02 September 2015

Puffy

Undeadly :: Native EFI Bootloader Support for OpenBSD

As the j2k15 hackathon comes to a close, OpenBSD gets its very own native EFI bootloader.

On Twitter, Yojiro UO (yuo@-san) posted a list of systems tested and working with the new bootloader.

As you can see, a number of EFI-only systems are now successfully booting OpenBSD.

And as seen on twitter Yasuoka@-san posted a little teaser with the dmesg from an EFI-only MinnowBoard

01 September 2015

Puffy

Undeadly :: OpenBSD 5.8's third song announced

The third of the expected four OpenBSD 5.8 release songs, A Year in the Life, has been released.

The song is available in mp3 and ogg formats, with lyrics mainly about the LibreSSL story (remember this?), but as the song notes point out,

The pattern of LibreSSL development is a pattern that has repeated itself many times in OpenBSD -- a decision is made by a few people to do something, followed by action, and letting the world share it if they like it (such as with OpenSSH).

Bob Beck's full announcement reads:

Read more...

31 August 2015

Puffy

Undeadly :: Coming Soon to OpenBSD/amd64: A Native Hypervisor

Earlier today, Mike Larkin (mlarkin@) published a teaser for something he's been working on for a while. Then a little later in the day, an announcement appeared on tech@:

TL;DR - a native hypervisor is coming. stay tuned.

For the last few months, I've been working on a hypervisor for OpenBSD. The idea for this started a few years ago, and after playing around with it from time to time, things really started to take shape around the time of the Brisbane hackathon earlier this year. As development accelerated, the OpenBSD Foundation generously offered to fund the project so that I could focus on it in more earnest.

Read more...

28 August 2015

Puffy

Undeadly :: Call for Testing: Using tame() in userland

Theo de Raadt (deraadt@) has just released a call for testing of an initial conversions of programs in OpenBSD base to use the tame(2) API:

This is for those of you interested in tame, and skilled enough to
play along.
Read more...

27 August 2015

Puffy

Undeadly :: Removal of SSLv3 from LibreSSL

Earlier today, Doug Hogan (doug@) committed the first parts of the removal of SSLv3 support from LibreSSL:

Log message:
Remove SSLv3 support from LibreSSL.
Read more...

Undeadly :: Kernel W^X extended to i386

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

As mentioned back in January, Mike Larkin (mlarkin@) has been working on improving W^X protections in the OpenBSD kernel. The bulk of the work was focused on the amd64 architecture, but he recently committed similar support for the i386 architecture as well. Read more...

25 August 2015

Puffy

Undeadly :: OpenBSD 5.8, Another Song

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } The second of an anticipated four songs for the OpenBSD 5.8 release has ben published, this one written and performed by Alexandre Ratchov (ratchov@). In the announcement he says:
For the 20th anniversary release of OpenBSD, I have contributed this
short sound track:

http://www.openbsd.org/lyrics.html#58b
Read more...

19 August 2015

Puffy

Undeadly :: OpenBSD 5.8 Preorders Enabled, Release Song Published

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Two important events of the OpenBSD 5.8 release cycle happened today:

  • On the Orders page, pre-orders for the new release have been enabled
  • On the Lyrics page, the OpenBSD 5.8 release song has been published, with links to OGG and MP3 formats available.

The release date is October 18th, to mark the 20th anniversary of creation the OpenBSD CVS tree, as Theo de Raadt (deraadt@) noted in the announcement:

Read more...

16 August 2015

Puffy

Undeadly :: c2k15: beck@ on LibreSSL security, midlayer work

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

For your reading pleasure, here is the c2k15 report from Bob Beck (beck@):

So, Unlike many hackathons I really didn't go into this one with any specific goal of getting anything accomplished. Well, that's kind of a Lie, I did have one hidden agenda.. I knew doug@ and bcook@ and miod@ would be there, and I wanted to get many of our Coverity found issues in LibreSSL addressed.

Read more...

15 August 2015

Puffy

Undeadly :: The OpenBSD Foundation Announces New Silver Donor: Yandex

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The OpenBSD Foundation's 2015 fundraising campaign is picking up steam. The Foundation's directors wrote in to announce yet another Silver-class donor:

The OpenBSD Foundation is happy to announce that the latest Silver level donation, from Yandex LLC, our 4th Silver level donor in 2015, has pushed the total donations received in 2015 past our basic goal of $200,000.

This does not bring our 2015 fund raising campaign to a close!

Read more...

11 August 2015

Puffy

Undeadly :: c2k15: renato@ on ldpd(8), eigrpd(8) progress

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our next c2k15 report comes from Renato Westphal (renato@), who writes,

This was my first OpenBSD Hackathon and it was a very pleasant and productive experience for me. I went to Calgary with two specific goals in mind. The first was to work with rzalamena@ to finish our VPLS implementation that we started long ago.

Read more...

Undeadly :: c2k15: guenther@ on C-states, kbind, misc improvements

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our next c2k15 report comes from Philip Guenther (guenther@), who writes,

I went to Calgary expecting to do some low-level x86 improvements and fix some issues turned up in the C-state work I had committed back in June...and that's actually what I did! Weird...

Read more...

09 August 2015

Puffy

Undeadly :: c2k15: bluhm@ on regress tests, syslogd progresss, TLS work and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Alexander Bluhm (bluhm@) wrote in with this report from the recently completed c2k15 hackathon:

First of all I would like to say that SAIT in Calgary is a great place to hack. Network connectivity was perfect. Thanks for the invitation.

During this hackathon I was sitting at a table together with benno@ and reyk@. We were discussing the test framework that I have created for kernel socket splicing, pf divert, ospfd, relayd and syslogd. It is integrated in /usr/src/regress. There it spawns processes and coordinates the communication between them. Everything is written in Perl.

Read more...

05 August 2015

Puffy

Undeadly :: c2k15: florian@ on building the hackathon network, httpd and pflow

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our next c2k15 report comes from Florian Obser (florian@).

My hackathon started over a week earlier with Peter Hessler (phessler@) arriving at my place in Amsterdam. We were on the same flight to Calgary via Toronto the next morning.

The first flight was uneventful and after breakfast, elevenses, lunch and Air Canada constantly carrying my butt around (we had the help of two very nice people to find ridiculously cheap business class tickets - thank you very much!) we arrived in Toronto.

Read more...

04 August 2015

Puffy

Undeadly :: The OpenBSD Foundation Announces First Platinum Donor: CII

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

We have a platinum donor. The OpenBSD Foundation has announced the name of the first platinum donor:

The OpenBSD Foundation is happy to announce that the Linux Foundation's Core Infrastructure Initiative (CII) has made a significant financial donation to the Foundation. This donation is a repeat of the CII's 2014 donation, and like the first is being used by the Foundation to help cover network connectivity contracts for OpenBSD, OpenSSH and related projects. This donation makes the CII the first Platinum level contributor in the OpenBSD Foundation's 2015 fundraising campaign.
Read more...

31 July 2015

Puffy

Undeadly :: c2k15: pirofti@ on Octeon architecture progress

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Next up in the c2k15 reports series is Paul Irofti (pirofti@), who writes:

I arrived in Calgary with two projects in mind: writing an ACPI WMI driver and adding Flash driver support for the Octeon D-Link DSR-500 machine. This was obviously naive of me as I have not even started working on the former and barely managed to finish the later.

Read more...

Undeadly :: c2k15: afresh1@ on libtool(1), encouragement, locales, and Hipster coffee

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our next c2k15 report comes from Andrew Fresh (afresh1@). Andrew writes,

I started off the hackathon without a specific project in mind hoping something interesting would come up. In the mean time I thought I would work on running the GNU libtool tests with our libtool(1) in order to see if there were things I could fix or improve. I did get it to run, but their autowhatever tools to get it to go confused me too much and I ended up running `make test` in the port and stealing the test infrastructure from there. It turns out that was the wrong tack to find broken things in libtool. All the complaints were because our error messages don't look like their error messages or other similarly useless problems. If I end up back at this, I'll instead go find ports that use the other libtool and see if I can figure out why they use it.

Read more...

30 July 2015

Puffy

Undeadly :: c2k15: sashan@ on SMP pf progress

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

One of our new developers, Alexandr Nedvedicky (sashan@), writes in to tell us about his trip to the lovely locale of Calgary for c2k15.

It's been an honor for me to spend a week with OpenBSD developers. I'd like to thank to mikeb@, who somehow made it happen. I've tried not to slack too much, committing all small bugfixes to PF, we've found in past, while porting PF to Solaris. There is still one more patch to come, I'm basically waiting for O.K. from bluhm@.
Read more...

28 July 2015

Puffy

Undeadly :: c2k15: jsg@ on graphics work: Mesa, xenocara, drm, libGL

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

The next c2k15 hackathon report comes from Jonathan Gray (jsg@), who got a lot done this time:

During c2k15 I mostly focussed on some of the userland parts of graphics support, Mesa which implements the OpenGL library and libdrm the library which abstracts/wraps drm ioctls sent to the kernel.

Read more...

25 July 2015

Puffy

Undeadly :: c2k15: rzalamena@ on mpw(4), network MP safety

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

For our next c2k15 installment, we welcome new developer Rafael Zalamena (rzalamena@), who just submitted his first-ever hackathon report:

My name is Rafael Zalamena (rzalamena@) and this was my first OpenBSD hackathon.

I was invited to the hackathon early this year to help renato@ and mpi@ to deal with the commit of mpw(4) device to finish the VPLS implementation for OpenBSD, but after the first days in Calgary I was offered an account to do my first commits.

Read more...

Undeadly :: c2k15: jeremy@ on ruby work, kernel and libc bugs, ports progress

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our series of c2k15 hackathon reports continues with this entry from Jeremy Evans (jeremy@):

I had a great time at c2k15 and got a lot of work done.

The first major project I worked on was switching the default version of ruby in the ports tree from 2.1 to 2.2. That's a fairly simple change, but it requires testing a bulk build of the ruby ports, which brought up some issues that had to be fixed in a handful of ports.

Read more...

24 July 2015

Puffy

Undeadly :: c2k15: mpi@ on trunk(4), pf(4), wifi, routing, bridge(4) and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Our next c2k15 report comes from Martin Pieuchot (mpi@), who appears to have had a quite productive hackathon:

As expected, I spent most of my time during this hackathon working on the network stack. But apart from a crazy trunk(4) bug fix I did not write much code during the week and this was completely new to me!

I always though that hackathons were the best place to write code, but what's even more important is that they are the best (well actually only) moment where one can discuss and coordinate projects with other developers IRL. And that's what I did.

Read more...

23 July 2015

Puffy

Undeadly :: c2k15: jasper@ on puppet progress, sed(1) enhancements and more

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

This just in - a fresh hackathon report, this time from Jasper Lievisse Adriaanse (jasper@). Jasper writes,

It seems to have become a standard part of my hackathons these days: Puppet. While I didn't work that much on Puppet itself this hackathon, I did spend a great deal of time before and at the hackathon on Facter. Facter is a tool used by Puppet to gather various bits of system information (facts). These can be trivial facts such as hostname and architecture, but also more complex and structured facts such as mountpoints and network interface information.

Read more...

22 July 2015

Puffy

Undeadly :: c2k15: ajacoutot@ on rc.d refinements, ports churn and sysmerge's future

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Next up in our series of c2k15 hackathon reports is from Antoine Jacoutot (ajacoutot@), who writes:

A few days before the hackathon, I worked on a few rc.d(8) related things that I wanted to (and did) commit at the start of the week to give me a chance to fix any fallout.

Read more...

Undeadly :: c2k15: stsp@ on wifi and usb matters, and a peek to the UTF-8 future

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Stefan Sperling (stsp@) may not have landed just yet, but he did file this report from the newly concluded hackathon:

The net80211 wireless code has plenty of comments referring to sections of and old version of the 802.11 standard. I started updating such references in the ieee80211.h header to the 802.11-2012 ("11n") version of the standard, and also added new macros for meta data added in this newer version.

Read more...

Undeadly :: c2k15: krw@ on softraid on 4k disks, cardbus on Dell vs Synaptics and Thinkpads

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Kenneth Westerback (krw@) just came back from c2k15 and filed his report:

I arrived with two goals: offload a problematic Dell L400 I had had donated to me, and get 4K softraid working. deraadt@ and beck@ immediately pointed out that I was banging my head on the wrong brick wall for the L400 problems.
Read more...

21 July 2015

Puffy

Undeadly :: c2k15: Internal jump targets to help navigating big manual pages

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

One of our favorite developers Ingo Schwarze (schwarze@) writes in about a new feature that he just added to mandoc(1).

Did you ever look at a huge page in man(1), wanted to jump to the definition of a specific term - say, in ksh(1), to the definition of the "command" built-in command - and had to step through dozens of false positives with the less '/' and 'n' search keys before you finally found the actual definition?
Read more...

08 July 2015

Puffy

Undeadly :: EuroBSDCon 2015 Registration Is Open

Registration for this year's European BSDs conference is now open at registration.eurobsdcon.org, open up until right before the conference starts but early bird discounts end on August 31st (midnight CEST).

And to help you plan your conference, the you can look up the talks and tutorials (with a useful portion of OpenBSD stuff in all tracks) by clicking the links.

See you in Stockholm October 1st through 4th, 2015!

07 July 2015

Puffy

Undeadly :: EuroBSDCon 2015 Preliminary Program Published

The EuroBSDCon 2015 organizers have published the initial list of accepted talks and tutorials, with a useful portion of OpenBSD stuff in all tracks.

It is worth noting that this is a preliminary version (the schedule is not yet finalized), but barring the usual human and practical factors, this is likely close to the conference's final program.

Undeadly :: Microsoft Now OpenBSD Foundation Gold Contributor

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

On the heels of announcing support for SSH, and specifically OpenSSH, Microsoft has become the OpenBSD Foundation's first-ever Gold contributor:

The OpenBSD Foundation is happy to announce that Microsoft has made a significant financial donation to the Foundation. This donation is in recognition of the role of the Foundation in supporting the OpenSSH project. This donation makes Microsoft the first Gold level contributor in the OpenBSD Foundation's 2015 fundraising campaign.

Donations to the Foundation can be made on our Donations Page.

We can be contacted regarding corporate sponsorship at fundraising@openbsdfoundation.org.

It's encouraging to see words followed by action, especially for such a critical piece of software.

01 July 2015

Puffy

Undeadly :: Out With the Old, in With the New

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) has given out a blog post detailing some of the recent work going into OpenBSD:

Notes and thoughts on various OpenBSD replacements and reductions. Existing functionality and programs are frequently rewritten and replaced for the sake of simplicity or security or whatever it is that OpenBSD is all about. This process has been going on for some time, of course, but some recent activity is worth highlighting.

Read more...

28 June 2015

Puffy

Undeadly :: Handling Leap Seconds the OpenBSD Way

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Christian Weisberger (naddy@) let us all know what we need to do to prepare for the impending leap second:

As you may have heard, a leap second will be upon us at 23:59:60
UTC on June 30.

The sky will fall, civilization will end, and dinosaurs will roam
the earth again.  Well, maybe not.

Neither the OpenBSD kernel nor OpenNTPD handle leap seconds in any
way.  So what will happen?
Read more...

19 June 2015

Puffy

Undeadly :: BSDCan 2015 Videos Online

The videos of the recently-concluded BSDCan are coming online at record speed. The OpenBSD videos online are:

  • Ted Unangst, "signify: Securing OpenBSD From Us To You" (video)
  • Ray Percival, "Networking with OpenBSD in a virtualized environment" (video)
  • Reyk Flöter, "Introducing OpenBSD’s new httpd" (video, part1, part2)
  • Peter Hessler, "Using routing domains / routing tables in a production network" (video)

Undeadly :: BSDNow Episode 094: Builder's Insurance

On this week's episode of BSDNow, Marc Espie (espie@) talks about dpb, OpenBSD's distributed package builder, which runs the binary package builds in Theo's basement. He talks about why it came about, the security measures built in, and the minimalistic and works-out-of-the-box configuration, among other things.

The hosts also talk about their experiences at the recent BSDCan, and, ss usual, they have the roundup of the news, big and small, in the world of all things BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

12 June 2015

Puffy

Undeadly :: Call for Testing: audio(4)

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Alexandre Ratchov (ratchov@) posted a call for testing of a new audio(4) driver:

This is a replacement for the audio(4) driver. It implements a
minimal and complete subset of the audio abi. The main goal is to
simplify the semantics and the code itself. Less code, less bugs,
hopefuly easier development.

To test this diff, simply run your regular audio stuff and let us
know if you notice any difference. I'd suggest to keep a copy of
the old kernel in order to be able to compare easily.

In case you notice a regression, you could build the kernel with
the AUDIO_DEBUG option, reboot, trigger the bug and send the
resulting dmesg and any related information.

thanks!

-- Alexandre

As always, testing is essential to maintaining the quality of OpenBSD!

11 June 2015

Puffy

Undeadly :: LibreSSL 2.1.7 and 2.2.0 Released

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Brent Cook (bcook@) has announced the latest LibreSSL releases, which contain fixes for several CVEs:

We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.

We have also released LibreSSL 2.1.7, which contains additional security
fixes.

Of special note is the upcoming removal of SSLv3:

Note: This will likely be the last 2.2.x release with support for SSLv3,
as it will be removed entirely from the main LibreSSL tree.

03 June 2015

Puffy

Undeadly :: Microsoft Announces Support for SSH

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Windows admins rejoice! Microsoft's PowerShell Team announced future support for SSH, specifically OpenSSH:

[T]he PowerShell team realized the best option will be for our team to adopt an industry proven solution while providing tight integration with Windows; a solution that Microsoft will deliver in Windows while working closely with subject matter experts across the planet to build it. Based on these goals, I’m pleased to announce that the PowerShell team will support and contribute to the OpenSSH community - Very excited to work with the OpenSSH community to deliver the PowerShell and Windows SSH solution!

A follow up question the reader might have is When and How will the SSH support be available? The team is in the early planning phase, and there’re not exact days yet. However the PowerShell team will provide details in the near future on availability dates.

Emphasis in the original. Wider adoption of secure technologies can only benefit the community. Hopefully that future is actually near, both for deployment and 'support and contribution'.

31 May 2015

Puffy

Maxime DERCHE :: "The Book of PF", version française

PF_Eyrolles_couverture.jpg

Ça y est, ma traduction de l'excellent The Book of PF de Peter N.M. Hansteen (blog) vient d'être publiée, chez Eyrolles, sous le titre Le Livre de Packet Filter (collection Cahiers de l'Admin) !

Ce livre, basé sur le célèbre didacticiel que l'auteur avait rédigé comme support de conférence, est l'un des très rares ouvrages (le seul en français) à couvrir ce filtre de paquets développé par Daniel Hartmeier pour OpenBSD, puis repris et intégré par FreeBSD et NetBSD. Il intéressera les professionnels (administrateurs système et/ou réseau, etc.) désireux d'apprendre à se servir de ce petit bijou qu'est PF, ou de se perfectionner dans sa maîtrise, ainsi que les amateurs de bidouille réseau qui y trouveront largement de quoi s'amuser quelques temps.

Comme son titre l'indique, ce livre ambitionne de servir de support à l'apprentissage et à la maitrise de tous les aspects de Packet Filter.

Une fois les présentations terminées (qu'est-ce que PF, pourquoi c'est pas disponible dans le monde GNU/Linux, etc.), on enchaîne sur un premier chapitre qui sert d'introduction, présentant les grandes lignes de l'histoire du développement de PF et expliquant les bases de la terminologie employée (NAT, IPv4/IPv6, différences entre filtre réseau et pare-feu, etc.).

On en arrive alors, au deuxième chapitre, à la configuration basique de PF, de son activation à l'écriture d'un tout premier jeu de règle pour une machine seule et autonome ; tout est détaillé pour OpenBSD, FreeBSD et NetBSD. L'auteur touche également deux mots à propos des statistiques que peut nous donner pfctl(8) si on lui demande gentiment.

Les choses sérieuses commencent au troisième chapitre : on commence par la gestion de la NAT, avec une mention spéciale pour la gestion du protocole FTP dans un réseau NATé (ftp-sesame, pftpx et bien entendu ftp-proxy), on continue par le debugging réseau (protocole ICMP pour le ping, traceroute, et la MTU path discovery), et on termine par l'explication de pourquoi les tables c'est bien. Notez qu'à chaque fois, les détails sont donnés pour les implémentations de PF d'OpenBSD, de FreeBSD et de NetBSD.

Le chapitre 4 est tout entier consacré aux réseaux sans-fil (Wi-Fi) : généralités d'usage, configuration d'une interface Wi-Fi côté client et côté routeur (avec le morceau de script /etc/pf.conf qui va bien), et on termine bien entendu par la spécialité locale : la création d'une passerelle authentifiante grâce à authpf.

Au cinquième chapitre, l'auteur termine son tour des fonctionnalités basiques de PF, que tout administrateur ou passionné se doit de maitriser pour utiliser PF dans une vraie configuration : mise en place d'une DMZ (avec ou sans NAT), filtrage de service (accessibilité depuis l'extérieur et/ou depuis le LAN), répartition de charge avec hoststated, utilisation des tags (étiquettes) pour clarifier le jeu de règles de filtrage. L'auteur ajoute à cela la mise en place d'un pare-feu ponté (décrite pour OpenBSD, FreeBSD et NetBSD), et une petite astuce pour gérer le fait que les adresses IPv4 non routables ne devraient jamais ni envoyer ni recevoir de trafic par Internet.

Au chapitre 6 (mon préféré), l'auteur traite ce qui est peut-être LE sujet par excellence quand on touche à OpenBSD : la défense pro-active. C'est ainsi qu'il (re-)donne l'astuce qui a fait la célébrité de son didacticiel en ligne : la gestion des attaques par force brute grâce à une liste noire et à quelques options (max-src-conn, max-src-conn-rate, overload, et flush global). Ensuite, l'auteur explique en détail la mise en place d'une stratégie antispam grâce à spamd ; au menu : liste noire, liste grise (greylisting), greytrapping, et utilisation des outils associés que sont spamdb et spamlogd. Que l'on me permette d'insister : ce chapitre constitue la seule vraie documentation sur spamd existant en français à l'heure actuelle, alors ne boudons pas notre plaisir...

Quant au septième chapitre, il conviendra aux plus barbus : ALTQ est détaillé sur une vingtaine de pages, et le couple CARP/pfsync sur une dizaine. Au vu du faible nombre de documentations existant en français sur ces sujets, les connaisseurs apprécieront...

Enfin, le chapitre 8 est consacré à la journalisation et aux statistiques (pflog, syslog, labels pour les règles, pftop, pfstat, pfflowd), et le neuvième et dernier chapitre donne une référence aux options utiles mais non couvertes dans le reste du livre, notamment la normalisation de trafic (scrub).

Vous trouverez en outre deux annexes, qui donnent respectivement des références documentaires et des remarques de l'auteur concernant la prise en charge du matériel.

A noter que l'intégralité du livre a été mis à jour pour être en concordance avec les dernières modifications survenues dans PF entre la sortie de la dernière version en date (OpenBSD 4.5) et celle qui sortira le 1er novembre prochain (OpenBSD 4.6), je pense notamment à scrub. Vous savez sur qui taper en cas de problème. ;-)

Vous l'aurez compris, cet ouvrage est une mine d'or pour qui cherche à apprendre à se servir de Packet Filter, que ce soit dans un cadre professionnel ou amateur.

Et si vous voulez voir un peu ce que cela donne concrètement, sachez que, suite à mon travail de traduction, j'ai décidé de réécrire totalement le script de configuration pf (/etc/pf.conf) que j'utilise pour mon réseau personnel, et j'y ai inclus un grand nombre d'astuces que l'on trouve dans le livre.

J'aimerais terminer en remerciant les éditions Eyrolles pour m'avoir fait confiance sur ce projet que j'ai mis plus d'un an à voir aboutir, Rodrigo Osorio pour avoir bien gentiment accepté de traduire le texte Explaining BSD de Greg Lehey afin que je ne sois pas obligé de faire pointer mes lecteurs vers un texte anglais :), et le canal IRC #OpenBSD.fr pour m'avoir bien aidé quand j'en avais besoin.

Et, enfin, juste pour vous mettre l'eau à la bouche, voici la traduction du fameux haïku PF que Jason Dixon a publié sur la liste de diffusion de PF, le 20 mai 2004, et qui conclut l'Avant-propos du livre :

Comparé à iptables, PF est comme ce haïku :

A breath of fresh air,                   Un souffle d'air frais,
floating on white rose petals,   Flottant sur de blancs pétales,
eating strawberries.                    En mangeant des fraises.

Et voilà que je m’emporte :

Hartmeier codes now,                       Hartmeier développe,
Henning knows not why it fails,          Henning ne comprend pas
fails only for n00b.             Pourquoi les nuls n’y arrivent pas.

Tables load my lists,                Des tables chargent mes listes,
tarpit for the asshole spammer,      Punition pour les spammers.
death to his mail store.                  Mort à leur commerce !

CARP due to Cisco,                          CARP vient de Cisco,
redundant blessed packets,             Paquets redondants bénis,
licensed free for me.                        Sous licence libre.

Par Maxime DERCHE

19 May 2015

Puffy

Undeadly :: Heads Up: spamd(8) PF Rule Change

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

With a recent commit, Reyk Flöter (reyk@) flipped the switch on spamd(8)'s pf interfacement:

hange spamd to use divert-to instead of rdr-to.

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.

Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.

Those of you running spamd setups looking to upgrade need to double-check your pf configurations to make sure they still work the way you expect.

15 May 2015

Puffy

Undeadly :: OpenBSD 5.7 CD 2 Incorrectly Pressed

td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

OpenBSD project leader Theo de Raadt (deraadt@) outlined some issues with the CD plant, which led to an incorrectly-finished CD 2, some of which were, unfortunately, shipped prior to the issue being found.

Sadly, CD2 of the OpenBSD 5.7 shipped in a broken fashion due to errors at the manufacturing plant. Two mistakes were made.

In the rush after the first error, this error was not caught in time. Many people have received (or will soon receive) their package with this broken disc. Orders which have not yet shipped are being held back... because...

A repaired disc is on the way from the plant.

This will be shipped out to everyone, and will be inserted into the orders not yet shipped.

Undeadly :: BSDNow Episode 089: Exclusive Disjunction

On this week's episode of BSDNow, the hosts interview Mike Larkin (mlarkin@) about how he got started in OpenBSD, his recent

and upcoming work on W^X, and how that fits into the OpenBSD exploit mitigation ecosystem.

As always, they also have all the news and reviews in the world of all things BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube ]

08 May 2015

Puffy

Undeadly :: OpenBSD 5.7 Shipping, First Pre-orders Arriving

After a delay due to unfortunate production problems (the first such delay in 20 years), the OpenBSD Store announced that all pre-orders had been shipped.

And it seemed like only moments later that Raf Czlonka was the first to report on the misc@ mailing list that his pre-ordered OpenBSD 5.7 CD set had arrived.

Even if you hadn't preordered, you still have a chance to order your CD set and other swag by visting the OpenBSD Store. If you want to support the project financially in other ways, the Donations page is, as always, a good place to start.