×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Press Used To Print Millions of US Banknotes Seized In Quebec

ConstantineM Re:How they were detected (398 comments)

You remind me of http://www.cbc.ca/news/canada/...

CBC News Posted: Oct 19, 2004 6:06 PM ET Last Updated: Oct 20, 2004 6:41 AM ET

A justice of the peace has ruled that a "no left turn" sign in Toronto is unenforceable because it is not written in both English and French.

The ruling Monday by justice of the peace Alice Napier could result in thousands of traffic tickets being dismissed.

Lawyer Jennifer Myers argued that a traffic sign in downtown Toronto violated the Highway Traffic Act and the French Language Services Act because it was not in both official languages.

Napier agreed at a night court hearing Monday, and threw out a ticket issued to Myers for making an illegal left turn. Myers does not speak French.

Daniel Brown, a law student who represented her in court, said Myers' victory could prove expensive for the city of Toronto.

I've personally tried testing it out sometime around 2009 or 2010 -- violating illegal no-turn signs on purpose, which are still plentiful in Toronto.

I could not succeed -- the was so much traffic during the hours where the left turns are prohibited, that stopping at a small intersection, to violate the sign, is simply impossible, since everyone will (rightfully) start honking at you in no time!

about 2 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM Package signatures were supported since 2010 (232 comments)

For what it's worth, it would seem like [a different kind of?] a package signature system was actually supported since 2010, it's just that the official packages were never signed.

http://www.openbsd.org/faq/faq15.html#PkgSig

Revision 1.71:
Sat Jul 17 09:02:47 2010 UTC (3 years, 6 months ago) by ajacoutot
Changes since revision 1.70: +65 -1 lines

Add a "Package signatures" section to teach people how to create and use
signed packages. Still opened for enhancement but all info is there now.

about 3 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM Re:Very surprised that it took this long (232 comments)

And why would you do that? Going that way you're easily MITM'ed.

Can you give some better reason than 'everyone does it'?

Why exactly would you prefer an insecure transmission channel over a reasonably secure one, for the software you install? How does that even remotely fit the OpenBSD mindset?

Maybe it doesn't, but that's not a good reason to claim of a widespread practice, "in OpenBSD land", that's completely foreign to anyone actually familiar with OpenBSD.

I repeat: I don't know of anyone who compiles software from ports all the time (besides, that's not that much more secure, since the ports tree itself isn't signed, either). A `pkg_add` from a nearby mirror is what gets things done for the vast majority of people. Many mirrors are run by developers; personally, I wouldn't use any mirror that wasn't; and yes, especially in light of the recent revelations, this does leave some room for a Government-in-the-Middle attack, which is probably exactly the reason of why this won't be as it was anymore.

about 3 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM Re:Very surprised that it took this long (232 comments)

Using binary package is just considered not the right way to do things, in OpenBSD land.

Entirely false. Binary packages, installed with pkg_add from a nearby mirror, has been the recommended way to install ports for as long as I remember (I've been a user for some 10 years, and a developer, too). I've never heard of anyone compiling packages directly from ports in OpenBSD. Not even the developers, unless they're port developers, that is.

Even for the kernel itself, it is highly recommended for non-developers to only run the binary snapshots.

Unless one is tracking the stable branch, which has no official binary builds, then compiling from source tree is only ever advised for the developers.

about 3 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM Re:it won't fit? (232 comments)

On i386, OpenBSD 5.4 can be installed from either one of the 3 floppies:

%ftp ftp://ftp.nluug.nl/pub/OpenBSD/5.4/i386/
...
ftp> ls floppy*
150 Here comes the directory listing.
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppy54.fs
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppyB54.fs
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppyC54.fs
226 Directory send OK.

Which one do you use? You'd have to see which one supports your hardware, which is documented in the INSTALL.i386 file, generated from src/distrib/notes/i386/hardware, amongst other files:

Drivers for hardware marked with [A] are NOT included in floppy A.
Drivers for hardware marked with [B] are NOT included in floppy B.
Drivers for hardware marked with [C] are NOT included in floppy C.

In summary, it would seem like OpenBSD is only intended to be boot-strapped from a floppy (e.g. to fetch the rest of the files from the network), and from a single floppy at that. So, even with the licence aside, including something like gnupg is indeed unrealistic and cumbersome.

about 3 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM djb switching? (232 comments)

I cannot find a back reference right now, but didn't DJB switch away from FreeBSD to Ubuntu precisely because of the signed packages?

about 3 months ago
top

Adware Vendors Buying Chrome Extensions, Injecting Ads

ConstantineM Autoupdate (194 comments)

Best course of action is to disable the autoupdate. The whole notion of automatic updates just doesn't make any sense.

about 3 months ago
top

Ask Slashdot: What's the Most Often-Run Piece of Code -- Ever?

ConstantineM Re:For / While in C (533 comments)

Which one does the Linux kernel use?

Not sure, but OpenBSD has this at the very end of its main():

while (1)
tsleep(&proc0, PVM, "scheduler", 0);
/* NOTREACHED */

I tried finding the FreeBSD equivalent, but their (Newbus?) code makes it entirely non-obvious where the loop is. Feel free to try your luck — only the comment to what the startup function is supposed to do matches, but the rest is quite unique, even a different function name — mi_startup() on FreeBSD.

about 3 months ago
top

Tech Startup Buffer Publishes Every Employee's Salary, Right Up To the CEO

ConstantineM Re:what about your next job? (229 comments)

How do you know they've verified your old salary via a background check?

about 4 months ago
top

Tech Startup Buffer Publishes Every Employee's Salary, Right Up To the CEO

ConstantineM Re:what about your next job? (229 comments)

When sitting in that job interview with a prospective employer, you can't even be coy about what you used to make, since the new employer can just look it up on Buffer's site... "oh, you made $128k at Buffer. We'll pay you $129k"

Except your actual sample number is wrong -- you must not have read the original post. They're hardly even paying anyone the market rates for SF. Their highest paid engineer, a "senior" one at that, is only getting $107,9k, in SF!

So, it's more like, "oh, you made a $96k at Buffer? We'll pay you $97k"

Although on the other hand, for a gaining company, it's also a matter of providing competitive compensation for employee retention purposes, so, even if your old salary is posted somewhere, a new company isn't necessarily going to employ you at the lowest possible cost, since the likelihood of you leaving for competitive pay would be higher, and turnover is expensive.

about 4 months ago
top

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

ConstantineM Re:Does DJB insist that the library ... (140 comments)

Actually, he now insists that you should not install it as a separate library, but should include the code with your own programme — http://cr.yp.to/mac.html:

My fast poly1305aes library is in the public domain. You can and should include it in your own programs, rather than going to the effort of linking to a shared library; the compiled code is between 6 and 10 kilobytes, depending on the CPU.

Of course, it being in the public domain, this is merely a suggestion, and, as a developer, one could basically use it in whatever way one sees fit (although djb's advice does seem quite reasonable).

about 4 months ago
top

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

ConstantineM Re:slashdotted (140 comments)

The nginx on BXR had a soft FD limit of 128 (:openfiles-cur=128:) through the default login.conf(5), which it doesn't seem to increase automatically, and which it was hitting at 17:59 (if not earlier) as per fstat(1), and which applies to internet sockets, too, so, during some time between 17:52 and 18:03, when nginx was manually restarted with the increased soft limit, BXR was indeed slashdotted!

BTW, this was probably due to the HTTP keep-alive feature, and not the raw number of requests, which are all served up very quickly due to mfs and good caching. No other problems to report since then; even the search is still very fast, as it should be.

Recent `fstat | fgrep nginx` runs indicate the highest FD is around 200 now, but it did quickly jump to around 400 right after the 128 limit was lifted (within ten minutes of the story being published).

about 4 months ago
top

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

ConstantineM Re:Not less than 100 lines (140 comments)

Those other files are the libraries, the protocol itself is about 100 lines of commented code.

about 4 months ago
top

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

ConstantineM nginx doesn't increase soft limits (140 comments)

The nginx had a soft limit of 128 file descriptors through daemon: :openfiles-cur=128: in login.conf(5), which it apparently doesn't increase automatically, and which were quickly exhausted for internet stream FDs, as per fstat(1). But it's been resolved at 10:03 PT / 18:03 GMT, and there were no known problems since then.

about 4 months ago
top

Fork the Linux Kernel?

ConstantineM let's fork it under BSD! (455 comments)

Software Freedom Law Center gave some very nice advice on how to wrap new licenses around old code -- let's fork Linux and make the new changes available only under a BSD licence!

We can then ask SFLC for legal advice in case anyone disagrees, right? :)

Here is their advice: http://lwn.net/Articles/248223/

more than 6 years ago

Submissions

top

OpenSSH 6.5 released (with lotsa D. J. Bernstein crypto)

ConstantineM ConstantineM writes  |  about 2 months ago

ConstantineM (965345) writes "OpenSSH 6.5 has been released, which is dubbed a feature release. It's the first release with lots of D. J. Bernstein crypto in public domain (6.4 did not contain any DJB code whatsoever), from ChaCha20-Poly1305 stream cipher and MAC, to key exchange with Curve25519 (and a new private key format). The new key exchange is now the default (when supported by both sides), but the new transport cipher is an option. Additionally, the portable version has some extra code-hardening, and a switch to a ChaCha20-based arc4random() PRNG for platforms that don't provide their own."
top

OpenBSD Foundation Receives A Commitment for 100k, sets annual goal to 150k

ConstantineM ConstantineM writes  |  about 3 months ago

ConstantineM (965345) writes "Bob Beck, director of the OpenBSD foundation, writes on misc@ — 'To all of you who have donated, please allow me to give you a huge "Thank You". In a nutshell, we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation. From a developer's perspective let me assure you that this reaffirms the worth of what we are supporting and makes us want to work on it that much more.' Based on the updated list of significant contributors, in addition to the donation by the Mircea Popescu of MPEx Bitcoin securities exchange, genua, Google and many others have joined in. 'We would like to continue to build on your groundswell of support, and have set a target for $150,000 this year in fundraising.', Bob concludes."
Link to Original Source
top

OpenBSD Moving Towards Signed Packages — based on D. J. Bernstein crypto

ConstantineM ConstantineM writes  |  about 3 months ago

ConstantineM (965345) writes "It's official: "we are moving towards signed packages", says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co, and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."
top

Interview with John McAfee on Russia Today by Sophie Shevardnadze (25 minutes)

ConstantineM ConstantineM writes  |  about 3 months ago

ConstantineM (965345) writes "John McAfee has been interviewed on Russia Today in a 25-minute show by Sophie Shevardnadze. John has discussed his views on encryption, surveillance, operating systems, politics and paranoia, and even Kim Dotcom came to light. When asked about the possibility of encryption helping the criminals: "You cannot pre-emptively restrict your freedoms because of the fear of how something might be used. Everything that has ever been developed has been used for a bad purpose. Baseball bats, which are fun for baseball players to hit balls, they've also been used to beat people to death. We just cannot restrict ourselves because something might be used in the wrong way.""
Link to Original Source
top

OpenBSD introduces signify, a sign and verify utility in base

ConstantineM ConstantineM writes  |  about 3 months ago

ConstantineM (965345) writes "Perhaps in the light of the recent NSA disclosures, OpenBSD developer tedu@ has committed a new utility, signify, to aid OpenBSD in signing and verifying releases and packages. Why a new tool? He bluntly says that all the other tools were Not Invented Here. But another reason is that OpenBSD can still be installed from a floppy disc, and gnupg will just never ever fit. The one and only supported algorithm is Ed25519 from DJB. More details are in his blog."
top

Why I'm turning JavaScript off by default

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "I don’t want web designers redesigning the “experience” of using the web. The unification of the user experience of using computers is a positive thing. If you use old software from the early days of computing, everything had a different user experience. If you use Windows or OS X, you’ll know of software that behaves differently from the norm. If you are a reasonably perceptive user, you’ll see it, and then you’ll be annoyed by it."
Link to Original Source
top

Apple and Linux vendors are behind Microsoft and OpenBSD on exploit mitigation

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, says Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that FreeBSD is still shipping without it. Theo de Raadt also identifies that although Linux has the code for all of these techniques, most vendors enable them very sparingly, and, in general, support is disabled; Apple does have ASLR, but other methods appear missing."
Link to Original Source
top

Theo de Raadt gives a 10-year summary on exploit mitigation in OpenBSD

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, claims Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that some other vendors are still shipping without it."
top

fuse support in OpenBSD -current

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "File system in userland support — fuse — was included in OpenBSD 5.4 source tree, but not built by default, hence not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, and asked him about his experience of getting libfuse into OpenBSD. Which userland file systems are supported? So far, it's sshfs-fuse and ntfs-3g (both are in the ports tree due to the GPL)."
top

FUSE support in OpenBSD 5.4-current: last, but not least

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "FUSE(4) has been included in OpenBSD 5.4, but was not build into the default kernels yet, hence, not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, a first-time OpenBSD contributor, and asked him about his experience of getting libfuse into OpenBSD. Long story short: it involves some vfs grokking, improved fusebufs and a BSD rewrite of the GPL libfuse. Although to actually enjoy the feature, you'd still have to subject yourself to GPLv2 in the ports tree: sysutils/sshfs-fuse and ntfs-3g ports are available."
top

OpenSSH has a new cipher, chacha20-poly1305, from D.J. Bernstein!

ConstantineM ConstantineM writes  |  about 4 months ago

ConstantineM (965345) writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"
top

mdoc.su, a short-URL site written wholly in nginx.conf

ConstantineM ConstantineM writes  |  about 10 months ago

ConstantineM (965345) writes "A site written in nginx.conf. What? Make no mistake, this is what the newly announced mdoc.su is. The site is a URL shortener that provides an easy addressing scheme for the manual pages of all the BSDs, and even supports generating complete HTML pages with multiple links to pages of several systems at once: http://mdoc.su/f91,n60,o52,d/mdoc. Source code is available on github under a BSD licence."
Link to Original Source
top

BXR.SU, OpenGrok service for BSDs in publicly private (IPv6-only) beta

ConstantineM ConstantineM writes  |  1 year,14 days

ConstantineM (965345) writes "Publicly private beta? Instead of devising a new scheme on handing out invitations for a new and improved OpenGrok for the BSDs, why not require IPv6 for the beta? Welcome BXR.SU — Super User's BSD Cross Reference, which is launched today as an IPv6-only OpenGrok service for FreeBSD, OpenBSD, NetBSD and DragonFly. The service is IPv6-only during the beta (ask your ISP for an token); but a full release schedule is already known: an A record for BXR.SU will be temporarily published on 2013-04-04, an IPv4 day, to test out the water, and ensure misconfigurations of the NAT don't break out access to the site. IPv4 glue records are also withheld — the authors are afraid that some nameservers are misconfigured, and are giving the ISPs extra time. BXR.SU is claimed to be 200× faster than the nearest competitor, metager.de."
Link to Original Source
top

BXR.SU, OpenGrok service for BSDs in publicly private beta

ConstantineM ConstantineM writes  |  1 year,14 days

ConstantineM (965345) writes "Publicly private beta? Instead of devising a new scheme on handing out invitations for a private beta of a new and improved OpenGrok service for the BSDs, why not require IPv6 for the beta test? Welcome BXR.SU — Super User's BSD Cross Reference, which is launched today as an IPv6-only OpenGrok service for FreeBSD, OpenBSD, NetBSD and DragonFly. The service is IPv6-only during the beta (ask your ISP for an token to participate); but a full release schedule is already known: an A record for BXR.SU will be temporarily published on 2013-04-04, an IPv4 day, to test out the water, and ensure misconfigurations of the NAT don't break out access to the site. IPv4 glue records are also withheld — the authors are afraid that some nameservers are misconfigured, and are giving ISPs until 2013-04-24 prior to publishing IPv4 glue. BXR.SU is claimed to be 200× faster than the nearest competitor, code.metager.de."
Link to Original Source

Journals

ConstantineM has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...