Debian/Ubuntu SSH/SSL Epic Failure

Every one has been talking about this but this is a big issue so here's my take on the SSL/SSH debacle.

  1. Yes, This is horrible. The package maintainer deserves a bit of flameage on this.
  2. After Flameage is done (say about 72 hours worth), Package maintainers deserve some props for supporting a great package system.
  3. This is the situation we silently agreed to when we used binary packaging systems, it's a calculated risk which reared its ugly head.
  4. This is a reminder to us all that good security isn't a static state of being but a continuous process in which this type of failure is part of the system provided the root cause is identified and acted upon.
So, if you want to be sure about security, compile from source and invest your time, sweat and life into making a bullet proof system. If you want a little life on the side, take these situations in stride and look upon it objectively and deal with it accordingly.

... Or use OpenBSD. ...


Pardon our dust

Sorry for the long-delayed conclusion of the Web filter evasion series and the severe lack of updates in general. I am working on the web filter evasion article now.

Life gets kind of crazy sometimes, and right now is crunch time on many levels in my personal and family life, to say nothing of the other writers' situations.

Among the mess, I'd been having trouble actually finding time to DO the kinds of things I like to write about here. Without ideas, hands-on tinkering, and consumption of new (and ye-olde) media, hammering out content first becomes mundane without fresh ideas, then becomes difficult to impossible as motivation fades away.

All this to say, pardon our dust while we gather our thoughts.


Reminder - 2600 Meeting - May 2, 2008

The meeting usually starts around 5:00PM at the Oak Park Mall food court in Overland Park, KS -- the north entrance between Macy's and Dillard's. Look for nerds. If you see any three of the following items at one table, you've found us.

  • MacBook
  • PDA
  • Guy wearing a black t-shirt
  • Strange, smallish antennae
  • Backpacks
  • Any O'Reilly and Associates Book

OpenBSD 4.3 Released Today

I haven't gotten to play with it yet, since I'm still downloading it. I plan on doing a snapshot and upgrading my OpenBSD Parallels VM tomorrow.


  • Now supports SMP on most Sparc64 platforms
  • Loads of device driver improvements (and additions) for most architectures
  • Built-in SNMP Support (no more need for net-snmp)
  • Disks/Partitions/Filesystems larger than 2TB are supported for ffs
  • Scads of little bugfixes
See the OpenBSD 4.3 Release Notes for details.