Language:
switch to room list switch to menu My folders
Go to page: [1] 2 3 4 5 ... Last
↑↑↑ Old messages ↑↑↑            ↓↓↓ New messages ↓↓↓
[#] Tue Jul 30 2013 07:30:16 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

On the odds of backdoors in OpenSource software:

I recently had a discussion about this topic, I argued that if I was running a government agency or a lizard division (is there a difference?) which needs access to people's computer, I would have at least 23 people working secretly on every operating system provider. If not 50 or 500. They do not need to know about each other, they do not need to be my own personnel, I could just blackmail them. And that would include people working on the BSD/Linux kernels and Haiku.

I was called paranoid and delusional, such a big operation could never be covered up, people would talk about it, etc.



[#] Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Hmm... I should think an audit of the open-source code should reveal something.

[#] Wed Jul 31 2013 05:57:20 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

if you want to do code reviews, and don't know where to start, just ask ;-)



[#] Wed Jul 31 2013 08:06:45 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

Hmm... I should think an audit of the open-source code should reveal something.

Yes, and in a perfect world that would work. Yet Debian had faulty ssh keys generated for years without anybody noticing. People are lazy, coders are arrogant enough to assume their code is flawless, etc.



[#] Thu Aug 01 2013 00:13:06 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Wed Jul 31 2013 08:06:45 AM EDT from the_mgt @ Uncensored

 

Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

Hmm... I should think an audit of the open-source code should reveal something.

Yes, and in a perfect world that would work. Yet Debian had faulty ssh keys generated for years without anybody noticing. People are lazy, coders are arrogant enough to assume their code is flawless, etc.



Yes, so you you would switch to lsh at the first sign of trouble :-)



[#] Thu Aug 01 2013 13:36:32 EDT from IGnatius T Foobar @ Uncensored

Subject: Fun with virt-manager and btrfs

[Reply] [ReplyQuoted] [Headers] [Print]


As tends to happen from time to time, a new server fell into my lap this week, so I moved all of the citadel.org virtual machines to it. I've finally taken the plunge and made my root filesystem btrfs, which will eliminate all of the nonsense I had to do before with logical volume snapshots.

I also decided that since it's just a single machine with only local storage, ProxMoxVE is overkill for my needs. I've switched back to stock Debian and am running virt-manager. This has the superbonusfest benefit of being able to switch between *any* front end that uses libvirt (virsh etc).

I made /var/lib/libvirt/images (the place where virtual disks are stored) a btrfs subvolume. This doesn't change the allocation strategy; it's just metadata. But it also makes it *very* simple to do a daily snapshot with, say, a one week retention:


# what day is it?
dotw=`/bin/date +%A`

# delete last week's snapshot
/sbin/btrfs subvolume delete /var/lib/libvirt/images-backup-$dotw

# create this week's snapshot
/sbin/btrfs subvolume snapshot /var/lib/libvirt/images /var/lib/libvirt/images-backup-$dotw


I've been doing this on my home server for over a year now, but it was on a volume dedicated to backups. This is on the live production volume.

Now it should be noted that this is not a substitute for a proper off-host backup. btrfs snapshots are copy-on-write, so if the physical disk system corrupts the volume, all snapshots are corrupted simultaneously. (Thankfully, the new server is a RAID6 array of 10K SAS disks, so hopefully that won't be an issue.)

[#] Tue Aug 20 2013 18:24:48 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Wowzers! Rakarrack is in the Debian repositories. Years ago it was a bear to build. Oh look ... Guitarix is there too. Gotta play some...

[#] Wed Aug 21 2013 22:55:04 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

... smoke on the water? Bahdumpum.



[#] Thu Sep 12 2013 14:53:56 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Google's self driving car uses Ubuntu. The video is 24 minutes long but worth it. It focuses on the software
and systems of the car.
http://news.softpedia.com/news/Google-s-Self-Driving-Cars-Are-Powered-by-Ubuntu-382360.shtml

Google uses a stripped down version of Ubuntu, why they just didn't build their own I am not sure.

[#] Mon Sep 23 2013 07:41:28 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Google engineers generally have the freedom to make choices like that on their own. There's no requirement for everyone to use the Official House Build (tm) of Linux. So it would seem that the self-driving-car team liked Ubuntu and used it.

It does seem weird in general that Ubuntu is so popular at Google, when Ubuntu is basically just Debian with training wheels, and Google engineers tend to be smart enough to not need training wheels.

[#] Mon Sep 23 2013 20:15:52 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Sometimes it's not a matter of being smart enough to figure it out, so much as smart enough not to spend time figuring it out when you have other things to do that no one has figured out yet.

[#] Fri Oct 04 2013 21:48:30 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

True ... that's why I use Debian instead of rolling a Linux OS from scratch, which I'm capable of doing. I'd rather spend my computer time getting stuff done than futzing with the OS. Ubuntu is just too much though. Too much crapware, and that Unity UI is almost as bad as Windows 8. So basically I'd have to spend extra time turning it back into something usable. I don't like having my time wasted.

[#] Sat Oct 05 2013 10:46:01 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I've been pretty happy with Linux Mint Debian Edition. The original Mint is an enhanced version of Ubuntu (based on Debian); for the DE, they just cut Ubuntu out of the loop and based it on Debian directly. It's not quite as polished, but a lot snappier and a bit more flexible.

For the AWS Citadel instance I created, I picked a Debian image. I pretty much have it configured, except for allowing a BBS ssh login without a password.
There's some setting hiding somewhere that won't let it take a blank password.
I forget where all I looked now; I'll have to take that up again.

I had it networked with my test system on my home PC (just based on IP address) and it sort of worked. I could send mail messages back and forth, but the room sharing wasn't quite there yet; I think there was at least one more place to configure things.

AWS is... interesting.

[#] Sat Oct 05 2013 12:09:50 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

you probably want to look at /etc/ssh/sshd_config for empty passvoids.



[#] Sat Oct 05 2013 12:16:01 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That was one of the places I hit, but I think there's a PAM module setting somewhere overriding it. The default config on the image allows ssh only for the admin account using a key; opening it up beyond that without screwing with things dramatically has been an interesting exercise. I have as far as creating a bbs user and setting its shell to the citadel client (with rnano as the external editor; don't judge me). I could live without a password-less login, certainly, but it's just one extra step.

[#] Sun Oct 06 2013 14:51:33 EDT from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sat Oct 05 2013 12:16:01 PM EDT from Sig @ Uncensored
That was one of the places I hit, but I think there's a PAM module setting somewhere overriding it. The default config on the image allows ssh only for the admin account using a key; opening it up beyond that without screwing with things dramatically has been an interesting exercise. I have as far as creating a bbs user and setting its shell to the citadel client (with rnano as the external editor; don't judge me). I could live without a password-less login, certainly, but it's just one extra step.

I had to do a search on the net, but I found a post on a support forum that detailed replacing the entry in /etc/shadow for the encrypted password with another encrypted empty password.

Couple that with the sshd_config setting to allow empty passwords, you should be good.



[#] Mon Oct 07 2013 05:57:13 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

https://www.olimex.com/Products/OLinuXino/A20/

So, you get a cheap Allwinner A20 board with all important sockets on one side.

Its the same chip as on the next generation qubie board, plus some more sockets

(two UEXT sockets, olimex specific; nice sets of extension boards available for these: https://www.olimex.com/Products/Modules/ )



[#] Mon Oct 07 2013 11:47:10 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

The single board systems are getting cheaper.  I used a Raspberry Pi this weekend for a voip server at the Twin Cities Marathon.  It worked quite well for the 5 extensions we had set up.



[#] Mon Oct 07 2013 11:59:07 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I had to do a search on the net, but I found a post on a support
forum that detailed replacing the entry in /etc/shadow for the
encrypted password with another encrypted empty password.

Couple that with the sshd_config setting to allow empty passwords,
you should be good.


I did see a reference to that elsewhere; I may give that a swing.

[#] Tue Oct 08 2013 15:59:29 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

There is some concern out there over the fact that even though more than a million Raspberry Pi boards have been sold, they're not having the effect that the project was intended to create -- flexible hobbyist computers for aspiring young techies to learn on.   That may or may not be a problem.



Go to page: [1] 2 3 4 5 ... Last