Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 16 declined, 7 accepted (23 total, 30.43% accepted)

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - OpenBSD keyboard problems fixed by pms(4) and a forcible mouse port reset

Submitted by ConstantineM
ConstantineM (965345) writes "Theo de Raadt writes in on tech@ a fascinating story from the s2k15 hackathon in Brisbane about the reasons that the mice and keyboards were problematic on the new ThinkPad X1, specifically, having keyboard repeat and shutter during install, eventually being figured out to happen due to the large and extra sensitive touchpad. It all came down to the pms driver, or lack thereof, as it's missing only on the RAMDISK kernels used on the install media, and they were the only ones being visibly affected.

The solution is to forcibly reset the mouse port at attach., de Raadt proclaims. Some other keyboard issues, notably boot -c not working on some machines, were also determined to be caused by the mouse ports, too.

But the changes are risky, and require lots of testing prior to commit, due to the plethora of keyboard controller models, so, it didn't make the cut for the upcoming 5.7 release."

+ - OpenSSH will feature key discovery and rotation for easier switching to Ed25519

Submitted by ConstantineM
ConstantineM (965345) writes "OpenSSH developer Damien Miller wrote tomorrow from Down Under about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH — hostkeys@openssh.com — an OpenSSH extension to the SSH protocol for sshd to automatically send all of its public keys to the client, and for the client to automatically replace all keys of such server within ~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the OpenSSL-free Ed25519 public keys. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised."

+ - First release of LibreSSL portable is available.

Submitted by ConstantineM
ConstantineM (965345) writes "It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit."

+ - Bob Beck gives a 30-day status update on LibreSSL at BSDCan in Ottawa

Submitted by ConstantineM
ConstantineM (965345) writes "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that noone at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment — Linux Foundation is turning a blind eye to LibreSSL, and instead is only committed to funding OpenSSL directly, despite the apparent lack of security-oriented direction within the OpenSSL project upstream. Funding can be directed to the OpenBSD Foundation."

+ - OpenBSD 5.5 Released->

Submitted by ConstantineM
ConstantineM (965345) writes "Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies."
Link to Original Source

+ - OpenSSH no longer has to depend on OpenSSL->

Submitted by ConstantineM
ConstantineM (965345) writes "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."
Link to Original Source

+ - OpenSSH 6.5 released (with lotsa D. J. Bernstein crypto) 1

Submitted by ConstantineM
ConstantineM (965345) writes "OpenSSH 6.5 has been released, which is dubbed a feature release. It's the first release with lots of D. J. Bernstein crypto in public domain (6.4 did not contain any DJB code whatsoever), from ChaCha20-Poly1305 stream cipher and MAC, to key exchange with Curve25519 (and a new private key format). The new key exchange is now the default (when supported by both sides), but the new transport cipher is an option. Additionally, the portable version has some extra code-hardening, and a switch to a ChaCha20-based arc4random() PRNG for platforms that don't provide their own."

+ - OpenBSD Foundation Receives A Commitment for 100k, sets annual goal to 150k->

Submitted by ConstantineM
ConstantineM (965345) writes "Bob Beck, director of the OpenBSD foundation, writes on misc@ — 'To all of you who have donated, please allow me to give you a huge "Thank You". In a nutshell, we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation. From a developer's perspective let me assure you that this reaffirms the worth of what we are supporting and makes us want to work on it that much more.' Based on the updated list of significant contributors, in addition to the donation by the Mircea Popescu of MPEx Bitcoin securities exchange, genua, Google and many others have joined in. 'We would like to continue to build on your groundswell of support, and have set a target for $150,000 this year in fundraising.', Bob concludes."
Link to Original Source

+ - OpenBSD Moving Towards Signed Packages — based on D. J. Bernstein crypto

Submitted by ConstantineM
ConstantineM (965345) writes "It's official: "we are moving towards signed packages", says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co, and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."

+ - Interview with John McAfee on Russia Today by Sophie Shevardnadze (25 minutes)->

Submitted by ConstantineM
ConstantineM (965345) writes "John McAfee has been interviewed on Russia Today in a 25-minute show by Sophie Shevardnadze. John has discussed his views on encryption, surveillance, operating systems, politics and paranoia, and even Kim Dotcom came to light. When asked about the possibility of encryption helping the criminals: "You cannot pre-emptively restrict your freedoms because of the fear of how something might be used. Everything that has ever been developed has been used for a bad purpose. Baseball bats, which are fun for baseball players to hit balls, they've also been used to beat people to death. We just cannot restrict ourselves because something might be used in the wrong way.""
Link to Original Source

+ - OpenBSD introduces signify, a sign and verify utility in base

Submitted by ConstantineM
ConstantineM (965345) writes "Perhaps in the light of the recent NSA disclosures, OpenBSD developer tedu@ has committed a new utility, signify, to aid OpenBSD in signing and verifying releases and packages. Why a new tool? He bluntly says that all the other tools were Not Invented Here. But another reason is that OpenBSD can still be installed from a floppy disc, and gnupg will just never ever fit. The one and only supported algorithm is Ed25519 from DJB. More details are in his blog."

+ - Why I'm turning JavaScript off by default ->

Submitted by ConstantineM
ConstantineM (965345) writes "I don’t want web designers redesigning the “experience” of using the web. The unification of the user experience of using computers is a positive thing. If you use old software from the early days of computing, everything had a different user experience. If you use Windows or OS X, you’ll know of software that behaves differently from the norm. If you are a reasonably perceptive user, you’ll see it, and then you’ll be annoyed by it."
Link to Original Source

+ - Apple and Linux vendors are behind Microsoft and OpenBSD on exploit mitigation->

Submitted by ConstantineM
ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, says Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that FreeBSD is still shipping without it. Theo de Raadt also identifies that although Linux has the code for all of these techniques, most vendors enable them very sparingly, and, in general, support is disabled; Apple does have ASLR, but other methods appear missing."
Link to Original Source

+ - Theo de Raadt gives a 10-year summary on exploit mitigation in OpenBSD

Submitted by ConstantineM
ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, claims Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that some other vendors are still shipping without it."

+ - fuse support in OpenBSD -current

Submitted by ConstantineM
ConstantineM (965345) writes "File system in userland support — fuse — was included in OpenBSD 5.4 source tree, but not built by default, hence not officially supported. This has since changed in 5.4-current. The undeadly editors have tracked down the author, Sylvestre Gallon, and asked him about his experience of getting libfuse into OpenBSD. Which userland file systems are supported? So far, it's sshfs-fuse and ntfs-3g (both are in the ports tree due to the GPL)."

"If you own a machine, you are in turn owned by it, and spend your time serving it..." -- Marion Zimmer Bradley, _The Forbidden Tower_

Working...