home Anil Madhavapeddy, Professor of Planetary Computing  

Decentralised tech on Recoil / Sep 2021

Nick Ludlam and I have self-hosted recoil.org since around 1996, typically for email and web. These days, there are a number of interesting software stacks around decentralised communication that we deploy. This note keeps track of them.   […458 words]

# 19th Sep 2021   iconnotes openbsd opensource recoil security selfhosting

OpenBSD cloud hosting options / Aug 2019

I asked on Twitter about hosting options for OpenBSD on cloud providers, so that we could have some alternative options for Recoil. We have a strong preference for bare-metal and not VMs when it comes to OpenBSD. Options that came back were:   […92 words]

# 29th Aug 2019   iconnotes cloud openbsd perscon selfhosting

OpenBSD C2K5 thoughts / Jun 2005

Finally had some time to get back from the OpenBSD hackathon and take stock of what I worked on. It was pretty interesting one this year, as I went without having much idea of what to work on (unlike last year, when I had a mad backlog to catch up on).   […383 words]

# 4th Jun 2005   iconnotes livenotes melange ocaml openbsd security

My static C bounds checker extension merged into OpenBSD (via) / Jun 2003

After many rounds of review and helpful feedback from fellow developers, I merged my GCC static bounds checking extension into OpenBSD today!

Introduce a simple static checker for making sure that the bounds length passed to common functions such as strlcpy/strlcat match the real length of the buffer. It also checks to make sure that the bound length was not incorrectly derived from a sizeof(pointer) operation.

Functions must be marked with the new attribute bounded, and warnings are turned on by -Wbounded. Specifying -Wformat also enables bounds checking for scanf(3) bounds to '%s' format variables. -Wall now turns on -Wbounded also.

The checking is pretty limited right now to constant parameters, and the buffers must be statically declared, and not inside a record type. This simple checking still found hundreds of bugs around the ports tree though, and there have been no false positive warnings.

You can read more details in the gcc-local(1) manual page as well.  

# 27th Jun 2003   iconnotes compiler openbsd opensource security

The Case for Abstracting Security Policies / Jun 2003

My first ever academic paper, written with the expert guidance of Alan Mycroft and my PhD colleagues Dave Scott and Richard Sharp! We worked on a system call policy language to help constrain application access to privileged resources, and implemented this on OpenBSD using systrace. The paper describing the declarative language was presented at SAM 2003 in Las Vegas.

"Untrusted code" is just as much a social problem as it is a technical problem. Looking for a complete solution is unrealistic: it is analogous to looking for a solution to crime in general. With this in mind, we do not claim that our proposed framework is a panacea. However, although a number of security problems remain (e.g. covert channel leakage), we claim that our system offers the potential to raise the security level of existing general purpose operating systems significantly.

# 1st Jun 2003   iconpapers conference dsl kernel openbsd security systems

Streamlining PHP on OpenBSD / Jun 2002

I've committed a big improvement to the PHP port on OpenBSD, by switching from a complex set of FLAVOR tags over to a set of independently installing "multi packages".   […233 words]

# 24th Jun 2002   iconnotes openbsd packaging php

I am now a core PHP developer / Jan 2001

I've been maintaining PHP on OpenBSD for a while now, including the core package distributed as binary packages.

So as of today, the core team has decided I'm trustworthy enough to have my own commit bit to the central PHP repository, where I can commit code fixes and also maintain the OpenBSD on PHP official instructions. You can contact me on avsm@php.net if you need any help!  

# 9th Jan 2001   iconnotes horde openbsd opensource php

I'm now an OpenBSD developer / Dec 2000

I've been using OpenBSD for a few years now as the primary OS for recoil and have been contributing fixes and ports when I get a chance. So I'm incredibly excited to report that the project leader, Theo de Raadt, has invited me to become an OpenBSD developer. I've registered my keys now, and will be known as avsm@openbsd.org!   […196 words]

# 26th Dec 2000   iconnotes openbsd opensource packaging php recoil