OpenBSD Journal

The flak reports by Ted Unangst (tedu@) continue withpart 627.Update: Part 628Update: Part 629

Hrvoje Popovski directed our attention to a new blog post from mpi@ discussing one improvements in the performance of the networking stack.

The next t2k17 hackathon report comes from first time hackathon participant Aaron Bieber, who writes:

Next up in our series of t2k17 hackathon reports is this one from Philip Guenther:

Our next hackathon report comes from Andrew Hewus Fresh, who writes:

The next t2k17 report comes from Martin Pieuchot (mpi@) who writes

The t2k17 hackathon reports keep trickling in. Here's the one from Ian Sutton, who writes:

I slacked so much that even portroachstopped mailing the outdated ports I maintained as it noticed how pointless itwas :-)Read more...

I slacked so much that even portroachstopped mailing the outdated ports I maintained as it noticed how pointless itwas :-)Read more…

It almost went unnoticed due to the 6.2-beta announcement, but Antoine Jacoutot (ajacoutot@) just commited a very useful update to syspatch. In this commit, the groundwork is done for having syspatch update only the kernel object files that have changed. Due to KARL, the scheme to relink the kernel for each reboot, it makes sense to save space and bandwidth that way.The commit message reads:Read more…

It almost went unnoticed due to the 6.2-beta announcement, but Antoine Jacoutot (ajacoutot@) just commited a very useful update to syspatch. In this commit, the groundwork is done for having syspatch update only the kernel object files that have changed. Due to KARL, the scheme to relink the kernel for each reboot, it makes sense to save space and bandwidth that way.The commit message reads:Read more...

Theo has just committed the diff that marks the end of the development cycle and the beginning of the testing phase for the upcoming 6.2 release:

Theo has just committed the diff that marks the end of the development cycle and the beginning of the testing phase for the upcoming 6.2 release:

The second report from the just completed t2k17 hackathoncomes from Ted Unangst (tedu@), who writes:

In a message to the tech mailling list, Theo de Raadt(deraadt@) offered a preview of the next big thing in exploit mitigation, dubbed RETGUARD:

In a message to the tech mailling list, Theo de Raadt(deraadt@) offered a preview of the next big thing in exploit mitigation, dubbed RETGUARD:

As there have been no reports of functional bugs since the last beta, and the primary goal of the work was achieved long ago, the (main) Undeadly server is to be upgraded.The upgrade, which is expected to involve downtime of no more than one hour, is scheduled for next Tuesday, 2017-08-22 07:00 UTC.Changes since the last public beta include:

As there have been no reports of functional bugs since the last beta, and the primary goal of the work was achieved long ago, the (main) Undeadly server is to be upgraded.The upgrade, which is expected to involve downtime of no more than one hour, is scheduled for next Tuesday, 2017-08-22 07:00 UTC.Changes since the last public beta include:

The second report from the just completed t2k17 hackathoncomes from Ted Unangst (tedu@), who writes:

News from the OpenBSD Foundation: The Foundation has this year's first Iridium donor.The official statement from the foundation, via director Ken Westerback reads,

News from the OpenBSD Foundation: The Foundation has this year's first Iridium donor.The official statement from the foundation, via director Ken Westerback reads,

The first report from the just completed t2k17 hackathon comes from Bob Beck, who writes:

The first report from the just completed t2k17 hackathon comes from Bob Beck, who writes:

https://beta.undeadly.org/ has received an update. The most significant changes include:

In response to the DEF CON presentation by Ilja van Sprundel,a large set of kernel patches have been released (for OpenBSD 6.0 and 6.1).These important patches should be applied ASAP!From the announce@ mailing list:

Ingo Schwarze (schwarze@) writes in saying:

With this commit, the default compiler for (-current base system on the) amd64 and i386 platforms has been changed to clang(1):

The flak reports by Ted Unangst (tedu@) continue with part 624.Update - part 625

As we see from the commit message, new developer Pratik Vyas (pd@) adds the ability to do paused VM migrations for VMM.Mike Larkin also writes on Twitter:

Over at his blog, Undeadly co-editor Peter Hansteen describes the experience of installing OpenBSD-current on a new laptop.The article, OpenBSD and the modern laptop, goes into some detail on the install procedure, and hits only minor snags even when using modern and recent additions such as UEFI boot.The conclusion is that OpenBSD is well suited for laptop and desktop use, and things tend to just work.On the other hand, we strongly suggest Peter posted the article before the contents of his home directory had actually been completely transferred. He's such a packrat.

As you may have heard (and as was mentioned in an earlier article), on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets. Theo de Raadt summarized the status in a message to the tech@ mailing list, subject kernel relinking as follows:

TL;DR - A modernised version of Undeadly is available for testing at <https://beta.undeadly.org/>.Broken features of the current site have been fixed, removed, or replaced.The new software supports - and, where appropriate, requires - HTTPS. Testing, contributions, and constructive feedback would be appreciated.An effort to modernise the Undeadly software was initiated in response to the article Undeadly and HTTPS.This has resulted in substantially reworked software which is now available for public testing.Note that this is not the completely new system which is (arguably) needed.Read more...

Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:

The OpenBSD presence at the just concluded BSDCan was quite strong, and here is the first trip report, from Phillipp Buehler:

Our next report from the d2k17 hackathon comes from Martin Pieuchot, who writes:

Alexander Bluhm (bluhm@) wrote in with a hackathon report:

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.Todd's message to tech says,

In amessage to the tech@ mailing list,Theo de Raadt (deraadt@) has announced a new randomization feature forkernel protection:

OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at https://blog.tintagel.pl/2017/06/09/openbsd-daily.html.

A new Microsoft Azure blog entry, Running OpenBSD on Azure, describes OpenBSD support:

Florian Obser (florian@) kindly supplied a report on his d2k17 activities:

Our next d2k17 report comes from Antoine Jacoutot (ajacoutot@), who writes:

Our second d2k17 report is from Ken Westerback (krw@), who writes:

The first report from the recently completed d2k17 hackathon comes from Stefan Sperling, who writes:

The flak reports by Ted Unangst (tedu@) continue with parts 620, 621, and 622.As always, there are plenty of interesting developments.Update: part 623

Relayd and Httpd Mastery, the latest book in the "Mastery" series by Michael W Lucas, is now available.From the author's page for the book:

Kenneth R Westerback of The OpenBSD Foundation (aka krw@, when wearing his dev hat) writes:

OpenBSD 6.1 was announced as the first release with no CD available for purchase.Now it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017.Bob Beck (beck@) writes in to tell us

Errata for OpenBSD 6.1 and 6.0 have been announced. The message to announce@openbsd.org [from T.J. Townsend (tj@)] reads:

In a series of commits starting here and ending with this one, Damien Miller completed the removal of all support for the now-historic SSHv1 protocol from OpenSSH. The final commit message, for the commit that removes the SSHv1 related regression tests, reads: