* Posts by chasil

127 posts • joined 18 Jul 2014

Page:

Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly)

chasil

Ubuntu Chromium snap

In my last Ubuntu upgrade, my native Chromium install was converted to a snap package, both of which I assume were completely open-source.

Perhaps Windows users might be confused by a Chromium vulnerability which is likely exploitable in close-source Chome; Firefox production/esr releases are perhaps slightly more straightforward.

Does anyone even package Chromium for Windows?

Island in the Stream: AlmaLinux project issues first stable release of CentOS replacement

chasil

Oracle OS support

If we are being pragmatic, RedHat has terminated two major distributions, the original Red Hat Linux that ended at v9, and now CentOS v8.

Oracle ended OpenSolaris when Sun was acquired, and also terminated Oracle Linux 6 for SPARC after two beta releases.

Objectively, Oracle has supported their Linux offerings far more reliably than RedHat.

chasil

Conversion scripts

CentOS can now be converted to the following peer distributions...

RHEL: https://access.redhat.com/articles/2360841

Oracle: https://github.com/oracle/centos2ol

Alma: https://github.com/AlmaLinux/almalinux-deploy

I doubt option 1 is exercised often.

Shedding the 'bleeding edge' label: If Fedora is only going to be for personal use, that doesn't work for Red Hat

chasil

Options in the RPM world

Oracle has run a fully-supported clone of RHEL since the JBoss purchase, and Oracle does provide some very useful additions (the UEK, and their EPEL mirror are my favorites).

The reaction to Red Hat originally dropping their free product first saw WhiteBox Linux, then Tao Linux as free rerolls of RHEL, finally evolving to CentOS, while maintaining Scientific Linux for v7.

Rocky Linux and AlmaLinux are two new CentOS 8 clones. There is already a simple migration for CentOS to the Oracle yum repos, and migrations are likely to emerge to these new distros as well. Any CentOS user who wants a supported platform today can have it (even Red Hat has a converter).

IBM may have an agenda for Fedora, but it is unlikely as extreme as CentOS. For those who have truly had enough, but prefer RPM, SUSE is also an option.

Tired: Linux fans using the Edge browser. Wired: Linux fans using a Microsoft account to sign into the Edge browser

chasil

Microsoft contributions to the Linux kernel

Unfortunately, if you cannot tolerate Microsoft code, you will be unable to run Linux.

Microsoft has contributed code into the Linux kernel source tree for a number of reasons (HyperV comes to mind):

https://www.techrepublic.com/article/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source/

Microsoft has also contributed code to OpenSSH, so you might need to switch out your SSH clients and servers (although I don't know if any Microsoft code has made it all the way up to OpenBSD's /usr/src):

https://arstechnica.com/gadgets/2017/12/microsoft-quietly-snuck-an-ssh-client-and-server-into-the-latest-windows-10/

100% avoidance of Microsoft's code can require profound changes to software infrastructure.

Micron: We're pulling the plug on 3D XPoint. Anyone in the market for a Utah chip factory?

chasil

fab for Honda?

Honda just announced that all manufacturing is halted in the U.S. and Canada. Semiconductors are cited as critical.

Can a nand fab make logic parts, at lower densities?

Would any upgrades be cost-effective?

Although Intel itself may soon be conducting a fire sale on logic fans.

With computer brains in short supply, President Biden orders 100-day probe into semiconductor drought

chasil

nation/state foundaries

I think that the correct response would be for both the EU and the US to negotiate with Intel and/or Global Foundries for the purchase of 45nm, or perhaps 22nm facilities.

I know that AMD/Global Foundries had semiconductor fabs both in Dresden DE, and East Fishkill, NY. Intel's Chandler, AZ site might have an older fab that they might also be willing to sell.

We know that the US NSA has their own fab. An expansion of their management, over a buyout of East Fishkill or Chandler could guarantee 45nm production for the US automobile industry. Europe might feel the same about Dresden.

This is a big enough problem that government(s) could/should address.

Huawei loses attempt to rescue CFO Meng from US clutches despite using 140-year-old law in High Court

chasil

exculpatory evidence

Checking google, it appears that U.S. criminal prosecution is required to share evidence with defense due to a law passed in 1963:

https://www.law.cornell.edu/wex/brady_rule

I don't know if the prosecution is required to share any requested evidence before extradition (I would think that Huawei council would have acted if so).

We also know from the Flynn proceedings that much exculpatory evidence was "misplaced" and not reported, which dims the hopes of a fair trial.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

chasil

hardening-check

I know that the article specifically says that ASLR was defeated, but I wonder if these other compiler/linker mitigations prevent (some of) these vulnerabilities?

The "hardening-check" perl script is available from EPEL on redhat platforms. Here I use it to report mitigations in an old FWTK component that I use for an internal legacy system.

$ hardening-check /home/fwjail/usr/local/etc/ftp-gw

/home/fwjail/usr/local/etc/ftp-gw:

Position Independent Executable: yes

Stack protected: yes

Fortify Source functions: yes (some protected functions found)

Read-only relocations: yes

Immediate binding: yes

$ rpm -qi hardening-check | grep ^URL

URL : http://packages.debian.org/hardening-wrapper

Qualcomm pays $1.4bn to acquire ex-Apple and AMD Arm server chip engineers (and the biz they set up)

chasil

Krait & Kryo

"It may mean Qualcomm relies less on licensing off-the-shelf CPU cores from Arm, and instead produces its own highly optimized Arm-compatible CPU designs from scratch, much like Apple has done and succeeded with its A-series in iThings and the M1 in its laptops."

I thought that Krait & Kyro were already in-house designs.

If I remember, the Snapdragon 810 was the only stock ARM, and it had real problems (the Nexus 6p would run hot enough to burn out the CPU).

Open-source contributors say they'll pull out of Qt as LTS release goes commercial-only

chasil

Red Hat

Why not fork this one? It's under full support.

$ rpm -qi qt

Name : qt

Epoch : 1

Version : 4.8.7

Release : 9.el7_9

Architecture: x86_64

Install Date: Thu 12 Nov 2020 12:55:44 PM CST

Group : System Environment/Libraries

Size : 17895063

License : (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT

Signature : RSA/SHA256, Tue 10 Nov 2020 11:39:49 AM CST, Key ID 72f97b74ec551f03

Source RPM : qt-4.8.7-9.el7_9.src.rpm

Build Date : Tue 10 Nov 2020 11:32:07 AM CST

Build Host : jenkins-172-17-0-2-3664c536-7d7d-4ac4-8b0e-26767e19daa3.blddevtest1iad.osdevelopmeniad.oraclevcn.com

Relocations : (not relocatable)

Vendor : Oracle America

URL : http://qt-project.org/

Summary : Qt toolkit

Description :

Qt is a software toolkit for developing applications.

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'

chasil

RHEL switch

I have only done this once, with RHEL v4 onto Oracle Linux. The switch just changed my update provider, and Oracle supported the previous OS packages that had been shipped by Red Hat.

Red Hat now has a script to convert an installed CentOS or Oracle Linux to RHEL; previously a wipe and reinstall was required ("have fun reinstalling your system" is still on Oracle's CentOS site). The description looks much more thorough in replacing all possible packages with Red Hat versions:

https://access.redhat.com/articles/2360841

I don't know of any other current repo conversion options for a CentOS install, but some will likely emerge (Rocky and Scientific Linux come to mind).

Oracle's CentOS notice, with (some) recent updates:

https://linux.oracle.com/switch/centos/

New CentOS conversion blog entry:

https://blogs.oracle.com/linux/reasons-for-switching-centos-to-oracle-linux

New repo conversion script, supposedly works with CentOS 8:

https://github.com/oracle/centos2ol

After conversion from CentOS to Oracle Linux, free updates are available indefinitely. For those who desire paid support, there are several (yearly) price tiers ($119; $499; $1,199; $1,399; $2,299). I will say that I've had more problems with Oracle support this year than ever before.

For those uncomfortable with "free" products from Oracle, bear this in mind: in the last two decades, Red Hat has terminated two Linux distributions, while Oracle has terminated none.

Rocky Linux is go: CentOS founder's new project aims to be 100% compatible with Red Hat Enterprise Linux

chasil

Red Hat decapitates another product

Many years ago, I fondly used and documented the free and open Red Hat distribution, which ended with release 9 in 2003. I still have a hard drive with the original Red Hat 6 based on System V init, not the later v6 based on Upstart.

There was a great feeling of abandonment then that is nostalgic in the death of CentOS now.

In the years that have passed, I saw a few licenses purchased in my workplace, then support suddenly stopped by corporate sources who instructed all license holders to convert our installs to Oracle Linux support.

I remembered my feeling of abandonment by Red Hat, ran the script without complaint, and all was well.

In later years, focus returned to Red Hat licensing, and I was strongly encouraged to reinstall my Oracle Linux systems (which had grown greatly, as they were free). I resisted vehemently, objecting to an inferior kernel (compared to the UEK), reduced hardware support, and the pointless inconvenience of license keys, activation, and renewals for a product of generally lower quality.

Fortunately, I have avoided this inconvenience.

In light of the decades of Red Hat's behavior, I will say one thing: you reap what you sow.

Banking software firm tiptoes off to the cloud with MariaDB after $2m Oracle licence shocker

chasil

TPC

This is not actually true.

Prior to China, Oracle dominated the TPC-C benchmark with SPARC and 11g. Yes, SPARC.

"OceanBase" has put an end to that.

I don't speak Chinese, and I can't read the documentation. However, second-best is still what you have to use when you really, really need it.

http://tpc.org/tpcc/results/tpcc_advanced_sort5.asp?PRINTVER=false&FLTCOL1=ALL&ADDFILTERROW=&filterRowCount=1&SRTCOL1=c_tpmc&SRTDIR1=DESC&ADDSORTROW=&sortRowCount=1&DISPRES=100+PERCENT&include_withdrawn_results=none&include_historic_results=yes

Red Hat tips its Fedora 33: Beta release introduces Btrfs as default file system, .NET on ARM64, plus an IoT variant

chasil

btrfs-convert

Many are likely aware of "btrfs-convert - convert from ext2/3/4 or reiserfs filesystem to btrfs in-place."

I'm assuming that this is possible with the new Fedora release, but there are several important warnings, among them: "The conversion utilizes free space of the original filesystem. The exact estimate of the required space cannot be foretold. The final btrfs metadata might occupy several gigabytes on a hundreds-gigabyte filesystem."

Consolidating databases has significant storage benefits – and therefore everyone should be doing it

chasil

Err, no.

I deal with a couple of legacy databases, Oracle RDB, and a hierarchical database that originated on UNIVACs.

Neither of those is going to be on the table for consolidation.

Funny story, a developer brought me a SQL-Server backup, and asked for a Linux recovery. I downloaded the RPMs, initialized it, and the developer loaded the backup.

My next surprise was a call from management on an emergency SQL-Server conversion to Linux - turns out my newly-installed database was 100x faster than the production VM farm.

There are a few reasons for consolidation, but there are many reasons to refrain. Packing your favorite bowl or cup in your attic chest of porcelain means that you will constantly dis/reassemble the contents, and things will likely get broken. Certain architectural aspects become brittle and very difficult to change.

GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin

chasil

2008 GnuTLS criticism.

This chatter has been going on for quite a long time.

https://www.openldap.org/lists/openldap-devel/200802/msg00072.html

When a deleted primary device file only takes 20 mins out of your maintenance window, but a whole year off your lifespan

chasil

Another way to do this

There might have been a less traumatic way of accomplishing this.

As I remember, Sybase was able to mirror device files, and the free verson (11.0.3.3) was capable of doing this.

Assuming a mirror operation could be launched that could read the unlinked file, Sybase itself would copy the device file to a new location.

Oracle has the ability to "alter database rename file," and Sybase device file mirroring was the way to accomplish the same thing.

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

chasil

VAX Telnet

We still have VAXes running on emulators for our plant, and they are critical.

Corporate security forced us to get off cleartext telnet, so we looked at SSH. The Microfocus Reflections terminal clients were going to cost us hundreds of thousands, and not really offer any visible feature improvements.

Instead, we wrapped our old Reflections with stunnel clients, served by a set of Linux stunnel servers, and left our old software in place with cleartext telnet wrapped in TLS. I generated the keys and wrote the configs.

This decision gets criticized from time to time. Attempting alternatives has revealed other systemic problems, beyond expense.

Eclipse boss claims Visual Studio Code is an open-source poseur – though he would say that, wouldn't he?

chasil

Re: Open Rewrap - VS-Codium

Actually, when I do rare work on Windows, I usually rely on the Busybox port of vi.

I still login to HP-UX systems on occasion, and I imagine that I am using the real Bill Joy code there.

chasil

Open Rewrap - VS-Codium

Similar to Chromium ports of Google Chrome on various platforms, there is a completely open and free rewrap known as VS-Codium that only includes the open-source telemetry variant.

I have installed the RPM version of this, and I have tinkered with it. I don't use it regularly, as a full blink/v8 stack is really too much of an attack surface for simple editing. Vim is more to my tastes.

It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing

chasil

Re: Hypocritical

Antergos actually did all of this Linux/ZFS meshing in their installer. I wrote about that here:

https://www.linuxjournal.com/content/zfs-linux

Unfortunately, maintenance for Antergos has apparently ended.

https://itsfoss.com/antergos-linux-discontinued/

Wondering where the strontium in your old CRT monitor came from? Two colliding neutron stars show us

chasil

Re: An awesome 10th of a gram...

This is incorrect.

The S-Process follows a completely different pathway, and is mentioned in the article.

https://en.wikipedia.org/wiki/S-process

What is discussed in the subject of neutron star collisions is the R-Process.

https://en.wikipedia.org/wiki/R-process

Proton capture is another pathway.

https://en.wikipedia.org/wiki/P-process

IBM hears the RISC-V kids partying next door, decides it will make its Power CPU ISA free, too

chasil

RISC-V criticism

The author of this post may exhibit bias, but perhaps the architecture is not as well-designed as some would hope.

https://gist.github.com/erincandescent/8a10eeeea1918ee4f9d9982f7618ef68

Canonical adds ZFS on root as experimental install option in Ubuntu

chasil

ZFS benefits

ZFS is able to roll back to previous snapshots. If an OS upgrade does not work properly and the root is on ZFS, then the whole upgrade can be rolled back.

ZFS includes several types of checksums, including sha256, which can be set at any time. Every byte written to storage will be covered by a checksum, and you can "scrub" your storage to verify that everything on it is correct.

ZFS includes several types of compression. This compression can be adjusted dynamically at any time.

ZFS has a raid5 implementation that closes the "write hole," and can be safely used without battery backup.

All of us need storage that is efficient and correct. This is not delivered as well on older filesystems (EXT2/3/4, XFS, NTFS, FFS).

BtrFS delivers some of this (it does not have a reliable raid5); it does deliver defrag, which ZFS does not.

ZFS is, however, the best file system for a number of uses, some of which work well in a home/personal environment. Microsoft is reimplementing some ZFS features into ReFS, and that will be widely deployed at some point as I understand it.

Don't be an April Fool: Update your Android mobes, gizmos to – hopefully – pick up critical security fixes

chasil

I care about 3rd-party support.

The first thing that I did when I got my Nexus 6 three years ago was wipe stock.

After running Lineage with gapps for years, I finally made the jump to the MicroG reroll of Lineage.

I feel far safer.

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

chasil

Just use Tor.

There are many cases where hostile sites block Tor exit nodes, and shopping through one subjects you to much more extensive 2fa, but the more people who use Tor, the more accommodating they will become.

Oi! Not encrypting RPC traffic? IETF bods would like to change that

chasil

Re: stunnel, wireguard

There are also situations where NFS should NEVER EVER EVER be run over UDP. I guess you can save stunnel for those scenarios.

Isn't there also a userspace implementation of wireguard? Perhaps you would be happier with that version.

From "man 5 nfs:"

Using NFS over UDP on high-speed links

Using NFS over UDP on high-speed links such as Gigabit can cause silent data corruption.

The problem can be triggered at high loads, and is caused by problems in IP fragment reassembly. NFS read and writes typically transmit UDP packets of 4 Kilobytes or more, which have to be broken up into several fragments in order to be sent over the Ethernet link, which limits packets to 1500 bytes by default. This process happens at the IP network layer and is called fragmentation.

In order to identify fragments that belong together, IP assigns a 16bit IP ID value to each packet; fragments generated from the same UDP packet will have the same IP ID. The receiving system will collect these fragments and combine them to form the original UDP packet. This process is called reassembly. The default timeout for packet reassembly is 30 seconds; if the network stack does not receive all fragments of a given packet within this interval, it assumes the missing fragment(s) got lost and discards those it already received.

The problem this creates over high-speed links is that it is possible to send more than 65536 packets within 30 seconds. In fact, with heavy NFS traffic one can observe that the IP IDs repeat after about 5 seconds.

This has serious effects on reassembly: if one fragment gets lost, another fragment from a different packet but with the same IP ID will arrive within the 30 second timeout, and the network stack will combine these fragments to form a new packet. Most of the time, network layers above IP will detect this mismatched reassembly - in the case of UDP, the UDP checksum, which is a 16 bit checksum over the entire packet payload, will usually not match, and UDP will discard the bad packet.

However, the UDP checksum is 16 bit only, so there is a chance of 1 in 65536 that it will match even if the packet payload is completely random (which very often isn't the case). If that is the case, silent data corruption will occur.

This potential should be taken seriously, at least on Gigabit Ethernet. Network speeds of 100Mbit/s should be considered less problematic, because with most traffic patterns IP ID wrap around will take much longer than 30 seconds.

It is therefore strongly recommended to use NFS over TCP where possible, since TCP does not perform fragmentation.

Jumbo frames are the top-rated workaround.

p.s. Olaf Kirch's overview of NFS on Linux says that TCP was always the default.

chasil

stunnel, wireguard

I used stunnel in the past to encrypt NFSv4 over TCP. NFS makes use of ONC RPC.

Wireguard also has a much, much smaller footprint than any TLS implementation, and would likely shield any and all RPC traffic.

https://www.linuxjournal.com/content/encrypting-nfsv4-stunnel-tls

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

chasil

Re: This is why I set Firefox to clear cache, etc... on close

On Android, Firefox sometimes stalls when clearing the cache prior to exiting.

The solution to that is to swipe it away from the task list, open it again, and close it. If it again stalls, repeat.

I wish that would get fixed.

chasil

Webview

Android is the most popular computing platform, and it offers "Webview," which had previously been based on Apple Webkit/KDE Konqueror KHTML, but was forked and diverted by Google beginning with Android Lollipop.

Any application can call Webview to render remote or local HTML. There are dozens of browsers that do this in differing ways, and likely hundreds or thousands of apps that do this for specific uses that are not part of their core function.

Windows also does something similar with the historical "Trident" rendering engine, but is now done with EdgeHTML on Windows 10.

Android Phones are 10: For once, Google won fair and square

chasil

Re: Android is a terrible operating system.

And just in case anyone here has doubts about how awful Android's media system is, let's refer to an authoritative source:

"Don't start me on [Android] Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues in Stagefright (busy loops, device reboots, mediaserver crashes) quite early, but we never thought about submitting them."

https://interviews.slashdot.org/story/16/08/26/1338246/the-slashdot-interview-with-videolan-president-and-lead-vlc-developer-jean-baptiste-kempf

chasil

Android is a terrible operating system.

If you are building an OS that cannot receive regular updates, then you have to make some sacrifices for security. Android most certainly did not do this.

Using chroot() for untrusted apps is a well-known practice that Android ignored.

The Java JRE and other bytecode emulators (i.e. .NET) have led an extremely troubled existence from a security perspective; ADA compiled to native code would have been a far safer choice.

Instead of doing any of these things, Android requires all of the media libraries to be linked into the Zygote process which is forked to run apps. This is about the same as systemd refusing to run without a complete copy of VLC in its shared text segment. Android's media system is a particular disaster.

Android won because of the deal-making behind it - it certainly did not win on technical merit.

The consequence is that, every month, we have new critical flaws, addressed by OEM patches that either don't exist or are quite tardy.

See for yourself:

https://source.android.com/security/bulletin/

Microsoft hopes it has a sequel better than Godfather Part II: SQL Server 2019 previewed

chasil

sqlite is the most popular database

SQLite is the most popular, bar none. They just got window functions last month, too.

https://www.sqlite.org/mostdeployed.html

Every Android device

Every iPhone and iOS device

Every Mac

Every Windows10 machine

Every Firefox, Chrome, and Safari web browser

Every instance of Skype

Every instance of iTunes

Every Dropbox client

Every TurboTax and QuickBooks

PHP and Python

Most television sets and set-top cable boxes

Most automotive multimedia systems

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

chasil

I wonder which versions of Oracle's UEK were vulnerable.

The 862.14.4 kernel just came down yesterday.

Heads up: Fujitsu tips its hand to reveal exascale Arm supercomputer processor – the A64FX

chasil

Re: Why no ARM servers?

ARM 64-bit support only emerged in 2011, and it's vastly different from the 32-bit ISA (I understand it's much more like MIPS).

This also came late to x86 with the Opteron in 2003.

MIPS owned supercomputing in the 90s starting with the 1991 release of the 64-bit R4000.

The ARM 32-bit ISA had design decisions that limited performance. I would say that Sophie's ISA was perfect for an '80s Acorn, but not so much for a Cray.

https://www.jwhitham.org//2016/02/risc-instruction-sets-i-have-known-and.html

Systemd-free Devuan Linux looses version 2.0 release candidate

chasil

inittab

The article doesn't mention what init system replaced it - we have all assumed a clasic SysVinit. Is this so?

I have some old systems that use respawn behavior in the inittab to keep some of my Oracle clients running. I have them all set up to run with init 4. Unfortunately, the inittab only respawns ROOT processes, so I needed a wrapper to setuid() and drop various privileges, then get the Oracle environment variables in place, erase any lock files, then finally execute the correct program. My C code that does this resembles duct tape and bailing wire.

Moving these processes to systemd was VERY pleasant. I created units that ran as the correct users, read environment files and set them before executing, erased lock files before forking the main process, then ran final settings mods after the last program was up. I did not need any of my ugly C for this at all.

I can do all of this under either system, but what I needed was much more straightforward with systemd. I understand why people don't like it, but it does work for me when I need it.

Intel gives Broadwells and Haswells their Meltdown medicine

chasil

Re: New processor? - NO!

The microcode is needed for Spectre V2. Ubuntu already has the Retpoline workaround in their kernels addressing this. Call out to RedHat - why can't you do this?

Retpolines are faster than the microcode. If at all possible, use them instead. Below is an ancient Core Duo that is fully protected.

root@squib:~# ./spectre-meltdown-checker.sh ...

Kernel is Linux 4.13.0-36-generic #40-Ubuntu SMP Fri Feb 16 20:07:48 UTC 2018 x86_64

CPU is Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz...

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'...

> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'...

* Mitigation 2

* Kernel compiled with retpoline option: YES

* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)

* Retpoline enabled: YES

> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'...

> STATUS: NOT VULNERABLE (Mitigation: PTI)

Liberating SSH from Logjam leftovers

chasil

detect, fix

I wasn't expecting this, but 1024/1535 bit primes are in the latest CentOS.

# fgrep ' 1023 ' /etc/ssh/moduli | wc -l

29

# fgrep ' 1535 ' /etc/ssh/moduli | wc -l

49

This "in-place" sed edit command will remove them (restart sshd after edit):

sed -i.BAK 's/^.*[ ]1023[ ]/#&/;s/^.*[ ]1535[ ]/#&/' /etc/ssh/moduli

Oracle ZFS man calls for Big Red to let filesystem upstream into Linux

chasil

Re: GPL2? Think of the *BSDs!

Many, many people hold copyright on the Linux kernel. They could sue when Oracle violated their copyrights with sections 3.1 and 3.4 of the CDDL:

https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

Oracle cannot continue to use Linux/ZFS unless the CDDL terms are relaxed. Sun designed the CDDL specifically to prevent it from spreading into Linux.

Here are the relevant sections.

[§]3.1 … Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. …

[§] 3.4 … You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License

"We believe Sun was aware when drafting CDDLv1 of the incompatibilities; in fact, our research into its history indicates the GPLv2-incompatibility was Sun's design choice. At the time, Sun's apparent goal was to draw developers away from GNU and Linux development into Solaris. Not only did Sun not want code from GNU and Linux in Solaris, more importantly, Sun did not want technological advantages from Solaris' kernel to appear in Linux."

chasil

Re: Linux people are retar@ds

As I understand it, CDDL-licensed code requires anything that links with it to also be CDDL-licensed. Shipping a compiled kernel that includes ZFS binary modules would apply that CDDL license to all the other kernel code.

This would open the distributor to a lawsuit from all of the other contributors who did not agree to relicense their GPLv2 contributions under the CDDL.

Here is a discussion of these points (mentioned specifically as points 3.1 and 3.4):

https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

This relicensing liability does not fall on a distributor if ZFS is obtained in source file format (*.c) and the user invokes the compiler during the installation (via "dkml"). I know of one Linux distribution that does exactly this.

chasil

Re: Everything they touch gets forked

Solaris. I believe that these are the most well-known forks:

https://www.openindiana.org/

https://www.joyent.com/smartos

I believe that they both use this kernel:

https://wiki.illumos.org/display/illumos/illumos+Home

Fuming Qualcomm smashed with 23 BILLION DOLLAR fine in monopoly abuse probe

chasil

Intel

Intel's purchase of Infineon places it in the top 5 GSM chipset providers (I believe).

A quick deal by Qualcomm buying access to Intel's fabs is likely in order. A goodwill gesture to bundle Intel's modem with a Krait (aarch64-variety) would do much to assuage the regulatory anger. Some careful Qualcomm engineering attention to Intel's discrete modem chip that brings the GSM performance closer to Snapdragon would likely satisfy Apple.

Qualcomm has the power to broaden access to mobile - their CDMA patents lock them as to sole supplier for Verizon, Sprint, and U.S. Cellular. Regulators are demanding "coopetetion," and this is not unreasonable. Qualcomm needs to execute on monetizing their patent portfolio in a way that is friendly to all market segments and allows competitors to survive.

SPARC will fly: Your cheat sheet for cocktail banter at Oracle's upcoming shindig

chasil

Re: Even x86 is an option for legacy SPARC, these days

SPARC is prized among developers because it is NOT x86. When your code compiles cleanly on Linux and SPARC/Solaris, then you are reasonably sure that its portable. There is lots of compiler support for SPARC.

Microsoft once did exactly this thing. The original NT kernel was first prepared on MIPS. I think that x86 was the 3rd target platform.

The SPARC M2 is the most powerful 64-bit CPU design that is completely open and free for anyone to adapt. Alas, that has never excited great interest, even though it should.

http://www.oracle.com/technetwork/systems/opensparc/index.html

chasil

Disliking SPARC

Everybody always loves it when I post this.

https://www.jwhitham.org/2016/02/risc-instruction-sets-i-have-known-and.html

Bing fling sting: Apple dumps Microsoft search engine for Google

chasil

But we do say...

...this search is to sensitive for Google, so I'll use DuckDuckGo.com.

Bing is the backend for DuckDuckGo.

Oracle softly increments SPARC M7 to M8, then whispers: We'll still love you, Solaris, to 2034

chasil

Not so

OpenSSH is a major component of OpenBSD. OpenSSH is the market-dominant UNIX ssh server distro.

Lots of other OpenBSD-centric technologies have moved into far larger markets.

chasil

Disliking RISC

Everybody seems to love it when I post this link.

https://www.jwhitham.org/2016/02/risc-instruction-sets-i-have-known-and.html

SUSE pledges endless love for btrfs, says Red Hat's dumping irrelevant

chasil

Oracle - the ZFS/BtrFS connection

Oracle launched the development of BtrFS and supports it in their Red Hat clone.

https://docs.oracle.com/cd/E37670_01/E37355/html/ol_btrfs.html

Oracle controls the licensing for ZFS, and is actively preventing it from from reaching Red Hat.

Oracle has issued XFS patches (toward dedup), and is likely extremely familiar with Red Hat's position.

https://blogs.oracle.com/linuxkernel/upcoming-xfs-work-in-linux-v48-v49-and-v410%2c-by-darrick-wong

Red Hat has removed BtrFS to compromise Oracle's clone.

I am guessing that Red Hat wants either a) Oracle to contribute more to Red Hat for BtrFS support (in terms of cash, code, or both), or b) Oracle to release ZFS under a compatible license.

Oracle distributes a "Red Hat-compatible kernel" which might now be stripped of BtrFS. There are likely ways around that, but it forces a divergence which is to Red Hat's liking.

The Next Big Thing in Wi-Fi? Multiple access points in every home

chasil

Tomato WDS

The Tomato Linux distribution for MIPS and ARM routers is already able to do this.

The AP + WDS mode is used to slave the MAC addresses of the master and slave nodes.

https://learntomato.com/choose-wireless-bridge-mode-tomato-network/

https://en.wikibooks.org/wiki/Tomato_Firmware/Installation_and_Configuration

I'm a big fan of the Shibby Tomato Bandwidth Limiter feature - it's the easiest way that I know of to keep Windows 10 bandwidth usage under control. Runs well on an old, cheap WRT54G.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021