Feed openbsd-journal OpenBSD Journal

OpenBSD Journal

Link http://undeadly.org/
Feed http://undeadly.org/cgi?action=rss
Updated 2021-09-16 19:00
By default, scp(1) now uses SFTP protocol
Thanks to acommitby Damien Miller (djm@),scp(1) (in -current)now defaults to using theSFTP protocol:
Unlocking UVM faults yields significant performance boost
In a recentmessageto tech@ Martin Pieuchot (mpi@) wrote aboutanalysis of kernel lock contention.We reproduce the message(s) here, reformatted with his permission.
traceroute(8) gets speed boost
Florian Obser (florian@)has committeda significant speed boost fortraceroute(8):
xterm gets unveiled
With the followingcommit,Matthieu Herrb (matthieu@)gavexterm(1)someunveil(2)goodness:
iked(8) gains client-side support for DNS configuration
With the followingcommit,Tobias Heider (tobhe@)added client-side support for DNS configurationto iked(8):
timeout(1) utility imported
Job Snijders (job@)importedthetimeout(1)utility from NetBSD:
Fair Internet bandwidth management on a network using OpenBSD
OpenBSD Journal co-editor Solène Rapenne (solene@) writes,
Hibernate time reduced
Theo de Raadt (deraadt@)committeda change which significantly reduceshibernatetime on machines with larger amounts of RAM:
RSA/SHA1 signature type disabled by default in OpenSSH
In amessage to tech@Damien Miller (djm@)explained the consequences of his recentcommit:
(open)rsync gains include/exclude support
Claudio Jeker (claudio@) hascommittedsupport for simple include and exclude casesin (open)rsync:
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too)
OpenBSD Journal co-editor Peter Hansteen writes in, saying
-current has moved to 7.0-beta
With the followingcommit,Theo de Raadt (deraadt@) moved -currentto version 7.0-beta:
Introducing dhcpleased(8)
Now enabled by default on OpenBSD -current is dhcpleased(8), a dynamic host configuration protocol daemon written by florian@ (Florian Obser), who spoke with us about his work:I suppose this is either the KAME project's fault, or if we don't want to go that far back, Theo's fault. At g2k16 he floated the idea of a network configuration daemon. It would collect "proposals" for IP addresses, default routes andDNS configuration from various sources (DHCP,IPv6 router advertisements, umb(4), etc.),make some policy decisions, configure the network, and set resolv.conf(5)Read more…
dhcpleased(8) and resolvd(8) enabled in base, replacing dhclient(8)
Florian Obser (florian@) has enableddhcpleased(8)andresolvd(8)[on both of which wereportedearlier]in base.
Progress in support for the riscv64 platform
Since ourprevious report,there has been significant progress on support for riscv64:
Opening a Garage Door Using OpenBSD on a Raspberry Pi
Sven G is back with another tale of using a Raspberry Pi in his garage:
The state of toolchains in OpenBSD
Frederic Cambus (fcambus@) hasbloggedabout the recent history and current state of toolchains on OpenBSD.It provides a good explanation of how and why things got to where they stand.
OpenBSD 6.9 released
The OpenBSD project has releasedOpenBSD 6.9, the project's 50th release. As usual the release page offers highlights, installation and upgrade instructions as well as links to other resources such as the detailed changelog.Notable improvements include, but are not limited to
Initial Support for the riscv64 Architecture
With the followingcommit,Dale Rahn (drahn@)imported initial support for the64-bitRISC-Varchitecture:
My Dog's Garage Runs OpenBSD
We received a contribution from Sven G, about checking the temperature in the garage where his dog sleeps with OpenBSD:
A working D compiler on OpenBSD
Dr. Brian Robert Callahan (bcallah@)blogged about his work in getting D compiler(s) working under OpenBSD.The first paragraph reads:
EuroBSDCon 2021 Call for Papers open
Hoping to be able to make a conference in Vienna in September (and doing it digitally if not), the EuroBSDCon is now accepting submissions for presentations and tutorials.
What security does a default OpenBSD installation offer? (by solene@)
In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation. The first paragraph of the introduction reads,
dhcpleased(8) - DHCP client daemon
With the followingcommit,Florian Obser (florian@) importeddhcpleased(8),DHCP daemon to acquire IPv4 address leasesfrom servers, plusdhcpleasectl(8),a utility to control the daemon:
resolvd(8) - daemon to handle nameserver configuration
With the followingcommit,Florian Obser (florian@) importedresolvd(8),a daemon for handling nameserver configuration:
Introducing veb(4) - a new Virtual Ethernet Bridge
In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver:Read more…
OpenBSD booting multi-user on Apple M1
Mark Kettenis (kettenis@) isteasingOpenBSD booting multi-user on Apple M1 hardware:
Catchup 2021-02-13
Recent noteworthy things commited to -current and not previously reported include:
We are now at 6.9-beta, go for snapshots, test!
You may have missed the event during the weekend, but with this commit, OpenBSD -current turned 6.9-beta.The commit message reads,Read more…
BREAKING pf(4) change: change route-to so it sends packets to IPs instead of interfaces.
Does your pf configuration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.
OpenBSD KDE Status Report
OpenBSD has managed to drop KDE3 and KDE4 in the6.8 -> 6.9 release cycle. Thatmakes me very happy because it was a big piece of workand long discussions.This of course brings questions:Kde Plasma 5 package missing.After half a year of work, I managed to successfullyupdate the Qt5stack to the last LTS version 5.15.2.On the whole, the most work was updatingQtWebengine. What a monster! With my CPU power at home,I can build it 1-2times a day which makes testing a little bit annoyingand time intensive.But today we can be happy about an up-to-date KDE stack in OpenBSD.Currently - at the end of January - our stack is very up-to-date:
ujoy(4) added to -current
With the followingcommit,Thomas Frohwein (thfr@)added a joystick/gamecontroller driver to -current:
Block spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!
IntroductionPf-badhostis a very practical, robust, stable and lightweight security script for network servers.It's compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.Read more…
Preliminary OpenBSD Support Added to OBS Studio
OpenBSD developer Vadim Zhukov (zhukov@)has added preliminary OpenBSD support toOpen Broadcaster Software (OBS) Studio release26.1.0and later. The changes come as part of an ongoing collaboration between the upstreamOBSproject and OpenBSD developers.Preliminary OpenBSD support was added in two commits.Oneintroducedsndio(7) support.This adds a sndio plugin which Zhukov advises will provide more reliable, lower latency audio mixing than the ffmpeg plugin for OpenBSD users.The otherprovides basic support such as help evaluating OpenBSD-specific filesystem paths.A link to the release waspostedon Reddit, with a title claiming full OpenBSD support.Bryan Steele (brynet@) was quick to provide helpful context in acomment:
sysctl parameter kern.video.record added to -current
With the followingcommit,Marcus Glocker (mglocker@)added an enhanced privacy control for video recording:
OpenBSD and you, the 6.8 update
Undeadly.org co-editor Peter Hansteen writes in, saying,
How the OpenBSD -stable packages are built
Solène Rapenne (solene@) has written ablog entryon the software system underlying the building of -stable packages:
OpenBSD 6.8 Released
On its 25 birthday,the OpenBSD project has releasedOpenBSD 6.8,the 49 release.The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:
Cryptographic Signing using ssh-keygen(1) with a FIDO Authenticator
IntroductionHitherto, releases of thefwobacsoftware (which underliesUndeadly)have been unsigned.This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature.As signing is being performed manually, why not employ an additional [hardware] factor?signify(1)does not support the use of FIDO authenticators.However, recent versions ofOpenSSH do support signingusing the [under-appreciated]-Y sign option ofssh-keygen(1),and with the recent addition of FIDO authenticator support to OpenSSH[as reported previously],we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.Read more…
RETGUARD for powerpc and powerpc64 added to -current
Todd Mortimer (mortimer@) hascommittedRETGUARD(seepreviouscoverage)for the macppc (powerpc) and powerpc64 platforms:
Ingo announces pta (Plain Text Accounting)
Ingo (schwarze@) writes in about a side project he's been working on to do his own accounting:
k2k20 hackathon report: Rafael Sadowski on KDE and other packages progress
Fresh off the k2k20 hackathon, Rafael Sadowski (rsadowski@)writes in:
k2k20 hackathon report: Florian Obser on DNS
The fourth report from k2k20 comes from Florian Obser (florian@), who worked mostly on DNS related things:
k2k20 hackathon report: Klemens Nanni on network land decluttering
Our next k2k20 report comes from Klemens Nanni (kn@):
k2k20 hackathon report: Bob Beck on LibreSSL progress
Fresh off the just-finished k2k20 hackathon, here is a report from Bob Beck(beck@):
k2k20 hackathon report: Martijn van Duren on snmp, agentx, and other progress
Thek2k20 hackathonconcluded recently, and we are please to havereceived a report from Martijn van Duren (martijn@):
login_ldap added to -current
Withthis commit,Martijn van Duren (martijn@)addedlogin_ldap(8)to -current:
6.8-beta tagged in CVS
Theo (deraadt@) has just committed the crank to 6.8-beta to CVS
Frederic Cambus on text console improvements
Frederic Cambus (fcambus@) has published an article on his blog about the work that has been done to improve the text-console experience on OpenBSD. Well worth a read if, as a proper UNIX-sysadmin, you enjoy working in a text-only environment; but also if you spend most of your time in X!
LibreSSL documentation status update
More than six years ago,LibreSSL was forked fromOpenSSL, and almost two years ago,i explained the status of LibreSSL documentation duringEuroBSDCon2018 in Bucuresti.So it seems providing an update might be in order.Read more…