Slashdot Mirror

← Back to Domains

Domain: daemonology.net

Stories and comments across the archive that link to daemonology.net.

Stories · 12

  1. Oil Changes, Safety Recalls, and Software Patches (daemonology.net)

    It · Security · · posted by msmash · from the interesting-perspective dept. · 129 comments
    An anonymous reader shares a blog post: Every few months I get an email from my local mechanic reminding me that it's time to get my car's oil changed. I generally ignore these emails; it costs time and money to get this done and I drive little enough -- about 2000 km/year -- that I'm not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. On the other hand, there's another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there's a safety recall you don't have to pay for the replacement or fix -- the cost is covered by the manufacturer. I started thinking about this distinction -- and more specifically the difference in user behaviour -- in the aftermath of the "WannaCry" malware. While WannaCry attracted widespread attention for its "ransomware" nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying -- and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn't access patient records. [...] I imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls -- unless you're certain that you're not affected, take care of them as a matter of urgency -- but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It's easy to say that such users are wrong; but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems.

  2. FreeBSD 7.0 Release Now Available

    Bsd · Software · · posted by samzenpus · from the get-it-while-it's-hot dept. · 229 comments
    cperciva writes "The first release from the new 7-STABLE branch of FreeBSD development, has been released. FreeBSD 7.0 brings with it many new features including support for ZFS, journaled filesystems, and SCTP, as well as dramatic improvements in performance and SMP scalability. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade."

  3. FreeBSD 7.0 Release Now Available

    Bsd · Software · · posted by samzenpus · from the get-it-while-it's-hot dept. · 229 comments
    cperciva writes "The first release from the new 7-STABLE branch of FreeBSD development, has been released. FreeBSD 7.0 brings with it many new features including support for ZFS, journaled filesystems, and SCTP, as well as dramatic improvements in performance and SMP scalability. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade."

  4. FreeBSD 6.3-RELEASE Now Available

    Bsd · Os · · posted by ScuttleMonkey · from the put-the-daemon-back-in-the-box dept. · 100 comments
    cperciva writes "FreeBSD 6.3-RELEASE, the fourth release from the highly successful 6-STABLE branch of FreeBSD development, has been released. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade."

  5. FreeBSD 6.3-RELEASE Now Available

    Bsd · Os · · posted by ScuttleMonkey · from the put-the-daemon-back-in-the-box dept. · 100 comments
    cperciva writes "FreeBSD 6.3-RELEASE, the fourth release from the highly successful 6-STABLE branch of FreeBSD development, has been released. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade."

  6. Hyper-Threading, Linus Torvalds vs. Colin Percival

    It · Security · · posted by timothy · from the local-exploit-means-other-bad-things dept. · 396 comments
    OutsideIn writes "The recent Hyper-Threading vulnerability announcement has generated a fair amount of discussion since it was released. KernelTrap has an interesting article quoting Linux creator Linus Torvalds who recently compared the vulnerability to similar issues with early SMP and direct-mapped caches suggesting, "it doesn't seem all that worrying in real life." Colin Percival, who published a recent paper on the vulnerability, strongly disagreed with Linus' assessment saying, "it is at times like this that Linux really suffers from having a single dictator in charge; when Linus doesn't understand a problem, he won't fix it, even if all the cryptographers in the world are standing against him.""

  7. Hyperthreading Considered Harmful

    It · Security · · posted by CowboyNeal · from the not-just-for-performance dept. · 392 comments
    cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

  8. FreeBSD Gets Official Support As VMware ESX Guest

    Bsd · Os · · posted by timothy · from the be-their-guest dept. · 31 comments
    An anonymous reader writes "FreeBSD 4.9 has become the first non-commercial open-source operating system to be supported as a VMware ESX guest. This allows enterprise users to benefit from a powerful open-source OS with the benefit of subscription free binary updates. This also solves a number of enterprise support issues around lack of hardware vendor support and issues around using non-commercial operating systems on SAN fabrics as the SAN access is abstracted through VMware, which the SAN supplier is more likely to have certified."

  9. Delta Compression for Linux Security Patches?

    Ask · Storage · · posted by Cliff · from the binary-diffs dept. · 289 comments
    cperciva asks: "For people without fast internet connections, it is often impractical to download large security patches. In order to avoid to reduce patch sizes, some operating systems -- starting with FreeBSD over a year ago, and recently followed by Mac OS X and Windows XP SP2 -- have started to use delta compression (also known as binary diffs, which constitutes a portion of my doctoral thesis), and can often reduce patch sizes by over a factor of 50. In light of the obvious benefits, I have to ask: When will Linux vendors follow suit?"

  10. Delta Compression for Linux Security Patches?

    Ask · Storage · · posted by Cliff · from the binary-diffs dept. · 289 comments
    cperciva asks: "For people without fast internet connections, it is often impractical to download large security patches. In order to avoid to reduce patch sizes, some operating systems -- starting with FreeBSD over a year ago, and recently followed by Mac OS X and Windows XP SP2 -- have started to use delta compression (also known as binary diffs, which constitutes a portion of my doctoral thesis), and can often reduce patch sizes by over a factor of 50. In light of the obvious benefits, I have to ask: When will Linux vendors follow suit?"

  11. Depenguinator "Upgrades" Linux to BSD

    Bsd · Upgrades · · posted by CmdrTaco · from the now-thats-just-creapy dept. · 616 comments
    cperciva writes "Many systems around the world have been possessed by penguins and dead rats. It would be nice to exorcize these evil spirits, but this can be difficult without physical access to the machines in question. Thanks to a new depenguinator, it is now possible to upgrade Linux systems to run FreeBSD 5.x without requiring anything more than an SSH connection." Clever idea.

  12. Depenguinator "Upgrades" Linux to BSD

    Bsd · Upgrades · · posted by CmdrTaco · from the now-thats-just-creapy dept. · 616 comments
    cperciva writes "Many systems around the world have been possessed by penguins and dead rats. It would be nice to exorcize these evil spirits, but this can be difficult without physical access to the machines in question. Thanks to a new depenguinator, it is now possible to upgrade Linux systems to run FreeBSD 5.x without requiring anything more than an SSH connection." Clever idea.