OpenBSD Journal

OpenBSD Journal

CPU microcode update code for amd64

Contributed by Paul 'WEiRD' de Weerd on from the not-very-firm-ware dept.

Patrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called "microinstructions". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.

Read more…

Handling of CPU bugs disclosure 'incredibly bad': OpenBSD's de Raadt

Contributed by rueda on from the we-are-not-amused dept.

ITWire has published an article regarding Theo de Raadt's (deraadt@) reaction to the Meltdown/Spectre disclosures.

One choice quote reads:

Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies – so it is hard to believe they ignored the risky aspects.

OpenBSD-current now has 'smtpctl spf walk'

Contributed by Peter N. M. Hansteen on from the check-my-senders dept.

If you run a mail service, you probably like to have greylisting in place, via spamd(8) or similar means. However, there are some sites that simply do not play well with greylisting, and for those it's useful to extract SPF information to identify their valid outgoing SMTP hosts.

Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.

This feature is still in need of testing, so please grab a snapshot and test!

Response to the "Meltdown" Vulnerability

Contributed by rueda on from the moronoculture dept.

A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:

So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack.  While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be

Read it and weep…

BSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer

Contributed by rueda on from the Oxford comma dept.

In a message to misc@, Tom Smyth wrote (in part):

While  attending BSDCAN2017 in Ottawa I met many OpenBSD Developers,
and I was fortunate to grab a few moments and video an interview
with Peter Hessler, Henning Brauer and Reyk Floeter and talk to
them about OpenBSD generally,
I really appreciate the guys generosity in their time on the
I have posted the video here

Nice work, Tom!

arm64 platform now officially supported [and has syspatch(8)]

Contributed by rueda on from the not so armless dept.

arm64 is now an officially supported platform for OpenBSD. As some readers will have noticed, there's now syspatch(8) support, too.

Theo de Raadt (deraadt@) committed the following change:

CVSROOT:        /cvs
Module name:    www
Changes by:  2017/12/07 12:00:12

Modified files:
	.              : plat.html 

Log message:
graduate arm64 to supported; having syspatch it is even beyond some other systems

Reflections on Hackathons

Contributed by Bob Beck on from the hacks from the wild dept.

Bob Beck (beck@) writes:

So, I am sitting in my kitchen with a car packed full of food, packing up my last things and getting ready to drive south for a Hackathon. This one is a little different, since it is in a wilderness hut I have to hike/ski into.. If the hike doesn't kill me, living for 5 days inside a structure heated by wood where Germans are present to stoke the fire might. So here's a bit of a ramble about hackathons.

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.2

0042018-01-14 RELIABILITY An incorrect TLS extensions block is generated when no extensions are present, which can result in handshake failures.
0032017-12-10 RELIABILITY A number of bugs were discovered in the MPLS stack that can be used to remotely trigger kernel crashes.
0022017-12-01 SECURITY The fktrace(2) system call had insufficient security checks.
0012017-10-13 RELIABILITY A local user could trigger a kernel panic by using an invalid TCB value.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]