OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
p2k16 Hackathon Report: pirofti@ on octeon and TPM
Contributed by tj on Thu May 19 11:27:55 2016 (GMT)
from the resume-hacking dept.

The next hackathon report comes from Paul Irofti, who writes:

This was probably the shortest hackathon I attended. The 4 days flew by and I realised we have to pack and go with nothing to show for.

My usual hackathon work flow is: waste 3-4 days trying to figure how some device works, and then polish the driver(s) for the remaining days while congratulating myself with coffee, GŁnther and beer.

Read more...
[topichardware]
[ 1 comment 4d4:29 ago ] (flat) (expanded)

p2k16 Hackathon Report: jasper@ on gnome, puppet and more
Contributed by tj on Tue May 17 12:37:04 2016 (GMT)
from the elastic-beats dept.

Our next report comes from Jasper Lievisse Adriaanse, who writes:

Hackathons have long since had two themes for me, gnomes and puppets. However this hackathon I actually didn't want to play with puppets for once, yet I ended up importing Puppet 4 after all. More on that later.

Read more...
[topicports]
[ 0 comments ] (flat) (expanded)

SROP mitigation committed
Contributed by tj on Thu May 12 03:28:12 2016 (GMT)
from the his-name-was-sigurd dept.

In a recent email, Theo de Raadt explains the SROP mitigation technique, a recent team effort.

This is the first demonstration of a mitigation against SROP.

Utilizing a trick from kbind(2), the kernel now only accepts signal returns from the PC address of the sigreturn(2) syscall in the signal trampoline. Since the signal trampoline page is randomized placed per process, it is only known by directly returning from a signal handler.

As well, the sigcontext provided to sigreturn(2) now contains a magic cookie constructed from a per-process cookie XOR'd against the address of the signal context. That part is similar to the LWN discussion mentioned above. I came to the same conclusion semi-independently as a result of Antoine's ports builds, which identified all the parts of the application software ecosystem I had to study. Woe is me!

Read more...
[topicsecurity]
[ 2 comments 13d9:24 ago ] (flat) (expanded)

p2k16 Hackathon Report: krw@ on pdisk, softraid and more
Contributed by tj on Wed May 11 16:31:49 2016 (GMT)
from the chasing-squirrels dept.

The next hackathon report comes from Ken Westerback, who writes:

I arrived at CDG, got on my train and arrived in Nantes just before a national train strike started. Whew. Did a pleasant walk paralleling the tram tracks to the appropriate tram stop and consulted the documentation. "Hackroom is nearby." Hmmm. Wandered around for a while without stumbling across it, and finally noticed the large neon sign for the hotel. From which I *did* have directions. Got to the hackroom building and found that the doors had been locked early. A few frantic texts later I got in and the normal hackathon routine took hold.

Read more...
[topicopenbsd]
[ 1 comment 10d20:12 ago ] (flat) (expanded)

p2k16 Hackathon Report: ajacoutot@ on Gnome, rc and rcctl improvements
Contributed by nayden on Sun May 8 14:09:20 2016 (GMT)
from the rc to the controls dept.

Our next p2k16 report comes from Antoine Jacoutot, who writes:

First of all I'd like to give a big thank to gilles@, Epitech Nantes and the OpenBSD Foundation for making this event a real blast. The hackroom accomodation was very nice and so was the location.

Disclaimer: I have a goldfish memory so I am probably forgetting a lot of small things I did during this week, next time I should probably start writing what I'm doing as I go.

Read more...
[topicopenbsd]
[ 2 comments 14d16:41 ago ] (flat) (expanded)

p2k16 Hackathon Report: naddy@ on graphics libs progress (yes, packages!)
Contributed by pitrh on Tue May 3 16:07:45 2016 (GMT)
from the unkinking graphics dept.

Fresh from the p2k16 hackathon comes this report from Christian Weisgerber, who writes:

Coming to p2k16, I had only vague plans what to work on. The last few hackathons I had tackled some projects that didn't quite result into something committable, so this time I decided to keep it basic. The idea was to update some ports and maybe make a dent in the use of the obsolete libiconv and gettext modules.

Read more...
[topicopenbsd]
[ 1 comment 21d4:35 ago ] (flat) (expanded)

p2k16 Hackathon Report: landry@ on mozilla ports
Contributed by tj on Tue May 3 18:49:51 2016 (GMT)
from the mozillian-things-to-do dept.

The next report in our p2k16 series is from Landry Breuil, who writes:

For once we had a hackathon in France, so travel should be simple... turns out, at the last minute the past week i had engaged myself in a motorbike rally race, taking place in Corsica on the weekend right before the hackathon. Driving to south of france on Thursday, night boat to corsica, two days racing, then boat back to the mainland, then driving all night to come back to my place, change backpack, sleep 1h, and hop on the cheap bus from my place to Nantes. Arrived there at 21h, i was of course totally destroyed from the 30h trip and after meeting the others for a heavy meal, i crashed early to bed...

Read more...
[topicports]
[ 6 comments 9d19:34 ago ] (flat) (expanded)

libcrypto errata - May 2016
Contributed by phessler on Tue May 3 15:28:18 2016 (GMT)
from the it-must-be-tuesday dept.

Ted Unangst just sent an announcement of LibreSSL patches

OpenSSL announced several issues today that also affect LibreSSL.

- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Thanks to OpenSSL for providing information and patches.

Refer to https://www.openssl.org/news/secadv/20160503.txt

Patches for OpenBSD are available:

http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig

http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig

[topicsecurity]
[ 10 comments 16d23:01 ago ] (flat) (expanded)

OpenBSD Foundation Announces Gold Sponsor
Contributed by tj on Tue May 3 15:35:05 2016 (GMT)
from the duck-duck-going-to-the-bank dept.

OpenBSD Foundation director Ken Westerback (krw@) writes in with some great news:

The OpenBSD Foundation is happy to announce that DuckDuckGo has become the first Gold level contributor to the 2016 fundraising campaign.

This donation is part DuckDuckGo's annual initiative to help fund free and open source projects based on nominations from their community.

Not only is it great to hear that companies are giving back to the project, but also that OpenBSD was nominated by DDG users. A big thanks to them and their community!

Donations to the OpenBSD Foundation can be made on the donations page, and they can be contacted regarding corporate sponsorship at fundraising@openbsdfoundation.org.

[topicnews]
[ 2 comments 19d10:59 ago ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Monday, May 02
13:42 p2k16 Hackathon Report: tb@ on documentation, ports, wireless (1)
Saturday, April 30
23:06 p2k16 Hackathon Report: espie@ on proot (0)
16:32 proot: dpb meets chroot (0)
Monday, April 25
14:59 anti-ROP mechanism in libc (26)
14:23 The p2k16 hackathon has begun (2)
Monday, April 11
20:11 Undeadly and HTTPS (36)
Friday, April 08
09:20 CfP EuroBSDCon 2016 (7)
Tuesday, March 29
16:29 OpenBSD 5.9 released (early!) (34)
Thursday, March 24
09:36 New routing table code (ART) enabled in -current (1)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata
[xml]

OpenBSD Resources

XML/RSS/RDF
Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]