Secure Boot keys are considered compromised.
If you are recommending secure boot as a security measure, you should stop doing so.
- 0 Posts
- 519 Comments
Joined 2 years ago
Cake day: June 16th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
9·16 hours agoThank you!
Thanks.
For severe incidents like this, please post the most appropriate link, in this case https://github.com/umami-software/umami/issues/3852
Admins in self hosted usually don’t have that much experience with real, active compromise and may panic, let’s help them as much as possible.
I will add that Umami itself is not compromised, but vulnerable. That is a somewhat misleading title.
What was the vector? Did you have umami exposed publicly?
Link? Did you discover this yourself? There is no actual info here.
Nice, and good job.
With respect:
- You are describing the init process, after the boot stuff is done. Not sure if you meant that or not.
- vmlinuz is the bootable kernel image distinct from the kernel itself. It contains the compressed bootable ELF kernel image (which itself contains bvmlinuz) and gzip decompress function, bsetup code, bbootsect system.map, and a handful of commands for the kernel image to bootstrap itself.
- Kernel space doesn’t stop once user space is allocated memory and initialized, they both run at the same time. Maybe I read that wrong, but it didn’t seem right to me.
I want to be careful here not to discourage you, this is great exploration!
I realize I’m handing out unsolicited advice here, but when I was first learning about Unix/Linux kernels in the Solaris and HP/UX days, the thing that helped the process “click” for me was compiling a kernel and building an ELF. And if you’re going to continue on this journey (which I hope you do), you should probably read a bit on memory segmentation and broadly about assembly instructions.
Good luck!
Your find statement is not creating a variable “file” because it’s missing the first part of the for loop. This:
find ./ -type f \( -iname \*.jpg -o -iname \*.png \) | while IFS= read -r -d '' file; doshould be this:
for file in "$(find ./ -type f \( -iname \*.jpg -o -iname \*.png \))"; doHowever, the above command would find all files in current and subdirectories. You can just evaluate current context much more simply. I tested the below, it seems to work.
#! /bin/bash echo "This script will rename all files in this directory with unique names. Continue? (Y/N)" read proceed if [[ "$proceed" == "Y" ]]; then echo "Proceed" for file in *.{jpg,JPG,png,PNG}; do echo "in loop" echo "$file" dir=$(dirname "$file") base=$(basename "$file") echo "'$dir'/'$base'" new_name="$dir/$(uuidgen -r)" echo "Renaming ${file} to ${new_name}" #mv "$file" "$new_name" #uncomment to actually perform the rename. done echo "After loop" else echo "Cancelling" fiYou could also find matching files first, evaluate if anything is found and add a condition to exit if no files are found.
Edit: who the fuck downvoted this, it literally works and the for loop was the issue.
Are you just reverse-engineering this for fun, or are you trying to learn how qemu builds on a bootstrap?
8·6 days agoTPM is great on paper, but in practice, there was little planning to ensure that cryptographic keys would be safeguarded by hardware manufacturers, and that’s exactly what happened. Now TPM is considered weak as a means of securing data.
Wow, armv7 is definitely back there in terms of support. One of the more known v7 devices was the nexus 7, released in 2012.
Makes sense. Your 2nd definition is what I take from the term scaling. Let’s see if op comes back with any notes.
For video encoding, I run an 8th gen Intel i5 8500t. The quicksync is good enough for nearly anything 1080p.
Not sure what you mean by the “scaling”.
Nice work. I would read more articles like these.
“Pleb” is generally used as a pejorative and is roughly equivalent to calling someone a peasant.
Are you not using LE certbot to handle renewals? I can’t even imagine doing this manually.
Except Debian packages do get very old.
Except nothing. Not the point. You are taking this way too seriously. I’m not disrespecting arch, it’s a joke.
Arch users… Every. Single. Time.
Listen, if Debian users can take all the “Debian==old and bad” flak, you can handle a little ribbing about arch.
I don’t know… I’m skeptical of its bandwidth.
OK,fair enough.
mdns (multicast DNS ) is specifically designed to work where a DNS server is presumed to not know hostnames, usually on a local network. So it is possible to use hostnames without a DNS server.
On fedora, discoverability of mdns should be on by default. Configuring mdns presence to others is a config away, if not enabled by default.
Not sure how this relates. If you’re saying it was a good idea at the outset, then sure… If the keys hadn’t almost all been leaked by AMI and Phoenix. MS was supposed to have created a Microsoft Certified hardware vendor program for this, which fell apart pretty quickly.
Secure Boot is a joke, both practically (there are many, many tools in use to bypass it) and in my professional circles, it is considered obsolete like WEP. My audit controls for Secure Boot demand that an endpoint management solution like InTune is deployed.
You don’t have to take my word for it, obviously. I’m not trying to tell you how to live your life.