Loading
Verify Your Downloaded ISO Images Before Burning Them
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- RSS Feeds
- What's the tweeting protocol?
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Trying to Tame the Tablet
- Drupal is an Awesome CMS and a Crappy development framework
19 min 16 sec ago - IT industry leaders
2 hours 41 min ago - Reply to comment | Linux Journal
19 hours 30 min ago - Reply to comment | Linux Journal
22 hours 2 min ago - Reply to comment | Linux Journal
23 hours 19 min ago - great post
23 hours 54 min ago - Google Docs
1 day 17 min ago - Reply to comment | Linux Journal
1 day 5 hours ago - Reply to comment | Linux Journal
1 day 5 hours ago - Web Hosting IQ
1 day 7 hours ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
md5?? ahh.
Really, there is a RECENT article telling us to verify our lengthy downloads? Wow.
Here, kiddie, I have a tip for you.
I remember posting on some old "Linux-ISO" website, long since deceased, about how they were serving a Mandrake ISO (see? I told you it was an old website) which burned CDs that refused to boot. Refused to boot for everybody. Back when a hotrod 16x cdburner could, in a good afternoon, convert a spindle of blanks into coasters. Collectively on that day, many spindles of CDRs died for no reason.
Bittorrent was, IIRC, not yet out or maybe just not yet popular, so some membership based websites were serving 'new releases' to help members get access to the ISO without needing members to be up at 3am, wait in an FTP queue, etc., etc. for a direct connection.
Although my download from that membership site had the same MD5 as the MD5 the member site posted for that ISO, I had burned it 4 times with no success... people in the forum were also getting a lot of coasters.
I decided to see if Mandrake had a differently named ISO for that MD5, and maybe the membership ISO happened to not match what Mandrake had released or whatever. Hmm. Mandrake shows no ISO with that checksum. Not the same as Mandrake? What have I been served?
Turns out that the bozo who downloaded the ISO for his members never verified the MD5 of his ISO file, which file he in turn served to everyone else. Yes, he calculated an MD5 for the file he was serving to us, but he posted his own MD5 for his clients to work with. That is why Mandrake had no such MD5.
Yup, members all downloaded his ISO, we all calculated the same MD5, but the bozo was serving a corrupt download. He might have known how to calculate the MD5, but he simply assumed that since his other downloads were always a match.... why check his MD5 THIS time? I remember that I had lost $5 in blanks on his bad file.
Oh right, the point... ahem - 'do not assume the MD5 posted on a fourth tier server is the same MD5 posted at the origin of the file, up at tier one. Always get the MD5 data from the creator, not from some re-serving site'.
Keeps everyone on the same page.
Ok, here's your soapbox back.
What happened with u is the
What happened with u is the famous case of "ASSUMPTION".
- You assumed the MD5 on some third-party website to be same as of the original ISO.
- You assumed there would be another ISO on mandrake with same MD5 (if you closely look at properties of hash functions, you would realize that collission is not so easy)
In short, Md5 is still one of the reliable and most widely used methods of checking the integrity of a download. Now, from where you obtain the ISO or to what Md5 checksum you are comparing depends entirely on how educated the user is about hash signatures and download integrity. One can obatain the MD5 checksum from authentic websites and go ahead with download from 3-part sites.
No method of security or integrity is fool proof unless one uses it as it is supposed to be used.
My 2 cents.
MD5 and SHA1 are considered
MD5 and SHA1 are considered broken as researchers were able to generate collisions.
However, these hashing algorithms are still pre-image resistant. Hence its nearly impossible for anyone to take a random iso and make its MD5 and SHA1 hash value match the hash of the actual iso.
So Md5 and SHA1 are still reliable sources of checksum calculation for the purpose of downloads....
HTH
After thinking about it, I
After thinking about it, I came to the insight that you're absolutely right! :)
So, I have to change my last statement in my last post to that it's ok as long as you got md5/sha1-checksum from a trusted site (or source).
md5/sh1 broken
Ya'll know that md5 and sha1 is broken right? Sha2 is slightly better though.
en.wikipedia.org/wiki/Md5
www.schneier.com/blog/archives/2005/02/sha1_broken.html
But I suppose you can use it if you download from a trusted site and wanna check that the download went ok.
True
You're right, they are exploitable.
Mitch Frazier is an Associate Editor for Linux Journal.
Good post
I usual use bit torrent for download. This is good. Linuxjournal website is good.
or... use BitTorrent
One could just use BitTorrent for one's ISO downloads and just forget about {md5,sha1}sum
It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned!
Renich Bon Ciric
http://www.woralelandia.com/
http://www.introbella.com/
Why? Does Bit-torrent
Why? Does Bit-torrent automatically check the checksum for each block of data?
Precisely
Precisely