Wow! wow! wow! never had such a painless and fast upgrade of an operating system. sysupgrade(8) FTW!

I've seen many negative comments on the web, but this is a new low.

WireSep v0.7.0 is here! Quite some work went into it. Some highlights:
* completely reimplement session management to improve reliability and conformance to the specification
* only malloc after a new session is authenticated and established
* support queuing of multiple packets
* log interface statistics on receiving a USR1 signal
* be silent on startup
* lot's of refinements
* raise status from alpha to beta

@kurtm Hi Kurt, you have any experience with Kerberos? I'm researching it a bit and I'm curious if there have been any audits on any Kerberos codebases? I'm also curious if you know of organizations that have a KDC that is publicly accessible over the Internet?

Just released v0.6.0 of WireSep, a privilege separated implementation of WireGuard for OpenBSD.

* lot's of small refinements and some code restructuring
* interface public key is no longer needed or allowed, only the private key
* improve DoS resistence in the proxy by looking up sessions in logarithmic time
* improvements to wiresep-keygen(1)

See the ChangeLog for additional details:

I recall years back that The Register used to be a little critical of OpenBSD. Lately they've been giving credit to the project for being right. For example, yesterday's article on the new attacks:

"The OpenBSD community, for one, came to that conclusion last year when it disabled Hyber-Threading in OpenBSD 6.4."

I'm hereby announcing the first public alpha release of WireSep: a
privilege separated implementation of WireGuard for OpenBSD. I've
been using it for a couple of weeks now with the official WireGuard
for Android client and I didn't experience any major hiccups.
Feedback on the design and implementation is appreciated.

modern programming is less about not reinventing the wheel and more about using a sports car to move firewood across the yard

Happy to read smtps port 465, nowadays "submissions", is the recommended port for mail submission again. Always felt "first require encryption" -> "then do application level stuff" was superior to "start application level stuff" -> "then you may start using encryption" (submission 587). RFC8314 👍

Too bad even Apple themselves are not using RFC 6186 anymore :( "Use of SRV Records for Locating Email Submission/Access Services"

#OpenBSD's different mitigations complement each other, X86FixupGadgets reduces to amount of "unintentional" RETs in the instruction stream, RETGUARD protects function returns themselves.

trapsleds make it difficult for attackers to sloppily target remaining useful gadgets. Random order re-linking (libc/ at boot means attackers need unique ROP for each machine, each boot. And KARL for the kernel.

Coming at the problem from many different angles..

thanks @aral for opening my eyes on ads and surveillance capitalism. But I’m not sure if we can find a working business model in this capitalistic system that is not about selling the behavior of people. At least I haven’t found it yet ;)

Congrats, #OPNsense, on a major milestone release!

The first firewall distribution to be based on #HardenedBSD, making use of multiple robust exploit mitigations and security hardening techniques.

I look forward to OPNsense's immensely bright future!

#FreeBSD #infosec #networking

Yayy!! my Wireguard implementation just shook hands with someone elses implementation in Singapore 😀

@timkuijsten I love those kinds of comments. OK, let’s continue to ignore the elephant in the room that the person is talking about but let me draw your attention to the hair on the toe of a door-mouse that I would like to split.

AGPL is the CopyLeft license that matters for Google because it is what would force them to release their core technology as free software.

As for hypocrisy: oh yes, taking zero money from surveillance capitalists is hypocrisy. They can go fuck right off.

Show more

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!