New FAQ showing off the fuzzy matching in #OpenBSD's pkg_* tools: https://www.openbsd.org/faq/faq15.html#PkgDup https://marc.info/?l=openbsd-cvs&m=150869609614677&w=2
iSuck-touch-icon.png requests are grade A farm fresh BULLSHIT!
Please, stop filling my web logs with garbage!
Anyone running MAME successfully on OpenBSD 6.2? I've compiled sdlmame-0.160p4.tgz and I get this kind of errors when I run it:
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'iswalpha_l'
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'iswprint_l'
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'iswlower_l'
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'towlower_l'
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'isupper_l'
sdlmame:/usr/lib/libc++.so.1.0: undefined symbol 'tolower_l'
#krack researcher about the mikrotik silent patch.
>I allowed OpenBSD to patch silently myself. I never allow MikroTek that. Unless CERT/CC allowed them, they broke embargo without permission
Side note: It's funny that CERT/CC can decide who can do early patches no?
Designers (and project managers) need to go back to dialup until the web becomes usable again
Downloading megabytes of JS and CSS to view your "coming soon" page doesn't give me high hopes for whatever it is you're trying to sell
The story ends with a lavish banquet. Everyone except Cacofonix agrees that embargos don't help.
That the author regrets that choice is 1) not our problem, and 2) not our responsibility.
it is completely inappropriate that he singled out #OpenBSD, when e.g. Mikrotik also stealth published before hands.
Bugs show up everywhere:
This is a full disclosure of a 4 byte stack overwrite in GNU ghostscript 9.07.
Though perhaps I should have sat on it for 4 months, and registered a domain first? How does ghostsmash.com sound?
So #OpenBSD is getting flak for #KRACK early patch, yet a silent patch a week before release from Mikrotik is OK? https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
This #chiptune is bloody brilliant! https://soundcloud.com/yerzmyey/ym-digital-draconus-a-cover
and regarding the embargo:
Tedu on HN: “A bunch of dudes on a linux mailing list lack the authority to prevent OpenBSD from fixing things.”
As #OpenBSD's de-facto wifi maintainer, I first learned about this WPA problem in June. A simple patch was provided which I could commit with slight modifications.
The original embargo was already 2 months long, and then extended again for 2 months.
The generall public (you) were left in the dark about this for at least 4 months.
This is a very sad state of affairs. It takes the industry much too long to apply a simple patch.
@pierre The basic idea is that vendors hold fixes back, and cooperate to release their fixes concurrently.
On the surface, this looks reasonable.
But end-user security falls apart when information leaks, or when government agencies get involved which happens if someone requests a CVE. So in this WPA case, US gov agencies knew about the bug for at least as of the second embargo.
Does such an embargo serve your interests? Not really. As an end user, you are interested in getting a patch ASAP.