Reinstalling Debian woes

Spread the love

This is a geeky post which is unlikely to be interesting or even understandable to anyone other than those familiar with Debian Linux or similar systems.

I managed to trash my Debian system just recently. The /root partition was too small. I used gparted to increase it but made the mistake of gparted’ing the / EFI partition while increasing the size of the /root partition. My Debian system has been great for years and I’m out of practice installing Linux. My excuse – as poor as it is – is that / is traditionally the root partition. The Linux filesystem has changed and now there’s a /root partition and / is the /boot partition.

I tried to the repair the / EFI partition without success. The reEFI tools wouldn’t work for me. I reinstalled Debian many times while keeping my /home partition. I was using Debian install in expert mode.

I found that xfce4 was virtually useless after the Debian install. I suppose that it may be because I’m keeping my /home partition upsetting the settings. [2/11/16 I’ll try getting rid of anything relevant. [2/11 later. It was the previous config messing it up))  All applications are obscuring the start menu and the minimise, maximise, close window **adornments** are missing. Audio is simply not working after a Debian 8 install – what’s that about? It should just work, I tried fixing it but I shouldn’t have to. Debian used to install so well. It’s a 2011 A64 system [2/11/16 Amd64) , mainstream now and really should be no problem.

Years ago (95-05) gnome was fine if a bit heavy and slow. I can’t stand it now even in classic mode. The default gnome is unbearable. KDE is so slow and a real pain to achieve anything. Audio still not working. [2/11/16  soundcard not recognised appears to be a problem with Deb8 install. I tried to get hold of Deb7 install because it upgrades fine … )

[ed: After reinstalling Debian on one occasion apt was warning that installations were unverified. apt’s verification system was compromised.)

I then tried to netinstall Debian. I suppose this is the real reason of this post. Fetching a netinstall image from Debian.org I noticed that I was downloading from another not Debian.org site. I do anyway check integrity and the netinstall image sha256sum was wrong. I found it difficult to find the sha256sum on the Debian site which was a bit of a pain.

[ed: Were the spooks onto me?)

I’m likely to install OpenBSD as a desktop.

Simple security suggestions: Check integrity of install images, use long passwords, use a firewall, check what services are visible using nmap.

[4/11/16 Looks like audio was fine and not working due to a silly mistake by me.]

Continue ReadingReinstalling Debian woes

I need to do a series on Israel and Palestine because that is so important in contemporary politics

Spread the love

An iron fist hides the shining star

The gun’s dark black shadow over Bethlehem

The shadow over the streets of Palestine are so dark

They build walls and shut roads

Despite this evil

There are those that know that the message is more that words

that from the darkness the lightness of the Dawn comes

that justice will bring the evil dark walls down

the hour will come for me to sing Halleluliah

There are people who see clearly, see the truth

 

Continue ReadingI need to do a series on Israel and Palestine because that is so important in contemporary politics

Computer Security: Why Yahoo email surveillance is a big deal

Spread the love

Reuters reported yesterday that Yahoo had actioned a secret dictate by a US security agency to search all it’s customers’ incoming emails.

A small excerpt of Reuters report

“…

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

…”

A program was written to search emails “for character strings”.

Yahoo facilitated remote retrieval.

Yahoo’s security team were excluded from the process.

Yahoo’s security team discovered the program in May 2015.

“within weeks of it’s installation”.

Chief Information Security Officer Alex Stamos resigns claiming that he was excluded from a decision that hurts client security.

Stamos says that hackers could have accessed the stored emails due to a programming flaw.

Why it’s a big deal

I’m not at all surprised that Stamos was pissed off. His security team would have their systems watching their networks for the slightest hint that anyone was thinking about hacking them. They would be watching which processes were running and be continually confirming the integrity of their programs. And then his boss allowed the government to root (rootkit) his systems.

In simple terms, the backdoor (remote retrieval) and it’s traffic was hidden, the running process was hidden and file system integrity checking was bypassed to hide the new program. That’s serious shit needing changes to the running system. It needs a rootkit to make a system hide all those things and behave as normal while hiding the rootkit itself. It was Stamos’s job to prevent some evil hackers from installing rootkits and therefore owning his systems and his boss has gone and installed one behind his back – and it may have been an insecure one at that.

There is a problem that the security team can’t really know how long they were pwned once the system is controlled by a rootkit. A competent rootkiter would certainly be able to fix the security archive as it was written to hide it’s existence and activity. This raises further questions: How long were they owned? Was the earlier security breach of late 2014 related in some way? The earlier security breach is attributed to state-sponsored actors.

[Even more: Take for example file integrity checking. The classic example is tripwire. At intervals it will check the integrity of system files. It’s basically enumerating system files checking that there are not more or less without reason and checking the integrity of important files e.g. program that run, to make sure that they haven’t changed.

To list files on Unix, the command ‘ls’ is used. ‘ls -al’ also shows hidden files and their lengths. The action of the ‘ls’ and similar commands are changed so that rootkit files and the new spying program is hidden – everything needs to appear normal and unchanged. The new program and the rootkit hides from everything by altering the running system.]

6/10/16 8am update:

Later reports suggest that the spying / scanning program was integrated with a pre-existing programme scanning for child pornography, malware and spam. This presents a reasonable explanation so that the new program changes and consequent process (running programme) were part of normal development / evolution of systems.

It still leaves the issue of the backdoor (remote access). It appears that a choice is presented: either there is a rootkit hiding the backdoor and it’s traffic or the string being searched for is the security agency’s string allowing remote access. It’s difficult to hide that backdoor and overall I’d go with a rootkit.

A rootkit tends to support Yahoo’s useless security over the past few years and the fact that it took so long to realise i.e. their systems were owned.

Continue ReadingComputer Security: Why Yahoo email surveillance is a big deal

The Nonsense of Nuclear Fuel Reprocessing

Spread the love

Dr. Ian Fairlie

The Nonsense of Nuclear Fuel Reprocessing

Many readers will have seen the interesting Panorama programme on the poor safety
record at Sellafield broadcast on BBC 1 on September 5
The BBC press release stated this was a special investigation into the shocking state of
Britain’s most hazardous nuclear plant…” and it certainly was. Perhaps the most important
of several whistleblower revelations was that the previous US managers had been shocked
at the state of the plant when they took over its running in 2008.
Although the programme producers are to be congratulated for tackling the subject, it was
only 30 minutes long and tells only a small part of the whole sorry story.
This article tries to give more background information, and importantly, more analysis and
explanation. The full story would require several books and would be painful reading.

What is reprocessing?

Reprocessing is the name given to the physico-chemical treatment of spent nuclear fuel
carried on at Sellafield in Cumbria since the 1950s. This involves the stripping of metal
cladding from spent nuclear fuel assemblies, dissolving the inner uranium fuel in boiling
concentrated nitric acid, chemically separating out the uranium and plutonium isotopes and
storing the remaining dissolved fission products in large storage tanks.
It is a dirty, dangerous, unhealthy, polluting, expensive process which results high radiation
doses to the ~9,000 workers employed at Sellafield.

Environmental consequences

The Sellafield plant is host to several hundred radioactive waste streams and processes
which result in large discharges of radioactive liquids to sea and emissions of radioactive
gases and aerosols to the atmosphere. Raised levels of childhood leukemias in some villages
nearby are considered to be linked to the inhalation and ingestion of these radionuclides.
Sellafield, and a similar plant in La Hague France, continue to be, by some margin, the
largest sources of radioactive pollution in the world. For example, the Irish Sea is the most
radioactively polluted sea in the world with about half a tonne of plutonium sitting on its
seabed from reprocessing.
The collective doses to the world’s population from the long-lived gaseous nuclides C-14,
and I-129, and from medium-lived Kr-85 and H-3 (tritium) emitted at Sellafield are huge and
are estimated by radiation biologists to cause tens of thousands of early deaths throughout
the world.
Another result is the 140 tonnes of unneeded, highly radiotoxic, plutonium (Pu) stored on
site at a cost of £50 million a year. Pu is fissile and, in the wrong hands, this amount could
be made into ~20,000 warheads, ie it is a serious nuclear proliferation danger.

The Liquid Waste Tanks

Shitty open-air pond at Sellafield nuclear waste dump containing spent nuclear fuel rods.
Shitty open-air pond at Sellafield nuclear waste dump containing spent nuclear fuel rods.
Not discussed in the BBC programme, but perhaps most serious of all, are the ~20 large
holding tanks at Sellafield containing thousands of litres of extremely radiotoxic fission
products, including long-lived Cs-137and Sr-90. Discussing these tanks, the previous
management consortium Nuclear Management Partners stated in 2012 “there is a mass of
very hazardous (nuclear) waste onsite in storage conditions that are extraordinarily
vulnerable, and in facilities that are well past their designated life”.
The National Audit Office (NAO) stated these tanks pose “significant risks to people and the
environment”. One official review concluded that, at worst, an explosive release from the
tanks could kill two million Britons and require the evacuation of an area reaching from
Glasgow to Liverpool. These dangerous tanks have also been the subject of complaints from
Ireland and Norway who fear their countries could be contaminated if explosions or fires
were to occur.

 

Lets not mince words, the practice of reprocessing at Sellafield has been and remains a
monumental national disgrace.
Another seabird in one of Sellafield nuclear dump's open-air ponds.
Another seabird in one of Sellafield nuclear dump’s open-air ponds.

The shocking state of the Sellafield nuclear shitehole

Continue ReadingThe Nonsense of Nuclear Fuel Reprocessing

Spread the love

I am not a member of the Labour Party or the Momentum organisation. I am an independent blogger and that’s it.

Complaints of anti-Corbynism are accepted in the comments.

 

Continue Reading