OpenBSD IPSec backdoor allegations: update

I’m sure I don’t need to remind anyone what this is about…

The latest news: Theo now says that it is probable that NetSec was indeed contracted to insert backdoor code into OpenBSD, but after a month of review and changelog archeology, there is still no sign that they succeeded or even attempted to push tainted code into the tree.

The audit (which is still ongoing) did uncover one serious bug, but there is no reason to believe that it was planted deliberately. This relates to CBC mode, an encryption protocol in which each block of plaintext is combined with the ciphertext of the previous block before encryption to make it harder to attack ciphertext blocks individually. Continue reading “OpenBSD IPSec backdoor allegations: update”

4k drive update

Just to let you know what the current status is wrt. 4k drives:

It looks like the consensus in the industry (meaning everyone except Western Digital) is to announce dual sector sizes, i.e. 512-byte logical sectors on top of 4096-byte physical sectors.

Ivan Voras has taken the initiative to organize a 4k BoF at BSDCan, although judging from the (private) email exchange on the subject, it’s quite possible that a decision will be made before then. Currently, it looks like we’re moving towards having the low-level driver report a 512-byte sector size and 4096-byte stripe width (and, if necessary, an appropriate offset) to GEOM. This preserves backward compatibility, but announces to GEOM consumers that it is a good idea to do I/O in 4096-byte blocks and align data structures on 4096-byte boundaries. All that remains is then to make sure that those GEOM consumers we care about (particularly ZFS) take advantage of this information.

The situation for WD “Advanced Format” drives is a bit more complex, because they announce 512-byte logical sectors. The only solution I can see is to add a quirk system to the ada driver (and possibly to ata as well, if we still care about it) similar to the ones we have for SCSI and USB devices, and match the model number. I believe /WD\d+[A-Z]+RS/ should match all existing Advanced Format drives with no false positives.

OpenBSD IPSec backdoor allegations: triple $100 bounty

In case you hadn’t heard: Gregory Perry alleges that the FBI paid OpenBSD contributors to insert backdoors into OpenBSD’s IPSec stack, with his (Perry’s) knowledge and collaboration.

If that were true, it would also be a concern for FreeBSD, since some of our IPSec code comes from OpenBSD.

I’m having a hard time swallowing this story, though. In fact, I think it’s preposterous. Rather than go into further detail, I’ll refer you to Jason Dixon’s summary, which links to other opinions, and add only one additional objection: if this were true, there would be no “recently expired NDA”; it would be a matter of national security.

I’ll put my money where my mouth is, and post a triple bounty: Continue reading “OpenBSD IPSec backdoor allegations: triple $100 bounty”

Tidenes mest overvurderte skiløper

Nå er jeg faen meg drit lei av å høre om Petter Northug.

Hovedsaken i Norgesnyhetene på Radio Norge i ettermiddag var Northugs «fantastiske comeback». Han kom nemlig på 13. plass i 15 km i verdenscupen i dag. Marit Bjørgens gullmedalje i 10 km ble nevnt i en bisetning. At det er hennes sjette seier så langt i verdenscupen, eller at hun leder sammenlagt med nesten 40% flere poeng enn nummer to, fikk vi ikke høre noe om.

Jeg skulle tro de fleste ville være enige i at seks førsteplasser og 540 poeng er hakket mer imponerende enn én trettendeplass og 20 poeng. Continue reading “Tidenes mest overvurderte skiløper”