From george at ceetonetechnology.com Wed Oct 2 08:57:48 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 2 Oct 2024 08:57:48 -0400 Subject: [talk] NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund Message-ID: PLEASE RSVP by NOON EDT EuroBSDCon Recap/*BSD Fund info session, Patrick McEvoy 2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay St from National Grid office). Closest subway exits in order are Jay St - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). RSVP: Those ethier considering or wishing to attend, a guest list is required by the venue. Please RVSP to rsvp at lists dot nycbug dot org no later than noon localtime, day-of; an acknowledgement will be sent and the email address will be used solely for the purpose of attendance to this meeting's venue. Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'. EuroBSDCon Recap/*BSD Fund info session During this talk, I will cover: - hardware we saw at EuroBSDCon, - the hallway track - general community involvement post-pandemic growth. - The NYC*BUG cabinet at NYI video repository Because the community has been donating funds for hardware, I also thought this would be a good time to cover how these funds are being spent. We are shooting for the best bang for our Buck/Euro while growing a reliable suite of hardware to use for community benefit and reduced training time for volunteers. Patrick McEvoy (BSDTV) has been streaming NYC*BSDCons since 2010 and BSDCan since they lost their entire videoteam in a last minute staffing emergency. He has been active with NYC*BUG for a number of years and streams other tech / *BUG events when the schedule allows and releases these videos on conference YouTube and Peertube under a number of different umbrellas. From phelanm at gmail.com Wed Oct 2 09:33:06 2024 From: phelanm at gmail.com (Mark Phelan) Date: Wed, 02 Oct 2024 13:33:06 +0000 Subject: [talk] Invitation: NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund @ Wed Oct 2, 2024 6:45pm - 7:45pm (EDT) (talk@lists.nycbug.org) Message-ID: [talk] NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund Wednesday Oct 2, 2024 ? 6:45pm ? 7:45pm Eastern Time - New York Join with Google Meet https://meet.google.com/jvr-epjy-rmt?hs=224 PLEASE RSVP by NOON EDT EuroBSDCon Recap/*BSD Fund info session, Patrick McEvoy 2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay St from National Grid office). Closest subway exits in order are Jay St - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). RSVP: Those ethier considering or wishing to attend, a guest list is required by the venue. Please RVSP to rsvp at lists dot nycbug dot org no later than noon localtime, day-of; an acknowledgement will be sent and the email address will be used solely for the purpose of attendance to this meeting's venue. Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[... Organizer Mark Phelan phelanm at gmail.com Guests Mark Phelan - organizer talk at lists.nycbug.org rsvp at lists.nycbug.org george at ceetonetechnology.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=MDJldnU1aHMwbGxyZWYwdnIwODNuMnFvZm8gdGFsa0BsaXN0cy5ueWNidWcub3Jn&tok=MTcjcGhlbGFubUBnbWFpbC5jb21jYmNjMzIzNGI3MGFjOGMxMTk3MTA4ZjdiZGFhMjE4NmZkMjNiMDNk&ctz=America%2FNew_York&hl=en&es=0 Reply for talk at lists.nycbug.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MDJldnU1aHMwbGxyZWYwdnIwODNuMnFvZm8gdGFsa0BsaXN0cy5ueWNidWcub3Jn&tok=MTcjcGhlbGFubUBnbWFpbC5jb21jYmNjMzIzNGI3MGFjOGMxMTk3MTA4ZjdiZGFhMjE4NmZkMjNiMDNk&ctz=America%2FNew_York&hl=en&es=0 Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/calendar Size: 2840 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: invite.ics Type: application/ics Size: 2906 bytes Desc: not available URL: From george at ceetonetechnology.com Wed Oct 2 19:01:09 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 2 Oct 2024 19:01:09 -0400 Subject: [talk] Invitation: NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund @ Wed Oct 2, 2024 6:45pm - 7:45pm (EDT) (george@ceetonetechnology.com) In-Reply-To: References: Message-ID: This is NOT the meeting. This is the streaming: https://www.nycbug.org/index?action=streaming Mark.. no idea why this gets sent to talk at .. but sort of a makes it confusing. g On 10/2/24 09:33, Mark Phelan wrote: > [talk] NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund > Wednesday Oct 2, 2024 ? 6:45pm ? 7:45pm > Eastern Time - New York > > Join with Google Meet > https://meet.google.com/jvr-epjy-rmt?hs=224 > > > > > PLEASE RSVP by NOON EDT > > EuroBSDCon Recap/*BSD Fund info session, Patrick McEvoy > > 2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building > (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay > St from National Grid office). Closest subway exits in order are Jay St > - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). > RSVP: Those ethier considering or wishing to attend, a guest list is > required by the venue. > > Please RVSP to rsvp at lists dot nycbug dot org no later than noon > localtime, day-of; an acknowledgement will be sent and the email address > will be used solely for the purpose of attendance to this meeting's venue. > > Remote participation: Plans are to stream via NYC*BUG website. Q&A will > be via IRC on libera.chat channel #nycbug - please preface your > questions with '[... > > Organizer > Mark Phelan > phelanm at gmail.com > > Guests > Mark Phelan - organizer > talk at lists.nycbug.org > rsvp at lists.nycbug.org > george at ceetonetechnology.com > View all guest info https://calendar.google.com/calendar/event? > action=VIEW&eid=MDJldnU1aHMwbGxyZWYwdnIwODNuMnFvZm8gZ2VvcmdlQGNlZXRvbmV0ZWNobm9sb2d5LmNvbQ&tok=MTcjcGhlbGFubUBnbWFpbC5jb21kM2Y3ZTYwZDBiMDEzZWQzY2U2MTQ2NGU0YjE4MWQ4ZTI4NDk1ZmZk&ctz=America%2FNew_York&hl=en&es=0 > > Reply for george at ceetonetechnology.com and view more details https:// > calendar.google.com/calendar/event? > action=VIEW&eid=MDJldnU1aHMwbGxyZWYwdnIwODNuMnFvZm8gZ2VvcmdlQGNlZXRvbmV0ZWNobm9sb2d5LmNvbQ&tok=MTcjcGhlbGFubUBnbWFpbC5jb21kM2Y3ZTYwZDBiMDEzZWQzY2U2MTQ2NGU0YjE4MWQ4ZTI4NDk1ZmZk&ctz=America%2FNew_York&hl=en&es=0 > Your attendance is optional. > > ~~//~~ > Invitation from Google Calendar: https://calendar.google.com/calendar/ > > You are receiving this email because you are an attendee on the event. > To stop receiving future updates for this event, decline this event. > > Forwarding this invitation could allow any recipient to send a response > to the organizer, be added to the guest list, invite others regardless > of their own invitation status, or modify your RSVP. > > Learn more https://support.google.com/calendar/answer/37135#forwarding > Mark Phelan has invited you to [talk] NYC*BUG Tonight: EuroBSDCon Recap/ > BSD Fund > Title: [talk] NYC*BUG Tonight: EuroBSDCon Recap/BSD Fund > > When: Wednesday, October 2, 2024 18:45 ? 19:45 > > > Organizer: > Mark Phelan > Description: PLEASE RSVP by NOON EDT > > EuroBSDCon Recap/*BSD Fund info session, Patrick McEvoy > > 2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building > (new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay > St from National Grid office). Closest subway exits in order are Jay St > - MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains). > RSVP: Those ethier considering or wishing to attend, a guest list is > required by the venue. > > Please RVSP to rsvp at lists dot nycbug dot org no later than noon > localtime, day-of; an acknowledgement will be sent and the email address > will be used solely for the purpose of attendance to this meeting's venue. > > Remote participation: Plans are to stream via NYC*BUG website. Q&A will > be via IRC on libera.chat channel #nycbug - please preface your > questions with '[... > > -::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::- > Join with Google Meet: https://meet.google.com/jvr-epjy-rmt > > Learn more about Meet at: https://support.google.com/a/users/answer/9282720 > > Please do not edit this section. > -::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::- > > > Attendees: > > * > Mark Phelan > * > talk at lists.nycbug.org > * > rsvp at lists.nycbug.org > * > george at ceetonetechnology.com > > > From george at ceetonetechnology.com Wed Oct 2 21:18:28 2024 From: george at ceetonetechnology.com (George Rosamond) Date: Wed, 2 Oct 2024 21:18:28 -0400 Subject: [talk] tonight and upcoming meetings Message-ID: <5abfd5d2-5f01-457b-bc36-d1219651edab@ceetonetechnology.com> It was a small meeting with a fruitful discussion. Patrick will have the video up at some point. We do not have a meeting topic for November 6th yet, but we have a plan for December 4th. In the past we did "Your Technical Tips as Holiday Gifts" meeting for December. For example: https://www.nycbug.org/index?action=view&id=10239 https://www.nycbug.org/index?action=view&id=10312 https://www.nycbug.org/index?action=view&id=10273 and if you stretch the concept: https://www.nycbug.org/index?action=view&id=10329 Consider this an open call for contributions. Don't plan on some "17-step how to setup X". Think about your hacks, your funny anecdotes, your work arounds. If you have an idea, propose it. There are no prerequisites. There should be no barrier to join in. You can have slides, or not. There is plenty of time to come up with something fun. We should also plan to have beer and wine at the December meeting. g From ike at blackskyresearch.net Mon Oct 14 15:00:21 2024 From: ike at blackskyresearch.net (Isaac (.ike) Levy) Date: Mon, 14 Oct 2024 15:00:21 -0400 Subject: [talk] RSA DSA challenged (again) Message-ID: <45B6EB0C-39B4-4EFF-9EBE-38C2D6C9228B@blackskyresearch.net> Noteworthy, this making the rounds, https://www.tomshardware.com/tech-industry/quantum-computing/chinese-scientists-use-quantum-computers-to-crack-military-grade-encryption-quantum-attack-poses-a-real-and-substantial-threat-to-rsa-and-aes paywalled, https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper About time to go hard with eliptic curves? Regardless of how real or not, at the very least it's a good real kick in the pants toward EC, but the confusion and stigma about compromised, backdoored, or naively flawed EC implementation needs to be broadly clarified... Thoughts? Rocket- .ike From ori at eigenstate.org Mon Oct 14 15:19:14 2024 From: ori at eigenstate.org (ori at eigenstate.org) Date: Mon, 14 Oct 2024 15:19:14 -0400 Subject: [talk] RSA DSA challenged (again) In-Reply-To: <45B6EB0C-39B4-4EFF-9EBE-38C2D6C9228B@blackskyresearch.net> Message-ID: <48F747FB1255EF3A03E1BA09C7E5E324@eigenstate.org> So, while I'm a layman, this smells fishy on a number of levels. From my recollection: - There isn't any quantum advantage for most symmetric algorithms, including AES. - D-Wave quantum computers are still adiabatic, which (IIRC) means that they can't be used for grover's or shor's algorithm -- and therefore, they're not useful for cracking public key algorithms. - Finally, if I'm wrong about the above two points, if RSA can be attacked, then so can elliptic curves. We'd need to move to lattice based cryptography or isogeny curves. something like ML-KEM (formerly known as Khyber). or NewHope. Reading the SCMP article, it sounds like they managed to attack some simple s-box like algorithms, but not AES. I'm not sure what this has to do with RSA. I'll have to dig up the paper later, but I think this is probably not an imminent threat. Quoth Isaac (.ike) Levy : > Noteworthy, this making the rounds, > > https://www.tomshardware.com/tech-industry/quantum-computing/chinese-scientists-use-quantum-computers-to-crack-military-grade-encryption-quantum-attack-poses-a-real-and-substantial-threat-to-rsa-and-aes > > paywalled, > https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper > > About time to go hard with eliptic curves? > > Regardless of how real or not, at the very least it's a good real kick in the pants toward EC, but the confusion and stigma about compromised, backdoored, or naively flawed EC implementation needs to be broadly clarified... > > Thoughts? > > Rocket- > .ike > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk > From carton at Ivy.NET Mon Oct 14 15:46:14 2024 From: carton at Ivy.NET (Miles Nordin) Date: Mon, 14 Oct 2024 15:46:14 -0400 Subject: [talk] RSA DSA challenged (again) In-Reply-To: <45B6EB0C-39B4-4EFF-9EBE-38C2D6C9228B@blackskyresearch.net> References: <45B6EB0C-39B4-4EFF-9EBE-38C2D6C9228B@blackskyresearch.net> Message-ID: <20241014194614.GE8051@castrovalva.Ivy.NET> > About time to go hard with eliptic curves? elliptic curve asymmetric crypto still isn't quantum-resistant. Most people think secret military quantum computers can't crack RSA/DSA/DH/EC yet, but it's already time to worry about "store now decrypt later" today. For web browsers the sensible goal seems to replace diffie-hellman with a quantum algorithm, but just diffie-hellman for now and not the signatures. https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html From callab5 at rpi.edu Tue Oct 15 14:44:05 2024 From: callab5 at rpi.edu (Callahan, Brian Robert) Date: Tue, 15 Oct 2024 18:44:05 +0000 Subject: [talk] [EXTERNAL]Re: RSA DSA challenged (again) In-Reply-To: <48F747FB1255EF3A03E1BA09C7E5E324@eigenstate.org> References: <45B6EB0C-39B4-4EFF-9EBE-38C2D6C9228B@blackskyresearch.net> <48F747FB1255EF3A03E1BA09C7E5E324@eigenstate.org> Message-ID: Not directly comparable, but a data point. We have an IBM System One Quantum computer at RPI. My undergraduate students can crack RSA with it, but the best they can do is 6-bit keys (but this includes error mitigation, could be higher without error mitigation but that comes with its own costs...). Whether or not you're ready to jump to new crypto systems in response to this info is up to you, but their work effectively automatically scales up as you add more qubits... An IBM System One has 127 qubits, for reference. ~Brian -- Brian Robert Callahan, '15G, '18 Ph.D., ISSMP, CISSP, CISM Graduate Program Director, ITWS at RPI Director, Rensselaer Cybersecurity Collaboratory Office: Lally 304 On Oct 14, 2024 12:22 PM, ori at eigenstate.org wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. So, while I'm a layman, this smells fishy on a number of levels. From my recollection: - There isn't any quantum advantage for most symmetric algorithms, including AES. - D-Wave quantum computers are still adiabatic, which (IIRC) means that they can't be used for grover's or shor's algorithm -- and therefore, they're not useful for cracking public key algorithms. - Finally, if I'm wrong about the above two points, if RSA can be attacked, then so can elliptic curves. We'd need to move to lattice based cryptography or isogeny curves. something like ML-KEM (formerly known as Khyber). or NewHope. Reading the SCMP article, it sounds like they managed to attack some simple s-box like algorithms, but not AES. I'm not sure what this has to do with RSA. I'll have to dig up the paper later, but I think this is probably not an imminent threat. Quoth Isaac (.ike) Levy : > Noteworthy, this making the rounds, > > https://www.tomshardware.com/tech-industry/quantum-computing/chinese-scientists-use-quantum-computers-to-crack-military-grade-encryption-quantum-attack-poses-a-real-and-substantial-threat-to-rsa-and-aes > > paywalled, > https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper > > About time to go hard with eliptic curves? > > Regardless of how real or not, at the very least it's a good real kick in the pants toward EC, but the confusion and stigma about compromised, backdoored, or naively flawed EC implementation needs to be broadly clarified... > > Thoughts? > > Rocket- > .ike > > > _______________________________________________ > talk mailing list > talk at lists.nycbug.org > https://lists.nycbug.org:8443/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nycbug.org https://lists.nycbug.org:8443/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcevoy.pat at gmail.com Wed Oct 16 19:29:10 2024 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Wed, 16 Oct 2024 19:29:10 -0400 Subject: [talk] Ken Thompson Unix Memoir video Message-ID: <72BB3605-FB9F-4238-867C-B003CE870381@gmail.com> https://youtu.be/xKNaCzdn6sY?feature=shared In case you have not seen this one yet. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpb at jimby.name Thu Oct 17 23:01:21 2024 From: jpb at jimby.name (jpb) Date: Thu, 17 Oct 2024 23:01:21 -0400 Subject: [talk] CIS Benchmarks for FreeBSD 14 Message-ID: <20241017230121.76b0034e.jpb@jimby.name> Not sure if folks saw this: CIS benchmark for FreeBSD 14 - over 400 pages, with more in several appendices. You have to register to download, but seems a good value. I'll be reading this over the next month or so. https://www.cisecurity.org/benchmark/freebsd From the doc: Intended Audience This benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate FreeBSD 14 on amd64 and arm64/aarch64 platforms. Some well known names here: Editor Moin Rahman Carole Fennelly Eric Pinnell Justin Brown Gokhan Lus As an auditor, I approve this effort. Best, Jim B. From mcevoy.pat at gmail.com Fri Oct 25 10:12:37 2024 From: mcevoy.pat at gmail.com (Pat McEvoy) Date: Fri, 25 Oct 2024 07:12:37 -0700 Subject: [talk] Next NYC*BUG: 2024-11-06 Message-ID: Next NYC*BUG: 2024-11-06 @ 17:45 EST (22:45 UTC) "Life with a FreeBSD Laptop" by Brian Reynolds Details to follow: https://www.nycbug.org/index?action=view&id=10702