An important message from Damien Miller (djm@) turned up on mailing lists and elsewhere, saying,

From: Damien Miller <djm () mindrot ! org>
Date: Wed, 28 Sep 2022 00:03:37 +0000
To: openssh-unix-dev
Subject: Call for testing: openssh-9.1

Hi,

OpenSSH 9.1p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

You can read the whole message here or continue after the fold -

While recovering after EuroBSDCon and starting to gear up for the much anticipated next OpenBSD release, our co-editor Peter Hansteen found the time to do a remote Sunday lunch talk (slides) for SEMIBUG titled A Few of My Favorite Things About The OpenBSD Packet Filter Tools (full text, blog with trackers).

The full text of the talk is also available here, without trackers.

Topics covered: PF basics, state tracking tricks, greytrapping, traffic shaping, with pointers to further material.

All good fun while we are waiting for the next bit thing.

Game of Trees 0.76 was released on September 23rd, 2022.

A complete list of what changed may be viewed here:
http://gameoftrees.org/releases/CHANGES

Joel Carnat has written a blog entry on using docker under and from OpenBSD. It starts:

The OpenBSD virtual machine daemon works pretty well with Linux VMs nowadays. This was time for me to see if I could replace the Synology Docker service with some Docker host provided by vmd(8).

EuroBSDCon 2022 is currently underway.

Slides for some of the OpenBSD sessions are already available from the the usual place on the OpenBSD web site.

At the time of writing, it's not too late to catch live streams of the final day of the conference!

OpenBGPD, our favorite BGP daemon, has a new release, version 7.6.

The release announcement leads in,

We have released OpenBGPD 7.6, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

   * Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate
     nexthops and incorrectly leave them in the FIB or Adj-RIB-Out. 

   * Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter

   * Switch various static hash tables to RB trees improving performance
     on large systems

   * Export per neighbor pending update and withdraw statistics

   * Fix race between a neighbor session reset and its update message backlog

   * Improve handling of nexthop reachability state changes

   * Further improve portability of the FIB handling code

In a recent piece titled The Things Spammers Believe - A Tale of 300,000 Imaginary Friends, undeadly.org co-editor Peter Hansteen summarizes more than 15 years (yes, it has been that long) of improving the noise levels in mail feeds.

The main tools are what comes in the base system of our favorite operating system, with particular focus on spamd(8) and the greytrapping feature.

The article leads in with

It finally happened. Today, I added the three hundred thousandth (yes, 300,000th) spamtrap address to my greytrapping setup, for the most part fished out of incoming traffic here, for spammers to consume.

and is liberally sprinkled with references to other relevant material.

The article is also available in a trackerless (aside from the server's ordinarily rotated log) version.

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.2:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/09/11 08:27:09

Modified files:
	sys/conf       : newvers.sh 

Log message:
drop the -beta

For those unfamiliar with the process: this is not the 7.2 release, but is part of the standard build-up to the release.

It's time to start using "-D snap" with pkg_add (and pkg_info).

(Regular readers will know what comes next…) This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

A new version of the OpenBSD rpki-client – RPKI validator to support BGP Origin Validation, version 8.0 has been released.

The announcement reads,

rpki-client 8.0 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of BGP announcements. The program queries the
global RPKI repository system and validates untrusted network inputs.
The program outputs validated ROA payloads, BGPsec Router keys, and
ASPA payloads in configuration formats suitable for OpenBGPD and BIRD,
and supports emitting CSV and JSON for consumption by other routing
stacks.