amuck-landowner

Search results

  1. kaniini

    What are you listening to right now?

    localhost:~$ mpc The Glitch Mob - Drive It Like You Stole It [playing] #1291/1293 0:03/5:55 (0%) volume: n/a repeat: on random: on single: off consume: off Yeah, I have a VPS that exists solely to stream music to whereever I am.  It's how I roll.
  2. kaniini

    This post made me laugh: l00k1ng for phr33 VPS plezze!

    Yeah but such a machine would be useful for some things Google does like complex map-reduce statistics calculations. It just so happens that they don't need big machines because map-reduce is easily distributed, but they could certainly use it.
  3. kaniini

    We needed this right now (Xen vulnerability)

    Indeed, the vmsplice() Linux root exploit had a nice effect where it would crash some hypervisors by trashing the grant tables, in a similar way to CVE-2013-1964.  The good news is that the necessary codepath is usually disabled in that case :)
  4. kaniini

    We needed this right now (Xen vulnerability)

    I look at exploit lists from the perspective of whether or not they will affect my livelyhood.  Is there some other way I should be looking at them?
  5. kaniini

    We needed this right now (Xen vulnerability)

    They won't be affected by CVE-2013-1964 at all then, as Xen 3 does not have anything other than non-transitive grants. As for the other, using PV-GRUB mitigates it on any version of Xen, and as I recall it, Solus does somehow magically support using PV-GRUB.
  6. kaniini

    Good ol' debate OpenVZ vs KVM - Why yes, why not?

    While yes, secret key data could be extracted from a memory dump, this is also true of dedicated servers as well -- there are quite a few hardware attacks on DIMM-based memory to ensure that it doesn't get blanked out immediately... most of them involve literally cooling down the chips so that...
  7. kaniini

    We needed this right now (Xen vulnerability)

    Regarding CVE-2013-1964, Xen 4.2 is unaffected, and the transitive grants code is experimental, and thus shouldn't be enabled on any production hosts. The other is mitigated by using PV-GRUB for untrusted kernel images, as PV-GRUB does the ELF parsing, not Xen itself. In my opinion, not a big...
  8. kaniini

    [Poll] Signature Regulation (Unofficial Poll)

    Frankly I think the WHT signature guidelines basically have it right.  4 lines, no images, no gratuitous colours.
  9. kaniini

    SolusVM WHMCS Module Vulnerability

    Technically we are, as in, you can download the code, set it up and use it.  But to put it all together, at least, for now, you need to have an inquisitive mind and be able to put everything together yourself. We may do more than that in the future, who knows.  On the other hand, why would I...
  10. kaniini

    Good ol' debate OpenVZ vs KVM - Why yes, why not?

    Err, no.  With Xen, KVM and VMware you can encrypt your data and ensure it is tamper-proof. I have noticed that OpenVZ enthusiasts tend to claim that defects in their platform of choice are problems with VPSes as a whole -- let me assure you: they are not.
  11. kaniini

    WHMCS - Horrific Cleaning of variables leaves multiple zero-day possibilities

    Observation: all the people complaining run WHMCS, as far as I can tell. Resulting question: why not work on improving your security instead of all of this drama stuff?  If you can't take the heat, get out of the industry before you screw your customers.
  12. kaniini

    "You have reached your quota of positive votes for the day"

    In all seriousness, boost that quota. :(
  13. kaniini

    Capisso VMPanel

    Then you use PING/PONG API calls.  You NEVER EVER write something to expose direct command execution over an RPC layer, ever.  EVER. Do you think this is a game?
  14. kaniini

    Capisso VMPanel

    Why do you need to execute arbitrary commands on the server, exactly?  Like, why are you even testing that?
  15. kaniini

    SolusVM WHMCS Module Vulnerability

    Because it is somehow even more of a disaster than SolusVM.  Which is amazing, because SolusVM is pretty bad...
  16. kaniini

    Good ol' debate OpenVZ vs KVM - Why yes, why not?

    As an end-user, I would never use OpenVZ as there is definitely no way that you can assert your OS environment is tamper-proof. And really, I don't want my /etc/shadow or /etc/ircd/ircd.conf files being dumped on the internet by some script kiddie who got lucky with an OpenVZ jailbreak. It's...
  17. kaniini

    [EXCLUSIVE] TortoiseLabs - 512MB RAM / 30GB DISK / 1000M UNMETERED - $6.75/month

    TortoiseLabs is pleased to offer an exclusive deal on our TortoiseCloud VPS services for vpsBoard readers. We have recently released a streamlined VPS management experience, which you can see here. Service at a Glance Locations: Los Angeles, Miami, Montreal, and London! Services allowed: any...
  18. kaniini

    SolusVM WHMCS Module Vulnerability

    Your demo that you showed earlier shows the output of raw commands being run on nodes.  If you are designing things properly, you wouldn't even be thinking about running raw commands in the API layer, as I have said now ad infinitum. From the node perspective you should assume that your...
  19. kaniini

    SolusVM WHMCS Module Vulnerability

    Missed this one: The vulnerability is in the fact that the "Solusvmpro" module does not filter form parameters and uses libcurl to POST to the SolusVM master. Whether or not the ModulesGarden module is safer has to do with whether or not the same behaviour is used.  But, it probably safer to...
Top
amuck-landowner