New #OpenBSD errata for 6.3, backporting the Intel FPU security fix. syspatch(8) now! (amd64) https://firstname.lastname@example.org/msg00213.html
Persönliche Erklärung zur inszenierten „Schweigeminute“ der AfD im Deutschen Bundestag – Claudia Roth - https://claudia-roth.de/persoenliche-erklaerung-von-claudia-roth-zur-inszenierten-schweigeminute-der-afd-im-deutschen-bundestag/ Danke Claudia Roth @GrueneBundestag! #LiebestattHass
Oh look, Theo de Raadt seems to confirm my feeling regarding Intel Hyperthreading that I tooted about yesterday:
The EU is about to update #Article13 to force sites to use YouTube-style content filters on all uploads.
This is a terrible idea:
Some MEPS are already fighting back:
but they need as many allies as possible:
Please email/call your MEP as soon as you can (as in today!), tell them that these changes are dangerous to European freedom, business and culture.
List of MEPs & contacts:
Espie was finally able to fix the infamous cups bug in #openbsd packages!
It has occurred to me that we don't know where all the #trekkies are hiding.
Where should we meet?
Oh, sorry, it's obvious.
That would make a great instance name by the way.
Oh, and another thing: If it is so hard to fix that you need a half year embargo to fix it, and then fail at fixing it, maybe you should cut your losses and go full disclosure so that your customers can decide if they want to take the risk or maybe switch vendors.
My life is swirling sewage-laden toilet bowl right now, but the world needs an article on OpenBSD "breaking embargos."
If other people find the sources, I'll take an hour and hammer them into a post.
Post original mailing list and article links in answer to this toot. Or don't. Whatevs.
I'll credit folks, of course.
My bias on this: there were fubars, like the 8 out of 10 OpenSSL bug. They'll argue against embargos over beer, but if they agree to it they'll keep it.
On May 3rd heise rumours about 8 more spectre type bugs: https://heise.de/-4040648
It took an unknown amount of time to puzzle out the FPU problem (CVE-2018-3665).
After that it took Philip Guenther 2 weeks to fix it.
It took Colin Percival 5 hours to weaponise it.
Responsible disclosure means that certain people can fix their shit in their own time, disclose the vuln and leave the rest hanging.
I guess some people have a responsibility towards their stock options.
Wow. Constanze und Frank haben einmal fett draufgehauen. Liest sich weg, sehr gut gemacht, ihr zwei! https://netzpolitik.org/2018/fuenf-jahre-nsa-skandal-gekappte-glasfaserkabel-und-merkels-ruecktritt/
@akpoff I'm losing most of the respect I had for Cantrill. So, he was in the cool kids club, had lots of notice, and claims to have been fighting for the little guy.
"The CVE was absolutely going public; all Theo did was marginally accelerate the timeline, which in turn has resulted in systems not being as prepared as they otherwise could be."
Nice vague term, marginally. Oh, and those prepared systems? Just those of the in crowd like Cantrill.
I've watched Cantrill give more caustic talks.
Slides for Ayaka Koshibe (akoshibe@)'s "Mininet on #OpenBSD - Using rdomains for interactive SDN testing and development" talk at #BSDCan 2018: https://www.openbsd.org/papers/bsdcan2018-mininet.pdf