Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:New HTTP daemon (Score 4, Informative) 80

by brynet (#49595143) Attached to: OpenBSD 5.7 Released

OpenBSD's httpd(8) supports HTTP redirects, and it certainly seems possible to redirect requests to i.e: php-fpm.

        location "*.php" {
                fastcgi socket "/path/to/php-fpm.sock"
        }

        location "/" {
                block return 301 "/index.php"
        }

Reyk Floeter (reyk@) has a Wiki with some additional example configurations, contribute more:

https://github.com/reyk/httpd/...

Comment: Re:New HTTP daemon (Score 3, Informative) 80

by brynet (#49594979) Attached to: OpenBSD 5.7 Released

It's not a "half-finished" server, it's a new server written using OpenBSD's existing development practices, sharing code with relayd(8) in base. For OpenBSD httpd(8), 'featuritis' is being avoided so that the codebase remains simple and maintainable.

https://github.com/reyk/httpd/...

I've never heard of Hiawatha, but the GPL licencing makes it inappropriate for the base system. It is available as a package and in the ports, along with nginx and many other servers.

Comment: Re: Good documentation (Score 3, Informative) 403

by brynet (#48822741) Attached to: Ask Slashdot: Migrating a Router From Linux To *BSD?

Peter N. M. Hansteen's PF tutorial and books are recommended reads, Peter remains involved with the developers and the information stays relevant and useful. He also ensures that readers using other BSD systems, especially with older versions of pf, can learn just as much from it.

* The Book of PF, 3rd Edition, 2014 - ISBN: 978-1593275891
* http://home.nuug.no/~peter/pf/

Michael W Lucas is another author that writes books for both the BSD and sysadmin communities, similarly, he works closely with developers and users to release these short, yet all-encompassing tomes of information, covering a wide variety of topics.

https://www.michaelwlucas.com/...
* Absolute OpenBSD, 2nd Edition, 2013 - ISBN: 978-1593274764
* SSH Mastery, 2012 - ISBN: 978-1470069711
* Sudo Master, 2013 - ISBN: 978-1493626205

And of course, official documentation is great. The effort of many people working to improve, Jason McIntyre improving readability and overall quality, Ingo Schwarze's amazing work on mandoc(1) tools. OpenBSD's FAQ, which is usually the first step people take to learn more about the system, is maintained by Nick Holland.

http://www.openbsd.org/faq/
http://www.openbsd.org/cgi-bin...

+ - OpenBSD's kernel gets W^X treatment on amd64-> 2

Submitted by brynet
brynet writes: Theo de Raadt wrote:

Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good.


Link to Original Source

+ - OpenBSD 5.6 Released

Submitted by Anonymous Coward
An anonymous reader writes: Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

Comment: Re:In other news. (Score 2) 162

by brynet (#48255923) Attached to: OpenBSD Drops Support For Loadable Kernel Modules
If any vendor has proprietary drivers for OpenBSD, they would undoubtedly be using better kernel interfaces directly. Especially for something like a driver for a hardware RAID controller. LKM(4) support has mostly been only "compile tested" for years. Nothing uses it seriously, at the time of it's removal.. the ports tree contained a single port making use of it.. a firmware flasher for some Dell systems.

+ - OpenBSD's new rcctl(8) utility, in -current for 5.7->

Submitted by brynet
brynet writes: OpenBSD 5.7 will include a new control utility, rcctl(8), for managing daemons/services. Manually creating /etc/rc.conf.local or rc.conf(5) will still be supported, however, this new method will make scripting configuration easier and provide an equivalent to service(8) on Linux and sysrc(8) on FreeBSD.
Link to Original Source

+ - OpenBSD Foundation Receives A Commitment for 100k, sets annual goal to 150k->

Submitted by ConstantineM
ConstantineM writes: Bob Beck, director of the OpenBSD foundation, writes on misc@ — 'To all of you who have donated, please allow me to give you a huge "Thank You". In a nutshell, we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation. From a developer's perspective let me assure you that this reaffirms the worth of what we are supporting and makes us want to work on it that much more.' Based on the updated list of significant contributors, in addition to the donation by the Mircea Popescu of MPEx Bitcoin securities exchange, genua, Google and many others have joined in. 'We would like to continue to build on your groundswell of support, and have set a target for $150,000 this year in fundraising.', Bob concludes.
Link to Original Source

+ - OpenBSD Foundation Fundraising for 2014 - Thank you!->

Submitted by Anonymous Coward
An anonymous reader writes: List: openbsd-misc
Subject: OpenBSD Foundation Fundraising for 2014
From: Bob Beck
Date: 2014-01-20 18:49:25

Greetings All,

About a week ago I warned you all that the OpenBSD project did not
have the funds to cover our bills for the past year (especially the
ability to handle the electricity) and that our funding sources were
not sustainable.

As most of you know the news of our predicament has been widely
distributed over the last week, and the response from the community as
well as corporate donors has been significant — some of this response
has been hitting the internet media already.

To all of you who have donated, please allow me to give you a huge
"Thank You". In a nutshell, we have in one week gone from being in a
dire situation to having a commitment of approximately $100,000 in
donations to the foundation. From a developer's perspective let me
assure you that this reaffirms the worth of what we are supporting and
makes us want to work on it that much more.

We would like to continue to build on your groundswell of support, and
have set a target for $150,000 this year in fundraising. Please see

http://www.openbsdfoundation.org/campaign2014.html

If you have contributed already — Thank you.
If you can help us by contributing — Please do.
If you know or work for someone who can help us reach our goals,
please contact us.

Sincerely,

-Bob

Link to Original Source

+ - Theo de Raadt gives a 10-year summary on exploit mitigation in OpenBSD

Submitted by ConstantineM
ConstantineM writes: Microsoft has all significant exploit mitigation techniques fully integrated and enabled, claims Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that some other vendors are still shipping without it.

+ - fuse support in OpenBSD -current

Submitted by ConstantineM
ConstantineM writes: File system in userland support — fuse — was included in OpenBSD 5.4 source tree, but not built by default, hence not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, and asked him about his experience of getting libfuse into OpenBSD. Which userland file systems are supported? So far, it's sshfs-fuse and ntfs-3g (both are in the ports tree due to the GPL).

My computer can beat up your computer. - Karl Lehenbauer

Working...