whitenoise

technology notes… mobile and embedded.

Archive for the ‘Uncategorized’ Category

Kernel.org has been hacked.

leave a comment »

On Aug31 kernel.org broke the news that many of its servers have been compromised by unknown attackers. They broke in using a compromised user account and installed a rootkit that was silently monitoring user activity among other things. The gory details are best described here

Youve_Been_HackedIt should be pretty embarrassing when when this happens around the 20th anniversary  of Linux.

But the hack has made us all know some very important details about the integrity of kernel source
and the resilience of git itself against such attack.

Resilient Git For each file in the git repository a cryptographically secure hash is generated and the hash uniquely identified the content of that file along with its history.  So any modification into an old commit WITHOUT changing the hash is very difficult.
So from a source code perspective we could be fairly sure that no change could be injected onto it. This blog post at the Linux foundation explains it well.

However Aside from Git, kernel.org also hosts the signatures and some key components used to sign the kernel drops.
See the post here to know how the signing works. If the intruder got the private key ,then he could modify source (outside of git) and make tar archives and sign it.

This may be the reason ALL archives and patches hosted in kernel.org has been pulled down .Even the AOSP project  has pulled down its link ((link: http://android.git.kernel.org/) to the source code .So for now it is advisable not to take any of the archives hosted in the server until we hear an update on this.

I expect that the private key is updated and a new public key is put up here .Only then it would be safe to download the new kernels.

Damage control:
  Swift action has been taken on this .The passwords of all the users of the kernel.org (448 of them) have been reset . The attacker accessed the kernel.org using the credentials of one of the user. While all of this is happening the kernel source has temporarily moved to GitHub.

In the end,this entire episode has let many lay users(like me ) to learn more about git’s integrity and some insight on how the entire kernel.org release happens. Also there is no need for us to  worry about the kernel source being compromised now or even in the foreseeable future.

Written by sujai

September 6, 2011 at 12:17 am

Posted in technology, Uncategorized

Tagged with , , , , ,

Google + the good things

leave a comment »

Though I got an invite very early, I do not use this service a lot . Facebook is still the most popular way I stay in touch with most of my friends. However, over the past few weeks my attraction towards Google + is on the rise. Here are some good things I found here .I hope the Facebook team brings this soon to their platform.

Like 1: There is no limit to the post size in Google+ ., one can edit the posts later on .
The posts have a permanent link that could be shared with others.
Result : Unlike Facebook wall posts which are nuggets of creative wits, this one is more thoughtful and for discussing serious stuff.  The posts and the comments resemble the GUI of stack overflow and stack exchange.

Like2 : Google’s policy of using ‘real names’ for your profiles.
Now there are views for and against this including some elaborate explanations by + Robert Scoble and  + Andy Carvin (See here https://plus.google.com/111091089527727420853/posts/Fddn6rV8mBX  )
Result : One thing about real names is that it makes it more personal and you get a feel of seeing a real discussion between people. It also encourages one to be careful about what he posts and his comments .

Like 3: Circles !
The most talked about difference is also one of things I found quite useful. Circles are easy to create and well integrated with all your privacy settings .
Result: Everyone knows the benefit of using circles as a way to limit data sharing. But it is also useful to streamline information related to your interests.  I have a photography circle to follow updates from some interesting photographers, then a ‘media circle’ with some of the streams of popular journalists etc.

Like 4: Good privacy and control over content
There is a way to control what is seen on your profile page . Some things like locking posts from sharing, blocking unwanted comments give you good control on what you post and how it is used.

That’s it for now .

Lets save the Unlike parts for a later post .For now hope this would get some of my friends interested with Google +.I am still a newbie in the Google+ world. Would share more info as I use this more often.

Update: Here is one more article on similar lines. I am not patronizing Google+ .But I find it pretty interesting at least for now .

Written by sujai

August 31, 2011 at 12:45 pm

Posted in Uncategorized

Elections 2009 : The body is willing ,but the spirit is weak.

leave a comment »

Today is election day in our  place.  This years election was a bit different from earlier years. The campaigning has reached a new low with people going all out with personal attacks like  ‘weak’, ‘slave’ , and swearing like ‘I will crush his head  with a road roller’ and so on.

Elections2009 In the start of this election season I had high hopes on some new faces who ‘realized that they should give  back to the society’  and got into politics.

But then came the manifestos  ,virtually every party’s manifesto was rife with freebies. All the promises look short lived.   If one is ready with a color TV,  the other party promises a Laptop’. ‘All loans will be annulled’ says one,  ‘we will send you money every month’ ,’our leader will take care of your education’, ‘don’t be afraid of job loss/recession,  our leader will create 2 million jobs every year’

Even the new ‘give back to the society’ guys were busy showing off their on-screen gimmicks  to enthusiastic
“followers” .   Another new (and bad) development this year was the money distribution that was SO rampant that the  police had to run ‘crackdown’ operations almost everyday.  Towards the end of the campaign and as the elections neared, I was totally disgusted with really no good choice.

Election day came.. democracy didn’t have anything better to offer this time.And then there was  the ‘Jagore…lets do something’ camp giving a clarion call to vote.  Yes I woke up..and I am ready to vote, but every party had nothing but populist offers in their manifesto . Voting for them would mean I support that 😦

Luckily, there was at least one party in our area which didn’t offer anything and was talking some sense. I wish all the best for this party .I am not sure if they would win the elections.

But I am happy this time my vote  would be counted as a one of those who didn’t like the free TV or the new laptop .

Written by sujai

April 16, 2009 at 4:51 pm

%d bloggers like this: