Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - OpenBSD 5.5 Released (openbsd.org)

Submitted by ConstantineM
ConstantineM writes: Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies.

Comment OPENSSL_NO_HEARTBEATS (Score 1) 144

by ConstantineM (#46883737) Attached to: OpenSSH No Longer Has To Depend On OpenSSL

You're referring to the exploit-mitigation-mitigation in OpenSSL, which indeed couldn't be disabled, as per tedu@openbsd, but OPENSSL_NO_HEARTBEATS was a separate option that noone has volunteered to claim of not working.

OPENSSL_NO_HEARTBEATS has since been made the default and only option in LibreSSL, and the heartbeats were removed.

Comment Didn't Target had Chip and Pin back in 2005? (Score 1) 210

by ConstantineM (#46880893) Attached to: Target Moves To Chip and Pin Cards To Boost Security

Didn't Target already had Chip and Pin back in 2005 or 2004? What happened to all of those?

I remember I got a Chip and Pin card from Fleet around that time (just on the edge of them being acquired by B of A); Fleet has even sent me a free card reader, which I've never used, actually.

Submission + - OpenSSH no longer has to depend on OpenSSL (gmane.org)

Submitted by ConstantineM
ConstantineM writes: What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.

Submission + - US Should Use Trampolines to Get Astronauts to the ISS Suggests Russian Official

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com writes: The Washington Post reports that Russia's Deputy Prime Minister Dmitry Rogozin has lashed out again, this time at newly announced US ban on high-tech exports to Russia suggesting that "after analyzing the sanctions against our space industry, I propose the US delivers its astronauts to the ISS with a trampoline." Rogozin does actually have a point, although his threats carry much less weight than he may hope. Russia is due to get a $457.9 million payment for its services soon and few believe that Russia would actually give it up. Plus, as Jeffrey Kluger noted at Time Magazine, Russia may not want to push the United States into the hands of SpaceX and Orbital Sciences, two private American companies that hope to be able to send passengers to the station soon. SpaceX and Orbital Sciences have already made successful unmanned resupply runs to the ISS and both are also working on upgrading their cargo vehicles to carry people. SpaceX is currently in the lead and expects to launch US astronauts, employed by SpaceX itself, into orbit by 2016. NASA is building its own heavy-lift rocket for carrying astronauts beyond low-Earth orbit, but it won’t be ready for anything but test flights until after 2020. "That schedule, of course, could be accelerated considerably if Washington gave NASA the green light and the cash," says Kluger. "America’s manned space program went from a standing start in 1961 to the surface of the moon in 1969—eight years from Al Shepard to Tranquility Base. The Soviet Union got us moving then. Perhaps Russia will do the same now."

Comment AT&T fibre is actually slower than copper or H (Score 2) 129

by ConstantineM (#46818161) Attached to: AT&T's Gigabit Smokescreen

What pisses me most about AT&T U-verse is that they do have FTTU (fibre-to-the-user) / FTTP, but they limit FTTP users to speeds that are lower than what they offer through VDSL through FTTN.

I used to live in San Jose, CA in 2010/2012, in a brand new apartment complex, had AT&T U-verse fibre strand terminated in my bedroom closet with an ONT. The line was FTTP-BPON (622/155 1:32), e.g. 622Mbps down / 155Mbps up, shared with at most 32 users, I checked with the manufacturer of my particular ONT.

But AT&T would only provision me with 18/1.5. They'd offer 24/3 to VDSL users only, supposedly too lazy to update the fibre profiles to offer it to the fibre customers. I researched it, and it was not unique to my building or to California, they were doing it all across the country with every single BPON build. My T-Mobile HSPA+ had higher upload speeds than 1.5Mbps on my top-of-the-line AT&T FTTU through BPON.

Keep in mind that the 622/155 line can only be shared with at most 32 users, and some wouldn't even want the top-of-the-line plans, either, or would not have active service in the first place, so, they're basically wasting their own capacity, and refusing an extra 10$/mo from me. Ping time was sometimes about 3ms to some locations within the Bay Area, but the 1.5Mbps bandwidth was pretty pathetic for a BPON fibre line.

I was so pissed I started a whole web-site dedicated to showing how uncompetitive AT&T internet offerings are compared to the options elsewhere in the country -- http://bmap.su/. So happy Google Fiber has finally been announced for San Jose, CA and lots of other markets now! I'm willing to be it'll be some other provider that'll offer broadband to my past place before AT&T will get to their senses and starts using at least the BPON infrastructure that they already have in place.

Comment Re:How they were detected (Score 1) 398

by ConstantineM (#46136491) Attached to: Press Used To Print Millions of US Banknotes Seized In Quebec

You remind me of http://www.cbc.ca/news/canada/...

CBC News Posted: Oct 19, 2004 6:06 PM ET Last Updated: Oct 20, 2004 6:41 AM ET

A justice of the peace has ruled that a "no left turn" sign in Toronto is unenforceable because it is not written in both English and French.

The ruling Monday by justice of the peace Alice Napier could result in thousands of traffic tickets being dismissed.

Lawyer Jennifer Myers argued that a traffic sign in downtown Toronto violated the Highway Traffic Act and the French Language Services Act because it was not in both official languages.

Napier agreed at a night court hearing Monday, and threw out a ticket issued to Myers for making an illegal left turn. Myers does not speak French.

Daniel Brown, a law student who represented her in court, said Myers' victory could prove expensive for the city of Toronto.

I've personally tried testing it out sometime around 2009 or 2010 -- violating illegal no-turn signs on purpose, which are still plentiful in Toronto.

I could not succeed -- the was so much traffic during the hours where the left turns are prohibited, that stopping at a small intersection, to violate the sign, is simply impossible, since everyone will (rightfully) start honking at you in no time!

Submission + - OpenSSH 6.5 released (with lotsa D. J. Bernstein crypto) 1

Submitted by ConstantineM
ConstantineM writes: OpenSSH 6.5 has been released, which is dubbed a feature release. It's the first release with lots of D. J. Bernstein crypto in public domain (6.4 did not contain any DJB code whatsoever), from ChaCha20-Poly1305 stream cipher and MAC, to key exchange with Curve25519 (and a new private key format). The new key exchange is now the default (when supported by both sides), but the new transport cipher is an option. Additionally, the portable version has some extra code-hardening, and a switch to a ChaCha20-based arc4random() PRNG for platforms that don't provide their own.

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close