There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
I recently ran into a situation where binwalk -M -e $FIRMWARE failed me. This was for a Netgear firmware image that ended in a .chkextension.
The firmware file name was R7960P-V1.0.1.34_1.0.20.chk.
This is the output when I ran binwalk R7960P-V1.0.1.34_1.0.20.chk:
$ binwalk R7960P-V1.0.1.34_1.0.20.chk
So I really don't like most new things. The only reason I even got involved with Node.js early on was because of its sweeping promise: "One language, spoken by developers across the world." By consolidating parallel efforts, it would accelerate the pace of innovation, and quickly lead to more transformative and disruptive developer tools. It would create tremendous value for software businesses by unlocking efficiencies in the hiring and implementation process. And best of all everyone would waste less time on boring stuff.
Still, there was a problem. While it's true most developers have touched some JavaScript callbacks up there in browserland, in the bowels of the application server, there tends to be a lot more asynchronous things going on. And that causes all sorts of issues. All those callbacks also make for a way steeper
These commands generate and use private keys in unencrypted binary (not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here because it is the most interoperable format when dealing with software that isn't based on OpenSSL.
OpenSSL has a variety of commands that can be used to operate on private
key files, some of which are specific to RSA (e.g. openssl rsa and
openssl genrsa) or which have other limitations. Here we always use
Tuning Intel Skylake and beyond for optimal performance and feature level support on Linux:
Note that on Skylake, Kabylake (and the now cancelled "Broxton") SKUs, functionality such as power saving, GPU scheduling and HDMI audio have been moved onto binary-only firmware, and as such, the GuC and the HuC blobs must be loaded at run-time to access this functionality.
Enabling GuC and HuC on Skylake and above requires a few extra parameters be passed to the kernel before boot.
Instructions provided for both Fedora and Ubuntu (including Debian):
Note that the firmware for these GPUs is often packaged by your distributor, and as such, you can confirm the firmware blob's availability by running:
K780 doesn't have a hard switch to lock the function keys. Logitech provides a utility to do this on Windows and iOS but not on Linux. You need to manually remap the keys.
Below works for Arch Linux, other systemd based distros should be about the same.
There's a problem with the F1-F3 keys as they're hardware specific and don't emit an event if pressed on their own and therefore can't be remapped. I might be wrong as I haven't spend any time on researching that.
Edit: about htat, see @tangruize comments below https://gist.github.com/andrejcremoznik/e56234138305226abd41fe4d1d2561a3#gistcomment-3390489
| def calc_mask_length(mask): | |
| """ Convert subnet mask (255.255.255.0) to CIDR mask length (/24) """ | |
| return sum([bin(int(x)).count('1') for x in mask.split('.')]) | |
| print calc_mask_length('255.255.255.0') | |
| # 24 |
Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
