It's refreshing to see the rebrand (RedPhone -> Signal) links security with functionality, rather than with something dramatic/hide-worthy. When your tools are secure, they work for you and not the other way around.
Great news! Hopefully between LibreSSL and BoringSSL, OpenSSL will go away and never return. I think AGL and the LibreSSL team will be able to do some fantastic informal collaboration. I'm looking forward to a healthy…
Actually, if anything, the story is proof that the routers are not backdoored from the start Let me preface my response by saying I think there are probably more non-malicious (accidental) vulnerabilities than…
The data in root "." is controlled by ICANN, a US corporation. The data in the most important gTLD, .com, is run by Verisign on contract with the US Chamber of Commerce. The ccTLDs (.fr, .tw, etc.) are controlled by…
the ability to easily host your own repository. OpenBSD can do this by default. Just build your package how you like, and then on the target machines, set $PKG_PATH to your build/hosting server.
OpenBSD did not upgrade to 2.X. You're talking about ports, which are separate from the base operating system. For accurate information about OpenBSD, right now, check: http://www.openbsd.org/55.html Regarding ports,…
This is OpenBSD's fork of Apache 1.3. It runs chroot and privsep'd by default, and of course is patched for security issues where necessary. (OpenBSD recently dropped Apache from the base build and is now fully…
The system scales up by piggybacking on DNSSEC You're missing the major point: MinimaLT will initially use X.509 (since it's already deployed). A future protocol upgrade will support, if I'm not mistaken, sayI. DNS…
Maybe we're using different definitions of standardization. The IETF writes RFCs which developers are expected to follow, and (mostly) do. This is a standardization of sorts, but it's beside the point I was making. I'm…
With serious protocol designers now largely side-stepping the IETF due to BULLRUN infiltration, BLAKE2 and other non-standard primitives have a better shot than before of seeing mass adoption. I hope to see BLAKE2…
You don't need to run OpenSMTPD in order to get Xorg to work, of course. Also, OpenBSD is just the operating system. You can run whatever MTA you want. Just a reminder, this thread is about Xorg running without…
Incidentally Bcrypt does have a 56 byte limit This is incorrect; bcrypt has a 72-character limit. Try this in python: import bcrypt, sys salt = "$2a$10$2TmO7iAhRfimvNwvpBn.7e" print bcrypt.hashpw(sys.argv[1], salt)…
DNS servers which accept both DNSSEC and DNScrypt (based on DNSCurve) encryption. DNSSEC doesn't do encryption. This is why DNSSEC isn't censorship-resistant. If you want encrypted DNS, that's what DNSCurve does.
It's refreshing to see the rebrand (RedPhone -> Signal) links security with functionality, rather than with something dramatic/hide-worthy. When your tools are secure, they work for you and not the other way around.
Great news! Hopefully between LibreSSL and BoringSSL, OpenSSL will go away and never return. I think AGL and the LibreSSL team will be able to do some fantastic informal collaboration. I'm looking forward to a healthy…
Actually, if anything, the story is proof that the routers are not backdoored from the start Let me preface my response by saying I think there are probably more non-malicious (accidental) vulnerabilities than…
The data in root "." is controlled by ICANN, a US corporation. The data in the most important gTLD, .com, is run by Verisign on contract with the US Chamber of Commerce. The ccTLDs (.fr, .tw, etc.) are controlled by…
the ability to easily host your own repository. OpenBSD can do this by default. Just build your package how you like, and then on the target machines, set $PKG_PATH to your build/hosting server.
OpenBSD did not upgrade to 2.X. You're talking about ports, which are separate from the base operating system. For accurate information about OpenBSD, right now, check: http://www.openbsd.org/55.html Regarding ports,…
This is OpenBSD's fork of Apache 1.3. It runs chroot and privsep'd by default, and of course is patched for security issues where necessary. (OpenBSD recently dropped Apache from the base build and is now fully…
The system scales up by piggybacking on DNSSEC You're missing the major point: MinimaLT will initially use X.509 (since it's already deployed). A future protocol upgrade will support, if I'm not mistaken, sayI. DNS…
Maybe we're using different definitions of standardization. The IETF writes RFCs which developers are expected to follow, and (mostly) do. This is a standardization of sorts, but it's beside the point I was making. I'm…
With serious protocol designers now largely side-stepping the IETF due to BULLRUN infiltration, BLAKE2 and other non-standard primitives have a better shot than before of seeing mass adoption. I hope to see BLAKE2…
You don't need to run OpenSMTPD in order to get Xorg to work, of course. Also, OpenBSD is just the operating system. You can run whatever MTA you want. Just a reminder, this thread is about Xorg running without…
Incidentally Bcrypt does have a 56 byte limit This is incorrect; bcrypt has a 72-character limit. Try this in python: import bcrypt, sys salt = "$2a$10$2TmO7iAhRfimvNwvpBn.7e" print bcrypt.hashpw(sys.argv[1], salt)…
DNS servers which accept both DNSSEC and DNScrypt (based on DNSCurve) encryption. DNSSEC doesn't do encryption. This is why DNSSEC isn't censorship-resistant. If you want encrypted DNS, that's what DNSCurve does.