137620750
submission
emil writes:
The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions.
133548455
submission
emil writes:
The advent of quantum computing poses a well-recognized threat to RSA and other well-known asymmetric cryptosystems. It has been four years since NIST opened the post-quantum cryptography competition, and we are seeing extensive delays compared to AES.
A new and (hopefully) quantum-secure SSH key exchange, based on NTRU Prime, has been present in OpenSSH since January 2019, first implemented in TinySSH shortly before. This key exchange is marked by OpenSSH as experimental, and not enabled by default.
For those ready to evaluate NTRU Prime, or otherwise seeking an SSH server with "state-of-the-art crypto" (as described by TinySSH author Jan Mojí), a complete procedure for a Musl build and Busybox container deployment is presented, with additional focus on supplemental servers and key conversion.
102171398
submission
emil writes:
NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information.
TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider's toolset, review NFS usage and encrypt where necessary.
88046029
submission
emil writes:
ADUPS was recently responsible for data theft on BLU phones, and an unsafe version of the ADUPS agent is pre-loaded on the Barnes & Noble BNTV450 ADUPS' press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that "owners can expect zero privacy or control while using it."
