Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Re:did centos pick the bad rpm's as well? (Score 1) 88

by PAjamian (#60353493) Attached to: Red Hat Security Update Renders Systems Unbootable

The CentOS repository did have new kernels, grub2 and shim rpms. FWIW, we don't do secure boot and virtuals without it are so far booting OK as we'd done a few virtuals and one physical server before the notice went out.

Then you already have the updates referenced above. If they didn't brick your systems then you're fine and can carry on.

Will hold off if new kernels are coming out again.

The new packages will be to fix this issue but may fix other issues as well. You should upgrade when they come out.

Submission + - Red Hat Security Update Renders Systems Unbootable (redhat.com) 2

Submitted by PAjamian
PAjamian writes: A recently released Red Hat update for the BootHole Vulnerability (firehose link) is causing systems to become unbootable. It is widely reported that updates to the shim, grub2 and kernel packages in RHEL and CentOS 7 and 8 are leaving various systems that use secure boot unbootable. Current recommendations are to avoid updating your system until the issue is resolved, or at least avoid updating the shim, grub2 and kernel packages.

Submission + - Linux GRUB2 Bootloader Flaw Breaks Secure Boot On Most Computers and Servers (csoonline.com)

Submitted by itwbennett
itwbennett writes: Patches were announced today for a vulnerability in the GRUB2 Linux bootloader that allows attackers to bypass boot process integrity verification. Because of how Secure Boot is implemented, the flaw can also be used to compromise the booting process of Windows and other systems. ‘The vulnerability found by Eclypsium is tracked as CVE-2020-10713 and is rated 8.2 (high) in the Common Vulnerability Scoring System (CVSS), but it's not the only one,’ writes Lucian Constantin for CSO. ‘After the company privately reported the vulnerability, a security audit of the GRUB2 code base was performed by security teams from Oracle, Red Hat, Canonical and VMware, resulting in dozens of other vulnerabilities and dangerous code operations being found and fixed. Some of them also have CVE identifiers — CVE-2020-14308, CVE-2020-14311, CVE-2020-14309 and CVE-2020-14310 — but others do not.’

Comment Broken out of the box (Score 1) 37

This is going to be broken out of the box. Many, possibly even most sessions store the client's IP address server-side and if the session is attempted to be resumed from an different IP it gets dropped so that the client has to re-authenticate. Sharing the session credentials as this does will only cause the IP check to fail and the session will get dropped anyways.

Comment Re:Am I reading this correctly? (Score 2) 92

by PAjamian (#59385728) Attached to: Uber Test Vehicles Involved In 37 Crashes Before Fatal Self-Driving Incident

The issue here is that the uber self-driving cars are not reacting in a proper defensive manner to occurrences outside the scope of traffic law. So, for example, an uber hit a jaywalking pedestrian, that is not something a competent human driver would do. In another instance the driver had to take over because the uber was not going to react properly to an oncoming vehicle in order to minimize the damage. The uber could not react to a bent road sign that any human driver would easily see and avoid hitting. These may be unusual occurrences, and may not be the fault of the car, but they are issues where the self-driving AI falls far short of how a human driver would react and hence the AI becomes far more dangerous on the road. Until the self-driving AI can react in the same way or better than a human counterpart to such occurrences they have no business being out on the road without a human backup driver.

Comment Specialized Port (Score 2, Interesting) 283

by PAjamian (#59088076) Attached to: Slashdot Asks: Do You Use Your Laptop's Headphone Jack?

The audio jacks are just specialized ports. Remove them and you can put one or two extra USB ports in their place and for $10-20 you can buy a USB audio adapter that does the same thing. I think more people would benefit from an extra USB port than the audio jack and a simple dongle returns the functionality anyways. We've removed parallel ports, serial ports, game port, and replaced the VGA port with a much smaller, multi-use HDMI port. Consolidating specialized ports to multi-use generic ports is a good way to go because then you can plug whatever you want into the port instead of only being able to plug a specific piece of hardware into a special-purpose port.

My laptop has three USB ports, with a fourth I would not have had to run out and buy a USB hub for it but I don't need an audio port on it.

Comment Re:my answer and the death ray plasma arc (Score 1) 169

the 220 you have in your house is normally 3 phase 110 which means only 110v drop between any pair of connections making it slightly safer.

Wrong.

US houses are fed with +110V, -110V and neutral. The + and - are 180 degrees out of phase (the term normally used is "split phase"). There is 220V between the two sides.

Actually you're wrong. The gp is mostly correct except that houses in the US are normally two phase, not three. Most industrial and businesses are three phase, though.

What makes you wrong is that there is no + and - assigned to the hot wires in AC because it alternates back and forth between +110 and -110 at a rate of 60 times per second (in the US). You are correct that the two hots will be 180 degrees out of phase which means that while one hot is +110 the other is -110 and vice-versa allowing 220v between the two sides and 110 between either side and neutral (which is tied to ground) when both are at peak voltage.

Slashdot Top Deals

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Close