similar to: https everywhere.

On 05/15/2015 02:49 PM, Matthew Miller wrote: > On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >> What are the plans for the CentOS repos with respect to authentication >> and https everywhere? At the moment it is a trivial exercise to >> perform a MTM attack during a yum update over http. > > Since the packages themselves are signed, what risk are you

On 16/05/15 08:36, Jim Perrin wrote: > > > On 05/15/2015 02:49 PM, Matthew Miller wrote: >> On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >>> What are the plans for the CentOS repos with respect to authentication >>> and https everywhere? At the moment it is a trivial exercise to >>> perform a MTM attack during a yum update over http.

Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James

Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James

On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: > What are the plans for the CentOS repos with respect to authentication > and https everywhere? At the moment it is a trivial exercise to > perform a MTM attack during a yum update over http. Since the packages themselves are signed, what risk are you concerned about? -- Matthew Miller <mattdm at fedoraproject.org>

Hi, Samba team! I am trying to install samba4 on FreeBSD 9.2 as a domain DC to join an existing samba4 domain controller on FreeBSD 9.2. I followed the instruction of: Samba4/HOWTO/Join a domain as a DC Everything is OK until I run the following command: root at mtm:/var/named/etc/namedb # samba-tool drs showrepl Default-First-Site-Name\MTM DSA Options: 0x00000001 DSA object GUID:

On Fri, February 10, 2017 15:44, Alice Wonder wrote: > On 02/10/2017 12:34 PM, James B. Byrne wrote: >> >> On Fri, February 10, 2017 06:26, Patrick Begou wrote: >>> Hello >>> >>> I have more and more troubles using firefox in professional >>> environment with >>> CentOS6. The latest version is 45.7.0 But I can't use it anymore to

On Mon, December 7, 2015 13:41, Matthew Miller wrote: > On Fri, Dec 04, 2015 at 09:03:50AM -0500, James B. Byrne wrote: >> On Thu, Dec 03, 2015 at 02:50:38PM -0500, m.roth at 5-cent.us wrote: >> > For laptops, great. For anything else, not so much. For example, >> > it's supposed to be an *ENTERPRISE* o/s... why does it >> > automatically, without ever

I have need to use the old network-scripts and not NetworkManager. I did yum install network-scripts, I have ifcfg-eth0 set for ONBOOT=yes but it is not starting on boot. What have I missed ? Jerry

On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: > > > > We operate a private CA for our domain and have since 2005. We > > maintain a public CRL strictly in accordance with our CPS and have our > > own OID assigned. Our CPS and CRL together with our active, expired > > and revoked certificate inventory is

On Thu, December 3, 2015 14:50, m.roth at 5-cent.us wrote: > Valeri Galtsev wrote: . . . >> That is my main complaint about parallelized boot. My brain is >> only capable to deal with serial sequence of events, and which >> next event is deterministically predictable from previous. As >> with fatal things like kernel panic, it is the previous before >> the

Long story short, the core team doesn't need to be in the business of micro-managing wiki permissions. We've not been that good at it during the best of times, and as the 6.6 build process is showing we've clearly let some stuff slip without following up on it appropriately here. What I'd propose is that 3-4 people who have been around the distribution a while (perhaps John

Hi Stefan, Thank you very much for pointing me to the wordspace package. It does the job a bit faster than my C code but is 100 times more convenient. By the way, since the tcrossprod function in the Matrix package is so fast, the Euclidean distance can be computed very fast: euc_dist <- function(m) {mtm <- Matrix::tcrossprod(m); sq <- rowSums(m*m);? sqrt(outer(sq,sq,"+") -

On Sat, June 18, 2016 7:52 am, Always Learning wrote: > > On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > >> On 17/06/16 15:46, James B. Byrne wrote: > >> > >> > We operate a private CA for our domain and have since 2005. We >> > maintain a public CRL strictly in accordance with our CPS and have our >> > own OID assigned. Our CPS and

On Fri, June 17, 2016 11:06, Walter H. wrote: > On 17.06.2016 16:46, James B. Byrne wrote: >> On Thu, June 16, 2016 13:53, Walter H. wrote: >>> On 15.06.2016 16:17, Warren Young wrote: >>>> but it also affects the other public CAs: you can???t get a >>>> publicly-trusted cert for a machine without a publicly-recognized >>>> and -visible

Last week we noticed that the default scheduler isn't being set properly in CentOS 7. I haven't checked this for CentOS 6, but it might be worth exploring. The TL;DR is unless you're running CentOS 7 on a laptop or as a virtual guest, you should probably run 'tuned-adm profile throughput-performance' I wrote up the full details here ->

On 17/06/16 15:46, James B. Byrne wrote: > > On Thu, June 16, 2016 13:53, Walter H. wrote: >> On 15.06.2016 16:17, Warren Young wrote: >>> but it also affects the other public CAs: you can???t get a >>> publicly-trusted cert for a machine without a publicly-recognized >>> and -visible domain name. For that, you still need to use >>> self-signed

On Fri, June 17, 2016 12:31, Valeri Galtsev wrote: > > On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > >> Keys issued to individuals certainly should have short time limits >> on them. In the same way that user accounts on systems should >> always have a near term expiry date set. People are careless. >> And their motivations are subject to change. >

On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can???t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >> self-signed certs or certs signed by a private CA. >> > A private CA is the

On Fri, June 17, 2016 13:08, Valeri Galtsev wrote: > > We do not expire accounts until the person leaves the Department > and grace period passes. Then we do lock account and after some > time person's files are being deleted. This is the policy, and > this is what we do. The only time when account expiration is being > set is for undergraduate students who temporarily work