Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Many eyes make bugs / backdoors shallow (Score 5, Informative) 536

It seems that link may have been /.ed. They are doing precisely as you say.

Here is a dump of the information, last I had it.

IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate

The etherpad (most detailed and up to date):
OPENBSD IPSEC STACK VERIFICATION

Original Email:

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

The code:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_input.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c

Misc:

What other software includes the OpenBSD IPSEC implementation?

Not Linux:
Triaging Linux; git clone git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Initial commit 6c55c29fa, Oct 2002, Alexey Kuznetsov
Does not appear to be derived from the above? (checking strings from ipsec_input.c version 1.54.2.3, Oct 2002). Neither copyright information nor comment strings match. Linux's IPSec implementation looks original.
'git log -p --grep=IPSEC' on the above clone shows complete history for the period.

Communications:
IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate
PublicPad (this document); http://piratenpad.de/condition-beige

Press:

http://blogs.forbes.com/taylorbuley/2010/12/14/fbi-accusedipsec-of-decade-old-cryptography-code-conspiracy/
http://bsd.slashdot.org/story/10/12/15/004235/FBI-Alleged-To-Have-Backd

We have never allowed US citizens or foreign citizens working in the US
to hack on crypto code (Niels Provos used to make trips to Canada to
develop OpenSSH for this reason), so direct interference in the crypto
code is unlikely. It would also be fairly obvious - the crypto code
works as pretty basic block transform API, and there aren't many places
where one could smuggle key bytes out. We always used arcrandom() for
generating random numbers when we needed them, so deliberate biases of
key material, etc would be quite visible.
oored-OpenBSDs-IPSEC-Stack
http://www.reddit.com/r/programming/comments/elw0x/allegations_regarding_openbsd_ipsec_fbi_backdoors/
http://www.metafilter.com/98547/Subject-Allegations-regarding-OpenBSD-IPSEC

Docs:

http://web.archive.org/web/20000621015208/www.netsec.net/gsa.html
https://www.gsaadvantage.gov/ref_text/GS35F0040K/GS35F0040K_online.htm
http://web.archive.org/web/19980101000000-20040101235959*sh_re_sr_1nr_30/http://www.netsec.net/*
http://web.archive.org/web/20000816024729/www.netsec.net/ltr_doj.html

Source Contributors:
Jason: http://www.linkedin.com/in/jasonwright

Possibility #1: (eldragon)
http://www.openbsd.org/cgi-bin/cvs

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.25;r2=1.41;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.28;r2=1.29;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.30;r2=1.31;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.40;r2=1.41;f=h
http://nixdoc.net/man-pages/openbsd/man9/m_inject.9.html
http://fxr.watson.org/fxr/source/kern/uipc_mbuf.c?v=OPENBSD#L925

The wiki:
OPENBSD IPSEC CODE AUDIT

Original Post http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

inet code repo http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/

etherpad for collaboration http://piratenpad.de/condition-beige

Current Status: Backdoor is NOT confirmed. 2010/12/14 21:34

The allegations are very broad. They may not even be true. At this time, the authenticity of the e-mail from Mr. Perry has not been proven. (2010/12/14 22:01)

Please link to any information you may have so that the community can keep up with this important issue.

This wiki was set up by #openbsd IRC channel and is not “official.”

Reviews In Progress

Mephux and Terracotta http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_ah.h?r1=1.24.2.1#rev1.24.2.1

Flagged For Concern

None Yet

Reviews With An Outcome

None Yet

Comment Re:On the contrary (Score 1) 1020

It is a strange phenomenon, indeed. I was just wondering about this myself. Truly, does it take one to know one? Are the most informed of criminal affairs not the criminals themselves? We speak and write best about those things we know. We come to know some things only after the intimacy of doing. Those who best know what is amiss with the world most likely have been an active part of that aspect for the last 40 years. Willingly or not, I suppose it is what is.

Comment Re:Lynx!--Mod parent up (Score 1) 347

Indeed there are such people who will only resort to an outdated version of Firefox when lynx fails. I used to think that this was misguided or Luddite. Though I have come to appreciate the simplicity of user interfaces, especially those that work with lynx. The basis for my appreciation stems from technical uses of the web, typically involved in some sort of literature search, which were faster and easier to do using the lynx/telnet interfaces.

Someone above has been posting about focusing on the best user experience as opposed to just using web interfaces for everything. I am not a web developer but this intuitively makes sense to me as a web user and hardware developer. If we use the right tool for the job, it shows in the end via ease of use and quantity of use. Cheers

Comment Re:Result (Score 1) 809

I'm curious. Are you in the States right now? I would like to know why and how Switzerland has its personal accountability complex, which is awesome, and Americans have the no accountability complex? I figured it might be something related to mandatory service, common experiences, same-team kind of stuff so the disillusionment could at least be standardized. =)

Cheers

Comment Re:Result (Score 1) 809

You really have no idea what you're talking about. I hate starting comments like that, because it makes people defensive, but alas I have other things I need to do today. If there were one thing I could change about America, it would be a mandatory service much like that employed in Switzerland.

Sure, you are a better programmer than soldier. So what? Half of the USAF does nothing but sit behind computer screens all day. Violence is the least of what we can do to serve our country and represent the nation's best interests.

The point that I'd like to make is really this: we are a divide states of America. We do not know how lucky and resourceful we really are. I've seen people who sell drugs on the streets because that's all they know. By and large, their negative attitude toward America and the opportunity available is shared by most citizens. We talk about "them" and "their" government holding "us" down in some way or another. The fallacy is that we /are/ the government. We are the United States of America. When our politicians fail us, we are supposed to get pissed and stay pissed until we get what we want: their heads on a spike.

I invite you not to respond to this post with yet another post but instead, a trip to Zurich, Switzerland. Contact some of the folks on http://www.couchsurfing.org/ so that you may be hosted by a proper Suisse, and learn. They are older and wiser as a culture with a penchant for excellence and perfection. They are the best program management/system integrators in our little planet. Truly, some of what makes them who they are is the mandatory service and the fact that every Suisse household has a standard issue military weapon and, at the end of every year, freshly shipped ammunition from the government for it. Interesting, indeed.

Cheers

Comment Re:Oh, look! (Score 1) 888

This assumes, as you stated, that every life is important, but additionally that each life is valued equally. Herein lies the basis for those who studying foreign policy. When resources become scarce, when issues cross borders, when violence becomes polarized in over-populated areas... when do you start to value some lives more than others and how do you do it. It sucks, but if we can't take care of ourselves reasonably well first, there is little use in offering help to anyone.

Comment Re:Why a 100K would be needed from Bill to fund th (Score 2, Funny) 259

Yeah, cause those poor beautiful people in Sweden are... so... poor... because they lack the infinite bliss that is what, Baconnaise(TM)?

Actually, I'm pretty sure Benjamin was talking about "public provisions made for the poor" and not merely public provisions made for the commonwealth.

http://www.thedailyshow.com/video/index.jhtml?videoId=225113&title=the-stockholm-syndrome
http://www.thedailyshow.com/video/index.jhtml?videoId=225126&title=the-stockholm-syndrome-pt.-2

Comment Re:where have I heard this before? (Score 1) 177

Don't worry about it. They will get meta-moderated and in the future not get as many mod points. Eventually.

In the mean time, feel free to expound upon the most difficult aspect of the copyright dialogue: how to compensate original authors.

Certainly the moral aspect of taking someone's work for free, representing it as your own, and then profiting tremendously from it is plain as day wrong.

However, let's complicate it a bit. Take each of these as a "What if?" scenario:
The original author is dead.
The "rights" were transferred to an organization that will never die, like his family or corp.
The original work is obscure.
Other work is independently achieved.
The work is too expensive for someone to "buy".
The work is used, but not for profit.
The work is used, new work is made and the original cited.

The list goes on, though it should show some of the key inherent problems with material value and ownership. Attributing material value to an idea seems fraught with philosophical peril.

What is ownership, anyway? Just some government given attribute that allows us to take from others.

Being your usual polite Midwestern guy, I would prefer to solve to problem by getting people to willingly remove money from their wallets for my work, as opposed to some government enforced law decreeing so. The solution to copy-cats is fairly easy: keep creating. They may have taken your fish today, but you still know how to fish and they don't.

How we ought to legislate copy-rights and other such weird concepts such as intellectual property, I have no idea. So long as the government doesn't spend much money on it and it's so unenforceably broken (like now), it's fine.

In the current system, the low hanging fruit seems to be 1) spending less tax money on the problem overall, 2) decreasing the copyright lifetime, 3) protect individuals, not corporations, 3) simple policy, 4) provide swift and immediate judgments.

Comment Re:No swaggering... (Score 3, Informative) 500

It also makes any victory or defeat in this case entirely hollow. This case will not change what is legal in relation to copyright law, but merely what you get to weasel out of.

Duh. It's a courtroom, not the parliament. You don't make law there, you enforce it. Imagine if any random murder trial could legalize murder.

If you want to change law, you don't do it on the defentants' seat.

This is frankly not true in the United States. Jury Nullification, though obscure, is a very balancing and necessary part of trial by a jury of peers. http://en.wikipedia.org/wiki/Jury_nullification

Comment Re:I don't get it. (Score 5, Interesting) 160

"The on-chip antenna feeds the LTCC patch antenna through aperture coupling, thus negating the need for RF buffer amplifiers, matching elements, baluns, bond wires and package transmission lines."

From the systems perspective he made a better RF transmitter block. Digging into that block and looking at the RF design level, he simplified the circuitry normally used such as a matching network for the antenna, transmission lines, oscillator (for modulating the information over the carrier frequency), etc into a discrete chip as opposed to multiple printed circuit board components to do that same job.

Beyond that I'd need to study the paper and find more detailed examples of cell phone architecture to have a better idea of the advantages and disadvantages over the legacy design.

Slashdot Top Deals

If I set here and stare at nothing long enough, people might think I'm an engineer working on something. -- S.R. McElroy

Working...