Slashdot Mirror

The 45th version of the OpenBSD project has been released, bringing more hardware support (Radeon driver updates, Intel microcode integration, and more), a virtualization tool that supports the disk format qcow2, and a network interface where you can quickly join and switch between different Wi-Fi networks.

Root.cz also notes that audio recording is now disabled by default. If you need to record audio, it can be enabled with the new sysctl variable. An anonymous Slashdot reader first shared the announcement. You can download it from any of the mirrors here.

The 45th version of the OpenBSD project has been released, bringing more hardware support (Radeon driver updates, Intel microcode integration, and more), a virtualization tool that supports the disk format qcow2, and a network interface where you can quickly join and switch between different Wi-Fi networks.

Root.cz also notes that audio recording is now disabled by default. If you need to record audio, it can be enabled with the new sysctl variable. An anonymous Slashdot reader first shared the announcement. You can download it from any of the mirrors here.

The 45th version of the OpenBSD project has been released, bringing more hardware support (Radeon driver updates, Intel microcode integration, and more), a virtualization tool that supports the disk format qcow2, and a network interface where you can quickly join and switch between different Wi-Fi networks.

Root.cz also notes that audio recording is now disabled by default. If you need to record audio, it can be enabled with the new sysctl variable. An anonymous Slashdot reader first shared the announcement. You can download it from any of the mirrors here.

The 45th version of the OpenBSD project has been released, bringing more hardware support (Radeon driver updates, Intel microcode integration, and more), a virtualization tool that supports the disk format qcow2, and a network interface where you can quickly join and switch between different Wi-Fi networks.

Root.cz also notes that audio recording is now disabled by default. If you need to record audio, it can be enabled with the new sysctl variable. An anonymous Slashdot reader first shared the announcement. You can download it from any of the mirrors here.

basscomm writes: OpenBSD 6.2 has now been released. Check out the release notes if you're into that kind of thing. Some of the new features and systems include improved hardware support, vmm(4)/ vmd(8) improvements, IEEE 802.11 wireless stack improvements, generic network stack improvements, installer improvements, routing daemons and other userland network improvements, security improvements and more. Here is the full list of changes.

basscomm writes: OpenBSD 6.2 has now been released. Check out the release notes if you're into that kind of thing. Some of the new features and systems include improved hardware support, vmm(4)/ vmd(8) improvements, IEEE 802.11 wireless stack improvements, generic network stack improvements, installer improvements, routing daemons and other userland network improvements, security improvements and more. Here is the full list of changes.

LichtSpektren writes: Version 6.0 of the free operating system OpenBSD has just been released. This release features much improved hardware and armv7 support, a new tool called proot for building software ports in an isolated chroot environment, W^X that is now strictly enforced by default, and removal of official support for Linux emulation, usermount, and systrace. The release announcement can be read here. The release is OpenBSD's 40th release on CD-ROM and 41st release via FTP/HTTP.

LichtSpektren writes: Version 6.0 of the free operating system OpenBSD has just been released. This release features much improved hardware and armv7 support, a new tool called proot for building software ports in an isolated chroot environment, W^X that is now strictly enforced by default, and removal of official support for Linux emulation, usermount, and systrace. The release announcement can be read here. The release is OpenBSD's 40th release on CD-ROM and 41st release via FTP/HTTP.

LichtSpektren writes: Version 6.0 of the free operating system OpenBSD has just been released. This release features much improved hardware and armv7 support, a new tool called proot for building software ports in an isolated chroot environment, W^X that is now strictly enforced by default, and removal of official support for Linux emulation, usermount, and systrace. The release announcement can be read here. The release is OpenBSD's 40th release on CD-ROM and 41st release via FTP/HTTP.

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

badger.foo writes: 20 years to the day after the OpenBSD source tree was created for the new project, the project has released OpenBSD 5.8, the 38th release on CD-ROM (and 39th via FTP/HTTP). This release comes with four release songs instead of the usual one, and a long list of improvements over the last releases. (Probably a good time to donate to the project, too, even if you don't use it directly, because of all the security improvements that OpenBSD programmers contribute to the world.)

An anonymous reader writes: LibreSSL 2.2.2 has been released. According to the release notes: "This release marks the end of the OpenBSD 5.8 development cycle, featuring expanded portable build support, code improvements, removal of obsolete workarounds....The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible." This is the first LibreSSL release that has completely removed SSLv3 support.

An anonymous reader writes: LibreSSL 2.2.2 has been released. According to the release notes: "This release marks the end of the OpenBSD 5.8 development cycle, featuring expanded portable build support, code improvements, removal of obsolete workarounds....The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible." This is the first LibreSSL release that has completely removed SSLv3 support.

An anonymous reader writes: Right on schedule, OpenBSD 5.7 was released today, May 1, 2015. The theme of the 5.7 release is "Source Fish." There are some big changes in OpenBSD 5.7. The nginx httpd server was removed from base in favor of an internally developed httpd server in 5.7. BIND (named) was retired from base in 5.7 in favor of nsd(8) (authoritative DNS) and unbound(8) (recursive resolver). Packages will exist for BIND and nginx. This version includes a new control utility, rcctl(8), for managing daemons/services, USB 3 support and more. See a detailed log of changes between the 5.6 and 5.7 releases for more information. If you already have an OpenBSD 5.6 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. You can order the 5.7 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes: Right on schedule, OpenBSD 5.7 was released today, May 1, 2015. The theme of the 5.7 release is "Source Fish." There are some big changes in OpenBSD 5.7. The nginx httpd server was removed from base in favor of an internally developed httpd server in 5.7. BIND (named) was retired from base in 5.7 in favor of nsd(8) (authoritative DNS) and unbound(8) (recursive resolver). Packages will exist for BIND and nginx. This version includes a new control utility, rcctl(8), for managing daemons/services, USB 3 support and more. See a detailed log of changes between the 5.6 and 5.7 releases for more information. If you already have an OpenBSD 5.6 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. You can order the 5.7 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes: Right on schedule, OpenBSD 5.7 was released today, May 1, 2015. The theme of the 5.7 release is "Source Fish." There are some big changes in OpenBSD 5.7. The nginx httpd server was removed from base in favor of an internally developed httpd server in 5.7. BIND (named) was retired from base in 5.7 in favor of nsd(8) (authoritative DNS) and unbound(8) (recursive resolver). Packages will exist for BIND and nginx. This version includes a new control utility, rcctl(8), for managing daemons/services, USB 3 support and more. See a detailed log of changes between the 5.6 and 5.7 releases for more information. If you already have an OpenBSD 5.6 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. You can order the 5.7 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes: Right on schedule, OpenBSD 5.7 was released today, May 1, 2015. The theme of the 5.7 release is "Source Fish." There are some big changes in OpenBSD 5.7. The nginx httpd server was removed from base in favor of an internally developed httpd server in 5.7. BIND (named) was retired from base in 5.7 in favor of nsd(8) (authoritative DNS) and unbound(8) (recursive resolver). Packages will exist for BIND and nginx. This version includes a new control utility, rcctl(8), for managing daemons/services, USB 3 support and more. See a detailed log of changes between the 5.6 and 5.7 releases for more information. If you already have an OpenBSD 5.6 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. You can order the 5.7 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

ConstantineM writes: It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation." Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.

ConstantineM (965345) writes "Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies."

ConstantineM (965345) writes "Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies."

Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.

badger.foo writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course." From the article: " The NetFlow protocol was invented at Cisco in the early 1990s. It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions. ... On OpenBSD, various netflow sensors and collectors had been available for a while when the new network pseudo device pflow debuted in OpenBSD 4.5."

An anonymous reader writes "The release of OpenBSD 5.4 has been announced. New and notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions."

An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."

An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."

An anonymous reader writes "OpenBSD 5.2 has been released and is available for download. One of the most significant changes in this release is the replacement of the user-level uthreads by kernel-level rthreads, allowing multithreaded programs to utilize multiple CPUs/cores."

An anonymous reader writes "OpenBSD 5.2 has been released and is available for download. One of the most significant changes in this release is the replacement of the user-level uthreads by kernel-level rthreads, allowing multithreaded programs to utilize multiple CPUs/cores."

An anonymous reader writes "Today the 5.1 release of OpenBSD has surfaced. As usual, it includes improved hardware support, but also OpenSSH 6.0 and over 7000 ports, with major performance and stability improvements in the package build process (and some really cool stickers). Here's the changelog, the download page, and the CD-ordering page. "

An anonymous reader writes "Today the 5.1 release of OpenBSD has surfaced. As usual, it includes improved hardware support, but also OpenSSH 6.0 and over 7000 ports, with major performance and stability improvements in the package build process (and some really cool stickers). Here's the changelog, the download page, and the CD-ordering page. "

An anonymous reader writes "Today the 5.1 release of OpenBSD has surfaced. As usual, it includes improved hardware support, but also OpenSSH 6.0 and over 7000 ports, with major performance and stability improvements in the package build process (and some really cool stickers). Here's the changelog, the download page, and the CD-ordering page. "

An anonymous reader writes "Today the 5.1 release of OpenBSD has surfaced. As usual, it includes improved hardware support, but also OpenSSH 6.0 and over 7000 ports, with major performance and stability improvements in the package build process (and some really cool stickers). Here's the changelog, the download page, and the CD-ordering page. "

First time accepted submitter tearmeapart writes "A new version of the operating system that most of us would love to love, but probably hardly ever directly use, has been released. As scheduled, release 5.0 brings support for more hardware, network improvements, and OpenSSH 5.9. The links: changelog; download; main 5.0 page; and how to order your OpenBSD products!"

First time accepted submitter tearmeapart writes "A new version of the operating system that most of us would love to love, but probably hardly ever directly use, has been released. As scheduled, release 5.0 brings support for more hardware, network improvements, and OpenSSH 5.9. The links: changelog; download; main 5.0 page; and how to order your OpenBSD products!"