

LibreSSL – An OpenSSL replacement - claudius
http://www.openbsd.org/papers/bsdcan14-libressl/

======
TazeTSchnitzel
Transcript in the other front page submission:
[https://news.ycombinator.com/item?id=7760615](https://news.ycombinator.com/item?id=7760615)

------
rhblake
Audience recording of the talk:
[https://www.youtube.com/watch?v=GnBbhXBDmwU](https://www.youtube.com/watch?v=GnBbhXBDmwU)

------
dj-wonk
Since no one has said it yet -- (maybe it is too obvious?) -- thanks to anyone
who takes the time to improve old crufty code that most of us rely on. (Yes,
even if you weaponize Comic Sans.)

------
dj-wonk
Is there a US-based not-for-profit that sends money to LibreSSL? (Yes, this is
a little round-about, but a tax benefit is nice.)

------
mk3
Shouldn't it say LibreSSL - An OpenSSL fork :)? Seems cool that we kinda have
a choice, and do not need to depend on one OpenSource project to have SSL, on
other hand it seems it will be another underfunded project, waiting for
another heartbleed to happen. :)

~~~
dtech
They're aiming at binary compatibility, as such it is a replacement (but also
a fork). Similar to MariaDB v.s. MySQL.

Fork and replacement are not mutually exclusive. In fact I'd think that often
forks start with the intention to provide a replacement.

------
krzrak
OK, I don't get WTF is so funny with Comic Sans?

~~~
drivingmenuts
When Comic Sans was first introduced, it got overused and quickly became an
eyesore that nevertheless, still got overused, despite the bitching about it.

Now we just kind of bitch about it because we've always bitched about it.
Someday, your grandchildren might bitch about it, too, but they probably won't
_really_ care.

------
bitwarrior
I'm curious as to their funding goal. Sounds like a couple salaries for a year
or two. It almost seems appropriate to test the waters here with a
KickStarter. OpenSSL is pervasive in technology, I wouldn't be surprised at
all if they were able to achieve even somewhat lofty donations from a
combination of both individuals and private organizations.

~~~
Brushfire
+1. It would be great if they would set up some a kickstarter or another
mainstream mechanism for people to contribute (?dogecoin?).

~~~
tgrr6
Dogecoin is mainstream now?

------
jeltz
Sounds like they are doing excellent work here but it is a pity the license
can never be GPL compatible.

~~~
peteretep

        > but it is a pity the license can never be GPL compatible
    

Why? What are the practical downsides?

~~~
BCM43
Yes, OpenSSL has an advertising clause that is incompatible with the GPL.

[https://people.gnome.org/~markmc/openssl-and-the-
gpl.html](https://people.gnome.org/~markmc/openssl-and-the-gpl.html)

------
cauterize
What does KNF refer to in slide 19 (
[http://www.openbsd.org/papers/bsdcan14-libressl/mgp00019.htm...](http://www.openbsd.org/papers/bsdcan14-libressl/mgp00019.html)
) ?

~~~
LukeShu
Kernel Normal Form, documented by the `style(9)` man page on BSD systems.
Details vary between the BSDs.

In the case of LibreSSL, it means: [http://www.openbsd.org/cgi-
bin/man.cgi?query=style&section=9](http://www.openbsd.org/cgi-
bin/man.cgi?query=style&section=9)

------
amix
This presentation is tasteless and totally takes any seriousness that should
be related to making and promoting an OpenSSL replacement. I personally can't
take it seriously and I would recommend hackers to think about what image
their presentation and design conveys.

~~~
SwellJoe
When it comes to security tools, one uses a different approach to selecting
your tools. At least, you do if you want to be secure. The best presentation
and the prettiest website are _nowhere_ in the selection criteria. You look at
the history of the people involved, primarily. What have they done in the
past? Was it believed to be secure by other researchers? Is it secure today
because they have actively maintained it? Have they used good practices that
allow their code to easily be audited by others? Have they welcomed feedback
from other competent developers?

Using Comic Sans and bitching about the quality of another project is
irrelevant in this scenario. OpenBSD project brings with it an almost two-
decade history of seriousness about security that I think one would be a fool
to ignore.

------
ams6110
The software used to create this is MagicPoint. The link in the slides is
wrong, currently the website is
[http://member.wide.ad.jp/wg/mgp/](http://member.wide.ad.jp/wg/mgp/)

~~~
TazeTSchnitzel
It's a shame there's not even a tiny bit of JS in the pages. Being able to
press right or down to advance would be nice. Though I like how lightweight it
all this.

I suspect the software is old and the link hasn't been updated in its source.

~~~
TD-Linux
Not only that, but the slides are JPG with horrible artifacts, and the text is
JPG too, making it look bad and not be compatible with screen readers.

~~~
ams6110
The software is meant to generate content for an X11 viewer/presentation app
using a simple text-based markup as input.

The HTML is an export. It's not what the software was really designed to
produce. That said, I don't know if the quality of the slides is really any
better in the native viewer.

~~~
Dylan16807
That's not really an excuse for using jpg instead of png for a bunch of text.

~~~
clarry
How about this: the program supports images and backgrounds. Therefore using
JPG makes sense.

~~~
SwellJoe
Text is its primary output. JPG is never the right choice for text.

