Lawrence Livermore National Laboratory is working on digitizing thousands of films with high-speed footage from 1950s nuclear tests (before doing them above ground was banned). There's a playlist of 64 short videos on Youtube.
the stream
Links to articles, short comments on various topics - basically the sort of posts I would have put out on Google+ in previous years.
Tales From the Xenix Crypt analyzes the inner workings of the Xenix copy protection scheme.
OS/2 Museum now also is a new feed in my RSS reader...
(Via Ted Unangst.)
os2museum wrote:
If there’s any lesson to be learned, it’s probably that 30-year old copy protection is relatively easy to break using tools and computing power that did not exist 30 years ago.
OS/2 Museum now also is a new feed in my RSS reader...
(Via Ted Unangst.)
I'm trying to switch back from the Vivaldi web browser to Pale Moon (a Firefox fork that aims to keep supporting XUL and may other technologies that Mozilla has abandoned) - mostly to get back a working bookmarks / history sync between my various browser installations. Pale Moon still supports the old Weave sync protocol, and works fine with the old weave minimal server (I should probably switch to FSyncMS, but I'm lazy)...
Anyway - I used to be using the Self Destructing Cookies addon to automatically get rid of unused objects from closed tabs, and it turns out not to work anymore in Pale Moon 27... A discussion on the Pale Moon forums pointed to Cookies Exterminator as an alternative. So far, I've not seen any problems. The author is active on the PM forums, too.
Anyway - I used to be using the Self Destructing Cookies addon to automatically get rid of unused objects from closed tabs, and it turns out not to work anymore in Pale Moon 27... A discussion on the Pale Moon forums pointed to Cookies Exterminator as an alternative. So far, I've not seen any problems. The author is active on the PM forums, too.
Ok, probably not a surprise when you have read all the documentation...
Ivan Pepelnjak recently mentioned that Cisco IOS XE still doesn't have candidate configuration or commit capabilities, at least when using NETCONF automation.
One of the comments then has this hint:
Ivan Pepelnjak recently mentioned that Cisco IOS XE still doesn't have candidate configuration or commit capabilities, at least when using NETCONF automation.
One of the comments then has this hint:
Port 22 hosts the legacy netconf agent on IOS-XE, which only supports netconf 1.0 with a Cisco-proprietary payload (same as all other vendors). Port 830, when netconf-yang is enabled, hosts the model-based agent.
acmetool (GitHub: hlandau/acme) seems to bring a couple of interesting options for serving acme http challenges, and a hook for external programs to handle the DNS challenge method. Configuration through simple files in a predefined directory structure. Looks like a workable compromise between the rather heavyweight official client and the various shell scripts.
That was a most welcome surprise for tonight... Five songs from the new album and a half-hour interview in this "full performance" video on the KEXP channel on YouTube.
The interview part is just as excellent as the music, and starts at 18:18 in the video. Lots of information about her life and her songwriting. Just listen to the three minutes from 47:37 for a strong reminder that these are not the times to stay depressed over.
The Trapper and the Furrier nicely shows off some of the flexibility of her voice.
The interview part is just as excellent as the music, and starts at 18:18 in the video. Lots of information about her life and her songwriting. Just listen to the three minutes from 47:37 for a strong reminder that these are not the times to stay depressed over.
The Trapper and the Furrier nicely shows off some of the flexibility of her voice.
I'll spoil the fun from Florian Haas' question on G+ right away - the resulting info seems useful:
Obviously, this replaces the header of a file. But why?
Florian Haas wrote:
OK people, try to guess (without googling) what this does:
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 oldfile ) > newfile
Clue: head→desk, seriously.
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 oldfile ) > newfile
Clue: head→desk, seriously.
Obviously, this replaces the header of a file. But why?
Florian Haas wrote:
This is how you "transform" an Android backup file into a regular gzipped tarball.
The packagecloud people (which I didn't know about until Ted Unangst linked to one of their recent sycall performance blog posts) have a debian-howto category on their blog with some posts that seem rather useful.
Nothing that can't be found elsewhere (like the official Debian documentation), but the descriptions of package creation workflows, for example, are condensed down to the essentials quite well:
Nothing that can't be found elsewhere (like the official Debian documentation), but the descriptions of package creation workflows, for example, are condensed down to the essentials quite well:
- Building debian packages with debuild
- Using dh-make to prepare debian packages
- HOWTO: Build debian packages for simple shell scripts
- Building Debian and Ubuntu packages with pbuilder
Here, with Eagle schematics.
The article also reminded me of this old post by Landon Dyer, which explains how they came up with the ROM-patching idea...
(Via tedu's inks.)
Matthias Melcher wrote:
Anyway, wouldn't it be fantastic to create a souped-up ROM board? 8MB Flash and 8MB NewtonOS, also in Flash, being able to patch it, fix it, extend it, have fun. Maybe have even more that 16MB if that is possible. Is it possible? How can we find out?
An early draft of the licensee information for this ROM card exists, but it is not detailed enough to build such a card. Before starting a patch wire solution, I wanted to know how the original board worked, and then fill in the missing information in that draft.
Well, I went all the way and reverse engineered the entire ROM board. Here are my findings.
An early draft of the licensee information for this ROM card exists, but it is not detailed enough to build such a card. Before starting a patch wire solution, I wanted to know how the original board worked, and then fill in the missing information in that draft.
Well, I went all the way and reverse engineered the entire ROM board. Here are my findings.
The article also reminded me of this old post by Landon Dyer, which explains how they came up with the ROM-patching idea...
(Via tedu's inks.)
https://wikileaks.org/ciav7p1/
Wikileaks wrote:
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. [..]
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Yikes. I've been using OpenBSD on and off since release 2.3, but I wasn't aware of malloc.conf(5) (which seems to have been introduced with OpenBSD 2.5, back in 1999, and allows control over several features of the memory allocator):
Upon the first call to the malloc(3) family of functions, an initialization sequence inspects the symbolic link /etc/malloc.conf, next checks the environment for a variable called MALLOC_OPTIONS, and finally looks at the global variable malloc_options in the program. Each is scanned for the following flags. [..]
Upon the first call to the malloc(3) family of functions, an initialization sequence inspects the symbolic link /etc/malloc.conf, next checks the environment for a variable called MALLOC_OPTIONS, and finally looks at the global variable malloc_options in the program. Each is scanned for the following flags. [..]
Unless more generic SHA1 collisions turn up, this looks like a somewhat forced scenario (that doesn't really warrant an own name and web site, but hey) - someone has thought up a way to apply the SHAttered attack to Bittorrent:
As far as I understand from the BitErrant web site, they're proposing to use the two colliding data blocks from SHAttered to create two torrents that contain one differing chunk (with the same SHA1 hash nevertheless), and then look at the contents of that chunk as a trigger to decide whether to execute a "hidden" malicious payload that's contained elsewhere in both versions of the torrent. (Bittorrent uses a SHA1 hash to identify each 32k chunk in the torrent.)
Yeah, ok. I don't think I'm particularly scared now...
(Via Isotopp.)
As far as I understand from the BitErrant web site, they're proposing to use the two colliding data blocks from SHAttered to create two torrents that contain one differing chunk (with the same SHA1 hash nevertheless), and then look at the contents of that chunk as a trigger to decide whether to execute a "hidden" malicious payload that's contained elsewhere in both versions of the torrent. (Bittorrent uses a SHA1 hash to identify each 32k chunk in the torrent.)
Yeah, ok. I don't think I'm particularly scared now...
(Via Isotopp.)
Not that I mind - if people absolutely want to use Red Hat, they should be paying for it...
Case in point: An article about recommendations for configuring swap on modern linux systems, which contains no useful information about why an admin should select 20% of the available memory as swap size - for that part, it links to a "solution document", which in turn requires a subscription...
Since "modern Linux" doesn't use swap as backing for crash dumps, there never was a reason to tie swap size to real mem in the first place. (And I don't think I've used - or even set up - kdump on any system in the past 10 years...)
(Via Scot Stevenson on G+.)
Case in point: An article about recommendations for configuring swap on modern linux systems, which contains no useful information about why an admin should select 20% of the available memory as swap size - for that part, it links to a "solution document", which in turn requires a subscription...
Since "modern Linux" doesn't use swap as backing for crash dumps, there never was a reason to tie swap size to real mem in the first place. (And I don't think I've used - or even set up - kdump on any system in the past 10 years...)
(Via Scot Stevenson on G+.)
Quote in a recent IEEE spectrum article: “Bicycles are probably the most difficult detection problem that autonomous vehicle systems face” .
Bikes are hard to detect for the sensors, and a lot less predictable than other cars.
(Via The RISKS Digest.)
Bikes are hard to detect for the sensors, and a lot less predictable than other cars.
(Via The RISKS Digest.)
I wasn't aware that the ISC is working on a new high-performance DHCP server, Kea. (Let's hope it'll meet a better fate than the BIND 10 effort. )
The Kea web page also has a short table with a comparison to the classic ISC dhcpd.
ISC wrote:
Kea is designed to be easily extensible through an applications API. This API can be called at multiple places during the DHCP processing, to consult or update enterprise provisioning systems, for example. Kea DHCP leases may be stored in a memory file database, or in a MySQL or Postgres database.
The Kea web page also has a short table with a comparison to the classic ISC dhcpd.
Tab stacking is quite a useful feature of the Vivaldi browser that groups several tabs into one. One of the features I didn't notice until today is that it's possible to have Vivaldi stack all open tabs from a single site:
Similar to "secure" (SSL) web admin interfaces on various systems, which are by now so outdated that modern browsers refuse to talk to them, it now gets increasingly difficult to get OpenSSH to connect to old ssh servers... For the web stuff, it's useful to keep an old version of Portable Firefox available...
For ssh, I've seen this hint on IRC today:
That should work with everything, unless you're trying to connect to a server that only supports ssh1 - which is usually disabled in current OpenSSH builds, and will go away completely later this year: "In approximately August 2017, removing remaining support for the SSH v.1 protocol (client-only and currently compile-time disabled)." (From the OpenSSH 7.4 release notes).
Well, I guess PuTTY can still do that.
For ssh, I've seen this hint on IRC today:
alias oldssh='ssh -o '\''HostKeyAlgorithms=+ssh-dss'\'' -o '\''KexAlgorithms=+diffie-hellman-group1-sha1'\'''
That should work with everything, unless you're trying to connect to a server that only supports ssh1 - which is usually disabled in current OpenSSH builds, and will go away completely later this year: "In approximately August 2017, removing remaining support for the SSH v.1 protocol (client-only and currently compile-time disabled)." (From the OpenSSH 7.4 release notes).
Well, I guess PuTTY can still do that.
...about methane residue on Pluto's moon Charon: It turns out methane CAN simply walk into Mordor
Nice piece of science-ish entertainment too.
Nice piece of science-ish entertainment too.
Here: colliding, fast and slow
Pretty concise summary on how hash attacks (don't) affect password hashes, and also some good explanation on some of the crypto lingo, like preimage attack, for example.
Pretty concise summary on how hash attacks (don't) affect password hashes, and also some good explanation on some of the crypto lingo, like preimage attack, for example.
Ok, so not really weapons, more like an online outrage generator: BuzzFeed News traced a group of liberal and conservative websites back to the same company. “The product they’re pitching is outrage,” said one liberal writer.
(Via netzpolitik.org (german).)
buzzfeed wrote:
It’s unclear if the people running American News LLC use the same writers for their conservative and liberal websites, or if they have separate teams. What is clear is at least one of their sites is using fake author photos. The author page for God Today lists two writers, Henry Freeman and John Sullivan. The photos for these writers are taken from stock video footage.
(Via netzpolitik.org (german).)
Today I learned that LDAP has an optional STARTTLS mode: SANS ISC: SSL/TLS on port 389. Say what?
(I also wasn't aware of the nmap ssl-enum-ciphers script mentioned in that post.)
(I also wasn't aware of the nmap ssl-enum-ciphers script mentioned in that post.)
The Solaris linker has a widely unknown feature (cache) that makes it possible to link various fragments optimized towards different instruction set variants into a single binary (and select the correct one at runtime).
(Via Ted Unangst's inks.)
(Via Ted Unangst's inks.)
You know your home network setup gets out of hand when you have to start using NAT between different subnets...
(But then, hey, I use four separate VDOMs on my Fortigate firewall. I really need to clean up this stuff...)
(But then, hey, I use four separate VDOMs on my Fortigate firewall. I really need to clean up this stuff...)