log☇︎
34 entries in 0.776s
asciilifeform still finds it surreal that anybody wanted anyffing whatsoever to do with debian after the 'bug'
ben_vulpes: the debian rng bug is a good example of hosed RNGs, that's a fine place to start
a111: 30 results for "debian bug", http://btcbase.org/log-search?q=debian%20bug
mircea_popescu: !#s debian bug
asciilifeform: since the debian incident, enemy stepped up the 'NOBUS' crapola; no noar '32768 possible keys, total', instead things moar in the spirit of http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
mircea_popescu: zx2c4, the debian bug was a nsa plant is neitehr controversial nor requires any conspiracy.
zx2c4: re:null - its one thing to make claims about how systemic shifts happen. these are usually compelling arguments and interesting, and usually not conspiratorial but still relevant. but when you argue about a *particular* *conspiracy* -- "the debian bug was nsa sabotage" -- now there's a much harder argument to make, because you're talking about some individual @debian.org guy being complicit in one way or another, and he's a human
zx2c4: asciilifeform: arent there some commit logs that show where the debian bug comes from? i honestly cant remember
asciilifeform: zx2c4: take very concrete case, of the debian keys. i.e. a nsa-planted 'bug'. it was very concretely in the nsa interest to prevent public euclidization , would have revealed the 'bug' immediately.
mod6: <+shinohai> mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened. << i don't remember ever having this issue fwiw
shinohai: mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened.
Framedragger: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771573 << dude runs into weird cups printing issue which creates millions of symlinks in /tmp as side effect (...). side effect of *that* (well, presumably that) is system fails to boot. because of course.
asciilifeform: 'Debian Bug report logs - #852751
asciilifeform: in other lulz: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
asciilifeform brain still molten, FORFUCKSSAKE, THE debian 'bug'
asciilifeform: https://hdm.io/tools/debian-openssl/ << story of 'bug'
a111: Logged on 2016-11-17 13:49 asciilifeform: debian had 32768 (yes) possible ssh keys per size variant, 2006-2008, because of 'bug' (if you believe the 'accident' i have five or six bridges to sell you)
asciilifeform: debian had 32768 (yes) possible ssh keys per size variant, 2006-2008, because of 'bug' (if you believe the 'accident' i have five or six bridges to sell you) ☟︎
Framedragger: ye olde debian prng bug => small set of possible ssh keys => factors extracted for keys => factors inserted into db?
asciilifeform: in other lulz, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834829 << 'gpg-agent'
Framedragger: "After realising I have a public key database of most users on GitHub, I remembered back to the May 2008 Debian OpenSSH bug, where the randomness source was compromised to the point where the system could only generate one of 32k keys in a set. I used g0tmi1k’s set of keys to compare against what I had in my database, and found a very large amount of users who are still using vulnerable keys, and even worse, have commit access to some
asciilifeform: 'Then, in Dec 2011, Asheesh, a Debian dev particularly fond of his key ID, found a way to create a new RSA 4096 key with that ID (and a bug in GnuPG handling of duplicate keys) [2]. He highlighted the disruptive potential of that and decided not to release the code. Bummer.
assbot: #185208 - grep: very large file with no newline causes trouble - Debian Bug report logs ... ( http://bit.ly/1PD7X4R )
mircea_popescu: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=185208 << exactly this.
mod6: asciilifeform: punindented was trying to help out a bit -- he hit that weird bug with vdiff on ubuntu or debian or something, when then reminded me that I lost your fix for that. I've searched through logs many times, can't seem to find it. I did actually ask yesterday too:
assbot: Logged on 26-10-2015 15:32:00; punkman: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580
assbot: #792580 - chromium: Chromium calls home even in incognito mode with safe browsing turned off - Debian Bug report logs ... ( http://bit.ly/1LXbvBc )
punkman: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580 ☟︎
assbot: #786909 - chromium: unconditionally downloads binary blob - Debian Bug report logs ... ( http://bit.ly/1Cc8V2e )
mats: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909
punkman: who doesn't remember THE debian bug
mircea_popescu: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764680 << for added lulz.
gribble: Schneier on Security: Random Number Bug in Debian Linux: <https://www.schneier.com/blog/archives/2008/05/random_number_b.html>; Random number generator attack - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Random_number_generator_attack>; The Debian OpenSSL Bug: Backdoor or Security Accident?: <https://freedom-to-tinker.com/blog/kroll/software-transparency- (1 more message)
BingoBoingo: punkbot: Well, remember that Debian bug circa 2006