From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-fx0-f43.google.com (mail-fx0-f43.google.com
	[209.85.161.43]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 16EF32003E7;
	Thu, 17 Nov 2011 07:55:36 -0800 (PST)
Received: by faan24 with SMTP id n24so5317587faa.16
	for <multiple recipients>; Thu, 17 Nov 2011 07:55:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=Boksv5V5f30YJkbrUI+DUDRq8YQG7HzViI9nz9PFME0=;
	b=QZRBlO0QfwjaGtXe9fep80LgD4SVw5xeTIO95HXd+Ra+pJHmCy2PD/F/n4AgF5jmxC
	BsOUxsRYRW2UCU0BfzSyTSpOWGNeZIZoleVeuAw1CpTXCMnbhH1uBNzjL4791g9zNkQX
	xd1XQAc+5WK2FxZe0FMXVWG1DWBZmS8Ba/dMQ=
MIME-Version: 1.0
Received: by 10.182.7.10 with SMTP id f10mr11768073oba.56.1321545333760; Thu,
	17 Nov 2011 07:55:33 -0800 (PST)
Received: by 10.182.193.65 with HTTP; Thu, 17 Nov 2011 07:55:33 -0800 (PST)
Date: Thu, 17 Nov 2011 16:55:33 +0100
Message-ID: <CAA93jw6ZcXoQhkS2z7vSPg4vV-t=kOPT3_dh6H6LdXE093UFKw@mail.gmail.com>
Subject: bind vulnerability patched in cerowrt tree
From: Dave Taht <dave.taht@gmail.com>
To: bloat <bloat@lists.bufferbloat.net>, 
	bloat-devel <bloat-devel@lists.bufferbloat.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-BeenThere: bloat-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Developers working on AQM, device drivers,
	and networking stacks" <bloat-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat-devel>,
	<mailto:bloat-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat-devel>
List-Post: <mailto:bloat-devel@lists.bufferbloat.net>
List-Help: <mailto:bloat-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat-devel>,
	<mailto:bloat-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2011 15:55:37 -0000

1) There is a fairly gnarly bind9 bug going around.

http://isc.sans.edu/diary.html?storyid=3D12049&rss

Regrettably I'm not in a position to make binaries for the lastest smoketes=
t.

However updated sources are in the ceropackages repository. For those of yo=
u
doing your own builds, that would be something like

cd your_ceropackages_repo
git pull
cd ../your_cerowrt_dir
./scripts/feeds update cero
make package/bind-latest-server/{clean,compile,install}

2) In fact, I was just about to abandon the rc7-smoketest series entirely.

... and go to rc8. 'rc' is getting to be a misnomer...

A core goal was to get to where debloat-testing and cerowrt were
basically the same kernel,
and to stay within 2 kernel revision cycles. We're slipped past that.

rc8 has a pile O patches in it, notably linux 3.1.1, a new dropbear,
portions of debloat-testing,
another packet scheduler, a fix (I hope!) for the wifi detection
problem, dhcpv6, I forget
what else...
and I was about to fold some stuff from petri in there, and, well,
then item 1 cropped up.

3) I've been reflecting on what it takes to harden 'the front door' to a ho=
me.

It's not just limited to vulnerabilities to one daemon.

The simplest thing to do about that would be to buy some fishing gear,
and find a deserted
tropic island somewhere lacking in technology entirely. But then there
might be cannibals.


--=20
Dave T=E4ht
SKYPE: davetaht
US Tel: 1-239-829-5608
FR Tel: 0638645374
http://www.bufferbloat.net