Posted
1 day
ago
Whoever is responsible for making the rt73usb driver work great out of the box: THANK YOU. I tried it without success when I installed Fedora 8 gold, and now it works brilliantly (and out-of-the-box) on Fedora 9.
Current hacking includes:
... [More]
GPRS/3G support via Bluetooth in NetworkManager, fprintd hacking, and gnome-lirc-properties integration into Fedora (Debian and Ubuntu people, upstream your bleeding patches, kthx).
And for nanobob and Borkis on FIFA: you really didn't need to quit the game when I scored those 2nd goals. Losing against a guy full of margaritas must hurt. [Less]
Posted
1 day
ago
A quick FAQ: the reason all DSA keys have been removed from fd.o and we aren't
accepting any new ones is that they are vulnerable to man-in-the-middle attacks
if they have ever been used (not just generated) on a system with a
predictable
... [More]
RNG: see Steinar's summary
of the maths. We're going with precedent of debian.org rejecting DSA keys,
and a general desire to be safe rather than sorry. RSA keys are the default in
OpenSSH anyway, so I'm not really sure why you'd want to generate DSA. [Less]
Posted
1 day
ago
EDIT: daniels (the guy doing all the work) posted a good summary of what happened to fd.o to announce@, so I'll quote that:
Hi,
Due to the recent Debian OpenSSL trainwreck[0], we've had to do a fair
bit of housecleaning with regards
... [More]
to authentication.
Firstly, the host keys have been regenerated, as below:
root@fruit:~% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 1e:81:13:df:b9:68:fc:c2:ec:9d:c3:87:d1:5e:30:77 /etc/ssh/ssh_host_rsa_key.pub
root@gabe:~% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 c1:1a:8a:e5:99:ce:5a:d9:a9:e2:b3:95:67:95:9d:f7 /etc/ssh/ssh_host_rsa_key.pub
root@kemper:~% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 95:b5:28:3d:9b:37:55:d4:fc:3d:99:b4:06:9d:9b:5f /etc/ssh/ssh_host_rsa_key.pub
root@annarchy:~% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 32:3e:0c:df:0a:c8:a6:33:72:9c:6c:ba:68:58:d2:30 /etc/ssh/ssh_host_rsa_key.pub
You'll note that these are RSA-only. DSA is no longer supported, nor is
SSH1.
Secondly, all vulnerable keys (weak RSA keys, RSA1 keys, and DSA keys)
have been removed; anyone who had a vulnerable key will have received an
email from myself at whichever address you had in LDAP, explaining what
happened, and how to fix it[1].
annarchy.fd.o (hosting bugs.fd.o, www.x.org, and others) is still having
major issues, thanks to the Moin 1.6 upgrade being unbelievably painful;
thanks very much to Benjamin Close for somehow dealing with this
godawful upgrade, which is running its load average up to 116, and using
up to 7GB of RAM just to convert a wiki from Moin 1.5 to 1.6.
The snakeoil cert from bugs.fd.o is still vulnerable, and feel free to
distrust it just as much as any other snakeoil cert. We'll be getting a
real cert from CAcert[2] soonish, but regenerating our snakeoil in the
meantime.
Thanks for bearing with us; if it's any consolation, it's not been the
best week for admins.
Cheers,
Daniel
[0]: http://lists.debian.org/debian-security-announce/2008/msg00152.html
[1]: http://www.freedesktop.org/wiki/AccountMaintenance
[2]: http://www.cacert.org -- add its certs to your browser if they
aren't there, and don't forget to let your distribution and/or
browser vendor know. [Less]
Posted
2 days
ago
Well perhaps not but I am taking off this weekend to a place I have been in spitting distance of but have never crossed the border. I find it strange that I have been all around the world and to almost every state in America and still have not
... [More]
bothered to visit our kind neighbours to the north. So with my roommates Bryan and Chris leaving this summer for far off jobs we decided to take a trip with a bunch of friends up to Montreal. I went down to NY last weekend for mothers day and to swap my car for my parents van just for this trip. It should be fun.
Oh and Les Halles, Anthony Bourdain’s home base, is fantastic. If you are down in New York City and in midtown I highly recommend it
[read this post in: ar de es fr it ja ko pt ru zh-CN ] [Less]
Posted
3 days
ago
I have recently changed the hard drive of my 5 years old T42 Thinkpad laptop. I had a 30 gb hard drive and that was obviously not enough to compile all the things I want to compile. Just to give an idea, I want to have xorg and nemiver jhbuilds as
... [More]
well as OpenEmbedded and OpenMoko builds around. If you add the fact that I use ccache extensively, I really needed more disk space.
So I went to memorysuppliers.com and ordered a hard drive of 160 GB. They did a very a good job in sending the disk very quickly. I backed up my home directory by simply using the excellent rsync program to save stuff on an external hard drive connected to the laptop via USB.
Then I followed the instructions here to remove the old disk and replace it with the new one.
After that, I just reinstalled a brand new GNU/Linux system and recovered my backed up data.
Everything went smoothly and took around 2h. Pretty neat.
I did also upgrade the ram to 2Gig a couple of months ago so compiling C programs is quite OK on this 5 years old machine now :-) [Less]
