BSD Cafe Billboard

LibreSSL 4.3.2 released https://www.undeadly.org/cgi?action=article;sid=20260527055600 #openbsd #libressl #ssl #tls #security #development #programming #web #cryptography #crypto #realcrypto #ibresoftware #freesoftware

#FreeBSD Patching time! ️It takes less time to install security patches on your systems than prepare the coffee ️ And install these also on your VMs and jails too.#FreeBSD #Security

"No customer information was impacted blah blah blah breach was contained blazingly fast blah blah more AI soon."

Oh right. Ofcourse Bitlocker encryption can be bypassed with a mere thumbdrive.If you MUST use Windows, then at least Veracrypt that shit.#Windows #Security #Bitlocker #FDE #Disk #Encryption #Bypass

@sigsegv44 Even more reason to run #OpenBSD and #HardenedBSD!

@stefano you did what you thought was right. You put yourself in his shoes, with the knowledge that you acquired through your professional experience, and you admitted that you wouldn't sign up for that club.There's nothing to ashamed of if the world we currently live in has become less safe.

Another Universal Local Privilege Escalation lets any user on most GNU/Linux distros gain root access in seconds! This time its called Dirty Frag. More info here: https://github.com/V4bel/dirtyfragand I made a video explaining the concept here: https://www.youtube.com/watch?v=Ve6qE-i2hhc#Linux #video #security

No problem with the vote @grahamperrin said: For what it's worth, I think: don't delete it from BSD Cafe Billboard. It's good to raise awareness of the reputation. I hadn't thought of it that way. Interesting!

In the world of open source, trust is our most valuable currency. ONAP is a “collection of individual, semi-standalone network automation functions that provide design, orchestration, observability, and automation of network and edge services for operators, cloud providers, and enterprises” (per ONAP). When we build software that powers global telecommunications, “good enough” isn’t an option… https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/

⇒ Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship (2025/09/23) An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written in Java, JavaScript, Python, Rust, PHP, or beyond, depends on public package registries like Maven Central, PyPI, crates.io, Packagist and open-vsx to retrieve, share, and validate dependencies. These registries have become foundational digital infrastructure – not just for open source, but for the global software supply chain… https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/ ⇒ Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries (2026/05/06) The September 2025 Working Together Towards Sustainable Open Source open letter raised the alarm about the economic sustainability of open source package registries, highlighting how rising adoption and the pace of innovation are placing new and growing pressures on open source package registries. Those pressures have only accelerated in the time since the letter, amplified by the adoption of AI coding agents and tools… https://openssf.org/blog/2026/05/06/open-infrastructure-is-not-free-part-ii-the-hidden-cost-of-running-package-registries/

https://www.daemonology.net/blog/2026-04-11-20-years-on-AWS-and-never-not-my-job.html I created my first AWS account at 10:31 PM on April 10th, 2006. I had seen the announcement of Amazon S3 and had been thinking vaguely about the problem of secure backups — even though I didn't start Tarsnap until several months later — and the idea of an online storage service appealed to me. The fact that it was a web service made it even more appealing; I had been building web services since 1998, … – 24–30 minutes reading time, according to Firefox. Time well spent, IMHO, especially with security vulnerabilities for various operating systems recently in a spotlight. Also: to Mastodon @cperciva@mastodon.social @stefano and to Lobsters. Background: Colin Percival was, for many years, the FreeBSD Security Officer. He is now the FreeBSD Release Engineering Lead. You can show your appreciation for today's blog post at his shares in Reddit, in Hacker News, or in LinkedIn. A thought: AWS has its heroes. Tarsnap has given 2^18 dollars to open source – for this, and for what's described in today's blog post, it's probably fair to describe Colin as a hero in more ways than one.

For convenience, from the toot in Mastodon: https://www.reddit.com/r/freebsd/comments/1sgmi14/claude_mythos_preview_fully_autonomously_finds/ … (plus Linux, OpenBSD, and others) – more concerning than calif.io story with known CVE and human prompting? …＂ – @bigsneakyduck (Sorry. I imagined that the original mention in Mastodon would have shared the whole of the toot as the opening post here.)