We have a new p2k19 report from Rafael Sadowski (rsadowski@), who writes:
My first OpenBSD hackathon
When p2k19 was announced, I was quite happy that it was located in Bucharest. A quick check of flight connections, showed that there is a direct connection from Hannover. Without a second thought or planning a vacation, I booked the round trip. I guess I was the first person to put his name under the list.
Ken Westerback (krw@) kindly wrote in with a report from last month's a2k20 hackathon in Hobart, Australia:
tl;dr -- excellent coffee fuelled lots of hacking in Hobart
I started my journey to Hobart via Sydney in a state of some anxiety. Air Canada's continuing reservation system troubles meant it was unclear until the last minute whether I would arrive in Sydney rested or frazelled. In the end all went well and I arrived at dtucker@'s place after a good sleep. After a pleasant evening with Darren, we caught our flight to Hobart the next morning without trouble. We found tedu@ had been on the same flight, despite not spotting him during boarding.
Ken Westerback [krw@ when wearing his OpenBSD hat] wrote us with this update about the OpenBSD Foundation's work:
As the OpenBSD Foundation begins to prepare the 2020 fundraising campaign we would like to thank all the contributors to our 2019 campaign.
Video recordings from FOSDEM 2020 are now available.
The OpenBSD presentations were:
(These are also listed in the usual place.)
Fresh in from u2k20 is this report from Tracey Emery, who visited the hackathon in Uckermark, Germany after getting invited by Stefan Sperling (stsp@):
Stefan Sperling and I started a discussion in November about a CGI program, which would work in httpd(8), use the Game of Trees library along with the kcgi library by Kristaps Dzonsons, to display repository information in a browser. I was getting frustrated with working on my own project and was looking for something else to hack on. So, I told Stefan that I'd take a crack at Gotweb.
Commit messages just capture the brief summary of changes. Believe it or not, there is a story behind every single commit you may find in a project history. Especially if you read there a short phrase 'discussed with many' or 'input by many'. In cases like this you can always bet the story is not short.
Previously, solene@ wrote:
Dear OpenBSD users, due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won't receive updates for www/mozilla-firefox, so it will remain vulnerable to MFSA2020-03 and vulnerabilities that may appear after.
Tom Smyth writes in about an interview he did with Theo de Raadt in between g2k19, the general hackathon in Ottawa, and BSDCAN 2019:
Have you ever wondered about the whys and the hows Theo and his friends in OpenBSD relentlessly pursue security perfection in computer operating systems and the software that runs on them? Or perhaps you are more concerned with much deeper questions like : What operating system does Theo use on his Laptop? Who is his favourite developer? Who is his favourite user / sysadmin? Or you are just in need of some serious life tips on dealing with trolls?
Ok enough with the superficial questions… lets let Theo do the talking… check out the video here
A big Thank you goes to Theo for his time in the interview. I enjoyed making it with him, and I hope you all enjoy it, and I hope the wider public learn something new from it too.
Many thanks to Theo indeed, and also to Tom for doing the interview. We hope to see more soon!
My hike to the Elk Lakes hut was more pleasent this time compared to last time (s2k17). Partly because the weather was better overall this time around. And I knew what to expect and had planned ahead better. I had left my thick and heavy jacket at home which had turned out to be a nuisance, being too warm and too heavy for hiking. I packed a light and thin rain jacket instead to protect against wind and rain, but we didn't get either so the jacket stayed in the bag. My backpack still felt a bit heavy on the hike in, but that was due to lunch snacks which were all eaten up by the time we hiked back out.
The Internet Security Research Group and partners have announced that Claudio Jeker (claudio@) is the third Radiant Award recipient. From the announcement:
We’re excited to announce the third Radiant Award recipient, Claudio Jeker.
When we at ISRG think about the greatest threats to Web security today, the lack of Border Gateway Protocol (BGP) security might top our list. Claudio's passion for networking, his focus on security, and his talent as a software developer are enabling him to make great contributions to fixing this and other Web security problems. In particular, he is making great contributions to OpenBSD and OpenBGPD.
Congratulations Claudio!
Alexandr Nedvedicky (sashan@) wrote to tech@ regarding a recent significant change: Hello, commit from today [1] makes IP stack more paranoid. Up to now OpenBSD implemented so called 'weak host model' [2]. The today's commit alters that for hosts, which don't forward packets (don't act as routers). Your laptops, desktops and servers now check packet destination address with IP address bound to interface, where such packet is received on. If there will be mismatch the packet will be discarded and 'wrongif' counter will be bumped. You can use 'netstat -s|grep wrongif' to display the counter value. It is understood the behavior, which has been settled in IP stack since 80's, got changed. tech@openbsd.org (or bugs@openbsd.org) wants to hear back from you, if this change breaks your existing set up. There is a common believe this change won't hurt majority (> 97%) users, though there is some non-zero risk, hence this announcement is being sent. thanks and regards sashan [1] https://marc.info/?l=openbsd-cvs&m=157580332113635&w=2 [2] https://en.wikipedia.org/wiki/Host_model
After 2 years it was once again time to pack skis and snowshoes, put a satellite dish onto a sledge and hike through the snowy rockies to the Elk Lakes hut.
Theo de Raadt (deraadt@) has committed code for a new exploit-prevention mechanism:
[…] Repurpose the "syscalls must be on a writeable page" mechanism to enforce a new policy: system calls must be in pre-registered regions. We have discussed more strict checks than this, but none satisfy the cost/benefit based upon our understanding of attack methods, anyways let's see what the next iteration looks like. This is intended to harden (translation: attackers must put extra effort into attacking) against a mixture of W^X failures and JIT bugs which allow syscall misinterpretation, especially in environments with polymorphic-instruction/variable-sized instructions. It fits in a bit with libc/libcrypto/ld.so random relink on boot and no-restart-at-crash behaviour, particularily for remote problems. Less effective once on-host since someone the libraries can be read. […]The full commit details are well worth reading, as is the manual page for the (new) msyscall(2), and some associated discussion on tech@.
As this change involves ABI breakage, upgrading via snapshots is the easiest way to avoid trouble.
Florian Obser (florian@) has committed code to give unwind(8) a flexible approach to resolving strategies:
Modified files: sbin/unwind : resolver.c resolver.h usr.sbin/unwindctl: unwindctl.c Log message: Instead of only considering if a resolving strategy is dead, works or validates, measure how well it is doing.My main goal for the p2k19 hackathon was 9260 device support in iwm(4). Firmware updates for previous device generation were an important prerequisite step. One day before p2k19, the oldest generation of hardware supported by the iwm(4) driver was switched to latest available firmware images.
tl;dr - Great City, Great Coffee, Great Hacking. I already miss Bucharest.
Our next p2k19 report comes from Jeremy Evans (jeremy@):
While I had originally planned to attend the entire hackathon, circumstances changed and I was only able to make it there for a few days. Still, I was able to get some work done.
This year having been a bit hectic with work and house renovation, i was really planning to enjoy bucarest as the first real break of the year.. and it definitely was a blast.
Fresh from Bucharest is this story from Martin Pieuchot (mpi@) with his experience from p2k19:
Since I attend OpenBSD hackathons, I hear stories about how crazy are the ports hackathons. So I try my best to look like a porter in order to experience this craziness. I must admit p2k19 was awesome but the craziness of port hackathons is still an enigma to me.
Damien Miller (djm@) posted to tech@:
Hi, I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys.