tmsr - Search: debian bug

asciilifeform still finds it surreal that anybody wanted anyffing whatsoever to do with debian after the 'bug'

ben_vulpes: the debian rng bug is a good example of hosed RNGs, that's a fine place to start

asciilifeform: since the debian incident, enemy stepped up the 'NOBUS' crapola; no noar '32768 possible keys, total', instead things moar in the spirit of http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg

mircea_popescu: zx2c4, the debian bug was a nsa plant is neitehr controversial nor requires any conspiracy.

zx2c4: re:null - its one thing to make claims about how systemic shifts happen. these are usually compelling arguments and interesting, and usually not conspiratorial but still relevant. but when you argue about a *particular* *conspiracy* -- "the debian bug was nsa sabotage" -- now there's a much harder argument to make, because you're talking about some individual @debian.org guy being complicit in one way or another, and he's a human

zx2c4: asciilifeform: arent there some commit logs that show where the debian bug comes from? i honestly cant remember

asciilifeform: zx2c4: take very concrete case, of the debian keys. i.e. a nsa-planted 'bug'. it was very concretely in the nsa interest to prevent public euclidization , would have revealed the 'bug' immediately.

mod6: <+shinohai> mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened. << i don't remember ever having this issue fwiw

shinohai: mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened.

Framedragger: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771573 << dude runs into weird cups printing issue which creates millions of symlinks in /tmp as side effect (...). side effect of *that* (well, presumably that) is system fails to boot. because of course.

a111: Logged on 2016-11-17 13:49 asciilifeform: debian had 32768 (yes) possible ssh keys per size variant, 2006-2008, because of 'bug' (if you believe the 'accident' i have five or six bridges to sell you)

asciilifeform: debian had 32768 (yes) possible ssh keys per size variant, 2006-2008, because of 'bug' (if you believe the 'accident' i have five or six bridges to sell you) ☟︎

Framedragger: ye olde debian prng bug => small set of possible ssh keys => factors extracted for keys => factors inserted into db?

Framedragger: "After realising I have a public key database of most users on GitHub, I remembered back to the May 2008 Debian OpenSSH bug, where the randomness source was compromised to the point where the system could only generate one of 32k keys in a set. I used g0tmi1k’s set of keys to compare against what I had in my database, and found a very large amount of users who are still using vulnerable keys, and even worse, have commit access to some

asciilifeform: 'Then, in Dec 2011, Asheesh, a Debian dev particularly fond of his key ID, found a way to create a new RSA 4096 key with that ID (and a bug in GnuPG handling of duplicate keys) [2]. He highlighted the disruptive potential of that and decided not to release the code. Bummer.

assbot: #185208 - grep: very large file with no newline causes trouble - Debian Bug report logs ... ( http://bit.ly/1PD7X4R )

mod6: asciilifeform: punindented was trying to help out a bit -- he hit that weird bug with vdiff on ubuntu or debian or something, when then reminded me that I lost your fix for that. I've searched through logs many times, can't seem to find it. I did actually ask yesterday too:

assbot: #792580 - chromium: Chromium calls home even in incognito mode with safe browsing turned off - Debian Bug report logs ... ( http://bit.ly/1LXbvBc )

assbot: #786909 - chromium: unconditionally downloads binary blob - Debian Bug report logs ... ( http://bit.ly/1Cc8V2e )

gribble: Schneier on Security: Random Number Bug in Debian Linux: <https://www.schneier.com/blog/archives/2008/05/random_number_b.html>; Random number generator attack - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Random_number_generator_attack>; The Debian OpenSSL Bug: Backdoor or Security Accident?: <https://freedom-to-tinker.com/blog/kroll/software-transparency- (1 more message)