vBSDcon Registrations Only Open For 30 More Days!
Hi all, There are only 30 more days left to register for Verisign's vBSDcon. Online registrations will become unavailable October 23, 2013. For those planning to attend, we encourage you to register soon at http://www.vbsdcon.com/. You will not want to miss this event. There will presentations by several well seasoned technologists such as Baptiste Darroussin on the subject of PkgNG, a new packaging system for FreeBSD based system such as FreeBSD, PC-BSD, and Dragonfly BSD. Baptiste has a background in UNIX Systems Engineering and is involved in multiple facets of the FreeBSD project including being a Ports committer for 3 years and a src committer for 2 years. His involvement also includes being a member of the Port management team. PkgNG, a new package management framework for FreeBSD, is one of Baptiste's primary roles where he is a lead developer. In addition to plenary speakers, vBSDcon will also feature after conference hours Hacker Lounges and Doc Sprints. These sessions will be available for the entire BSD communities to include NetBSD, OpenBSD, FreeBSD, and other BSD based distributions to have a collaborative space to work and communicate with one another. Complimentary wireless internet access will also be available. We look forward to seeing you all there for this opportunity to come together as a community. Remember, online registrations will close on October 23, 2013. Register for vBSDcon at http://www.vbsdcon.com/. -- Vincent (Rick) Miller Systems Engineer vmil...@verisign.com t: 703.948.4395 m: 703.581.3068 12061 Bluemont Way, Reston, VA 20190 http://www.vbsdcon.com/ http://www.verisigninc.com/ This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. --Brett Glass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Brett Glass wrote: All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Any contribution from a company like Verisign needs to be carefully scrutinized. I also don't think it wise to allow them to take a leadership role of any type. On Mon, Sep 23, 2013 at 4:29 PM, Michael Powell nightre...@hotmail.com wrote: Brett Glass wrote: All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Hi,
Good points in Brett Michael's posts, but for brevity not copied.
Best avoid having code written reviewed just in USA as it would get less
trust globaly, NSA is a known alien mega spy, USA even coerces non USA
citizens outside USA, eg
http://www.theguardian.com/world/2009/aug/01/gary-mckinnon-extradition-nightmare
http://www.change.org/en-GB/petitions/ukhomeoffice-stop-the-extradition-of-richard-o-dwyer-to-the-usa-saverichard
Best encourage FreeBSD sources to be used suspiciously reviewed by a
variety of programmers mathematicians/ cryptologists from different
backgrounds countries;
Max chance of loophole reporting with more people from a spectrum
of countries with rival mutualy distrusting governments from such
as eg { Britain, China, France, Germany, Israel, North Korea,
Russia, Syria, USA } etc.
Presumably nearly all of us are cluless on crypto. math. so meantime
encourage involvement of citizens of at least a few different
dis-trusting countries.
Kernels perhaps have less reviewers than cross-OS S/W eg GPG
Open-SSH etc, so kernels might be target of choice of suborners ?
Maybe FreeBSD Foundation could set up a cheap bonus scheme for security
bugs exposed/ fixed - Special edition coffee mugs, non purchasable,
sent only as a reward, posted globaly free.
Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
Reply below not above, like a play script. Indent old text with .
Send plain text. No quoted-printable, HTML, base64, multipart/alternative.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
On Mon, 2013-09-23 at 20:00 -0400, Robert Simmons wrote: Any contribution from a company like Verisign needs to be carefully scrutinized. No it has to be turned down flat. Huge companies from the USA at all events are untrustworthy. The only trustworthy companies are such companies: I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. - http://lavabit.com/ Levison said that he could be arrested for closing the site instead of releasing the information, and it was reported that the federal prosecutor's office had sent Levinson's lawyer an e-mail to that effect. - https://en.wikipedia.org/wiki/Lavabit There can't be any doubts about it, Verisign will do what they can do to make FreeBSD insecure. Nothing good will contributed by them. Not a single big company from the USA does not cooperate with the NSA, they all cooperate with the NSA. Regards, Ralf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
