This list should clarify things a bit. While OpenBSD had ASLR it is lacking in many other ways. That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.
Hmmm... While I agree with you on the general principle, here are a couple of things, off the top of my head:
1. False positives ("Vulnerable" tests in your example) do exist, you know. How are you sure that OpenBSD (or FreeBSD) is vulnerable in such and such case? Have you created an exploit specifically for the things being tested by paxtest? Maybe OpenBSD has other capabilities
2. False negatives are also a thing. Even if paxtest says: "such-and-such is OK", how do you know if a clever hacker won't be able to find a way around the ASLR protection?
Also important: paxtest dates back to 2004, and, as far as I know, has never been updated since (web site here). Not that this is a bad thing, but ASLR, and security, has changed a lot since then...
The largest cashless credit card payment system in France (Moneo) was just closed down very abruptly. Seems the whole ''cashless''/''contactless'' thing was just not profitable enough -- and not adopted enough -- to be continued.
In a place like Greece, for instance, it is well known that the vast majority of transactions are paid in cash, not using a credit card or anything.
I would take that kind of article with a large grain of salt on the side. Seems to me some bankers are declaring victory even before the war has started...
Gag orders and national security letters have no place in the Land of the Free.
This should be too obvious to even be worth saying.
Except, of course, you are no longer in the "Land of the Free". Took you a while to realize it, I am afraid.
As someone wiser than me said: "Freedom of the press is fine, as long as *you* have a printing press".
The correct thing to do, then, would be to leak schematics and software on the Internet, and let the chips fall were they may. PGP got "opened" exactly in the same way, I expect this project to do the same.
Every laptop I've ever had died from hinge-strain breaking the hinges.
This just seems like the worst of bad ideas possible. And it hinges on the side? God, that's going to put tremendous strain on parts of the screen that were never designed to hold weight.
Even if it's not just a con, there's no way that's a practical product unless the original laptop is designed for that extra weight and strain.
I have tried Air Display, between a MacBook Air and a Nexus 7, and it works. Kind of.
Very very laggy display, since everything goes through wifi, Mac OS seems very confused about the resolution of the Nexus 7 (can't blame it) and strange skewing of the display are some of the problems I enconutered.
Past the novelty aspect of the software, I just gave up as the Nexus 7 display was simply too small to be usable. Air Display went into the trash on both devices, which is too bad, since it was a pretty good idea.
Taubira doesn’t actually have the power to offer asylum herself, however. She said in the interview that such a decision would be up to the French president, prime minister and foreign minister. And Taubira just last week threatened to quit her job unless French President François Hollande implemented her juvenile justice reforms.
So, basically, "not going to happen".
Exactly. Also, Taubira (who used to be a person with integrity) completely caved-in when the absolute bastards running the how (President, Prime Minister, etc.) passed the most intrusive, anti-privacy, mass spying, "we will listen to everything you say and there is nothing yo ucan do about it" law France has ever seen.
She cannot be trusted, alas, and Snowden and Assange should consider all this hoopla about asylum as so much hot air from a discredited governement.
What's the use in crying terrorism to pass these kinds of laws when you can just blame it on the US? Seems like an easy way to gather all the data you want if you ask me. Makes perfect sense
More like penis envy: the NSA does it, so we have to do it. Only worse.
And all in the name of terrorism, of course. And to lock up dangerous nazi pedophiles. Or something.
Brings to mind many skits by Bill Hicks. He would have had a field day with the kind of moronic behaviour we see so much of these days.
Ladies and Gentlemen, I present to you "alen (225700)", exhibit A in the chapter: "Our brains cannot process major threats to the survival of humanity". Oh, and: "The Koch Brothers Foundation spent ____ (ungodly number of billions) attacking the existence of global warming... and it worked!" chapter, too.
Oh, the irony.
This being said, I am not too worried about mankind: it will probably survive global warming. And the survivors may well learn their lessons the hard way.
(If you think global warming does not exist, or is not that bad, or... or... or... yadda, yadda, yadda, please don't bother answering me, mmmmkay?)
And how do you think they have been able to make multiple arrests in the Silk Road case? Hmmm...?
Gee, I mean, of course, Ross Ulbricht had pretty much zero SecOps, babbling this way and that on different forums, but it's still very suspicious he and other Silk Road operators and ''customers'' got arrested so fast.
I'll second that one. My first Android phone was really bad. It was slow, buggy, full of crapware, and a pain to use.
I "switched" to a Samsung Galaxy Note, and never looked back. The user experience was simply great, almost as good as an iPhone, but much cheaper and with none of the iTunes crap.
I am now using a Nexus 5 and a Nexus 7, and I absolutely love them both. My next smartphone will be either the next generation of Nexus, or the next Samsung.
Seriously though: whether in Russia or in the USA, such an important agency, in charge of a large budget, is bound to generate fraud and shady dealings. At least, the Russian government is doing something about it.
That's because it doesn't affect most people. Besides, in relative terms it isn't too bad. Yes, pervasive surveillance infringes people's rights[1], and (speculatively) a small number of people who haven't done anything wrong get hurt by that. But the US (and the rest of the 5 eyes) aren't China, or North Korea, or ISIS. They aren't actively killing or seriously repressing large numbers of their own people. All this stuff just doesn't impact on the life of Joe Ordinary, so he doesn't care.
[...] Maybe OpenBSD could create a section on their web site that provides documentation on the advantages of BSD over Linux as well as some advice on how to avoid common pitfalls that Linux users typically make in BSD. [...] In any event, I'm curious to see what I'll miss coming from the Linux world after spending some time in OpenBSD. On a semi-related note: what's with replacing nginx with their own http daemon? Is the NIH syndrome spreading to OpenBSD as well?
Nope, they have explained at legnth that nginx was getting too big, and its developpers too unresponsive, for it to be a part of base anymore. That was also the case with the previous web server, which was an old version of Apache with a lot of patches.You can still install nginx from ports though and Apache is in there somewhere as well.
As far as documentation is concerned, please refer to the OpenBSD FAQ:
No, most people want to run a simple PHP website (Wordpress, Drupal, etc). But since almost every modern CMS and framework require at least a simple form of URL rewriting (rewrite every request for a non-existig file to/index.php), OpenBSD's httpd is a no-go.
Err... If you are running PHP on OpenBSD, you have COMPLETELY missed the point of OpenBSD in the first place.
Just cool down, man, the ISS is still up there and still useful -- this (shooting space junk) is just a good example of it.
Besides, if the US Governement had invested in space research and (cheap, reliable) space access, you guys would not be at the tender mercies of the naughty naughty Russian bear. So you only have yourselves to blame here...
Most people are against that kind of intrusion, especially if they are correctly informed about it. A lot of major newspapers in France have suddenly woken up and taken notice, as they are very much concerned they won't be able to protect their sources in the future.
These companies already have a sgnificant presence (data centers) in other european countries.
There are countries, in Europe, that protect their citizen's privacy a lot better than France. Germany comes to mind, for instance.
Plus, apart from the existing infrastructure, nothing is going to prevent these companies from moving -- a data center is a data center, anywhere in the world.
Slashdot Mirror
This list should clarify things a bit.
While OpenBSD had ASLR it is lacking in many other ways.
That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.
Hmmm... While I agree with you on the general principle, here are a couple of things, off the top of my head:
1. False positives ("Vulnerable" tests in your example) do exist, you know. How are you sure that OpenBSD (or FreeBSD) is vulnerable in such and such case? Have you created an exploit specifically for the things being tested by paxtest? Maybe OpenBSD has other capabilities
2. False negatives are also a thing. Even if paxtest says: "such-and-such is OK", how do you know if a clever hacker won't be able to find a way around the ASLR protection?
Also important: paxtest dates back to 2004, and, as far as I know, has never been updated since (web site here). Not that this is a bad thing, but ASLR, and security, has changed a lot since then...
Full Disclosure: yes, I live in Europe.
The largest cashless credit card payment system in France (Moneo) was just closed down very abruptly. Seems the whole ''cashless''/''contactless'' thing was just not profitable enough -- and not adopted enough -- to be continued.
Read all about it here: https://en.wikipedia.org/wiki/...
In a place like Greece, for instance, it is well known that the vast majority of transactions are paid in cash, not using a credit card or anything.
I would take that kind of article with a large grain of salt on the side. Seems to me some bankers are declaring victory even before the war has started...
Gag orders and national security letters have no place in the Land of the Free.
This should be too obvious to even be worth saying.
Except, of course, you are no longer in the "Land of the Free". Took you a while to realize it, I am afraid.
As someone wiser than me said: "Freedom of the press is fine, as long as *you* have a printing press".
The correct thing to do, then, would be to leak schematics and software on the Internet, and let the chips fall were they may. PGP got "opened" exactly in the same way, I expect this project to do the same.
Every laptop I've ever had died from hinge-strain breaking the hinges.
This just seems like the worst of bad ideas possible. And it hinges on the side? God, that's going to put tremendous strain on parts of the screen that were never designed to hold weight.
Even if it's not just a con, there's no way that's a practical product unless the original laptop is designed for that extra weight and strain.
Yup, I am with you on this one. I am a lot more interested in this option, but I haven't got the cash (or desk space at home) to try it right now.
I have tried Air Display, between a MacBook Air and a Nexus 7, and it works. Kind of.
Very very laggy display, since everything goes through wifi, Mac OS seems very confused about the resolution of the Nexus 7 (can't blame it) and strange skewing of the display are some of the problems I enconutered.
Past the novelty aspect of the software, I just gave up as the Nexus 7 display was simply too small to be usable. Air Display went into the trash on both devices, which is too bad, since it was a pretty good idea.
So, basically, "not going to happen".
Exactly. Also, Taubira (who used to be a person with integrity) completely caved-in when the absolute bastards running the how (President, Prime Minister, etc.) passed the most intrusive, anti-privacy, mass spying, "we will listen to everything you say and there is nothing yo ucan do about it" law France has ever seen.
She cannot be trusted, alas, and Snowden and Assange should consider all this hoopla about asylum as so much hot air from a discredited governement.
Jetpack?
Good luck crossing the British Channel with a jetpack while being tailed by the RAF... ;-)
What's the use in crying terrorism to pass these kinds of laws when you can just blame it on the US? Seems like an easy way to gather all the data you want if you ask me. Makes perfect sense
More like penis envy: the NSA does it, so we have to do it. Only worse.
And all in the name of terrorism, of course. And to lock up dangerous nazi pedophiles. Or something.
Brings to mind many skits by Bill Hicks. He would have had a field day with the kind of moronic behaviour we see so much of these days.
we could use some sweeping surveillance powers here on slashdot. hurry up or we'll miss the party!
Don't worry, we have got you covered.
xoxoxoxo, the NSA.
Ladies and Gentlemen, I present to you "alen (225700)", exhibit A in the chapter: "Our brains cannot process major threats to the survival of humanity". Oh, and: "The Koch Brothers Foundation spent ____ (ungodly number of billions) attacking the existence of global warming... and it worked!" chapter, too.
Oh, the irony.
This being said, I am not too worried about mankind: it will probably survive global warming. And the survivors may well learn their lessons the hard way.
(If you think global warming does not exist, or is not that bad, or... or... or... yadda, yadda, yadda, please don't bother answering me, mmmmkay?)
Oh, please, CaptainDork, let us keep a certain politeness on Slashdot. That's MISTER (or MISS) Anonymous Cowardly Bastard(ess) to you.
Tsk, tsk, tsk. Have a good day, Sir.
I wonder if they're doing it already?
And how do you think they have been able to make multiple arrests in the Silk Road case? Hmmm...?
Gee, I mean, of course, Ross Ulbricht had pretty much zero SecOps, babbling this way and that on different forums, but it's still very suspicious he and other Silk Road operators and ''customers'' got arrested so fast.
I'll second that one. My first Android phone was really bad. It was slow, buggy, full of crapware, and a pain to use.
I "switched" to a Samsung Galaxy Note, and never looked back. The user experience was simply great, almost as good as an iPhone, but much cheaper and with none of the iTunes crap.
I am now using a Nexus 5 and a Nexus 7, and I absolutely love them both. My next smartphone will be either the next generation of Nexus, or the next Samsung.
Yeah, I mean, take a look at NASA, it always had such a proud and distinguished record...
Oh, wait...
Seriously though: whether in Russia or in the USA, such an important agency, in charge of a large budget, is bound to generate fraud and shady dealings. At least, the Russian government is doing something about it.
Use the Firefox plug-ins Ghostery, Privacy Badger, Self-destructing Cookies, and Better Privacy and everything will be pretty much wiped out.
See above: enable "Do Not Track" in the Firefox Options/Privacy tab and you are (hopefully) in the clear.
Nah, just business as usual.
For pure evil, you have to go to Wall Street.
That's because it doesn't affect most people. Besides, in relative terms it isn't too bad. Yes, pervasive surveillance infringes people's rights[1], and (speculatively) a small number of people who haven't done anything wrong get hurt by that. But the US (and the rest of the 5 eyes) aren't China, or North Korea, or ISIS. They aren't actively killing or seriously repressing large numbers of their own people. All this stuff just doesn't impact on the life of Joe Ordinary, so he doesn't care.
Some people within the United States may disagree with you. Pot, meet Kettle. Kettle, meet Pot.
It has been ringing continuously since 1840, and will probably continue for a long time.
Read all about it here: http://www.atlasobscura.com/pl...
And there you have the reason why almost nobody uses OpenBSD.
Yeah, well, I use OpenBSD, and I know a ton of people who use it for, say, firewalls, routers and other. And, yes, even web servers an other stuff.
Seriously, man: PHP? Really?
[...] Maybe OpenBSD could create a section on their web site that provides documentation on the advantages of BSD over Linux as well as some advice on how to avoid common pitfalls that Linux users typically make in BSD. [...] In any event, I'm curious to see what I'll miss coming from the Linux world after spending some time in OpenBSD.
On a semi-related note: what's with replacing nginx with their own http daemon? Is the NIH syndrome spreading to OpenBSD as well?
Nope, they have explained at legnth that nginx was getting too big, and its developpers too unresponsive, for it to be a part of base anymore. That was also the case with the previous web server, which was an old version of Apache with a lot of patches.You can still install nginx from ports though and Apache is in there somewhere as well.
As far as documentation is concerned, please refer to the OpenBSD FAQ:
http://www.openbsd.org/faq/faq...
And:
http://www.openbsd.org/faq/faq...
What will you miss? Probably not much, except for the eye candy. OpenBSD is a really good and complete OS, and its quality is excellent.
No, most people want to run a simple PHP website (Wordpress, Drupal, etc). But since almost every modern CMS and framework require at least a simple form of URL rewriting (rewrite every request for a non-existig file to /index.php), OpenBSD's httpd is a no-go.
Err... If you are running PHP on OpenBSD, you have COMPLETELY missed the point of OpenBSD in the first place.
Seriously, though. PHP?
Oh boy, that was such a flame-bait post.
Just cool down, man, the ISS is still up there and still useful -- this (shooting space junk) is just a good example of it.
Besides, if the US Governement had invested in space research and (cheap, reliable) space access, you guys would not be at the tender mercies of the naughty naughty Russian bear. So you only have yourselves to blame here...
Most people are against that kind of intrusion, especially if they are correctly informed about it. A lot of major newspapers in France have suddenly woken up and taken notice, as they are very much concerned they won't be able to protect their sources in the future.
Ditto for lawyers and many other institutions.
So there is hope after all...
These companies already have a sgnificant presence (data centers) in other european countries.
There are countries, in Europe, that protect their citizen's privacy a lot better than France. Germany comes to mind, for instance.
Plus, apart from the existing infrastructure, nothing is going to prevent these companies from moving -- a data center is a data center, anywhere in the world.