 Turning on the microphone Fixed it up twice, but that's this time. That's good Now let's see if we can Get some video up here. Yes, you've seen this already Now that everybody's refreshed any questions turn up Yes Of course If you're building your own ports You all do it's a it's a family parallel procedure You can if you're building your own port you will check out the port street For keeping your packages up to date. It's Package ads minus you updates from if they're well There has been a bit back and forth with updates for stable packages Some periods we've had them others well for personnel reasons there haven't been any so I would need to check what what the What's the situation at the moment, but If you if there is an update to to the pack to the package Or two ports tree Basically with the way the way you go for building a port locally is all change change that directory and Make make install right in most cases I shouldn't shouldn't be Shouldn't be really necessary because The end product is the binary package anyway, so package ads package ads minus you if there is one available So and anyway, if you well for lazy people like me who jumped from from snapshot to snapshot anyway, there's upgrades for Do the upgrade and do the package at minus you go go get some coffee or something or well Basically, the system will will keep working anyway. You can you do it in the background, so Some brittle applications like LibreOffice sometimes get a little iffy with their libraries go way under them, but you know, it's and Basically, you will not see things like your library version bumps will be between releases anyway So if you're running stable, you won't really have that problem But you there might be security updates to stuff like say Firefox So No, there was a Firefox exploit this week was nice. I I'm not quite sure about the all the exact situation there, but Pipe up on the mailing list and somebody will tell you I guess Now For upgrading we can always do a demo upgrading Rest of my notes here are Any suggestions any Anything you're you're curious about Yes, oh For the for the QMU. Oh, I can fetch that from my command history. I think Just need to find the the correct terminal Might be a challenge Yes, yeah, I'll find it for you at some point Yeah, here you go. So basically the You probably want larger fonts here Which of course made the thing a lot bigger Sorry, I'll adjust that in just a moment It's it applies to every terminal I have. Okay, which will be sort of interesting after a while. I guess Anyway, the command line was Yeah, well, you can probably see it up QMU system, whatever the the image you you will have created the image beforehand Minus CD ROM and you see in the CD image. So QMU can be well It's not a high-performance system, but it's quite useful for just looking up stuff so and running Running Running emulations like and demonstrations like like these ones for a now if you want want to run a An upgrade It'll be almost the same as the previous one Well anyway, well that's copying Now this should actually I'm not quite sure which which is the idea. I just told you from Yeah, it's 5.6. So You should be able to do an upgrade soon after this completes you for upgrade and Or likely guesses your Root file system the process you check I'll ask politely whether Or You have other file systems you want to check here what I've also found the well actually it uses the Whatever configuration it finds on the On the root file system you put for it It checks whether you want to To run full file system only ask if you want to do full files file system checks on the Non-root file systems usually well unless you know they're dirty well don't because it'll only take well it does a Very Chris recheck of the file systems anyway And as you can see them the mountain Mounting this point You could As I mentioned earlier if you have the the upgrade sets on disk somewhere Just this and you will You will then Next prompt will be where it is and you just everything is mounted under a slash MNT So in my case it would be a slash MNT home Peter upgrade Go for it. Here we go for a CD, which is default anyway And I think we'll see here is the Once we say which sets we want And I think you were way. Oh, I thought I thought we were going to see the the verification Something went bad then Anyway, it's here just installs in the regular Oh, I screwed up something with the with the upgrade here then because on In most of the cases you would have seen the signify Verification first and then it starts installing from here on it's not really interesting. You know, it's just a regular install Or a regular upgrade It will At the end of here it will ask you to run sys merge Which is well same ID as free beasties Merge master only well only only slightly different because this is open beastie and This was it can it used to be that it would require a pristine a source tree Equivalent to your install sets. It's been able to for quite a few releases to run off install sets with the It's and it's ex sets sets for the configuration for base system and next respectively now the it's set has been rolled into the base set anyway, so You basically run sys merge and it will Just merge your files much much the same as as merge master does on free beastie Depending on how far you jump it will be well a fairly quick and painless conversion Now I guess we could start going into the anecdotes of coddling the the browsers well I don't know if anybody any of you follow me on Twitter or so forth if you do you would know that I have a sort of a Love-hate relationship with the Libre office I was well for doing the during for doing the book as fortunately the situation where it was Writing stuff in the Libre office. Libre office has a number of bugs. One of them is that if you're You do revision tracking as one does in most arch editing process There is a high number of revisions. You can actually have in a file before Libre office crashes So that So and of course, it's and it's a memory hog the other memory hog is that any browser any modern browser is going to eat all memory to throw at it and And while I was running mainly running Chrome, which says quite helpfully in the package read me that the shared shared memory Setting can't be cranked to To Accommodate stuff like you Memory hogs like Chrome. So I started doing that. You can also do go by the by the you limit So this was well was still running on my whole think pack, which was four gig machine and it was getting painful and Anyway, if you log in on desktop, you will be you will be one part of the staff Staff group anyway These are the settings. I all data size infinity some of this is probably overkill and This baby here got up to a number where I think I'm probably up to about half the real memory in that system at the point, but that's what that at that point the the browser started almost Almost behaving not crashing randomly or just freezing for five minutes at a time or ten minutes even Then again, well one thing or two things happened. I just got bored and switched to Firefox which at the time was slightly better Tends to well these monster programs tends to they tend to alternate be For the title of the buggy is the program in your system So I tend to switch back and forth and unfortunately Well run run Firefox and labor office and you will have a fight on your hands Anyway, at least inside four gigs Ram. Fortunately, I got lucky and got myself a slightly better system But you might you will it's very easy to Get caught in down the rabbit hole for accommodating Desktop applications, so they're even they're much worse than the most server applications. I can tell you So it's a potential rabbit hole If I'm any worse stories about that, I'm glad to hear them. I might even write about them at some point But let's see what's actually new in in five of six This is what I've been waiting for right? You can see the the full list the canonical list is The one here actually it's It's not done. They're not done editing this and they're not done editing the the five of six release page either and Because well five of six is not out yet It's let's see. It's actually been a couple of days since I Since I checked so that there's probably some things that have happened. I think you can actually pre-order Yes, you can you see it's only This list is now It's getting fleshed out But I've got the the cliff notes here Now these in the big news in five five One of the big new items in the five five was that the new traffic shaping system and Before five before five Henning was talking about while we should probably keep both system in base for couple releases Turned out it was too painful to To maintain both so in five six old cue is gone You have to really have to do one of the traffic shaping. There is no way, but no the new way if you're interested in looking at the new New traffic shaping we can do that And it takers Not really Yes, no one that you may have downloaded already So and it is also in the notes for the pf tutorial girls and male has Now been superseded by the slightly more user-friendly SMTPD for us the default MTA if you're running on a new install And you're not actually running a mail server You don't really need to know about it. But anyway, SMTPD has a fairly pf-like And human readable configuration format. So your typical smtpd.conf would be less than 20 lines compared to Whatever Send mail config would be or it's even in at least any in the simple cases. It's even It's even simpler than stuff like xm or postfix. So Unfortunately, I haven't I haven't gotten around to to books Book quality conflicts to throw it he yet, but it might happen Kerberos wasn't based for quite a while during the by the Heimdall System problem was that it ended up being un-maintained like nobody's actually using it. So it's been removed With some ripple effect on stuff like sshd and tell that to tell that You can there is it's returning as a base a package And with all the back-and-forth over bind Name D Bind is being retired if you want to run your you can still run Bind on OpenBSD if you install the package, but it's been removed by this removed from base system Basically the the the maintenance became too painful and The long-term plan which is now almost come to fruition is to use nsd for the authoritative name service and unbound for reserve recursive Resolver which makes sense because a an authoritative name server and recursive resolver are Function functionality different enough that it makes sense to have separate demons for it so For those of you who run Web servers with just the OpenBSD base system the traditional HDTVD Used to be a fork at patchy 1.3 I know that will bring chuckles to Linux people because nobody's been using the Apache 1.mumble for years and years and years problem was back in the day that Apache changed licenses and the Apache license was just not compatible with the OpenBSD base system. So we were the OpenBSD developers Forked patchy 1.3 maintained it for many painful years somebody Commenced the project that introducing nginx was a better solution So nginx is the default HDTVD in OpenBSD 5.6 We will see changes by 5.7 nginx will be a package as we already mentioned the installer no longer supports FTP and Well, OpenBSD 5.6 is the debut version for our OpenSSL replacement LibreSSL There will be at least one LibreSSL talk at a conference One given by Terranangst who is different involved in this also the is also the author of signify. So if you have any Detailed questions you would probably want to I think tabs where it arrives for by the way, so you can probably go bug him Again on the There is There was a lot of work that went into LibreSSL But thanks to extensive testing by the reports team Very little if anything is actually user visible. The only user visible change I've been Of noticed is that the OpenSSL binary Which just keeps his name is moving to user bin instead of user user has been Also If you're on the point-to-point links you will need to consider whether you want to Well, if you were using the user LAN PDemon It has been retired upgrading might involve moving to something else and Yes, we have RCP good old-fashioned Really broken protocol. It's nobody's been using that for years. So it's been removed. It's in the attic TCP wrappers Most of the free unix has to TCP wrappers implemented by a while where you Control access via hosts deny or hosts allow um Much of that well Most of the stuff you want from there anyway since we have pf on at all times just convert those to pf rules What one well? There are just well your system becomes cleaner because there are Fewer files to to keep updated Our mail and you use a PD If you really if you want the bank addresses you can have them, but you will need to install This is so ancient even well, I don't have used the stuff way back, but I don't remember it anymore So if you're still you still want Still on there are a few more items which we could come back to We had well partly as a fallout from the open itself The back hole there were several of the older older hashes Cypress from the sshd supported and had in the default config we Removed which meant at some point. We would have a we had a few Older clients that just weren't able to well upgrade your open beast using system And there would be an assortment of clients that just were not able to connect to the Because they were using older Older ciphers that were just no longer supported There was a bit of head scratching over that In some sites, but it was resolved you if you either well the preferred action is of course to upgrade the Clients to a new ssh version and it'll be good. You can't do that You can reintroduce the the week cypress. It's all in some notes. I won't be showing you but And again, we as we mentioned earlier as examples now exists with A little more fairly extensive some of these examples are fairly extensive very Late in the game 456 the filtering grammar for relay D changed a bit so we PF like config is there again And if running if you were running job on IP 86 and it broke in 5.5 was back so Well Oracle still doesn't care, but And of course my version 6 configuration defaults You will notice on a fresh 5.6 system that unless you specify for per interface that you actually want IP version 6 It's not unable to know not even link local address We can go over these In sequence, I guess now upgrading to a PC 5 6 filter to run the The install yes, it's done It looks pretty much like the install It's worth keeping in mind that well, even though you can You can try to upgrade across several jumps. It would be only support the way is to go by increments of the point one and No, it's a little cumbersome, but and of course in some in some cases if you have a really long upgrade Jump it's probably better to do clean install and restore whatever you use your data from from from backup now we can try what the What the machine says here reboot and Run sysmerge Yes Yes, actually we could We could take a peek at that. It's Actually a fairly simple operation Slides for that are in the Yes, here it is upgrading packages Basically, you would do something like like this for use package info to dump whatever your list of Packages well anything else It's possibly overkill to do through both here, but anyway these two Package info commands will dump your list of packages and once you've Once you got that you do a re reinstall and The next Next step you do then is After your sysmerge you do the fuzzy package match by Feeding the feeding package add your list of packages. It does a fuzzy match So it doesn't really you know the package package name usually is very specific with the version number needed a patch number It does a fuzzy match and see what it can get So usually that works very very well and then of course for a more manual operation well you can package info dump the file and Before I discovered the actually could actually have package add a read from the file We'll have that file displayed somewhere and package add package name and it will get we'll take care of the dependencies So but anyway package info minus Minus M Minus Q Produce your package list actually purrs possible package info I'm not in the suitors file Yes, one of the things I always recommend people run Do not logins reduce use pseudo Thing you need to remember is that one thing you need to do is even if you're in the wheel You're not in the default by default. You're not in the In the suitors file. So what you do and you if you Remember your root password. I hope I did yes by So you know and you really do not edit pseudo words Just using a regular editor. You will fuck something up. So what we're looking at here is Just this is vi if you don't like vi you have a problem So but it's a managed vi vi run from from the eye pseudo So the syntax will be checked and we're good. So we can go back to Actually now I can do I can do this merge and This should be fairly automatic because the this is a Vanilla system Not much change that isn't handled automatically If you have edited your your config files, just like on pre-bc you will be Offered editing or merging And Now it's like QMU is not a high-performance system now You were asking about 5.5. One of the things that happened in 5.5 was Time t turned 64 bit and This is one of the reasons well when Time t turned 64 bit it changed the binary format of everything so The upgrade upgrade is showed the 5.5 upgraded should take care of the the boundaries the nice necessary conversions for the base system In case it doesn't Well the thing was The one thing that tripped me up during the 5.5 the current run of the 5.5 was that The master password database Format of that one changed as well so after upgrading to that snapshot I couldn't log in. There is no way I could log in the The the workaround was to boot from the from the Either well there are two ways to do this either you run the snapshot of the the installer and Once you're dropped to the shell there you run this command To regenerate your password database and you should be okay Otherwise you do what I did boot from the BCRD again drop to a shell and run this command and Well, there are a few binary files that will just not be usable anymore, so you just Just zap them and yeah at the end I was able to log in and life went on Now For the yes like we like we saw in the or might have seen in the QM here. Yes Um Smurge is fairly smart about the stuff like real what your permission should be on the config files and so forth So it always known and notice even if that doesn't do anything else. It will check your permissions using m3 so if you for some reason done changes to to the permissions of Directories because some you can run then make some application run otherwise Well, you will need to go back and either fix the application or do redo your change I've had a few of these situations Again always always like when you're for everything open VST as I said earlier Everything has a man page. They're usually is a use useful fact so please read those first and For the upgrade fact while there is an upgrade That may be popular was not populated yet. It will be at that's all is traditionally you will find it at fact upgrade version number It probably will materialize with the next few weeks but you can it's all it's always a Direct the sentence of the following current fact anyway, which is at Let's see They're almost there are variations, but so if you're up against who Yes, this is the format of well, so you can see a number of things have have changed over Over the years. Well, actually over the last six months and we have here the the exact Instructions for Making sure that your your system is Is what it should be Now if you do the install or upgrade most of these things will will be handled automatically If not by anything else then then the sister marriage will do it There are a number of smaller differences that we haven't covered yet and If you're upgrading it's probably worth Looking through this anyway because there will be some some files that just not useful useful anymore It's such as the TCP wrappers libraries and Associated Man pages you can just remove those And yes, if you're running p-flow net flow export from P. F You may need to know About the the Flow protocol version numbering And again, it's always useful to read read this page Well, this is still called current but Let's break here sometime after I think actually it's Somewhere in this now it's actually Late late July I think was when we we moved to no No, I early August was when the Release was cut so We will have some items here that are actually not in five six So better wait a couple of weeks and you'll have the the canonical answer Then again Yes, we've covered this Covered this one as well and again, I think the Having an example directory to that is a great boost for anyone who's Moving to a system because there are fewer active or fewer potentially active Items to take care of them in a base install There are stuff you can enable but There's basically less clutter Old Q there are no network people But for me, of course, this was was the big one If you're running a mail server, please consider running smtpd The open smtpd it has been ported There is there is a portable version that seems to run on basically every unit south there Certainly the ebonyx It has This is a very basic Smtpd config this one Just handles local mail If you uncomment the third to last line here, it will be starting to accept mail for for the domain so basically For a very basic config this will be enough I compare that to your Multi or some hundreds some hundreds of lines send my config and you'll be very happy with this money There are More involved in examples possible They're Setting up Smtpd to do your bidding would possibly be a good tutorial, but it won't get this conference Well, then again, if this is a smtpd is the default and here now if you're already using say postfix or exam You may need to all you probably need to Do the mail account from RC conf checks for whether Stuff you do not want is enabled But it will be some like a Sun A five-minute change anyway Yes, we covered the HTTP What weeks ciphers? bind these few wrappers our mail and Well, I was hoping to There is a very very entertaining presentation on the On YouTube by Bob back If you only rest a selector interested We can run that later if you like it's about in three quarters of an hour worth Looking into And Well stuff we need that we will need to Think about for planning for the future five seven is only six months away and And the next and the next had a very short life as part of the base system And so happened that Relady's author Rick Flurta. Oh, he tweeted something like I woke up and Found that I had committed a web server Basically something that spawned off the lady low balancer that already had a lot of web serverish functionality in it so it's It's supposed to be very small and secure and It's still being worked on and It's if if you're upgrading well, you can you can save a lens next then you probably need to remove to the To the package version or you can adapt to yet another conflict for format and actually for myself I haven't quite done that yet one of the Fairly exciting new things in four five seven will be the RC CTL utility Which helps you? Manage your your RC.com That's the local it was written mainly as a wrapper for things like peppered or ansible to Automatically manipulate your your config files But you can you use now from your command line and It looks like there is a plan at least a system for just merge this and itself to also handle package updates I think that's slow work in progress and For Well as in every previous release there is a lot of hardware support Fixes all new drivers and pro drivers. I'm still hoping that the New version of the Intel wireless card that came with this laptop will be supported in this release. We don't know that yet We already have fairly good Hardware support from the number of things And as you will you will see what developers Well are all Open-beasty developers generally run on these other laptops, so we may have an agile or free beastie there and Well As I've said earlier, I intended to be a mainly a questions driven Workshop I think I've actually reached the end of my prepared notes We could go back and Bobbeck's Libre SSL presentation, which is actually quite entertaining Or well, whatever you prefer really Anyway, this is a good time to remember to remind you that the best way to you to Support the open-beasty project is to send the money You can do that by buying stuff. I think you can all you can you can now Pre-order no the pre-order should be up fairly soon Oops There's also if you're a rich person who just was given sort of money well, you can Go to the donations page. There is for I do not know whether the paperwork that can be provided by the open-beasty foundation is Interesting at all for European corporations, but anyway for North American corporations. This is a Canadian non-profits that will provide anything that you the North American tax man will require Um Talk to your boss if you're using open-beasty in your work talk to your boss bar this credit card and make sure there's a large donation That will help help your Help your system move forward And again, I won't Think this one I'll need to correct the URL for that one, but All this will be available Online at the roughly the URL I put in the notes as soon as we conclude here Any further questions any inputs Do we go about begs presentation on? I haven't done that yet it will be well right after we conclude And know how to deal with this code Everybody In a last-in-first-down manner Actively discourages developers and we say I don't have the time and energy to invest to understand this arcane stuff Okay, just to see if it's okay. I'm gonna hold the person who writes in this arcane style Understands it enough and cares enough to take care of it Our keynote when you know our keynote speaker said oh, it's so good that you know in this modern day and age We don't have to manually encode bite lengths and and you know size is a word and I'll not snort and giggle I had open SSL code open on my screen that does exactly that So yeah, so mission we decided was the graphic the allocator rotting It's all the maintainers are not maintaining. They're just adding to it So it was the important 101 g seconds after me. Oh press the commit button to import 101 g We didn't say anything or announce anything, but slowly the the community notice that there's this massive, you know, these enormous commits Happening on the SSL branch of the BSD I think that it's we for as a delam again. It's bad old goals are at least initially So API API found to be a drop-in in the ecosystem that already uses this API API Okay, so it's not like it's going to be easy for us to say API might be better than less there. Put that considerable amount in that already. It's actually really cool I'd like the usual open BSD normally we review it's okay that we've all had to convince where we've said yeah, okay Or you know, somebody ran this was hey miss this. Yeah, it's really nice to have community involved don't seem to have With the open SSL. He does not have anything to do with the electricity source of open SSH Which you probably all use it has a mostly pretty good track record Okay, the first thing is how you do this How we've done this for open SSH for many years is we assume the same target OS Oh, we do that standard while using modern see adapt when necessary Violates do portability you provide portability shims that correctly do the things that the other OS is don't provide you don't rewrite your own copies of lip see string functions just because Linux has decided not to have sterile coffee You just provide if there's a function called timing safe Safe special variety of it probably means something you probably shouldn't just make that them probably bad If there's a function we use called explicit B zero that your operating system doesn't have you might want to check Why we chose to call a function called explicit B zero rather than B zero and wonder why but this is how open SSH does for Okay, you probably all see that y'all use open SSH Nothing because you can't break support for Windows 16 and visual see 1.5 2 You haven't forbid portability being the biggest goal 17 deep You've been there this half screen of if death stuff and says yeah, okay, it's just politics Incredibly hard to look at it maintain and to even find out when you look at a piece of arcane code It's just being used. Is this not being used being compiled in not open SSL see It's not see in the sense that we know it. Okay, sure It's the C language, but a lot of the normal library functions We know and use are not there or they're replaced with open SSL or crypto or bio versions of it platform Just because visual see doesn't Visual see 1.5 to have a linking error when you use SN print F Instead, we'll do 20 lines of stir copies of bits into stuff and then have a comment at the top I use did it this way because that's an print out pukes on visual see 1.5 to hello It's probably time to retire that code. Thanks to Val house It's a big support my right away a few people notice that I killed it I believe I committed it saying that if Norse legends were true at Sidic will meet me in Valhalla And we will be friend So the support of varying variety Mac who is classic for pre OS 10 I hate to announce it if you've got a Mac se 30 leave her SSL will not work for you You will have to run it So sorry or or put a fishbowl in it or BMS support We can talk a little bit about BMS support and BMS support tendrils in there were just Started to notice that memory allocation issues are actually at work on this code base Somebody ran it through. We simply would deep mind them. So like the things that say turn on the debugging now But the library internally no longer use the stuff So part of our strategy to moving away from it is to if we don't like to save you and we have to keep it for external compatibility But we're certainly not going to use it inside So the rest of cell doesn't use open as a cell now on crypto now Lipsy it is non-standard the place in open SSL and is the web page with only two poles Negotiations But the actual encrypt it's Encrypted stream is just encrypted with a symmetric cipher with two randomly chosen keys in each end Entropy source had better be pretty good Obviously, if you can predict what the random number generator was seated with and what it will do You can have a good idea to predict what Well, anyway, you get an idea how much potential work there was in to turn into Libra's cell and For that very reason BC 5506 is Is a an important release for well basically everyone Now We could go on I guess that just start stuff again And depending on what depending on what we actually crashed on We will see something interesting Right we're Our time allocation We're we're actually looking at I think we're an hour if we It's now 12 o'clock lunch isn't until one There's hope there's coffee outside Still Hey back Looks like we're having some Again I guess Or we could just break early I You find this session useful is it worth coming here Anyway, I'll be Well Be tricked into being turned on if you provide an entropy gathering even here The library in all sorts of places at runtime can decide. Oh, no, we need something random at which point it decides Oh gosh, but I'm about to generate something. I need something random. We have seen definitely your RSA key is pretty random You can make if you make open SSL check entropy thing or fail during RSA key generation It will emit the intermediate stages of RSA key generation into the random subsystem to generate We've seen There is lots of little statics in that code charts at some variant of string to give the random number generator entropy Yeah Or of course the user will get PID and get kind of day all this fun stuff Since these were always there again It's an attack target even if your OS is using a reasonable source of entropy if you can trick the library into saying Oh, I don't have enough entropy it will fall back to using these methods Yeah, the responsibility operating system if your operating system can't provide you with another source of entropy We will not fake it Looks like Yeah, okay, something is just not I guess it's fun to watch as well I think we've triggered something we don't want Just have free time for about an hour It's really up to you what you want to do So check entropy thing or fail during RSA key generation it will emit the intermediate stages of RSA key generation into the random subsystem to generate And most major operating systems do it right ish or there's a way to do it, right? Okay, so do it right picture operating system not for these issues. Uh, Joel has done a lot of urgency I don't know You decided we're gonna fork it. We don't worry about upstream. Let's make this code base Readable, you know, you can like K&M for knocking do something consistent Do something consistent documented to a standard that a lot of the rest of the world can understand So the water rest of the world can start looking at your code and seeing where there are issues Many eyes actually make stuff better or not worse And so we're panpping the whole thing If it makes it more readable that sometimes makes the horrors visible, which is the point that more readable hopefully means more developer involvement more community involvement Not rt has been and continues to be a fantastic resource for us Although a number of the people who are submitting bugs to them now give them to us first or at the same time Because they've kind of noticed that we actually fixed them And say thank you with four months there and they seem to go there to die Like shedding that null pointer chase. They keep being passed up and there we go Yeah, they did have a cde for them. They just decided not to fix it There's a way to to uh fiddle with the ssl. Um It's the negotiation options Such that you can trick the library to follow the bottom This as I kind of alluded before all the apis are belonging to include open ssl Just about I don't think they've ever heard of static Or or when they did they redefined how to find static local We have this enormous space of api that could potentially be used by external applications And this is this because there's a lot of this that probably shouldn't be used outside the library or isn't used outside the library But we can't know for sure We're slowly finding out because if we change something or say nothing should use this we delete it We are our faithful ports guys and open vsd run a ports build on nine architectures and come back and go Oh, no happens. So how are we going to fix it? Maybe sometimes that's oh, this is an easy fix And in these two pieces of software make the changes and send them upstream and backwards And sometimes it's no, this is too painful. We'll we'll go back to to have you back yet So we're actively doing this whole Let's do this continuous testing with the ports ports builds And be very cautious try to be sure that we can stay Compatible or mostly compatible with some of the ecosystem out there There's a few things we just removed because they were out using ourselves We use regular amount of calibrates Realms, printouts, drill cattle is one thing the strange api's remain for compatibility But we don't use my use hopefully more and easier develop for involvement api Criminals to live ssl because live ssl is not live c your operating system provides you with live c in a standard interface for a reason Use it generally speaking. You don't need to in an application call open ssl now Or bio now bio sturdies or things like that you can choose in your application to just use the regular one Okay, so since that was always kind of optional in the first place now Do you still need to do like evp interfaces to ciphers? Of course you do that those calls aren't going to change but those aren't where the problem So specific phone issues bio s and print out this one I'm going to continue a little poke back and forth with the odor up over it and so forth. I've lost I'm trying to suck ted into my cause and we're going to eventually okay each other's dip and just do it Bio s and print out is like s and print out mostly Except if you know s and print out s and print out will return minus 1 it could fail in ssl I went through and looked it returns minus 1 every time And so when people assume that s and print out behave like s and print out Bad things happen if they're actually calling bio s and print out and it returns negative 1 Instead of a large value that they are expecting So I did my way through this there about 500 calls to bio s and print out in the life preserve this thing The research is negative one and I'm looking at given that about three quarters of the calls in the library or wrong By ecosystem and we should just change the api to be like s and print out. It would probably be no worse So we pass 30 for no corner. It's a bang This one conveniently ignores for this interface or make it the same as the standard because we don't know how many applications out there um Right. I think it's probably uh, unless we come up with Uh, any other suggestions come on please So it's yours I'll uh, I suggest we just break early and be the first in length of lunch. So, uh, Right. I hope you enjoy the session Well, I am a member of the open bc people will be around for the rest of the conference and we'll be taking questions at any time uh Some of us also respond to donations of beer and so forth Well, uh, we'll keep you around. So thanks for joining here. I hope this session's been useful And um, yeah, we'll see you around the conference. Thanks