Forgot your password?

Comment: Wiped out by new diseases perhaps? (Score 2) 57

by (#47796987) Attached to: DNA Reveals History of Vanished "Paleo-Eskimos"
A non-violent mass die-off could suggest something along the lines of a population's first exposure to a new disease (as in one nobody in the population has any immunity for) of some sort, perhaps several. Slightly more modern examples include native american populations that essentially disappeared during the early days of European exploration and settlement of north america.

+ - Password Gropers Hit Peak Stupid, Take the Spamtrap Bait-> 1

Submitted by (447981) writes "Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're take from the spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally Peak Stupid."
Link to Original Source

Comment: The Linux Foundation is not actually that evil (Score 1) 164

by (#47029537) Attached to: 30-Day Status Update On LibreSSL
Unfortunately the summary gets several important facts wrong, including the status of support from the linux fooundation -- last status is ongoing discussions, not total ignore as the post summary says. And you can see what Bob actually said in the video jason Tubnor uploaded to youtube The real Bob Beck on OpenSSL talk

+ - Have you changed your password lately? Does it even matter?->

Submitted by (447981) writes "Do frequent password changes actually matter security wise? Or do they just make us pick the minimum complexity password the system will accept? I want your opinion. In his latest piece, Peter Hansteen wants your opinion on common security enforcement practices and even offers a poll about enforced password changes. Let loose the debate rage!"
Link to Original Source

Comment: Re:Merged back or fork? (Score 4, Informative) 379

by (#46798679) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week
The work by the OpenBSD developers happens in the OpenBSD tree. Whether or not the OpenSSL project chooses to merge back the changes into their tree is yet to be seen. Given the activity level in the OpenSSL tree lately I find it more likely that the primary source of a maintained open source SSL library shifts to the OpenBSD project. To the extent that portability goo is needed it will likely be introduced after the developers consider the code base stable enough.

Comment: Re:I would think (Score 5, Informative) 379

by (#46798661) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week
This is actually the OpenBSD developers diving in because the upstream (OpenSSL) was unresponsive. If you look at the actual commits, you will see removal of dead code such as VMS-specific hacks, but also weeding out a lot of fairly obvious bugs, unsafe practices such as trying to work around the mythical slow malloc, feeding your private key to the randomness engine, use after free, and so on.

It would look like it's been a while since anybody did much of anything besides half hearted scratching in very limited parts of the code. This is a very much needed effort which is likely to end up much like OpenSSH, maintained mainly as part of OpenBSD, but available to any takers. We should expect to see a lot more activity before the code base is declared stable, but by now it's clear that the burden of main source maintainership moved to a more responsive and responsible team.

+ - What is it that you want to learn about OpenBSD 5.5?->

Submitted by (447981) writes "In the upcoming OpenBSD 5.5 release there will be a number of improvements, including a whole new traffic shaping system, automatic installer improvements and the switch to 64-bit time_t.

But OpenBSD has been the source of lots of innovation and improvements in BSD and Unix in general over the years, and in preparation for his two BSDCan tutorials, Peter Hansteen asks, What do you want to learn about OpenBSD 5.5 (and possibly future directions)?"

Link to Original Source

Comment: Also, OpenBSD's PF modedd w/incompatible licenc (Score 1) 268

by (#46741221) Attached to: Apple's Spotty Record of Giving Back To the Tech Industry
Apple's main interface to the opensource world is through the FreeBSD project, which is how they also drew in PF, the OpenBSD packet filter and most likely shipped more copies of that code than any other consumer. However, they made some changes that they contributed back to the world #ifdef'ed with their own incompatible license. I wrote about that a couple of years back for Call for Testing magazine, see

+ - Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow ->

Submitted by (447981) writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course."
Link to Original Source

+ - Book Review: "Sudo Mastery: User Access Control for Real People"->

Submitted by Saint Aardvark
Saint Aardvark (159009) writes "Disclaimer: I got a free copy of this book because I was a technical reviewer for it. Disclaimer to the disclaimer: I totally would have paid for this book anyway. Final disclaimer: a shorter version of this review appeared on

If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:
  1. Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
  2. Make sure you're in the wheel group.
  3. Profit!

Okay, so you can now run any command as root. Awesome! But not everyone is as careful as you are (or at least, as you like to think you are). If you're a sysadmin, you need to stop people from shooting themselves in the foot. (Might also want to stop yourself from self-inflicted gunshot wounds.) There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form (sue me), and my eyes would glaze over. And so I'd go back to putting some small number of people in the "wheel" group, and letting them run sudo, and cleaning up the occasional mess afterward.

Fortunately, Michael W. Lucas has written "Sudo Mastery: User Access Control for Real People". If his name sounds familiar, there's a reason for that: he's been cranking out excellent technical books for a long time, on everything from FreeBSD to Cisco routers to DNSSEC. He just, like, does this: he takes deep, involved subjects that you don't even know you need to know more about, and he makes them understandable. It's a good trick, and we're lucky he's turned his attention to sudo.

The book clocks in at 144 pages (print version), and it's packed with information from start to finish. Lucas starts with the why and how of sudo, explaining why you need to know it and how sudo protects you. He moves on to the syntax; it's kind of a bear at first, but Chapter 2, "sudo and sudoers", takes care of that nicely. Have you locked yourself out of sudo with a poor edit? I have; I've even managed to do it on many machines, all at once, by distributing that edit with CFEngine. Lucas covers this in Chapter 3, "Editing and Testing Sudoers", a chapter that would have saved my butt. By the time you've added a few entries, you're probably ready for Chapter 4, "Lists and Aliases".

sudo has lots of ways to avoid repeating yourself, and I picked up a few tricks from this chapter I didn't know about — including that sudo can run commands as users other than root. Need to restart Tomcat as the tomcat user? There's a sudoers line for that. I'm ashamed to admit that I didn't know this.

There is a lot more in this book, too. You can override sudo defaults for different commands or users (you can change the lecture text; maybe sometimes there *is* a technical solution for a social problem...). You can stuff sudo directives into LDAP and stop copying files around. You can edit files with sudoedit. You can record people's sudo commands, and play them back using sudoreplay. The list goes on.

Sounds like a lot, doesn't it? It is. But the book flies by, because Lucas is a good writer: he packs a lot of information into the pages while remaining engaging and funny. The anecdotes are informative, the banter is witty, and there's no dry or boring to be found anywhere.

Shortcomings: Maybe you don't like humour in your tech books; if so, you could pass this up, but man, you'd be missing out. There wasn't an index in the EPUB version I got, which I always miss. Other than that: I'm mad Lucas didn't write this book ten years ago.

Score: 10 out of 10. If you're a Linux or Unix sysadmin, you need this book; it's just that simple.

Where to buy:

  • You can buy the ebook version from Lucas himself.
  • You can also buy the ebook or a dead-tree version from

Link to Original Source

+ - Effective Spam and Malware Countermeasures Using Free Tools ->

Submitted by (447981) writes "In the seemingly never-ending fight against spam and malware, are the free tools really better? In a recent article titled Effective Spam and Malware Countermeasures — Network Noise Reduction Using Free Tools, Peter Hansteen offers a strong argument that free tools, with emphasis on the ones supplied by OpenBSD, are indeed better performing and significantly more cost effective than commercial counterparts. The article also has a history of malware and spam with chuckleworthy anecdotes."
Link to Original Source

+ - The UK "Porn" Filter Blocks Kids' Access To Tech, Civil Liberties Websites ->

Submitted by (447981) writes "It fell to the UK Tories to actually implement the Nanny State. Too bad Nanny Tory does not want kinds to read up on tech web sites such as, or civil liberties ones such as the EFF or Amnesty International. Read on for a small sample of what the filter blocks, from a blocked-by-default tech writer."
Link to Original Source

panic: can't find /