|
|
Subscribe / Log in / New account

Brief items

Security

Security quotes of the week

The next day they discovered why they'd had trouble finding the cooler. At the time, most bands were touring in buses that all came from the same company. That all looked the same. And that all were opened by the exact same key. Thus the reason that Stevie [Ray Vaughan] could not find the cooler where he expected it to be was because they were not on the bus where they expected to be. Instead of being on Stevie's bus, it turns out they were actually on UB40's bus that, unbeknownst to them, had just pulled up that night while they'd been ensconced in the hotel talking. Which Stevie's key had opened. And on which the UB40 band had apparently been sleeping the whole time Stevie and Bill [Gibson] were there inadvertently pilfering their beer…

So let this story be a lesson to security designers, people who really should be employing security designers, and pretty much everyone else who likes to reuse their passwords: When the security credentials for one resource can be used to gain access elsewhere, especially in a way you did not anticipate, there's really not that much security to be had.

Cathy Gellis

Some years ago, people started noticing all sorts of things embedded in the Bitcoin blockchain. There are digital images, including one of Nelson Mandela. There’s the Bitcoin logo, and the original paper describing Bitcoin by its alleged founder, the pseudonymous Satoshi Nakamoto. There are advertisements, and several prayers. There’s even illegal pornography and leaked classified documents [PDF]. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork of the blockchain, in which Bitcoin fragments into multiple parallel cryptocurrencies (and associated blockchains). Forks happen, rarely, but never yet because of legal coercion. And repeated forking would destroy Bitcoin’s stature as a stable(ish) currency.
Bruce Schneier and Barath Raghavan

Comments (15 posted)

Kernel development

Kernel release status

The current development kernel is 5.12-rc3, released on March 14. Linus said: "So rc3 is pretty big this time around, but that's entirely artificial, and due to how I released rc2 early. So I'm not going to read anything more into this, 5.12 still seems to actually be on the smaller side overall."

Stable updates: 5.11.6, 5.10.23, 5.4.105, 4.19.180, 4.14.225, 4.9.261, and 4.4.261 were released on March 11, followed by 5.11.7, 5.10.24, 5.4.106, 4.19.181, 4.14.226, 4.9.262, and 4.4.262 on March 17.

Comments (none posted)

The linux.dev mailing-list service launches

There is a new mailing-list server running under the auspices of kernel.org that is meant, over time, to address the problems that have been plaguing vger.kernel.org in recent times.

The infrastructure behind lists.linux.dev supports multiple domains, so all mailing lists hosted on vger.kernel.org will be carefully migrated to the same platform while preserving current addresses, subscribers, and list ids. The only thing that will noticeably change is the procedure to subscribe and unsubscribe from individual lists.

Among other things, the new server prioritizes delivery to the lore.kernel.org archive, which should minimize the problems seen recently with lost messages.

Comments (11 posted)

Quote of the week

Traditionally, network protocols are specified in a document of protocol behaviors. Then different organizations implement that specification. Then everybody interoperates and all goes well. In practice, it often doesn’t go well (see IPsec woes), but this at least has been the traditional way of doing this on the Internet, and in some ways it works.

But that is not the approach taken by the WireGuard project. In contrast, WireGuard is both a protocol and a set of implementations, implemented with a particular set of security and safety techniques. That’s a radical departure from the traditional model, and one surely to raise some grumbles amongst graybeards. But I believe this is a necessary and beneficial quality for having the types of high assurance software that is needed for core Internet security infrastructure. When you use WireGuard, you’re not just using some protocol that is capable of producing packets that are legible by others. You’re also using an implementation that’s been designed to avoid security pitfalls, and that provides interfaces for using it that mitigate footguns. In that way, the WireGuard project is more expansive than a mere protocol project or a mere software project or a mere cryptography project or a mere specification project or a mere interface project. It combines all of those things into a single unified approach.

Jason Donenfeld

Comments (none posted)

Distributions

Asahi Linux progress report

The Asahi Linux project, which is working to build a distribution for M1-based Apple systems, has published a progress report for January and February. "Apple Silicon Macs boot in a completely different way from PCs. The way they work is more akin to embedded platforms (like Android phones, or, of course, iOS devices), but with quite a few bespoke mechanisms thrown in. However, Apple has taken a few steps to make this boot process feel closer to that of an Intel Mac, so there has been a lot of confusion around how things actually work. For example, did you know that Apple Silicon Macs cannot boot from external storage at all, in the traditional sense? Or that the bootloader on Apple Silicon Macs cannot show a graphical user interface at all, and that the “Boot Picker” is in fact a full-screen macOS app, not part of the bootloader?"

Comments (47 posted)

Schaller: What to look for in Fedora Workstation 34

Christian Schaller looks forward to the Fedora 34 release with a detailed write-up of the desktop-oriented changes. "The big ticket item we have wanted to close off on was Wayland, because while Wayland has been production ready for most of us for a while, there was still some cases it didn’t cover as well as X.org. The biggest of this was of course the lack of accelerated XWayland support with the binary NVidia driver".

Comments (31 posted)

Development

Development quote of the week

And by using the documented API to get a session token, I could call editcgi.cgi to read and write arbitrary files on the doorbell. Which means I can drop an extra script in /etc/rc.d/rc3.d and get a shell on my doorbell.

This all requires the ability to have local authentication credentials, so it's not a big security deal other than it allowing you to retain access to a monitoring device even after you've moved out and had your credentials revoked. I'm sure it's all fine.

Matthew Garrett

Comments (8 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds