By: peppe8o

peppe8o — Wed, 20 Mar 2024 07:07:03 +0000

In reply to LangleeHoHoHo. Hi LangleeHoHoHo, thank you for your interesting check and opinions. I think that you could email the NEMS team to make them aware of your improvement suggestions, every sane developer would accept criticism focused to make a software more reliable and secure

By: LangleeHoHoHo

LangleeHoHoHo — Tue, 19 Mar 2024 21:46:48 +0000

The idiot admins of this distro use the KNOWN-BROKEN md5 hashing algorithm for their downloads with NO SIGNATURES for better security and integrity verification. Even though this is standard practice elsewhere.
Unlike some noobs, I have sadly seen md5 checksum matches on two files that the sha256 differed on. So it can indeed matter in the REAL world, not just for the sake of what some naive people call ‘paranoia’. I immediately distrust security-related distros and software that is apparently this level of ignorant at admin level. Also, the downloads are hosted on a completely different domain – dittodistro com – requiring even more verification.
There is also a changelog from as recently as 2019, where they intentionally dumb-down their standards to fit ESX-i software, which was ignorantly using the SHA1 algorithm which is ALSO somewhat insecure. In 2019, not 2009… Was this retrograde decision reversed in more recent releases? Couldn’t the world get ESX-i to get a patch instead? The mind boggles at times.
People like this appear not to live in the real technological world where threats as relating to the above verification needs, are not real. They are, they are automated, and they happen in seconds. Security through obscurity (being lucky when using sloppy methods) is NOT real security. With all due respect, Wake up!

Comments on: Network monitoring with Raspberry PI and NEMS (Nagios)

By: peppe8o

By: LangleeHoHoHo