From card loaders to virtual servers.

more...

Smaller is better.

more...

In reference to arbitrary code execution in various source control programs. Refer svn advisory. Remember A Fire Upon the Deep?

There’s some code archaeologists who dig up an artifact. They don’t know what it does, but it includes some instructions for how to unpack it. And so they follow the instructions. And they think they’re taking precautions to prevent it from doing bad stuff, but they screw up, and the evil AI is turned loose. And then bad stuff happens.

It’s funny how similar this is to today’s vulnerability. In theory, checking out a code repo should be a safe operation. All you’re doing is downloading some artifact from a server. Building the code, running the code, all that can be unsafe. But surely there’s no trouble to simply checking out some code?

Alas, a repo is not just a repo. Checking out a repo might require checking out other sub repos and external resources. And so a dumb read only artifact is actually a smart read/execute artifact. The artifact can’t be checked out without also interpreting some of its contents. And if interpreting happens to execute some unwanted shell commands... Bad stuff happens.

It’s a bug, and it’s fixed, but another lesson that nothing is ever simple when adding features. What looks like just a hostname over here could be interpreted as a shell command over there.

Hackerthon is imminent.

There are two signals one can receive after accessing invalid memory, SIGBUS and SIGSEGV. Nobody seems to know what the difference is or should be, although some theories have been unearthed. Make some attempt to be slightly more consistent and predictable in OpenBSD.

Introduces jiffies in an effort to appease our penguin oppressors.

Clarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use.

Switch acpibat to use _BIX before _BIF, which means you might see discharge cycle counts, too.

Assorted clang compatibility. clang uses -Oz to mean optimize for size and -Os for something else, so make gcc accept -Oz so all makefiles can be the same. Adjust some hardlinks. Make sure we build gcc with gcc.

The SSL_check_private_key function is a lie.

Switch the amd64 and i386 compiler to clang and see what happens.

We are moving towards using wscons (wstpad) as the driver for touchpads.

Dancing with the stars, er, NET_LOCK().

clang emits lots of warnings. Fix some of them. Turn off a bunch of clang builtins because we have a strong preference that code use our libc versions. Some other changes because clang is not gcc.

Among other curiosities, static variables in the special .openbsd.randomdata are sometimes assumed to be all zero, leading the clang optimizer to eliminate reads of such variables.

Some more pledge rules for sed. If the script doesn’t require opening new files, don’t let it.

Backport a bajillion fixes to stable. Release errata.

RFC 1885 was obsoleted nearly 20 years ago by RFC 2463 which was obsoleted over 10 years ago by RFC 4443. We are probably not going back.

Update libexpat to 2.2.3.

vmm: support more than 3855MB guest memory.

Merge libdrm 2.4.82.

Disable SSE optimizations on i386/amd64 for SlowBcopy. It is supposed to be slow. Prevents crashes when talking to memory mapped video memory in a hypervisor.

Lucky sevens.

more...

Making some headway.

more...

A few thoughts after reading Are all BSDs created equally? by Ilja van Sprundel. Theo says OpenBSD is the best, Ilja fact checks.

more...

A few notes about gathered experiences with https certs not part of the traditional chain.

more...

How best to use a computer at night?

more...

A few different perspectives this week.

more...