1. 5

    No mention of verification or validation of boot media; yikes. And this is scary.

    1. 4

      Its not mentioned anywhere but it appears to sign all of its own files with a certificate that gets embedded in the boot media(see part of the build script here) https://github.com/antonym/netboot.xyz/blob/e56dd07c310187f2db8e5ed9612f28863ac9c722/script/prep-release.sh#L90

      E.g. You can download the signature for the ubuntu.ipxe file: http://boot.netboot.xyz/sigs/ubuntu.ipxe.sig

      Additionally it appears that iPXE supports validating signatures of the boot media that gets downloaded, and this looks like it is done for some of the boot options(but not all). See ubuntu again: https://github.com/antonym/netboot.xyz/blob/e56dd07c310187f2db8e5ed9612f28863ac9c722/src/ubuntu.ipxe#L76

      That said I’ve not verified this is the case/that it’s actually secure in any way, it was just from taking a look at the code.

    1. 2

      I think there’s a step 1 I’m missing. I almost know what this is, but then I get confused. It’s a PXE boot loader? But there’s an ISO? Does it PXE boot the ISO or CD boot the PXE? (Blockchain the blockchain?)

      1. 7

        It looks like you get a boot image(as an ISO/CD/USB/PXE bootable thing) that runs the iPXE bootloader(a fancy bootloader capable of doing neat network booting things). iPXE seems like it is designed to replace the PXE ROM of some network cards, but you can also just chainload into it from any other bootable media. It appears to be a much more capable bootloader.

        Anyway, the iPXE bootloader is what does all the magic, it’s apparently capable of booting an iso(or other image) from an http location. So the image you get from netboot.xyz(the CD/USB/whatever mentioned above) contains iPXE configured to get its configuration from http://boot.netboot.xyz. The configuration at boot.netboot.xyz includes all the operating system menu entries, and each of those specifies where iPXE can load an iso from.

        See for example the iPXE entry for freedos: https://github.com/antonym/netboot.xyz/blob/master/src/freedos.ipxe It just points at a zip file that iPXE will download and boot.

        Disclaimer: I’ve never used netboot.xyz or iPXE before.

        1. 1

          I think it’s a server that can be run that will serve images for PXE.

        1. 3

          Nice walkthrough. Is there a way to do all that UI-based form-filling via API calls? Even though presumably you only do it once per blog, it’d be cool to have a YAML (or better: TOML) file that defines (almost?) everything. Can something like Terraform do this (might be overkill).

          One thing that would help would be to highlight in the screentshot the form fields that the reader would be changing vs. what they’d leave alone. Especially for that huge CloudFront form.

          1. 2

            Close to 100% of this — if not 100% — should be automatable! Amazon has a looooot of APIs.

            1. 2

              The only thing you probably can’t automate is getting the ACM certificate. Everything else can be achieved through the command line, although it might not be as straight-forward as clicking a couple of buttons. For example, here’s how you can programatically create a CloudFront distribution:

              http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateDistribution.html

              1. 1

                Since it’s AWS, I’m absolutely sure its possible to do entirely in API calls. Just a matter of looking up the APIs and/or using your aws library of choice. It would be very neat to have a simple one-shot end-to-end setup scripted up. Maybe a follow up post!

                Good point on that. I called out only the fields I changed as bullet points under that section, but point well taken. It would be a lot nicer to only see the differences.

                Thanks!

                1. 2

                  I had been working on a system to do this for LetsEncrypt before ACM was launched and have almost all of the code done and working. If you(or anyone else) wants to take some of it or modify it to do this I’d be happy to help with pointers or code(it’s all python + boto3).

                  https://github.com/ubergeek42/lambda-letsencrypt/

              1. 5

                explanation for cryptographically challenged?

                1. 8

                  I’m also cryptographically challenged, but it seems based on the bug report I linked in my other comment that arc4random is supposed to be a cryptographically secure random number generator, and calling rand() a few times doesn’t make that true.

                  1. 7

                    ARC4 is a common name for RC4. arc4random is an API function for cryptographically strong random numbers, which was originally based on the RC4 key scheduling algorithm. I think arc4random was actually introduced by OpenBSD. But, because RC4 is effectively broken[1], implementations of arc4random don’t typically use it.

                    In relation to the referenced code on Github, rand() is a function which is “pseudorandom” which means that it’s likely based on a known algorithm for generating “random” numbers – perhaps something like a Linear Congruential Generator.

                    1. 2

                      Yes, rand() is almost always implemented with a LCG.

                      FreeBSD arc4random() implementation actually uses arc4, and I thus assume OS X does too. Of course, the OpenBSD implementation is chacha based.

                      1. 1

                        Fwiw Linux (or rather, GNU) switched a few years ago to make rand() use the same algorithm as random(), which uses a different method. The motivation seems to have been that the LCG implementation of rand() produced pseudorandomness that was unequally distributed among the bits.

                        1. 1

                          There is nothing wrong with using a LCG. Many are decent, like Park-Miller / MINSTD. It’s not hard to do better than the classic next = next * 1103515245 + 12345 that lots of libc implementations used for a while.

                          Once you move past the “not awful” domain, the quality of a PRNG doesn’t really matter until you make the leap to cryptographically secure PRNGs.

                    2. 8

                      explanation for cryptographically challenged?

                      I love that user ssl posted this.

                    1. 9

                      Someone already reported this as a bug and it seems to already be fixed here: https://github.com/Microsoft/WinObjC/issues/36

                        1. 1

                          Do I mistake or when GenerateRandomNumber fail it return always 0 ? If it’s the case it looks like https://xkcd.com/221/