[dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On 01-22 21:14, Eckehard Berns wrote: I don't think it's a good idea to add complexity to a suckless program for a _bug_ in X (that is kinda fixed already). This got me tinking: Is there a place in the suckless philosophy for security? (However one wants to define that). Small code base can't mean "insecurity". I for one, love suckless software, but I want "security" as a basic feature, too. I do want more complexity in slock to work around this (or another) keypad issue. And I want slock to stay on top no matter what other clients want. I also really like sic and ii, but without extra code for SSL, I won't use it. Has the general problem been discsussed before? -- ilf Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg! -- Eine Initiative des Bundesamtes für Tastaturbenutzung signature.asc Description: Digital signature
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon, Jan 23, 2012 at 10:40:03AM +0100, ilf wrote: > This got me tinking: Is there a place in the suckless philosophy for > security? (However one wants to define that). Small code base can't > mean "insecurity". > > I for one, love suckless software, but I want "security" as a basic > feature, too. Small and well designed code also means auditable code, which is a big boon for security. Think for example about my simplyread browser addon[1]. Of course browsers are wonderfully insecure, but addon programs which are actually sensibly designed and readable can be quickly checked to see they don't add to the problem. > I also really like sic and ii, but without extra code for SSL, I > won't use it. They may well be examples of things that stunnel can work fine with. Wrapper programs can be very handy alternatives to building in alternative network functionality (e.g. torify), though they tend to play less well with static binaries. More generally, though, I agree, SSL is a good example of a security technology which is well worth the additional complexity. Nick 1: http://njw.me.uk/software/simplyread
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
2012/1/23 ilf : >> > I also really like sic and ii, but without extra code for SSL, I won't use > it. > there is a ssl patch for ii: http://tools.suckless.org/ii/patches/ssl i'd like one for sic too
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
Security is not a feature.
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon, Jan 23, 2012 at 11:57:42AM +0100, hiro wrote: > Security is not a feature. I thought you were restricting yourself to Sundays.
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
Certainly it's you who's trolling today.
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon, 23 Jan 2012 09:59:21 -, Nick wrote: They may well be examples of things that stunnel can work fine with. Wrapper programs can be very handy alternatives to building in alternative network functionality (e.g. torify), though they tend to play less well with static binaries. You can't both statically link to a specific BSD Sockets implementation, and dynamically choose an implementation. Thus suckless software would use stdio when possible and pipe to UCSPI, optionally through whatever compression, encryption (e.g. tcpcrypt) or authentication (e.g. OpenPGP) you desire. More generally, though, I agree, SSL is a good example of a security technology which is well worth the additional complexity. Doubled. At least where encryption is needed. -- -,Bjartur
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon, 23 Jan 2012 11:04:55 -, Nick wrote: On Mon, Jan 23, 2012 at 11:57:42AM +0100, hiro wrote: Security is not a feature. I thought you were restricting yourself to Sundays. Yes, on Sundays ;) -- -,Bjartur
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon, Jan 23, 2012 at 10:59 AM, Nick wrote: > More generally, though, I agree, SSL is a good example of a > security technology which is well worth the additional > complexity. It's funny because OpenSSL -- probably the most used implementation of SSL -- is unreadable: http://corte.si//posts/code/reading-code.html
Re: [dev] suckless vs. security? - Was: [slock] kill slock with Ctrl+Alt+Multiply
On Mon 23 Jan 2012 07:10:57 PM PST, Bjartur Thorlacius wrote: > On Mon, 23 Jan 2012 11:04:55 -, Nick wrote: > > On Mon, Jan 23, 2012 at 11:57:42AM +0100, hiro wrote: > >> Security is not a feature. > > I thought you were restricting yourself to Sundays. > Yes, on Sundays ;) Ah, such comedians! I love reading this mailing list. :) -- Some of my readers ask me what a "Serial Port" is. The answer is: I don't know. Is it some kind of wine you have with breakfast?