Decentralised tech on Recoil / Sep 2021
Nick Ludlam and I have self-hosted recoil.org since around 1996, typically for email and web. These days, there are a number of interesting software stacks around decentralised communication that we deploy. This note keeps track of them. […458 words]
OpenBSD cloud hosting options / Aug 2019
I asked on Twitter about hosting options for OpenBSD on cloud providers, so that we could have some alternative options for Recoil. We have a strong preference for bare-metal and not VMs when it comes to OpenBSD. Options that came back were: […92 words]
OpenBSD C2K5 thoughts / Jun 2005
Finally had some time to get back from the OpenBSD hackathon and take stock of what I worked on. It was pretty interesting one this year, as I went without having much idea of what to work on (unlike last year, when I had a mad backlog to catch up on). […383 words]
My static C bounds checker extension merged into OpenBSD (via) / Jun 2003
After many rounds of review and helpful feedback from fellow developers, I merged my GCC static bounds checking extension into OpenBSD today!
Introduce a simple static checker for making sure that the bounds length passed to common functions such as strlcpy/strlcat match the real length of the buffer. It also checks to make sure that the bound length was not incorrectly derived from a sizeof(pointer) operation.
Functions must be marked with the new attribute bounded, and warnings are turned on by -Wbounded. Specifying -Wformat also enables bounds checking for scanf(3) bounds to '%s' format variables. -Wall now turns on -Wbounded also.
The checking is pretty limited right now to constant parameters, and the buffers must be statically declared, and not inside a record type. This simple checking still found hundreds of bugs around the ports tree though, and there have been no false positive warnings.
You can read more details in the gcc-local(1) manual page as well.
The Case for Abstracting Security Policies / Jun 2003
My first ever academic paper, written with the expert guidance of Alan Mycroft and my PhD colleagues Dave Scott and Richard Sharp! We worked on a system call policy language to help constrain application access to privileged resources, and implemented this on OpenBSD using systrace. The paper describing the declarative language was presented at SAM 2003 in Las Vegas.
"Untrusted code" is just as much a social problem as it is a technical problem. Looking for a complete solution is unrealistic: it is analogous to looking for a solution to crime in general. With this in mind, we do not claim that our proposed framework is a panacea. However, although a number of security problems remain (e.g. covert channel leakage), we claim that our system offers the potential to raise the security level of existing general purpose operating systems significantly.
Streamlining PHP on OpenBSD / Jun 2002
I've committed a big improvement to the PHP port on OpenBSD, by switching from a complex set of FLAVOR tags over to a set of independently installing "multi packages". […233 words]
I am now a core PHP developer / Jan 2001
I've been maintaining PHP on OpenBSD for a while now, including the core package distributed as binary packages.
So as of today, the core team has decided I'm trustworthy enough to have my own commit bit to the central PHP repository, where I can commit code fixes and also maintain the OpenBSD on PHP official instructions. You can contact me on avsm@php.net
if you need any help!
I'm now an OpenBSD developer / Dec 2000
I've been using OpenBSD for a few years now as the primary OS for recoil
and have been contributing fixes and ports when I get a chance. So I'm
incredibly excited to report that the project leader, Theo de Raadt, has
invited me to become an OpenBSD developer. I've registered my keys now, and
will be known as avsm@openbsd.org
! […196 words]