Language Selection

English French German Italian Portuguese Spanish

BSD

OpenBSD Gets Mitigated For Meltdown CPU Vulnerability

Filed under
Security
BSD
  • OpenBSD Gets Mitigated For Meltdown CPU Vulnerability

    A few days back FreeBSD 11 stable was mitigated for Meltdown (and Spectre vulnerabilities), which came more than one month after these nasty CPU vulnerabilities were disclosed while DragonFlyBSD was quickly mitigated and the first of the BSDs to do so. While OpenBSD is known for its security features and focus, only today did it land its initial Meltdown mitigation.

  • Meltdown fix committed by guenther@

    Meltdown mitigation is coming to OpenBSD. Philip Guenther (guenther@) has just committed a diff that implements a new mitigation technique to OpenBSD: Separation of page tables for kernel and userland. This fixes the Meltdown problems that affect most CPUs from Intel. Both Philip and Mike Larkin (mlarkin@) spent a lot of time implementing this solution, talking to various people from other projects on best approaches.

    In the commit message, Philip briefly describes the implementation [...]

Linux KPI-Based DRM Modules Now Working On FreeBSD 11

Filed under
Linux
BSD

Thanks to work done by Hans Petter Selasky and others, this drm-next-kmod port is working on FreeBSD 11 stable. What's different with this package from the ports collection versus the ported-from-Linux Direct Rendering Modules found within the FreeBSD 11 kernel is that these DRM modules are using the linuxkpi interface.

Read more

FreeBSD Finally Gets Mitigated For Spectre & Meltdown (and Hugs)

Filed under
BSD
  • FreeBSD Finally Gets Mitigated For Spectre & Meltdown

    Landing in FreeBSD today was the mitigation work for the Meltdown and Spectre CPU vulnerabilities.

    It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.

    There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.

  • FreeBSD outlaws virtual hugs
  • AsiaBSDCon 2018 Conference Programme

Linux, Linux Foundation, Graphics, and BSD

Filed under
Linux
BSD

OPNsense 18.1

Filed under
Security
BSD
  • OPNsense 18.1 released

    For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

    We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this release, nicknamed "Groovy Gecko". Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

  • OPNsense 18.1 BSD Firewall/Network OS Released

    After hitting the RC phase a few weeks ago, OPNsense 18.1 has been officially released as the latest version of this pfSense-forked network/router-oriented BSD operating system.

    OPNsense 18.1 is based on FreeBSD 11.1 while pulling in the HardenedBSD security changes. OPNsense 18.1 reworks its firewall NAT rules, PHP 7.1 and jQuery 3 are powering the web interface, there is now OpenVPN multi-remote support for clients, IPv6 shared forwarding support, improvements for intrusion detection alerts, a rewritten firewall live log, reverse DNS support for insight reporting, and a variety of new plugins.

BSD: LLVM/Clang-Based AOCC and OpenBSD Foundation Fundraising Campaign

Filed under
BSD
  • AMD AOCC Compiler 1.1 Released For Zen CPUs

    AOCC 1.1 is the second public release of the AMD Optimizing C/C++ Compiler designed for Ryzen/Threadripper/EPYC processors.

    Back in May AMD released AOCC 1.0 as their optimized compiler stack for Ryzen CPUs. AOCC is the replacement to the company's older AMD Open64 compiler designed for older CPUs. With Open64 sadly being a relic now of the past, AOCC is based upon LLVM/Clang.

  • Our 2018 Fundraising Campaign

    The OpenBSD Foundation needs your help to achieve our fundraising goal of $300,000 for 2018.

    Reaching this goal will ensure the continued health of the projects we support, will enable us to help them do more, and will avoid the distraction of financial emergencies that could spell the end of the projects.

Are the BSDs dying? Some security researchers think so

Filed under
BSD

Struck by the small number of reported BSD kernel vulnerabilities compared to Linux, von Sprundel sat down last summer and reviewed BSD source code in his spare time. "How come there are only a handful of BSD security kernel bugs advisories released every year?" he wanted to know. Is it because the BSDs are so much more secure? Or is it because no one is looking?

von Sprundel says he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.

"By and large, most security flaws in the Linux kernel don't have a long lifetime. They get found pretty fast," von Sprundel says. "On the BSD side, that isn't always true. I found a bunch of bugs that have been around a very long time." Many of them have been present in code for a decade or more.

Read more

Compilers and CLI: LLVM, GCC and Bash

Filed under
Development
GNU
BSD

Some FreeBSD Users Are Still Running Into Random Lock-Ups With Ryzen

Filed under
BSD

While Linux has been playing happily with Ryzen CPUs as long as you weren't affected by the performance marginality problem where you had to swap out for a newer CPU (and Threadripper and EPYC CPUs have been running splendid in all of my testing with not having any worries), it seems the BSDs (at least FreeBSD) are still having some quirks to address.

This week on the FreeBSD mailing list has been another thread about Ryzen issues on FreeBSD. Some users are still encountering random lockups that do not correspond to any apparent load/activity on the system.

Read more

The Top 10 Linux Distros You Never Heard About

Filed under
GNU
Linux
BSD

As I have mentioned in previous articles, the open-source community is littered with many distributions – some of which you might never get to hear about if you’re not connected to an affiliated party or happen to come across a reference ad.

Plus, it’s a new year and we have been dropping Top 10 (and sometimes higher) titles since it began so you shouldn’t be surprised that we are here with another one.

In case you missed it, we recently published an article on The Top 10 Linux Desktop Distros of 2017, and I thought it will be nice if we checked out a couple of distros that might not have made it to the limelight in 2017 but are still significant and will probably be of great use to our readers.

Read more

Syndicate content

More in Tux Machines

openSUSE Tumbleweed Is Now Powered by Linux Kernel 4.17, KDE Plasma 5.13 Landed

As of today, the openSUSE Tumbleweed rolling operating system is now powered by the latest and most advanced Linux 4.17 kernel series, which landed in the most recent snapshot released earlier. Tumbleweed snapshot 20180615 was released today, June 17, 2018, and it comes only two days after snapshot 20180613, which added the Mesa 18.1.1 graphics stack and KDE Plasma 5.13 desktop environment, along with many components of the latest KDE Applications 18.04.2 software suite. Today's snapshot 20180615 continued upgrading the KDE Applications software suite to version 18.04.2, but it also upgraded the kernel from Linux 4.16.12 to Linux 4.17.1. As such, OpenSuSE Tumbleweed is now officially powered by Linux kernel 4.17, so upgrading your installs as soon as possible would be a good idea. Read more

today's howtos and leftovers

OSS Leftovers

  • Using Open Source Software in a SecDevOps Environment
    On 21 June 2018 the Open Source Software3 Institute is hosting a discussion that should be of high interest to enterprise technologists in the DC/Northern Virginia, Maryland area. From their invite: Come hear from our panelists about how the worlds of Open Source Software and the Secure Development / Operations (SecDevOps) intersect and strengthen one another. SecDevOps seeks to embed security in the development process as deeply as DevOps has done with operations, and Open Source Software is a major factor in Security, Development, and Operations. Tickets are free, but you need to register soon because seating is limited.
  • TenFourFox FPR8b1 available
    TenFourFox Feature Parity Release 8 beta 1 is now available (downloads, release notes, hashes). There is much less in this release than I wanted because of a family member in the hospital and several technical roadblocks. Of note, I've officially abandoned CSS grid again after an extensive testing period due to the fact that we would need substantial work to get a functional implementation, and a partially functional implementation is worse than none at all (in the latter case, we simply gracefully degrade into block-level divs). I also was not able to finish the HTML input date picker implementation, though I've managed to still get a fair amount completed of it, and I'll keep working on that for FPR9. The good news is, once the date picker is done, the time picker will use nearly exactly the same internal plumbing and can just be patterned off it in the same way. Unlike Firefox's implementation, as I've previously mentioned our version uses native OS X controls instead of XUL, which also makes it faster. That said, it is a ghastly hack on the Cocoa widget side and required some tricky programming on 10.4 which will be the subject of a later blog post.
  • GNU dbm 1.15
    GDBM tries to detect inconsistencies in input database files as early as possible. When an inconcistency is detected, a helpful diagnostics is returned and the database is marked as needing recovery. From this moment on, any GDBM function trying to access the database will immediately return error code (instead of eventually segfaulting as previous versions did). In order to reconstruct the database and return it to healthy state, the gdbm_recover function should be used.

Server: GNU/Linux Dominance in Supercomputers, Windows Dominance in Downtime

  • Five Supercomputers That Aren't Supercomputers
    A supercomputer, of course, isn't really a "computer." It's not one giant processor sitting atop an even larger motherboard. Instead, it's a network of thousands of computers tied together to form a single whole, dedicated to a singular set of tasks. They tend to be really fast, but according to the folks at the International Supercomputing Conference, speed is not a prerequisite for being a supercomputer. But speed does help them process tons of data quickly to help solve some of the world's most pressing problems. Summit, for example, is already booked for things such as cancer research; energy research, to model a fusion reactor and its magnetically confined plasma tohasten commercial development of fusion energy; and medical research using AI, centering around identifying patterns in the function and evolution of human proteins and cellular systems to increase understanding of Alzheimer’s, heart disease, or addiction, and to inform the drug discovery process.
  • Office 365 is suffering widespread borkage across Blighty
     

    Some users are complaining that O365 is "completely unusable" with others are reporting a noticeable slowdown, whinging that it's taking 30 minutes to send and receive emails.