Turtles All the Way Down: Bootstrapping an operating system.

  attacks backdoors bsd compiling computers information_security linux mitigation operating_systems risks software trust

Now we need an operating system for the trusted, open source computer. As previously mentioned, Windows and MacOSX are out because we can't audit the code, and it is known that weaponized 0-days are stockpiled by some agencies for the purpose of exploitation and remote manipulation of systems, and are also sold on the black and grey markets for varying amounts of money (hundreds to multiple thousands of dollars). It has been observed by experts many a time that software being open source is not a panacea for security. It does, however, mean that the code can be audited for …

Read more...

Linux, UDEV, HAL, and removable drives.

  compiling desktop disk_partition external_drives fix gentoo gnome gparted hal hotplugging howto kde linux parted udev usb_keys use_flags

Now that I've metabolized the caffeine from the two-and-an-unknown-fraction pots of coffee I've drunk today (don't ask), I have it together enough to write about an unusually annoying glitch that plagues Linux users from time to time: Automatic mounting of USB storage devices stops working after you tinker with the systemware, usually after recompiling something or upgrading a package. I ran into this a few days ago but didn't think much of it because I've mostly been using Windows XP for work (yes, yes, you may now all laugh) but I decided to sit down and figure out what happened …

Read more...

Random knowledge III.

  aliases art_bell cartridges coding compiling gurps interfaces iptables java linux mozilla pgp plugins printers rpg stuffies upgrades

Coding with a teddy bear in your lap helps immensely.



IPtables for the v2.4 Linux kernel series doesn't understand virtual interfaces (a.k.a. IP Aliasing). If you've never seen this before you can take one interface, say eth0, and bind an IP address to it, for example 192.168.1.1. Under the v2.4 kernel series you can bind more than one IP address to an interface, which creates a virtual network interface. If I bound a second address (10.0.0.1) to our network interface above you'd see in the output of /sbin/ifconfig eth0 …

Read more...