This week Jonathan chats with Olaf Andreas Schulte and Lars Kiesow about Opencast, the video management system for education. What does Opencast let a school or university accomplish, how has that changed over the last decade, and what exciting new things are coming? Watch to find out!
Continue reading “FLOSS Weekly Episode 863: Opencast: That Code Is There For A Reason”
This week Jonathan chats with Toke Hoiland-Jorgensen about CAKE_MQ, the newest Kernel innovation to combat Bufferbloat! What was the realization that made CAKE parallelization? When can we expect it in the wild? And what’s new in the rest of the kernel world? Watch to find out!
Continue reading “FLOSS Weekly Episode 862: Have Your CAKE And Eat It Too”
This week Jonathan chats with Nicholas Adams about OpenRiak! Why is there a Riak and an OpenRiak, which side of the CAP theorem does OpenRiak land on, and why is it so blazingly fast for some operations? Listen to find out!
Continue reading “FLOSS Weekly Episode 861: Big Databases With OpenRiak”
This week Jonathan and Randal chat with Jose Valim about Elixir! What led Jose to create this unique programming language? What do we mean that it’s a functional language with immutability?
Continue reading “FLOSS Weekly Episode 860: Elixir Origin Story”
There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of Prodraft, who found a handful of issues in the default PostHog install instructions, and managed to turn it into a full RCE, though only accessible as a user with some configuration permissions.
As one might expect, it all starts with a Server Side Request Forgery (SSRF). That’s a flaw where sending traffic to a server can manipulate something on the server side to send a request somewhere else. The trick here is that a webhook worker can be primed to point at localhost by sending a request directly to a system API.
One of the systems that powers a PostHog install is the Clickhouse database server. This project had a problem in how it sanitized SQL requests, namely attempting to escape a single quote via a backslash symbol. In many SQL servers, a backslash would properly escape a single quote, but Clickhouse and other Postgresql servers don’t support that, and treat a backslash as a regular character. And with this, a read-only SQL API is vulnerable to SQL injection.
These vulnerabilities together just allow for injecting an SQL string to create and run a shell command from within the database, giving an RCE and remote shell. The vulnerabilities were reported through ZDI, and things were fixed earlier this year. Continue reading “This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish”
This week Jonathan chats with Jonathan Thomas about OpenShot, the cross-platform video editor that aims to be simple to use, without sacrificing functionality. We did the video edit with OpenShot for this episode, and can confirm it gets the job done. What led to the creation of this project, and what’s the direction it’s going? Watch to find out!
Continue reading “FLOSS Weekly Episode 859: OpenShot: Simple And Fast”
Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at time of writing and that might surprise you. The reality is that Microsoft’s biggest source of revenue is their cloud offering, and Azure is over half Linux, so Microsoft really is incentivized to make Linux better.
The Hornet LSM is all about more secure eBPF programs, which requires another aside: What is eBPF? First implemented in the Berkeley Packet Filter, it’s a virtual machine in the kernel, that allows executing programs in kernel space. It was quickly realized that this ability to run a script in kernel space was useful for far more than just filtering packets, and the extended Berkeley Packet Filter was born. eBPF is now used for load balancing, system auditing, security and intrusion detection, and lots more.
This unique ability to load scripts from user space into kernel space has made eBPF useful for malware and spyware applications, too. There is already a signature scheme to restrict eBPF programs, but Hornet allows for stricter checks and auditing. The patch is considered a Request For Comments (RFC), and points out that this existing protection may be subject to Time Of Check / Time Of Use (TOCTOU) attacks. It remains to be seen whether Hornet passes muster and lands in the upstream kernel. Continue reading “This Week In Security: Hornet, Gogs, And Blinkenlights”
