cd ~/pbuilder
mkdir -p local/jessie local/sid local/wheezy hooks
cat >hooks/D05local <<EOF
#!/bin/sh -e
if [ -f "/home/$USER/pbuilder/local/\$DIST/Packages" ]; then
echo "deb [trusted=yes] file:///home/$USER/pbuilder/local/\$DIST ./" | tee /etc/apt/sources.list.d/local.list
apt-get update -o Dir::Etc::sourcelist="sources.list.d/local.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
fi
EOF
; Taken from https://github.com/dnstap/dnstap.pb | |
; Changes: | |
; - rename Message.Type to message-type/MessageType since it collides with Dnstap.Type | |
Dnstap = { | |
; DNS server identity. | |
; If enabled, this is the identity string of the DNS server which generated | |
; this message. Typically this would be the same string as returned by an | |
; "NSID" (RFC 5001) query. | |
? identity => bstr, |
[sendrecv] | |
timeout = 5 | |
jobs = 16 | |
time_delay_min = 0 | |
time_delay_max = 0 | |
max_timeouts = 10 | |
[servers] | |
names = pcap, google |
package main | |
import ( | |
"log" | |
"github.com/DNS-OARC/ripeatlas" | |
"github.com/DNS-OARC/ripeatlas/measurement/dns" | |
) | |
func print(r *dns.Result) { | |
if r != nil { |
pgrep -u `id -u` gpg-agent >/dev/null || gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gpg-agent-info"
if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
fi
GPG_TTY=$(tty)
sudo vi /etc/apparmor.d/lxc/lxc-default | |
mount options=(ro, rw, bind), | |
sudo service apparmor reload | |
lxc-create -t download -n ubuntu-lucid-amd64 -- -d ubuntu -r lucid -a amd64 | |
lxc-create -t download -n ubuntu-precise-amd64 -- -d ubuntu -r precise -a amd64 | |
lxc-create -t download -n ubuntu-trusty-amd64 -- -d ubuntu -r trusty -a amd64 | |
lxc-create -t download -n centos-6-amd64 -- -d centos -r 6 -a amd64 | |
lxc-create -t download -n debian-wheezy-amd64 -- -d debian -r wheezy -a amd64 |
Here is a code snippet that will check your installed certificates on Ubuntu (or other GNU/Linux) against the list on GitHub [1] specified by the article "Apple and Microsoft trust Chinese government to protect your communication" [2].
Use sudo dpkg-reconfigure ca-certificates
or equal tools to remove them.
t=`tempfile` && \
wget -O - 'https://raw.githubusercontent.com/chengr28/AntiChinaCerts/master/README.md' 2>/dev/null \
| grep 'SHA-1' | sed 's%.* %%' > "$t" && \
for crt in `find /usr/share/ca-certificates /etc/ssl/certs -type f`; do \
sha=`openssl x509 -in "$crt" -fingerprint | head -n 1 |sed 's%.*=%%'|sed 's%:%%g'`; \
As last year, this year the conference was a lot about LangSec and that you have to think about your software as something that parses and executes "code" (the input). The less you test your handling of the input the more vulnerable you are. Also as we get more and more devices, the Internet of Things, that are connected which means we have more and more vulnerabilities at home. Most devices today come without any authentication at all, because they need to be simple, and that allows for more and more drive-by attacking to succeed and in a lot of cases permanently infect the devices with malicious code.
My top 3 talks in random order are:
- Andreas Lindh on Attacking Mobile Broadband Modems Like A Criminal
- Hugo Teso on Going deeper on aviation security
- Travis Goodspeed on A neighborly surprise talk