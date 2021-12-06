Security Leftovers
Many people take Carnegie’s advice to heart when it comes to security. They anchor almost all of their security with a single vendor, and the vendor is more than happy to oblige. Most infosec vendors seem incapable of designing security architectures that don’t put their products at the root of all trust. “Just give us your keys,” they say, “and we’ll take care of the rest.”
It’s not just that this is the easiest architecture to design, it’s also to the vendor’s benefit if their customers are fully dependent on them. When you outsource all security decisions and trust, both the individual consumer and the enterprise are incapable of protecting themselves in the face of threats. When inevitably there’s a hole in the vendor’s basket and eggs start to break, the customer discovers just how powerless they are to do anything about it. Often they even find it challenging to get information about the size of the hole and whether their eggs are affected.
We live in an increasingly interconnected and interdependent society. Many people have realized over the past few years just how dependent they have been on outsourced infrastructure and supplies, and how unnerving it can be when those things are disrupted. In response, a number of people have changed their focus toward more self-sufficiency.
Recently I’ve been thinking about how I find it fun to learn computer networking by implementing working versions of real network protocols.
And it made me wonder – I’ve implemented toy versions of traceroute, TCP and DNS. What about TLS? Could I implement a toy version of that to learn more about how it works?
I asked on Twitter if this would be hard, got some encouragement and pointers for where to start, so I decided to go for it.
This was really fun and I learned a little more about how involved real cryptography is – thanks to cryptopals, I already 100% believed that I should not invent my own crypto implementations, and seeing how the crypto in TLS 1.3 works gave me even more of an appreciation for why I shouldn’t :)
As a warning: I am really not a cryptography person, I will probably say some incorrect things about cryptography in this post and I absolutely do not know the history of past TLS vulnerabilities that informed TLS 1.3’s design.
All of that said, let’s go implement some cryptography! All of my hacky code is on github. I decided to use Go because I heard that Go has good crypto libraries.
For example, JavaScript's package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little but print a message for peace to desktops. So far, so harmless.
Miller then inserted malicious code into the package to overwrite users' filesystems if their computer had a Russia or Belarus IP address. He then added it as a dependency to his popular node-ipc program and instant chaos! Numerous servers and PCs went down as they updated to the newest code and then their systems had their drives erased.
Are you new to Debian Linux, Ubuntu, or a Linux operating system that uses DEB files? Do you want to install a DEB file on your system but can’t figure it out? Follow this guide to learn how to install a DEB file on Linux.
If you’re new to Linux, you may be wondering how to delete a file. There are many ways to delete files on Linux. In this guide, we’ll cover the terminal method and a few GUI methods.
The Sega Naomi (New Arcade Operation Machine Idea), released in 1998, is a Sega arcade board. The Naomi shares a hardware architecture to the Sega Dreamcast, and as a result, many Naomi games eventually made it to the Dreamcast.
Naomi is now defunct and not in service anymore. Thankfully, you can play Sega Naomi games on Linux with Retroarch. Here’s how.
Note: Addictivetips in no way encourages or condones the illegal downloading or distribution of ROM files for the Sega Naomi. If you choose to install Retroarch, please use your own game ROMs you’ve backed up to your PC, legally.
Today we are looking at how to install Obsidian on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
Brave, the brainchild of Brendan Eich, has taken the Linux market by storm. Brave's unique operating model, privacy-centric approach, and fast performance promise to be an ideal browser replacement for Linux users.
If you're tired of seeing ads popping up everywhere on your browser and want to steer towards a secure browsing experience, Brave is the answer to your woes.
Without further ado, let's delve deeper to see how to install the Brave browser on various Linux distros.
In this post, you will learn how to install Snap on Rocky Linux 8.
Snap is the self-sufficient package technology developed by Canonical. As expected, it comes integrated in Ubuntu, but it is also possible to install it in other distributions like Rocky Linux.
Flatpak is Snap’s natural competitor. Both offer packages that can be run on any distribution that supports them thanks to their box technology. That is to say that in a single package are incorporated all dependencies and libraries needed to run without affecting the system.
Although the repositories of Rocky Linux 8 are extensive and more with EPEL, the truth is that thanks to Snap we can install other applications and further extend the functionality of the system.
In this tutorial, we will show you how to install Nomacs on Ubuntu 20.04 LTS. For those of you who didn’t know, Nomacs is a free, open-source image viewer, which supports multiple platforms. You can use it for viewing all common image formats such as JPEG, PNG, GIF, RAW, etc.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Nomacs image viewer on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.
OTRS Community Edition is an open-source helpdesk software written in Perl. In this article, you will learn how to install OTRS Community Edition on the Rocky Linux system. You will be installing OTRS with the MariaDB database and Apache webserver.
Redis is a free and open-source NoSQL database that stores data in memory in the form of key-value pairs. It is mainly used as a caching mechanism for other databases as it has low latency. Redis can store data structures, such as strings, hashes, lists, HyperLogs, and geospatial indexes.
Redis uses a set of commands for managing and working with the databases. One useful command is the PING command. Let us illustrate how we can use the Redis PING command.
Security is an essential factor in the modern age. Therefore, understanding how to secure your applications and data has become a requirement.
This article will discuss one of Redis’s security features called protected mode.
The Linux system consists of many built-in tools in it that are used to perform many specified tasks. One of those tools is “Apt” i.e., “Advanced Package Tool”. This tool consists of group utilities to perform installation, update, deletion, and other management activities for Linux software on different Linux operating systems. We can make use of this “apt” package tool on any of the Ubuntu, Debian, and Linux Mint operating systems. Therefore, we have been using this article to explain the use of the “Apt” package in the Ubuntu 20.04 system to list all the installed packages, software, and tools. Let’s take a new start from the terminal shell opening of the Ubuntu 20.04 system via the “Ctrl+Alt+T” shortcut.
Let’s get started with the system update first. So, we need to update our Ubuntu 20.04 Linux operating system using the Advanced package tool on the terminal. This command must be executed on the shell using the “sudo” rights along with the keyword “update”. On execution, the system asked for the sudo password before processing. We have added our sudo password and pressed the key “Enter”. The system has started updating itself as shown below.
My old tutorial for installing Windows 10 in GNOME Boxes doesn’t work with Windows 11. Here’s how to install Windows 11 as a virtual machine (VM) inside GNOME Boxes. (Some configuration file changes required.)
Windows 11 significantly raised its hardware requirements compared to Windows 10. Among the changes, it requires more RAM and storage space. It also requires a Trusted Platform Module (TPM) version 2.0 and a UEFI boot environment.
Redis is a key-value database that is lightweight and easy to use. To fetch a value in Redis, you have to reference the associated key. Although this is incredibly easy, it does provide one challenge, what happens if the key does not exist?
To create a simple error handling mechanism in our applications, we can use the Redis EXISTS command to verify the key before executing a query.
There is one database that raises its hand confidently when the topic of low latency comes up: Redis.
Redis is a free, open-source in-memory database that stores its data in the form of key-value pairs. It is a popular choice for high-performance applications due to its low latency and scalability.
This tutorial discusses installing the Redis server on your system, checking the version, and upgrading to the latest version.
Redis is incredibly fast, efficient, and reliable. In addition, it is a powerful tool that provides a caching mechanism for applications. This is because it stores the data in memory that does not require a round trip to the disk.
However, there is one drawback. Redis stores the data in memory which can have significant performance issues for large datasets.
Therefore, it is vital to keep track of the size of the database stored in the Redis instance and take the necessary actions.
Although Redis is an in-memory database, it allows more than one client to connect to the database. It uses connections from the clients on the configured TCP port or Unix sockets.
This short article will discuss how to check and increase or decrease the maximum clients supported by the Redis instance.
Any Linux system comes with a handful of tools pre-installed. The touch command is one such tool. The linux touch command is to modify the timestamps in the file metadata such as access and modification times. However, it’s also widely used for creating a new empty file in the desired location. With the proper file permission, the touch command can change the timestamps of any file. If the file didn’t exist prior, then it creates the file instead. In this guide, we’ll dive deeper into the usage of the touch command in Linux.
Audiocasts/Shows: TLLTS, Linux Action News, Destination Linux, FLOSS Weekly, and More
A significant follow-up to one of the biggest Linux stories, the Pandora's box the MIT Technology Review claims open-source devs just opened, and Linux on the M1 finally ships.
This week’s episode of Destination Linux, we’re going to be talking with Emma Marshall from System76. Then we’re going to check out a new RISC V offering in the market. Plus we’ve also got our famous tips, tricks and software picks. All of this and so much more this week on Destination Linux. So whether you’re brand new to Linux and open source or a guru of sudo. This is the podcast for you.
Drummond Reed, Director of Trust Services with Avast, leads Doc Searls and Simon Phipps through deep dives into SSI, blockchain, KERI (which avoids blockchains), protocols, standards and much more. The biggest frontier for trust is digital identity, specifically of the self-sovereign kind. Great discussion on this episode of FLOSS Weekly.
A couple of days ago, Linux Mint released their latest Linux Mint Debian Edition version 5 codenamed "Elsie." LMDE is Linux Mint's hedge in case anything ever happens to Ubuntu that would force Mint to base off of another distro. Maybe, they should go ahead and make the move now.
