Welcome!

Welcome to opensource.dyc.edu. This site is dedicated to the distribution of Open Source software developed by both the students and faculty in the Information Technology Department at D'Youville College. The development teams hosted here are dedicated to the production of high quality Open Source software which serve a variety of needs.

D'Youville College is a small Liberal Arts College located in Buffalo, NY, that offers baccalaureate and graduate degrees in a variety of disciplines. For more information about the College and our programs, please visit www.dyc.edu . For more information about the Information Technology and our degrees, visit our site at tweedledee.dyc.edu/it .

Tor-ramdisk 20140520 released

It has been a over a month since the "heartbleed" bug (CVE-2014-0160) hit the security world, but its affacts are still being felt. tor-0.2.4.22 released last week backported the blacklisting of authority signing keys that were used on authorities vulnerable to CVE-2014-0160. They tested the block out on 0.2.5.4-alpha and then pulled it into the stable branch. While upgrading to openssl-1.0.1g was sufficient to close the exploit, the fact remains that private could have been leaked.

Tor-ramdisk 20140409 released

This is a rapid release to address CVE-2014-0160 in openssl which we bumped to the latest secure version, 1.0.1g. The so-called heartbleed bug allows the leaking of the encryption keys themselves, making this a serious bug. We also took the opportunity to bump the kernel to Hardened Gentoo's latest, 3.13.8, but left everything else the same.

Tor-ramdisk 20140309 released

There was a recent bump to the stable tor branch to 0.2.4.21. There was one major bugfix (reguarding circuit failure), one major security enhencement (to make sure that at least one relay uses the more secure NTor), and numerous other minor features and fixes. You can read about it in their ChangeLog.

Lilblue: release 20140218

I just pushed out a new release of Lilblue Linux 20140218 [1] which you can download from any Gentoo mirror [2]. For those of you who don't know, Lilblue Linux is a security-enhanced fully featured XFCE4 desktop system for amd64. It is built with Gentoo's hardened toolchain [3] and uses Gentoo's hardened-sources for the kernel which include the Grsec/PaX patches [4] for added security.

Tor-ramdisk 20131230 released

Its a bit of repetition of history. When the tor team bumped form the 2.2 to the 2.3 branch there was a shower of new releases all in rapid succession as bugs where fixed. The same seems to be happening now with the 2.4 branch. Three major bugfixes were pushed out in 0.2.4.20 which was released on Dec 22, 2013. One of them improves how random seeding is done for openssl. The other two have to do with dealing with IPv6 addresses and avoiding spurious circuits.

Lilblue: release 20131223

I haven't been announcing all the lilblue release on this site, but I think I will. I hate blogging to be honest but I think its important to keep people up on when new releases come.

Tor-ramdisk 20131216 released

It is hard to believe it has been more than a year since the last upstream release of tor. 0.2.3.25 has been the most successful version to date. For a while there, it seemed one version of tor was replacing another as one vulnerability after another was resolved. Now that tor 0.2.4.x has made the slow but steady climb out of RC into production with 0.2.4.19, we can push out a new release of tor-ramdisk built around it.

Lilblue: a security-enhanced, fully featured XFCE4 desktop for amd64, built on uClibc

I’d like to announce a new (fun?) initiative of the hardened uClibc subproject: a security enhanced, fully featured XFCE4 desktop for amd64, built on uClibc, codenamed “Lilblue”, after the little blue penguin of New Zealand, a smaller cousin of the Gentoo.

The tor-ramdisk git repo has moved!

We've moved the tor-ramdisk git repo to https://gitweb.torproject.org/tor-ramdisk.git where it will receive more exposure and has a better home.

We haven't done much with tor-ramdisk in the last six months, but we are thinking about adding code to set up a bridge and even and obsfuscated bridge using obfsproxy.

Syndicate content