0

SMLR Episode 291 Thirty Million Users

Posted by Tom Lawrence on October 21, 2018 in Show-mp3, Show-ogg |
Play

Podcast: Play in new window

Subscribe: Apple Podcasts | RSS

http://smlr.us

Downloads:

Show 286

Contact Us:

show (at) smlr.us or the Contact us page

Intro:

Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich

Sound bites by Mike Tanner

Phils GitHub

https://github.com/pgporada

The LawrenceSystems YouTube Channel Where videos
https://www.youtube.com/user/TheTecknowledge

Tech News:

Microsoft promises to defend—not attack—Linux with its 60,000 patents

https://arstechnica.com/gadgets/2018/10/microsoft-promises-to-defend-not-attack-linux-with-its-60000-patents/

 

Thoughts on Microsoft Joining OIN’s Patent Non-Aggression Pact

https://sfconservancy.org/blog/2018/oct/10/microsoft-oin-exfat/

 

We are excited to announce that the KDE e.V. received a donation of 300,000 USD from the Handshake Foundation

https://dot.kde.org/2018/10/15/kde-ev-receives-sizeable-donation-handshake-foundation

 

Where Vim Came From

https://twobithistory.org/2018/08/05/where-vim-came-from.html

 

Greyhat fixing firewalls, chaotic good?

https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/

 

LibSSH + Cisco = Time to get patching

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

 

New WiFi numbering scheme

https://www.theverge.com/2018/10/3/17926212/wifi-6-version-numbers-announced

 

Bloomberg hardware SuperMicro hacking:Like unicorns jumping over rainbows

https://arstechnica.com/information-technology/2018/10/supermicro-boards-were-so-bug-ridden-why-would-hackers-ever-need-implants/

 

The Facebook Hack downgraded to 30 million

https://arstechnica.com/information-technology/2018/10/facebook-hackers-stole-locations-and-other-private-data-for-millions-of-users/

 

Home Audio Overhaul

https://volumio.org/

 

Raspberry Pi 3b+ with Hifiberry AMP2 connected to speakers

 

Raspberry Pi 3b+ with an IQaudIO DAC+ feeding to an amplifier which feeds to speakers

 

Automatic Certificate Management Environment (ACME) Spec

The ACME spec has passed the Internet Engineering Steering Group (IESG)

 

IETF (Internet Engineering Task Force) has a draft proposal to remove TLS 1.0 and TLS 1.1

https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/

  This document [if approved] formally deprecates Transport Layer

  Security (TLS) versions 1.0 and 1.1 and moves

  those documents to a historic state.  Those versions lack support

  for current and recommended cipher suites.

 

TLS 1.0 will be 20 years old in January 2019.

 

Various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions.  TLSv1.2 has been the recommended version for IETF protocols since 2008.

 

Firefox, Chrome, Edge, and Safari are going to be a strong driving force by removing support for TLS 1.0/1.1 and migrating to TLS 1.2 by default.

 

For webserver operators, I highly recommend checking out https://cipherli.st/

 

TLS 1.3 has become a proposed standard

 => RFC 8446

https://datatracker.ietf.org/doc/rfc8446/

 

How does TLS 1.3 work?

 

To put it simply, with TLS 1.2, two round-trips have been needed to complete the TLS handshake. With 1.3, it requires only one round-trip, which in turn cuts the encryption latency in half.

 

Encrypted SNI

https://blog.cloudflare.com/encrypted-sni/

 

Now that TLS.13 is a proposed standard

 

Encrypted SNI works as follows

 

The server publishes a public key on a well-known DNS record, which can be fetched by the client before connecting (as it already does for A, AAAA and other records).

 

The client then replaces the SNI extension in the ClientHello with an “encrypted SNI” extension, which is none other than the original SNI extension, but encrypted with a symmetric key.

 

To recap: the TLS authentication is done asymmetrically, but internal secure channel is done with a symmetric key for speed.

 

But then what about the unencrypted DNS?

 

Security is provided via DNS extensions called DNS over TLS and DNS over HTTPS, but the resolver and authoritative server must support DNSSEC otherwise an attacker would be able to poison the resolver cache.

 

You can check if your browser supports this feature at https://encryptedsni.com/

The Steam Controller on Ubuntu 18.10 (and other distributions using Linux Kernel 4.18) needs a quick fix
https://www.gamingonlinux.com/articles/the-steam-controller-on-ubuntu-1810-and-other-distributions-using-linux-kernel-418-needs-a-quick-fix.12775

Shutter Removed From Ubuntu 18.10 And Debian Unstable, New PPA Available
https://www.linuxuprising.com/2018/10/shutter-removed-from-ubuntu-1810-and.html

Farewell, application menus!
https://blogs.gnome.org/aday/2018/10/09/farewell-application-menus/

Should GNOME Drop Support for GTK3 Themes?

Should GNOME Drop Support for GTK3 Themes?

Music
BSD Wish You Were Secure

https://www.openbsd.org/lyrics.html#60g

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2023 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.