Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

⚠ This page contains old, outdated, obsolete, … historic or WIP content! No warranties e.g. for correctness!

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

I’ve updated src/etc/ssl.certs.shar, read about the procedure. Someone might want to update the nss certdata.txt file (to mark them as untrusted); for OpenSSL it’s enough to have them renamed. Luckily, the CAs agree wanting to switch to SHA-1 (yuck, broken as well). Only, do they get a new root certificate (probably not), and where does an OS vendor get such news?

Update: This appears to be not needed, as per this comment. However, how credible is this person? Where is proof? I’d recommend everyone who has not yet read it to look at On Trusting Trust. Anyway, the CA certificates are now trusted again; let’s just hope the backdated demo intermediate CA was the only one generated in the meantime. We really need my SSL known_certs proposal, I think. What’s with these MD2 certs anyway? (end of update)

On other notes, we have a new logo for mksh, thanks smultron. Hand-editing SVG is so much fun ☺ no really, in jupp it works very well.

I also ported the e3 editor to MirBSD, it’s 17 KiB i386 statically linked (stand-alone) binary. GNU GPL, but good for custom-made (hehe…) install/rescue system bsd.rd kernels. I would like to add TinyIRC-MirOS as well, but need to get an exception licence for crunchgen(1) use.

Both tinyirc and mksh(1) now use TIOCGWINSZ more properly and aggressively. The shell, in particular, now always has COLUMNS and LINES set.

MirBSD Logo