Re: [DNG] Security implications of IPv4 vs IPv6 (was Re: Configuring ethernet port for IPv6)

2022-01-29 Thread Joel Roth via Dng
On Sun, Jan 30, 2022 at 12:36:46AM +1100, wirelessduck--- via Dng wrote: > > On 29 Jan 2022, at 18:22, Joel Roth via Dng wrote: > > > > On Sat, Jan 29, 2022 at 01:22:57AM -0500, Steve Litt wrote: > > > >> Joel Roth said on Fri, 28 Jan 2022 15:19:35 -1000 > >>> IPv6 does have some security

Re: [DNG] Security implications of IPv4 vs IPv6 (was Re: Configuring ethernet port for IPv6)

2022-01-29 Thread wirelessduck--- via Dng
> On 29 Jan 2022, at 18:22, Joel Roth via Dng wrote: > > On Sat, Jan 29, 2022 at 01:22:57AM -0500, Steve Litt wrote: > [redirecting to list, I think that's what you intended] > >> Joel Roth said on Fri, 28 Jan 2022 15:19:35 -1000 > On my next router, (probably OpenBSD/pf), I'm going to

Re: [DNG] Security problem

2019-10-19 Thread tom
On Mon, 14 Oct 2019 07:07:18 +0200 "J. Fahrner via Dng" wrote: > Am 2019-10-14 01:01, schrieb tom: > > Why in gods name does a centralized instant messenger require root > > privileges on your machine? > > Signal uses the electron framework for running in a sandbox. Electron > uses the Linux

Re: [DNG] Security problem

2019-10-13 Thread J. Fahrner via Dng
Am 2019-10-14 01:01, schrieb tom: Why in gods name does a centralized instant messenger require root privileges on your machine? Signal uses the electron framework for running in a sandbox. Electron uses the Linux user namespaces feature for building the sandbox, but this seems to be

Re: [DNG] Security problem

2019-10-13 Thread tom
On Mon, 30 Sep 2019 19:46:28 +0200 Gonzalo Pérez de Olaguer Córdoba wrote: > Hi, Jochen. > > El Mon, 30 Sep 2019 19:29:34 +0200 > "J. Fahrner via Dng" escribió: > > > I just came across a security problem. The application > > signal-desktop could not be started anymore because a file from the

Re: [DNG] Security problem

2019-09-30 Thread Gonzalo Pérez de Olaguer Córdoba
Hi, Jochen. El Mon, 30 Sep 2019 19:29:34 +0200 "J. Fahrner via Dng" escribió: > I just came across a security problem. The application signal-desktop > could not be started anymore because a file from the electron framework > did not set a setuid bit >

Re: [DNG] Security Jessie VS ASCII

2018-11-11 Thread Andres Suarez
Thanks both. Server and PC updated. Had only a minor issue that got fixed with this link: https://linuxiswonderful.wordpress.com/2018/05/01/x-broken-as-drmsetmas ter-failed/ Looks quite pretty, I have the impression that even the graphics cardworks faster) Regards, -- Andres Suarez Mobile

Re: [DNG] Security Jessie VS ASCII

2018-11-11 Thread Martin Steigerwald
Adam Borowski - 10.11.18, 23:19: > On Sat, Nov 10, 2018 at 07:41:19PM +0300, Andres Suarez wrote: > > From the security point of view: Is it worth to update from Jessie > > to > > ASCII? Do you see any significant advantage? I do no use any exotic > > software. > Yes. Upstream (Debian) Jessie is

Re: [DNG] Security Jessie VS ASCII

2018-11-10 Thread Adam Borowski
On Sat, Nov 10, 2018 at 07:41:19PM +0300, Andres Suarez wrote: > Hello everybody, > > From the security point of view: Is it worth to update from Jessie to > ASCII? Do you see any significant advantage? I do no use any exotic software. Yes. Upstream (Debian) Jessie is only in LTS, which, as

Re: [DNG] Security advisories (was: [j...@debian.org: [SECURITY] [DSA 4139-1] firefox-esr security update])

2018-03-16 Thread Florian Zieboll
Am 16. März 2018 13:17:58 MEZ schrieb KatolaZ : > On Fri, Mar 16, 2018 at 12:07:46PM +, leloft wrote: > > pinpoint any DSA whose patch is *not* > already available in Devuan Not willing to interfere with leloft's new task - just two relevant issues from the past few

Re: [DNG] security

2017-09-26 Thread Hendrik Boom
On Tue, Sep 26, 2017 at 03:42:45AM -0400, taii...@gmx.com wrote: > On 09/19/2017 02:47 PM, Hendrik Boom wrote > > >Unfortunately, that comes at too high high a price for many of us. > >But the cheaper systems are riddled with unexaminable firmware. > >There's no good technical reason why this

Re: [DNG] security

2017-09-26 Thread Steve Litt
On Tue, 26 Sep 2017 03:42:45 -0400 "taii...@gmx.com" wrote: > On 09/19/2017 02:47 PM, Hendrik Boom wrote > > > Unfortunately, that comes at too high high a price for many of us. > > But the cheaper systems are riddled with unexaminable firmware. > > There's no good technical

Re: [DNG] security

2017-09-26 Thread taii...@gmx.com
On 09/19/2017 02:47 PM, Hendrik Boom wrote Unfortunately, that comes at too high high a price for many of us. But the cheaper systems are riddled with unexaminable firmware. There's no good technical reason why this should be the case. We end up resenting it but settling for it because it's

Re: [DNG] security

2017-09-19 Thread Miroslav Rovis
On 170919-14:47-0400, Hendrik Boom wrote: > On Tue, Sep 19, 2017 at 02:47:00PM +, Miroslav Rovis wrote: > > > I'm trying not to go off topic here... But just a few more words... > > Security in systems running Devuan is on topic here. We choose Devuan > in part for security, and to be

Re: [DNG] security

2017-09-19 Thread Hendrik Boom
On Tue, Sep 19, 2017 at 02:47:00PM +, Miroslav Rovis wrote: > I'm trying not to go off topic here... But just a few more words... Security in systems running Devuan is on topic here. We choose Devuan in part for security, and to be effective, we need security ll the way down. > > > I am

Re: [DNG] Security updates in Devuan

2017-09-07 Thread Olaf Meeuwissen
Hi John, John Franklin writes: > I’ve seen several security alerts from Debian, but no matching > updates in Devuan. For example, the “file" package has > CVE-2017-1000249, released yesterday. > >> For the stable distribution (stretch), this problem has been fixed in >> version 1:5.30-1+deb9u1.

Re: [DNG] Security news about TCP weakness

2016-08-11 Thread Rick Moen
Quoting Simon Hobson (li...@thehobsons.co.uk): > As Arnt Karlsen mentioned in the Bootloaders thread, there a new twist > which is the result of a security fix > > http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/ > > In a bid to thwart the risk from

Re: [DNG] Security news about TCP weakness

2016-08-11 Thread Simon Hobson
I wrote: > Go Linux wrote: > >> For those of you so inclined. Is this important, old news or just academic >> posturing? > > I think it's all three ! > It looks very much related to a CVE from 2004 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0230 OK, so

Re: [DNG] Security news about TCP weakness

2016-08-10 Thread Simon Hobson
Go Linux wrote: > For those of you so inclined. Is this important, old news or just academic > posturing? I think it's all three ! It looks very much related to a CVE from 2004 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0230 Fundamentally, if someone can

Re: [DNG] security in Devuan repos

2015-10-19 Thread Alberto Senni
Il 17/10/2015 03:29, edinaldo ha scritto: Hello my name EDPS and living in Brazil. A few days ago in my blog, i made a few how-tos about how to modify an installation of Debian Jessie 8.2 or Debian 7.9 Wheezy in Devuan (of course this is not something official, but fruits of personal tests).

Re: [DNG] security in Devuan repos

2015-10-19 Thread edinaldo
Em Mon, 19 Oct 2015 12:38:32 -0200, escreveu: Alberto Senni, unfortunately, there is no translation into English or another language, only the pt_BR. ___ Dng mailing list Dng@lists.dyne.org

Re: [DNG] security in Devuan repos

2015-10-19 Thread Riccardo Boninsegna
On Fri, 16 Oct 2015 22:29:30 -0300 edinaldo wrote: > I come to ask how the issue of security is treated as not seen (or found) > something equivalent to repos: > "deb http://security.debian.org/ jessie/updates main contrib non-free" A clean install (of Devuan jessie)