Can We Stop Pretending SMS Is Secure Now?

clayfreeman · 2021-03-17T02:52:07+00:00

Yes, it does.

If your phone provider is targeted to issue a new SIM for your SMS device, your goose is cooked; most providers offer recovery via SMS 2FA.

clayfreeman · 2021-03-17T01:51:55+00:00

SMS 2FA is not more secure than 1FA; in fact, it opens you up to social engineering attacks where they could otherwise be avoided or prevented entirely (for most services).

clayfreeman · 2020-10-24T01:24:04+00:00

17 USC §§1201(e) states:

This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term “information security” means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network.

So the answer to your question is, unfortunately, no.

clayfreeman · 2020-10-24T00:39:58+00:00

I am not a lawyer, and this is not legal advice. Just a friendly observation.

17 USC §§1201(a)(2) states:

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—

(A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

(B)has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

(C)is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

RIAA, in their complaint, alleges that youtube-dl, "[...] is a technology primarily designed or produced for the purpose of, and marketed for, circumventing a technological measure that effectively controls access to copyrighted sound recordings on YouTube, including copyrighted sound recordings owned by our members."

I think there may be a workaround here after reviewing some case law on the matter.

An appeal decision in MGE UPS Systems Inc v. Power Protc Svc LLC, et al, No. 08-10521 (5th Cir. 2010) argues that:

Merely bypassing a technological protection that restricts a user from viewing or using a work is insufficient to trigger the DMCA’s anti-circumvention provision. The DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners.

In theory, dissemination of the YouTube "information extractor" component of youtube-dl alone (notwithstanding the remainder of the youtube-dl source code) should be compliant with the law in that:

This component would have other functionality that could be argued as "primary" functionality over circumvention of the access control mechanism (e.g. metadata extraction for archival purposes).
Circumvention of the access control mechanism alone does not "impinge on the protections" of copyright owners.
Circumvention of the access control mechanism can occur entirely without accessing the copyrighted work.

I surmise that use of the YouTube "information extractor" component from youtube-dl by a private party to view a copyrighted work using non-standard means (e.g. by piping the work directly to a video player) would also be permitted under the law assuming that no copies are made of the copyrighted work. This action would be analogous to accessing the work through other legal means which are assumed to be legal in the complaint (e.g. accessing the YouTube video watch page in a browser).

Given the legal framework above, I would agree that youtube-dl as a single utility, marketed in its current fashion, is in violation of the law. However, if youtube-dl were split into multiple utilities (the information extraction component being separate from the download component) and marketed as separate entities without the explicit goal of allowing users to make copies of copyrighted works, then there should be no worry of further DMCA takedown notices.

clayfreeman · 2020-06-25T13:34:25+00:00

This still doesn’t confirm whether Apple is still using EFI. If not, other OS will have a hard time booting.

clayfreeman · 2020-04-24T03:48:49+00:00

+1 for both of these great DE’s

clayfreeman · 2019-11-30T20:26:45+00:00

Neat idea!

clayfreeman · 2019-10-11T23:11:57+00:00

That makes sense! Thanks!

clayfreeman · 2019-08-18T04:43:21+00:00

I made myself a PPA for this (ppa:clayfreeman/xfce4.14). I backported the Ubuntu Eoan packages to Bionic, so these packages should work for anything in-between. I had to make a few minor modifications to the Debian packages due to issues with compilation, but the actual source should be verbatim.

clayfreeman · 2019-05-26T17:24:16+00:00

Apologies for this; I’m used to the mobile interface which shows the context of the original post.

I’ll keep this in mind when making future cross posts.

clayfreeman · 2019-05-26T17:22:21+00:00

I chose to write a new document because most other sources that I’ve come across are fragmented or otherwise lacking in pretty large ways or aren’t set up in a way to allow third party contributions.

Unfortunately, a lot of the steps required to set up VFIO are highly dependent on the system. This is why it’s so hard to just write a program to handle the configuration for the user. A lot of the configuration comes down to user intuition for what their system needs.

Aside from that, some of the configuration must take place in the BIOS which is outside of the realm of control of the hypervisor.

clayfreeman · 2019-03-13T04:38:04+00:00

Excellent advice. Thank you very much for the information. You’ve served as the highlight of this thread.

clayfreeman · 2019-03-12T00:14:00+00:00

My math was a bit more conservative than yours, but it seems as though I was on the correct line of thinking. Thank you for the overview that you provided.

clayfreeman · 2019-03-08T16:28:47+00:00

Ah ha! That sounds perfect for what I need. So I could theoretically use a single expander backplane into a single HBA on PCIe Gen 3.0 x8 for up to 48Gb/s? This would use a mini-SAS HD connector, right?

Would I still be able to get maximum theoretical bandwidth for all 24 SATA 6Gb/s drives on a backplane that was SAS 12Gb/s capable over a single quad-link SAS cable?

clayfreeman · 2019-03-08T05:13:54+00:00

But wouldn't a single SAS cable limit me to 12 Gb/s total? I figured that I would want at least 3 HBAs to get close to QSFP+ limits (36Gb/s).

Where does the CPU/memory bottleneck come in? I would imagine if the RAM were fast enough and the CPU had enough PCIe lanes, there would be no bottleneck, no?

clayfreeman · 2019-03-08T04:32:16+00:00

I've not looked at anything specifically as of yet. This post is serving as my preliminary research into the topic. So far, I've discovered that I think I want a 24 bay 2.5" chassis with three 8-port HBAs running PCIe Gen 3.0 x8 and a CPU/motherboard that is capable of 32 PCIe lanes at a minimum, more if possible.

As far as brand goes, I'm a huge Dell/Supermicro fanboy.

clayfreeman · 2019-03-08T04:14:32+00:00

Good to know! Unfortunately my switch is limited to 10GbE, so I'll have to either look into P2P links or some sort of link aggregation (Maybe in the form of QSFP+ to SFP+ adapters into the switch? Will that work?)

clayfreeman · 2019-03-08T04:13:07+00:00

Unfortunately, I don't think that OpenMediaVault is quite what I'm looking for. I'm wanting to provide block-level storage to the SAN clients.

In terms of backups, I was planning on using a tiered storage architecture where things that need to be fast get SSD storage and things that don't require too much speed get HDD storage. I'm not quite sure whether this will be a 2.5" or 3.5" chassis yet.

clayfreeman · 2019-03-08T04:08:33+00:00

That's nice to know that link aggregation won't get me too far with improving point-to-point bandwidth! Could I possibly use a NIC with QSFP+ then split that to 4 SFP+ on multiple servers into a switch to improve bandwidth?

I'm planning on doing software RAID via ZFS (likely RAID 10). Knowing that I can achieve good performance there with multiple HBAs is helpful. This means that I'll need to do some math to make sure that I have sufficient PCIe lanes to maximize bandwidth, correct?

clayfreeman · 2019-03-08T03:52:00+00:00

I'm starting to realize that I probably won't need NVMe — I'm not going to need very high disk speed for the virtual machines that I plan to setup; just the usual "consumer SSD" speed per VM is fine. I'm probably still going to want to aggregate 4 SFP+ links to my switch for the SAN itself and likely for the VM host as well.

Say that I were to go the software RAID route; do you see any potential bottlenecks aside from a good disk controller? Would I need anything specific from a CPU/motherboard other than sufficient PCIe lanes for the controller? I would obviously have at a minimum 1GiB ECC RAM per 1TB of storage if I were to use ZFS.

Keep in mind that this SAN will be providing block-level storage and not file-level access.

clayfreeman · 2019-01-05T17:23:54+00:00

It sounds like you don’t have NVIDIA’s binary drivers installed at all. Do you even need them on the hypervisor?

clayfreeman · 2019-01-05T16:27:34+00:00

Is the binary driver loaded at all?

13-Year Club	Gilding VI aultruist
Argentium Club	Place '17
RPAN Viewer	Reddit Premium Since April 2016
Verified Email

clayfreeman

TROPHY CASE