×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Why Can't Google Block Spam In Gmail?

ConstantineM anyone still runs their own mail servers? (265 comments)

I was actually thinking of the opposite trend since a couple of years ago: even people fully capable of running their own mail servers are all using gmail these days; I think we're easily at the breaking point where noone really knows how to run a mail server anymore.

about 2 months ago
top

LibreSSL PRNG Vulnerability Patched

ConstantineM LibreSSL cannot be different by being the same (151 comments)

What a whole lot of people seem to want from LibreSSL is to behave in every little bit EXACTLY as OpenSSL does, even though OpenSSL itself is a complete and utter mess.

OpenSSL allowed developers to interfere with RNG, so LibreSSL must do that, too?

Well, you can't really go at improving and cleaning up the library if you have to keep all the old bugs and the whole crusty API around.

It's inconceivable to expect LibreSSL to be both better than OpenSSL, yet to have the exact same API and the exact same set of bugs and nuances as the original OpenSSL.

What they're trying to do is be a simple-enough replacement of OpenSSL for most modern software out there (possibly with some minimal patching of the outside software), and not a one-to-one drop-in-replacement for random edge cases.

about 5 months ago
top

First Release of LibreSSL Portable Is Available

ConstantineM Re:Also works fine under NetBSD (101 comments)

Awesome! Another good test would be building pkgsrc on top of LibreSSL, with no signs of the original OpenSSL present.

about 5 months ago
top

Amazon Sues After Ex-Worker Takes Google Job

ConstantineM do they want him to take an unpaid time off? (272 comments)

So, they want him to take the time off for 18 months? How much are they willing to pay for such a vacation? Surely if they never intend to pay anything, then such an agreement is indeed excessive and completely unreasonable.

about 6 months ago
top

30-Day Status Update On LibreSSL

ConstantineM Re:Maryland? (164 comments)

What's FIPS?

Who requires FIPS?

Think geography. (-:

about 7 months ago
top

Free Software Foundation Condemns Mozilla's Move To Support DRM In Firefox

ConstantineM Re:didn't they decline H264 on Windows a while ago (403 comments)

I'm too lazy to find the source right now, but my recollection was that Mozilla was first to make a stance against H.264 (in order to not partition the Linux out), prior all those stories of Google dropping support for H.264 in Chrome (which I guess they never did, after all).

about 7 months ago
top

Free Software Foundation Condemns Mozilla's Move To Support DRM In Firefox

ConstantineM didn't they decline H264 on Windows a while ago? (403 comments)

So funny. Just a few short years ago, Mozilla explicitly declined to support H.264 on Windows, even if there was a free native plugin, since it'll partition the Linux users.

And now they're deciding to support DRM, just to keep the market share?

about 7 months ago
top

30-Day Status Update On LibreSSL

ConstantineM Re:"OpenSSL C dialect" (164 comments)

OpenSSL has basically wrote their own version of libc, and all the functions they've introduced differ is some very subtle ways from what appears in libc used by the rest of the world.

Rest assured, OpenBSD is no stranger to portable code. Just take a look at the number of platforms they support -- http://www.openbsd.org/plat.ht....

about 7 months ago
top

30-Day Status Update On LibreSSL

ConstantineM yes, they don't plan to support big-endian x86 (164 comments)

Like the big-endian x86 support in OpenSSL?

OpenBSD's OpenSSH has a separate portability layer, and they're doing just fine without the extra malloc wrappers. And no big-endian x86 support, either!

about 7 months ago
top

Target Moves To Chip and Pin Cards To Boost Security

ConstantineM Re:No, it was in 2001 (210 comments)

Well, I can't confirm they did it back in 2001, but I do recall they were still on it in 2005 or so.

It could prevent the security breach -- in England, Chip and PIN cards cannot be swiped in the presence of a Chip and PIN terminal.

But, yeah, it's kinda funny how things turn out. :-)

about 8 months ago
top

OpenBSD 5.5 Released

ConstantineM Everyone forgot the most important bit! (128 comments)

5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO
5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5

about 8 months ago
top

OpenSSH No Longer Has To Depend On OpenSSL

ConstantineM OPENSSL_NO_HEARTBEATS (144 comments)

You're referring to the exploit-mitigation-mitigation in OpenSSL, which indeed couldn't be disabled, as per tedu@openbsd, but OPENSSL_NO_HEARTBEATS was a separate option that noone has volunteered to claim of not working.

OPENSSL_NO_HEARTBEATS has since been made the default and only option in LibreSSL, and the heartbeats were removed.

about 8 months ago
top

Target Moves To Chip and Pin Cards To Boost Security

ConstantineM Didn't Target had Chip and Pin back in 2005? (210 comments)

Didn't Target already had Chip and Pin back in 2005 or 2004? What happened to all of those?

I remember I got a Chip and Pin card from Fleet around that time (just on the edge of them being acquired by B of A); Fleet has even sent me a free card reader, which I've never used, actually.

about 8 months ago
top

AT&T's Gigabit Smokescreen

ConstantineM AT&T fibre is actually slower than copper or H (129 comments)

What pisses me most about AT&T U-verse is that they do have FTTU (fibre-to-the-user) / FTTP, but they limit FTTP users to speeds that are lower than what they offer through VDSL through FTTN.

I used to live in San Jose, CA in 2010/2012, in a brand new apartment complex, had AT&T U-verse fibre strand terminated in my bedroom closet with an ONT. The line was FTTP-BPON (622/155 1:32), e.g. 622Mbps down / 155Mbps up, shared with at most 32 users, I checked with the manufacturer of my particular ONT.

But AT&T would only provision me with 18/1.5. They'd offer 24/3 to VDSL users only, supposedly too lazy to update the fibre profiles to offer it to the fibre customers. I researched it, and it was not unique to my building or to California, they were doing it all across the country with every single BPON build. My T-Mobile HSPA+ had higher upload speeds than 1.5Mbps on my top-of-the-line AT&T FTTU through BPON.

Keep in mind that the 622/155 line can only be shared with at most 32 users, and some wouldn't even want the top-of-the-line plans, either, or would not have active service in the first place, so, they're basically wasting their own capacity, and refusing an extra 10$/mo from me. Ping time was sometimes about 3ms to some locations within the Bay Area, but the 1.5Mbps bandwidth was pretty pathetic for a BPON fibre line.

I was so pissed I started a whole web-site dedicated to showing how uncompetitive AT&T internet offerings are compared to the options elsewhere in the country -- http://bmap.su/. So happy Google Fiber has finally been announced for San Jose, CA and lots of other markets now! I'm willing to be it'll be some other provider that'll offer broadband to my past place before AT&T will get to their senses and starts using at least the BPON infrastructure that they already have in place.

about 7 months ago

Submissions

top

First release of LibreSSL portable is available.

ConstantineM ConstantineM writes  |  about 5 months ago

ConstantineM (965345) writes "It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit."
top

Bob Beck gives a 30-day status update on LibreSSL at BSDCan in Ottawa

ConstantineM ConstantineM writes  |  about 7 months ago

ConstantineM (965345) writes "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that noone at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment — Linux Foundation is turning a blind eye to LibreSSL, and instead is only committed to funding OpenSSL directly, despite the apparent lack of security-oriented direction within the OpenSSL project upstream. Funding can be directed to the OpenBSD Foundation."
top

OpenBSD 5.5 Released

ConstantineM ConstantineM writes  |  about 8 months ago

ConstantineM (965345) writes "Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies."
Link to Original Source
top

OpenSSH no longer has to depend on OpenSSL

ConstantineM ConstantineM writes  |  about 8 months ago

ConstantineM (965345) writes "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."
Link to Original Source
top

OpenSSH 6.5 released (with lotsa D. J. Bernstein crypto)

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "OpenSSH 6.5 has been released, which is dubbed a feature release. It's the first release with lots of D. J. Bernstein crypto in public domain (6.4 did not contain any DJB code whatsoever), from ChaCha20-Poly1305 stream cipher and MAC, to key exchange with Curve25519 (and a new private key format). The new key exchange is now the default (when supported by both sides), but the new transport cipher is an option. Additionally, the portable version has some extra code-hardening, and a switch to a ChaCha20-based arc4random() PRNG for platforms that don't provide their own."
top

OpenBSD Foundation Receives A Commitment for 100k, sets annual goal to 150k

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "Bob Beck, director of the OpenBSD foundation, writes on misc@ — 'To all of you who have donated, please allow me to give you a huge "Thank You". In a nutshell, we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation. From a developer's perspective let me assure you that this reaffirms the worth of what we are supporting and makes us want to work on it that much more.' Based on the updated list of significant contributors, in addition to the donation by the Mircea Popescu of MPEx Bitcoin securities exchange, genua, Google and many others have joined in. 'We would like to continue to build on your groundswell of support, and have set a target for $150,000 this year in fundraising.', Bob concludes."
Link to Original Source
top

OpenBSD Moving Towards Signed Packages — based on D. J. Bernstein crypto

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "It's official: "we are moving towards signed packages", says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co, and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."
top

Interview with John McAfee on Russia Today by Sophie Shevardnadze (25 minutes)

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "John McAfee has been interviewed on Russia Today in a 25-minute show by Sophie Shevardnadze. John has discussed his views on encryption, surveillance, operating systems, politics and paranoia, and even Kim Dotcom came to light. When asked about the possibility of encryption helping the criminals: "You cannot pre-emptively restrict your freedoms because of the fear of how something might be used. Everything that has ever been developed has been used for a bad purpose. Baseball bats, which are fun for baseball players to hit balls, they've also been used to beat people to death. We just cannot restrict ourselves because something might be used in the wrong way.""
Link to Original Source
top

OpenBSD introduces signify, a sign and verify utility in base

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "Perhaps in the light of the recent NSA disclosures, OpenBSD developer tedu@ has committed a new utility, signify, to aid OpenBSD in signing and verifying releases and packages. Why a new tool? He bluntly says that all the other tools were Not Invented Here. But another reason is that OpenBSD can still be installed from a floppy disc, and gnupg will just never ever fit. The one and only supported algorithm is Ed25519 from DJB. More details are in his blog."
top

Why I'm turning JavaScript off by default

ConstantineM ConstantineM writes  |  about a year ago

ConstantineM (965345) writes "I don’t want web designers redesigning the “experience” of using the web. The unification of the user experience of using computers is a positive thing. If you use old software from the early days of computing, everything had a different user experience. If you use Windows or OS X, you’ll know of software that behaves differently from the norm. If you are a reasonably perceptive user, you’ll see it, and then you’ll be annoyed by it."
Link to Original Source
top

Apple and Linux vendors are behind Microsoft and OpenBSD on exploit mitigation

ConstantineM ConstantineM writes  |  1 year,3 days

ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, says Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that FreeBSD is still shipping without it. Theo de Raadt also identifies that although Linux has the code for all of these techniques, most vendors enable them very sparingly, and, in general, support is disabled; Apple does have ASLR, but other methods appear missing."
Link to Original Source
top

Theo de Raadt gives a 10-year summary on exploit mitigation in OpenBSD

ConstantineM ConstantineM writes  |  1 year,4 days

ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, claims Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that some other vendors are still shipping without it."
top

fuse support in OpenBSD -current

ConstantineM ConstantineM writes  |  1 year,5 days

ConstantineM (965345) writes "File system in userland support — fuse — was included in OpenBSD 5.4 source tree, but not built by default, hence not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, and asked him about his experience of getting libfuse into OpenBSD. Which userland file systems are supported? So far, it's sshfs-fuse and ntfs-3g (both are in the ports tree due to the GPL)."
top

FUSE support in OpenBSD 5.4-current: last, but not least

ConstantineM ConstantineM writes  |  1 year,8 days

ConstantineM (965345) writes "FUSE(4) has been included in OpenBSD 5.4, but was not build into the default kernels yet, hence, not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, a first-time OpenBSD contributor, and asked him about his experience of getting libfuse into OpenBSD. Long story short: it involves some vfs grokking, improved fusebufs and a BSD rewrite of the GPL libfuse. Although to actually enjoy the feature, you'd still have to subject yourself to GPLv2 in the ports tree: sysutils/sshfs-fuse and ntfs-3g ports are available."
top

OpenSSH has a new cipher, chacha20-poly1305, from D.J. Bernstein!

ConstantineM ConstantineM writes  |  1 year,11 days

ConstantineM (965345) writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"
top

mdoc.su, a short-URL site written wholly in nginx.conf

ConstantineM ConstantineM writes  |  about a year and a half ago

ConstantineM (965345) writes "A site written in nginx.conf. What? Make no mistake, this is what the newly announced mdoc.su is. The site is a URL shortener that provides an easy addressing scheme for the manual pages of all the BSDs, and even supports generating complete HTML pages with multiple links to pages of several systems at once: http://mdoc.su/f91,n60,o52,d/mdoc. Source code is available on github under a BSD licence."
Link to Original Source
top

BXR.SU, OpenGrok service for BSDs in publicly private (IPv6-only) beta

ConstantineM ConstantineM writes  |  about a year and a half ago

ConstantineM (965345) writes "Publicly private beta? Instead of devising a new scheme on handing out invitations for a new and improved OpenGrok for the BSDs, why not require IPv6 for the beta? Welcome BXR.SU — Super User's BSD Cross Reference, which is launched today as an IPv6-only OpenGrok service for FreeBSD, OpenBSD, NetBSD and DragonFly. The service is IPv6-only during the beta (ask your ISP for an token); but a full release schedule is already known: an A record for BXR.SU will be temporarily published on 2013-04-04, an IPv4 day, to test out the water, and ensure misconfigurations of the NAT don't break out access to the site. IPv4 glue records are also withheld — the authors are afraid that some nameservers are misconfigured, and are giving the ISPs extra time. BXR.SU is claimed to be 200× faster than the nearest competitor, metager.de."
Link to Original Source
top

BXR.SU, OpenGrok service for BSDs in publicly private beta

ConstantineM ConstantineM writes  |  about a year and a half ago

ConstantineM (965345) writes "Publicly private beta? Instead of devising a new scheme on handing out invitations for a private beta of a new and improved OpenGrok service for the BSDs, why not require IPv6 for the beta test? Welcome BXR.SU — Super User's BSD Cross Reference, which is launched today as an IPv6-only OpenGrok service for FreeBSD, OpenBSD, NetBSD and DragonFly. The service is IPv6-only during the beta (ask your ISP for an token to participate); but a full release schedule is already known: an A record for BXR.SU will be temporarily published on 2013-04-04, an IPv4 day, to test out the water, and ensure misconfigurations of the NAT don't break out access to the site. IPv4 glue records are also withheld — the authors are afraid that some nameservers are misconfigured, and are giving ISPs until 2013-04-24 prior to publishing IPv4 glue. BXR.SU is claimed to be 200× faster than the nearest competitor, code.metager.de."
Link to Original Source

Journals

ConstantineM has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?