Language:
switch to room list switch to menu My folders
Go to page: 1 [2] 3 4
[#] Tue Jun 24 2014 02:42:33 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

yea, finaly something is moving... maybe *ssl becomes valgrind clean one day? *dreams*



[#] Tue Jun 24 2014 09:17:26 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Great. Does that mean that OpenSSL will now become a "one version for OpenBSD and one version for everyone else" ?

They've pulled that crap before.

[#] Tue Jun 24 2014 09:52:07 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


They need someone dedicated to handling OpenSSL. That would take care of almost all of their problems.

Probably won't happen anytime soon.

[#] Tue Jun 24 2014 10:08:03 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I read through the entire presentation. Their goals are worthwhile and their approach is sensible. If they want funding they're going to have to do a better presentation than MagicPoint with Comic Sans. With any luck, LibreSSL will do to OpenSSL what Xorg did to XFree86. Eliminating any reason for GNUTLS to exist would also be a plus.

[#] Tue Jun 24 2014 14:17:49 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Tue Jun 24 2014 10:08:03 EDT from IGnatius T Foobar @ Uncensored
I read through the entire presentation. Their goals are worthwhile and their approach is sensible. If they want funding they're going to have to do a better presentation than MagicPoint with Comic Sans. With any luck, LibreSSL will do to OpenSSL what Xorg did to XFree86. Eliminating any reason for GNUTLS to exist would also be a plus.

well, one of the most discussed removals was alternative ways for random seeds, which makes it i.e. impossible to use in putty.



[#] Tue Jun 24 2014 16:48:26 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Does 'doze not have a suitable random number generator? Anything missing from a platform should be provided by a supplemental library, not bolted into the SSL library itself and forced on everyone (especially those poor sensitive openbfd people with their perfectly secure but unusable operating system).

[#] Tue Jun 24 2014 17:12:00 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It's bug- and feature-free. Say, does anyone have a spare ASN.1 parser kicking around? ;-p

[#] Wed Jun 25 2014 10:18:47 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


I think 'doze does have a random number generator. Unsure if it's suitable, though, heh.

[#] Thu Aug 07 2014 14:57:36 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It wouldn't take much to convince me that every time a sysadmin logs into a solaris box, god rapes a dolphin in front of the pope.

[#] Thu Aug 07 2014 16:21:25 EDT from vince-q @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

#: rape dolphin
#: command 'rape' not found

[#] Thu Aug 07 2014 16:27:41 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Solaris is the alpha version of Linux for SPARC. Nobody told Oracle that it was scrapped so they keep shipping it.

[#] Thu Sep 25 2014 15:48:59 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Anyone bitten by 'shellshock'?

[#] Thu Sep 25 2014 17:53:32 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


"ShellShock" (CVE-2014-6271) is a security bug in Mac OS X that also happens to affect other Unix and Linux systems.


[#] Fri Sep 26 2014 01:27:59 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not bitten (that I can tell yet).  Patched with the second round of bash package updates.  Good to see that Slackware released patches back to 13.0 were released around 2 pm CST.  That would have saved me a bit of time fussing if Debian / Ubuntu was that fast :-)  They did come in a close second at around 4:50 pm CST, but a one man shop should probably come in second.  Just kidding, I realize he has minions dedicated to testing.  I appreciate all the folks doing the heavy lifting and discussions today as well.  Hated that the mess existed, but loved the response and frank discussions of the patches - all in the open !!!.

Thu Sep 25 19:55:13 UTC 2014
a/bash-4.3.025-i486-2.txz:  Rebuilt.
  Patched an additional trailing string processing vulnerability discovered
  by Tavis Ormandy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
  (* Security fix *)
ap/lxc-1.0.6-i486-1.txz:  Upgraded.
  Fixed bash completion file.  Thanks to dunric.

------------------------------------------------------------------------------------------------------------------------
Ubuntu notice:
Thu Sep 25 21:50:16 UTC 2014

bash (4.1-2ubuntu3.2) lucid-security; urgency=medium * SECURITY UPDATE: incomplete fix for CVE-2014-6271...



[#] Fri Sep 26 2014 10:41:14 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Best explanation (i.e. detailed enough but not ridiculously technical, explained for normal human beings, and not "OMG your IoT lightbulb will h4xx0r you!") I have found so far: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

[#] Fri Jan 23 2015 04:32:05 EST from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

A Generation Lost in the Bazaar

Quality happens only when someone is responsible for it.

Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right.

The book I brought to the beach house this summer is also thought provoking, much more so than Raymond's (which it even mentions rather positively): Frederick P. Brooks's The Design of Design (Addison-Wesley Professional, 2010). As much as I find myself nodding in agreement and as much as I enjoy Brooks's command of language and subject matter, the book also makes me sad and disappointed. ...

 


[#] Fri Jan 23 2015 16:04:15 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


"there is no escaping that the entire dot-com era was a disaster for IT/CS in general and for software quality and Unix in particular."

Bold words. I'm not sure I would go that far. Except if I were talking about PHP. >:-P

[#] Fri Jan 23 2015 16:11:24 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Ford ][ would be eating that article up.

[#] Mon Feb 02 2015 10:36:41 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Wow, what a carefully selected subset of data chosen towards a very faulty conclusion.

As examples of "lost in the bazaar" he cites:

* All of the baristas-turned-web-developers during the Dot Com Boom

* The FreeBSD ports tree

He conveniently leaves out all of the places where quality is present because someone is paying attention to it, or even better, because there are customers paying for it (Red Hat, Oracle, etc).

[#] Mon Feb 02 2015 23:48:58 EST from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

The comments were more fun than the "get off my lawn" article.