Category: English

SSLv3

UPDATE 2014-10-14 23:40 UTC The details have been published: meet the SSL POODLE attack.

UPDATE 2014-10-15 11:15 UTC Simpler server test method, corrected info about browsers

UPDATE 2014-10-15 16:00 UTC More information about client testing

El Reg posted an article earlier today about a purported flaw in SSL 3.0 which may or may not be real, but it’s been a bad year for SSL, we’re all on edge, and we’d rather be safe than sorry. So let’s take it at face value and see what we can do to protect ourselves. If nothing else, it will force us to inspect our systems and make conscious decisions about their configuration instead of trusting the default settings. What can we do?

The answer is simple: there is no reason to support SSL 3.0 these days. TLS 1.0 is fifteen years old and supported by every browser that matters and over 99% of websites. TLS 1.1 and TLS 1.2 are eight and six years old, respectively, and are supported by the latest versions of all major browsers (except for Safari on Mac OS X 10.8 or older), but are not as widely supported on the server side. So let’s disable SSL 2.0 and 3.0 and make sure that TLS 1.0, 1.1 and 1.2 are enabled.

Continue reading “SSLv3”

DNS improvements in FreeBSD 11

Erwin Lansing just posted a summary of the DNS session at the FreeBSD DevSummit that was held in conjunction with BSDCan 2014 in May. It gives a good overview of the current state of affairs, including known bugs and plans for the future.

I’ve been working on some of these issues recently (in between $dayjob and other projects). I fixed two issues in the last 48 hours, and am working on two more.

Continue reading “DNS improvements in FreeBSD 11”

I can’t stop thinking

I’m borrowing a line from Scott McCloud because it’s been stuck in my head since the day I first heard it (or rather read it) way back in 2000, and sometimes it really resonates with me for a completely different reason.

This weekend has been very productive (and satisfying) but also very tiring. I went to bed expecting to sleep soundly, although I often have trouble falling asleep on Sundays.¹ I nodded off two or three times over my Kindle before putting it away and lying down. I promptly fell asleep and had some very disturbing² dreams before waking up again, barely fifteen or twenty minutes later. Then I started thinking.

And I can’t stop thinking.

Continue reading “I can’t stop thinking”

On petroleum and the cost of higher education

I came across this Google+ post by Pierre Bonhomme via a fellow FreeBSD user who is currently a researcher at the University of Oslo. The gist of it is that Norway is a land of milk and honey with free higher education for all and sundry, financed by our bottomless oil and gas reserves.

This is, in fact, a collection of mostly factual statements arranged in such a way as to lead the reader to incorrect conclusions in furtherance of the author’s agenda (opposition to the introduction / increase of tuition fees in Canada), buttressed by an impressive collection of links which the author fervently hopes the reader will not bother to follow, because they do not support his message.

Allow me to rebut a few of his points.

Continue reading “On petroleum and the cost of higher education”

Dark Patterns

The term dark pattern was coined (I believe) by Harry Brignull to describe practices in user interface design intended to make it easy for your users to accidentally select a more profitable (for you) option and hard for them to revert, cancel or unsubscribe.

This is not news. We all know how, for instance, low-cost airlines try to trick you into ordering travel insurance, or software installers try to trick you into installing browser toolbars. But it’s something we usually associate with slightly dodgy outfits like RyanAir or Oracle.

Continue reading “Dark Patterns”