On Tue, 25 Aug 2015, at 08:15 AM, Apple Apple wrote:
> On 24 Aug 2015 19:34, "Seth" wrote:
> > I'm curious if any one on the list is able to determine how many of the
> above issues have already been addressed by the OpenBSD project.
>
> I don't want to steer the thread away from the main topic b
Jacob Appelbaum wrote:
> There is a great deal of positive feedback from the Debian community.
> This includes offers of experimenting to provide .onions for the
> mirrors, adding a grsec kernel and a number of people offering to help
> package critical software that was mentioned.
>
> It takes ti
> > I'm curious if any one on the list is able to determine how many of the
> above issues have already been addressed by the OpenBSD project.
> I don't want to steer the thread away from the main topic but I think it is
> fair to say that OpenBSD has problems too. An article titled the insecurity
On 24 Aug 2015 19:34, "Seth" wrote:
> I'm curious if any one on the list is able to determine how many of the
above issues have already been addressed by the OpenBSD project.
I don't want to steer the thread away from the main topic but I think it is
fair to say that OpenBSD has problems too. An
>
> * Ways to verify system firmware compromise thru dumping images and
> archiving them
>
>
It's the problem of Plato's cave isn't it?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-
Thank you for your response this pretty much answers what I was asking.
Again, I apologise if these details were already covered in the talk.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinf
On Mon, 24 Aug 2015 09:26:58 -0700, Apple Apple
wrote:
It's not a Debian specific problem. Even "Security Conscious" distros
like
Fedora only build a dozen or so key packages with pic and ssp because of
performance concerns. Address sanatizor is obviously out of the question.
Then of cours
Hi,
On 8/24/15, Apple Apple wrote:
> It's not a Debian specific problem. Even "Security Conscious" distros like
> Fedora only build a dozen or so key packages with pic and ssp because of
> performance concerns. Address sanatizor is obviously out of the question.
I think that this is where we'll
It's not a Debian specific problem. Even "Security Conscious" distros like
Fedora only build a dozen or so key packages with pic and ssp because of
performance concerns. Address sanatizor is obviously out of the question.
Then of course Linux does not have proper ASLR without 3rd party kernel
patc
On 8/24/15, Anders Andersson wrote:
> On Mon, Aug 24, 2015 at 10:08 AM, Apple Apple
> wrote:
>> The problem is most users and developers (including the likes of Linus)
>> do
>> not care at all about security but will hit the roof in rage if the
>> system
>> is 0.1% slower or this buggy 30 year ol
On Mon, Aug 24, 2015 at 10:08 AM, Apple Apple
wrote:
> The problem is most users and developers (including the likes of Linus) do
> not care at all about security but will hit the roof in rage if the system
> is 0.1% slower or this buggy 30 year old Unix application does not work
> anymore.
>
> Is
I don't have the means to watch this talk right now so I apologise if my
questions or comments have already been addressed.
While i agree with all of your points, I can't really see many of these
suggestions being taken up by Debian. Especially things like compiling
packages as pie or with asan(lo
Fantastic talks by Jacob as always, he hammers home many major system
hardening ideas. I summarized the points in the talks and will build on
them with more ideas and information.
I encourage everyone to see the DebConf talks by all means:
http://gemmei.acc.umu.se/pub/debian-meetings/2015/debc
13 matches
Mail list logo
