Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

Techie Talk

Discussion in 'The Pub' at netrider.net.au started by kneedragon, Feb 22, 2016.

  1. #1 kneedragon, Feb 22, 2016
    Last edited: Feb 22, 2016
    Anybody use Linux Mint?

    If you downloaded the latest the ISO of Mint 17.3 Cinnamon edition, on the 20th February, I hope you checked the MD5 checksum like you should have. If you did, delete the file. Download a fresh one. If you installed, format and reinstall with a fresh image.

    If you registered at Mint and had a user account, (so you can log into the message board and the IRC server) with your email... I hope you did not used a hotmail or gmail or something, and use the same password for your Mint site as you do for your webmail, because the folks who hacked the Mint website and changed the download link, to point to their own server (in Slovakia) also gained access to the database of user accounts at Mint. If you don't have a user account at Mint, then don't stress. If you do, then ask yourself if your webmail uses the same password, or your web banking, or anything else that's a bit private...

    If you have installed the Mint you downloaded on the 20th, go to the Mint blog (the main site is down right now while they fix it, but the blog is up) and read the instructions there. Basicly, download a good copy and reinstall.

    This does not affect me. I use the Mate edition, and mine came down as a beta version well before Christmas.

    It is a little wake up call to all of us Linux Geeks who laugh loud on the rooftops about how secure Linux is. The Slovakians got a copy of the ISO and made a few changes. They inserted a back door into it, and then hacked the Mint website to point to their (hacked) version rather than the official one. Exactly how many people have downloaded the hacked version is unknown, but it's likely to be a couple of hundred or less. And very likely, they'll all hear about the problem and download the proper one, from Mint (and check the MD5 checksum this time) and re install it. Mostly it serves as a warning. Linux is secure, but that security depends on a number of things. For one, an ISO image pretty much always has an MD5 checksum published with it, and we should (and I have been lazy about this too) check the MD5 before we do anything with the image.

    I don't see this as a huge strike against Linux and its security, I see it as a small and timely reminder. First, you have security tools, but you need to use them. (MD5 is one.) Second, you have user accounts at multiple websites. Does your user_name here (netrider) match one somewhere else? What about your password? Any site that gets compromised, that has a copy of your user_name and password, I hope you didn't give them the exact same ones you use for online banking, or your access to the Taxation Office, or the Dole Office...



    The main vault at the Bank of England, is not terribly secure if you tuck your key and a copy of your password under their doormat...
     
     Top
    • Informative Informative x 3
    • Like Like x 1
    • Funny Funny x 1
  2. It is a sign of the times though when more effort is being targetted at the distribution sources rather than directly at the end installed user base. There have been some similar attacks recently at lesser known application repositories. Your SHA or MD5 check should be a given but Mea Culpa I have glossed over that at times for quick test systems if I am sure of the source repository. This shows you can't be sure of that though and I shouldn't be slack.

    Thanks for the heads up.
     
     Top
    • Like Like x 1
  3. Wow, thanks kneedragonkneedragon, even a redirect to there own repo interesting.. But i've never used that distro and probably never will.. ;)
    Probably more likely to use something like freebsd, netbsd and the likes
     
     Top
    • Like Like x 1
  4. #4 kneedragon, Feb 22, 2016
    Last edited: Feb 22, 2016
    Yeah. They had a group of hardware issues arrive at the same time, about a month ago, just as the 17.3 distro was going live, and that took down their disk array. It was a combination of multiple hardware failures, and reaction by the web-host server admin stand in late night watchman... Human reaction was incorrect. They lost their RAID array and all the data. Some of it was recovered... Now they've been hacked by the Slovakian mafia...

    [edit]
    I LIKE Mint. Starts as Debian, gets worked once as Ubuntu, then polished up a bit more as Mint. It's the same kernel and pretty much the same everything... the chrome is a little different.

    The redirect to their own broken version is interesting. I joked about the Slovakian mafia, but perhaps it is, or perhaps it's the NSA, or the nice people at Mosad who gave us the worm that breaks Iranian centrifuges... The NSA had been using HeartBleed for how long?
     
     Top
    • Informative Informative x 1
  5. #5 kneedragon, Feb 22, 2016
    Last edited: Feb 22, 2016
    ... continued... My natural instinct and intuition point toward Russians, either gov or ex-gov, now working for fun and profit. Slovakia is a messy place, but I don't know of anybody there who has real skills...

    Linux (variants of it) are POSIX compliant, and they're not just on the us mil domain, they ARE the us mil domain... I don't think the NSA or any of their mates would be trying to insert a backdoor in the most popular desktop distro in the world. I have of course been wrong before, but I don't think the usual suspects did it this time. Kaiser Stozer, maybe...

    [more...]
    The Chinese have been playing fast and loose, but they seem to either tunnel out or use a loophole in the the great wall of information... Americans bash their boss and rob a dime store and then chase Thelma and Lois towards Mexico. It's traditional. Russians see the former colonies as a bit like Mexico, a place where they used to be able to call up the KGB to collect their gambling debts, which has now gone a bit wild west and anything goes...
     
     Top
  6. For those that are not so familiar:
    Stuxnet - Wikipedia, the free encyclopedia
     
     Top
    • Agree Agree x 1
  7. I've run a variety of distros over the years from Debian to Slackware and others in between and am currently in Mint (XFCE desktop) purely because it's easy. I notice the problem was found and corrected in very short order and users informed just as quickly. Big difference to how other groups handle the same sort of situation.
     
     Top
    • Winner Winner x 1
  8. #8 kneedragon, Feb 22, 2016
    Last edited: Feb 22, 2016
    ... Y - e - s, it's a serious business, Linux security....

    OpenBSD website operators urged to fix mind-alteringly bad bug

    PS: Small and understandable oversights in computer security don't just happen in the Linux realm, or only in IT. Politicians (Hillary Clinton for one) have been known to blow it too. But not quite as beautifully as this one did...

    German mayor's browser tabs catch him with trousers down

    PPS: For those with any interest in computers, and humour, Vulture Central is a great website. Their style and panache in writing witty headlines, in particular, is unparalleled... I discovered this site (the UK parent site) nearly 20 years ago, and they have been stealing the urine about all things digital ever since... Bookmark it.
     
     Top
  9. I used to use mint, was a good little distro.

    These days I cbf'd running a linux box, I don't need one, though my router and NAS run a linux derivative.
     
     Top
  10. Everything in our place is Dual or triple boot. My laptop gets booted into Windows once a quarter to get the updates. :) Linux is my main platform. When I have to go back to Windows I feel dirty ;)
     
     Top
    • Agree Agree x 1
  11. I have a couple of Windows VMs (one XP and one 7) that only get booted if absolutely necessary. I don't dual boot any more. The daughter's notebook is Win10, but I rarely if ever walk within reach of it. Everything else in the house is Unix based/inspired in some manner.
     
     Top
    • Like Like x 1
  12. I don't want to start a flame war (but no doubt it will), but my main laptop is a MacBook Pro. Before that I had a 27" iMac which got booted into windows for gaming. These days however I have a purpose built gaming rig running Win10 which I also do some video editing on and I use the laptop for work and video editing if I am not at home. As I always say, whatever tool works nest for the job. At my old work I ran linux servers, windows servers, a mac server and looked after all manner of OS's to the point where at some time or another, I'd be groaning at them, no matter what the flavour hehehe.
     
     Top
    • Like Like x 1
  13. Everything in my house would be Linux if it were not for gaming, just too much of a pain to get some games run on Linux Mint so I use windows for that. Everything else is Linux, HTPC, Server, laptops, heck I even got the GFs laptop to switch to Mint, she only uses it for Facebook anyway :p
     
     Top
    • Like Like x 1
  14. Actually, I agree. Use whatever does the job and that you can live with. All the iToys ... well they're Unix based anyway (BSD, where Linux was intended to be SystemV compatible though these days it's borrowed bits and pieces from all over), so if it does what you want and you're happy with it, use it. It's a bit like same-sex marriage, really. If you're not happy with it, don't get one, but yelling at the guy who's opinion differs won't achieve anything positive.
     
     Top
    • Agree Agree x 2
  15. I game on my PS3. Tried Steam for Linux but my hardware is just too old for modern games, especially the video card (8600GT)
     
     Top
  16. #16 BitSar, Feb 22, 2016
    Last edited: Feb 22, 2016
    Y'all know I'm 'Nix here too.

    The wife has a 'Debian' flavour on her netbook - skinned and tweaked so she thinks it's a Mac....:)
    The server is headless CentOS (of course)
    The jump-box is headless CentOS

    My machine is Fedora (GNOME, XFCE, KDE)......I switch my desktop session around.

    Anything 'bleeding edge' or 'experimental' gets installed into a nice blow-a-way-able VM.
    That includes WindowZe (for necessary work-ish shit)
     
     Top
    • Like Like x 2
  17. Gaming is PS4.
    Fallout 4 is eating time like something else.......oh dear.
     
     Top
  18. I like that approach BitSarBitSar our server just does DHCP, DNS and File Serving and I have been trialling the minimalist approach this time using a Raspberry Pi. Works OK. I run out of memory when trying big Rsync backups is about the only issue I have had.
     
     Top
    • Like Like x 1
  19. I used to run SME (CentOS based) servers at work, so easy to look after. Apparently the guy who took over my job couldn't understand anything *nix based so replaced the whole thing with some Windows Servers... took them 2 months to work out why the linux based manufacturing machines kept on failing, the way Windows was handling the networking kept causing the server to die, hehe. I laughed so hard when they called me to help them out and found all Windows servers. Even their email was screwed up, never had that problem on my linux mail server :D
     
     Top
    • Like Like x 1
  20. Yeah had a similar situation.... But the servers where debian, i really didn't bother using a GUI either..

    Windows is the fat bloated <insert swear word here>
     
     Top
    • Agree Agree x 2
    • Like Like x 1
    • Winner Winner x 1