Podcast Episode Details

Back to Podcast Episodes
100: Straight from the Src

100: Straight from the Src

We've finally reached a hundred episodes, and this week we'll be talking to Sebastian Wiedenroth about pkgsrc. Though originally a NetBSD project, now it runs pretty much everywhere, and he even runs a conference about it!

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

Remote DoS in the TCP stack

  • A pretty devious bug in the BSD network stack has been making its rounds for a while now, allowing remote attackers to exhaust the resources of a system with nothing more than TCP connections
  • While in the LAST_ACK state, which is one of the final stages of a connection's lifetime, the connection can get stuck and hang there indefinitely
  • This problem has a slightly confusing history that involves different fixes at different points in time from different people
  • Juniper originally discovered the bug and announced a fix for their proprietary networking gear on June 8th
  • On June 29th, FreeBSD caught wind of it and fixed the bug in their -current branch, but did not issue a security notice or MFC the fix back to the -stable branches
  • On July 13th, two weeks later, OpenBSD fixed the issue in their -current branch with a slightly different patch, citing the FreeBSD revision from which the problem was found
  • Immediately afterwards, they merged it back to -stable and issued an errata notice for 5.7 and 5.6
  • On July 21st, three weeks after their original fix, FreeBSD committed yet another slightly different fix and issued a security notice for the problem (which didn't include the first fix)
  • After the second fix from FreeBSD, OpenBSD gave them both another look and found their single fix to be sufficient, covering the timer issue in a more general way
  • NetBSD confirmed they were vulnerable too, and applied another completely different fix to -current on July 24th, but haven't released a security notice yet
  • DragonFly is also investigating the issue now to see if they're affected as well ***

c2k15 hackathon reports

  • Reports from OpenBSD's latest hackathon, held in Calgary this time, are starting to roll in (there were over 40 devs there, so we might see a lot more of these)
  • The first one, from Ingo Schwarze, talks about some of the mandoc work he did at the event
  • He writes, "Did you ever look at a huge page in man, wanted to jump to the definition of a specific term - say

    Published on 10 years, 4 months ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait