Skip to main content

Blocklist-Update.sh

Blocklist-Update.sh is a script that I wrote to manage blocklists from bluetack etc to be used in conjunction with Transmission torrent downloader in Linux/MacOS. The script can be taylored to work with Qbittorrent as well, but the placement of the blocklists means you'd have to redirect the blocklist to go somewhere locally manageable as Transmission uses its own blocklist directory in .config. I believe there are about 10 lists there now. It works well for my needs. It can be ran weekly using crontab in standard user profile.  To download:  blocklist-update.sh To download the others:  Github
Post a Comment

FOLLOW UP TO THE EARLIER ARTICLE ABOUT THE MELTDOWN/SPECTRE BUG

Earlier today, I published an article here on Blogger about the recent flaws found in kernels and processor firmware. I was a bit vague and unclear, but after doing more reading, I can give you a small set of instructions in regards to possible workarounds for now. These are just temporary and they may include a potential increase in RAM usage for those using these applications. Google-Chrome has yet to release their own workarounds inside the browser for the mentioned vulnerabilities on their side, however, the Chromium project released a small post about how users could reduce the attack vector in the browser by enabling one or two possible back end features themselves. Here I will attempt to better explain what this is and how to reduce your own vulnerability, assuming that you’re on Chrome or another chromium based browser.

The recent vulnerabilities are targeted at all processor architectures and as I previously mentioned, do make use of Kernel memory via going through the User as before now the kernel had no way to stop this, but recently, it appears that AMD has increased their own security on the issue and the Linux kernel now uses something called KPTI(Kernel Page Table Isolation) Which essentially allows the kernel to separate itself from Userspace in memory. It’s like a wall between what a user is doing on a PC and what the PC is doing in the background. This is only further boosted when certain mitigation techniques are taken inside of net facing applications. Google- Chrome has a back end flags page which holds a wealth of experimental security and performance enhancing features. This same back end applies to both Opera as well as Vivaldi.

To enable this feature of Site Isolation or Strict Site Isolation you must do the following:
  1. Open up Google-Chrome, Opera, or Vivaldi
  2. Go into the address bar and type Chrome://flags or Opera://flags for Opera
  3. Search for enable-site-per-process
  4. Next to Strict “Site Isolation”, click enable
  5. Relaunch the browser
Most all chromium based browsers now have this setting at the moment. I wouldn’t count on this being there forever though, each update with Chrome and something changes. This is a good temporary adjustment that you can do to limit the amount of sites being opened in a single process. This will increase memory by possibly as much as 20% though. As I said earlier, future updates in the next week or so will include other workarounds inside the browser that effect buffer array and timing which are a couple of things that this attack would rely on.

As I mentioned in the last article, Pale Moon was not vulnerable as far as I can tell. The developer always does great work securing certain features that the Mozilla team haven’t thought of yet. As far as Mozilla goes, version 57.0.4 of Firefox should include a timing adjustment that slows this attack in its tracks. Intel seems hesitant to fix anything, but at least AMD have stepped up their game a bit. This vulnerability was known about for years and AMD already implemented basic safeguards for this sort of atrocity Short of physical access though, you’re pretty much safe at this point. I would make haste though for anyone running Linux to either search in their repositories for a newer version of the kernel or possibly look into compiling their on from source on kernel.org. More updates will be out next week and Google will update Chrome by the end of January. 

More reading: 




Comments

Post a Comment

Popular posts from this blog

NOSCRIPT CONFIGURATION FOR PALE MOON SPECIFICALLY

I wrote an article before about making Pale Moon more private. I covered a few of the settings and back end changes I make each time I install it. I mentioned Noscript, but I didn’t give any details about how I set it up. First though, you have to get the version already marked for your version of “Firefox” or in this case, Pale Moon. If you went to https://addons.palemoon.org/addon/noscript/ you would probably find the Pale Moon addons page devoted to the newest possible Noscript being marked specifically for Pale Moon. Other versions may work, but these are hybrid addons and the closer we get to Noscript 10, the less I trust it to work with Pale Moon specifically. I just opt to stick with 5.0.6. There have been people asking about what happens when Maone, the developer stops supporting the hybrid versions of Noscript, “Will it work with Pale Moon?” Why yes it will. Noscript blocks scripts, that’s its main function and it will do that as long as Java script exists on a page. ...
Post a Comment
Read more

SSD PARTITION ALIGNMENT

I was searching for more information regarding SSDs last night as that is what I now use, I found an interesting little tip that most users will never have to worry about, but people using Arch Linux, Manjaro or Windows that was cloned from another drive may want to consider checking this. The Partition manager within Linux normally takes good care to ensure that you have some free space to be used by the SSD in the event that a cell becomes worn out or corrupted. Also, Linux generally ensures that a proper amount of unallocated drive space is set aside preceeding the partition. However, on my own image of Manjaro, I discovered that this was not the case. The partition was “out of alignment”. To fix this situation, I found an article on  Lifehacker that went into instructional detail about how to solve this from a live environment or an image of Gparted . Gparted is a separate live environment of Linux that is based on Debian and uses Gparted as the main tool to manage...
Post a Comment
Read more

PALE MOON PRIVACY SETUP

I did a review of Pale Moon back when 27.6.2 came out in linux. I had mostly great things to say about the browser then and my feelings towards it have not changed. Pale Moon is a very useful tool for scowering the net. It has privacy at its core with a few implementations made by Moonchild, the lead developer, built in. I also mentioned the point that Pale Moon has a canvas poisoning feature in the backend, however, I wasn’t very clear about how to turn it on. I thought in this tutorial, I’d show with a series of screen shots, some of the useful settings and preferences that I change to make Pale Moon a bit more private. I also thought I’d take this time to rant a little more about some of the not so savory issues with Firefox which have recently come under scrutiny by various people in the the Linux world. First order of business, if you haven’t heard, Mozilla recently added an extension into their browser which gave people ads. That’s right, they were ads for a specific t...
Post a Comment
Read more