Language:
switch to room list switch to menu My folders
Go to page: [1] 2 3 4 5 ... Last
↑↑↑ Old messages ↑↑↑            ↓↓↓ New messages ↓↓↓
[#] Tue Jul 02 2013 18:19:30 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Paranoia (deep distroy ya) or serious.

NSA Backdoors In Open Source and Open Standards: What Are the Odds?

Since the late '90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears
to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in
2000, 4 years after they canceled the clipper chip program due to the public's lack of interest.

http://classic.slashdot.org/story/13/07/02/1241246

I have often wondered if the Tor project was a front for the government, I believe it was originally developed
by the US Navy.

[#] Thu Jul 04 2013 20:48:02 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

According to wikipedia, it is significantly funded by the gov't,
though I forget the precise details.

[#] Thu Jul 04 2013 20:55:44 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

It's pretty clear that the govern-mental made some sort of breakthrough in cryptography at that point.  They likely gained the ability to crack the prevalent forms of strong crypto, possibly even in real time.  That is the only explanation for why crypto changed from being regulated as "a munition" to being "exportable."

As for encouraging development of open source crypto software ... sure ... "let us help you continue the development of a cipher we secretly know how to break."

Well, they may be able to break 3DES but it will be a long time before they can break ROT13 ... because it's 10 more!



[#] Tue Jul 16 2013 11:46:51 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Heh. The code name for Linux 3.11 kernel is "Linux for Workgroups."


[#] Fri Jul 19 2013 11:30:13 EDT from athos-mn @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Had my first experience with that steaming pile of shit that calls itself Windows Server 2012. Yes, let's take the Windows 8 interface, designed (and reviled) for touchscreens, and throw it on a server. Yeah, that sounds like a fucking awesome idea. 



[#] Fri Jul 19 2013 17:30:47 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


*twitch*

[#] Mon Jul 22 2013 07:18:12 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Ubuntu Forums hacked; usernames, emails and passwords taken.
http://www.omgubuntu.co.uk/2013/07/ubuntu-forum-hacked-users-advised-to-change-passwords

[#] Mon Jul 22 2013 07:26:17 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

ubuntuforms password can also be used for ubuntuone, launchpad and I am sure other services.

[#] Mon Jul 22 2013 09:21:42 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

According to the article, "While data from the Forums has been compromised they stress that other services, such as Ubuntu One and Launchpad, bare not affected by the breach" but ...

[#] Mon Jul 22 2013 10:50:52 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

For some reason I read that differently, and I thought they used the same password. I know when I signed into
launchpad to change my password it listed ubuntuforms and ubuntu one as part of the ring. I am sure it is a single
sign on across all services.

[#] Tue Jul 23 2013 10:46:13 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Well, I haven't changed my "favorite password for external sites" in about 20 years, so I guess it's time.

[#] Tue Jul 30 2013 07:30:16 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

On the odds of backdoors in OpenSource software:

I recently had a discussion about this topic, I argued that if I was running a government agency or a lizard division (is there a difference?) which needs access to people's computer, I would have at least 23 people working secretly on every operating system provider. If not 50 or 500. They do not need to know about each other, they do not need to be my own personnel, I could just blackmail them. And that would include people working on the BSD/Linux kernels and Haiku.

I was called paranoid and delusional, such a big operation could never be covered up, people would talk about it, etc.



[#] Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Hmm... I should think an audit of the open-source code should reveal something.

[#] Wed Jul 31 2013 05:57:20 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

if you want to do code reviews, and don't know where to start, just ask ;-)



[#] Wed Jul 31 2013 08:06:45 EDT from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

Hmm... I should think an audit of the open-source code should reveal something.

Yes, and in a perfect world that would work. Yet Debian had faulty ssh keys generated for years without anybody noticing. People are lazy, coders are arrogant enough to assume their code is flawless, etc.



[#] Thu Aug 01 2013 00:13:06 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

 

Wed Jul 31 2013 08:06:45 AM EDT from the_mgt @ Uncensored

 

Tue Jul 30 2013 10:57:27 EDT from fleeb @ Uncensored

Hmm... I should think an audit of the open-source code should reveal something.

Yes, and in a perfect world that would work. Yet Debian had faulty ssh keys generated for years without anybody noticing. People are lazy, coders are arrogant enough to assume their code is flawless, etc.



Yes, so you you would switch to lsh at the first sign of trouble :-)



[#] Thu Aug 01 2013 13:36:32 EDT from IGnatius T Foobar @ Uncensored

Subject: Fun with virt-manager and btrfs

[Reply] [ReplyQuoted] [Headers] [Print]


As tends to happen from time to time, a new server fell into my lap this week, so I moved all of the citadel.org virtual machines to it. I've finally taken the plunge and made my root filesystem btrfs, which will eliminate all of the nonsense I had to do before with logical volume snapshots.

I also decided that since it's just a single machine with only local storage, ProxMoxVE is overkill for my needs. I've switched back to stock Debian and am running virt-manager. This has the superbonusfest benefit of being able to switch between *any* front end that uses libvirt (virsh etc).

I made /var/lib/libvirt/images (the place where virtual disks are stored) a btrfs subvolume. This doesn't change the allocation strategy; it's just metadata. But it also makes it *very* simple to do a daily snapshot with, say, a one week retention:


# what day is it?
dotw=`/bin/date +%A`

# delete last week's snapshot
/sbin/btrfs subvolume delete /var/lib/libvirt/images-backup-$dotw

# create this week's snapshot
/sbin/btrfs subvolume snapshot /var/lib/libvirt/images /var/lib/libvirt/images-backup-$dotw


I've been doing this on my home server for over a year now, but it was on a volume dedicated to backups. This is on the live production volume.

Now it should be noted that this is not a substitute for a proper off-host backup. btrfs snapshots are copy-on-write, so if the physical disk system corrupts the volume, all snapshots are corrupted simultaneously. (Thankfully, the new server is a RAID6 array of 10K SAS disks, so hopefully that won't be an issue.)

[#] Tue Aug 20 2013 18:24:48 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Wowzers! Rakarrack is in the Debian repositories. Years ago it was a bear to build. Oh look ... Guitarix is there too. Gotta play some...

[#] Wed Aug 21 2013 22:55:04 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

... smoke on the water? Bahdumpum.



[#] Thu Sep 12 2013 14:53:56 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Google's self driving car uses Ubuntu. The video is 24 minutes long but worth it. It focuses on the software
and systems of the car.
http://news.softpedia.com/news/Google-s-Self-Driving-Cars-Are-Powered-by-Ubuntu-382360.shtml

Google uses a stripped down version of Ubuntu, why they just didn't build their own I am not sure.

Go to page: [1] 2 3 4 5 ... Last