Aaron Poffenberger @akpoff@bsd.network
Lutheran Christian, #OpenBSD user, software developer, #Haskell-er, CISSP. Geek. KG5DQJ. Needs more cowbell. http://akpoff.com/
Random clickbait, er blog post, idea: "I've got a fever and the only prescription is more #blockchain."
Sitting in Tulsa Airport waiting for flight back to Houston:
OH: "It's so humid."
o_0
@vigdis Follow backs keep failing for me.
Don't forget this vote also approved Article 11 which would require paying a fee to publishers when linking to their news content.
Yeah, linking.
This is rich. The music industry is the least progressive group on Earth. They were brought into the digital age kicking and screaming.
"It's time for the digital market to catch up with progress."
From BBC: "'Disastrous' copyright bill vote approved" https://www.bbc.com/news/technology-44546620
Very nice! #OpenBSD SMT toggle works without a reboot.
More discussion @lobsters. https://lobste.rs/s/ifr52b/openbsd_disables_intel_s_hyperthreading
"Putting our freedom of speech into the hands of robots that will look into what human beings share and assess the legality of what they say is not the Internet we want for our children"
Qwant''s position regarding article 13 https://blog.qwant.com/protecting-copyright-with-robots-a-risk-for-fundamental-rights-and-freedoms/
I've just updated lowdown, https://kristaps.bsd.lv/lowdown, to have much more powerful "diff" capability in 0.4.0. You can now view fine-grained, word-by-word differences between Markdown documents in the desired output formats, e.g., https://kristaps.bsd.lv/lowdown/diff.diff.html. See https://kristaps.bsd.lv/lowdown/diff.html for the algorithm.
@akpoff
Oh, and another thing: If it is so hard to fix that you need a half year embargo to fix it, and then fail at fixing it, maybe you should cut your losses and go full disclosure so that your customers can decide if they want to take the risk or maybe switch vendors.
I'm going back into my cave. I hope I find beer.
https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information_about#c_flbsgo
Additional context for Theo's talk at BSDCan:
FreeBSD holds a dev summit before/during BSDCan. During the tutorial days, folks higher up in FreeBSD were talking about some mistake with NDA handling and that they didn't want to be seen as embargo breakers "like OpenBSD is." To be clear, they weren't saying that OpenBSD is perceived as embargo breakers. They were saying OpenBSD *are* embargo breakers.
It's been this scurrilous rumor following OpenBSD since the Krack Attack nonsense.
(1/)
And has offered to discuss the details with @bcantrill by phone.
Theo's take on Bryan's comment:
"He is not being truthful, inventing a storyline, and has not asked me for the facts.
This was discovered by guessing Intel made a mistake."
In which I respond to Bryan Cantrill's description of the Theo BOF as "Theo’s caustic presentation at BSDCan, which was honestly irresponsible...." #OpenBSD
https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information_about#c_5noklk
I just gave feedback on all the tutorials, talks, and events I attended at #BSDCan 2018.
Have you done so?
Colin Percival tweeted a short thread on the “Lazy FPU” vulnerability that was just disclosed (CVE-2018-3665).
Colin credits his learning about it to Theo de Raadt. Took him ~5 hours to come up with working exploit code.
https://twitter.com/cperciva/status/1007010583244230656?s=21
More info on seclists.org and discussion on lobste.rs.
http://seclists.org/oss-sec/2018/q2/189
https://lobste.rs/s/qotnxq/confirmed_speculative_register_leakage
I’m back in Houston. That fleece did its duty in Ottawa, but back in the closet it goes for awhile. #BSDCan
Wow! This thread @birdsite is mind blowing. Win32k.sys sending assert messages to Microsoft via telemetry API. 🤦♂️
1/ Of all the weird stuff I have ever seen Win32k.sys do, and trust me, I've seen a lot, I have to say this takes the icing on the cake. This is now all over it. Is there a new dev team that does't understand how (why?) the code base works? Is someone desperately hunting a bug?
TFW you learn your insurance id is your SSN not because the insurance company requires it, but because that was your employer’s choice.
Of course the insurance company *could* refuse to accept SSNs...but we’re not there yet. o_0
Data Science: The art of turning set operations into row operations intermediated by bidirectional network transfers.
Ok. It's not that simple but slurping rows of data out of the db into a DataFrame on another box, and then pushing data back makes my inner db developer cry.
