|_&&']['20/22.#4[x3/2.|*#!1050|*#`/. gnu/linux; *nix. c 1 9 being redirected to /dev/null. issues to null@altair.uni.cx. *alt*.serving./at/.`{altair,algol,antares,arcturus,aldebaran,spica,ceti,vega,fomalhaut,rigel,sirius}./dot/.uni./dot/.cx'. ---- this blog still exists only for historical evidence (to my embarrassment). some of the non-laughable "articles" can be read at altair.uni.cx/growl/. :wq.

Saturday, May 24, 2008

.then, they fight you.




as you probably know already, there's been a security alert for openssl.


”A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH.”


“It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.” (From the Debian Alert).


“You need to take action to continue using Launchpad features such as code hosting. We have deleted your SSH key from Launchpad because we have discovered a potential security vulnerability in the way your key was generated.”

also reported on _the_fridge_ for ubuntu (http://fridge.ubuntu.com/node/1445/).

right; how to fix this.

## update your system:

# install the security updates, i.e.:
feisty : openssh-client 1:4.3p2-8ubuntu1.3 openssh-server 1:4.3p2-8ubuntu1.3.
gutsy : openssh-client 1:4.6p1-5ubuntu0.3 openssh-server 1:4.6p1-5ubuntu0.3.
hardy : openssh-client 1:4.7p1-8ubuntu1.1 openssh-server 1:4.7p1-8ubuntu1.1.

## once the update is applied, weak user keys will be automatically rejected where possible.

# update openssh files.

that is, one shall check whether the key is affected by running the ssh-vulnkey tool (from the security update). (if in doubt, destroy that key and generate a new one.)

# to check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa || ~/.ssh/id_dsa || ~/.ssh/identity):
% ssh-vulnkey.

# to check all keys on your system:
% sudo ssh-vulnkey -a.

# to check a key in a non-standard location:
% ssh-vulnkey /path/to/key/.

if ssh-vulnkey says "COMPROMISED", the key is vulnerable and __should__ be replaced.

# regenerate any affected user keys openssh or, generate new keys using ssh-keygen, e.g.:
% ssh-keygen.

if necessary, update the files.

however, this situation occurred as the result of a programming bug, not as the result of making some weak key.
we all thank luciano bello, who discovered that the random number generator in deb's openssl package is predictable.


Tuesday, May 20, 2008

.ubuntu hardy disc.

The new Ubuntu Hardy Heron disc.
Arrived today.


Thursday, May 8, 2008

.ubuntu 8.04 release party - la final.

Totul a mers foarte bine: prezentarea (Adi și Jani), poster-ele și sticker-ele, iar apoi, ca de obicei - bere, geek talks și multă voie bună.
Pozele sunt aici:

Tuesday, May 6, 2008

.ubuntu community council meeting.

The next meeting is scheduled for 6-May-2008, 21:00 UTC and and will be held in #ubuntu-meeting on irc.freenode.net.

Don't miss it.


Saturday, May 3, 2008

.ubuntu 8.04 release party - 7 mai, cluj-napoca.

Grupul pentru Software Liber din Cluj-Napoca va organiza o petrecere de lansare a noii versiuni Ubuntu și KiwiLinux.

Evenimentul se va desfășura în incinta barului 420 (Strada Avram Iancu nr. 1, intersecția cu Strada Republicii), începând cu ora 7:00 PM (19:00). Cadrul de desfășurare va fi unul mai puțin formal.

Va avea loc o scurtă prezentare a noilor caracteristici Ubuntu și KiwiLinux 8.04, iar apoi vom da frâu liber discuțiilor, alături de un suc sau de o bere. La petrecere se vor împărți postere și autocoloante cu Ubuntu și KiwiLinux.

_Nu_ este nevoie de înregistrare/rezervare/taxă.de.intrare. Absolut toată lumea este invitată să participe alături de noi!
Vă așteptăm!
GSL, Cluj-Napoca.


; about::fdd.

My photo
twin peaks, 42 milky way, sol system, earth, United States
-----BEGIN GEEK CODE BLOCK----- GCS/E/IT/L/M/MU/P/S/TW/ dpu s:- a-- C++++(+++) UBHLSV++++ P---(P-) L+++++ E++(+++) W+++ N++++ o+++ K++++++ w O+ M-- V-- PS+++ PE/++ Y+++ PGP++++ t+++/* 5++>++++ X++++ R++@ !tv b++++ DI+++@ D++(+++) G+++++ e* h+>++ !r y**. ma+ k++ F3 X+++ ------END GEEK CODE BLOCK------

; blog.archive.

; labels.

Creative Commons Licence [Some Rights Reserved]Ionuț Jula :: licensed for reuse under this Creative Commons Licence.
                            Some rights reserved. | Creative Commons Attribution-Share Alike 3.0 Unported License.