[talk] the next con: content (2 of 2)

George Rosamond george at ceetonetechnology.com
Thu Aug 13 18:21:52 EDT 2015


James E Keenan:
> On 08/13/2015 10:27 AM, George Rosamond wrote:>
>> 2. The BSDs and Security: Beyond the Obvious
>>
>> IMHO the security angle is way overplayed, and we should be angling this
>> outside the box.
>>
> 
> Can you elaborate on what you mean by "overplayed" and "outside the
> box"?  (I don't know enough about security issues to guess what you're
> referring to.)

Valid question.

We all know it's a buzzword, and instead of doing the standard sec
conference topics, we figure out how to show the legitimacy of BSD code
in the scene.

I hate to just pick on the OBSD stuff, but something like LibreSSL, as
portable code, can become an option for a port that requires OpenSSL.
And a portable version means other OSs can benefit.  Same with
arc4random.  When you need good clean and cheap entropy in an
application, devs who are not cryptographers do stupid things like write
RNGs in, say, Java.  arc4random can be that piece that enables those
devs to not just bypass playing cryptographers on TV, but also deal with
crappy /dev/urandom clunkiness and ugliness.

Make sense?

g



More information about the talk mailing list