OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
n2k14 Hackathon Report: krw@ on dhcp and disk labels
Contributed by tbert on Tue Feb 4 08:05:11 2014 (GMT)
from the recording-your-next-album-on-a-new-label dept.

Kenneth Westerback writes in with his report from the n2k14 hackathon:

I came to n2k14 with two goals. The first was to fix a problem with writing disklabels on MBR partitioned disk drives with non-512-byte sectors. The second was to finish some dhclient work I started at t2k13 and some other long-standing nits in dhclient.

[ 0 comments ] (flat) (expanded)

Call for Testing: acpiasus(4)
Contributed by tbert on Wed Jan 29 13:44:08 2014 (GMT)
from the have-you-tried-turning-it-off-and-on-again dept.

Paul Irofti (pirofti@) posted to tech@ a call for owners of ASUS laptops to test a diff that may fix attach behaviours:

It seems to me that the activate function was registered as a detach
function. This diff puts the activate function in the proper cfattach

Index: dev/acpi/acpiasus.c
RCS file: /cvs/src/sys/dev/acpi/acpiasus.c,v
retrieving revision 1.15
diff -u -p -r1.15 acpiasus.c
--- dev/acpi/acpiasus.c	6 Dec 2013 21:03:02 -0000	1.15
+++ dev/acpi/acpiasus.c	29 Jan 2014 12:57:26 -0000
@@ -88,7 +88,7 @@ extern int wskbd_set_mixervolume(long, l
 struct cfattach acpiasus_ca = {
 	sizeof(struct acpiasus_softc), acpiasus_match, acpiasus_attach,
-	acpiasus_activate
+	NULL, acpiasus_activate
 struct cfdriver acpiasus_cd = {

As he says in his follow-up email, "People with asus, please test and report back on both success and failure."

[ 1 comment 1295d22:13 ago ] (flat) (expanded)

n2k14 hackathon report: deraadt@ on random seeds, signing and hibernation
Contributed by jj on Sun Jan 26 13:51:57 2014 (GMT)
from the hack that kiwi, signed dept.

Our second n2k14 hackathon report comes from Theo de Raadt (deraadt@), who writes,

I came to this hackathon with a few targets. I really wanted a break from the recent funding issues. It was time to dig into code.

[ 0 comments ] (flat) (expanded)

n2k14 Hackathon Report: guenther@ on threading, time_t cleanup and more
Contributed by pitrh on Fri Jan 24 14:20:12 2014 (GMT)
from the ever hack a kiwi? dept.

Philip Guenther (guenther@) was the first to write in with a report from the n2k14 hackathon in Dunedin, New Zealand:

I had come to Dunedin with a possible fix for an annoying threading bug in the kernel ptracing code. It's a bit complicated in the locking of the single-threading logic, and I wanted to see what kettenis@ thought about it. I noted a second problem (tsleep being called recursively) which was "easy to fix", so I started on that and discovered that it was, of course, much more complicated then I expected. Trying to work out how to fix *that* led to the subtle tangle which is exit1(). So I worked on simplifying the exit logic so that exiting threads in multi-threaded processes completely skip the zombie and wait logic. Most of that went in early; as I write this there's one last change to remove the "alternate exit signal" support for Linux compat, as it's unused by modern programs.

[ 3 comments 1301d13:22 ago ] (flat) (expanded)

Signed Installs, Upgrades, and Packages
Contributed by tbert on Tue Jan 21 11:43:30 2014 (GMT)
from the puffy's-signature-is-$10-a-pop dept.

Marc Espie (espie@) lets the cat out of the bag:

It's probably time to talk about it.

Yes, we are now distributing signed packages.  A lot of people have probably
noticed because there was a key mismatch on at least one batch of signed

Obviously, we haven't finished testing yet.

Don't read too much into that.  "Signed packages" just mean you can use
an insecure medium, such as ftp, to download packages: if the key matches,
it means the package hasn't been tampered with since it was signed.

The cryptographic framework used to sign packages is called signify(1),
mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo
and I.

The signing framework in pkg_add/pkg_create is much older than that, if
was written for x509 a few years ago, but signify(1) will probably be more
robust and ways simpler.  In particular, there's no "chain-of-trust", so
you keep complete control on the sources YOU trust.

Signatures should be transparent in use: the package is opened, the 
packing-list signature is checked, and then files are checksummed while
extracted against the packing-list embedded checksums (there are provisions
to ensure any dangerous meta-data is also encoded in the packing-list as
@mode/@user/@group annotations.

So, barring problems, you shouldn't even notice signatures.

And Theo de Raadt (deraadt@) talks about signed base sets for installations and upgrades:

[ 15 comments 192d12:58 ago ] (flat) (expanded)

ruBSD: interviews with Theo and Henning
Contributed by tbert on Wed Jan 15 05:48:28 2014 (GMT)
from the from-russia-with-love dept.

Last December Russian tech giant Yandex organised first ruBSD event in Moscow. OpenBSD developers Theo de Raadt, Henning Brauer and Mike Belopuhov gave three talks on different topics. There were interviews with Theo and Henning recorded as well. Theo spoke about current adoption of mitigation techniques in other OSes and state of OpenBSD project. Henning gave a history overview of PF.

All talks and interviews available online and for download.

Theo de Raadt: Exploit Mitigation Techniques: an Update After 10 Years (slides, video and interview)
Henning Brauer: OpenBSD's pf: Design, Implementation and Future (slides, video and interview)
Mike Belopuhov: OpenBSD: Where is crypto headed? (slides and video)

[ 1 comment 192d11:23 ago ] (flat) (expanded)

Urgent Request for Funding OpenBSD HQ's Electricity
Contributed by pitrh on Mon Jan 13 07:57:49 2014 (GMT)
from the do pufferfish dream of electric eels dept.

OpenBSD supports a wide range of hardware architectures, and for practical and logistical reasons there are few places in the world that have them all in one place except OpenBSD headquarters, see eg this picture, which shows a subset of the machines involved in building OpenBSD releases.

But keeping all this hardware running involves a considerable electricity bill, and Theo de Raadt (deraadt@) is asking for help, preferably in the form of a company willing to specifically sponsor the project's electricity bill.

See the message to openbsd-misc titled Request for Funding our Electricity for details, and if you are in a position to move on this, please do whatever it takes.

[ 263 comments 179d2:13 ago ] (flat) (expanded)

OpenBSD-current is now 5.5-beta
Contributed by pitrh on Mon Jan 13 05:50:53 2014 (GMT)
from the the-high-five-five dept.

Yes, folks, it's that time of the year again. With this commit, Theo de Raadt (deraadt@) cranked the version strings and turned 5.4-current into 5.5-beta.

Subject:    CVS: src
From:       Theo de Raadt 
Date:       2014-01-12 11:26:10

Module name:	src
Changes by:	2014/01/12 04:26:09

Modified files:
	sys/conf       : 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	etc/root       : root.mail 
	sys/sys        : param.h 
	share/mk       : 

Log message:
crank to 5.5beta

You know the drill, folks: Time to head over to the changelog page and see what the upcoming goodies are (newqueue and automated install comes to mind), then install and test! New snapshots with a 5.5-beta version tag should be appearing on your favorite mirror shortly (and has been spotted at the .eu mirror).

[ 0 comments ] (flat) (expanded)

Call For Testing Of OpenBSD Automatic Installation
Contributed by tbert on Tue Jan 14 10:03:51 2014 (GMT)
from the unattended-consequences dept.

As we mentioned previously the OpenBSD developers have been working on adding support for unattended, automatic installation and configuration of the operating system. The new support is still a work in progress and the developers need help from the community to test the new features and report their findings.

If you'd like to help out with the testing, you'll need to be following -current by running snapshots. Information on PXE booting can be found at the "FAQ 6.10 - How do I boot using PXE?" entry as well as the pxeboot(8/i386) and pxeboot(8/amd64) manuals. For instructions, read the "Preparing an unattended installation of OpenBSD" section of the "INSTALL.${arch}" file (e.g. "INSTALL.amd64") found in the same directory as the installation sets. Even if everything works perfectly for you, it's still helpful to report your test results on the tech@ OpenBSD mail lists.

Check below the fold for what a successful install looks like.

[ 6 comments 192d13:30 ago ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Thursday, January 02
06:57 mdocml-1.12.3 Released (0)
Wednesday, January 01
06:25 Heads Up: atexit(3) Moved (0)
Monday, December 30
16:57 Boot-Time Randomness (0)
Sunday, December 29
12:53 Heads Up: i386 moves to PIE (0)
Tuesday, December 24
14:43 BSDNow Episode 016: Cryptocrystalline (0)
13:03 strlcpy(3) Use in 3rd Party Software (1)
15:33 OpenSMTP Update(s) (1)
Monday, December 23
08:03 OpenBSD ruBSD Talks Online (5)
Wednesday, December 18
05:11 USENIX LISA 2013 Managing Access Using SSH Keys [video] (0)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata

OpenBSD Resources

Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]