As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.
One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:
It was not my first EuroBSDcon but the first time I delivered a talk!
I feared that only few people will show up at to my talk since
Michael W. Lucas had his talk at the same time and also covered an
OpenBSD topic. But the room was full and my talk was well received.
After the talk I received a nice gift from the EuroBSDcon organizers:
a cartoonist made drawings from the presenters during the talks!
Details of the
2018 campaign have been added to the Foundation's website. The goal for the
year is for $300,000. The total for "smaller" donations has already
taken the OpenBSD community to bronze level sponsorship!
Patrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called "microinstructions". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.
If you run a mail service, you probably like to have greylisting in place, via spamd(8) or similar means. However, there are some sites that simply do not play well with greylisting, and for those it's useful to extract SPF information to identify their valid outgoing SMTP hosts.
Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.
This feature is still in need of testing, so please grab a snapshot and test!
from the moronoculture dept.
message to tech@
from Philip Guenther (guenther@) provides the first public
information from developers regarding the OpenBSD response to the recently
So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack. While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
While attending BSDCAN2017 in Ottawa I met many OpenBSD Developers,
and I was fortunate to grab a few moments and video an interview
with Peter Hessler, Henning Brauer and Reyk Floeter and talk to
them about OpenBSD generally,
I really appreciate the guys generosity in their time on the
I have posted the video here