Installation images renamed from .fs to .img
There are some UEFI direct-from-internet bootloaders that require the name *.img. So this makes things more convenient for those, while keeping it consistant in all architectures.
e2k19 Hackathon Report: Stefan Sperling on GoT and wireless
g2k19 Hackathon Report: Stefan Sperling on Access Points and Ghosts
This AP was promptly attacked! But with OpenBSD on both AP and client, I now had a full view of the battle field and made our hackroom’s wifi immune to de-auth attacks. I don’t have enough brain juice to come up with a good heuristic for this, so users need to manually cast a de-auth attack immunity spell by setting the new ‘stayauth’ nwflag with ifconfig(8). Note that this flag needs to be set on clients as well as the AP, because a de-auth army will target them separately.
t2k19 Hackathon Report: Putting the hack(6) in hackathon, and other stories
The difference in behavior between my system and the OpenBSD project’s package build machines resulted from that plague of ports developers, hidden dependencies.
Using a Yubikey as smartcard for SSH public key authentication
However, ssh(1) has another method to talk to smartcards. It can load a PKCS#11 library that contains the functions to access the SmartCard. On OpenBSD, this library is provided by the opensc package. In turn, it needs the pcsc-lite package, that actually talks to a smartcard reader.
I tried the following with a Yubikey NEO and a Yubikey 4. Newer Yubikeys have more features. The NEO only supports RSA keys, Yubikey 4 and 5 support Elliptic Curve ECDSA keys. They also have another nice feature “touch-policy=always“: you have to touch the Yubikey to be able to use it (in addition to entering the PIN). That way it cannot be used without your consent, with a method independent from your computer keyboard.
Florian Obser on unwind(8)
malloc.conf replaced with a sysctl
This will allow unveiled and chrooted processes to access the malloc options without having to do anything special in the code or chroot dir.
g2k18 hackathon report: Ingo Schwarze on sed(1) bugfixing with Martijn van Duren, and about other small userland stuff
For the g2k18 Ljubljana hackathon, i decided to try and get rid of as many small userland tasks as possible. Lots of them have been piling up over time.
OpenBSD gains Wi-Fi "auto-join"
In a change which is bound to be welcomed widely, -current has gained “auto-join” for Wi-Fi networks.
p2k17 hackathon reports
autoconf/clang (No) Fun and Games
You might have been noticing the amount of commits to ports regarding autoconf and nested functions and asking yourself… what the hell is this all about?
t2k17 Hackathon Report
On the Insecurity of TIOCSTI
d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress
Errata and (First) Binary Patches Announced
Four for the price of one.
Half a dozen new features in mandoc -T html
The HTML output mode of mandoc(1) just grew a couple of new features. I’m providing this short summary because it’s all user-visible and might make using the online manuals easier.
New mandoc -mdoc -T markdown converter
mandoc can output markdown, and you can read Ingo’s thoughts on the matter.
The reason for providing this output mode is not that i consider markdown a good, or even a half-decent, markup language. Quite to the contrary, I hereby offcially declare it the shittiest markup language i have seen so far. Basically, it hasn’t any strong point whatsoever, but the downsides are numerous, scary, and cover practically every relevant aspect:
So even though this is the first release in the 1.14 branch, i consider the code very solid by now and call it 1.14.1 rather than 1.14.0.
a2k17 hackathon report: Patrick Wildt on the arm64 port
It’s alive! Featuring llvm too.
LibreSSL documentation status report
The short term goal is to make sure that LibreSSL documentation becomes better than OpenSSL documentation. Not merely better on average, but better in any conceivable respect.