Re: [GTALUG] Linux servers attacked!

2020-05-11 Thread Lennart Sorensen via talk 
On Mon, May 11, 2020 at 11:35:18AM -0400, John Moniz via talk wrote:
> Is BB10 any closer to QNX than Android is to Linux? It sounds like I'm wrong 
> but
> thought they both evolved far enough from their roots to have their own name.

Well BB10 of course had a GUI framework for apps, which I don't think
had anything to do with QNX, although I am not sure if QNX ever had
any particular GUI interface in particular.  I have seen a number of
different ones running on top of QNX over the years.

Certainly a shell on a BB10 device looked a lot more likq QNX than I
have ever seen on an android device.

Android apps are java based, BB10 seems to be C++ or javascript/QML for the
most part.  I guess that implies BB10 is QT based for the GUI.
Android's runtime has nothing to do with other Linux systems at all.
It only uses the kernel.

-- 
Len Sorensen
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-11 Thread John Moniz via talk 

> 
> -- Original Message --
> From: Lennart Sorensen via talk 
> Date: May 11, 2020 at 11:08 AM
> 
> 
> On Sun, May 10, 2020 at 01:41:41PM -0400, Scott Allen via talk wrote:
> > On Sun, 10 May 2020 at 13:38, John Moniz via talk 
> > wrote:
> > > Don't think QNX was ever a phone OS.
> >
> > https://en.wikipedia.org/wiki/BlackBerry_10
> 
> It was an excellent phone OS (far better than android) but no one wanted
> to support it with apps which pretty much killed its chances of staying
> around, so it didn't.
> 

Is BB10 any closer to QNX than Android is to Linux? It sounds like I'm wrong but
thought they both evolved far enough from their roots to have their own name.

John.

> 
> 
> --
> Len Sorensen
> ---
> Post to this mailing list talk@gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
> ---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-11 Thread Lennart Sorensen via talk 
On Sun, May 10, 2020 at 01:41:41PM -0400, Scott Allen via talk wrote:
> On Sun, 10 May 2020 at 13:38, John Moniz via talk  wrote:
> > Don't think QNX was ever a phone OS.
> 
> https://en.wikipedia.org/wiki/BlackBerry_10

It was an excellent phone OS (far better than android) but no one wanted
to support it with apps which pretty much killed its chances of staying
around, so it didn't.

-- 
Len Sorensen
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread Christopher Browne via talk 
On Sun, 10 May 2020 at 11:01, James Knott via talk  wrote:

> On 2020-05-10 10:05 AM, Stewart C. Russell via talk wrote:
> > Blackberry == QNX these days
>
> Didn't they move to Android a few years back, at least for some models?
>

Yep.  In 2016, they contracted out building of phones to TCL.
https://www.theverge.com/2016/9/28/13088362/blackberry-stop-making-phones

(I always somewhat double-take when I see anything branded TCL, for the
obvious reason!)

The deal with TCL ends this August, so it's not evident that they'll have
any hardware
offerings anymore.

The Playbook was interesting in this regard; the kernel was QNX, but it had
an Android
layer, and that would have been an interesting take on "doing Android" in
the marketplace;
I don't think that strategy made it to any of the phone offerings.

I'm wrong on that, it turns out; "Blackberry 10" was indeed QNX
underneath...
https://en.wikipedia.org/wiki/BlackBerry_10
There were around a dozen phones released (some not actually released) on
"Blackberry 10" between 2013 and 2015, and later editions did indeed have
an
Android "runtime" to allow running some Android apps.  So I suppose we could
say it's both a dessert wax, and a floor topping ;-)
-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread James Knott via talk 

On 2020-05-10 01:38 PM, John Moniz via talk wrote:

I have a Blackberry Android phone. Don't think QNX was ever a phone OS.



According to this, Blackberry 10 is based on QNX.,
https://en.wikipedia.org/wiki/BlackBerry_10
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread Scott Allen via talk 
On Sun, 10 May 2020 at 13:38, John Moniz via talk  wrote:
> Don't think QNX was ever a phone OS.

https://en.wikipedia.org/wiki/BlackBerry_10

-- 
Scott
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread John Moniz via talk 
I have a Blackberry Android phone. Don't think QNX was ever a phone OS.JohnOn May 10, 2020 11:00 AM, James Knott via talk  wrote:On 2020-05-10 10:05 AM, Stewart C. Russell via talk wrote:
> Blackberry == QNX these days
Didn't they move to Android a few years back, at least for some models?
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread James Knott via talk 

On 2020-05-10 10:05 AM, Stewart C. Russell via talk wrote:

Blackberry == QNX these days


Didn't they move to Android a few years back, at least for some models?

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread Stewart C. Russell via talk 

On 2020-05-09 5:22 p.m., D. Hugh Redelmeier via talk wrote:


...
There is a claim that this stuff is widespread and has been for a long
time.  I don't think any quantitative evidence is revealed.


Blackberry == QNX these days, and a company that exists to sell "not 
Linux" might reasonably have a hate on for a free OS. ISTR an embedded 
compiler company a few years ago used to come out with quite amusing 
"GCC = Death" hot takes.


That's not to say they're producing bad products (the last time I used 
QNX it was quite lovely and rock solid) but it's not going to lose them 
any money to diss Linux.


It's not like Blackberry's selling many phones right now ...
/ducks

 Stewart


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-10 Thread ac via talk 
On Sat, 9 May 2020 23:10:12 -0400
Alvin Starr via talk  wrote:

absolutely agree with everything you said.

> Its clearly trading on the current trend in China bashing.
> I have no doubt that China is sponsoring state hacking but then so is 
> just about every other country in the world so in Canada we should be 
> worried about China, Russia, U.S.A. equally.
> There are also criminals and corporate sponsored hackers to worry
> about. Add to that political groups aggressively targeting opposing
> political groups in the same country.
> There is WAY more to worry about than just China.
> I would say it was a crappy "dog whistle messaging" kind of article
> that is trying to leverage current fears to push a business agenda.
> 
it is weird that everyone is becoming very nationalistic in a time
where the planet faces various crises as humanity. 
the small brains are still dividing the world into little pockets and the 
little pockets are more increasingly isolating themselves and now waging 
war with other pockets in a clash to control the most resources and 
generally fuck other pockets as much as possible.

people everywhere are changing, what all of us are becoming is
disgusting, if we were better, we would see this more clearly, but we
are not. 

in the words of the Greatest President that has ever lived of the
Greatest, Best, Strongest or Richest Country in the world, Donald
Trump : "It is what it is"





 
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux servers attacked!

2020-05-09 Thread Alvin Starr via talk 

On 5/9/20 5:22 PM, D. Hugh Redelmeier via talk wrote:



This describes a lot of attacks, starting with a Linux server victim.
Sounds like juicy stuff.  I didn't find it so.

It didn't clearly say what vulnarabilities were being exploited.




The article hinted that a foothold was established via brute-force
password guessing at logins.  My servers only allow SSH logins, so
this would not work on my machines.  Does anyone still use passwords
for logins facing the internet?  Consumer crap (wireless routers,
baby monitors, ...), I guess.

There are buffer overflow hacks that crop up on a semi-regular basis.
There are sloppy PHP,Ruby,Perl,Python,C,C++ ... programmers who do 
things that allow arbitrary command execution.

There are occasional bugs that allow privilege escalation.
There are bugs that allow data to be extracted from virtual machines 
running on some hypervisors.
There have been bugs in cryptography protocols that have allowed 
information extraction and other attacks.


These tend to get plugged but often the software running on real systems 
does not get updated nearly enough.


I had a system hacked 20 years ago from having a system accidentally  
running sendmail which had a buffer overflow problem.

It can easily happen and not just through bad passwords.



After the login, a kernel module is installed.  Where does the
privilege come from?  An unmentioned hole?
All you need is a single set UID script with 777 permissions and I know 
of at least 1 company that would run chmod -R 777 /somedir to get around 
having to manage user/group ids.

Also over the years there have been privilege escalation bugs.



There is a claim that this stuff is widespread and has been for a long
time.  I don't think any quantitative evidence is revealed.
Most all the above are sloppy systems admin and apply to just about 
every OS not just Linux.

I found the repetition of the words "Open Source" a bit annoying.
And the citing of hacks up to 10 years old.
But I am sure the intent of the document is to scare people into buying 
BlackBerry security services.

Its clearly trading on the current trend in China bashing.

I have no doubt that China is sponsoring state hacking but then so is 
just about every other country in the world so in Canada we should be 
worried about China, Russia, U.S.A. equally.

There are also criminals and corporate sponsored hackers to worry about.
Add to that political groups aggressively targeting opposing political 
groups in the same country.


There is WAY more to worry about than just China.

I would say it was a crappy "dog whistle messaging" kind of article that 
is trying to leverage current fears to push a business agenda.



---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk


--
Alvin Starr   ||   land:  (647)478-6285
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] Linux servers attacked!

2020-05-09 Thread D. Hugh Redelmeier via talk 


This describes a lot of attacks, starting with a Linux server victim.
Sounds like juicy stuff.  I didn't find it so.

It didn't clearly say what vulnarabilities were being exploited.

The article hinted that a foothold was established via brute-force
password guessing at logins.  My servers only allow SSH logins, so
this would not work on my machines.  Does anyone still use passwords
for logins facing the internet?  Consumer crap (wireless routers,
baby monitors, ...), I guess.

After the login, a kernel module is installed.  Where does the
privilege come from?  An unmentioned hole?

There is a claim that this stuff is widespread and has been for a long
time.  I don't think any quantitative evidence is revealed.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk