Contributed by mtu on from the that-other-G-company dept.
Read on to find out what is really special about this company and its employees:
This Munich based company is GeNUA and they are a long time supporter of the OpenBSD and OpenSSH Projects. At the n2k8 Network Hackathon, I had the pleasure of meeting Markus Friedl (markus@) and Marco Pfatschbacher (mpf@), both of whom work at GeNUA and are impressive and accomplished OpenSSH and OpenBSD developers. My first impression of GeNUA was that it must be special to have these two guys working there. Then I met more guys from GeNUA at the c2k8 hackathon.
relayd(8), they were doing this in Perl. In time, they will start using relayd and other new functionality, but for the time being they have to support systems much longer than OpenBSD supported stable releases.
From my perspective, GeNUA is a successful Open Source based company that knows how to take care of their employees. Here is what the GeNUA OpenBSD developers had to say about their time at the c2k8 hackathon:
I have changed ipsecctl and isakmpd in a way that acquire mode can be used with ipsec.conf. Unfortunately it has not been comitted yet as I am waiting for an ok.
== Alexander von Gernler (grunk@) ==
On c2k8, I worked mainly on the OpenSSH fingerprint visualization feature that got inspired by a talk given by Dan Kaminsky at 25C3. My big luck was that I was sitting at a table together with two legendary OpenSSH developers, Damien Miller (djm@) and Darren Tucker (dtucker@), who were not only certainly able, but also very friendly in answering the questions I had about the OpenSSH code. Also it was very good that Markus Friedl (markus@) read his mail very often during the hackathon and despite having lots of other work answered quickly with OKs and comments to my diffs.
I can frankly say that without their help and motivation, and the personal contact on c2k8, the feature would certainly have never gotten in this way, at least not so fast. Convincing people about a feature when you are waving your notebook with fancy pictures in front of their face is one thing, and trying to pass on the same ideas and spirit via mail is definitely another.
As for the location, I very much liked the university setting, and I found it to be better than the hotel in Calgary. Not only do I assume that it saved OpenBSD a lot of money, but also it was a much more natural setting for hackers like us. In the hotel, I guess most of us constantly felt somewhat out of place, whereas in Lister Centre, many of us were reminded of their own time as students. Speaking of this, I want to say a big "thank you" towards Bob, Jason Meltzer and all the other people working in the background providing infrastructure.
It was a very nice event -- I met many people that I only know from mail or ICB otherwise, and I consider it to be very important to communicate directly, even if it is just once a year.
== Hans-Joerg Hoexer (hshoexer@) ==
softraid(4) is a framework to implement RAID disciplines.
To provide encryption for block devices marco@, djm@ and myself have added a discipline ("C") for encryption of data blocks written to disk and for decryption of blocks when read from disk. This discipline does not provide redundancy, only confidentiality. However, it is possible to configure an encrypted softraid volume on top of another volume providing redundancy (eg. RAID 1).
For encryption we use AES-XTS, a mode of AES designed for encryption of data on sector based storage. AES-XTS is a tweakable block cipher that uses an encryption key and a "tweak key" to generate the key material for the actual encryption/decryption operation on a single block. The tweak key is used to incorporate the logical position of block into the encryption/decryption operation.
== Nikolay Sturm (sturm@) ==
I started the hackathon with the addition of NLMv4 (Network Lock Manager) to our rpc.lockd. This is the protocol that permits NFSv3 clients to lock files over NFS (OpenBSD does not support client locking, so it's only useful w/ other clients like linux).
When doing that I noticed that our rpc.lockd was in fact only a stub implementation and did not provide any locking whatsoever. Therefore I ported the NetBSD locking code, to give OpenBSD server side NFS file locking. This is lightly tested to work with linux NFSv2 and NFSv3 clients, even in mixed networks.
To complete this work, I then ported rpc.statd from NetBSD and integrated it with rpc.lockd. rpc.statd deals with client and server reboots, to give a little more robustness to this whole setup. If a client holds a lock and crashes, the lock would never be freed. But with rpc.statd, the client tells the server after reboot, that it just rebooted, so that the server can unlock all files of that client. If the NFS server itself reboots, it will tell its clients, so that they can
All this locking stuff is far from perfect, but mostly best effort. Our code works as designed and just needs some cleanup here and there. I hope to find some time to look at FreeBSD's implementations of these daemons as they rewrote both of them.
I would like to thank the owners of GeNUA for their great support of the OpenBSD and OpenSSH Projects. I now know that great things have come to OpenBSD and OpenSSH as a result of GeNUA. For that, I'm deeply grateful. To the GeNUA OpenBSD and OpenSSH developers, present and past, we owe you a lot of gratitude for your efforts, sacrifice and amazing code and bug squashing abilities :-). Cheers!
(c2k8 hackathon summary to be continued)
(Comments are closed)