https://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a tl;dr[becauseimlazy]? s2n isn’t intended as a replacement for OpenSSL, which we remain committed to supporting through our involvement in the Linux Foundation’s Core Infrastructure Initiative. OpenSSL provides two main libraries: “libssl”, which implements TLS, and “libcrypto,” which is a general-purpose cryptography library. Think of s2n as an analogue of “libssl,” but not “libcrypto.” there you go and the github for the project: https://github.com/awslabs/s2n and s2n is a nod to signal to noise, hiding stuff as "noise" via the magic of encryption Thanks :D I prefer libtls anyways :P I like OpenBSD's approach of re-factoring instead of throwing everything out and starting over libtls is rather pleasant to use, too. It certainly is from what I've gathered watching its inclusion in the OpenBSD tree. Things like syslogd *poof* have TLS https://github.com/meritz-burns/erltls - my girlfriend and I have been working on porting it to Erlang. That sounds like a fun couples activity :D That's some pair-programming I can get behind (okay, I'm done) Isn't syslogd UDP? TLS works over UDP? It has tcp support too "syslog" is UDP, sure. But syslogd(8) supports all sorts of stuff https://blog.opendns.com/2015/06/30/cisco-announces-intent-to-acquire-opendns/ yuck heh, always loved that wording "intent to acquire" Basically "We want you, and we're going to have you. It's basically rape." yeah davidu's had bad luck w/stuff he helmed being acquired and wrecked most recent example being everydns acquired by dyn dyn just sought to eliminate a free competitor w/a better svc level than their paid plans, promised to grandfather people on those plans then decided they'd rather make money and told them to pony up or gtfo oh well lol: https://honestnetworker.wordpress.com/2015/06/28/when-your-favorite-startup-is-acquired-by-cisco/ mike-burns: Thank you for the obligatory (but put very cordially) "patch up or shutup" response http://marc.info/?l=openbsd-tech&m=143552675031461&w=2 openbsd-tech: "Re: [Patch] New item to the "Migrating to OpenBSD" guide" from Mike Burns @ 2015-06-28 21:24:56 brycec: thank you for noticing! I don't follow tech@ (or any of the lists really) very closely, but the mess was brought to my attention and I recognized your name :) Oh no; this thread is making the rounds? Over in #devious OK whew. At least it's not trending on Twitter. I could make that happen with @twitter ;P @twitter -i BryceBot0101 BryceBot (900 N Alameda, Los Angeles, CA) Member since: Mon Aug 22 16:35:56 +0000 2011 Followers: 18 | Following: 34 | Tweets: 4696 | Description: I'm an IRC bot acting as a conduit for an IRC channel on FreeNode. I post whatever They tell me to. and its massive 18 followers Wowie. Oh good, more fodder for BryceBot's tdr quotes @tdr Theo de Raadt says: i ojbect two yoru splelng of achlhlocis. @tdr Theo de Raadt says: Yes, but the ports people are into S&M. haha woot, i can see. the bot in a channel i frequent has triggers to quote jeffk dated, but still funny hahaha i'm surprised online glasses came already. i thought they'd take ages. nice just didn't want to pay 5x as much locally for estimated times of longer than it took hah i bought some prescription safety glasses for shooting and they got here from china in like 8 days or so I was unfamiliar with jeffk.... not sure if I should thank m0unds or smack him this was friday 4 pm local time brycec: lol to wednesday morning delivery local time wow, nice so what's that, .. just under 5 days from new york.. i don't like them though, but i ordered from somewhere else too :) in the hope that one would be quick. because my old ones were really scratched suddenly twss Okay! twss! 'because my old ones were really scratched suddenly' BryceBot: no Oh, okay... I'm sorry. 'because my old ones were really scratched suddenly' darn, too slow hahha in the hope that one would be quick. twss' fuck i'm done haha later today has been i gave you another chance way too long twss Okay! twss! 'way too long' i know that feeling That's what she said!! i can't take any more twss Okay! twss! 'i can't take any more' i'm hoping scratched glasses are making me tired, as i've been tired more than usual. they can contribute to eyestrain Could by Lyme disease. I hear it's always Lyme Disease... that's what I learned on TV anyways. which can make you feel fatigued yeh i'm hoping so brycec: you mean lupus? I was thinking of https://www.youtube.com/watch?v=ZDkrNKMVXHc YouTube video: "Ralph Lyme disease" by Jason Abe ahh hadn't seen that i got kind of sick of simpsons, too many episodes! Supposedly, https://www.simpsonsworld.com/video/302395459825/episode/288011331912 is the episode what year is that https://www.youtube.com/watch?v=ZDkrNKMVXHc YouTube video: "Ralph Lyme disease" by Jason Abe oops tried to resize putty :/ (or at least 90 seconds of it) That's what she said!! mercutio: 1991 not available in my region oh wow, that's early. Season 2 yup back then we got episodes delayed a long time now days we get stuff so much quicker. :) does anyone happen to know what the best vpn's (openvpn, l2tp/ipsec etc) are for china? its all good Y2K is past us Clock: inserting leap second 23:59:60 UTC time.tritn.com didn't get the memo nor did mail.wtfismyip.com has leap second hit us already? yeah i didn't notice anything that is a good thing :) at 10:04 (im in +10GMT) i got alerts for all of our ntp services (Infoblox) reset/got out of sync, but came good about 10 minutes later Who do you use for alerting mjp_? what do you mean? we use nagios for monitoring... the guy sitting a few cubes over let me know that all our infoblox appliancs lit up Oh jlg: on arp? outage shouldn't be very long at least. apparently a lot of fibre links went down with the clock thing by apparently i mean one person posted on a mailing list saying such That would surprise me as most most links (t1, ethernet, etc) use crystals but not RTC for sync. An extra second on the wall clock would be invisible. you'd think apparently there was some cisco fix necessary, which didn't fix Always blame Cisco i'm going to check nanog :/ i can't see anything on there oh I can see how routers with those interfaces might hiccup because they might not have read the performance counters for >1s is the leap second gmt? or local time zone? It happened 2.40 ago, UTC ahh ok so yeh gmt Everybody at once nothing on nanog there was a route leak last night of ntt -> he.net (horlogical pedantics would like you to know that GMT and UTC are not the same thing, technically) err ntt readvertising he.net routes then he.net did a route leak and the he.net guy was saying about how they didn't leak routes when the ntt one happened hah internets..how does it even work With lots and lots of luck. there was another route leak originating in Bangladesh that actually triggred RPKI validation failure alerts for me was wondering why I woke up to a bunch of those yeh that was the ntt leaking he.net one that was the first, there was a second after that yeh i'm actually surprised about the stability of the internet it works much better than i'd guess .. you're doing rpki validation static? my prefixes are signed, I get alerts from BGPMon but you're not validating? nope, I don't really need to rpki validation hasn't really taken off yeh actually it'd help you not at all it's really your upstreams that need to indeed well for it to be of any benefit