Comment Re:Thanks OpenBSD (Score 1) 249
Most of the speed gains for high bandwidth x delay networks have been realised in stock OpenSSH already. HPN still does better on very fast long distance networks though.
Comment Re:I know I'm not alone in this... (Score 1) 249
You do realise that we implemented quite a few speedups for high bandwidth x delay networks already. The remaining "HPN" patches make marginal difference for most networks, other than the patch to allow deactivation of encryption that we refuse to merge at all.
Comment Re:Fast, Weak sshfs (Score 1) 249
Faster still (and a better cipher):
ssh -o Compression=no -o Ciphers=arcfour256 -o MACs=umac64@openssh.com
The umac-64 MAC is only supported by OpenSSH AFAIK (though the spec is available to anyone else who wants to). It is faster and has a better security guarantee than HMAC-MD5 (and is way faster than HMAC-SHA1).
Comment Re:Thanks OpenBSD (Score 1) 249
I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.
OpenSSH still won't work with certificates signed by a CA.
Quite right, and we have no intention of incorporating x.509 support. X.509 parsing and verification exposes a large amount of attack surface and all of it is, by necessity, pre-authentication too (the type which, if buggy, allows worms). Read Peter Gurmann's X.509 style guide and see if you ever want to go near this horror again. We have actually written our own minimal RSA verification code to avoid the sort of ASN.1 parsing that is necessary to deal with X.509, and it has saved us from at least seven bugs - some probably exploitable for authentication bypass or remote code execution.
OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.
Yep, we are a _secure_ shell and we take a mildly patriarchal attitude to adding options that can lead to insecure use of OpenSSH. Note that the actual bottleneck in most cases is not the crypto anyway (at least when using arcfour256 as your cipher) but the MAC, and you wouldn't want to switch that off. We do have a very fast MAC though: umac-64
OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.
File a bug, we'll fix it.
Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.
Thanks
Comment Re:Thanks OpenBSD (Score 1) 249
Nope. Not without 3rd party patches anyway.
Comment Re:Thanks OpenBSD (Score 1) 249
Use arcfour256 as your cipher and umac-64@openssh.com as your MAC (ssh -oCiphers=arcfour256 -oMACs=umac-64@openssh.com ...). Between these, CPU is usually not the bottleneck anymore.
We don't support the none cipher because "secure networks" often aren't, and there are already tools that are insecure and go fast.
We don't support the none cipher because "secure networks" often aren't, and there are already tools that are insecure and go fast.
Comment Re:Not a bug (Score 4, Informative) 830
You are doing it wrong; permanently failing on recoverable EINTR and EAGAIN errors. See here for how to do it right.
Submission + - Crystalspace 1.0 released
Qbertino writes: The high-end open-source 3D engine Crystalspace has reached Version 1.0. From the website: "After almost 10 years of development we finally release Crystal Space and Crystal Entity Layer 1.0!"
Crytalspace has several sub-projects: A game engine called CEL, a scripting exstension for that game engine called Cellstart, and CrystalCore, a single-player FPS Demo-Game built to show off Crystalspaces features. Crystalspace is generally considered a modern and extremely powerfull 3D engine and allready is in use in commercial products.
Submission + - The semantics of climate change
gollum123 writes: "A nice article on the BBC talks about the difficulty in curbing the growth of greenhouse gases because scientists and politicians are speaking a different language ( http://news.bbc.co.uk/2/hi/programmes/from_our_own _correspondent/6324357.stm ). Quoting the author " I have wondered long into many nights why it always ends up like this; why it is so difficult to curb the global growth in greenhouse gas emissions which now runs above 2% per year. I have been concentrating on semantics. And it has brought me to a conclusion which is so simple I cannot believe I missed it years ago. The crux of the matter, it seems to me, lies in the different ways that scientists and politicians use language. Science is nothing without precision... political language, on the other hand, is a triumph of misrepresentation. When a scientist talks about 'reducing greenhouse gas emissions' he or she means just that; actually reducing them. But what it is coming to mean in the political lexicon is something very different. The emissions will still rise, but a bit less quickly than they would have done otherwise. Having them grow less fast becomes equivalent to reducing them.""
Submission + - Novell won't be banned from distributing Linux
Aim Here writes: In an earlier article, Slashdot quoted Reuters as claiming that the FSF might try to ban Novell from using Linux. Eben Moglen of the FSF has responded in an eweek interview, claiming he was quoted out of context, and that his quote in the article merely refers to the upcoming version 3 of the GNU General Public License. Was this all just an honest mistake, an eager journalist overhyping a weak story, or part of a wider campaign of sinister anti-FSF FUD?
Submission + - Real Cost of the iPhone: $1936
An anonymous reader writes: CenterNetworks calculated the real cost of purchasing and using the iPhone for one year. The cost comes out to $1,936. Just amazing. Who can afford this type of cash?
True cost of the iPhone
True cost of the iPhone
Submission + - Costs of content protection in Windows Vista
An anonymous reader writes: Veteran security researcher Peter Gutmann has published a paper "A Cost Analysis of Windows Vista Content Protection". It explains the horrendous costs that Windows Vista's "premium" content protection requirements will foist on producers and consumers of computing technology: buggy drivers, more expensive hardware, randomly degraded sound and video output and the threat that Microsoft may remotely disable your hardware if someone, somewhere finds a way to use it to copy "premium" media!
Submission + - Microsoft tries to patent RSS
bitserf writes: As some blogs are reporting, Microsoft appears to have submitted a patent application for RSS. This appears to be a pretty cynical move on their part, think back to when people were pushing for them to integrate this into their platforms. It would be quite ironic if the inventor of RSS ended up not being able to use the technology he developed and evangelized for fear of infringing on their patent.
The filing date of the patent is June 21, 2005.
Submission + - New York Times Censorship
An anonymous reader writes: The New York Times writes that a recent op-ed article by Flynt Leverett and Hillary Mann was censored by the White House even though all information found in the article lies within the public domain. It states that 'the deleted portions of the original draft reveal no classified material. These passages go into aspects of American-Iranian relations during the Bush administration's first term that have been publicly discussed by Secretary of State Condoleezza Rice; former Secretary of State Colin Powell; former Deputy Secretary of State Richard Armitage; a former State Department policy planning director, Richard Haass; and a former special envoy to Afghanistan, James Dobbins.' The article was 'blacked out by the Central Intelligence Agency's Publication Review Board after the White House intervened in the normal prepublication review process and demanded substantial deletions. Agency officials told us that they had concluded on their own that the original draft included no classified material, but that they had to bow to the White House.' The full article can be found here.
