Monthly Archives: December 2010

The wonderful en_DK locale

English is generally great for communication, but there's a certain awkwardness when it comes to date/time formatting rules. Specifically, I live in a country which, like most Europen countries has a "day, month, year" native ordering and %d.%m.%Y formatting, but aspires to one day adopt ISO 8601. The default en_* locales don't support such a patchwork of formatting, so there are hacks to get around that; en_DK is one of those hacks, used by many Linuxes to get English with different date/time formatting.

Read more...

The wonderful en_DK locale

English is generally great for communication, but there's a certain awkwardness when it comes to date/time formatting rules. Specifically, I live in a country which, like most Europen countries has a "day, month, year" native ordering and %d.%m.%Y formatting, but aspires to one day adopt ISO 8601. The default en_* locales don't support such a patchwork of formatting, so there are hacks to get around that; en_DK is one of those hacks, used by many Linuxes to get English with different date/time formatting.

Read more...

FreeBSD 7.4/8.2-RC1 Available

The first Release Candidate builds for the FreeBSD-7.4/8.2 release cycles are now available. ISO images for Tier-1 architectures can be downloaded from most of the FreeBSD mirror sites. Please see the official announcement for further details about these releases.

How to play Osmos on FreeBSD

The "Humble Bundle" project brings indie games to the masses by allowing people to pay any amount to buy a whole bundle of games together. Since they are developed by small developers, many of them (probably all) also work on non-Windows OS-es. I've bought the bundle and wished to play Osmos on FreeBSD. My configuration is AMD64 with an ATI card, usually a terrible one for gaming on non-Windows.

Read more...

How to play Osmos on FreeBSD

The "Humble Bundle" project brings indie games to the masses by allowing people to pay any amount to buy a whole bundle of games together. Since they are developed by small developers, many of them (probably all) also work on non-Windows OS-es. I've bought the bundle and wished to play Osmos on FreeBSD. My configuration is AMD64 with an ATI card, usually a terrible one for gaming on non-Windows.

Read more...

OpenBSD IPSec backdoor allegations: triple $100 bounty

In case you hadn't heard: Gregory Perry alleges that the FBI paid OpenBSD contributors to insert backdoors into OpenBSD's IPSec stack, with his (Perry's) knowledge and collaboration.

If that were true, it would also be a concern for FreeBSD, since some of our IPSec code comes from OpenBSD.

I'm having a hard time swallowing this story, though. In fact, I think it's preposterous. Rather than go into further detail, I'll refer you to Jason Dixon's summary, which links to other opinions, and add only one additional objection: if this were true, there would be no “recently expired NDA”; it would be a matter of national security.

I'll put my money where my mouth is, and post a triple bounty:

  1. I pledge USD 100 to the first person to present convincing evidence showing:

    • that the OpenBSD Crypto Framework contains vulnerabilities which can be exploited by an eavesdropper to recover plaintext from an IPSec stream,
    • that these vulnerabilities can be traced directly to code submitted by Jason Wright and / or other developers linked to Perry, and
    • that the nature of these vulnerabilities is such that there is reason to suspect, independently of Perry's allegations, that they were inserted intentionally—for instance, if the surrounding code is unnecessarily awkward or obfuscated and the obvious and straightforward alternative would either not be vulnerable or be immediately recognizable as vulnerable.
  2. I pledge an additional USD 100 to the first person to present convincing evidence showing that the same vulnerability exists in FreeBSD.

  3. Finally, I pledge USD 100 to the first person to present convincing evidence showing that a government agency successfully planted a backdoor in a security-critical portion of the Linux kernel.

Additional conditions:

  • In all three cases, the vulnerability must still be present and exploitable when the evidence is assembled and presented to the affected parties. Allowances will be made for the responsible disclosure process.
  • Exploitability must be demonstrated, not theorized.
  • I will not evaluate the evidence myself, but rely on the consensus of the OpenBSD, FreeBSD, Linux and / or infosec communities.
  • Primacy will be determined in a similar manner.
  • The evidence must be presented, and the bounty claimed, no later than 2012-12-31 23:59:59 UTC—a little more than two years from today.
  • The bounty will, at the claimant's discretion, either be transferred to the claimant by PayPal—no cash, checks, direct deposits or wire transfers—or donated directly to a non-profit of his or her choice.

[2010-12-16 fixed link]

OpenBSD IPSec backdoor allegations: triple $100 bounty

In case you hadn't heard: Gregory Perry alleges that the FBI paid OpenBSD contributors to insert backdoors into OpenBSD's IPSec stack, with his (Perry's) knowledge and collaboration.

If that were true, it would also be a concern for FreeBSD, since some of our IPSec code comes from OpenBSD.

I'm having a hard time swallowing this story, though. In fact, I think it's preposterous. Rather than go into further detail, I'll refer you to Jason Dixon's summary, which links to other opinions, and add only one additional objection: if this were true, there would be no “recently expired NDA”; it would be a matter of national security.

I'll put my money where my mouth is, and post a triple bounty:

  1. I pledge USD 100 to the first person to present convincing evidence showing:

    • that the OpenBSD Crypto Framework contains vulnerabilities which can be exploited by an eavesdropper to recover plaintext from an IPSec stream,
    • that these vulnerabilities can be traced directly to code submitted by Jason Wright and / or other developers linked to Perry, and
    • that the nature of these vulnerabilities is such that there is reason to suspect, independently of Perry's allegations, that they were inserted intentionally—for instance, if the surrounding code is unnecessarily awkward or obfuscated and the obvious and straightforward alternative would either not be vulnerable or be immediately recognizable as vulnerable.
  2. I pledge an additional USD 100 to the first person to present convincing evidence showing that the same vulnerability exists in FreeBSD.

  3. Finally, I pledge USD 100 to the first person to present convincing evidence showing that a government agency successfully planted a backdoor in a security-critical portion of the Linux kernel.

Additional conditions:

  • In all three cases, the vulnerability must still be present and exploitable when the evidence is assembled and presented to the affected parties. Allowances will be made for the responsible disclosure process.
  • Exploitability must be demonstrated, not theorized.
  • I will not evaluate the evidence myself, but rely on the consensus of the OpenBSD, FreeBSD, Linux and / or infosec communities.
  • Primacy will be determined in a similar manner.
  • The evidence must be presented, and the bounty claimed, no later than 2012-12-31 23:59:59 UTC—a little more than two years from today.
  • The bounty will, at the claimant's discretion, either be transferred to the claimant by PayPal—no cash, checks, direct deposits or wire transfers—or donated directly to a non-profit of his or her choice.

[2010-12-16 fixed link]