From announce at lists.nycbug.org Mon Feb 5 15:17:00 2018 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Mon, 05 Feb 2018 20:17:00 +0000 Subject: [announce] NYC*BUG Upcoming Message-ID: Feb 7 2018, Wednesday, 1845 Reproducible builds on NetBSD, Christos Zoulas LMHQ, 150 Broadway, 20th Floor, Manhattan I will talk about my recent work getting reproducible builds on NetBSD. The talk will be based on information that I first posted at: https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds and it will have more detailed examples of the toolchain, build, and application changes that every OS needs to make to achieve reprodicibility. I will also discuss the meaning of timestamps and other "build-specific" information that needs to become predictable for fully reproducible builds, and if it is worth faking in the first place to achieve identical built artifacts at the media level. Speaker Bio I live in New York City and work in the Finance Sector. I spend most of my free time with my kids. When they let me I try to write and fix things for NetBSD/file/tcsh/libedit/... and other pieces of code I've worked on over the years. Other Upcoming *BSD Events AsiaBSDCon in Tokyo, Japan March 8-11 BSDCan in Ottawa, Canada June 8-9 EuroBSDCon in Bucharest, Romania September 22-23 From announce at lists.nycbug.org Wed Feb 7 10:50:00 2018 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Wed, 07 Feb 2018 15:50:00 +0000 Subject: [announce] NYC*BUG Tonight: Christos on Reproducible Builds Message-ID: Feb 7 2018, Wednesday, 1845 Reproducible builds on NetBSD, Christos Zoulas LMHQ, 150 Broadway, 20th Floor, Manhattan I will talk about my recent work getting reproducible builds on NetBSD. The talk will be based on information that I first posted at: https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds and it will have more detailed examples of the toolchain, build, and application changes that every OS needs to make to achieve reprodicibility. I will also discuss the meaning of timestamps and other "build-specific" information that needs to become predictable for fully reproducible builds, and if it is worth faking in the first place to achieve identical built artifacts at the media level. Speaker Bio I live in New York City and work in the Finance Sector. I spend most of my free time with my kids. When they let me I try to write and fix things for NetBSD/file/tcsh/libedit/... and other pieces of code I've worked on over the years. Other Upcoming *BSD Events AsiaBSDCon in Tokyo, Japan March 8-11 BSDCan in Ottawa, Canada June 8-9 EuroBSDCon in Bucharest, Romania September 22-23 From announce at lists.nycbug.org Wed Feb 28 19:26:00 2018 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Thu, 01 Mar 2018 00:26:00 +0000 Subject: [announce] Open Letter from The Tor BSD Diversity Project Message-ID: Greetings. This letter has started circulating around the community, and should be of interest to both talk@ and announce@ subscribers. Note that the two New York Internet boxes are up and running, and their two relays should be operational in the next day or two. https://torbsd.org/open-letter.html **** An Open Letter to BSD-powered Companies and Projects For three years, the Tor BSD Diversity Project (TDP) has worked to bring the BSDs into the mainstream of the privacy-enhancing technology ecosystem (PETs). We aim to expand the use of the BSDs as a platform for Tor relays, public nodes in the Tor anonymity network. Tor is a critical tool for maintaining privacy online, frequently employed by journalists, human rights workers and those residing in repressive and censored environments. Many people in the BSD community know about TDP, whether from BSD conferences or our development work, such as porting Tor Browser to OpenBSD. We are committed to extending the presence of all the BSDs into the PETs ecosystem, yet beyond our immediate circles we also believe untapped resources in the BSD community need to be enlisted. A large number of major firms employ BSD code and systems in their business. From enterprise-grade backup firms to internet service providers, the BSDs are a popular operating system option. TDP is requesting that firms which rely on the BSDs and related open-source projects run a Tor relay or bridge in their name. New York Internet, a data center firm that employs FreeBSD and already hosts the US east coast FreeBSD mirror, committed to running two high-bandwidth relays, maintained by their staff with TDP assistance. Their relays are provisioned and ?NewYorkInternet0? and ?NewYorkInternet1? should be up and running soon. We hope their example can be the first among many for BSD-based enterprises. TDP is in discussions with several other entities to run public relays, and we look forward to other announcements in the near future. This open letter also is addressed to the various BSD software projects. There are few better badges of a trusted Tor node than one provided by a BSD or derivative project. Why would a firm or project operate a Tor relay? First, running a Tor relay extends the most critical public tool for online privacy and anonymity. Tor enables journalists? leads to be anonymous and client-attorney privilege to actually be confidential. In a time when privacy in any form is under attack Tor is a lifeline for many people. Second, the majority of Tor relays run Linux. This operating system monoculture affects the overall integrity of the Tor network. It also means that the default operating system for a new generation of young hackers is Linux, and not a BSD. Ultimately, it means a smaller pool of users familiar with the BSDs. Running a Tor relay doesn?t mean a significant commitment in terms of resources and bandwidth. The relay doesn?t necessarily have to allow ?exit traffic?, which tend to be the targets for IP blacklists and DCMA complaints. It would also be helpful if your entity just ran a Tor bridge, essentially a private gateway into the Tor network for censored users. Bridge IPs are not publicly available, yet are a critical mitigation against internet censors. Finally, there is a broader advantage to BSD firms running Tor relays: an example of your commitment to a free and uncensored internet. Beyond running a relay to support the Tor network in general, there is also the possibility of making your own services available over the Tor network via a .onion address. Firms such as Facebook illustrate the advantage of explicitly offering a .onion address for their site, as it provides users additional security and privacy guarantees above and beyond those given by the public internet. Integrating Tor into your internet presence may be more work than just running a Tor node, but it also gives more weight to the idea that privacy is a feature that users need, desire and can reasonably expect. If you have further questions about running a Tor relay or bridge as an enterprise, consult our evolving FAQ, or contact us. If your entity isn?t ready to run a Tor node, but you?re interested in donating resources such as bandwidth, hardware or some type of monetary support, contact us. TDP looks forward to assisting your staff in configuring and maintaining BSD relays. TorBSD at torbsd.org (GPG Key)