Mitel Buys Polycom For $1.96B In Enterprise Communications Consolidation Play

An anonymous reader quotes a report from TechCrunch: Mitel announced that it would acquire Polycom in a cash-and-stock deal with a total value of $1.96 billion, creating a company with combined sales of $2.5 billion and 7,700 employees. Polycom’s acquisition by Mitel comes at a key time in the world of enterprise communications and collaboration. On one hand, it is a time of massive change and evolution. For years a lot of the services that companies used were based on legacy networking, but in the last decade there has been a big shift to IP-based networks for many of these services. However, at the same time the whole space has been massively disrupted by startups that are upsetting by tapping into the next phase of digital services — the internet. Companies like Microsoft by way of services like Skype and Yammer, and smaller startups like Slack, are overturning the whole idea of how people who are not in the same office floor can communicate and collaborate for work. These solutions are way cheaper than a lot of the legacy offerings; they tap into the cloud-based services that are now ubiquitous to share and work on files; and they are also built in very user-friendly ways, based around tech that ordinary consumers are using. Both companies compete against the likes of Cisco and Avaya. Mitel is perhaps best known for its IP telephony solutions, including PBX systems, while Polycom is a leader in conferencing services. They also cover SIP technology, and customers span 82% of Fortune 500 companies.

Share on Google+

Read more of this story at Slashdot.

Original URL:

Original article

MATE Desktop Environment

The MATE Desktop Environment is the continuation of GNOME 2. It provides an intuitive and attractive desktop environment using traditional metaphors for Linux and other Unix-like operating systems.

MATE is under active development to add support for new technologies while preserving a traditional desktop experience. See the Roadmap or Stefano’s presentation at FOSDEM 2014 to find out more about how MATE has evolved and what is planned for the future. The MATE Manifesto outlines some of the principles that guide the project.


Blog posts are also indexed by tag and archived by date. You might also want to take a look at Planet MATE to see what the wider MATE community are blogging about.

Which distributions support MATE?

MATE is available via the official repositories for the following Linux distributions:

MATE is available via unofficial repositories for the following Linux distributions:

Maybe you prefer *BSD?

You can also query for all the distributions that support MATE.

The MATE community has documented how to install MATE on many distributions in the install guidelines.


MATE is composed of a number of applications. The renaming is necessary to avoid conflicts with GNOME components.



Caja is the official file manager for the MATE desktop. It allows for browsing directories, as well as previewing files and launching applications associated with them. It is also responsible for handling the icons on the MATE desktop. It works on local and remote filesystems. Caja is a fork of Nautilus.



Pluma is a text editor which supports most standard editor features. It also extends this basic functionality with other features not usually found in simple text editors. Pluma is a graphical application which supports editing multiple text files in one window (known sometimes as tabs or MDI). Pluma fully supports international text through its use of the Unicode UTF-8 encoding in edited files. Its core feature set includes syntax highlighting of source code, auto indentation, and printing support (with print preview). Pluma is a fork of Gedit.

Eye of MATE


eom or the Eye of MATE is a simple graphics viewer for the MATE desktop which uses the gdk-pixbuf library. It can deal with large images, and can zoom and scroll with constant memory usage. Its goals are simplicity and standards compliance. Eye of MATE is a fork of Eye of GNOME.



Atril is a simple multi-page document viewer. It can display and print PostScript (PS), Encapsulated PostScript (EPS), DJVU, DVI, XPS and Portable Document Format (PDF) files. When supported by the document, it also allows searching for text, copying text to the clipboard, hypertext navigation, and table-of-contents bookmarks. Atril is a fork of Evince.



Engrampa is an archive manager for the MATE environment. It allows you to create and modify archives, view the contents of an archive, view a file contained in an archive, and extract files from archive. Engrampa is a fork of File Roller.

MATE Terminal


MATE Terminal is a terminal emulation application that you can use to access a UNIX shell in the MATE environment. With it, you can run any application that is designed to run on VT102, VT220, and xterm terminals. MATE Terminal also has the ability to use multiple terminals in a single window (tabs) and supports management of different configurations (profiles). MATE Terminal is a fork of GNOME Terminal.

Where does the name come from?

The name “MATE”, pronounced Ma-Tay, comes from yerba maté, a species of holly native to subtropical South America. Its leaves contain caffeine and are used to make infusions and a beverage called mate.

Original URL:

Original article

OpenBSD 5.9

Dr W^X

Released March 29, 2016
Copyright 1997-2016, Theo de Raadt.
ISBN 978-0-9881561-7-3

5.9 Songs: “Doctor W^X”,
“Systemagic (Anniversary Edition)”

  • Order a CDROM from our ordering system.
  • See the information on the FTP page for
    a list of mirror machines.
  • Go to the pub/OpenBSD/5.9/ directory on
    one of the mirror sites.
  • Have a look at the 5.9 errata page for a list
    of bugs and workarounds.
  • See a detailed log of changes between the
    5.8 and 5.9 releases.
  • signify(1)
    pubkeys for this release:

    base: RWQJVNompF3pwfIqbg+5sxfpxmZMa3tTBaW4qbUhWje/H/M7glrA6oVn
    fw:   RWSdmaNkytzh6BApmPSNSDLNg26ZaXlY8g/879UvLdo3rjbsby76Eda1

    All applicable copyrights and credits are in the src.tar.gz,
    sys.tar.gz, xenocara.tar.gz, ports.tar.gz files, or in the
    files fetched via ports.tar.gz.

What’s New

This is a partial list of new features and systems included in OpenBSD 5.9.
For a comprehensive list, see the changelog leading
to 5.9.

  • Processor support, including:
    • W^X policy enforced in the i386 kernel address space.
  • Improved hardware support, including:
    • New asmc(4)
      driver for the Apple System Management Controller.
    • New pchtemp(4)
      driver for the thermal sensor found on Intel X99, C610 series, 9 series
      and 100 series PCH.
    • New uonerng(4)
      driver for the Moonbase Otago OneRNG.
    • New dwiic(4)
      driver for the Synopsys DesignWare I2C controller.
    • New ikbd(4),
      ims(4), and
      drivers for HID-over-i2c keyboards, mice and multitouch touchpads.
    • New efifb(4)
      driver for EFI frame buffer.
    • New viocon(4)
      driver for the
      console interface provided by KVM, QEMU, and others.
    • New xen(4)
      driver implementing Xen domU initialization and PVHVM device attachment.
    • New xspd(4)
      driver for the XenSource Platform Device providing guests with
      additional capabilities.
    • New xnf(4)
      driver for Xen paravirtualized networking interface.
    • amd64 can now boot from 32 bit and 64 bit EFI.
    • Initial support for hardware reduced ACPI added to
    • Support for ACPI configured SD host controllers has been added to
    • The puc(4)
      driver now supports Moxa CP-168U, Perle Speed8 LE and QEMU PCI serial
    • Intel 100 Series PCH Ethernet MAC with i219 PHY support has been added
      to the
      em(4) driver.
    • RTL8168H/RTL8111H support has been added to
    • inteldrm(4)
      has been updated to Linux 3.14.52, adding initial support for Bay Trail
      and Broadwell graphics.
    • Support for audio in Thinkpad docks has been added to the
    • Support for Synaptic touchpads without W mode has been added to the
    • Support for tap-and-drag detection with ALPS touchpads in the
      driver has been improved.
    • The sdmmc(4)
      driver now supports sector mode for eMMC devices, such as those found on
      some BeagleBone Black boards.
    • The cnmac(4)
      driver now supports checksum offloading.
    • The ipmi(4)
      driver now supports OpenIPMI compatible character device.
    • Support for ST-506 disks has been removed.
  • pledge(2)
    support integrated:

    • The tame(2) system call was renamed to pledge(2).
      Behavior and semantics were extended and refined.
    • 453 out of 707 base system binaries were adapted to use pledge.
    • 14 ports now use pledge(2): some decompression tools, mutt,
      some pdf tools, chromium/iridium, and the i3 window manager.
    • Various bugs exposed by pledge(2) were corrected.
      For example in
      , and
    • Several misfeatures were removed, such as:
    • Userland programs were audited so that they could be properly annotated
      with pledge(2).
      This resulted in design changes such as:
    • pledge(2) is also used to constrain programs that handle untrusted data
      to a very limited subset of POSIX.
      For example,


      or the
      RSA-privsep process

  • SMP network stack improvements:
    • The task processing incoming packets can now run mostly in parallel
      of the rest of the kernel. This includes:
    • The Rx and Tx rings of the
      re(4) and
      drivers can now be processed in parallel of the rest of the kernel.
    • The Rx ring of the
      driver can now be processed in parallel of the rest of the kernel.
  • Initial IEEE 802.11n wireless support:
    • The ieee80211(9)
      subsystem now supports HT data rates up to 65 Mbit/s (802.11n MCS 0-7).
    • The input path of
      now supports receiving A-MPDU and A-MSDU aggregated frames.
    • The iwm(4)
      and iwn(4)
      drivers make use of the above features.
    • 802.11n mode is used by default if supported by the OpenBSD wireless
      driver and the access point.
      Operation in 802.11a, 802.11b, and 802.11g modes can be forced with
      the new ifconfig(8)
      mode subcommand.
  • Generic network stack improvements:
    • New etherip(4)
      pseudo-device for tunneling Ethernet frames across IP[46] networks
      using RFC 3378 EtherIP encapsulation.
    • New pair(4)
      pseudo-device for creating paired virtual Ethernet interfaces.
    • New tap(4)
      pseudo-device, split up from
      providing a layer 3 interface with userland tools.
    • Support for obsolete IPv6 socket options has been removed.
    • The iwn(4)
      driver now passes IEEE 802.11 control frames in monitor mode, allowing
      full capture of traffic on a particular wireless channel.
    • pflow(4)
      now supports IPv6 for transport.
  • Installer improvements:
    • Inappropriate user choices from a list of options are more reliably rejected.
    • Installing to a disk partitioned with a GPT is now supported (amd64 only).
    • When initializing a GPT, the required EFI System partition is automatically created.
    • When installing to a GPT disk,


      now formats the EFI System partition, creates the appropriate directory
      structure and copies the required UEFI boot files into place.
  • Routing daemons and other userland network improvements:
    • New eigrpd(8)
      routing daemon for the Enhanced Interior Gateway Routing Protocol.
    • dhclient(8)
      now supports multiple domain names provided via DHCP option 15 (Domain Name).
    • dhclient(8)
      now supports search domains provided via DHCP option 119 (Domain Search).
    • dhclient(8)
      no longer continually checks for a change to the routing domain of the
      interface it controls. It now relies on the appropriate routing socket
    • dhclient(8)
      now issues DHCP DECLINE responses to lease offers found to be inadequate,
      and restarts the DISCOVER/RENEW process rather than waiting indefinitely
      for a better lease to appear.
    • dhclient(8)
      no longer exits if a desired route cannot be added. It now just reports
      the fact.
    • dhclient(8)
      now takes a much more careful approach to received packets to ensure
      only received data is used to process the packet.
      Packets with incorrect length information or lacking appropriate header
      information are now dropped.
    • dhclient(8)
      again disables pending timeouts if the interface link is lost,
      preventing endless retries at obtaining a lease.
    • dhcpd(8)
      again properly utilizes default-lease-time,
      max-lease-time and bootp-lease-time options.
    • tcpdump(8)
      now displays more information about IEEE 802.11 frames when run with
      the -y IEEE802_11_RADIO and -v options.
    • Several interoperability issues in
      have been fixed, including EAP auth with OS X El Capitan.
  • Security improvements:
    • Chacha20-Poly1305 authenticated encryption mode has been implemented in the
      IPsec stack for the ESP protocol.
    • Support for looking up hosts via YP has been removed from libc.
      The ‘yp’ lookup method in


      is no longer available.
    • Support for the HOSTALIASES environment variable has been removed from libc.
  • Assorted improvements:
    • doas(1)
      is a little friendlier to use.
    • Updated
    • Forked less(1)
      from upstream, then proceeded to clean it up substantially.
    • pdisk(8)
      was largely rewritten and pledged.
    • Renaming files in the root directory of a MSDOS filesystem was fixed.
    • Many obsolete
      attributes and entries were removed.
    • softraid(4)
      volumes now correctly look for the disklabel in the first OpenBSD disk
      partition, not the last.
    • softraid(4)
      volumes can now be partitioned with a GPT.
    • fdisk(8)
      now creates a default GPT as well as the protective MBR when the
      -g flag is used.
    • fdisk(8)
      now has a -b flag that specifies the size of the EFI System
      partition to create.
    • fdisk(8)
      now has a -v flag that causes a verbose display of both MBR
      and GPT information.
    • fdisk(8)
      now provides full interactive GPT editing.
    • fdisk(8)
      was pledged.
    • Disks with sector sizes other than 512 bytes can now be partitioned with
      a GPT.
    • The GPT kernel option was removed and GPT support is part of all GENERIC
      and GENERIC derived kernels.
    • Many improvements were made to the GPT kernel support to ensure safe and
      reliable operation of GPT and MBR processing.
    • disklabel(8)
      no longer supports boot code installation, with the -B and
      -b flags being removed.
      The associated fields in the disklabel were also removed.
      These functions are now all performed by

    • PowerPC converted to secure-PLT ABI variant.
    • Perform lazy binding updates in
      to improve security and reduce overhead in threaded processes.
    • Over 100 internal or obsolete interfaces have been deleted or are no
      longer exported by libc, reducing symbol conflicts and process size.
    • libc now uses local references for most of its own functions to avoid
      symbol overriding, improve standards compliance, increase speed,
      and reduce dynamic linking overhead.
    • Handle intra-thread kills via new
      system call to tighten
      restrictions and improve
    • Added


      to permit tighter
    • Added support to
      the arguments to
      Removed support for tracing context switch points.
      kevent structures are now dumped.
    • Disabled support for loading locales other than UTF-8.
    • UTF-8 character locale data has been updated to Unicode 7.0.0.
    • Added UTF-8 support to several utilities, including
      and wc(1).
    • Partial support for inserting and deleting UTF-8 characters in
      emacs command line editing mode.
    • Native language support (NLS) has been removed from libc.
    • ddb(4)
      now automatically shows a stack trace upon panic.
  • OpenSMTPD 5.9.1
    • Security:
      • Both
        have been pledged.
      • The offline enqueue mode of
        has been redesigned to remove the need for a publicly writable directory
        which was a vector of multiple attacks in the Qualys Security audit.
    • The following improvements were brought in this release:
      • Experimental support for filters API is now available with several
        filters available in ports.
      • Add Message-Id header if necessary.
      • Removed the kick mechanism which was misbehaving.
      • Increased the length of acceptable headers lines.
      • Assume messages are 8-bit bytes by default.
  • OpenSSH 7.2
    • Security:
      • Qualys Security identified vulnerabilities in the
        client experimental support for resuming SSH-connections (roaming).
        In the default configuration, this could potentially leak client keys
        to a hostile server. The authentication of the server host key
        prevents exploitation by a man-in-the-middle, so this information leak
        is restricted to connections to malicious or compromised servers.
        This feature has been disabled in the
        client, and it has been removed from the source tree. The matching
        server code has never been shipped.
      • sshd(8):
        OpenSSH 7.0 contained a logic error in
        PermitRootLogin=prohibit-password/without-password that could,
        depending on compile-time configuration, permit password authentication
        to root while preventing other forms of authentication.
      • Fix an out of-bound read access in the packet handling code.
      • Further use of
        has been added in various buffer handling code paths to guard against
        compilers aggressively doing dead-store removal.
      • ssh(1),
        remove unfinished and unused roaming code.
      • ssh(1):
        eliminate fallback from untrusted X11 forwarding to trusted forwarding
        when the X server disables the SECURITY extension.
      • ssh(1),
        increase the minimum modulus size supported for
        diffie-hellman-group-exchange to 2048 bits.
    • Potentially-incompatible changes:
      • This release disables a number of legacy cryptographic algorithms
        by default in

        • Several ciphers: blowfish-cbc, cast128-cbc,
          all arcfour variants and the rijndael-cbc aliases
          for AES.
        • MD5-based and truncated HMAC algorithms.
    • New/changed features:
      • all: add support for RSA signatures using SHA-256/512 hash algorithms
        based on draft-rsa-dsa-sha2-256-03.txt and
      • ssh(1):
        add an AddKeysToAgent client option which can be set to
        yes, no, ask, or confirm, and
        defaults to no. When enabled, a private key that is used
        during authentication will be added to
        if it is running (with confirmation enabled if set to confirm).
      • sshd(8):
        add a new authorized_keys option restrict that
        includes all current and future key restrictions
        (no-*-forwarding, etc.).
        Also add permissive versions of the existing restrictions, e.g.
        no-pty -> pty. This simplifies the task of setting up
        restricted keys and ensures they are maximally-restricted,
        regardless of any permissions we might implement in the future.
      • ssh(1):
        CertificateFile option to explicitly list certificates. (bz#2436)
      • ssh-keygen(1):
        to change the key comment for all supported formats.
      • ssh-keygen(1):
        allow fingerprinting from standard input, e.g. “ssh-keygen -lf -“.
      • ssh-keygen(1):
        allow fingerprinting multiple public keys in a file, e.g.
        ssh-keygen -lf ~/.ssh/authorized_keys. (bz#1319)
      • sshd(8):
        support none as an argument for
        Foreground and ChrootDirectory. Useful inside
        Match blocks to override a global default. (bz#2486)
      • ssh-keygen(1):
        support multiple certificates (one per line) and reading from standard
        input (using “-f -“) for ssh-keygen -L.
      • ssh-keyscan(1):
        add ssh-keyscan -c ... flag to allow fetching certificates
        instead of plain keys.
      • ssh(1):
        better handle anchored FQDNs (e.g. in
        hostname canonicalisation – treat them as already canonical and
        trailing ‘.‘ before matching
    • The following significant bugs have been fixed in this release:
      • ssh(1),
        add compatibility workarounds for FuTTY.
      • ssh(1),
        refine compatibility workarounds for WinSCP.
      • Fix a number of memory faults (double-free, free of uninitialised
        memory, etc.) in
      • Correctly interpret the first_kex_follows option during the
        initial key exchange.
      • sftp(1):
        existing destination directories should not terminate recursive uploads
        (regression in openssh 6.8). (bz#2528)
      • ssh(1),
        correctly send back SSH2_MSG_UNIMPLEMENTED replies to
        unexpected messages during key exchange. (bz#2949)
      • ssh(1):
        refuse attempts to set ConnectionAttempts=0, which does not
        make sense and would cause ssh to print an uninitialised stack
        variable. (bz#2500)
      • ssh(1):
        fix errors when attempting to connect to scoped IPv6 addresses with
        hostname canonicalisation enabled.
      • sshd_config(5):
        list a couple more options usable in Match blocks. (bz#2489)
      • sshd(8):
        fix PubkeyAcceptedKeyTypes +... inside a Match block.
      • ssh(1):
        expand tilde characters in filenames passed to -i options
        before checking whether or not the identity file exists. Avoids
        confusion for cases where shell doesn’t expand (e.g.
        -i ~/file vs. -i~/file). (bz#2481)
      • ssh(1):
        do not prepend “exec” to the shell command run by Match exec
        in a config file, which could cause some commands to fail in certain
        environments. (bz#2471)
      • ssh-keyscan(1):
        fix output for multiple hosts/addrs on one line when host hashing or
        a non standard port is in use. (bz#2479)
      • sshd(8):
        skip “Could not chdir to home directory” message when
        ChrootDirectory is active. (bz#2485)
      • ssh(1):
        include PubkeyAcceptedKeyTypes in ssh -G config dump.
      • sshd(8):
        avoid changing TunnelForwarding device flags if they are
        already what is needed; makes it possible to use
        networking as non-root user if device permissions and interface flags
        are pre-established.
      • ssh(1),
        RekeyLimits could be exceeded by one packet. (bz#2521)
      • ssh(1):
        fix multiplexing master failure to notice client exit.
      • ssh(1),
        avoid fatal() for PKCS11 tokens that present empty key IDs.
      • sshd(8):
        of NULL argument. (bz#2535)
      • ssh(1),
        allow RekeyLimits larger than 4GB. (bz#2521)
      • ssh-agent(1),
        fix several bugs in (unused) KRL signature support.
      • ssh(1),
        fix connections with peers that use the key exchange guess feature of
        the protocol. (bz#2515)
      • sshd(8):
        include remote port number in log messages. (bz#2503)
      • ssh(1):
        don’t try to load SSHv1 private key when compiled without SSHv1
        support. (bz#2505)
      • ssh-agent(1),
        fix incorrect error messages during key loading and signing errors.
      • ssh-keygen(1):
        don’t leave empty temporary files when performing known_hosts
        file edits when known_hosts doesn’t exist.
      • sshd(8):
        correct packet format for tcpip-forward replies for requests that
        don’t allocate a port. (bz#2509)
      • ssh(1),
        fix possible hang on closed output. (bz#2469)
      • ssh(1):
        expand %i in ControlPath to UID. (bz#2449)
      • ssh(1),
        fix return type of openssh_RSA_verify. (bz#2460)
      • ssh(1),
        fix some option parsing memory leaks. (bz#2182)
      • ssh(1):
        add some debug output before DNS resolution; it’s a place where
        ssh could previously silently stall in cases of unresponsive DNS
        servers. (bz#2433)
      • ssh(1):
        remove spurious newline in visual hostkey. (bz#2686)
      • ssh(1):
        fix printing (ssh -G ...) of HostKeyAlgorithms=+...
      • ssh(1):
        fix expansion of HostkeyAlgorithms=+...
  • LibreSSL 2.3.2
    • User-visible features:
      • This release corrects the handling of ClientHello messages
        that do not include TLS extensions, resulting in such handshakes being
      • When loading a DSA key from a raw (without DH parameters) ASN.1
        serialization, perform some consistency checks on its `p’ and `q’
        values, and return an error if the checks failed.
      • Fixed a bug in ECDH_compute_key that can lead to silent
        truncation of the result key without error. A coding error could cause
        software to use much shorter keys than intended.
      • Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations
        are no longer supported.
      • The engine command and parameters are removed from

        Previous releases removed dynamic and built-in engine support already.
      • SHA-0 is removed, which was withdrawn shortly after publication
        twenty years ago.
      • Added Certplus CA root certificate to the default
        cert.pem file.
      • Fixed a leak in


        in the error path.
      • Fixed a memory leak and out-of-bounds access in

      • Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
      • Added


        which matches the
        AEAD construction introduced in RFC 7539, which is different
        than that already used in TLS with

      • More man pages converted from pod to
      • Added COMODO RSA Certification Authority and
        QuoVadis root certificates to cert.pem.
      • Removed “C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
        Certification Authority

        (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
        root certificate from cert.pem.
      • Fixed incorrect TLS certificate loading by
      • The


        s_time command now performs a proper shutdown which allows a
        full TLS connection to be benchmarked more accurately. A new
        -no_shutdown flag
        makes s_time adopt the previous behavior so that comparisons
        can still be made with OpenSSL’s version.
      • Removed support for the SSLEAY_CONF backwards compatibility
        environment variable in

      • The following CVEs had been fixed:
        • CVE-2015-3194—NULL pointer dereference in client
          side certificate validation.
        • CVE-2015-3195—memory leak in PKCS7, not reachable
          from TLS/SSL.
      • Note: The following OpenSSL CVEs did not apply to LibreSSL:
        • CVE-2015-3193—carry propagating bug in the x86_64
          Montgomery squaring procedure.
        • CVE-2015-3196—double free race condition of the
          identify hint data.
    • Code improvements:
      • Added install target for cmake builds.
      • Updated pkgconfig files to correctly report the release
        version number, not the individual library ABI version numbers.
      • SSLv3 is now permanently removed from the tree.
      • The libtls API is changed from the 2.2.x series:
      • New interface OPENSSL_cpu_caps is provided that does not
        allow software to inadvertently modify cpu capability flags.
        OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
      • The out_len argument of AEAD changed from
        ssize_t to size_t.
      • Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
      • Converted
        to use libtls for client and server operations; it is
        included in the libressl-portable distribution as an example of how
        to use the libtls library. This is intended to be a simpler
        and more robust replacement for openssl s_client and
        openssl s_server for day-to-day operations.
      • ASN.1 cleanups and RFC5280 compliance fixes.
      • Time representations switched from unsigned long to
        time_t. LibreSSL now checks if the host OS supports 64-bit
      • Support always extracting the peer cipher and version with
      • Added ability to check certificate validity times with



      • Changed


        to use the first address that resolves with

      • Remove broken conditional EVP_CHECK_DES_KEY code
        (non-functional since initial commit in 2004).
      • Reject too small bits value in

        so that it does not risk becoming negative in
      • Changed format of LIBRESSL_VERSION_NUMBER to match that of
      • Avoid a potential undefined C99+ behavior due to shift overflow in
      • Deprecated the SSL_OP_SINGLE_DH_USE flag.
  • Ports and packages:
    Many pre-built packages for each architecture:

    • alpha: 7450
    • amd64: 9295
    • hppa: 6304
    • i386: 9290
    • mips64: 7094
    • mips64el: 7846
    • powerpc: 8383
    • sh: 111
    • sparc: 1105
    Some highlights:
    • Chromium 48.0.2564.116
    • Emacs 21.4 and 24.5
    • GCC 4.9.3
    • GHC 7.10.3
    • GNOME 3.18.2
    • Go 1.5.3
    • Groff 1.22.3
    • JDK 7u80 and 8u72
    • KDE 3.5.10 and 4.14.3 (plus KDE4 core updates)
    • LLVM/Clang 3.5 (20140228)
    • LibreOffice
    • MariaDB 10.0.23
    • Mono
    • Mozilla Firefox 38.6.1esr and 44.0.2
    • Mozilla Thunderbird 38.6.0
    • Node.js 4.3.0
    • OpenLDAP 2.3.43 and 2.4.43
    • PHP 5.4.45, 5.5.32 and 5.6.18
    • Postfix 3.0.3
    • PostgreSQL 9.4.6
    • Python 2.7.11, 3.4.4 and 3.5.1
    • R 3.2.3
    • Ruby,, 2.1.8, 2.2.4 and 2.3.0
    • Rust 1.6.0
    • Sendmail 8.15.2
    • Sudo 1.8.15
    • Tcl/Tk 8.5.18 and 8.6.4
    • TeX Live 2014
    • Vim 7.4.900
    • Xfce 4.12
  • As usual, steady improvements in manual pages and other documentation.
  • The system includes the following major components from outside suppliers:
    • Xenocara (based on X.Org 7.7 with xserver 1.17.4 + patches,
      freetype 2.6.2, fontconfig 2.11.1, Mesa 11.0.9, xterm 322,
      xkeyboard-config 2.17 and more)
    • GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
    • Perl 5.20.2 (+ patches)
    • SQLite 3.9.2 (+ patches)
    • NSD 4.1.7
    • Unbound 1.5.7
    • Ncurses 5.7
    • Binutils 2.17 (+ patches)
    • Gdb 6.3 (+ patches)
    • Awk Aug 10, 2011 version

How to install

Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an HTTP (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.

Please refer to the following files on the three CDROMs or mirror site for
extensive details on how to install OpenBSD 5.9 on your machine:

Quick installer information for people familiar with OpenBSD, and the
use of the “disklabel -E” command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!


  • The OpenBSD/i386 release is on CD1.
    Boot from the CD to begin the install – you may need to adjust
    your BIOS options first.
  • If your machine can boot from USB, you can write install59.fs or
    miniroot59.fs to a USB stick and boot from it.
  • If you can’t boot from a CD, floppy disk, or USB,
    you can install across the network using PXE as described in
    the included INSTALL.i386 document.
  • If you are planning on dual booting OpenBSD with another OS, you will need to
    read INSTALL.i386.


  • The OpenBSD/amd64 release is on CD2.
    Boot from the CD to begin the install – you may need to adjust
    your BIOS options first.
  • If your machine can boot from USB, you can write install59.fs or
    miniroot59.fs to a USB stick and boot from it.
  • If you can’t boot from a CD, floppy disk, or USB,
    you can install across the network using PXE as described in the included
    INSTALL.amd64 document.
  • If you are planning to dual boot OpenBSD with another OS, you will need to
    read INSTALL.amd64.


  • Burn the image from a mirror site to a CDROM, and power on your machine
    while holding down the C key until the display turns on and
    shows OpenBSD/macppc boot.
  • Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot


  • Put CD3 in your CDROM drive and type boot cdrom.
  • If this doesn’t work, or if you don’t have a CDROM drive, you can write
    CD3:5.9/sparc64/floppy59.fs or CD3:5.9/sparc64/floppyB59.fs
    (depending on your machine) to a floppy and boot it with boot
    . Refer to INSTALL.sparc64 for details.
  • Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
    will most likely fail.
  • You can also write CD3:5.9/sparc64/miniroot59.fs to the swap partition on
    the disk and boot with boot disk:b.
  • If nothing works, you can boot over the network as described in INSTALL.sparc64.


  • Write FTP:5.9/alpha/floppy59.fs or
    FTP:5.9/alpha/floppyB59.fs (depending on your machine) to a diskette and
    enter boot dva0. Refer to INSTALL.alpha for more details.
  • Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
    will most likely fail.


  • Boot over the network by following the instructions in INSTALL.hppa or the
    hppa platform page.


  • Write miniroot59.fs to the start of the CF
    or disk, and boot normally.


  • Write miniroot59.fs to a USB stick and boot bsd.rd from it
    or boot bsd.rd via tftp.
    Refer to the instructions in INSTALL.loongson for more details.


  • Copy `boot’ and `bsd.rd’ to a Mach or UniOS partition, and boot the bootloader
    from the PROM, and then bsd.rd from the bootloader.
    Refer to the instructions in INSTALL.luna88k for more details.


  • After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
    Refer to the instructions in INSTALL.octeon for more details.


  • To install, burn cd59.iso on a CD-R, put it in the CD drive of your
    machine and select Install System Software from the System Maintenance
    menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
    CD-ROM, and need a proper invocation from the PROM prompt.
    Refer to the instructions in INSTALL.sgi for more details.

  • If your machine doesn’t have a CD drive, you can setup a DHCP/tftp network
    server, and boot using “bootp()/bsd.rd.IP##” using the kernel matching your
    system type. Refer to the instructions in INSTALL.sgi for more details.


  • After connecting a serial port, boot over the network via DHCP/tftp.
    Refer to the instructions in INSTALL.socppc for more details.


  • Using the Linux built-in graphical ipkg installer, install the
    openbsd59_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
    for a few important details.

How to upgrade

If you already have an OpenBSD 5.8 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.

Notes about the source code

src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:

# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz

sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:

# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz

Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.

Ports Tree

A ports tree archive is also provided. To extract:

# cd /usr
# tar xvfz /tmp/ports.tar.gz

Go read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.

The ports/ directory represents a CVS (see the manpage for

you aren’t familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
So, in order to keep up to date with the -stable branch, you must make
the ports/ tree available on a read-write medium and update the tree
with a command like:

# cd /usr/ports
# cvs -d update -Pd -rOPENBSD_5_9

[Of course, you must replace the server name here with a nearby anoncvs

Note that most ports are available as packages on our mirrors. Updated
ports for the 5.9 release will be made available if problems arise.

If you’re interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list is a good place to know.

Original URL:

Original article

When Lobbying was Illegal

Apr 15, 2016 · 4,085 views

This article was written by Alex Mayyasi, a Priceonomics staff writer

Wouldn’t it be nice if lobbying were illegal?

It’s a tempting thought. But it seems impossible. Lobbying is a multi-billion dollar industry and an accepted—if hated—part of American politics. American courts have ruled that lobbying is constitutionally protected free speech, and lawyers and laymen alike generally accept this. 

The same is true of more indirect lobbying, like the Citizens United Supreme Court ruling that allows businesses to spend unlimited sums of money on Super Pacs and advertisements for or against a candidate.

Yet from America’s founding through much of the 19th century, the legal system treated lobbying as a corrupt and illegitimate activity. Lobbying still happened, but a number of states made lobbying a criminal offense, and the federal government banned some forms of lobbying. This all happened without legal challenge, as the courts viewed lobbying as incompatible with the rights and responsibilities of citizenship. 

This forgotten history of lobbying in America has been documented by Zephyr Teachout, an Elizabeth Warren-style academic turned activist-politician who believes that Americans—and American legal minds—have forgotten the long American tradition of treating lobbying as a violation of a citizen’s responsibility to represent only him or herself in the political process.

So how did we go from treating lobbying as illegitimate or illegal to protected free speech?


In 1785, the King of France gave Benjamin Franklin a diamond-encrusted snuffbox.

The gift was not a comment on Franklin’s rumored inclination toward drug use. It was a customary parting gift. Franklin had represented America as a diplomat in France, and in royal Europe, a rich gift was a sign of respect. 

In the uncouth, young nation of America, though, the gift was seen as dangerous. According to the Articles of Confederation, Congress had to approve any gift from a foreign official.

“At the level of basic human intercourse, Franklin owed something to the king after receiving such a gift,” Zephyr Teachout writes. “These subtle sympathies threatened to corrupt Franklin because they could interfere with his responsibility to put the country’s interest first in his diplomatic judgments.” 

Teachout opens her book Corruption in America with this incident in order to show how differently early Americans treated lobbying. And the contrast is stunning.

Over the past two decades, the Supreme Court has sanctioned any lobbying that is not explicit, quid pro quo bribery. 

A 1999 Supreme Court case, for example, overturned a federal law that banned officials from receiving gifts. A farmer’s association had given the Secretary of Agriculture sports tickets, luggage, and free meals—all delivered by hiring the Secretary’s college roommate as a lobbyist—and then benefited from policies made by the Secretary. Yet the court sanctioned the act. Justice Scalia wrote that banning all gifts would lead to “absurdities,” and he could not imagine banning an organization from organizing a free lunch for a policymaker.  

Similarly, in the Citizens United case, Justice Anthony Kennedy, writing the majority’s opinion, noted that “Ingratiation and access… are not corruption.”

This logic and these conclusions, Teachout contends, are a complete break from the reasoning of judges in 18th and 19th century America. 

For 100 years, judges so believed that using personal influence to ingratiate and gain access to lawmakers led to corruption that they refused to enforce lobbying contracts. Teachout cites a 19th century legal textbook that stated that “what are known as ‘lobbying contracts’. . . [which are] any agreements to render services in procuring legislative action… by personal solicitation of the legislators or other objectionable means, is contrary to the plainest principles of public policy, and is void.” For decades, when business failed to pay lobbyists, America’s courts considered their employment unlawful and refused to make the businesses pay their lobbyists’ fees.  

Judges also did not object when legislators banned lobbying. In 1877, Georgian legislators wrote “Lobbying is declared to be a crime” into the state constitution. A number of state legislatures took similar action—for a time, lobbying was a felony in California—and in 1852, Congress passed a law banning anyone “employed as an agent to prosecute any claim pending before Congress” from being present during legislative sessions. 

In 1999, Scalia considered it absurd that lawmakers should not be allowed to accept any gifts—he pointed out that this meant the president could not accept a jersey from the Patriots if they won the Super Bowl. But early Americans considered the dangers of gift-giving so alarming that they endured those absurdities—like forcing Benjamin Franklin, a retiring diplomat, to ask Congress to vote on whether he could keep his parting gift from the leader of France. 

In another absurd example, in 1866, an old, infirm man who was owed money by the federal government hired a lawyer to appeal to Congress for his money. When the man’s son refused to pay the lawyer, the lawyer sued. “One could hardly imagine a more sympathetic context for enforcing a lobby contract,” Teachout writes. “If there was any right to petition the government, ought it not extend to the aged, who might need to hire someone on their behalf?”

Yet the court still refused to uphold the contract, as the judge said that doing so would sanction a corrupt practice. “If any of the great corporations of the country were to hire adventurers who make market of themselves in this way, to procure the passage of a general law with a view to the promotion of their private interests,” he wrote, “the moral sense of every right-minded man would instinctively denounce the employer and employed as steeped in corruption.”

Legal scholars today would likely look askance at this logic. The First Amendment, which protects free speech, guarantees the right to “to petition the Government for a redress of grievances.” Hiring a lobbyist for help doing so is considered constitutionally protected. 

Legal thought in the 19th century, Teachout notes, had no problem with individuals hiring a lawyer to write reports and present them to congressional committees. But it viewed hiring lobbyists to argue someone else’s views (especially in contexts outside of formal government settings), and to use their personal influence on someone else’s behalf, as a betrayal of civic virtue. 

As one judge wrote, a lobbyist is “induced to use his influence for the money he is to obtain; when, as a patriot and a citizen, he should only act for the good of his country.” 

Everyone has the right to petition the government. But it was seen like the right to vote—something that could not be sold. 

Lobbying still happened, and it was never wholesale banned. But for 100 years, it was commonly seen as corrupt and illegitimate, and the courts refused to sanction it. 

So what changed?


The First Amendment—and the perceived right to lobby—is not the only Constitutional Amendment whose meaning has changed dramatically over time. 

Although it seems like established cannon today that the Second Amendment guarantees the right to own a gun, this idea is a recent development. As recently as 1990, the conservative former Chief Justice Warren Burger denounced the idea that the Second Amendment offers an “unfettered individual right to a gun” as a “fraud on the American public.” Describing the Second Amendment as a “gun control amendment,” New Yorker writer Adam Gopnik writes that legal thought had long focused on the phrase “well regulated” in “a well regulated Militia.”

Journalists and historians chronicling the recent change in the interpretation of the Second Amendment seem to agree on the story: The National Rifle Association and like-minded allies funded and cultivated a revisionist movement in legal thought that found its triumphant expression in 2008, when Justice Scalia struck down Washington D.C.’s ban on handguns. 

This was the first articulation of this logic; previously, as Justice John Paul Stevens wrote, the amendment was always understood as allowing the regulation of the private use of firearms—as long as it didn’t interfere with the upkeep of a regulated militia. 

According to Teachout, our understanding of lobbying and the First Amendment underwent a similar, if longer and less consciously orchestrated, revisionary process. One of the first blows came in 1890, when Massachusetts passed a law requiring that lobbyists register with the government. Several states followed, which gave the sense that lobbyists were accepted professionals, rather than rogues improperly selling their personal influence. 

A second development was the court’s increasing inclination to honor and protect all contracts. In the past, courts had given more consideration to whether the contracts served public interests, which was the justification for refusing to enforce lobbying contracts.

The idea that lobbying was a legitimate enterprise and protected by the First Amendment slowly gained a legal foundation. Yet it’s striking that as late as 1941, the Supreme Court debated and ruled on a case involving lobbying without invoking the First Amendment and free speech.


Although the court’s denouncements of lobbying matched the public’s disdain in the 18th century, with some legislatures even banning the practice, it’s not like that period was a lost golden age. 

Even as judges condemned lobbying with fire and brimstone rhetoric, the term ‘lobbying’ gained prominence in the early 1800s as railroad companies sought contracts and land from legislators. But lobbyists often did not need to ingratiate and subtly influence; they simply bribed outright. 

The letters of the railroad baron Leland Stanford, who later served as governor and senator of California, are full of embarrassingly frank details about bribes, kickbacks, and monopolies. During the golden age of vote buying in New York, Tammany Hall politician George W. Plunkitt famously explained the difference between “honest and dishonest graft.” In 1877, when the Georgia legislature banned lobbying, they did so after it came to light that lawmakers had sold 35 million acres of land to a business conglomerate for a scandalously low price. All but one of the lawmakers had been given shares in the business venture. 

When Georgians discovered the scale of the corrupt land sale, they literally set fire to the documents used by the government to grant the land in a giant bonfire presided over by the Speaker of the House and President of the Senate. It was like they were ceremoniously burning the possessions of a boyfriend or girlfriend who had scorned them. 

It’s hard to say whether America has become more or less corrupt since then. Researchers who study the topic note that most hard data comes from subjective surveys, which are recently initiated and simply ask people about their perceptions of corruption. America does fairly well in these surveys, ranking 16th in the world as of 2015. But explicit bribery still exists: Between 1990 and 2002, 10,000 officials were convicted for corrupt acts. 

The corruption that dominates headlines today, however, is mostly the legal kind: Bank regulators who act feckless so they can move onto plush banking jobs; Super Pacs that receive millions of dollars from companies that want access and influence; and lobbyists who take out lawmakers for expensive lunches. 

The result is the cynical political culture that 19th century judges worried about when they refused to sanction even lobbying that seemed above board. Nearly half of all members of Congress now take lobbying jobs when they leave office. Congressmen have written that serving on a congressional committee is now “mainly valuable as part of the interview process for a far more lucrative job as a K Street lobbyist” and that it has “become routine to see members of Congress drop their seat in Congress like a hot rock when a particularly lush vacancy opens up.” 

Since 2014, as journalist Ezra Klein points out, businesses have spent more money lobbying Congress than taxpayers have spent funding Congress. 

We have traded an era in which bribery was widespread but provoked outrage and consequences when it was discovered for an age in which corruption is condemned but seen as inevitable, legal, and even constitutional. 

Our next post looks at the organization raffling off a swank house amongst the housing scarcity of San Francisco. To get notified when we post it   join our email list.

If you’re a company that wants to work with Priceonomics to turn your data into great stories, learn more about the Priceonomics Data Studio

Original URL:

Original article

Ubuntu Linux Continues To Dominate OpenStack and Other Clouds

An anonymous reader quotes a report from ZDNet: One reason Ubuntu is increasing its lead is that Jujo, Canonical’s application modeling and deployment DevOps tool, has been gaining in popularity. In the latest OpenStack user survey, we see that OpenStack is finally gaining real momentum in private clouds. We also see that Ubuntu Linux is continuing to dominate OpenStack. As Canonical cloud marketing manager Bill Bauman said, “Ubuntu OpenStack continues to dominate the majority of deployments with 55 percent of production OpenStack clouds. The previous survey showed Ubuntu OpenStack at 33 percent of production clouds. Ubuntu has seen almost 67 percent growth in an area where Ubuntu was already the market leader. These numbers are a huge testament to the community support Ubuntu OpenStack receives every day.” The Cloud Market’s latest analysis of operating systems on the Amazon Elastic Compute Cloud (EC2) shows Ubuntu with just over 215,000 instances. Ubuntu is followed by Amazon’s own Amazon Linux Amazon Machine Image (AMI), with 86,000 instances. Further back, you’ll find Windows with 26,000 instances. In fourth and fifth place, respectively, you’ll find Red Hat Enterprise Linux (RHEL) with 16,500 instances and then CentOS with 12,500 instances.

Share on Google+

Read more of this story at Slashdot.

Original URL:

Original article

The Commodore 64 returns in computer and handheld versions

Old computer favorites never die, they just fade away for a bit and then reappear in a new form looking for funding on Indiegogo. The ZX Spectrum was previously resurrected as Vega, and the handheld Vega+, and now there’s a new version of the Commodore 64 looking for funding. Called simply THE 64, this too will be available in desktop and handheld versions. While the Vega/Vega+ is being developed by Sir Clive Sinclair and others responsible for the original ZX Spectrum, THE 64 is being developed by fans of the Commodore classic who have previously had success with other consoles… [Continue Reading]

Original URL:

Original article

RoboVM is winding down

Over the past few weeks, we’ve been working with the teams at Xamarin and Microsoft to assess the technology and business conditions of RoboVM to determine the path forward for the products. After looking at the complete landscape for mobile development with Java, the decision has been made to wind down development of RoboVM.

We have compiled an FAQ to help guide customers through the impact of this announcement. Please contact us at for questions not covered by this FAQ.

What happens to my app developed with RoboVM?

This has no impact on the apps that our customers are currently shipping. If your app is currently working, it should continue to work unless Apple introduces a breaking change in iOS – just like any other iOS app. Android projects and apps that you have created in RoboVM Studio can be opened and compiled in Android Studio or IntelliJ IDEA, and any cross-platform RoboPods you are using on Android and iOS should continue to work in those projects, subject to breaking changes.

What should I do with the app I’m developing with RoboVM?

Depending on where you are in the development of your apps, there are several options available to move forward, including tools that will help you port to Xamarin, and alternative Java SDKs which target iOS. In particular, libGDX has just announced their support for Intel’s Multi-OS Engine, which means there is an alternative for the majority of RoboVM’s active developers. Beyond this, Microsoft and Xamarin are very interested in enabling your success in mobile and we’d like to help you move forward. If you’d like to discuss your app development plans, please email us at

Can I continue using my license?

Yes. You will be able to continue to activate your current RoboVM paid or complimentary subscription until April 30th 2017. This should give you ample time to transition your existing apps to alternatives.

I purchased a license, can I get a refund?

Yes. We’re offering a full refund for all existing customers as of today. Please contact us at to request a refund.

Additionally, we’d also like to offer all existing customers the choice of a free six month Xamarin Test Cloud Start subscription or a one-year HockeyApp Business S plan subscription to all currently paid subscribers. If you are interested, please contact us at


RoboVM has been the most challenging, exciting and fun experience of our professional careers. We are incredibly grateful for all the support you’ve shown us over the past 2 years, as contributors, users and customers.

Thank you
The RoboVM team
Niklas, Henric, Mario, Dominik, Hans, Joseph, Johan

Original URL:

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: