My life is swirling sewage-laden toilet bowl right now, but the world needs an article on OpenBSD "breaking embargos."
If other people find the sources, I'll take an hour and hammer them into a post.
Post original mailing list and article links in answer to this toot. Or don't. Whatevs.
I'll credit folks, of course.
My bias on this: there were fubars, like the 8 out of 10 OpenSSL bug. They'll argue against embargos over beer, but if they agree to it they'll keep it.
On May 3rd heise rumours about 8 more spectre type bugs: https://heise.de/-4040648
It took an unknown amount of time to puzzle out the FPU problem (CVE-2018-3665).
After that it took Philip Guenther 2 weeks to fix it.
It took Colin Percival 5 hours to weaponise it.
Responsible disclosure means that certain people can fix their shit in their own time, disclose the vuln and leave the rest hanging.
I guess some people have a responsibility towards their stock options.
Wow. Constanze und Frank haben einmal fett draufgehauen. Liest sich weg, sehr gut gemacht, ihr zwei! https://netzpolitik.org/2018/fuenf-jahre-nsa-skandal-gekappte-glasfaserkabel-und-merkels-ruecktritt/
@akpoff I'm losing most of the respect I had for Cantrill. So, he was in the cool kids club, had lots of notice, and claims to have been fighting for the little guy.
"The CVE was absolutely going public; all Theo did was marginally accelerate the timeline, which in turn has resulted in systems not being as prepared as they otherwise could be."
Nice vague term, marginally. Oh, and those prepared systems? Just those of the in crowd like Cantrill.
I've watched Cantrill give more caustic talks.
Slides for Ayaka Koshibe (akoshibe@)'s "Mininet on #OpenBSD - Using rdomains for interactive SDN testing and development" talk at #BSDCan 2018: https://www.openbsd.org/papers/bsdcan2018-mininet.pdf
As a corporation, Microsoft will out-live all of us. Same for Google and Apple. Free software is an inter-generational effort. We don't know what proprietary software companies will do beyond our lifetimes, so we need to do our best to care for free software in our lifetime. Same goes for a lot of other, similar efforts.
Today I was procrastinating ... err, toying around with authenticator and implemented an OATH-compatible login mode for #OpenBSD – RFC 6238 (TOTP) and RFC 4226 (HOTP). https://github.com/reyk/login_oath/blob/master/README.md
talking about people who were once upset
TBH I wish the FreeBSD side had explained the situation without the shouting. It was all definitely a tangent, but I am curious about the details of how FreeBSD runs things. Could one of the other committers have committed such a patch? Could one of the people under NDA? Can someone coincidentally fix a security bug that is under an NDA they don't know about?
Re-launch of the free #openmoko USB Product ID and IEEE OUI (Ethernet MAC address) allocation for OSHW and FOSS projects: http://laforge.gnumonks.org/blog/20180609-openmoko-usb_id/
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!