KernelTrap offers an in depth look at the recent efforts to port OpenBSD's stateful packet filter, pf, to other operating systems.
"An update on the current status of OpenBSD Symmetric Multiprocessor support was recently posted to the OpenBSD smp mailing list. At this time, it still looks to be quite a ways off in the future, with currently only i386-specific code that will detect and spinup a 2'nd processor, but not yet actually use it." Read the report at KernelTrap.
Continuing down the path of evolutionary development, release time for OpenBSD 3.3 grows near. Pre-orders of CD sets are now being accepted and new t-shirt designs are up. More at OpenBSD Journal.
OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it has become an advanced tool for networking and security. In the first of four articles, Jacek Artymiak examines recent updates to pf. This week, he looks at Network Address Translation. The whole series of OpenBSD articles can be found here.
From the OpenBSD Journal: In his post, Theo deRaadt gives a brief technical overview of the four major security changes in OpenBSD: POSIX page protection schemes, WorX, read only segments, and Propolice. Not all of these are on all platforms, but every platform has some protection. To quote Theo in his message, "We feel that these 4 technologies together will be a a royal pain in the a$$ for the typical buffer overflow attacker."
In late November of 2002, OpenBSD creator Theo de Raadt announced on the project's mailing lists that after over a year of attempting to obtain useful UltraSparc III documentation, they had still not made much headway. In the email he rallied the OpenBSD community to help out, asking them to contact the people within Sun responsible for providing such information. C/Net reported on this in their story titled, Open-source clan in spat with Sun. The UltraSparc III is Sun's third generation 64-bit RISC architecture based processor.
"OpenBSD 3.2 is with us, and it's time to upgrade our systems to the latest release. As usual, it is strongly suggested that you install the latest release on a spare machine, apply patches, and test it until you are happy with what the OpenBSD gang gave us. Only then you should upgrade and patch the production machine. But how do you patch OpenBSD?" Read the article at OnLamp.
Acheron writes: "Spotted this on Deadly.org today. Four University of Waterloo students are working on adding SMP support to the OpenBSD kernel as their 4th year Computer Engineering Design Project. Their website can be found at Spinlocks.org. Best of luck to them."
Seen the interesting article linked from Deadly.org: "Why would one install his own personal gateway to the Internet? Because it is quite easy to do. And also because it simply is the most reliable, safest way to connect machines to a dedicated xDSL modem. Moreover, we can stash a whole bunch of useful features in such a little box."
"In today's Internet-centric computing world, networking components are a paramount feature of any system worth its salt. Easily falling into that category, OpenBSD contains strong network code and configuration interfaces which, with a little research and learning, can be put to powerful use. This series of articles aims to illustrate that with practical examples and direct application to real-world situations." Read the article at OnLamp. In the meantime, patch 001 for OpenBSD 3.2 was posted.
"IT staff can make almost any software system secure with enough pain and wizardry, but getting great security with hardly any effort at all is true magic. That's the attraction of the Internet's most secure operating system, OpenBSD. The latest release of OpenBSD, Version 3.2, started shipping Nov. 1." Read the article at eWeek.
"Todd Fries and Todd Miller happily send along notice that OpenBSD 3.2 has been released. It's available by FTP, CDROMs are shipping, and is CVS if you want to source upgrade. This is a big release for OpenBSD with many substantial changes. Many users will want to reinstall from scratch and not upgrade, as architecture changes on some platforms as well as enhanced security features are best taken advantage of that way. Read on for the release notes." Read the full release notes at Deadly.org.
From Deadly.org: "Yep, bagged and tagged, 3.2 is in beta. Snapshots are up, and you can keep up to date on -current via CVS. Give it a whirl, please test it and make 3.2 a solid release. I'm running it on a couple of systems and find it to be pretty stable, so far."
The main goal of the is to add a graphical installation to OpenBSD. This project has been developped in the spirit of OpenBSD which means that the installation is as close as possible as the text one. wishes to add some value to the product by developping installation modules to known servers such as Bind, Sendmail, Inn, Apache etc. Our Take: Great project, but may I point out the illegal use of the BeOS and (some) Windows icons in the Installer?
"With more and more hosts being connected to the Internet, the importance of securing connected networks has increased, too. One mechanism to provide enhanced security for a network is to filter out potentially malicious network packets. Firewalls are designed to provide ``policy-based'' network filtering." Read the paper at Benzedrine.
The OpenBSD project is currently having what is called a "Hackathon", that is, as many coders as possible, get together for a little more than a week and hack, drink beer, hang around etc. This year, it all happens in Theo deRaadt's hometown, in Calgary, Canada. The slogan of this hackathon is: "Shut up and hack!" Check out pictures of the event, and see the (always growing) number of CVS commits here. The event is terminating late next week.
OpenBSD 3.1 was just released with many improvements and new software installed (more than 1000 packages and XFree 4.2). Get it while it's hot.
OpenBSD leader and creator Theo de Raadt explained OpenBSD 3.1 will only be available through the retail channels and not available as ISOs: "It simply does not make economic sense for us to reduce the CD sales we have now." OpenBSD currently ships as a 3 CD set. With 3.1, available in June, there will be an extra fourth CD only available as an ISO for download. Additionally, the CD comes with a sheet of special OpenBSD stickers and a bonus music track. Read more at KernelTrap.
"Like almost all things in life, good security costs good money. It has to be that way, because there are simply not enough skilled security specialists to look after all of the networks that need their attention. An unfortunate result of low supply and high demand is the migration of highly skilled personnel to clients who can meet their salary requirements. This leaves a lot of small and underfunded networks in the hands of less experienced administrators, who might not know how to design, configure, and monitor these networks' safety mechanisms." Read the second part of the article at OReillyNet. First part, here.
"Like almost all things in life, good security costs good money. It has to be that way, because there are simply not enough skilled security specialists to look after all of the networks that need their attention. An unfortunate result of low supply and high demand is the migration of highly skilled personnel to clients who can meet their salary requirements. This leaves a lot of small and underfunded networks in the hands of less experienced administrators, who might not know how to design, configure, and monitor these networks' safety mechanisms, leaving them vulnerable to attacks from unscrupulous people looking for inside information, free warez storage, zombie hosts for DDoS attacks, or systems they can simply destroy for fun of doing it." Read the rest of the article at O'Reilly.