OpenBSD Journal

Theo (deraadt@) has just committed the crank to 6.8-beta to CVS

Frederic Cambus (fcambus@) has published an article on his blog about the work that has been done to improve the text-console experience on OpenBSD. Well worth a read if, as a proper UNIX-sysadmin, you enjoy working in a text-only environment; but also if you spend most of your time in X!

More than six years ago,LibreSSL was forked fromOpenSSL, and almost two years ago,i explained the status of LibreSSL documentation duringEuroBSDCon2018 in Bucuresti.So it seems providing an update might be in order.Read more…

Withthis commitand several more, Patrick Wildt (patrick@)upgraded -current to version 10.0.0 of LLVM:

In this commit, Paul Irofti (pirofti@) added support for reading timecounters in userland without making a syscall.Read more…

Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.So, if you have a POWER9 system idling around, go to your nearestmirrorand fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.Read more…

In the followingcommit(and a bunch of others), David Gwynne (dlg@) imported most of the code submitted recently by Jason A. Donenfeld and Matt Dunwoodie to allow you to use WireGuard natively on OpenBSD:Read more…

Wesley Mouedine Assaby who runs the OpenBSD Jumpstart webpage with hints and tips for beginners about OpenBSD in general has produced a visualization of how PCs boot into OpenBSD.Read more…

I presented a talk on how I used OpenBGPd as a control plane for my ISP. I cover areas such as Routing fundamentals, a lightning introduction to BGP. An interesting aspect of the design is how the OpenBSD / OpenBGPdis used to control the routing information in my ISP yet theforwarding of packets is offloaded to hardware Layer 3 switches. I also outline my favourite new feature of OpenBGPd max prefix outwhich I'm sure will save my blushes if/when I fat finger my Prefix filters(although if my hair cut is anything to go by it is clear I have no shame anyway!).You can check out the talk here!Tom would welcome comments and feedback on the talk.I hope the talk will help others in deploying OpenBGPd and OpenBSD in their networks.I would also suggest that those interested in learning more about OpenBGPdcheck out Peter Hessler's Tutorial on OpenBGPd which served as anessential aid in getting comfortable in configuring BGP on OpenBSD / OpenBGPd.Peter usually runs the Tutorial in advance of BSD Conferences.I would like to give a big shout out to the people who write thecode in OpenBSD and OpenBGPd, and that your effort makes my life runningmy network and ISP easier.A huge word of thanks is due to Dan Langielle and theBSDCAN2020 Volunteers who organised the virtualBSDCAN 2020 conference this yearin quite difficult circumstances.

Jonathan Gray (jsg@) has just committed an update to theDRM code to the tree.This update brings support for newer AMD and Intel graphics parts.

Otto Moerbeek (otto@)posted to misc@a useful summary of the state of play of FFS2in the 6.7 release (and, to some extent, -current).In his mail, Otto clarifies some things about the latest release:

In a commit touching quite a few files, Theo recently renamed the installation images from installXX.fs to installXX.img:

The OpenBSD project has released OpenBSD 6.7, marking the 48th release of our favorite operating system. The announcement message and the release page both have detailed information.These are some highlights of the improvements in the present release:

In a set of commits to the tree on Saturday, Mark Kettenis (kettenis@) added the early beginnings of support for the 64-bit PowerPC platform:

After our article on TLS 1.3 server support in LibreSSL, we have decided to upgrade the machine running the undeadly website to newer LibreSSL.Since earlier today the site supports TLS 1.3. Undeadly still gets an A+ on Qualys' SSL Labs.

In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests. He made a few enhancements for Undeadly:Read more…

In a post to tech@,Matt Dunwoodieannouncedthe availability of aWireGuard[VPN]patchset for OpenBSD:

With the followingcommit,Joel Sing (jsing@) enabled theTLSv1.3 server code (inLibreSSL) in -current:

While many of us have been busy social distancing, OpenBSD development workhas continued.Noteworthy things not previously reported here include:

Developer Otto Moerbeek (otto@) hasbeenworkingonsupporttobootfromFFS2. He writes in with the below article, to give us a little insight into the challenges he faced while working on this.

I had the pleasure ofsitting with Bob Beckat EuroBSDCon2018 in Bucharest and asking him some questions about theOpenBSD Project, its approaches and some of his favouriteaspects of the Operating System and its projects. Bobpatiently outlines the hows and whys of his involvementin the BSD project.Tom and Bob conduct a post-mortem on a training course onLibTLS Bob Delivered (excellently) in EuroBSDCon & BSDCAN.Bob discusses what online services he used in class fortraining students on LibTLS and why it can be a veryeffective teaching aid.Bob modestly plays down his ability to churn out LibTLS Developers.Bob also gives guidance on the approaches to contributing to the project.Bob reveals the code he least likes working on and why.Bob lets us know what he really thinks about documentation and its value to the community.Bob outlines an example of applying lessons learned from one bug to inform audits looking for similar bugs elsewhere in the OS and the software ecosystem that it supports.I enjoyed making the interview with Bob who answered thequestions with a remarkable combination of purpose and humour.Bob thanks again for your time, and putting up with myinterruptions and jokes :)

We have a new p2k19 report from Rafael Sadowski (rsadowski@),who writes:

Ken Westerback (krw@) kindly wrote in with a reportfrom last month'sa2k20hackathon in Hobart, Australia:

Ken Westerback [krw@ when wearing his OpenBSD hat]wrote us with this update about theOpenBSD Foundation's work:

Video recordings fromFOSDEM 2020are now available.The OpenBSD presentations were:

Fresh in from u2k20 is this report from Tracey Emery, who visited the hackathon in Uckermark, Germany after getting invited by Stefan Sperling (stsp@):

The first report from the just concluded u2k20 hackathon comes from Alexandr Nedvedicky (sashan@), who writes:

An update has now been committed to the -stable branch for the latest firefox version, and the package is available for updating!

Tom Smyth writes in about an interview he did with Theo de Raadt in between g2k19, the general hackathon in Ottawa, and BSDCAN 2019:

Next up from the snowy Elk Lakes area with his Hackathon Report is Stefan Sperling (stsp@):

TheInternet Security Research Groupand partnershave announcedthat Claudio Jeker (claudio@) is the thirdRadiant Awardrecipient.From theannouncement:

Alexandr Nedvedicky (sashan@)wrote to tech@regarding a recent significantchange:

Fresh from the just concluded e2k19 hackathon, Claudio Jeker (claudio@) writes in:

Theo de Raadt (deraadt@) hascommittedcode for a new exploit-prevention mechanism:

Florian Obser (florian@) hascommittedcode to giveunwind(8)a flexible approach to resolving strategies:

Next up in our hackathon series from p2k19 is one from Stefan Sperling (stsp@),who writes:

Next up in the series of p2k19 reports is Ken Westerback (krw@), who writes:

Our next p2k19 report comes from Jeremy Evans (jeremy@):

Fresh from the just concluded p2k19 hackathon comes this report from Landry breuil (landry@), who writes:

Fresh from Bucharest is this story from Martin Pieuchot (mpi@) with his experience from p2k19:

Damien Miller (djm@)posted to tech@:

The first p2k19 hackathon report comes from Marc Espie (espie@), who writes:

Theo de Raadt (deraadt@)postedto tech@:

DNSSEC validation has been enabled in the defaultunbound.conf(5)in -current.The relevant commits werefromJob Snijders (job@)

In amessageto the openssh-unix-dev mailing list,Damien Miller (djm@) wrote:

The EuroBSDCon channel at YouTube now has the EuroBSDCon 2019 videos online. One excellent way to start is with Patricia Aas' excellent keynote Embedded Ethics and just go on, but you could also go directly to the OpenBSD related talks:

A new OpenBSD store has been started, for those looking for OpenBSD swag now that the project no longer produces CDs. If you like the artwork that comes with the releases, this is a great way to support it. Quoting the about page:

In amessageto relevant mailing lists,Theo de Raadt (deraadt@) announced that theOpenBSD project's 47 release,OpenBSD 6.6,is now available frommirror sitesworldwide.Rather than reproducing here the full list of new features,we refer readers to the officialOpenBSD 6.6 page,and the detailedchangelog.Notable changes include but are not limited to:

Theo de Raadt (deraadt@)posted to tech@:

In a move bound to be greeted with great enthusiasm, the newly-releasedPatch 012for OpenBSD 6.5 addssysupgrade(8)to the system.Readers are encouraged to show their appreciation bydonating!