10. The companies listed do large amounts of business with the U.S. government, which requires FIPS certification of crypto software.
20. OpenBSD has explicitly stated that FIPS certification is off the table for OpenSSH. NOT one of their goals.
30. Taking that off the table leaves a large pile of money ON the table.
40. GOTO 10
The core encryption functions of an older version (0.9.8, I think) was spun off into a separate module and certified for FIPS. The certification process is that the code is provably correct and the implementation is flawless, which is why it takes so damn long. It is also why only the core crypto transforms are certified.
You CAN, and vendors DO update the wrapper module around the core functions and update things without having to go back under certification.
Case in point. The Red Hat version of FIPS-OpenSSL was susceptible to HeartBleed, even though the core FIPS module was based off of an older version that was produced before the code error was introduced! Why? Because the error wasn't in the core crypto but rather the wrapper, non-crypto code. The actual cryptographic transforms (AES, HMAC-SHA, etc.) functioned perfectly, but information was leaked by the non-crypto code.
LOTS of people -- like almost everyone in the U.S. Gov't or contractors that work on their systems -- use the FIPS certified module for OpenSSL. Or, at least, Red Hat's version of it.
Not necessarily. It looks like they're removing what they can't support, such as VMS, Netware and OS/2. The few people that care can still use the original OpenSSL code.
I'd expect them to ensure it support the hardware platforms OpenBSD supports at the very least. Then, if they go the "portable" route like they did for OpenSSH, support for the other Unix and Unix-like systems.
http://www.openssh.com/portable.html
More power to them.
For someone seemingly intelligent enough to try and enumerate the tie options in code, they were brain dead fucking stupid enough to try to illustrate it with small pictures of a black tie on a black shirt.
Sheer genius.
Uh, no thanks.
I much prefer that wireles to be on a mini-PCIe card so I can upgrade it if necessary.
Damn near everything that comes with Wifi/BT ends up being single-band b/g/n and BT 2.0. For $35 I can get a dual-band, a/b/g/n/ac card w/BT 4.0.
Slapping it on the board greatly reduces options.
The song started playing in my head as soon as I read that phrase.
Led Zeppelin When the Levee Breaks.
The song started playing in my head as soon as I read that phrase.
Led Zeppelin When the Levee Breaks.
Ouch. Those are taxed at 28%, IIRC.
No, you're supposed to pay your taxes in the form the government with the military SAYS you're supposed to pay your taxes regardless of what you personally use for a medium of exchange.
Given my experiece with Best Try, it might be "Betta" testing. They dunk the tablets in fishbowls and see how the fish handle it. Honestly, I'd probably trust the technical opinions of a Siamese Fighting Fish over that of a Geek Squad member.
Those are for when you are driving and it is so much easier to just leave a VM. Also, when the background noise in the car makes a dictated e-mail look like it written by a drunk, illiterate wombat.
Sorry seems to be the hardest word.
It isn't an attack, it is a proxy. The company's node (computer) is configured to use the company's proxy to get out to the Internet. The connection to the end system is between the company's proxy and the end system. The user has no equipment in play.
Where I work (U.S. Gov't Agency) does this, though they exempt links to known online banking addresses.
Employees are trained annually and sign papers acknowledging they understand what is going on. Don't like it? Don't work here. Or, as most people do, use your own device on a cellular connection and don't use the company's equipment or network.
You know, that would explain the excessive amount of "fertilizer" coming from gaming companies these days.
Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.
