web01.fireside.fm Sat, 09 May 2026 13:55:31 -0500 Fireside (https://fireside.fm) BSD Now - Episodes Tagged with “Telnet” https://www.bsdnow.tv/tags/telnet Thu, 09 May 2024 08:00:00 -0400 Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day. en-us episodic A weekly podcast and the place to B...SD JT Pennington Created by three guys who love BSD, we cover the latest news and have an extensive series of tutorials, as well as interviews with various people from all areas of the BSD community. It also serves as a platform for support and questions. We love and advocate FreeBSD, OpenBSD, NetBSD, DragonFlyBSD and TrueOS. Our show aims to be helpful and informative for new users that want to learn about them, but still be entertaining for the people who are already pros. The show airs on Wednesdays at 2:00PM (US Eastern time) and the edited version is usually up the following day. no berkeley,freebsd,openbsd,netbsd,dragonflybsd,trueos,trident,hardenedbsd,tutorial,howto,guide,bsd,interview JT Pennington feedback@bsdnow.tv 558: Worlds of telnet https://www.bsdnow.tv/558 813adc0b-a4ca-4810-9cac-ef64a1dafccd Thu, 09 May 2024 08:00:00 -0400 JT Pennington full JT Pennington NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs. Plus a special interview with the organizers of BSDCAN 2024. 1:31:12 no <p>NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs. Plus a special interview with the organizers of BSDCAN 2024.</p> <p><strong><em>NOTES</em></strong></p> <p>This episode of BSDNow is brought to you by <a href="https://www.tarsnap.com/bsdnow" target="_blank" rel="nofollow noopener">Tarsnap</a> and the <a href="https://www.patreon.com/bsdnow" target="_blank" rel="nofollow noopener">BSDNow Patreon</a></p> <h2>Headlines</h2> <p><a href="https://www.netbsd.org/releases/formal-9/NetBSD-9.4.html" target="_blank" rel="nofollow noopener">NetBSD 9.4</a></p> <hr> <p><a href="https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/" target="_blank" rel="nofollow noopener">FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance</a></p> <hr> <h2>News Roundup</h2> <p><a href="https://thenewstack.io/the-lost-worlds-of-telnet/" target="_blank" rel="nofollow noopener">The Lost Worlds of Telnet</a></p> <hr> <p><a href="https://sleeplessbeastie.eu/2024/04/18/how-to-alter-file-ownership-and-permissions-with-a-feedback-information/" target="_blank" rel="nofollow noopener">How to alter file ownership and permissions with a feedback information</a></p> <hr> <p><a href="https://www.undeadly.org/cgi?action=article;sid=20240418050520" target="_blank" rel="nofollow noopener">Coming soon to a -current system near you: parallel raw IP input</a></p> <hr> <p><a href="https://www.srcbeat.com/2024/02/aliexpress-openbsd-router/" target="_blank" rel="nofollow noopener">OpenBSD routers on AliExpress mini PCs</a></p> <hr> <p><a href="https://dev.to/scovl/freebsd-for-devs-3n0k" target="_blank" rel="nofollow noopener">FreeBSD for Devs</a></p> <hr> <h2>Tarsnap</h2> <p>This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.</p> <hr> <h2>Feedback/Questions</h2> <ul> <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Daniel%20-%20jail%20issue.md" target="_blank" rel="nofollow noopener">Daniel - jail issue</a></p></li> <li><p><a href="https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Rick%20-%20ZFS.md" target="_blank" rel="nofollow noopener">Rick - ZFS</a></p></li> </ul> <hr> <ul> <li><p>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" target="_blank" rel="nofollow noopener">feedback@bsdnow.tv</a></p></li> <li><p>Join us and other BSD Fans in our <a href="https://t.me/bsdnow" target="_blank" rel="nofollow noopener">BSD Now Telegram channel</a></p></li> </ul> <hr> freebsd, openbsd, netbsd, dragonflybsd, trueos, hardenedbsd, tutorial, howto, guide, bsd, operating system, os, open source, foss, shell, cli, unix, tools, utility, berkeley, software, distribution, development, code, programming, release, zfs, zpool, dataset, filesystem, storage, ports, packages, jails, interview, netbsd 9.4, ssdf, Attestation, Cybersecurity compliance, telnet, file ownership, permissions, feedback information, parallel raw IP input, routers, AliExpress, mini PCs, developers, bsdcan NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs. Plus a special interview with the organizers of BSDCAN 2024.

NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

NetBSD 9.4

FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance

News Roundup

The Lost Worlds of Telnet

How to alter file ownership and permissions with a feedback information

Coming soon to a -current system near you: parallel raw IP input

OpenBSD routers on AliExpress mini PCs

FreeBSD for Devs

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

]]> NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs. Plus a special interview with the organizers of BSDCAN 2024.

NOTES

This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon

Headlines

NetBSD 9.4

FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance

News Roundup

The Lost Worlds of Telnet

How to alter file ownership and permissions with a feedback information

Coming soon to a -current system near you: parallel raw IP input

OpenBSD routers on AliExpress mini PCs

FreeBSD for Devs

Tarsnap

This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.

Feedback/Questions

]]> Episode 309: Get Your Telnet Fix https://www.bsdnow.tv/309 630a645e-fe37-4a56-a2fd-8c51abb5dfe5 Wed, 31 Jul 2019 23:45:00 -0400 JT Pennington full JT Pennington DragonFlyBSD Project colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD, an OpenSSH vulnerability, and more. 48:24 no <p>DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.</p> <h2>Headlines</h2> <h3><a href="http://lists.dragonflybsd.org/pipermail/users/2019-July/358226.html" target="_blank" rel="nofollow noopener">DragonFlyBSD Project Update - colo upgrade, future trends</a></h3> <p>&gt; For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.</p> <p>&gt; The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.</p> <p>&gt; Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.</p> <p>&gt; Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get. </p> <p>&gt; The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. &gt; This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.</p> <p>&gt; Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.</p> <hr> <h3><a href="https://www.oshogbo.vexillium.org/blog/66/" target="_blank" rel="nofollow noopener">Resuming ZFS send</a></h3> <p>&gt; One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?</p> <p>&gt; For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.</p> <p>&gt; In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.</p> <hr> <h2>News Roundup</h2> <h3><a href="https://dataswamp.org/%7Esolene/2019-07-19-ttyplot-netstat-openbsd.html" target="_blank" rel="nofollow noopener">Realtime bandwidth terminal graph visualization</a></h3> <p>&gt; If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.</p> <p>&gt; The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.</p> <hr> <h3><a href="https://flak.tedunangst.com/post/fixing-telnet-fixes" target="_blank" rel="nofollow noopener">fixing telnet fixes</a></h3> <p>&gt; There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.</p> <p>&gt; 1. The first line is indented with spaces while the others use tabs.</p> <p>&gt; 2. The correct type for string length is size_t not unsigned int.</p> <p>&gt; 3. sizeof(char) is always one. There’s no need to multiply by it.</p> <p>&gt; 4. If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)</p> <p>&gt; 5. Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.</p> <p>&gt; 6. Return value of malloc is not checked for NULL.</p> <p>&gt; 7. No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?</p> <p>&gt; 8. The whole operation could be simplified by using asprintf.</p> <p>&gt; 9. Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.</p> <hr> <h3><a href="https://twitter.com/RooneyMcNibNug/status/1152327783055601664" target="_blank" rel="nofollow noopener">A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln</a></h3> <p>&gt; Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (<a href="https://marc.info/?l=openbsd-tech&amp;m=129236621626462" target="_blank" rel="nofollow noopener">https://marc.info/?l=openbsd-tech&amp;amp;m=129236621626462</a> …) Today, I got an interesting but unexpected responsive record: </p> <ul> <li> <a href="https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/" target="_blank" rel="nofollow noopener">Freedom of Information Act: FBI: OpenBSD</a> </li> <li><a href="https://github.com/RooneyMcNibNug/FOIA/blob/master/Responsive%20Docs/OpenBSD/FBI_OpenBSD_response_OCRd.pdf" target="_blank" rel="nofollow noopener">GitHub Repo</a></li> </ul> <hr> <h2>Beastie Bits</h2> <ul> <li><a href="https://mwl.io/archives/4378" target="_blank" rel="nofollow noopener">“Sudo Mastery, 2nd Edition” open for tech review</a></li> <li><a href="https://www.freebsdnews.com/2019/07/12/freebsd-journal-freebsd-for-makers/" target="_blank" rel="nofollow noopener">FreeBSD Journal: FreeBSD for Makers</a></li> <li><a href="http://mail-index.netbsd.org/netbsd-advocacy/2019/07/19/msg000808.html" target="_blank" rel="nofollow noopener">OpenBSD and NetBSD machines at Open Source Conference 2019 Nagoya</a></li> <li><a href="https://www.youtube.com/watch?v=zuj9pRNR2oM" target="_blank" rel="nofollow noopener">FreeBSD 12.0: WINE Gaming</a></li> <li><a href="https://www.netbsd.org/gallery/presentations/wiz/pkgsrccon2019/index.html#/" target="_blank" rel="nofollow noopener">Introduction to the Structure and Interpretation of TNF (The NetBSD Foundation)</a></li> <li><a href="https://www.vbsdcon.com/" target="_blank" rel="nofollow noopener">vBSDcon speakers announced</a></li> </ul> <hr> <h2>Feedback/Questions</h2> <ul> <li>Pat - <a href="http://dpaste.com/21Y1PRM" target="_blank" rel="nofollow noopener">NYCBug Aug 7th</a> </li> <li>Tyler - <a href="http://dpaste.com/3JEVVEF#wrap" target="_blank" rel="nofollow noopener">SSH keys vs password</a> </li> <li>Lars - <a href="http://dpaste.com/0RAFMXZ" target="_blank" rel="nofollow noopener">Tor-Talk</a> </li> </ul> <hr> <ul> <li>Send questions, comments, show ideas/topics, or stories you want mentioned on the show to <a href="mailto:feedback@bsdnow.tv" target="_blank" rel="nofollow noopener">feedback@bsdnow.tv</a> </li> </ul> <hr> <source src="http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2019/bsd-0309.mp4" type="video/mp4"> Your browser does not support the HTML5 video tag. </source> freebsd, openbsd, netbsd, dragonflybsd, trueos, trident, hardenedbsd, tutorial, howto, guide, bsd, interview, zfs, send, terminal, bandwidth, graph, realtime, telnet DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.

Headlines

DragonFlyBSD Project Update - colo upgrade, future trends

For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.

The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.

Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.

Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get.

The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.

Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.

Resuming ZFS send

One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?

For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.

In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.

News Roundup

Realtime bandwidth terminal graph visualization

If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.

The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.

fixing telnet fixes

There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.

  1. The first line is indented with spaces while the others use tabs.

  2. The correct type for string length is size_t not unsigned int.

  3. sizeof(char) is always one. There’s no need to multiply by it.

  4. If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)

  5. Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.

  6. Return value of malloc is not checked for NULL.

  7. No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?

  8. The whole operation could be simplified by using asprintf.

  9. Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.

A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln

Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I got an interesting but unexpected responsive record:

Beastie Bits

Feedback/Questions

  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
]]> DragonFlyBSD Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with OpenBSD and an OpenSSH vuln, and more.

Headlines

DragonFlyBSD Project Update - colo upgrade, future trends

For the last week I've been testing out a replacement for Monster, our 48-core opteron server. The project will be removing Monster from the colo in a week or two and replacing it with three machines which together will use half the power that Monster did alone.

The goal is to clear out a little power budget in the colo and to really beef-up our package-building capabilities to reduce the turn-around time needed to test ports syncs and updates to the binary package system.

Currently we use two blades to do most of the building, plus monster sometimes. The blades take almost a week (120 hours+) to do a full synth run and monster takes around 27.5 hours. But we need to do three bulk builds more or less at the same time... one for the release branch, one for the development branch, and one for staging updates. It just takes too long and its been gnawing at me for a little while.

Well, Zen 2 to the rescue! These new CPUs can take ECC, there's actually an IPMI mobo available, and they are fast as hell and cheap for what we get.

The new machines will be two 3900X based servers, plus a dual-xeon system that I already had at home. The 3900X's can each do a full synth run in 24.5 hours and the Xeon can do it in around 31 hours. Monster will be retired. And the crazy thing about this? Monster burns 1000W going full bore. Each of the 3900X servers burns 160W and the Xeon burns 200W. In otherwords, we are replacing 1000W with only 520W and getting roughly 6x the performance efficiency in the upgrade. This tell you just how much more power-efficient machines have become in the last 9 years or so. > This upgrade will allow us to do full builds for both release and dev in roughly one day instead of seven days, and do it without interfering with staging work that might be happening at the same time.

Future trends - DragonFlyBSD has reached a bit of a cross-roads. With most of the SMP work now essentially complete across the entire system the main project focus is now on supplying reliable binary ports for release and developer branches, DRM (GPU) support and other UI elements to keep DragonFlyBSD relevant on workstations, and continuing Filesystem work on HAMMER2 to get multi-device and clustering going.

Resuming ZFS send

One of the amazing functionalities of ZFS is the possibility of sending a whole dataset from one place to another. This mechanism is amazing to create backups of your ZFS based machines. Although, there were some issues with this functionality for a long time when a user sent a big chunk of data. What if you would do that over the network and your connection has disappeared? What if your machine was rebooted as you are sending a snapshot?

For a very long time, you didn't have any options - you had to send a snapshot from the beginning. Now, this limitation was already bad enough. However, another downside of this approach was that all the data which you already send was thrown away. Therefore, ZFS had to go over all this data and remove them from the dataset. Imagine the terabytes of data which you sent via the network was thrown away because as you were sending the last few bytes, the network went off.

In this short post, I don't want to go over the whole ZFS snapshot infrastructure (if you think that such a post would be useful, please leave a comment). Now, to get back to the point, this infrastructure is used to clone the datasets. Some time ago a new feature called “Resuming ZFS send” was introduced. That means that if there was some problem with transmitting the dataset from one point to another you could resume it or throw them away. But the point is, that yes, you finally have a choice.

News Roundup

Realtime bandwidth terminal graph visualization

If for some reasons you want to visualize your bandwidth traffic on an interface (in or out) in a terminal with a nice graph, here is a small script to do so, involving ttyplot, a nice software making graphics in a terminal.

The following will works on OpenBSD. You can install ttyplot by pkg_add ttyplot as root, ttyplot package appeared since OpenBSD 6.5.

fixing telnet fixes

There’s a FreeBSD commit to telnet. fix a couple of snprintf() buffer overflows. It’s received a bit of attention for various reasons, telnet in 2019?, etc. I thought I’d take a look. Here’s a few random observations.

  1. The first line is indented with spaces while the others use tabs.

  2. The correct type for string length is size_t not unsigned int.

  3. sizeof(char) is always one. There’s no need to multiply by it.

  4. If you do need to multiply by a size, this is an unsafe pattern. Use calloc or something similar. (OpenBSD provides reallocarray to avoid zeroing cost of calloc.)

  5. Return value of malloc doesn’t need to be cast. In fact, should not be, lest you disguise a warning.

  6. Return value of malloc is not checked for NULL.

  7. No reason to cast cp to char * when passing to snprintf. It already is that type. And if it weren’t, what are you doing?

  8. The whole operation could be simplified by using asprintf.

  9. Although unlikely (probably impossible here, but more generally), adding the two source lengths together can overflow, resulting in truncation with an unchecked snprintf call. asprintf avoids this failure case.

A Chapter from the FBI’s History with OpenBSD and an OpenSSH Vuln

Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, originally discussed by OpenBSD devs (https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I got an interesting but unexpected responsive record:

Beastie Bits

Feedback/Questions

  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
]]>