- Lug-nuts - bigbrie.com

by Brian E. Lavender

I saw the following articles on Secure Boot. Linux and Secure Boot certificate expiration https://lwn.net/Articles/1029767/ Secure boot certificate rollover is real but probably won't hurt you https://mjg59.dreamwidth.org/72892.html -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 days, 22 hours

1
0
0 0

Re: Seeking speaker for June LUGOD meeting!

by Brian E. Lavender

Hey Bill, How is life in England? Any interesting LUGS? I was scanning old posts from SacLUG. Brian On Sun, Jun 05, 2016 at 07:28:56PM -0700, Bill Kendrick wrote: > > I've got speakers lined up for July and August, but no one for June. > Anyone interested in speaking? LUGOD's June meeting is on Monday the 20th. > > Thanks! > > -- > -bill! > Sent from my computer > _______________________________________________ > Lug-nuts mailing list > Lug-nuts(a)saclug.org > http://lists.saclug.org/cgi-bin/mailman/listinfo/lug-nuts -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

1 week, 2 days

3
4
0 0

September Meeting Byte Vision presentation

by Brian E. Lavender

We will be back at Bel Air on Arden. https://www.saclug.org/articles/2025/september-2025.html When: Tue September 16, 2025 06:00 PM to 08:00 PM Speaker: Kevin Brisson Location: Bel Air #502 S.E.G.R. 4320 Arden Way Sacramento, CA 95864 Kevin will present his Byte Vision local document analysis tool. https://github.com/kbrisso/byte-vision I hope to see everyone there! Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

1 week, 4 days

1
0
0 0

social this Tuesday at Kupros

by Brian E. Lavender

See you at Kupros this Tuesday! https://www.saclug.org/articles/2025/august-2025.html Time: 6:30pm - 8:30 pm We usually sit upstairs at one of the big tables. I will try to put a "penguin" in one of the number holders. Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 weeks, 2 days

2
4
0 0

GIMP floating logo

by Brian E. Lavender

In haste, I used a GIMP script fu to create the SacLUG log for the current site. Some have blessed it because it reminds them of a logo for the year 2000. Others have cursed it for the same reason. I admit the logo is a bit ridiculous. I just hopped over the GIMP tutorials and I found a page for creating simple floating logo. https://www.gimp.org/tutorials/Floating_Logo/ Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 weeks, 3 days

1
0
0 0

Boeing 787 has critical failure of mode of all electrical power

by Brian E. Lavender

Did you know that the Generator Control Units for the Boeing 787 will go into failsafe mode causing loss of all AC electrical power if they are left on for more than 248 days? https://www.federalregister.gov/documents/2015/05/01/2015-10066/airworthine… This something that could have been prevented with the use of formal methods. Check this slide presentation from Vermon Tech and their CubeSat project. http://lemuria.cis.vermontstate.edu/CubeSat/PUBLIC/SPARK-Frama-C-Day-2017.p… Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 weeks, 4 days

2
4
0 0

Debian 13 is out!

by Brian E. Lavender

Debian 13 is out! https://www.debian.org/News/2025/20250809 -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

3 weeks, 1 day

1
0
0 0

Re: Systemd

by Kevin Brisson

Gary, computers are hard and shouldn't be used by retired folks. :) Run it like below, it will load last. Use AI for docs - much easier and faster than our brains. Type=idle Behavior of idle is very similar to simple; however, actual execution of the service program is delayed until all active jobs are dispatched. This may be used to avoid interleaving the output of shell services with the status output on the console. Note that this type is useful only to improve console output, it is not useful as a general unit ordering tool, and the effect of this service type is subject to a 5s timeout, after which the service program is invoked anyway. https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html Kevin

3 weeks, 6 days

3
2
0 0

looks like libxml2 needs some love

by Brian E. Lavender

I just did a system update and once again I see some high vulnerabilities on libxml2. I am sure it could use some love. It looks like a build with autoconf. I can do that! https://gitlab.gnome.org/GNOME/libxml2 See if I can build this thing as a start. Brian libxml2 (2.9.10+dfsg-6.7+deb11u8) bullseye-security; urgency=high * Non-maintainer upload by the LTS Team. * Fix CVE-2024-34459: Heap buffer overflow with `xmllint --htmlout` (Closes: #1071162). * Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes: #1107720). * Fix CVE-2025-6170: Potential buffer overflows in the interactive shell (Closes: #1107938). * Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput (Closes: #1107755). * Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput (Closes: #1107755). -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

3 weeks, 6 days

1
1
0 0

Locale: Not that I'm Paranoid

by Gary

Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool scripts with "search --name" parameters and they stopped working. The target of these commands is my Firefox browser. It turns out that Firefox will default to it's "C" locale if it doesn't recognize the locale as set. Everything looked the same, but was in fact different :) After switching the locale back to en_US.utf8, my xdotool scripts worked just fine. It seems to me that resetting the locale in this way could be used for all kinds of attacks. If an attacker could change my locale, I have two questions: How did they do it and what else did they change. It happened on one of my more secure systems where I don't visit weird sites. I was stracing some stuff and used a few related programs and was playing with file descriptors. That may be the culprit too :) I'm going to move this activity to another system, which will be more cumbersome. But, I'd like to keep the affected system relatively secure After forcing Google/Gemini to treat these changes as an attack, it gave me back some pretty generic advice but nothing about a specific attack other than some attacks look at the locale. Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous nature of the effects of the locale change interesting.

1 month

3
10
0 0

2025

2024

2023

2022

Lug-nuts