×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Oracle extends RHEL support to a decade and offers Ksplice trial for RHEL

quartertime title a little confusing (1 comments)

The title should probably say "Oracle extends Linux support to a decade ...", since I think techncially their product is Oracle Linux, not RHEL.

more than 2 years ago
top

"Mythical Man-Month" supposedly busted by MIT firm

quartertime The interns weren't working on the kernel... (2 comments)

If you read the post, the interns were working on things like business analytics, a management website and new QA tools, not the core product. It sounds like they didn't let the interns touch the kernel.

more than 4 years ago

Submissions

top

Ksplice apparently running on 100,000 servers

quartertime quartertime writes  |  more than 3 years ago

quartertime (1764250) writes "Remember Ksplice, the startup that has been claiming they have technology to make rebootless updates for the Linux kernel? When they launched their commercial product last year, we weren't sure whether people would pay $4/month for it.
Well, it turns out that the answer is yes — according to their birthday blog post about having reached all 7 continents, more than 2 million rebootless updates have been installed on over 100,000 production servers.

Personally, I'm looking forward to when IBM's Watson starts updating its own code to fix all the bugs introduced by us humans."

Link to Original Source
top

Why the NSA builds its own hardware

quartertime quartertime writes  |  more than 3 years ago

quartertime (1764250) writes "Remember Reflections on Trusting Trust, the seminal paper describing how to hide a nearly undetectable backdoor inside the C compiler? A new piece describes how to hide a nearly undetectable backdoor in a PCI card. The mechanism is to install some code in the PCI expansion ROM, which is run as part of
BIOS initialization, which patches the BIOS to patch grub to patch the kernel to insert a remote backdoor. I wonder whether with China's dominance of the computer assembly industry, this method has already been used as part of their espionage efforts? This I think makes clear why the NSA has its own chip fabrication plant."
top

Why the NSA builds its own hardware

quartertime quartertime writes  |  more than 3 years ago

quartertime (1764250) writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating from CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage? This perhaps explains why the NSA has its own chip fabrication plant."
top

Why the NSA builds its own hardware

quartertime quartertime writes  |  more than 3 years ago

quartertime (1764250) writes "Remember Reflections on Trusting Trust, the seminal paper describing how to hide a nearly undetectable backdoor in a compiler? Here's a piece about how to hide a nearly undetectable backdoor in hardware. One can install a backdoor in the expansion ROM of a PCI card, which patches the BIOS to patch grub to patch the kernel to grant the attacker remote root access. Even after the victim reinstalls the operating system from CD, the backdoor will still be there. Given that China builds much of the world's computer hardware, I wonder whether this sort of thing is already part of the Chinese espionage playbook?"
top

Second major hole in Linux being exploited in wild

quartertime quartertime writes  |  more than 3 years ago

quartertime (1764250) writes "CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel has been quite a doozy! The bug affects all 64-bit kernels going back to 2.6.26 (and was also backported into RHEL 5's 2.6.18 kernel) and wasn't fixed until last week — shortly before "Ac1db1tch3z" published code to let any local user become root. The exploit works on most versions of Red Hat, Debian and Ubuntu. Several vendors, including Ubuntu and Debian but not Red Hat, have rushed out new kernels to address this bug over the last 2 days. Red Hat's recommended workaround, it turns out, didn't actually close the hole — it just makes the published exploit not work. And Ac1db1tch3z's exploit is more malicious than your typical demo exploit: it leaves a backdoor behind for itself to exploit later even if the hole is patched. Hot-updates vendor Ksplice wrote a tool to see if your system has the backdoor installed (meaning you've been exploited) and has rushed out a "rebootless" patch to plug the hole in advance of Red Hat's own fix.

(Today's earlier article on the H-Online on CVE-2010-3301 incorrectly refers to the workaround Red Hat has recommended for CVE-2010-3081 as a workaround for CVE-2010-3301. The workaround is not effective for either vulnerability.)"

Journals

quartertime has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...