Thinking out loud about cars, computers and security
I just finished The Dreaming Void, the first book in Peter F. Hamilton‘s Void Trilogy. Overall an excellent book, but I do have a nit to pick… a rather big one, in fact.
To provide some background: the Void Trilogy is set in the same continuity as Misspent Youth and the Commonwealth Saga, about 2,500 years after the former, 1,200 years after the latter, and close to 2,600 years after our time. Continue reading “2,600 years of progress”
The latest in Sun vs. NetApp is that the last of the three patents at the core of NetApp’s case is close to being tossed out by the USPTO. The other two have already been invalidated and withdrawn from the litigation.
A quick refresher: following the release of ZFS, NetApp sued Sun, claiming that ZFS infringed on six NetApp patents, including the three mentioned above; Sun retaliated by claiming that NetApp had somehow forfeited their right to implement NFS, and requesting a permanent injunction against further sales of NetApp products.
This latest development is good news to anyone who is opposed to software patents, and / or in favor of reforming the utterly broken US patent system. However, I must respectfully disagree with Groklaw’s take on the case. Continue reading “Play nice!”
I am the current maintainer of OpenSSH for FreeBSD, and have been since 2002. I am also the author and maintainer of the PAM implementation used by FreeBSD, and of several of the accompanying PAM modules. Finally, I was a member of the FreeBSD Security Team for several years, served as Assistant Security Officer and Acting Security Officer, and authored or co-authored around 20 security advisories between 2002 and 2004.
I have been asked to comment on SecurityFocus advisories 7467 and 7482, regarding timing attacks against certain versions of OpenSSH that were distributed with FreeBSD 4.x and 5.x releases.
The short version is that no FreeBSD 4.x or 5.x release was ever vulnerable. Read on for the long version. Continue reading “Old history”
That’s how long, to the day, I have been a FreeBSD committer.
Ten years seems like a long time when you write it down on paper, or say it out loud, or try to imagine who and where you will be in ten years’ time; but when I think back on my time as a FreeBSD committer, it’s hard to believe it’s really been that long.
The strangest part is seeing younger (or rather, more recently anointed) committers defer to me. I’m not the old tenured professor! I’m not the sage on the mountain! Look at phk, he’s the old fart, not me! I’m still a rookie! I practically haven’t done anything for the project! I mean, apart from libfetch, and pseudofs, and the PAM stack, and OpenSSH, and the Tinderbox, and stints as Bugmeister and Security Officer, and…
This is where my train of thoughts derails, when I realize how much I’ve actually done (although I don’t even come close to people like phk, jhb, or rwatson), and oh shit, it’s actually been ten years!
Update: when I told my wife about this, her immediate reaction was “and they say men can’t commit to anything…”
[The context for this piece is slightly dated, but I was hospitalized shortly after I started writing this, and apparently hospitals don’t provide their patients with wireless (or even wired) Internet connections. Go figure.]
I would like to comment on the following excerpt from a Firebird developer’s reaction to the Coverity press release mentioned in an earlier post:
I’m concerned that some code may trigger false positives, like some places (destination buffers) that don’t seem to check bounds, but this is because their source of data is already of guaranteed limited length. Someone that goes looking blindly for strcpy would panic at first glance.