Minutes 2024-10-03: Difference between revisions
Jump to navigation
Jump to search
m (minor fixing-up of some details and grammar) |
m (forgot to add openbsd mailing list link) |
||
(One intermediate revision by the same user not shown) | |||
Line 77: | Line 77: | ||
## Josh has been converted, decided to install 9Front |
## Josh has been converted, decided to install 9Front |
||
## ....don't fork-bomb guardian (oops) |
## ....don't fork-bomb guardian (oops) |
||
## Backdoored crypto |
|||
### Dual_EC_DRBG |
|||
### Security compliance forcing companies to obey FIPS is ironic [https://marc.info/?l=openbsd-misc&m=139819485423701&w=2] |
|||
## Please don't host copyright-sussy material on your public Shell page |
## Please don't host copyright-sussy material on your public Shell page |
||
### Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about... |
### Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about... |
Latest revision as of 01:05, 4 October 2024
- Met in Rekhi 114 for Install-a-thon at 5PM
- Everyone who showed up already had Linux installed on their laptops lol
- Talked about hacking Bryce's router
- Putting it into 'warehouse' mode [1]
- Moved to Rekhi 101 at 7PM for Nate's presentation on Plan 9!
- Going over new members to LUG
- Why they wanted to learn Linux
- What is UNIX
- UNIX philosophy (do one thing and do it well)
- UNIX-likes
- Linux
- FreeBSD
- AIX
- Limitations of UNIX
- Not everything is a file (syscalls, sockets)
- Graphics
- New features tacked-on after the fact rather than designed from within the operating system.
- Processes are privileged by default
- Tools 'work backwards' to subtract privileges from processes
chroot
- FreeBSD
jails
- OpenBSD
pledge
andunveil
- Linux
cgroups
andnamespaces
- Clustering is hard
- Proper clustering systems basically rewrite the entire application-level stack (e.g. Kubernetes)
- Scope creep in common utilities causes vulnerabilities
sudo
- GTFOBins [2]
- What is Plan 9?
- What Plan 9 does better
- Networking stack is represented as multiple filesystems in /net
/net/tcp
/net/udp
/net/tcp
/net/icmp
- Graphical devices are represented as filesystems in
/dev
/dev/screen
is your current screen- 'screenshotting' is just copying
/dev/screen
to a file, and converting it to png
- global mounts do not exist, all processes have their own namespace
mount
andunmount
(notumount
) to control filesystems- Processes without the audio filesystem will not be able to play audio, processes without
/dev/net
can't send network traffic, etc
- 9p protocol backs all inter-process file-based communication
- 9p is network transparent
- Can mount remote audio filesystem to play audio on remote computers
- Interact with
/dev/kbd
(keyboard) on remote computer
- Plan 9 is a distributed operating system
- An idealized Plan 9 lab consists of a number of servers
- User-facing terminals are thin clients with no local storage
- CPU servers for compute
- File servers for data storage
- Auth servers for authentication
- Networking stack is represented as multiple filesystems in /net
- State of Plan 9 today
- Failed to gain significant market share, UNIX and UNIX-likes got 'good enough'
- Development slowed in 1990's
- Fourth edition was released under custom open-source license in 2002
- Allen finds a statement from Stallman about it not being 'FOSS' lol [3]
- All editions released under GPL in 2015
- 2021 control given to Plan 9 Foundation, license changed to MIT for all editions
- 9Front
- Developed by cat-v, self-described "Random Contrarian Insurgent Organization"
- 9Front website
- 9Front fixes and improvements to Plan 9
- All around better hardware support, especially on Thinkpads
- Improved filesystems (
cwfs
,hjfs
)
- Who is Cirno
- Official 9Front mascot
- Using 9Front
- Demo!
- How does piping raw audio files to the audio filesystem work, given differing sample rates?
- Turns out, the audio filesystem expects a sample rate of 44.1 kHz by default (same quality of CDs). This is determined by the driver.
- The default tools on 9Front that convert different audio formats into waveforms automatically output with 44.1 kHz sample rate (so the output can be directly piped into the audio filesystem)
- Threat landscape for 9Front?
- That one path traversal exploit /g/ found on 9Front's homepage [4]
- Recompiling the kernel
- It worked (woo)
- Going over new members to LUG
- Wrap up
- Josh has been converted, decided to install 9Front
- ....don't fork-bomb guardian (oops)
- Backdoored crypto
- Dual_EC_DRBG
- Security compliance forcing companies to obey FIPS is ironic [5]
- Please don't host copyright-sussy material on your public Shell page
- Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about...
- No Schmidt's today :(
- most members had upcoming and/or take-home exams