Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Submitted by Roy Schestowitz on Friday 23rd of October 2020 10:13:49 AM Filed under
Security
  • Free XSS Tools – Linux Hint

    Cross-Site Scripting, commonly known as XSS, is a type of vulnerability in which attackers remotely inject custom scripts on web pages. It commonly occurs in sites where data input parameters are improperly sanitized.

    Sanitization of inputs is the process of cleansing of the inputs, so the data inserted is not used to find or exploit security holes in a website or server.

    Vulnerable sites are either unsanitized or very poorly and incompletely sanitized. It is an indirect attack. The payload is indirectly sent to the victim. The malicious code is inserted on the website by the attacker, and then it becomes a part of it. Whenever the user (victim) visits the webpage, the malicious code is moved to the browser. Hence, the user is unaware of anything happening.

  • Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero-Day Bug | Technology News

    Google Chrome stable channel users are receiving an update that rings along multiple security fixes. Update v86.0.4240.111 includes a fix for zero-day vulnerability CVE-2020-15999 discovered by a member in Google's Project Zero team. This new zero-day vulnerability is reported to be a memory bug in the FreeType font rendering library. This was spotted being abused by a threat actor. Chrome users are recommended to install this latest update by going into the Help section.

    The tech giant has confirmed via a blog post that it has updated the Chrome stable channel to 86.0.4240.111 for Windows, Mac, and Linux users. This update will roll out for all users in the coming week. Chrome users can update to the latest version via the integrated update function inside the browser itself. Hit the three dots on the top right corner of the browser window and select Help > About Google Chrome. Here it will show you of any pending update, and after installation, it will ask you to relaunch the browser to finish the updating process.

  • Josh Bressers: Episode 218 – The past was a terrible place

    Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn today won’t be useful skills in a few years. The future is is always better than the past. Even in 2020.

  • Josh Bressers: Episode 219 – Chat with Larry Cashdollar

    Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it!

  • Josh Bressers: Episode 220 – Securing network time and IoT

    Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future.

»

Security: Patches, FUD, and Incidents

Submitted by Roy Schestowitz on Thursday 22nd of October 2020 08:31:31 PM Filed under
Security
  • Making the Grade with Linux and Cybersecurity at the Intelligent Edge

    As intelligent edge deployments accelerate, we have reached a crossroads where many are being forced to choose between the accessibility, ease of use, flexibility, and leading-edge capabilities of open source software and the safety and security of systems in the field. How we proceed has the potential to lead massive transformation in the embedded industry.

    “Using open source early in the proof-of-concept cycle means taking advantage of the rapid pace of open source innovation,” says Matt Jones, Chief Architect at Wind River. “Taking your solution to market comes with additional measures meant to protect your device throughout its lifecycle.”

  • Security updates for Thursday [LWN.net]

    Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).

  • Snyk to automatically check Docker Official Images for security problems [Ed: ZDNet pushing FUD vendors again, ones connected to Microsoft]
  • OpenDev’s Gerrit deployment back online after suspected admin account compromise

    OpenDev.org’s Gerrit deployment has been restored after being taken offline following the detection of malicious activity on its repositories.

    The repositories were disabled two hours after project maintainers were alerted to a suspected security breach on Tuesday morning (October 20).
    “We believe an admin account in Gerrit was compromised allowing an attacker to escalate privileges within Gerrit,” said Clark Boylan in a service announcement issued later that day.
    “Around 02:00 UTC October 20 suspicious review activity was noticed, and we were made aware of it shortly afterwards.

    “The involved account was disabled and removed from privileged Gerrit groups. After further investigation we decided that we needed to stop the service, this happened at about 04:00 UTC.”

»

Gerrit code review tool taken offline after suspected admin account compromise

Submitted by Roy Schestowitz on Thursday 22nd of October 2020 03:01:01 PM Filed under
Development
Security

Gerrit has been taken offline after malicious activity was flagged on the open source code collaboration platform.

The web-based Git code review service was disabled two hours after project maintainers were alerted to a suspected security breach on Tuesday morning (October 20).

“We believe an admin account in Gerrit was compromised allowing an attacker to escalate privileges within Gerrit,” said Clark Boylan in a service announcement issued later that day.
“Around 02:00 UTC October 20 suspicious review activity was noticed, and we were made aware of it shortly afterwards.

“The involved account was disabled and removed from privileged Gerrit groups. After further investigation we decided that we needed to stop the service, this happened at about 04:00 UTC.”

Read more

»

Security Leftovers

Submitted by Roy Schestowitz on Thursday 22nd of October 2020 01:18:39 PM Filed under
Microsoft
Security
»

Security: Reproducible Builds, Patches, and 1Password

Submitted by Roy Schestowitz on Thursday 22nd of October 2020 11:24:23 AM Filed under
Security
  • Reproducible Builds: Supporter spotlight: Civil Infrastructure Platform 01:00

    The Reproducible Builds project depends on our many projects, supporters and sponsors. We rely on their financial support, but they are also valued ambassadors who spread the word about the Reproducible Builds project and the work that we do.

    This is the first installment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. If you are a supporter of the Reproducible Builds project (of whatever size) and would like to be featured here, please let get in touch with us at contact@reproducible-builds.org.

    However, we are kicking off this series by featuring Urs Gleim and Yoshi Kobayashi of the Civil Infrastructure Platform (CIP) project.

    [...]

    A: Reproducibility helps a great deal in software maintenance. We have a number of use-cases that should have long-term support of more than 10 years. During this period, we encounter issues that need to be fixed in the original source code. But before we make changes to the source code, we need to check whether it is actually the original source code or not. If we can reproduce exactly the same binary from the source code even after 10 years, we can start to invest time and energy into making these fixes.

  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Arch Linux (kdeconnect, kernel, kpmcore, lib32-freetype2, linux-hardened, linux-lts, linux-zen, lua, and powerdns-recursor), Debian (mariadb-10.1 and mariadb-10.3), Fedora (thunderbird), Mageia (claw-mail, freetype2, geary, kernel, and tigervnc), Oracle (nodejs:12), Red Hat (python27, rh-postgresql96-postgresql, and rh-python38), Slackware (freetype), SUSE (hunspell, kernel, libvirt, and taglib), and Ubuntu (grunt, quassel, and tomcat9).

  • 1Password for Linux Beta now available on Ubuntu, Mint, Manjaro, Fedora, and more [Ed: Who would trust proprietary software for password handling when our governments (nowadays) openly demand back doors in everything?]

    Back in August, we told you about some very exciting news -- 1Password had come to Linux... as a development preview. Yeah, it was a pre-beta release, but still, it was a huge win for the Linux community overall.

    1Password is an extremely popular password management service, available for Mac, Windows, Android, and iOS/iPadOS. Bringing it to Linux makes the software truly cross-platform. Not to mention, it says a lot about the growing popularity of Linux that Agilebits found it beneficial to assign precious resources to its development.

  • 1Password’s Linux App is Now in Beta

    The official 1Password Linux app is available for wider testing ahead of a planned stable release next year.

    Preview builds of the 1Password Linux app were soft-launched earlier this year, albeit with a few caveats in place. The feedback gathered as part of that early effort clearly bore fruit as the team is back with freshly ripened beta candidate for fans of the service to try.

    1Password is a popular, cross-platform password manager. Official apps are available for Android and iOS, all major web browser, and Windows and macOS. The service isn’t free (though plans start at a low $2.99/m) but it packs in some pretty decent credential management features.

    The 1Password Linux app backend is written in Rust and leverages the ring crypto library for its end-to-end encryption.

    Integration with the Ubuntu desktop is also on offer. The app can detect when you’re using a dark GTK theme; uses descriptive window titles (handy if you tile windows); has support for biometric unlocking; and shows a good ol’ system tray icon for easy access.

  • How to Install 1Password Beta On Linux?

    The beta version of 1Password is now available on Linux. for starters, it is a beautiful, user-friendly, and cross-platform password manager app which is already available on various other platforms like Windows, macOS, Android, and iOS.

    The app is now available for Ubuntu, Fedora, Debian, CentOS, and Red Hat Enterprise Linux. Apart from that, an App Image is also available. Here’s how you can install 1Password on Linux —

»

Security Leftovers

Submitted by Roy Schestowitz on Wednesday 21st of October 2020 03:04:26 PM Filed under
Security
  • Kaspersky's Secur'IT hacking competition attracts entrants from 24 universities

    Four university students, competing as ByteMe, have won the first prize in the Secur'IT Cup, an annual hacking competition jointly organised by security outfit Kaspersky and Hackathons Australia.

  • Hackers Use Billboards to Trick Self-driving Cars into Slamming on the Brakes

    “The attacker just shines an image of something on the road or injects a few frames into a digital billboard, and the car will apply the brakes or possibly swerve, and that’s dangerous,” Ben Gurion University researcher Yisroel Mirsky told the magazine. “The driver won’t even notice at all. So somebody’s car will just react, and they won’t understand why.”

  • File Exfiltration via Libreoffice in BigBlueButton and JODConverter

    BigBlueButton is a free web-based video conferencing software that lately got quite popular, largely due to Covid-19. Earlier this year I did a brief check on its security which led to an article on Golem.de (German). I want to share the most significant findings here.

    BigBlueButton has a feature that lets a presenter upload a presentation in a wide variety of file formats that gets then displayed in the web application. This looked like a huge attack surface. The conversion for many file formats is done with Libreoffice on the server. Looking for ways to exploit server-side Libreoffice rendering I found a blog post by Bret Buerhaus that discussed a number of ways of exploiting such setups.

    One of the methods described there is a feature in Opendocument Text (ODT) files that allows embedding a file from an external URL in a text section. This can be a web URL like https or a file url and include a local file.

    This directly worked in BigBlueButton. An ODT file that referenced a local file would display that local file. This allows displaying any file that the user running the BigBlueButton service could access on the server. A possible way to exploit this is to exfiltrate the configuration file that contains the API secret key, which then allows basically controlling the BigBlueButton instance. I have a video showing the exploit here. (I will publish the exploit later.)

    I reported this to the developers of BigBlueButton in May. Unfortunately my experience with their security process was not very good. At first I did not get an answer at all. After another mail they told me they plan to sandbox the Libreoffice process either via a chroot or a docker container. However that still has not happened yet. It is planned for the upcoming version 2.3 and independent of this bug this is a good idea, as Libreoffice just creates a lot of attack surface.

    Recently I looked a bit more into this. The functionality to include external files only happens after a manual user confirmation and if one uses Libreoffice on the command line it does not work at all by default. So in theory this exploit should not have worked, but it did.

    It turned out the reason for this was another piece of software that BigBlueButton uses called https://github.com/sbraconnier/jodconverter JODConverter. It provides a wrapper around the conversion functionality of Libreoffice. After contacting both the Libreoffice security team and the developer of JODConverter we figured out that it enables including external URLs by default.

  • New Gitjacker tool lets you find .git folders exposed online

    A new open-source tool called Gitjacker can help developers discover when they've accidentally uploaded /.git folders online and have left sensitive information exposed to attackers. Gitjacker is available as a free download on Github.

»

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 20th of October 2020 04:28:01 PM Filed under
Security
  • Videoconferencing Malware, Vizom, Discovered [Ed: Wrong. Zoom itself is malware and they admit having back doors.]

    It was probably only a matter of time before the cyber attackers hit videoconferencing software in 2020. Apps such as Zoom had a bona fide boon this year because of the world health crisis. Researchers discovered a new form of malware that uses remote overlay attacks to hit Brazilian bank account holders who use videoconferencing software.

    [...]

    Phishing campaigns spread Vizom, disguising it as Zoom. Once the malware accesses a Windows computer, it hits the AppData directory to start infecting the system. Using DLL hijacking, it tries to force malicious DLLs to be loaded, using names the attackers believe are on the software directories for the Delphi-based variants.

  • Combating abuse in Matrix - without backdoors.

    Last Sunday, the UK Government published an international statement on end-to-end encryption and public safety, co-signed by representatives from the US, Australia, New Zealand, Canada, India and Japan. The statement is well written and well worth a read in full, but the central point is this:

    We call on technology companies to [...] enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight.

    In other words, this is an explicit request from seven of the biggest governments in the world to mandate a backdoor in end-to-end encrypted (E2EE) communication services: a backdoor to which the authorities have a secret key, letting them view communication on demand. This is big news, and is of direct relevance to Matrix as an end-to-end encrypted communication protocol whose core team is currently centred in the UK.

    Now, we sympathise with the authorities’ predicament here: we utterly abhor child abuse, terrorism, fascism and similar - and we did not build Matrix to enable it. However, trying to mitigate abuse with backdoors is, unfortunately, fundamentally flawed.

  • Security updates for Tuesday

    Security updates have been issued by Debian (python-flask-cors), Fedora (kleopatra, nextcloud, and phpMyAdmin), Gentoo (ark, libjpeg-turbo, libraw, and libxml2), openSUSE (bind, kernel, php7, and transfig), Red Hat (kernel, kernel-alt, kernel-rt, rh-python36, virt:8.1 and virt-devel:8.1, and virt:8.2 and virt-devel:8.2), and Ubuntu (collabtive, freetype, linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon, and linux-oem-osp1, linux-raspi2-5.3).

  • Reproducible Builds (diffoscope): diffoscope 161 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 161. This version includes the following changes:

    [ Chris Lamb ]
* Fix failing testsuite: (Closes: #972518)
  - Update testsuite to support OCaml 4.11.1. (Closes: #972518)
  - Reapply Black and bump minimum version to 20.8b1.
* Move the OCaml tests to the assert_diff helper.

[ Jean-Romain Garnier ]
* Add support for radare2 as a disassembler.

[ Paul Spooren ]
* Automatically deploy Docker images in the continuous integration pipeline.

»

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 20th of October 2020 11:41:41 AM Filed under
Security
  • Auto equipment maker KYB hit by Windows NetWalker ransomware

    Indiana-based KYB Corporation, the biggest supplier of OEM automotive equipment to companies around the globe, appears to have been hit by the Windows NetWalker ransomware, with the criminals behind the attack threatening to leak data stolen from the company on the dark web.

  • Security updates for Monday [LWN.net]

    Security updates have been issued by Debian (kernel, thunderbird, and yaws), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, kata-agent, libdnf, librepo, and wireshark), Gentoo (chromium and firefox), Mageia (brotli, flash-player-plugin, php, phpmyadmin, and wireshark), openSUSE (crmsh, gcc10, nvptx-tools, icingaweb2, kernel, libproxy, pdns-recursor, phpMyAdmin, and rubygem-activesupport-5_1), Red Hat (nodejs:12 and rh-maven35-apache-commons-collections4), and SUSE (gcc10, nvptx-tools and transfig).

  • North Korean hacker group attacked targets inside Russia

    The North Korean hacker group “Kimsuky” is reportedly carrying out attacks against military and industrial entities inside Russia, cybersecurity experts told the newspaper Kommersant.

  • Eyewear giant Luxottica hit by Windows Nefilim ransomware, data leaked

    The world's biggest eyewear company, Italian conglomerate Luxottica, has suffered a ransomware attack staged by criminals using the Windows Nefilim ransomware and data about its financial and human resources operations have been leaked on the dark web.

  • US charges six Russians with being behind numerous computer intrusions

    The US has charged six Russians, all officers in Unit 74455 of the Russian Main Intelligence Directorate or GRU, of participating in intrusion of computer systems in a number of countries.

»

Ubuntu and Debian Get Patches for Bluetooth Remote Code Execution Flaws, Update Now

Submitted by Marius Nestor on Tuesday 20th of October 2020 07:58:41 AM Filed under
Security

Discovered by security researcher Andy Nguyen in Linux kernel's Bluetooth L2CAP and Bluetooth A2MP implementation, as well as the Bluetooth HCI event packet parser, the CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 vulnerabilities are affecting Debian GNU/Linux 10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.

While CVE-2020-12351 and CVE-2020-24490 could allow a physically proximate remote attacker to crash the system by causing a denial of service or execute arbitrary code, CVE-2020-12352 let physically proximate remote attackers to expose sensitive information (kernel memory).

Read more

»

Kernel: USB4, Matias Wireless Aluminum Keyboard and 'BleedingTooth' Bluetooth Vulnerability

Submitted by Roy Schestowitz on Sunday 18th of October 2020 01:19:38 PM Filed under
Linux
Security

  • Linux 5.10 Continues Maturing The USB4 Support - Phoronix

    Earlier this year Linux 5.6 brought initial USB4 support by leveraging Intel's existing Thunderbolt kernel support for which the updated USB specification is based. Succeeding kernels have continued maturing this USB4 implementation and that has continued with Linux 5.10.

    Included as part of the USB / PHY / Thunderbolt changes for Linux 5.10 are more USB 4 updates, primarily this cycle fixing a few low-level issues in the code. The work continues to be led by Intel open-source engineers.

  • Linux 5.10 To Play Nicely With The Matias Wireless Aluminum Keyboard - Phoronix

    The Matias Wireless Aluminum Keyboard is an Apple-esque keyboard that will be working nicely on Linux 5.10 when it comes to its extra functionality.

    The Matias Wireless Keyboard is a keyboard that's admitted by the Canadian manufacturer to be inspired by Apple keyboards. Among the Matias differences are being a wireless keyboard with a number pad, better cross-platform support, and more. The aluminum wireless keyboard runs in the $85~135 USD range.

  • Linux systems at risk of worrying BleedingTooth Bluetooth vulnerability

    Linux-based operating systems are generally considered to be more secure than the likes of Windows, but that does not mean they are completely without security issues. 

»
Syndicate content

More in Tux Machines

Devices/Embedded: Arduino and More

       
  • Arduino Blog » Driving a mini RC bumper car with a Nintendo Wii Balance Board

    Taking inspiration from Colin Furze’s 600cc bumper car constructed a few years ago, Henry Forsyth decided to build his own RC miniature version. His device features a 3D-printed and nicely-painted body, along with a laser-cut chassis that holds the electrical components. The vehicle is driven by a single gearmotor and a pair of 3D-printed wheels, with another caster-style wheel that’s turned left and right by a servo steering. An Arduino Uno and Bluetooth shield are used for overall control with a motor driver. The Bluetooth functionality allows for user interface via a PS4 controller, or even (after a bit of programming) a Wii Balance Board. In the end, the PS4 remote seems to be the better control option, but who knows where else this type of balance technique could be employed?

  • Intel Elkhart Lake COM’s offer up to 3x 2.5GbE, SIL2 functional safety
  • E3K all-in-one wireless bio-sensing platform supports EMG, ECG, and EEG sensors (Crowdfunding)

    Over the year, The maker community has designed several platforms to monitor vital signs with boards like Healthy Pi v4 or HeartyPatch both of which are powered by an ESP32 WiFi & Bluetooth wireless SoC. WallySci has designed another all-in-one wireless bio-sensing platform, called E3K, that also happens to be powered by Espressif Systems ESP32 chip, and can be connected to an electromyography (EMG) sensor to capture muscle movements, an electrocardiography (ECG) sensor to measure heart activity, and/or an electroencephalography (EEG) sensor to capture brain activity. The board also has an extra connector to connect a 9-axis IMU to capture motion.

  • Coffee Lake system can expand via M.2, mini-PCIe, PCIe, and Xpansion

    MiTac’s fanless, rugged “MX1-10FEP” embedded computer has an 8th or 9th Gen Coffee Lake Core or Xeon CPU plus 3x SATA bays, 4x USB 3.1 Gen 2, 2x M.2, 2x mini-PCIe, and optional PCIe x16 and x1. MiTac recently introduced a Coffee Lake based MX1-10FEP computer that is also being distributed by ICP Germany. This month, ICP announced that the MX1-10FEP-D model with PCIe x16 and PCIe x1 slots has been tested and classified by Nvidia as “NGC Ready” for Nvidia GPU Cloud graphics boards such as the Nvidia T4 and Tesla P4. [...] The MX1-10FEP has an Intel C246 chipset and defaults to Windows 10 with Linux on request.

Wine 5.20 Released

The Wine development release 5.20 is now available.

What's new in this release (see below for details):
  - More work on the DSS cryptographic provider.
  - A number of fixes for windowless RichEdit.
  - Support for FLS callbacks.
  - Window resizing in the new console host.
  - Various bug fixes.

The source is available from the following locations:

  https://dl.winehq.org/wine/source/5.x/wine-5.20.tar.xz
  http://mirrors.ibiblio.org/wine/source/5.x/wine-5.20.tar.xz

Binary packages for various distributions will be available from:

  https://www.winehq.org/download

You will find documentation on https://www.winehq.org/documentation

You can also get the current source directly from the git
repository. Check https://www.winehq.org/git for details.

Wine is available thanks to the work of many people. See the file
AUTHORS in the distribution for the complete list.
Read more Also: Wine 5.20 Released With Various Improvements For Running Windows Software On Linux

PostmarketOS update brings HDMI support for the PinePhone and PineTab

When the PinePhone postmarketOS Community Edition smartphone began shipping to customers in September it came with a version of the operating system with one important feature missing: HDMI output. So when my phone arrived a few weeks ago I was able to spend some time familiarizing myself with the operating system and I could plug in the included Convergence Dock to use USB accessories including a keyboard, mouse, and storage. But I wasn’t able to connect an external display. Now I can. Read more

today's howtos

  • How To Install Ubuntu 20.10 Groovy Gorilla

    This tutorial explains Ubuntu 20.10 Groovy Gorilla computer installation. You will prepare at least two disk partitions, finishing it all in about twenty minutes, and enjoy! Let's start right now.

  • How to install Ubuntu 20.10 - YouTube

    In this video, I am going to show how to install Ubuntu 20.10.

  • How To Install Webmin on Ubuntu 20.04 LTS - idroot

    In this tutorial we will show you how to install Webmin on Ubuntu 20.04 LTS, as well as some extra required packages by Webmin control panel

  • Running Ironic Standalone on RHEL | Adam Young’s Web Log

    This is only going to work if you have access to the OpenStack code. If you are not an OpenStack customer, you are going to need an evaluation entitlement. That is beyond the scope of this article.

  • Introduction to Ironic

    The sheer number of projects and problem domains covered by OpenStack was overwhelming. I never learned several of the other projects under the big tent. One project that is getting relevant to my day job is Ironic, the bare metal provisioning service. Here are my notes from spelunking the code.

  • Adding Nodes to Ironic

    TheJulia was kind enough to update the docs for Ironic to show me how to include IPMI information when creating nodes.

  • Secure NTP with NTS

    Many computers use the Network Time Protocol (NTP) to synchronize their system clocks over the internet. NTP is one of the few unsecured internet protocols still in common use. An attacker that can observe network traffic between a client and server can feed the client with bogus data and, depending on the client’s implementation and configuration, force it to set its system clock to any time and date. Some programs and services might not work if the client’s system clock is not accurate. For example, a web browser will not work correctly if the web servers’ certificates appear to be expired according to the client’s system clock. Use Network Time Security (NTS) to secure NTP. Fedora 331 is the first Fedora release to support NTS. NTS is a new authentication mechanism for NTP. It enables clients to verify that the packets they receive from the server have not been modified while in transit. The only thing an attacker can do when NTS is enabled is drop or delay packets. See RFC8915 for further details about NTS. NTP can be secured well with symmetric keys. Unfortunately, the server has to have a different key for each client and the keys have to be securely distributed. That might be practical with a private server on a local network, but it does not scale to a public server with millions of clients. NTS includes a Key Establishment (NTS-KE) protocol that automatically creates the encryption keys used between the server and its clients. It uses Transport Layer Security (TLS) on TCP port 4460. It is designed to scale to very large numbers of clients with a minimal impact on accuracy. The server does not need to keep any client-specific state. It provides clients with cookies, which are encrypted and contain the keys needed to authenticate the NTP packets. Privacy is one of the goals of NTS. The client gets a new cookie with each server response, so it doesn’t have to reuse cookies. This prevents passive observers from tracking clients migrating between networks.

  • Comfortable Motion: Absolutely Cursed Vim Scrolling - YouTube

    Have you ever felt like Vim was too useful and thought hey let's change that, well that's what this dev thought and now we have a plugin called comfortable motion that's adds physics based scrolling into vim, what's physics based scrolling you ask. Well it's scrolling that occurs based on how long you hold down the scroll key.

  • Running Cassandra on Fedora 32 | Adam Young’s Web Log

    This is not a tutorial. These are my running notes from getting Cassandra to run on Fedora 32. The debugging steps are interesting in their own right. I’ll provide a summary at the end for any sane enough not to read through the rest.

  • Recovering Audio off an Old Tape Using Audacity | Adam Young’s Web Log

    One of my fiorends wrote a bunch of music back in high school. The only remainig recordings are on a casette tape that he produced. Time has not been kind to the recordings, but they are audible…barely. He has a device that produces MP3s from the tape. My job has been to try and get them so that we can understand them well enough to recover the original songs. I have the combined recording on a single MP3. I’ve gone through and noted the times where each song starts and stops. I am going to go through the steps I’ve been using to go from that single long MP3 to an individual recording.

  • Role of Training and Certification at the Linux Foundation

    Open source allows anyone to dip their toes in the code, read up on the documentation, and learn everything on their own. That’s how most of us did it, but that’s just the first step. Those who want to have successful careers in building, maintaining, and managing IT infrastructures of companies need more structured hands-on learning with real-life experience. That’s where Linux Foundation’s Training and Certification unit enters the picture. It helps not only greenhorn developers but also members of the ecosystem who seek highly trained and certified engineers to manage their infrastructure. Swapnil Bhartiya sat down with Clyde Seepersad, SVP and GM of Training and Certification at the Linux Foundation, to learn more about the Foundation’s efforts to create a generation of qualified professionals.

  • Hetzner build machine

    This is part of a series of posts on compiling a custom version of Qt5 in order to develop for both amd64 and a Raspberry Pi. Building Qt5 takes a long time. The build server I was using had CPUs and RAM, but was very slow on I/O. I was very frustrated by that, and I started evaluating alternatives. I ended up setting up scripts to automatically provision a throwaway cloud server at Hetzner.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6