159
I Use This!
Very High Activity

News

Analyzed 2 days ago. based on code collected 3 days ago.
Posted over 11 years ago
Andrew Fresh wrote in to tell us about his recent work in measuring key performance data for OpenBSD 4.9 using professional-grade testing equipment. Andrew writes, “ I have been working to build a new router for a customer and have had access to ... [More] a pair of Spirent SmartBits SMB-600 with gigabit interfaces. This gave me the opportunity to do some testing. The machines available are Dell PowerEdge 860's with "80557,Xeon 3000 Conroe,3060,LGA775,Burn 2" processors. I tested with the onboard bge interfaces and thanks to Dave some em NICs as well. The testing shows that with a single processor kernel for any average packet size above 767 bytes you can easily saturate a gigabit network interface forwarding packets. I was able to achieve close to 300k pps in any configuration I tested. Surprisingly with small packet sizes, amd64 did slightly better than i386 achieving a maximum of of 347,812 pps with an em NIC. Until the interface was saturated, latency remained low at less than 500 microseconds. ” For more details and pictures, see the full post. [Less]
Posted over 11 years ago
For a few days in September (16th through 23rd), the Slovenian capital Ljubljana was also the World Capital of OpenBSD hacking, hosting the s2k11: General hackathon, with 25 developers participating. Undeadly editor Mitja Muženič was ... [More] there, but he was too busy organizing the event (by all accounts doing an excellent job) to write about it, so we asked each of the developers who participated to send us a short summary of what happened at the hackathon. Those summaries form the base of this series of articles (we have several more in process). If you're not folloing -current, this is an early preview of what may appear in the next release, or in some cases of features that will be tentatively included for testing in upcoming snapshots. Read more... [Less]
Posted over 11 years ago
For a few days in September (16th through 23rd), the Slovenian capital Ljubljana was also the World Capital of OpenBSD hacking, hosting the s2k11: General hackathon, with 25 developers participating. Undeadly editor Mitja Muženič was there, but ... [More] he was too busy organizing the event (by all accounts doing an excellent job) to write about it, so we asked each of the developers who participated to send us a short summary of what happened at the hackathon. Those summaries form the base of this series of articles (we have several more in process). If you're not folloing -current, this is an early preview of what may appear in the next release, or in some cases of features that will be tentatively included for testing in upcoming snapshots. Read more... [Less]
Posted over 11 years ago
Josh Grosse wrote in to tell us about his experience with the newly practical softraid(4) for root file systems: “ A pair of commits by Joel Sing (jsing@) on September 19th implemented the remaining pieces for softraid(4) to be able to be used ... [More] with the root partition. One of my servers has had a pair of IDE drives running as a RAID 1 array with RAIDframe for years, and I have been waiting for this development to come along. This mitigates the risk of a failure of the root drive or partition causing an outage, eliminates the need for a custom kernel, and simplifies either rescue or installation, since softraid(4) and bioctl(8) are included in the full RAMDISK kernel. Read more... [Less]
Posted over 11 years ago
Joel Knight wrote in to alert us to his recent article Virtualizing the OpenBSD Routing Table. In his cover message, Joel says, “ I've written a blog entry about using routing domains on OpenBSD that I think might be of interest to Undeadly ... [More] readers. It talks briefly about what routing domains are and how to configure them and then concentrates on how to pass traffic from one domain to another. ” Joel's article gently introduces the reader to advanced routing concepts via straightforward OpenBSD commands anc config. Well worth your click and time! [Less]
Posted over 11 years ago
With a commit dated 2011-09-06, Theo de Raadt (deraadt@) enabled 5.0 pre-orders and made the release song available: CVSROOT: /cvs Module name: www Changes by: deraadt@cvs.openbsd.org 2011/09/06 21:07:12 Modified files: . ... [More] : index.html items.html lyrics.html older.html orders.html tshirts.html Added files: . : 50.html images : MAD.jpg cd50-s.gif openbsd50_cover.gif poster26-s.gif poster26.jpg tshirt-35-s.gif tshirt-35.jpg tshirt-36-s.gif tshirt-36.jpg Log message: activate pre-orders for 5.0. two tshirts this time -- white and black The 5.0 release page is up too, expect it to fill out a bit more over the next few days. In the meantime, Peter Hansteen's blog posts What to expect in OpenBSD 5.0 onwards and Anticipating the Post-ALTQ World provide a partial preview of what to expect in the upcoming release. Remember, orders are processed on a first come, first served basis, so go to the orders page now to stock up on the new OpenBSD merchandise! [Less]
Posted over 11 years ago
Kristaps Dzonsons wrote in with news on the documentation front: In a previous article, it was said that UNIX manuals can look "indistinguishable from magic". This makes sense given the arcane syntax of mdoc, the language of OpenBSD's ... [More] manuals. But mdoc is just another language. Why is it so strange-looking when C or shell or Perl appears commonplace? It occurred to me that a major problem with mdoc, and UNIX manuals in general, is a lack of introductory documentation. Unfamiliar things are scary. When writing my own first manual, years ago, about the only printed text I could find was Chapter 18: Documentation in esr's The Art of UNIX Programming. He puts it well: "Unix documentation is, at present, a mess.". It's still true. But this doesn't help us much. Read more... [Less]
Posted over 11 years ago
Just a quick reminder if anyone missed the free conference in Stockholm this Saturday. Read more...
Posted over 11 years ago
The EuroBSDCon organizers wrote in to tell us that registration for EuroBSDCon 2011 is now open. The conference is scheduled for October 6 - 9 2011 in Maarsen, The Netherlands. As usual the (preliminary) talks schedule has a strong OpenBSD ... [More] showing, with talks from Henning Brauer (henning@) and Ryan McBride (mcbride@), Paul Irofti (pirofti@), Claudio Jeker (claudio@), Mark Kettenis (kettenis@), Damien Miller (djm@), and Ken Westerback (krw@), with details of talks still settling. On the tutorials front, yours truly will be holding the OpenBSD flag with a refreshed PF tutorial. Go to the Registration page and complete registration before August 31 to take advantage of the early bird rate. [Less]
Posted over 11 years ago
A little while back, Ray Lai wrote in about a very interesting commit by Damen Miller (djm@). With this, OpenSSH's privilege separation is further tightened: CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2011/06/22 15:57:01 ... [More] Modified files: usr.bin/ssh : servconf.c servconf.h sshd.c sshd_config.5 usr.bin/ssh/sshd: Makefile Added files: usr.bin/ssh : sandbox-rlimit.c sandbox-systrace.c sandbox.h Log message: introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ [Less]