OpenBSD - papers, publications

[muflon]

"The number of UNIX installations has grown to 10, with more expected."
-> The UNIX Programmer's Manual, 2nd Edition, June, 1972.

----------------------------------------
A) OpenBSD - papers, publications
----------------------------------------

[1] Boutaba A., Murenin C.A., OpenBSD HARDWARE SENSORS FRAME WORK. A unified and ready to use system for hassle-free hardware monitoring., 2009 -[pdf]

[2] Brauer H., The surprising complexity of TCP/IP checksums in the network stack, 2013 - [pdf]

[3] Britt A.M., Data Structures Used in the OpenBSD Kernel, 2012 -[pdf]

[4] Burnside M., Keromytis A.D., Raadt de, T., Wright J.L., Cryptography As An Operating System Service: A Case Study, ACM, 2006[/I] -[pdf] [u1]

[5] Callahan B., OpenBSD: a crash course, 2014 -[pdf] [Also look at part C) Miscellanea - to hear the recorded and related version to this conference]

[6] Callahan B., Intro to OpenBSD, 2014 - [pdf]

[7] Faurot E., OpenSMTPD: We deliver!, 2013 -[pdf] [u1]

[8] Guillaume K., SECURITY : OPENBSD VS FREEBSD, 2014 - [html] [blog entry]

[9] Hartmeier D., Firewall Management, 2006[?] - [html]

[10] Hartmeier D.,Firewall Ruleset Optimization, 2006[?] - [html]

[11] Hartmeier D.,Testing Your Firewall, 2006[?] - [html]

[12] Jeker C., OpenBGPD bringing full views to OpenBSD since 2004, 2009 -[pdf] [u1]

[13] Jeker C., Oppermann A., The Design and Implementation of OpenBGPd, 2004[/I] -[pdf] [u1]

[14] Keromytis A.D., Raadt de, T., Wright J.L., The Design of the OpenBSD Cryptographic Framework, Usenix, 2003 -[pdf] [u1]

[15] Kirillov V., OpenBSD Kernel Internals - The Hitchhiker's Guide, 2009 -[pdf]

[16] Lawrence T., Managing 600 OpenBSD-based Firewalls in Microsoft-Centric Small and Medium Businesses, 2010 - [pdf] [u1]

[17] Miller D., Secure Portability, 2005 -[pdf]

[18] Miller D., Security measures in OpenSSH, 2007 -[pdf] [u1]

[19] Miller D., What's new in OpenSSH?, 2011 -[pdf] [u1]

[20] Miller T. C., Raadt de, T., strlcpy and strlcat — consistent, safe, string copy and concatenation, Usenix, 1999 -[pdf] [u1]

[21] Millican E., Building an IPv6 Firewall with OpenBSD, ? - [pdf]

[22] Murenin C.A., History of the OpenBSD - Hardware Sensors Framework, 2008 -[pdf]

[23] Murenin C.A., OpenBSD Hardware Sensors: Environmental Monitoring and Fan Control, 2010 -[pdf]

[24] Schneeberger C., Firewalling IPv6 with OpenBSD's pf (packet filter), 2003 - [pdf]

[25] Schiffman M., The Belt And Suspenders Approach [OpenBSD Kernel Enhancements], 1998 -[pdf] [u1]

[26] Schwarze I., Let’s make manuals more useful!, 2014 -[pdf]

[27] Schwarze I., Let’s make manuals more useful!: Tutorial on software documentation, 2014 -[pdf]

[28] Schwarze I., New trends in mandoc: Enhancing the modern toolbox for the classic documentation formats, 2014 -[pdf]

[29] Unangst T., rthreads: A New Thread Implementation for OpenBSD, 2005 -[pdf] [u1]

[30] Urig V., IPv6 HowTo for OpenBSD, 2008 -[pdf]

[31] GPU Accelerated Cryptography as an OS Service, 2009 - [pdf]


-------------------------------
B) BSDTalk Interviews:
-------------------------------

[1] bsdtalk236 - NYCBSDCon 2014 with Brian Callahan and Ike Levy (December 21, 2013) - Interview with Brian Callahan and Ike Levy about the upcoming NYCBSDCon 2014.


---------------------------------------------------------
C) Miscellanea [Video/Audio Interviews-Presentations, etc.]:
---------------------------------------------------------

[1] Interview with Henning Brauer , (ruBSD 2013) - [YouTube]

[2] BSD Now 38 - A BUG's Life; "This week on the show we'll be chatting with Brian Callahan and Aaron Bieber about forming a local BSD users group." - [YouTube]

[3] Brian Callahan, OpenBSD: a crash course, at NYC*BUG, January 2014 - [mp3]

[4] Interview with Theo de Raadt, (ruBSD 2013) - [YouTube]

[sacerdos_daemonis]

What about Lucas, Michael W., Absolute OpenBSD, UNIX for the Practical Paranoid, 2013?

[muflon]

Quote:

Originally Posted by sacerdos_daemonis

What about Lucas, Michael W., Absolute OpenBSD, UNIX for the Practical Paranoid, 2013?

Moin sacerdos_daemonis,

My intention with creating this [and NetBSD] Topic, was to published here only those documents, books.. that are publicly available for download.

But Yes, If you wish You can also add here - for notice reason - also those that are "listed" on bookstore shelves

Salut!
Marcin

[hitest]

Quote:

Originally Posted by sacerdos_daemonis

What about Lucas, Michael W., Absolute OpenBSD, UNIX for the Practical Paranoid, 2013?

A wonderful read. Michael writes with clarity and wit.

[muflon]

bsdtalk236 - NYCBSDCon 2014 with Brian Callahan and Ike Levy (December 21, 2013) - Interview with Brian Callahan and Ike Levy about the upcoming NYCBSDCon 2014.

Brian Callahan, OpenBSD: a crash course, 2014 -[pdf]

[ibara]

Quote:

Originally Posted by muflon

Brian Callahan, OpenBSD: a crash course, 2014 -[pdf]

My talk was also recorded and audio (with these slides) are available here:
http://www.nycbug.org/index.cgi?acti...id=10343#10343
In other news, there is a slightly updated/broader version of that talk I gave here:
http://devio.us/~bcallah/openbsdrpisec.pdf

[hitest]

Quote:

Originally Posted by ibara

My talk was also recorded and audio (with these slides) are available here:
http://www.nycbug.org/index.cgi?acti...id=10343#10343
In other news, there is a slightly updated/broader version of that talk I gave here:
http://devio.us/~bcallah/openbsdrpisec.pdf

Thanks, ibara. Enjoying your lecture now.

[Oko]

Quote:

Originally Posted by ibara

My talk was also recorded and audio (with these slides) are available here:
http://www.nycbug.org/index.cgi?acti...id=10343#10343
In other news, there is a slightly updated/broader version of that talk I gave here:
http://devio.us/~bcallah/openbsdrpisec.pdf

Thank you.

[ibara]

I guess since people are interested, I also did a MIPS on OpenBSD talk back in 2013 (audio and slides):
http://www.nycbug.org/index.cgi?acti...id=10334#10334

[muflon]

Quote:

Originally Posted by ibara

My talk was also recorded and audio (with these slides) are available here:
http://www.nycbug.org/index.cgi?acti...id=10343#10343
In other news, there is a slightly updated/broader version of that talk I gave here:
http://devio.us/~bcallah/openbsdrpisec.pdf

I've done an Update to the above list. Also including BSD Now 38 - A BUG's Life.

Thank You for this Talk.

Salut,
Marcin

[scottro]

ibara, that was very nice, thank you.

[vanGrimoire]

Thanks ibara, I hadn't read the terms of the ISC license until now.

[J65nko]

http://daemonforums.org/showthread.php?t=4376 has some background info from Theo de Raadt about the ISC license.

[muflon]

I've added to the above list 3 articles written by Daniel Hartmeier, and related to pf

[1] Hartmeier D., Firewall Management, 2006[?] - [html]
[2] Hartmeier D.,Firewall Ruleset Optimization, 2006[?] - [html]
[3] Hartmeier D.,Testing Your Firewall, 2006[?] - [html]

BTW: I recommend His website www.benzedrine.cx

Also added an interview with Theo de Raadt, taken at ruBSD 2013

[Oko]

As I replay to a long thread OpenBSD projects http://marc.info/?l=openbsd-misc&m=141980851122724&w=2

Ingo has just assembled the most incredible list of OpenBSD related projects.

http://mdocml.bsd.lv/openbsd_projects.html

As he noted it is really difficult to draw a line what is or what is not OpenBSD related. For example I don't see nvi even though developers practically forked nvi version 1.79 which is shipped with BSDs and created OpenBSD fork clean of bugs and lots of obsolete code. It will be available for 5.7 release.

[ibara]

Quote:

Originally Posted by Oko

For example I don't see nvi even though developers practically forked nvi version 1.79 which is shipped with BSDs and created OpenBSD fork clean of bugs and lots of obsolete code. It will be available for 5.7 release.

nvi has been part of OpenBSD since the very first commit of OpenBSD (literally: see http://cvsweb.openbsd.org/cgi-bin/cv....bin/vi/README and scroll all the way to the bottom). Nvi 1.79 was imported on July 27, 1997 (17 years, 5 months ago according to the CVS logs).

Yes, there has been some work done on vi(1) recently. Namely, ansification (a diff that I personally reviewed), removal of the Perl API that was broken for years, and removal of portability goo we don't need. But it's still a mess. Personally I would love to build a new, modern vi from scratch but ENOTIME. I wouldn't call this in any way an OpenBSD project. All the BSDs have made extensive changes to their import of nvi. I like what FreeBSD has done with theirs. But it's still kludge on a program from the early 90s (and older).

[backrow]

Quote:

Originally Posted by Oko

For example I don't see nvi even though developers practically forked nvi version 1.79 which is shipped with BSDs and created OpenBSD fork clean of bugs and lots of obsolete code. It will be available for 5.7 release.

This is really exaggerating things. It was a handful of commits making nice but basically trivial changes. It’s not a fork. Actually it nudges things a little closer to FreeBSD nvi (but not close enough).

[muflon]

Out there, in the vast space of Internet, there is a good presentation about network stack virtualization in OpenBSD, presented in 2009 by Claudio Jeker at Slackathon; Schizophrenic Firewalls - virtualized network stack and other crazyness in OpenBSD: https://www.youtube.com/watch?v=NfyyBI7JHQI - as usual, youtube-dl is good choice to preserve it. Slides: http://www.openbsd.org/papers/f2k9-vrf/
And the article written also by C. Jeker in 2008, OpenBSD network stack internals: http://www.openbsd.org/papers/asiabsdcon08-network.pdf that is related to VRF (virtual routing and forwarding) and Label Distribution Protocol, which distributes MPLS label mappings between routers <-- and to MPLS I found also text written by him; Demystifying MPLS The MPLS framework in OpenBSD: https://2011.eurobsdcon.org/papers/jeker/MPLS.pdf

[muflon]

Results of a 2006 statistical study done by Andy Ozment and Stuart Schechter, MIT, Milk or Wine: Does Software Security Improve with Age? that reported an overall vulnerability density in OpenBSD distributions from version 2.3 till 3.7, presented at 15th USENIX Security Symposium in 2006:

https://www.usenix.org/legacy/event/...t/ozment_html/