You will find more details over at the OpenBSD Journal site (undeadly.org), specifically the stories KARL - kernel address randomized link and the followup Kernel relinking status from Theo de Raadt. These and other items will also turn up on the project's Innovations page.

And for that whirlwind tour of what's good in that system, take a peek at my OpenBSD and you slides.

To me this sounds like the main problem is the "security" device that's generating a lot of noise.

My solution would be to put something (very low power gear will do) running a recent OpenBSD and a PF ruleset with overflow rules modeled on the ones outlined here in front of that whiny device. The ruleset would need to be modified to fit the observed traffic, of course. Then anyone who fits the profile of unwanted traffic simply auto-LART themselves into the table of blocked addresses.

With a properly placed adaptive firewall like that, the noisemaker would likely not see enough of the traffic to trigger any of the useless warnings.

In a country where law enforcement seems quite eager to use lethal force agains perceived threats, why are death threats like those mentioned numerous times here not at least investigated by relevant law enforcement agencies?

In all seriousness, violence or threats of the same are not part of 'debate'. If anyone is laboring under that illusion, it's high time grownups stepped in, preferably with law enforcement of the anti-terrorist kind in tow. In civilized countries, death threats could easily lead to jail time.

Most societies would be more than willing to help ease the terrible burden of an abundance of assets. Raising the taxes on high incomes and capital gains would help reverse the Reagan-era onwards trend of wealth redistribution towards the higher income and wealth segments of society. We now know that wealth did not start trickling downwards, and grownups need to step in to correct the mistakes.

It's now August, the conference where they'll be presenting their work is in October, and the article is a tad short on specifics. They've done a formally verified formal verification of a filesystem. if it works, that's excellent news of course, but I'd wait until we have seen the thing work and with actual code to examine before making any comments or bets on how useful this is going to be. And this being an open source-oriented site, we should be asking whether the code will indeed be available under any kind of usable open source license.

Some very simple tests based on cut and paste from http://arstechnica.com/securit... indicate that on a default install of OpenBSD with a randomly picked username, you'll get 3 tries only before the connection shuts down.

we hit the max title length, but the second part is "and so is the existence of bugs in any non-trivial piece of software".

Re-using the existing connection is of course useful to fend off the traditional killing techniques for rapid-fire password guessers (such as http://home.nuug.no/~peter/pf/... and similar), but you still have to come up with the set of bytes that will let you authenticate. Which leads to the other thing --

The clowns I have been writing about ("The Hail Mary Cloud" -- http://bsdly.blogspot.ca/2013/... and links therein) used a totally different approach, but the general advice re passwords and other issues given in the conclusions apply here too.