RETGUARD, the OpenBSD next level in exploit mitigation, is about to debut
Contributed by pitrh on Sun Aug 20 00:56:40 2017 (GMT)
from the guard my RET, you dept.
In a message to the tech mailling list, Theo de Raadt(deraadt@) offered a preview of the next big thing in exploit mitigation, dubbed RETGUARD:
This year I went to BSDCAN in Ottawa. I spent much of it in the
'hallway track', and had an extended conversation with various people
regarding our existing security mitigations and hopes for new ones in
the future. I spoke a lot with Todd Mortimer(mortimer@). Apparently I told him
that I felt return-address protection was impossible, so a few weeks
later he sent a clang diff to address that issue...
Contributed by rueda on Fri Aug 18 23:09:16 2017 (GMT)
from the I-like-your-old-stuff-better-than-your-new-stuff dept.
As there have been no reports of functional bugs since the last beta, and the primary goal of the work was achieved long ago, the (main) Undeadly server is to be upgraded.
The upgrade, which is expected to involve downtime of no more than one hour, is scheduled for next .
Changes since the last public beta include:
A sprinkling of responsive web design has been added (thanks to a kind contribution).
Comments no longer have subjects and the comment header display is more compact.
In comment submission, the automatic quoting of parent comment has been removed.
Anonymous article submission and commenting has been enabled, provisionally.
Those interested in seeing this feature maintained are encouraged to:
Refrain from abusing it.
(Log in and) Use the "Report to Editors" command on inappropriate comments.
(For old, spam-ridden articles, there's no need to report more than one comment.
As old articles will be closed for comments following the upgrade, the Editors intend to delete old comment spam, eventually checking all articles.)
Bikeshedding the appearance will continue on the beta site.
t2k17 Hackathon Report: Ted Unangst OpenBSD with more ptys
Contributed by nayden on Mon Aug 21 02:06:50 2017 (GMT)
from the moar ptys dept.
The second report from the just completed t2k17 hackathon
comes from Ted Unangst (tedu@), who writes:
I did a bit of this and that, but the project that probably has the most
interesting explanation has to do with pseudo terminals. This has a bit of
history behind it that goes back to the early days of unix.
The official statement from the foundation, via director Ken Westerback reads,
The OpenBSD Foundation is excited to announce that it has received the
first 2017 Iridium level donation. For the second consecutive year,
Smartisan (http://www.smartisan.com) has has made a donation of over
CDN$100,000 to support OpenBSD and related projects.
We thank Smartisan for its very generous support! This donation
will no doubt fund many exciting projects in the next few years.
We at Undeadly are very happy to hear this news.
If you're interested in contributing to the Foundation yourself, the 2017 fundraising campaign page is a good place to start.
t2k17 Hackathon Report: Bob Beck on buffer cache tweaks, libressl and pledge progress
Contributed by pitrh on Tue Aug 15 17:18:46 2017 (GMT)
from the cache the pledges dept.
The first report from the just completed t2k17 hackathon comes from Bob Beck, who writes:
Unusually I had basically nothing to do with organizing this year, I
let krw@ do all the dirty work, which was good since life has been a
bit crazy over the last couple months with things keeping me from
The site has been given a less antiquated "look".
(As the topic icons have been eliminated, we are no longer seeking help with those graphics.)
The site now uses a moderate amount of semantic HTML5.
Several bugs in the HTML fragment validator (used for submissions and comments) have been fixed.
To avoid generating invalid HTML, submission content which fails validation is no longer displayed in submission/comment previews.
Plain text submissions are converted to HTML in a more useful fashion.
(Instead of just converting each EOL to <br>, the converter now generates proper paragraphs and interprets two or more consecutive EOLs as indicating a paragraph break.)
The redevelopment remains a work-in-progress.
Many thanks to those who have contributed!
As before, constructive feedback would be appreciated.
Of particular interest are reports of bugs in behaviour (for example, in the HTML validator or in authentication) that would preclude the adoption of the current code for the main site.
Default compiler switched to clang on amd64 and i386
Contributed by rueda on Thu Jul 27 07:42:12 2017 (GMT)
from the clanging now extremely loud dept.
With this commit, the default compiler for (-current base system on the) amd64 and i386 platforms has been changed to clang(1):
Module name: src
Changes by: email@example.com 2017/07/26 13:44:42
share/mk : bsd.own.mk
switch the default compiler on amd64 and i386 to clang,
but keep gcc4 in the build for these as well
The default compiler for ports has also changed for these platforms.