OpenBSD 將 ACME Client (Let's Encrypt Client) 納入系統

看到 OpenBSD 直接把 ACME 協定的 client 放進系統內,而 ACME 也就是 Let's Encrypt 所使用的協定:「Let's Encrypt client imported into -current」:

CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2016/08/31 16:01:42

Added files:
	usr.sbin/acme-client: ChangeLog Makefile acctproc.c base64.c 
	                      certproc.c chngproc.c dbg.c dnsproc.c 
	                      extern.h fileproc.c http.c http.h jsmn.c 
	                      jsmn.h json.c keyproc.c letskencrypt.1 
	                      main.c netproc.c revokeproc.c rsa.c rsa.h 
	                      sandbox-pledge.c util-pledge.c util.c 

Log message:
Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

用的是 acme-client,先前叫做 letskencrypt,以 C 開發的 ACME client。

Mutt 1.7.0!

Mutt 最近更新的好快啊 XDDD (相較於富奸的速度):「mutt 1.7.0 released」。看一下官網上這一波的更新記錄:

  • Mutt 1.7.0 was released on August 18, 2016. This release has several new features. Please see the UPDATING file for details.
  • Mutt 1.6.2 was released on July 6, 2016. This is a bug-fix release, fixing two issues found with 1.6.1.
  • Mutt 1.6.1 was released on May 1, 2016. This is a bug-fix release, fixing three issues found with 1.6.0.
  • Mutt 1.6.0 was released on April 4, 2016. This stable release has an enormous number of changes compared to the 1.4 series. Please review the changes file for an overview of changes since the 1.4 series, or the UPDATING file for a more detailed breakdown by each previous development release.
  • Mutt 1.4.2.3 was released on June 9, 2007. This release fixes CVE-2007-2683 (gecos overflow) and CVE-2007-1558 (APOP MD5 collision attack).
  • Mutt 1.4.2.2 was released on July 14, 2006. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server.

2016 開始更新的速度快好多... XD

VMware 宣佈 Windows 上的 vSphere Client 退役

VMware 宣佈 Windows 上用 C# 寫的 vSphere Client 退役,發表 HTML5 版本:「Goodbye vSphere Client for Windows (C#) – Hello HTML5」,畫面長這樣:

總算是推出計畫換用 HTML5 了,之前 Web 版用 Flash 慢到炸...

Mutt 1.6 出版,距離上個穩定版本八年多了...

Hacker News Daily 上看到在 terminal 下的 email client,Mutt,推出 1.6 版了...

上次出版是 June 9, 2007,八年多前因為 CVE-2007-2683CVE-2007-1558 而更新的。

雖然 DebianUbuntu 的 apt repository 都是跟 1.5.x 版,但還是很值得紀念一下 XDDD

Apple 打算把 iCloud 加密用的 Key 放到用戶端

在經過最近 FBIApple 的戰鬥中 (FBI–Apple encryption dispute),Apple 正規劃把 iCloud 加密所使用的 key 放到用戶端裝置上,而非放在伺服器端:「Apple to Hand iCloud Encryption Key Management to Account Holders」:

In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering what it calls “Zero Knowledge” cloud storage. By that, SpiderOak retains no information about whatever is stored in its cloud service, nor the means of gaining access to it.

也就是加解密都放在 client 端處理,server 端只是 storage。

這類型最大的問題是 server 端沒辦法運用資料,但 iCloud 的確可以放掉這些功能 (搜尋之類的),純粹當 storage 使用,藉以讓使用者自己裝置保護。

而蘋果在使用者的裝置上把類似於 HSM 的系統做的頗強大... 不知道 Android 有沒有機會也跟進。(雖然我自己是用 Apple 家的東西...)

Let's Encrypt 的官方版本 Client 將會改名

Let's Encrypt 的官方 Client 決定改名,不過目前還沒有公佈新的名字:「New Name, New Home for the Let's Encrypt Client」。

主要是兩個原因,第一個是避免商標問題:

[...] we want the client to be distributable and customisable without having to create a complex process for deciding whether customized variants are appropriate for use with Let’s Encrypt trademarks.

另外一個是希望之後有其他的 CA 也可以用:

Another reason is that we want it to be clear that the client can work with any ACME-enabled CA in the future, not just Let’s Encrypt.

用 Shell Script 寫的 Let's Encrypt Client

在找 Let's Encrypt 安裝方法時找到的專案:「letsencrypt/acme client implemented as a shell-script」。

整個專案用 bash 寫,用到的 dependency 都非常基本,「比較特別的」只有 curlopenssl,這兩個套件應該不是什麼問題... XD

沒有安裝問題 (因為只有一個 shell script 檔案),用起來也很簡單,執行速度也比官方快多了 (畢竟官方的考慮比較多),之後應該就會用這個吧... 另外自動化的部份也應該會用這個解決 :o

OpenSSH client 的重大安全性更新

CVE-2016-0777 與 CVE-2016-0778 安全性漏洞是關於 OpenSSH client 的部分:(USN-2869-1: OpenSSH vulnerabilities)

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys.

這下除了要更新以外,要重新生 ssh key 然後更新一堆機器了...

在 Gmail 上做 CSS 效果的問題

TechCrunch 上看到的「Gmail, We Need To Talk」這篇裡提到 Gmail 的問題,尤其是 CSS 這塊:

Each Gmail client renders email differently. You may not be aware of this, but each Gmail client has its own set of frustrating quirks. Having to deal with each version of Gmail makes creating email a nail-biting chore:

  • Gmail.com Webmail. Supports <style> but does not support ids and classes.
  • Gmail Webmail for Business. Does not support <style>.
  • Gmail App for iOS. Randomly increases font sizes by 50 percent (no <style>).
  • Gmail App for Android. Randomly ignores container widths (no <style>).
  • Gmail App for Android (for non Gmail.com addresses). Does not support background images in addition to ignoring container widths (no <style>).
  • Inbox by Gmail for Android. Randomly ignores container widths but does so differently than Gmail App for Android (no <style>).
  • Inbox by Gmail for iOS. Does not support <style> but seems to not suffer from as many quirks as other Gmail mobile apps.

這也就可以理解為什麼有時候手機上看起來怪怪的了 XD

在 Mac 上把資料備份到 Amazon Glacier 的軟體

Hacker News Daily 上看到「Freeze - the ultimate Amazon Glacier file transfer client for Mac」這個軟體,需要 Mac OS X 10.10 以上的版本才能用...

拿來丟東西應該還不錯 (方便的 client),建一個對應權限 IAM 帳號,然後把 key 丟給他用吧...