Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Strange Days (Score 1) 54

by greenfruitsalad (#64092905) Attached to: Fedora Asahi Remix Officially Released For Apple Silicon Macs

Apparently, a frozen in time mixture of Fedora and Centos Stream are used as the basis for Amazon Linux. Fedora CoreOS is also very popular as a host for containers. But Fedora as a desktop OS is not something I'd want to have. Too bleeding edge, too blob-free and too few packages. And by the time you finally make everything work, new release comes out and you start over. But it's fun to play with if you want to see the things that'll come to your normal distro in a year or two.

Submission + - Attack discovered against SSH (arstechnica.com) 1

Submitted by jd
jd writes: Ars Technica is reporting a newly-discovered man-in-the-middle attack against SSH. This only works if you are using "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC", so it isn't a universal flaw. The CVE numbers for this vulnerability are CVE-2023-48795, CVE-2023-46445, and CVE-2023-46446.

From TFA:

At its core, Terrapin works by altering or corrupting information transmitted in the SSH data stream during the handshake—the earliest stage of a connection, when the two parties negotiate the encryption parameters they will use to establish a secure connection. The attack targets the BPP, short for Binary Packet Protocol, which is designed to ensure that adversaries with an active position can't add or drop messages exchanged during the handshake. Terrapin relies on prefix truncation, a class of attack that removes specific messages at the very beginning of a data stream.

The Terrapin attack is a novel cryptographic attack targeting the integrity of the SSH protocol, the first-ever practical attack of its kind, and one of the very few attacks against SSH at all. The attack exploits weaknesses in the specification of SSH paired with widespread algorithms, namely ChaCha20-Poly1305 and CBC-EtM, to remove an arbitrary number of protected messages at the beginning of the secure channel, thus breaking integrity. In practice, the attack can be used to impede the negotiation of certain security-relevant protocol extensions. Moreover, Terrapin enables more advanced exploitation techniques when combined with particular implementation flaws, leading to a total loss of confidentiality and integrity in the worst case.

Comment Re:Alternative (Score 1) 203

I recently had to go to a mcdonalds to buy gluten free burger for my child as there was no gluten free alternative around (and we were travelling). I was surprised there were no cashiers, only touch sensitive kiosks. The only people I could see working there were a lady handing out ready meals, the cooks and the forced-smile-lady helping customers figure out the kiosks. It was very dystopian.

Submission + - AmigaOS 4 Multicore at Amiwest 2022

Submitted by Mike Bouma
Mike Bouma writes: In the upcoming days the Amiga show Amiwest is to take place in Sacramento, California: "For decades we in the Amiga community have been looking forward to a multicore AmigaOS. After 1000's hours of hard work and solving deep technical challenges the ExecSG team will be ready to show their work to the public. Join us to see the system in action and ask question to Steven Solie, development lead for ExecSG."

Comment Re: ancient hardware (Score 1) 122

by greenfruitsalad (#62428532) Attached to: Fedora Plans To Drop Support For Legacy BIOS Systems

Which sane company would not make that calculation? I also run almost 10 year old hw in datacentre and for me it's still not worth it to do a forklift upgrade. If DC charged me per every single Amp and every single rack (instead of a room full of racks), then maybe. Cooling also isn't a cost that reflects my racks' heat output.

Comment Re:The original developer kind of had a point (Score 3, Interesting) 61

I still hold hope that what I've seen isn't universal but in my experience, companies are happy to make millions off of free software; happy to develop it further in-house (usually without contributing back) but as soon as the project appears to be in financial trouble, they'll look for costly commercial alternatives instead of funding the free software one.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close