Security Leftovers
How Secure Are YOUR Passwords?
It seems like this whole issue revolving around secure passwords just keeps coming up over and over and over, year after year after year. And, it's probably for a good reason: people just aren't getting the message. If they are, they aren't changing their habits and behaviors.
I get it, and I bet a lot of you "get it," too. It's difficult to remember a unique, complex password for each site. This leads to password reuse between sites, even though everyone knows such behavior is bad and a poor security practice.
So, just how difficult is it for a hacker to break your password using brute force? Well, that was exactly the topic of a Reddit thread recently. The graphic posted in the thread pretty much speaks for itself.
Short Topix: Linux Servers, Workstations Hackers' Next Target
It's true that Windows machines are a preferred target for mass malware attacks, but advanced persistent threats (APTs) are more of a threat to Linux, since the threat actor is usually either a nation state or state-sponsored group who establishes a long term presence on a network to wreak havoc. According to Kaspersky, there are over a dozen APT actors who have been seen using Linux malware or some Linux based modules.
Ben Hutchings: Debian LTS work, September 2020
I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 9.75 hours from August. I only worked 8.25 hours this month, and will return the remaining hours to the pool.
I attended and participated in the LTS team meeting on the 24th.
XCP-ng 8.2 LTS To Bring Rewritten UEFI, Core Scheduling To Fend Off Side Channel Attacks
XCP-ng as the open-source hypervisor built atop XenServer is preparing for its 8.2 LTS release while this week marked the availability of the first beta.
This XenServer-based open-source hypervisor is in the process of picking up many features for the 8.2 LTS release. There is a re-implementation of XCP-ng's UEFI support, Openflow controller access support with Xen Orchestra, experimental core scheduling, experimental storage driver support for Gluster / ZFS / XFS / CephFS, support for Intel Icelake and Comet Lake processors, and a variety of other improvements.
Programming Leftovers
FreeBSD 12.2-RC1 Now Available
The first RC build of the 12.2-RELEASE release cycle is now available. Installation images are available for: o 12.2-RC1 amd64 GENERIC o 12.2-RC1 i386 GENERIC o 12.2-RC1 powerpc GENERIC o 12.2-RC1 powerpc64 GENERIC64 o 12.2-RC1 powerpcspe MPC85XXSPE o 12.2-RC1 sparc64 GENERIC o 12.2-RC1 armv6 RPI-B o 12.2-RC1 armv7 BANANAPI o 12.2-RC1 armv7 BEAGLEBONE o 12.2-RC1 armv7 CUBIEBOARD o 12.2-RC1 armv7 CUBIEBOARD2 o 12.2-RC1 armv7 CUBOX-HUMMINGBOARD o 12.2-RC1 armv7 RPI2 o 12.2-RC1 armv7 WANDBOARD o 12.2-RC1 armv7 GENERICSD o 12.2-RC1 aarch64 GENERIC o 12.2-RC1 aarch64 RPI3 o 12.2-RC1 aarch64 PINE64 o 12.2-RC1 aarch64 PINE64-LTS Note regarding arm SD card images: For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access. Additionally, the root user password is set to root. It is strongly recommended to change the password for both users after gaining access to the system. Installer images and memory stick images are available here: https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.2/ The image checksums follow at the end of this e-mail. If you notice problems you can report them through the Bugzilla PR system or on the -stable mailing list. If you would like to use SVN to do a source based update of an existing system, use the "releng/12.2" branch. A summary of changes since 12.2-BETA3 includes: o OpenSSL 1.1.1h has been merged. o A fix for UFS hash checking had been added. o A fix for mmap'd writes in fusefs for writes in direct_io mode had been addressed. o Amazon EC2 AMIs for arm64 have been updated to include ebsvnme-id. o A fix to NFSv4.1 addressing a locking issue had been addressed. o Other miscellaneous bug fixes. A list of changes since 12.1-RELEASE is available in the releng/12.2 release notes: https://www.freebsd.org/releases/12.2R/relnotes.html Please note, the release notes page is not yet complete, and will be updated on an ongoing basis as the 12.2-RELEASE cycle progresses. === Virtual Machine Disk Images === VM disk images are available for the amd64, i386, and aarch64 architectures. Disk images may be downloaded from the following URL (or any of the FreeBSD download mirrors): https://download.freebsd.org/ftp/releases/VM-IMAGES/12.2-RC1/ The partition layout is: ~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label) ~ 1 GB - freebsd-swap GPT partition type (swapfs GPT label) ~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label) The disk images are available in QCOW2, VHD, VMDK, and raw disk image formats. The image download size is approximately 135 MB and 165 MB respectively (amd64/i386), decompressing to a 21 GB sparse image. Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI loader file is needed for qemu-system-aarch64 to be able to boot the virtual machine images. See this page for more information: https://wiki.freebsd.org/arm64/QEMU To boot the VM image, run: % qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt \ -bios QEMU_EFI.fd -serial telnet::4444,server -nographic \ -drive if=none,file=VMDISK,id=hd0 \ -device virtio-blk-device,drive=hd0 \ -device virtio-net-device,netdev=net0 \ -netdev user,id=net0 Be sure to replace "VMDISK" with the path to the virtual machine image. === Amazon EC2 AMI Images === FreeBSD/amd64 EC2 AMIs are available in the following regions: af-south-1 region: ami-0b78d5e770bcdeb5e eu-north-1 region: ami-0505a8c0c52cfff31 ap-south-1 region: ami-0c4c09e714e3a6e9f eu-west-3 region: ami-00e0dae18af349d16 eu-west-2 region: ami-06e6d824cb38c5eef eu-south-1 region: ami-077bfe44af5272bfc eu-west-1 region: ami-0830c03d9511775c6 ap-northeast-2 region: ami-00d438c5be9106d1a me-south-1 region: ami-01efb2372fa56c3dd ap-northeast-1 region: ami-0276c6be8130eac10 sa-east-1 region: ami-075bc30f68a1ef652 ca-central-1 region: ami-0e6349ad57b6ec50e ap-east-1 region: ami-0934a82e2fe4fc324 ap-southeast-1 region: ami-082ef5fab8053e525 ap-southeast-2 region: ami-034eced9d3b0a5fcb eu-central-1 region: ami-003b3ecea55e0f34a us-east-1 region: ami-046ecf67c8b89748a us-east-2 region: ami-02a876a6124ba82ca us-west-1 region: ami-076e14c698318f4a1 us-west-2 region: ami-0397116051898a487 FreeBSD/aarch64 EC2 AMIs are available in the following regions: af-south-1 region: ami-04c4b469b7a750631 eu-north-1 region: ami-0a5c67bbe7b0e8109 ap-south-1 region: ami-0b1deff23e65431f0 eu-west-3 region: ami-06968c110a4e11fd1 eu-west-2 region: ami-04d9f8ba0273d9c53 eu-south-1 region: ami-08f7137dc70ba9340 eu-west-1 region: ami-09bdce51a19f36c5a ap-northeast-2 region: ami-0a943f6eb97da5f83 me-south-1 region: ami-0640892b8fe159522 ap-northeast-1 region: ami-0785670f49ecef76f sa-east-1 region: ami-07edcd782d88c3d98 ca-central-1 region: ami-0e1a9498537799d77 ap-east-1 region: ami-0f946da19f79ace77 ap-southeast-1 region: ami-09080b7b686213e52 ap-southeast-2 region: ami-0ca96c25f1ab45e19 eu-central-1 region: ami-04362b308dedebe83 us-east-1 region: ami-07ce6d0ad55d93d8a us-east-2 region: ami-0367f7addcbc6a4f3 us-west-1 region: ami-0d5a5ef688e8d1dbd us-west-2 region: ami-02cfa06ec6b5efd78 === Vagrant Images === FreeBSD/amd64 images are available on the Hashicorp Atlas site, and can be installed by running: % vagrant init freebsd/FreeBSD-12.2-RC1 % vagrant up === Upgrading === The freebsd-update(8) utility supports binary upgrades of amd64 and i386 systems running earlier FreeBSD releases. Systems running earlier FreeBSD releases can upgrade as follows: # freebsd-update upgrade -r 12.2-RC1 During this process, freebsd-update(8) may ask the user to help by merging some configuration files or by confirming that the automatically performed merging was done correctly. # freebsd-update install The system must be rebooted with the newly installed kernel before continuing. # shutdown -r now After rebooting, freebsd-update needs to be run again to install the new userland components: # freebsd-update install It is recommended to rebuild and install all applications if possible, especially if upgrading from an earlier FreeBSD release, for example, FreeBSD 11.x. Alternatively, the user can install misc/compat11x and other compatibility libraries, afterwards the system must be rebooted into the new userland: # shutdown -r now Finally, after rebooting, freebsd-update needs to be run again to remove stale files: # freebsd-update installAlso: FreeBSD 12.2-RC1 Available
New Object Storage Protocol Could Mean the End for POSIX
PCLinuxOS: Gerrit Draisma Interview, Users' Screenshots and a Welcome Message From The Chief Editor
