www.openbsd.org/errata55.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig

09 December 2014

Puffy

Undeadly :: Libressl 2.1.2 released.

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook writes to tech@openbsd.org:
We have released LibreSSL 2.1.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.
Read more...

05 December 2014

Puffy

Undeadly :: memcpy vs memmove

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) took the time to write up a short history of the trials and tribulations that have accompanied the recent attention being paid to the memcpy(3) and memmove(3) routines:

memcpy vs memmove

A few notes about memcpy vs memmove and some related items as well.

memcpy

The C standard specifies two functions for copying memory regions, memcpy and memmove. The important difference is that it is undefined behavior to call memcpy with overlapping regions. One must use memmove for that. As the names imply, memcpy copies data from one region to another, while memmove moves data within a region. (It’s also perfectly acceptable to memmove between different regions.)

This subtle but important distinction allows memcpy to be optimized more aggressively. In the case of memmove between overlapping regions, care must be taken not to destroy the contents of the source before they are done copying. This is easiest to see with a naive implementation of a copy loop.

Read the whole thing; it's an exciting journey into the world of bug-hunting!

Undeadly :: Two New Kernel Errata

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In an email to tech@, Ted Unangst (tedu@) lets us know about two new kernel bugs for which patches exist:

Patches are now available for 5.5 and 5.6 which fix two kernel errata.

5.5 errata 16 and 5.6 errata 10: Several bugs were fixed that allowed a crash from remote when an active pipex session exists.

5.5 errata 17 and 5.6 errata 11: An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.

Users who don't use don't use PPPOE or PIPEX are not affected, but can still apply the patches.

Links:

http://www.openbsd.org/errata55.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/016_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/017_pppoe.patch.sig

and

http://www.openbsd.org/errata56.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig

04 December 2014

Puffy

Undeadly :: BSDCan 2015 Call for Papers

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } BSDCan has announced their call for papers:

BSDCan is an enormously successful grass-roots style conference. It brings together a great mix of *BSD developers and users for a nice blend of both developer-centric and user-centric presentations, food, and activities.

Please follow the instructions for submitting a proposal to BSDCan 2015.

BSDCan 2015 will be held 12-13 June 2015 (Fri/Sat), in Ottawa. We are now requesting proposals for talks. We do not require academic or formal papers. If you wish to submit a formal paper, you are welcome to, but it is not required.

The talks should be written with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.

If you have anything you think is worthwhile to share, write it up and send it in!

03 December 2014

Puffy

Undeadly :: Call for Testing: openssl(1)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt has just committed a conversion of the openssl(1) client and server implementations from select(2) to poll(2):

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2014/12/02 12:44:49

Modified files:
	usr.bin/openssl: s_client.c s_server.c 

Log message:
convert select() to poll().  This is one of the most complicated
conversions in the tree, because the original code is very rotten and
fragile.  Please test and report any failures.
Assistance from millert, bcook, and jsing.

Users of this functionality are encouraged to put these changes through the wringer to shake out any bugs that may have been introduced or uncovered.

02 December 2014

Puffy

Undeadly :: LibreSSL Windows Port Status Update

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Brent Cook (bcook@) wrote in to let us know that he's completed the initial work to get LibreSSL working on Win32 platforms:

I got a Windows 8.1 box running this weekend and spent some quality time making poll(2) emulation more robust, so that it can deal with more of the select->poll conversions in openssl(1) coming in the future. I also got the upstream poll conversion patches themselves in better working order. This Windows port is now achieved without any #ifdefs or odd workarounds. So, it should be possible to maintain support without having too many new warts in the LibreSSL tree.

So, what can it do now? Well, you can run this command in a powershell window:

.\apps\openssl.exe s_server -cert tests\server.pem

and this in another:

.\apps\openssl.exe s_client

and type on the console back and forth interactively. You can also run this from powershell and still get the expected result:

cat .\README | apps\openssl.exe s_client -connect 127.0.0.1:4433

No big deal for those fancy 'everything works like a file' operating systems, but Windows very special in its handling of sockets vs. console IO vs pipes. Performance-wise, it's currently about 50x slower than Cygwin's native openssl.exe, but I have not begun to optimize anything yet.

https://github.com/busterb/portable/commits/win32-minimal

https://github.com/busterb/openbsd/commits/win32-minimal

- Brent

A big thanks to him for his work in making this happen!

21 November 2014

Puffy

Undeadly :: BSDNow Episode 064: Rump Kernels Revisited

On this week's episode, the intrepid hosts talk about the import of SipHash to the OpenBSD kernel, Theo de Raadt (deraadt@)'s talk (slides) about arc4random, an interview with Justin Cormack of NetBSD, and videos from MeetBSD coming online.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

20 November 2014

Puffy

Undeadly :: Call for Testing: 64-bit PCI Bridge Support

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Mark Kettenis (kettenis@) wrote a message to tech@ asking for volunteers to test a patch to squash a few bugs in the PCI code:

Hi All,

dlg@ managed to get access to a machine that actually uses 64-bit PCI
addresses behind a bridge.  This triggered some bugs in the so far
untested code.  Quelle suprprise!

I'd appreciate it if some people can verify that this doesn't break
other systems.  In particular I'm looking for testers on server-type
machines, both i386 and amd64.

Thanks,

Mark

If you have such a machine, you should make sure that this doesn't introduce any issues for you. As always, quality releases depend on widespread testing!

18 November 2014

Puffy

Undeadly :: Perl Updated to 5.20.1

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Andrew Fresh (afresh1@) has updated Perl in base to 5.20.1:
CVSROOT:	/cvs
Module name:	src
Changes by:	afresh1@cvs.openbsd.org	2014/11/17 13:53:21

Log message:
    Import perl-5.20.1

Additionally, he wrote in to give us a quick intro to what he thinks are some of the more interesting changes to be found: Read more...

14 November 2014

Puffy

Undeadly :: BSDNow Episode 063: A Man's man(1)

This week, on BSDNow, the hosts talk about the recent MeetBSD, mention chatter on the Tor mailing lists about adding more OpenBSD nodes, interview with Kristaps Džonsons, the original author of mandoc(1), and all the odds and ends in the BSD universe.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

10 November 2014

Puffy

Undeadly :: USB 3.0 Enabled in -current

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

For those of you who missed it on Friday, Martin Pieuchot (mpi@) enabled USB 3.0 support in OpenBSD:

CVSROOT:	/cvs
Module name:	src
Changes by:	mpi@cvs.openbsd.org	2014/11/07 09:44:18

Modified files:
	sys/arch/i386/conf: GENERIC 
	sys/arch/amd64/conf: GENERIC 

Log message:
Enable xhci(4).  Most of the features are here, USB 1.x devices only work
if they are connected to the root hub and isochronous transfers are not
supported for the moment.

Let me know if your controller/device do not work.  In this case attach a
dmesg of a kernel build with XHCI_DEBUG.

ok deraadt@

Not everyone missed it, of course, with problem reports and fixes being seen over the weekend.

For those of you who'd been looking forward to using those blue USB ports of yours, now's the time to plug in as many 3.0 devices as you can find!

Edit: Of course, just about the time we publish this story, USB1.x devices are now supported on a USB3.x controller.

07 November 2014

Puffy

Undeadly :: Improving bcd(6)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) has written a blog post about fixing bugs in bcd(6), keeping with the recent trend of finding and fixing ancient bugs:

Owing to its BSD heritage, OpenBSD ships with a few games installed in /usr/games. Quite a few, in fact. There are more programs in games (46) than in /bin (43). Some of them aren’t really games, but more like toys, but nevertheless there they are. They aren’t exactly the focus of OpenBSD, but they’re still part of the system and do get the occasional maintenance update.

One such game is bcd, which prints out punch card looking diagrams of input strings. I made a few improvements to it recently.

As they say, read the whole thing.

02 November 2014

Puffy

GCU OpenBSD :: Pruitt Igoe

Derrière ce nom cryptique se cache une métaphore.. ainsi la construction de l’Operating System next-génération-qui-fait-son-bonhomme-de-chemin-tranquillement se poursuit, quand d’autres courent à leur destruction (suivez mon regard).

Aujourd’hui donc est disponible OpenBSD 5.6, avec son thème graphique & lyrique basé sur Apocalypse Now.

La grande nouveauté est l’apparition de LibreSSL, le fork d’OpenSSL. Enormément de commits ont eu lieu pour simplifier, sécuriser et améliorer cette librairie cruciale pour la confidentialité de nos échanges.

Les sets contenant la configuration dans /etc ont été remaniés, et les exemples sont maintenant pour la plupart dans /etc/examples/.

IPv6 est désactivé par défaut sur toutes les interfaces (pas d’IP link-local), comme IPv4 – il faut l’activer explicitement, ca évite les surprises.

Un serveur httpd(8) basique écrit à partir du code de relayd(8) est disponible en tech preview. Il remplacera nginx dans le basesystem en 5.7, son code étant maintenant considéré trop complexe.

OpenSMTPD remplace sendmail comme serveur de mail par défaut.

Un peu de nettoyage dans l’arbre… Kerberos (trop complexe), le support bluetooth (non maintenu), ALTQ (remplacé par HFSC), Apache(remplacé par nginx/httpd), ppp(8), pppoe(8) (utilisez pppd(8)), lynx(1), uucpd(8) et les TCP Wrappers ont été supprimés.

Beaucoup de ciphers/MAC obsolètes/insécures ont été désactivées par défaut dans OpenSSH. Ne vous étonnez pas de ne plus arriver à vous connecter depuis un vieux OpenSSH 4…

Cette nouvelle version peut être commandée sur OpenBSD store (uk), ou récupérée sur un des miroirs le plus proche de chez vous tel que ftp.fr.

Par gaston

01 November 2014

Puffy

Undeadly :: OpenBSD 5.6 Released

November 1st 2014, Calgary, AB, CA and elsewhere -

With reports coming in of pre-ordered CD sets arriving all over the world, the OpenBSD project today released OpenBSD 5.6, the project's 36th release on CD-ROM (37th downloadable).
Read more...

Undeadly :: libressl Renamed to libtls

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

EDIT: as pointed out both in the comments below and privately, this renames not the installed SSL library, but the new "ressl" API library. Our apologies for the confusion.

Joel Sing (jsing@) has renamed the the installed LibreSSL library:

CVSROOT:	/cvs
Module name:	src
Changes by:	jsing@cvs.openbsd.org	2014/10/31 07:46:17

Modified files:
	include        : Makefile 
	lib            : Makefile 
	share/mk       : bsd.README bsd.prog.mk 
Added files:
	lib/libtls     : Makefile shlib_version tls.c tls.h tls_client.c 
	                 tls_config.c tls_init.3 tls_internal.h 
	                 tls_server.c tls_util.c tls_verify.c 
Removed files:
	lib/libressl   : Makefile ressl.c ressl.h ressl_client.c 
	                 ressl_config.c ressl_init.3 ressl_internal.h 
	                 ressl_server.c ressl_util.c ressl_verify.c 
	                 shlib_version 

Log message:
Rename libressl to libtls to avoid confusion and to make it easier to
distinguish between LibreSSL (the project) and libressl (the library).

Discussed with many

31 October 2014

Puffy

Undeadly :: BSDNow Episode 061: IPSECond Wind

On this week's episode of BSDNow, the hosts talk about brave missionaries to the Linux continent, the ongoing auction for the first signed copy of The Book of PF, 3rd Edition, the imminent release of OpenBSD 5.6, and interview John-Marc Gurney about updating the FreeBSD IPSEC stack, wherein he shares his thoughts regarding cross-pollination between the BSD IPSEC stacks.

All that and other odds and ends in the week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

28 October 2014

Puffy

Undeadly :: OpenBSD 5.6 pre-orders arriving

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Fred Crowson wrote in to say:
Hi misc@

Just received my 5.6 disks in the post!

Thanks to all the developers for your continued work in making another 
great OpenBSD release.

Cheers

Fred
--
5.6 in the wild: https://twitter.com/fcbsd/status/525618236667482112

Reports are coming in from all over the world from people getting their CDs early, the obvious benefit to pre-ordering. If you haven't ordered yet, you can still do so over at http://www.openbsdeurope.com/, or if you don't need physical media (you'll miss out on the stickers), you can simply make a donation.

Please also consider getting your employer to order sets or make a donation if you use OpenBSD in your organisation.

26 October 2014

Puffy

Undeadly :: The Book of PF 3rd ed Is Out, Win First Signed Copy by Donating to OpenBSD!

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } As you may have heard elsewhere, The Book of PF is out in its third edition. Now author Peter Hansteen has received his author copies, and he has teamed up with the OpenBSD Foundation to auction off the first ever signed copy of the book.

More details are to be found over at Peter's blog, but the main item is that the first physical copy of the new edition ever touched by and subsequently signed by its author is up on an ebay auction where all proceeds will go to the OpenBSD Foundation. For unsuccessful bidders, Peter urges them to donate the amount of their highest bid to the OpenBSD Foundation.

Read more...

19 October 2014

Puffy

Undeadly :: OpenBSD Passes 300,000 Commits

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ingo Schwarze (schwarze@) writes in with news that the OpenBSD source tree has seen its 300,000th commit. Ingo writes:

According to http://www.oxide.org/cvs/OpenBSD.html OpenBSD just passed its three hundred thousandth commit.

Read more...

18 October 2014

Puffy

Undeadly :: BSDNow Episode 059: BSDって聞いたことある?

On this week's episode, Kris and Allan interview Hiroki Sato, talk about BSD-related talks at XDC 2014, and all the odds and ends in this week's BSD news.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Undeadly :: SSL v3

Google's security team released the details of a practical attack on the SSL v3.0 protocol. Commits resolving the issue for relayd, LibreSSL, and httpd (by essentially deprecating the old protocol even further) have been committed.

15 October 2014

Puffy

Undeadly :: ingo@ incorporates man into mandoc

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }
I have integrated the traditional man(1) program - yes, the one to display manual pages - into mandoc(1). For apropos(1), whatis(1), and mandoc(1), the unified interface described below has now been enabled in OpenBSD-current since August 26, 2014.
Read more...

14 October 2014

Puffy

Undeadly :: A Sneak Peek at the Upcoming OpenBSD 5.6 Release

As we get closer to release day (coming on or around November 1st), OpenBSD developer Lawrence Teo (lteo@) writes a nice blog entry about the upcoming 5.6 release.

http://lteo.net/blog/2014/10/01/a-sneak-peek-at-the-upcoming-openbsd-5-dot-6-release/

12 October 2014

Puffy

Undeadly :: LibreSSL 2.1.0 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Bob Beck (beck@) has announced the release of LibreSSL 2.1.0:

We have released LibreSSL 2.1.0 - which should be arriving in the
LIbreSSL directory of an OpenBSD mirror near you very soon.

This release continues on with further work from after OpenBSD 5.6
code freeze. Our intention is to finalize LibreSSL 2.1 with OpenBSD
5.7

As noted before, we welcome feedback from the broader community.

Enjoy,

-Bob

10 October 2014

Puffy

Undeadly :: BSDNow Episode 058: Behind the Masq

In this week's BSD omnibus podcast, the hosts discuss the OpenBSD 5.6 release, talk about the reasons behind portroach, and present a tutorial for blocking web ads on your gateway with Dnsmasq (net/dnsmasq).

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

02 October 2014

Puffy

Undeadly :: Package building without sudo (part 2)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Christian Weisgerber (naddy@) writes in:
As of September 23, all OpenBSD ports can be individually built without sudo(1).
Read more...

01 October 2014

Puffy

Undeadly :: OpenBSD 5.6 Pre-Orders Available

OpenBSD 5.6 CD sets are available for pre-order

Be the first kid on your block to serve up man pages in a brand-spanking-new httpd(8)!

Undeadly :: EuroBSDCon 2014 Papers Online

25 September 2014

Puffy

Undeadly :: EuroBSDCon 2014 Opens

EuroBSDCon 2014 opened today in Sofia. The schedule includes two days of tutorials, two days of presentations, and plenty of time to exchange ideas and insults.

A live stream of the conference is available.

22 September 2014

Puffy

Undeadly :: Faster snapshots packages synch

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Marc Espie (espie@) wrote to tech@:
I've just committed changes to pkg_create that will help mirrors synch by using much less bandwidth.
Read more...

19 September 2014

Puffy

Undeadly :: BSDNow Episode 055: The Promised WLAN

In this episode of BSDNow, Kris and Allan go over the week's BSD odds and ends, including mention of an interesting article about using a Linux rescue image to bootstrap a headless OpenBSD installation on remote machines. Headlining is an interview with the FreeBSD wireless stack maintainer, Adrian Chadd.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

16 September 2014

Puffy

Undeadly :: Heads Up: Sendmail Removed from Base

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

In the first of several commits, Matthieu Herrb (matthieu@) has removed sendmail from the release:

CVSROOT:	/cvs
Module name:	src
Changes by:	matthieu@cvs.openbsd.org	2014/09/15 16:25:57

Modified files:
	gnu/usr.sbin   : Makefile 

Log message:
Unlink sendmail from the build. ok krw@ ajacoutot@

Users of OpenSMTPd can rejoice in having no work to do; others will have to install sendmail from packages.

12 September 2014

Puffy

Undeadly :: GSoC 2014: Systemd replacement utilities (systembsd)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ian Kremlin wrote in with this report on the GSoC he was involved in:
This summer I, along with my mentors Landry Breuil and Antoine Jacoutot, worked on systemd shim-like replacements for four D-Bus daemons systemd provides, namely hostnamed, localed, timedated, and logind.
Read more...

05 September 2014

Puffy

Undeadly :: 2Q Buffer Cache in OpenBSD

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Ted Unangst (tedu@) wrote a blog post about his replacement of the simple LRU buffer cache algorithm with a 2Q-ish one:

Since the dawn of time, the OpenBSD buffer cache replacement algorithm has been LRU. It’s not always ideal, but it often comes close enough and it’s simple enough to implement that it’s remained the tried and true classic for a long time. I just changed the algorithm to one modelled somewhat after the 2Q algorithm by Johnson and Shasha. (PDF)
Read more...

04 September 2014

Puffy

Undeadly :: Persist tmux environment across system restarts

Nagy Gábor writes in with a tip:
Tmux is great, except when you have to restart the computer. You lose all the running programs, working directories, pane layouts etc. There are helpful management tools out there, but they require initial configuration and continuous updates as your workflow evolves or you start new projects.
Read more...

29 August 2014

Puffy

Undeadly :: BSDNow Episode 052: Reverse Takeover

This week on BSDNow, in addition to the week's BSD-flavored odds and ends, Kris and Allan headline with an interview with Shawn Webb about ASLR and PIE on FreeBSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

27 August 2014

Puffy

Undeadly :: Heads Up: Nginx Removed From Base

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } With this commit, Robert Nagy (robert@) removed nginx(8) from base:
Log message:
remove nginx from the base system in favor of OpenBSD's own httpd(8)
Read more...