From: Eric S. Raymond <firstname.lastname@example.org>
To: plug <email@example.com>
Sent: Mon, Sep 12, 2016 9:48 am
Subject: [PLUG] Possible talk on NTPsec?
It's been many years since I gave a PLUG talk. Now I have a topic I'd
like to raise awareness of.
I've spent the last 18 months leading a project called NTPsec, a
massive cleanup and refactoring of the Internet time-service daemon
code intended among other things to seriously improve security; the
reference implementation we forked from is notoriously vulnerable to use
as a DDoS amplifier.
The story of NTPsec has some useful lessons about writing
low-defect-rate code, reduction of attack surface as a security
strategy, and the underappreciated impact of Unix API standardization.
The project is at https://www.ntpsec.org/
<a href=""http://www.catb.org/~esr/" target="_blank">http://www.catb.org/~esr/">Eric S. Raymond</a>
Fantastic doctrines (like Christianity or Islam or Marxism) require unanimity
of belief. One dissenter casts doubt on the creed of millions. Thus the fear
and the hate; thus the torture chamber, the iron stake, the gallows, the labor
camp, the psychiatric ward. -- Edward Abbey
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug