Minutes 2024-10-03: Difference between revisions

From MTU LUG Wiki
Jump to navigation Jump to search
(forgot we talked about backdoored crypto at the end too)
m (forgot to add openbsd mailing list link)
 
Line 79: Line 79:
## Backdoored crypto
## Backdoored crypto
### Dual_EC_DRBG
### Dual_EC_DRBG
### Security compliance forcing companies to obey FIPS is ironic
### Security compliance forcing companies to obey FIPS is ironic [https://marc.info/?l=openbsd-misc&m=139819485423701&w=2]
## Please don't host copyright-sussy material on your public Shell page
## Please don't host copyright-sussy material on your public Shell page
### Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about...
### Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about...

Latest revision as of 01:05, 4 October 2024

  1. Met in Rekhi 114 for Install-a-thon at 5PM
    1. Everyone who showed up already had Linux installed on their laptops lol
    2. Talked about hacking Bryce's router
      1. Putting it into 'warehouse' mode [1]
  2. Moved to Rekhi 101 at 7PM for Nate's presentation on Plan 9!
    1. Going over new members to LUG
      1. Why they wanted to learn Linux
    2. What is UNIX
      1. UNIX philosophy (do one thing and do it well)
    3. UNIX-likes
      1. Linux
      2. FreeBSD
      3. AIX
    4. Limitations of UNIX
      1. Not everything is a file (syscalls, sockets)
      2. Graphics
      3. New features tacked-on after the fact rather than designed from within the operating system.
      4. Processes are privileged by default
      5. Tools 'work backwards' to subtract privileges from processes
        1. chroot
        2. FreeBSD jails
        3. OpenBSD pledge and unveil
        4. Linux cgroups and namespaces
      6. Clustering is hard
        1. Proper clustering systems basically rewrite the entire application-level stack (e.g. Kubernetes)
      7. Scope creep in common utilities causes vulnerabilities
        1. sudo
        2. GTFOBins [2]
    5. What is Plan 9?
    6. What Plan 9 does better
      1. Networking stack is represented as multiple filesystems in /net
        1. /net/tcp
        2. /net/udp
        3. /net/tcp
        4. /net/icmp
      2. Graphical devices are represented as filesystems in /dev
        1. /dev/screen is your current screen
        2. 'screenshotting' is just copying /dev/screen to a file, and converting it to png
      3. global mounts do not exist, all processes have their own namespace
        1. mount and unmount (not umount) to control filesystems
        2. Processes without the audio filesystem will not be able to play audio, processes without /dev/net can't send network traffic, etc
      4. 9p protocol backs all inter-process file-based communication
      5. 9p is network transparent
        1. Can mount remote audio filesystem to play audio on remote computers
        2. Interact with /dev/kbd (keyboard) on remote computer
      6. Plan 9 is a distributed operating system
        1. An idealized Plan 9 lab consists of a number of servers
        2. User-facing terminals are thin clients with no local storage
        3. CPU servers for compute
        4. File servers for data storage
        5. Auth servers for authentication
    7. State of Plan 9 today
      1. Failed to gain significant market share, UNIX and UNIX-likes got 'good enough'
      2. Development slowed in 1990's
      3. Fourth edition was released under custom open-source license in 2002
        1. Allen finds a statement from Stallman about it not being 'FOSS' lol [3]
      4. All editions released under GPL in 2015
      5. 2021 control given to Plan 9 Foundation, license changed to MIT for all editions
    8. 9Front
      1. Developed by cat-v, self-described "Random Contrarian Insurgent Organization"
      2. 9Front website
    9. 9Front fixes and improvements to Plan 9
      1. All around better hardware support, especially on Thinkpads
      2. Improved filesystems (cwfs, hjfs)
    10. Who is Cirno
      1. Official 9Front mascot
    11. Using 9Front
      1. Demo!
      2. How does piping raw audio files to the audio filesystem work, given differing sample rates?
        1. Turns out, the audio filesystem expects a sample rate of 44.1 kHz by default (same quality of CDs). This is determined by the driver.
        2. The default tools on 9Front that convert different audio formats into waveforms automatically output with 44.1 kHz sample rate (so the output can be directly piped into the audio filesystem)
      3. Threat landscape for 9Front?
        1. That one path traversal exploit /g/ found on 9Front's homepage [4]
      4. Recompiling the kernel
        1. It worked (woo)
  3. Wrap up
    1. Josh has been converted, decided to install 9Front
    2. ....don't fork-bomb guardian (oops)
    3. Backdoored crypto
      1. Dual_EC_DRBG
      2. Security compliance forcing companies to obey FIPS is ironic [5]
    4. Please don't host copyright-sussy material on your public Shell page
      1. Totally unrelated pro-tip: if you make an index.html file in a directory, shell won't display a list of its contents to web browsers. Just something to think about...
    5. No Schmidt's today :(
      1. most members had upcoming and/or take-home exams