Posts by Gary Charpentier

21) Message boards : Politics : We are being slimed... #2 (Message 2134733) Posted 13 days ago by Gary Charpentier Post: How did we let that loose...? It worked. Ignorance of long term effects. Like the Roman era lead pipe. Or coal fired industrial plants. Or should I say the usual way. Good enough for government work.
22) Message boards : Cafe SETI : Word Link #117 (Message 2134731) Posted 13 days ago by Gary Charpentier Post: page
23) Message boards : Politics : Computers & Technology 4 (Message 2134720) Posted 13 days ago by Gary Charpentier Post: ... Or is this attack vector something that is a design fault in the model of FOSS and Github? Nothing amiss with GitHub other than the users using it... In addition, the incident also started a discussion regarding the viability of having critical pieces of cyberinfrastructure depend on unpaid volunteers. However... There is no requirement made for financial contribution to keep things working. Hence 'industry' takes a free-of-cost ride?... Exactly the design fault of GitHub and FOSS. Neither GitHub or FOSS have any security to prevent bad nation state users from using it. Something tells me this is not the only exploit planted in distros. Because the exploit code had a bug it was detected, Other exploits may not have bugs. Isn't the entire point of FOSS to hang a bunch of customization on a O/S? Aren't those customization allowed to run with root and even supervisory privilege? Ask, it is easier for a nation state to search for a chain of bugs to open the door, or is it easier to simply build the door in the first place. Criminals won't because they have to find a fast way in to feed themselves, nation states draw a salary so years long waits are totally acceptable. Security is what you allow it to be.
24) Message boards : Cafe SETI : TLPTPHW CCCXXXII(332) (Message 2134715) Posted 13 days ago by Gary Charpentier Post: https://www.speedtest.net/result/16114144332 You bought the Porsche even though you know there are no roads to drive really fast... still... half a gigabit... is nice to have. Its 1/2 the cost of the DSL line it replaced.
25) Message boards : Cafe SETI : TLPTPHW CCCXXXII(332) (Message 2134700) Posted 14 days ago by Gary Charpentier Post: https://www.speedtest.net/result/16114144332
26) Message boards : Cafe SETI : Word Link #117 (Message 2134682) Posted 15 days ago by Gary Charpentier Post: Ale
27) Message boards : Politics : Computers & Technology 4 (Message 2134658) Posted 15 days ago by Gary Charpentier Post: The first question would be: Why was secure remote login (SSH) somehow intertwined with data compression (xz, ... liblzma). In the old old days of dialup compressing the data sent was necessary. The question that needs to be answered by every distro is how many packages that are in your distro have two or fewer maintainers? Or is this attack vector something that is a design fault in the model of FOSS and Github?
28) Message boards : Cafe SETI : Word Link #117 (Message 2134657) Posted 15 days ago by Gary Charpentier Post: Dow
29) Message boards : Politics : Boeing: Profits 1st, Safety 2nd? (Part 3) (Message 2134638) Posted 16 days ago by Gary Charpentier Post: I'm sure this will be blamed on Boeing https://www.youtube.com/watch?v=GBQkk4RcidA
30) Message boards : Politics : Computers & Technology 4 (Message 2134635) Posted 16 days ago by Gary Charpentier Post: What details have you seen? The reports I'm following show this attempted exploit to be very determinedly to have taken YEARS to incrementally place the pieces together, for some fantastic obfuscation, to then be undone by the keen eye of a tester who happens to work for Microsoft. https://www.inc.com/reuters/the-cyberattack-stopped-by-a-microsoft-engineer-was-scarier-than-we-realize.html XZ, a suite of file compression tools packaged into distributions of the Linux operating system, was long maintained by a single author, Lasse Collin. In recent years, he appeared to be under strain. In a message posted to a public mailing list in June 2022, Collin said he was dealing with "longterm mental health issues" and hinted that he working privately with a new developer named Jia Tan and that "perhaps he will have a bigger role in the future." This is a spy agencies wet dream. To simply be given the keys to nearly every data base on the planet. How much would any nation state invest in such an operation? How much time would a nation state invest in such an operation? What is the value to them? More importantly what has every other nation state's spy agencies learned for their next attempt? Very few understand what an intrusion at the nation state level is versus the far more common criminal level. That is a problem in security. In the open-source community, the discovery has been sobering. The volunteers who maintain the software that underpins the internet aren't strangers to the idea of little pay or recognition, but the realization that they were now being hunted by well-resourced spies pretending to be Good Samaritans was "incredibly intimidating," said Arasaratnam, of the Open Source Security Foundation. Government officials are also weighing the implications of the near-miss, which has underlined concerns about how to protect open-source software. Assistant national cyber director Anajana Rajan told Politico that "there's a lot of conversations that we need to have about what we do next "to protect open source code." BTW 2022 to 2023 isn't plural number of years. And don't forget nation states embed their operatives for decades.
31) Message boards : Cafe SETI : Word Link #117 (Message 2134634) Posted 16 days ago by Gary Charpentier Post: castellanus
32) Message boards : Cafe SETI : Word Link #117 (Message 2134618) Posted 17 days ago by Gary Charpentier Post: bread
33) Message boards : Cafe SETI : Word Link #117 (Message 2134603) Posted 17 days ago by Gary Charpentier Post: river
34) Message boards : Politics : Computers & Technology 4 (Message 2134581) Posted 17 days ago by Gary Charpentier Post: Well it finally came out. There were only 4 eyeballs and half of them belonged to the bad actor. Of all the places to inject, the makefile! Is that all that stands between open source and open terror? One has to wonder now, is this the first attempt for this kind of vector or only the first time it has been spotted? And why is Micto$oft the security force for Linux?
35) Message boards : Politics : Computers & Technology 4 (Message 2134521) Posted 19 days ago by Gary Charpentier Post: Is privacy Dead? https://phys.org/news/2024-04-breakthrough-prime-theory-primes.html
36) Message boards : Politics : When will the West stop pandering the Israeli government? (Message 2134493) Posted 21 days ago by Gary Charpentier Post: One wonders how mad the nuclear capable mullahs in Iran will be. If that is their choice it will be felt world wide on Geiger counters at least and likely we will find out that there is no such thing as a limited nuclear war. With pootin's mouth flapping he may be salivating for it.
37) Message boards : Cafe SETI : Word Link # 116 (Message 2134492) Posted 21 days ago by Gary Charpentier Post: Martin
38) Message boards : Politics : When will the West stop pandering the Israeli government? (Message 2134479) Posted 21 days ago by Gary Charpentier Post: Benji's lost it. Expected Rump to do something like this. https://www.aljazeera.com/news/2024/4/2/attack-on-iran-consulate-in-damascus-what-do-we-know WWIII starts today.
39) Message boards : Cafe SETI : Word Link # 116 (Message 2134461) Posted 22 days ago by Gary Charpentier Post: modulation
40) Message boards : Politics : Computers & Technology 4 (Message 2134398) Posted 24 days ago by Gary Charpentier Post: Millions of eyeballs, but it still gets a commit https://www.theregister.com/2024/03/29/malicious_backdoor_xz/

Previous 20 · Next 20

©2024 University of California

SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.