similar to: https everywhere.

Displaying 20 results from an estimated 9000 matches similar to: "https everywhere."

2015 May 15
2
https everywhere.
On 05/15/2015 02:49 PM, Matthew Miller wrote: > On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >> What are the plans for the CentOS repos with respect to authentication >> and https everywhere? At the moment it is a trivial exercise to >> perform a MTM attack during a yum update over http. > > Since the packages themselves are signed, what risk are you
2015 May 16
0
https everywhere.
On 16/05/15 08:36, Jim Perrin wrote: > > > On 05/15/2015 02:49 PM, Matthew Miller wrote: >> On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: >>> What are the plans for the CentOS repos with respect to authentication >>> and https everywhere? At the moment it is a trivial exercise to >>> perform a MTM attack during a yum update over http.
2014 Apr 08
2
OpenSSL Heartbeat exploit agains KVM guest systems
Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James
2014 Apr 08
2
OpenSSL Heartbeat exploit agains KVM guest systems
Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James
2015 May 15
0
https everywhere.
On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: > What are the plans for the CentOS repos with respect to authentication > and https everywhere? At the moment it is a trivial exercise to > perform a MTM attack during a yum update over http. Since the packages themselves are signed, what risk are you concerned about? -- Matthew Miller <mattdm at fedoraproject.org>
2013 Nov 25
2
Samba4 in FreeBSD cannot upgrade dns
Hi, Samba team! I am trying to install samba4 on FreeBSD 9.2 as a domain DC to join an existing samba4 domain controller on FreeBSD 9.2. I followed the instruction of: Samba4/HOWTO/Join a domain as a DC Everything is OK until I run the following command: root at mtm:/var/named/etc/namedb # samba-tool drs showrepl Default-First-Site-Name\MTM DSA Options: 0x00000001 DSA object GUID:
2017 Feb 13
0
Wich web browser on CentOS6 ?
On Fri, February 10, 2017 15:44, Alice Wonder wrote: > On 02/10/2017 12:34 PM, James B. Byrne wrote: >> >> On Fri, February 10, 2017 06:26, Patrick Begou wrote: >>> Hello >>> >>> I have more and more troubles using firefox in professional >>> environment with >>> CentOS6. The latest version is 45.7.0 But I can't use it anymore to
2015 Dec 08
2
wifi on servers and fedora [was Re: 7.2 kernel panic on boot]
On Mon, December 7, 2015 13:41, Matthew Miller wrote: > On Fri, Dec 04, 2015 at 09:03:50AM -0500, James B. Byrne wrote: >> On Thu, Dec 03, 2015 at 02:50:38PM -0500, m.roth at 5-cent.us wrote: >> > For laptops, great. For anything else, not so much. For example, >> > it's supposed to be an *ENTERPRISE* o/s... why does it >> > automatically, without ever
2019 Oct 03
7
CentOS 8 network-scripts
I have need to use the old network-scripts and not NetworkManager. I did yum install network-scripts, I have ifcfg-eth0 set for ONBOOT=yes but it is not starting on boot. What have I missed ? Jerry
2016 Jun 18
2
https and self signed
On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: > > > > We operate a private CA for our domain and have since 2005. We > > maintain a public CRL strictly in accordance with our CPS and have our > > own OID assigned. Our CPS and CRL together with our active, expired > > and revoked certificate inventory is
2015 Dec 04
3
7.2 kernel panic on boot
On Thu, December 3, 2015 14:50, m.roth at 5-cent.us wrote: > Valeri Galtsev wrote: . . . >> That is my main complaint about parallelized boot. My brain is >> only capable to deal with serial sequence of events, and which >> next event is deterministically predictable from previous. As >> with fatal things like kernel panic, it is the previous before >> the
2014 Oct 24
7
A request for help managing wiki permissions
Long story short, the core team doesn't need to be in the business of micro-managing wiki permissions. We've not been that good at it during the best of times, and as the 6.6 build process is showing we've clearly let some stuff slip without following up on it appropriately here. What I'd propose is that 3-4 people who have been around the distribution a while (perhaps John
2017 Jun 18
2
dist function in R is very slow
Hi Stefan, Thank you very much for pointing me to the wordspace package. It does the job a bit faster than my C code but is 100 times more convenient. By the way, since the tcrossprod function in the Matrix package is so fast, the Euclidean distance can be computed very fast: euc_dist <- function(m) {mtm <- Matrix::tcrossprod(m); sq <- rowSums(m*m);? sqrt(outer(sq,sq,"+") -
2016 Jun 18
0
https and self signed
On Sat, June 18, 2016 7:52 am, Always Learning wrote: > > On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > >> On 17/06/16 15:46, James B. Byrne wrote: > >> > >> > We operate a private CA for our domain and have since 2005. We >> > maintain a public CRL strictly in accordance with our CPS and have our >> > own OID assigned. Our CPS and
2016 Jun 18
0
https and self signed
On Fri, June 17, 2016 11:06, Walter H. wrote: > On 17.06.2016 16:46, James B. Byrne wrote: >> On Thu, June 16, 2016 13:53, Walter H. wrote: >>> On 15.06.2016 16:17, Warren Young wrote: >>>> but it also affects the other public CAs: you can???t get a >>>> publicly-trusted cert for a machine without a publicly-recognized >>>> and -visible
2017 Sep 21
6
Notice: Check your tuned settings for a performance boost.
Last week we noticed that the default scheduler isn't being set properly in CentOS 7. I haven't checked this for CentOS 6, but it might be worth exploring. The TL;DR is unless you're running CentOS 7 on a laptop or as a virtual guest, you should probably run 'tuned-adm profile throughput-performance' I wrote up the full details here ->
2016 Jun 17
0
https and self signed
On 17/06/16 15:46, James B. Byrne wrote: > > On Thu, June 16, 2016 13:53, Walter H. wrote: >> On 15.06.2016 16:17, Warren Young wrote: >>> but it also affects the other public CAs: you can???t get a >>> publicly-trusted cert for a machine without a publicly-recognized >>> and -visible domain name. For that, you still need to use >>> self-signed
2016 Jun 17
1
[Fwd: Re: https and self signed]
On Fri, June 17, 2016 12:31, Valeri Galtsev wrote: > > On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > >> Keys issued to individuals certainly should have short time limits >> on them. In the same way that user accounts on systems should >> always have a near term expiry date set. People are careless. >> And their motivations are subject to change. >
2016 Jun 17
4
https and self signed
On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can???t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >> self-signed certs or certs signed by a private CA. >> > A private CA is the
2016 Jun 18
1
[Fwd: Re: https and self signed]
On Fri, June 17, 2016 13:08, Valeri Galtsev wrote: > > We do not expire accounts until the person leaves the Department > and grace period passes. Then we do lock account and after some > time person's files are being deleted. This is the policy, and > this is what we do. The only time when account expiration is being > set is for undergraduate students who temporarily work