Patrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called "microinstructions". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.
One choice quote reads:
Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies – so it is hard to believe they ignored the risky aspects.
Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.
This feature is still in need of testing, so please grab a snapshot and test!
So, yes, we the OpenBSD developers are not totally asleep and a handful of us are working out how to deal with Intel's fuck-up aka the Meltdown attack. While we have the advantage of less complexity in this area (e.g., no 32bit-on-64bit compat), there's still a pile of details to work through about what has to be *always* in the page tables vs what can/should/must be hidden.
Read it and weep…
In a message to misc@, Tom Smyth wrote (in part):
While attending BSDCAN2017 in Ottawa I met many OpenBSD Developers, and I was fortunate to grab a few moments and video an interview with Peter Hessler, Henning Brauer and Reyk Floeter and talk to them about OpenBSD generally, I really appreciate the guys generosity in their time on the interview I have posted the video here https://www.youtube.com/watch?v=e-Xim3_rJns&feature=youtu.be
Nice work, Tom!
I wanted to give an update that a two pledge-related changes are being worked on. The semantics and integration are complicated so it is taking some time.
Theo de Raadt (deraadt@) committed the following change:
CVSROOT: /cvs Module name: www Changes by: firstname.lastname@example.org 2017/12/07 12:00:12 Modified files: . : plat.html Log message: graduate arm64 to supported; having syspatch it is even beyond some other systems
I could not travel to the Toronto t2k17 hackathon earlier this year, in circumstances which left me with a voucher for an already purchased intercontinental flight ticket and hiking clothes I had bought for a trip into the Canadian mountains.
Bob Beck (beck@) writes:
So, I am sitting in my kitchen with a car packed full of food, packing up my last things and getting ready to drive south for a Hackathon. This one is a little different, since it is in a wilderness hut I have to hike/ski into.. If the hike doesn't kill me, living for 5 days inside a structure heated by wood where Germans are present to stoke the fire might. So here's a bit of a ramble about hackathons.