wlug February 2016

wlug@list.waikato.ac.nz

7 participants
36 discussions

Crypto flaw was so glaring it may be intentional eavesdropping backdoor

by Peter Reutemann

"Socat is a more feature-rich variant of the once widely used Netcat networking service for fixing bugs in network applications and for finding and exploiting security vulnerabilities. One of its features allows data to be transmitted through an encrypted channel to prevent it from being intercepted by people monitoring the traffic. Amazingly, when using the Diffie-Hellman method to establish a cryptographic key, Socat used a non-prime parameter to negotiate the key, an omission that violates one of the most basic cryptographic principles." -- source: http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-b… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

5 years

Fwd: [NZOSS OpenChat] TPPA appears to compromise NZ data sovereignty

by Peter Reutemann

Apologies for cross-posting. Cheers, Peter ---------- Forwarded message ---------- From: Dave Lane <president(a)nzoss.org.nz> Date: Wed, Feb 3, 2016 at 10:22 AM Subject: [NZOSS OpenChat] TPPA appears to compromise NZ data sovereignty To: NZOSS Open Chat List <openchat(a)groups.nzoss.org.nz> Hi all, Thanks to Grant Paton-Simpson for bringing clause 14.13.2 of the Trans-Pacific Partnership Agreement to my attention... I've just written a quick post to explain the potential implications of it, as I see it: https://nzoss.org.nz/content/tppa-compromises-nz-data-sovereignty Any comments or corrections (or alternative interpretations) to the article would be appreciated. If you think it is a cause for concern, I encourage you to promote it, particularly among those who will understand the implications. The TPPA is slated for signing tomorrow. We need to make a BIG stink about this very unfortunate turn of events. Cheers, Dave -- Dave Lane, President, New Zealand Open Source Society e: president(a)nzoss.org.nz m: 021 229 8147 w: http://nzoss.org.nz ―― View topic http://groups.nzoss.org.nz/r/topic/7bw4I2juaLBbCQycHlZriA Leave group mailto:openchat@groups.nzoss.org.nz?subject=Unsubscribe Start groups https://OnlineGroups.net -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

5 years

The State Of Blender: “The Art Of Open Source”

by Lawrence D'Oliveiro

An article <https://www.blender.org/media-exposure/the-art-of-open-source/> written for the November 2015 issue of “Linux Format” magazine covers the origins and increasing popularity of Blender. But more than popularity, it seems it is now (somewhat grudgingly) winning actual respect among 3D artists. Pixar even lists Blender as one of the packages it officially supports in the latest release of RenderMan. My main beef with the article is the writer keeps saying “commercial” when he means “proprietary”, seemingly reserving the use of “proprietary” for when he means “in-house”. If you don’t think Blender can be “commercial”, just look at some of its users mentioned in the article. A quote from one of those users: “In 10 years of using proprietary 3D software, we never received usable support from either software vendor or reseller – except on problems with registering our licences.”

5 years

Classic Linux Joke Even Less Funny Than Previously Thought

by Lawrence D'Oliveiro

On some UEFI-based systems, the old “rm -rf /” trick for destroying your system may do more than annihilate your software installation, it may also brick your machine. This is because it is possible to mount a virtual kernel filesystem that gives access to persistent UEFI configuration data read/write, and deleting this data makes it impossible for your machine to boot. <http://www.theregister.co.uk/2016/02/02/delete_efivars_linux/>

5 years

Towards A Ten-Million-Core Supercomputer

by Lawrence D'Oliveiro

Europe’s ExaNeSt project is putting together a small prototype of what will eventually be a supercomputer with 10 million ARM cores. Why ARM? Because the performance bottleneck in a super is not the CPUs, but the interconnect between them. So it makes sense to use more power-efficient cores to keep the overall cost down. The main cost of running a super, or indeed any massively-multiprocessor installation (data centre, cloud service, render farm etc) is the electricity bill. <http://www.theregister.co.uk/2016/02/02/buddy_can_you_spare_ten_meeelion_ar…>

5 years

Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners

by Peter Reutemann

"One of the benefits of the next-generation Internet protocol known as IPv6 is the enhanced privacy it offers over its IPv4 predecessor. With a staggering 2128 (or about 3.4×1038) theoretical addresses available, its IP pool is immune to the types of systematic scans that criminal hackers and researchers routinely perform to locate vulnerable devices and networks with IPv4 addresses. What's more, IPv6 addresses can contain regularly changing, partially randomized extensions. Together, the IPv6 features cloak devices in a quasi anonymity that's not possible with IPv4. Now, network administrators have discovered a clever way that scanners are piercing the IPv6 cloak of obscurity. By setting up an IPv6-based network time protocol service most Internet-connected devices rely on to keep their internal clocks accurate, the operators can harvest huge numbers of IPv6 addresses that would otherwise remain unknown. The server operators can then scan hundreds or thousands of ports attached to each address to identify publicly available surveillance cameras, unpatched servers, and similar vulnerabilities." -- source: http://arstechnica.com/security/2016/02/using-ipv6-with-linux-youve-likely-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

5 years

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug February 2016