Tag: linux

  1. Ubuntu Syndrome.

    11 February 2015

    Warning: Bitter BOFH ahead.

    There is a phenomenon I've come to call Ubuntu Syndrome, after the distribution of Linux which has become the darling of nearly every hosting provider out there (and no, I won't call them bloody cloud providers). All things considered, it seems to have a good balance of stable software, ease of use, availability, and diversity of available software. It also lends itself readily to the following workflow:

    • Use a tool like packer.io to automagically instantiate a copy of Ubuntu at the hosting provider of choice.
    • Never patch the machine under any circumstances.
    • Use Chef, Ansible …


  2. Linux on the Dell XPS 15 (9530)

    05 January 2015

    Midway through December of 2014 Windbringer suffered a catastrophic hardware failure following several months of what I've come to term the Dell Death Spiral (nontrivial CPU overheating even while in single user mode, flaky wireless, USB3 ports fail, USB2 ports fail, complete system collapse). Consequently I was in a bit of a scramble to get new hardware, and after researching my options (as much as I love my Inspiron at work they don't let you finance purchases) I spec'd out a brand new Dell XPS 15.

    Behind the cut I'll list Windbringer's new hardware specs and everything I did to …


  3. How to move your /boot partition onto removable media.

    19 April 2014

    Part of every traveler's threat model today should include the following scenario:

    When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …


  4. Ubuntu Linux and the Heartbleed OpenSSL vulnerability.

    07 April 2014

    If you're in the mad scramble to patch the Heartbleed vulnerability in OpenSSL on your Ubuntu servers but you need to see some documentation, look in your /usr/share/doc/openssl/changelog.Debian.gz file. If you see the following at the very top of the file, you're patched:

    openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium

    * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    - CVE-2014-0076
    * SECURITY UPDATE: memory disclosure in TLS heartbeat extension …


  5. Turtles All the Way Down: Bootstrapping an operating system.

    10 March 2014

    Now we need an operating system for the trusted, open source computer. As previously mentioned, Windows and MacOSX are out because we can't audit the code, and it is known that weaponized 0-days are stockpiled by some agencies for the purpose of exploitation and remote manipulation of systems, and are also sold on the black and grey markets for varying amounts of money (hundreds to multiple thousands of dollars). It has been observed by experts many a time that software being open source is not a panacea for security. It does, however, mean that the code can be audited for …


  6. Cryptsetup benchmarks for a Dell 17r.

    01 August 2013

    For no good reason today I decided to run some cryptsetup benchmarks on Windbringer. The only really significant change to the systemware configuration is that Windbringer is now running Linux kernel version 3.9.4-1-ARCH.

    [drwho@windbringer ~]$ cryptsetup benchmark
    # Tests are approximate using memory only (no storage IO).
    PBKDF2-sha1       407688 iterations per second
    PBKDF2-sha256     222155 iterations per second
    PBKDF2-sha512     144511 iterations per second
    PBKDF2-ripemd160  334367 iterations per second
    PBKDF2-whirlpool  187245 iterations per second
    #  Algorithm | Key |  Encryption |  Decryption
         aes-cbc   128b   563.0 MiB/s  1862.0 MiB/s
     serpent-cbc   128b    67.7 …


  7. Announcing Byzantium Linux v0.4b - "No sleep 'till Brooklyn!"

    01 July 2013

    Project Byzantium can now take a breather for a day or two to recuperate, so I have some time to write a hopefully coherent post during my second cup of coffee.

    Last week we wrapped up ISC development milestone number three: Addding amateur radio support to Byzantium Linux. This was probably our more difficult development effort to date, as it required that we use our relatively newly earned skills as ham radio operators to figure out a way to connect mesh networks over long distances - longer distances than 802.11 wireless can ordinarily cover. I'll not recap the entire report …


  8. Setting up AIDE in Kali Linux.

    17 June 2013

    Kali Linux (formerly Backtrack) is a distribution of Linux designed for penetration testers and information security professionals. I'll spare you the details - that's what Wikipedia is for - but I did want to post about a problem that I've been wrestling with for a couple of hours.

    Kali Linux can be installed and operated like any other distribution of Linux, which means that you get all of the nifty and handy tools that you'd expect to have, like AIDE for monitoring the file system for unauthorized changes. Unfortunately, because Kali is based upon Debian, and Debian over-engineers a lot of things …


  9. Announcing the release of v0.3a - Beach Cat!

    27 March 2013


    NOTE: This is Byzantium Linux for x86-compatible laptops and desktops. This release is not compatible with the Raspberry Pi. We just started work on that port.

    Project Byzantium, a working group of HacDC is proud to announce the release of v0.3 alpha of Byzantium Linux, a live distribution of Linux which makes it fast and easy to construct an ad-hoc wireless mesh network which can augment or replace the current telecommunications infrastructure in the event that it is knocked offline (for example, due to a natural …


  10. Project Byzantium awarded InformSec development grant!

    26 March 2013

    Hit and run, because I'm at work:

    The reason I haven't been posting much here is because I've been gearing up for this: Project Byzantium was awarded a grant by InformSec to advance the development of Byzantium Linux. The grant is for $10,000us across a six month period of time, during which we will accomplish the following milestones:

    • Port Byzantium Linux to the RaspberryPi.
    • Port Byzantium Linux to the Intel Macbook.
    • Develop a method for interfacing Byzantium Linux with existing amateur radio mesh networking projects.
    • Release v0.4.
    Parties interested in joining the development effort are encouraged to join …


4 / 9