1. 2

    I agree that adding this type of complexity is wrong in a security context. However, what type of impact with this have on LibreSSL? Will this restrict adoption of a more secure framework? Will Government groups just throw up their hands and go back to OpenSSL? Will open source be banned from .mil networks because it no longer fully conforms to regulations?

    I think Mozilla’s NSS is FIPS compliant so that is one option for software creators. What are the downsides to using NSS instead of LibreSSL? If NSS is a viable platform, why not just put the LibreSSL effort into helping the NSS project?

    1. 3

      (1) lots of software expects the openssl api (2) if libressl can kill openssl then they can use the leverage of a monopoly position to change things.

      i think the second point is what is most interesting here. openssl actually did a reasonably good job with the resources they had. they made compromises, for sure, but those compromises also helped (as you argue) make secure(ish) software more widely available. it seems to me that the biggest criticism of the openssl folks is not technical, but tactical. they didn’t recognise that they had got to a point where they had the strength to push back. to make changes. to fix the crap. and that is what is so good about libressl. it’s not the grandstanding and egos. it’s the idea that once you are popular you have power (and the moral duty to use it). you can (and should) push back.

      you see this at work every day in the small. as a developer you have to know when to cut corners and when to claw back the debt. bad developers either never fix the compromises or never ship. good developers do both.

      1. 1

        I don’t think the problem is that they didn’t push back; I think the problem is that they didn’t take responsibility for making OpenSSL secure, even in the absence of anything they’d need to push back against, and it’s not clear at this point that using OpenSSL in the last couple of years actually made things more secure than just sending stuff over the network in plaintext. Depends on your threat model, probably.

        1. 1

          oh come on, your saying (excepting the long words) i may as well have done all my banking over http? if you really believe that then i think we’re on such different planets that communication is likely impossible.

          (or you’re saying that you’re smart enough to invent a threat model where you’re right; i don’t doubt that for a minute, but surely we should weight by something reasonable…)

          1. 2

            If the people who want to rob your bank account knew about Heartbleed but weren’t able to route your traffic through their sniffers, then unencrypted HTTP would have been better than using OpenSSL on your bank’s servers. Now, some adversaries were in fact in that position, while others were in the opposite position (e.g. the Great Firewall of China, assuming China didn’t know about Heartbleed), and the vast majority are irrelevant to this discussion because they could neither sniff nor bleed.

            The question is, how do we weight the small number of relevant adversaries reasonably?

            From my perspective, there are things more important than your bank account: for example, protecting political dissidents and victims of human-rights abuses, in their communications with Wikipedia and Wordpress and journalists, from snooping by the police and intelligence agencies operated by their oppressors. So I weight “possible people who found Heartbleed early” more highly than “people who sniffed plaintext transactions”, but I recognize that this weighting is arguable.

            That’s why I said “it’s not clear that…OpenSSL…made things more secure…than plaintext…depends on your threat model” rather than “OpenSSL was less secure than plaintext”.

            I know:

            • one person currently jailed by a dictatorship (for the Nth time) for his political activism,
            • one person who fled the US to escape persecution for his political activities,
            • one person who committed suicide to escape obscenely overzealous prosecution for his political activities,
            • a group of people whose phones were apparently tapped 24/7 in case they knew something about a criminal conspiracy,
            • a person who was forced to explain hundreds of his vacation photos from India to a CBP agent,
            • a person who was kidnapped by US CBP and sent to Syria to be tortured for several months in case he was a terrorist,
            • and any number of people who have been kidnapped or raped by the police;

            and

            • I’ve had my ATM card cloned, and
            • a friend of mine lost thousands of euros from her bank account to an apparent theft of credentials.

            Rightly or wrongly, the differing magnitudes of these experiences informs my weighting of the risks.

            As my friend Brandon Harris wrote on Facebook:

            Consider this scenario: the Chinese government breaks Heartbleed. They then use it against Wikipedia to get the passwords of administrators with CheckUser privileges. They can then use those accounts to discover the identity and location of Chinese dissidents who are editing Wikipedia “illegally”. And then find them. And execute them.

            He was talking about Chinese dissidents inside China, for which one might think they would also be able to snoop using the Golden Shield — but presumably if OpenSSL didn’t exist, they’d be using some non-SSL VPN protocol (PPTP?) to access Wikipedia just in order to be able to edit controversial pages at all. And Heartbleed also allows them to hunt down Chinese dissidents outside China.

      2. 2

        https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/FIPS_Mode_-_an_explanation

        The whole thing is a crock of shit. You’re allowed to use Firefox, but only if you promise to use it in the right mode. That mode happens to require you login (to the browser!) before you can view https sites. Like Lobsters.

        I wonder what happens if you turn off FIPS mode. Are you fired? Can you be sent to prison? Do you get put on the terrorist no fly list?

        To the extent that FIPS mode is runtime configurable, and you can just lie about enabling it, nothing stops you from using libressl and telling anybody who asks that it’s FIPS validated. Unsure what dire lifestyle consequences that will have for you.

        Honestly, I don’t care if the military can use OpenBSD or not. I’d like for them to use it, but this is about their rules, not mine. It’s their process that’s wrong. (Or rather, I actually do care. But they need to move out of the stone age and this “how do we know that we know what we know about the product we just bought” mentality.)

      1. 1

        does spacemonkey https://www.spacemonkey.com/tour use some of “your” device to store data from other people? that’s the only way i can make sense of it, but they don’t seem to say so anywhere.

        does that mean it actually contains a 2TB disk? or is on average only half available to each user? or less (if there’s more redundancy)?

        1. 6

          Yeah, it looks like we don’t mention that anywhere obvious, but the device actually has a 2 or 3 TB drive in it. You get 1TB for your primary copy of data, and the remaining space is used for Reed Solomon-encoded and encrypted chunks of inode and block packs from others.

          1. 1

            oh cool! that’s great. i was really, really suspecting it was a 1TB disk. thanks for the clarification.

        1. 1

          almost 20 years and diversification in chile has gotten pretty much nowhere http://atlas.cid.harvard.edu/explore/tree_map/net_export/chl/all/show/1995/ http://atlas.cid.harvard.edu/explore/tree_map/net_export/chl/all/show/2012/

          when the world stops using copper it’s going to get ugly, fast, here. when china stops using copper it’s not going to be pretty.

          edit: oh, there’s a better way to show this - http://atlas.cid.harvard.edu/explore/stacked/net_export/chl/all/show/1995.2012.2/

          1. 1

            I think this shows better that things have actually deteriorated… http://atlas.cid.harvard.edu/explore/stacked/net_export/chl/all/show/1995.2012.2/

          1. 3

            wouldn’t it be more useful to say what other libraries have problems rather than telling us what we now know all too well?

            at this point it feels a bit like every wannabe thinks they can show how expert they are by kicking a man who’s already down. hindsight is 20/20.

            1. 4

              There’s a limit to how many TLS libraries I’m willing to look at in one week. There are a lot of projects who take the same buggy reimplementation of libc approach to compat, but these are the examples I have on hand.

              I’ll agree that the rampage tumblr has turned a semiprivate party into an internet spectacle, but so it goes. This was my attempt to throw a little more light than heat.

              I doubt, for example, that many programmers are aware of issetugid or its purpose. Maybe now a few more are.

              I’d like to believe this post had more purpose than just some lulz.

              Oh, further. People keep asking if it was really necessary to fork. Why not just work with upstream to fix bugs? I seek to demonstrate that was not a viable option.

              1. 1

                This certainly isn’t a case of hindsight. And certainly if Ted was telling us things that “everyone” knew “all too well” we would not have the piece of software in the state it’s in today.

                The more social situations I’m in with other users and developers in the open source community, the more clear it becomes just how many (most) misconceptions are believed as fact. The most vocal opinion wins, correct or not. We’ve got a nice (vocal) article stating facts. The article is good and legitimate and yet you want to discredit it? Sure, let the misconceptions win again.

              1. 5

                TIL blink no longer works in firefox.

                1. 2

                  Funny thing is, the site looks perfectly normal on Firefox/Android. Apparently KitKat is missing Comic Sans (boo hoo).

                  1. 2

                    They apparently “fixed” it by handcoding the blink tag using CSS animations

                    1. 2

                      https://news.ycombinator.com/item?id=7623281 [i posted some comments here, but then thought better of it; i will comment on this kind of thing at hn]

                      1. 2

                        That’s a shame! I wish I could read your thoughts on things like this without having to wade through knee-high steaming HN.

                      1. 7

                        this is kind of weird. no-one used “explain” at any point before that?

                        maybe it’s worth mentioning again SQL Performance Explained which shows exactly how to get decent performance, how to understand explain, and even mentions various ORM oddities (my review got no love here).

                        1. 3

                          I’m not sure what the history was that caused such a system to be put in place the way.

                          But yes, now that my team owns it, “explain” is the workhorse that will pull us through

                        1. 3

                          this is just 1.2 reformatted (see first line of the introduction). i would downvote but there doesn’t seem to be a suitable option.

                          1. 3

                            the physics (not chemistry! ;o) is at http://newbrict.github.io/Fe26/js/game_manager.js (fusionRules, towards the bottom encodes what produces what) and it appears to include decay.

                            it’s not clear to me how you win, since i think you need to go through 52 iron, to 56 nickel, and then decay to 56 iron. but 52 iron itself can decay to 48 chromium. and the application of decay in the main loop doesn’t seem to be random. can anyone clarify?

                            edit: oh, no, it is randomized. in the lines just below, where decay is compared for inequality with false (ewww).

                            1. 4

                              the pdf seems to have been further fixed, so you need to read the article (i was going to link to the pdf and ask “what is wrong with this?”)

                              1. 3

                                i think there’s an additional problem (although i haven’t looked at this carefully; this is from a friend'’s comments). as far as i know, the copy command requires all columns. so you need to include any surrogate keys. which can make things much more complicated when you have the possibility of multiple loads in parallel.

                                1. 50

                                  Changes so far to OpenSSL 1.0.1g since the 11th include:

                                  • Splitting up libcrypto and libssl build directories
                                  • Fixing a use-after-free bug
                                  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
                                  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
                                  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
                                  • Ripping out some windows-specific cruft
                                  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
                                  • KNF of most C files
                                  • Removal of weak entropy additions
                                  • Removal of all heartbeat functionality which resulted in Heartbleed

                                  Commits are happening pretty fast, but the API is not being changed.

                                  1. 7

                                    FYI, I’ve posted a git repo of the changes OpenBSD made to https://github.com/jmhodges/libssl

                                    Easier to read than digging through cvs per-file histories. It’s a one-time dump for now.

                                    1. 3

                                      You can get commit logs for the BSDs at FreshBSD:
                                      http://freshbsd.org/search?project=openbsd&q=file.name:libssl

                                      (I had blissfully acclimatised to how much easier it is to read a revision log when you actually have, you know, a revision log, as opposed to trying to piece history together out of file-based logs. Trying to get an idea of what the OpenBSDs are up to was a painful reminder. In CVS it looks like a lot fewer changes than you realise once you look at a revision log. They really are applying that plasma torch fast and thick.)

                                      Loving the colourful commit messages. “Toss a unifdef -U OPENSSL_SYS_WINDOWS bomb into crypto/bio.” “Go home, VMS, you’re drunk”. “Q: How would you like your lies, sir? A: Rare.” Etc.

                                      1. 1

                                        commitid support should help there, but I haven’t been able to turn it on for us yet.

                                    2. 5

                                      I hope the new version is called OpenOpenSSL.

                                      1. 12

                                        Joking aside, I’d probably vote for OpenTLS.

                                        1. 4

                                          Can’t.

                                          1. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
                                          1. 1

                                            Haha I thought of that… But I think I like OpenTLS best.

                                          2. 2

                                            what’s a “backend engine”? is that just “engine”? if so, i suspect they will keep the engine interface as it’s used by openssh (eg for hardware modules) (if i’m remembering right).

                                            (i hope this works; i hope the openssl crew can then find some way to switch to this (i think that would be hard even without external pressure from companies that have paid for code that is being stripped, but still, i hope it can happen)),

                                            1. 4

                                              All of the engines that interfaced with hardware crypto accelerators. The interface still exists AFAIK, but all of the individual engines are gone.

                                              1. 2

                                                wow. all of them indeed. strangely, it looks like the pkcs11 engine was always third party - https://www.opensc-project.org/opensc/wiki/engine_pkcs11

                                            2. 2

                                              I think stripping down openssl is a good idea.

                                              May I propose some more things? Go through the algorithms and identify ones that are basically unused. An example is DSA. Also, it may be debatable to remove algorithms that are generally considered too weak to be used. RC4 comes to mind, which will probably see a deprecation RFC soon.

                                              1. 3

                                                I think you will see the OpenBSD developers doing this - they are aggressively attacking the code at the moment.

                                                1. 1

                                                  Not supporting things like that may prevent adoption for people who are stuck using them for backwards compatibility with older systems.

                                                  Arguably if they don’t have the resources to fix those systems they may not have the resources to switch to this, once it’s usable, anyway. shrug

                                                2. 1

                                                  Will this make merges of upstream changes significantly more difficult?

                                                  1. 14

                                                    It sounds like they’re not just completely abandoning compatibility with upstream; they’re incinerating compatibility with upstream with a plasma torch.

                                                    1. 5

                                                      Why do you think they have any intention of merging?

                                                      1. 5

                                                        Because they’re smart people and probably learned their lesson after that Frankenstein monster of an Apache they had to solely maintain for so many years before dumping?

                                                        1. 2

                                                          I think they will follow the same policy as for OpenSSH when it comes to providing code to a project that is of no use to them at all.

                                                          1. 1

                                                            It was a fine daemon, really.

                                                            Merging of upstream changes stopped because they switched to a non-free license.

                                                      2. 1

                                                        wow, you weren’t kidding about the “massive”! very exciting stuff, gives me much the same sort of thrill that reading books like “where wizards stay up late” does.

                                                        1. 1

                                                          Congrats, @jcs. I think you’re the first member of the 100 point story club.

                                                        1. 5

                                                          last week i said i was working on a fast library for CRC in julia. it turned out not to be so fast :o) and a peek at the libz C code (which implements CRC32 and was running about 2.5x faster than my code) showed that i need to read data in larger chunks (eg use large native word size, typically 64 bits, rather than bytes) and unroll some loops. so i’m doing that. the maths (you need more lookup tables to calculate the polynomials) is fairly easy but the details are messy and if i want to keep the code and api clean i need to simplify things elsewhere.

                                                          at work spent some time calibrating hydroacoustic (earthquake) sensors and am now back to the testing system (how to use git so that we only use commits that have passed unit tests in integration tests).

                                                          1. 3

                                                            What’s the speed comparison for lookup tables vs doing the math? I did CRC with math and not tables on a microcontroller due to lack of memory.

                                                            Why not just write a wrapper for the libz C library? ;)

                                                            1. 1

                                                              i can’t remember the numbers, but it’s quite a bit faster because you can munch a byte at a time, rather than a bit at a time if you do it directly.

                                                              the library will support all the CRCs in http://reveng.sourceforge.net/crc-catalogue/ and the code should be (i hope) easier to understand and extend (julia is a bit like c plus templates); there is a wrapper for libz (which is what i am using to tets against for speed), but it’s CRC32 only.

                                                          1. 16

                                                            An RFC to add regular expressions to the Rust distribution. The implementation already exists.

                                                            1. 2

                                                              yay for using the re2 approach!

                                                            1. 8

                                                              Yesterday I published Hendrix, p2p chat for web. It’s build on some cool, new technologies like PeerJS (WebRTC) and React (Shadown DOM). It’s an attempt to create IRC for web that’s as server-less as possible. I would like to hear what do you think and a star would be great!

                                                              Currently I’m planning to add things like:

                                                              • Group chat and rooms/channels,
                                                              • Authentication (I’m thinking PGP);
                                                              1. 2

                                                                so how easy is peer-to-peer in browsers now? a while (a few years i guess) back when opengl becamme available in browsers i started writing an “arcade” game that would run in browsers and allow people to fly around the surface of a planet shooting each other. it didn’t get very far (i am not an experienced 3d programmer), but it was clear the p2p part was not going to be ready any time soon anyway… is that now “trivial”?

                                                                1. 2

                                                                  I can’t comment on how it has changed in past years because I’m new to the WebRTC myself and this is my first attempt to make something with it. However, PeerJS (WebRTC wrapper) helps and it’s a matter of listening and triggering events that PeerJS offers.

                                                                2. 1

                                                                  this looks great! I’ve been working on a leisure project similar to this one, only not web based. I’d be happy to share my ideas or designs with you, if you wish.

                                                                  I can’t seem to get it up and running, though. would you consider adding some instructions into the README file so other people know how to get this booted up?

                                                                  thanks, and good luck!

                                                                  1. 1

                                                                    Thanks! I would like to hear your thoughts on Hendrix.

                                                                    I added some instructions to the repo! ;)

                                                                  2. 1

                                                                    Great project! Would love to see live demo :)

                                                                    1. 1

                                                                      Thanks!

                                                                      I’ve been trying to implement group chat now. As soon as it’s ready, I will create a demo page! ;)

                                                                      1. 1

                                                                        I will be waiting for that. Meanwhile I hope that there will be time to try it on my own.

                                                                    2. 1

                                                                      I love the project. We need to bring internet tech back to a distributed model from which it came from. I am also excited about WebRTC. Have a look at my project Fire★, I had to implement something like WebRTC from scratch. Though mine is built from C++ and not web tech.

                                                                      If you see any awesome idea from Fire★, go ahead and clone. We need more p2p to take off.

                                                                      1. 1

                                                                        Looks like a cool project :) You might also be interested in https://echoplex.us. I’m using PGP to sign/encrypt messages, which I think works pretty well for identity in an anonymous environment

                                                                      1. 1

                                                                        to be fair that’s not the uk’s ivy league; that would be oxbridge.

                                                                        does it work? i’m using firefox on linux and i’ve disabled all blockers and i still don’t hear anything. many “players” seem to disappear completely. none seem to produce sound.

                                                                        1. 1

                                                                          Thanks for the clarification.

                                                                          It should work, though roughly a third of the streams are down (all of the Ivy League streams are up, aside from Cornell’s). In terms of FF compatibility, they’re not working for me either (FreeBSD). I’m not sure why. Chrome, Opera, and IE load them just fine.

                                                                        1. 2

                                                                          The strangest email just appeared on the OpenSSL list. I may be reading this too negatively, but to me it sounds like EMC (1) don’t understand how protocols are layered on top of each other and (2) are open to heartbleed. The email is from someone at VMAX, which is the EMC storage solution. A quick search suggests this could be EMCRemote on port 5414 (eg ftp://ftp.avamar.com/pub/rcm/vnx/tools/emcremote/EMCRemote%206.04.08%20User%20Guide.pdf and http://www.emc.com/collateral/hardware/specification-sheet/300-007-926-a01-secure-remort-support-gateway.pdf).

                                                                          Have I missed something? Do you think that the TLS is somehow encapsulated inside another protocol?

                                                                          Edit: OK, there’s now a reply that confirms my take. It’s worrying how deep this goes and how little EMC seem to understand.

                                                                          1. 1

                                                                            Given what a mess OpenSSL is and that there are no usable API docs, this is probably the case for most people using it.

                                                                            1. 1

                                                                              i don’t know the details, but openssl’s “mess” doesn’t really affect how one transport layers over another. openssl shouldn’t become the scapegoat for clelessness

                                                                            1. 4

                                                                              Most of this is applicable to any language, so well worth the read. Few important points:

                                                                              • Your API will outlast your implementation, so the API is more important.

                                                                              • Boolean parameters are the devil, don’t do it!

                                                                              1. 2

                                                                                i’m struggling to find the part about boolean parameters. where is it?

                                                                                i am interested because i am working on an api at the moment, for CRC (checksums) and they are described by a couple of boolean flags - whether the bytes are inverted before and/or after calculation. it seems to me that if i don’t have boolean parameters i’d need a set of verbosely named functions that wouldn’t be any clearer to the user than one with booleans.

                                                                                1. 5

                                                                                  i’d swap booleans for something more typed. an enum instead of verbosely named function is a nice between ground. then hopefully, you have a type system that can check that the enums are of the correct type.

                                                                                  its pretty easy with multiple booleans to get the ordering wrong (the same would go for something that has a signature of Int, Int or whatever)

                                                                                  1. 1

                                                                                    oh, good point. yes, that’s easy to do. i was thinking the implication was more that you should separate logic in different functions. thanks.

                                                                                  2. 3

                                                                                    In 4.1

                                                                                    The meaning of the arguments to a method should be clear from the context at the call site. Beware of bool parameters, which often lead to unreadable code.

                                                                                  3. 1

                                                                                    Really wish the browser and DOM people heeded both these points more carefully.

                                                                                  1. 4

                                                                                    several over-broad generalisations, largely unjustified and probably (to the extent that they have meaning) incorrect. a slanted, conservative, out-of-date, uninformed view of “culture”, without nuance, is used to somehow demean a completely unconnected group of people.

                                                                                    jazz is not linear. it does not have layers. who on earth is “above” or “below” christian scott? what does that even mean? and how can a culture hold disdain? does he really know no-one that cares about the history of pop culture? and of course mass market culture does dominate.

                                                                                    rich old white guy is annoyed with something. compares it to brahms.

                                                                                    1. 2

                                                                                      I think he was demeaning Brahms and Dvorák as sterile, “overdeveloped”, and in need of pop culture. So I don’t agree with your reading.

                                                                                      No, wait, I’m wrong. He was demeaning Brahms and Dvorák’s predecessors, and saying that Brahms and Dvorák incorporated pop culture into high culture to revitalize it.

                                                                                      1. 1

                                                                                        brahms and dvorak famously include gypsy tunes in their work. it’s the cultural equivalent of saying some of your best friends are gay before you make a homophobic joke.