18.03  
Inicio arrow BSD em Geral
Principal
Inicio
Noticias
Artigos
Regras da Lista
Assinar a Lista
Histórico da Lista
PC-BSD: Artigos
PC-BSD: Notícias
Galeria de Imagens
Contador Usuários FUG
FUGs Estaduais
Downloads
Enquetes
FAQ
Resumo do Site
Links
Pesquisar
Contato
Sobre a FUG-BR
RSS / Twitter
-
DOC-BR (FUG BR)
Introdução
Projeto DOC-BR
Handbook
FAQ Oficial
-
+ Noticias
Alertas de Seguranca
Alertas em Ports
BSD em Geral
DaemonNews (Ingles)
MyFreeBSD
Todas Categorias
-
Login
Nome de Usuário

Senha

Lembrar login
Esqueceu sua senha?
Sem conta? Crie uma
Histórico da Lista
  • [FUG-BR] Endereços IP de Redes ADSL
  • Re: [FUG-BR] Endereços IP de Redes ADSL
  • Re: [FUG-BR] Endereços IP de Redes ADSL
  • Re: [FUG-BR] Endereços IP de Redes ADSL
  • Re: [FUG-BR] Endereços IP de Redes ADSL
  • [FUG-BR] DNS Reverso de uma subrede
  • Re: [FUG-BR] DNS Reverso de uma subrede
  • [FUG-BR] Free montando partição Windows2003.

  • Alertas em Ports
  • egroupware -- two vulnerabilities



  • Noticias externas sobre BSD em geral
    Daemonic Dispatches
    Musings from Colin Percival

    • ZumoDrive rolls a hard six
      I haven't had much time for blogging recently, but sometimes things come up which just beg for a response; case in point: A recent post to the ZumoDrive blog entitled "Sometimes you have to roll a hard six" about the security of the ZumoDrive cloud storage / backup service. I have to give credit to ZumoDrive for one thing: Unlike most online backup services, they published the reasons why they think their service is secure. Sadly, the credit goes no further.

      [EDIT 2010-03-11 18:00 I mention this below, but to place my conflict up front: I'm the author of the Tarsnap secure online backup service, which is in some ways a competitor to ZumoDrive.]



    • Supporting FreeBSD
      As a FreeBSD user and developer, I obviously care about the success of FreeBSD. I make a small contribution towards this success via my role as Security Officer; but the time I spend working on my Tarsnap online backup service prevents me from making as much of a direct contribution as I would like. Fortunately the FreeBSD Foundation does an excellent job of supporting FreeBSD development; but like most such organizations, they are funded entirely by donations and are always in need of more. In light of this, I am pleased to announce that I will be donating all of the profits made by Tarsnap for the month of December to the FreeBSD Foundation.



    • Looking back at 100 blog posts
      I found recently, somewhat to my surprise, that as of my last post I had written exactly 100 of these dispatches. Spread over 49 months, this is not a very high posting rate; but I promised myself when I started that I would limit myself to writing when I felt that I had something worth saying, and would not indulge in the common trend towards excessive introspection (or, in the words I used back in 2005, "adolescent gutspill"), and I believe I've done a good job of holding myself to this standard. Nevertheless, I think this is a good time to look back at four years and a hundred posts and say a few words about this blog.



    • Securing an HTTPS server
      In response to numerous comments about "excessive minimalism", I recently put together a new website for my Tarsnap online backup service; and since I was reworking things anyway, I decided that it was a good time to move to a new web server and generally clean up the system configuration. Among the things I cleaned up was how I handle HTTPS: I need it because people enter passwords when creating tarsnap accounts and when logging in to the tarsnap account management interface, but I wasn't satisfied with the (in)security of running Apache with SSL enabled.



    • Complexity is insecurity
      As I've been writing code for my Tarsnap online backup service over the past three years, I've gone out of my way to make it as secure as possible. I've written previously about the importance of carefully designing security systems before writing any code, thinking about mathematical proofs-of-correctness while writing code, cryptographic research concerning key derivation functions, and recommendations for using cryptography, all of which have informed my work on tarsnap; and I've made the tarsnap client source code available for public review -- after all, I refer to tarsnap as being "Online backups for the truly paranoid", and nobody who is truly paranoid would want to download and run code without inspecting the source code and compiling it themselves. However, there is a very important aspect of tarsnap's security which I haven't discussed previously: Complexity -- or rather, a lack thereof.



    • Interesting tarsnap statistics
      I admit it: I'm a numbers junkie. I like taking streams of numbers and looking for patterns; and I like trying to figure out the reasons behind those patterns. Running my tarsnap online backup service has provided me with a great source of numbers: I keep extensive logs, and there are enough tarsnap users now that the randomness of individual users is starting to get washed away. In the interest of science, then -- or if not science, at very least curiosity -- here's some statistics I've gathered.



    • Thoughts on AES
      I posted here in early June with some general-purpose cryptographic recommendations; one of my suggestions was to use 256-bit AES rather than 128-bit or 192-bit AES. Since then, a couple of newattacks which specifically target AES-256 have been announced; and Bruce Schneier has commented that "[T]he key schedule for AES-256 is very poor. I would recommend that people use AES-128 and not AES-256.". Despite this, I still recommend the use of AES-256 for encryption in software implementations where cryptographic keys are generated randomly.



    • Tarsnap mailing lists
      If you Google for tarsnap, you can find a lot of tarsnap users doing interesting things. For example, Tim Bishop wrote a shell script for automating tarsnap backups; Mads Jorgensen wrote a similar shell script for organizing his backups; Justin Haynes created a SlackBuild for tarsnap; Aaron Schaefer create an Arch Linux PKGBUILD for tarsnap; any many tarsnap users have blogged about their experiences. Until now, however, there hasn't been any good way for tarsnap users to connect with each other.



    • A call for schwag
      Two things happened this morning which started me thinking. First, I read Zed Shaw's rant about how he thinks he deserves more recognition and money from his Open Source work; and second, I looked at my pile of t-shirts, and realized that while I have 4 Google t-shirts (one from August 2006, when I interviewed there; and three from Google Summer of Code), I don't have a single t-shirt from any company which is using code I've written.



    • FreeBSD Update to 8.0-BETA1
      In the early days of the FreeBSD 7.0 release cycle I posted here with some instructions on performing a major version upgrade of FreeBSD using FreeBSD Update; now that we're in to the 8.0 release cycle, I think it's time to post some updated instructions. For a number of reasons this post is coming almost a week late -- Ken Smith announced 8.0-BETA1 on Monday -- but I expect that I'll have FreeBSD Update bits in place when future BETAs and RCs are announced.




    FUG-BR - Espalhando BSD
    Dicas Rápidas:

    Precisando descobrir o diretório de um arquivo apagado?

    Se o comando `echo $?` retornar 0 significa que o arquivo existe ou existia naquele determinado diretório.

    c0d3l4bs# ls -l script.c
    -rw-r--r--  1 root  wheel  93 Dec 14 14:57 script.c
    c0d3l4bs# rm script.c
    c0d3l4bs# ls -l script.c
    ls: script.c: No such file or directory
    c0d3l4bs# grep -a script.c "./" > /dev/null
    c0d3l4bs# echo $?
    0
    c0d3l4bs# grep -a script.cd "./" > /dev/null
    c0d3l4bs# echo $?
    1

    c0d3l4bs#

     






    Wallpapers
    Online:
    Nós temos 30 visitantes online


    Devil Store - Sua loja BSD
    FreeBSD Brasil LTDA

    FUG-BR: Desde 1999, espalhando BSD pelo Brasil.