From owner-freebsd-security@freebsd.org Fri Sep 18 14:03:43 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92AB39CEB91; Fri, 18 Sep 2015 14:03:43 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FB731616; Fri, 18 Sep 2015 14:03:42 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from kabini1.local (dynamic-216-186-213-32.knology.net [216.186.213.32] (may be forged)) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t8IE3Zbx019177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 18 Sep 2015 09:03:36 -0500 Subject: Re: HTTPS on freebsd.org, git, reproducible builds To: freebsd-security@freebsd.org, freebsd-questions@freebsd.org References: <1442578892.1807598.387215049.07156D0F@webmail.messagingengine.com> <1442579551.1810383.387233801.46EBDA6D@webmail.messagingengine.com> <55FC1498.7090902@Plominski.eu> From: "William A. Mahaffey III" Message-ID: <55FC19B7.1010607@hiwaay.net> Date: Fri, 18 Sep 2015 09:09:05 -0453.75 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <55FC1498.7090902@Plominski.eu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 18 Sep 2015 17:20:46 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2015 14:03:43 -0000 On 09/18/15 08:47, Daniel DP. Plominski wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > well, encryption does not cost much, most mobile devices are now fast enough > for IP obfuscation there vpn providers or anonymity networks like Tor > > you should look for "when leaken metadata", customized Firefox > versionslike the "torbundle" package or FreeBSD features such as: > disabled tcp timpstamp, activated net.inet.ip.stealth etc. > > may be that the most information are not critical of freebsd.org > on a page about political commitment, however, twice what you click on > > in the post snowden/nsa area, i think it is not heard now de rigueur, > but should be compulsory > > best regards > Daniel Plominski > Am 18/09/15 um 14:32 schrieb Mark Felder: Where is that 'net.inet.ip.stealth' setting ? I didn't find it in my /etc/defaults/rc.conf file .... [root@kabini1, /etc, 9:09:24am] 347 % grep stealth defaults/rc.conf [root@kabini1, /etc, 9:09:25am] 348 % uname -a FreeBSD kabini1.local 9.3-RELEASE-p24 FreeBSD 9.3-RELEASE-p24 #0: Sat Aug 22 01:54:44 UTC 2015 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 [root@kabini1, /etc, 9:09:27am] 349 % -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.