OpenBSD Journal

OpenBSD Journal

a2k18 Hackathon preview: Syncookies coming to PF

Contributed by Peter N. M. Hansteen on from the puffies-or-cookies-for-you dept.

As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.

One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:

Read more…

Remi Locherer's EuroBSDcon 2017 Talk

Contributed by rueda on from the connecting the dots dept.

Remi Locherer wrote in:

Last September I gave a talk at EuroBSDcon in Paris. It was about the VPN setup for connecting the branch offices of my employer.
https://2017.eurobsdcon.org/talk-speakers/#RemiLocherer

It was not my first EuroBSDcon but the first time I delivered a talk! I feared that only few people will show up at to my talk since Michael W. Lucas had his talk at the same time and also covered an OpenBSD topic. But the room was full and my talk was well received.

After the talk I received a nice gift from the EuroBSDcon organizers: a cartoonist made drawings from the presenters during the talks!

Read more…

CPU microcode update code for amd64

Contributed by Paul 'WEiRD' de Weerd on from the not-very-firm-ware dept.

Patrick Wildt (patrick@) recently committed some code that will update the Intel microcode on many Intel CPUs, a diff initially written by Stefan Fritsch (sf@). The microcode of your CPU is basically the firmware that runs on your (Intel) processor, defining its instruction set in terms of so called "microinstructions". The new code depends, of course, on the corresponding firmware package, ported by Patrick which can be installed using a very recent fw_update(1). Of course, this all plays into the recently revealed problems in Intel (and other) CPUs, Meltdown and Spectre.

Read more…

Handling of CPU bugs disclosure 'incredibly bad': OpenBSD's de Raadt

Contributed by rueda on from the we-are-not-amused dept.

ITWire has published an article regarding Theo de Raadt's (deraadt@) reaction to the Meltdown/Spectre disclosures.

One choice quote reads:

Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies – so it is hard to believe they ignored the risky aspects.

OpenBSD-current now has 'smtpctl spf walk'

Contributed by Peter N. M. Hansteen on from the check-my-senders dept.

If you run a mail service, you probably like to have greylisting in place, via spamd(8) or similar means. However, there are some sites that simply do not play well with greylisting, and for those it's useful to extract SPF information to identify their valid outgoing SMTP hosts.

Now OpenBSD offers a straightforward mechanism to do that and fill your nospamd table, right from the smtpctl utility via the subcommand spf walk. Gilles Chehade (gilles@) describes how in a recent blog post titled spfwalk.

This feature is still in need of testing, so please grab a snapshot and test!

Response to the "Meltdown" Vulnerability

Contributed by rueda on from the moronoculture dept.

A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:

So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack.  While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
hidden.

Read it and weep…

BSDCAN2017 Interview with Peter Hessler, Reyk Floeter, and Henning Brauer

Contributed by rueda on from the Oxford comma dept.

In a message to misc@, Tom Smyth wrote (in part):

While  attending BSDCAN2017 in Ottawa I met many OpenBSD Developers,
and I was fortunate to grab a few moments and video an interview
with Peter Hessler, Henning Brauer and Reyk Floeter and talk to
them about OpenBSD generally,
I really appreciate the guys generosity in their time on the
interview
I have posted the video here
https://www.youtube.com/watch?v=e-Xim3_rJns&feature=youtu.be

Nice work, Tom!

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.2

None yet

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]