TCP Flaw Workaround Patch for Gigastrand OS

A flaw for Linux devices – including Gigastrand OS – has been discovered as detailed at Hacker News. 

Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet.

The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays.

The flaw actually resides in the design and implementation of the Request for Comments: 5961 (RFC 5961) – a relatively new Internet standard that’s designed to make commonly used TCP more robust against hacking attacks.

Manual patch

You can add the following line to /etc/sysctl.conf (right click on sysctl.conf>Root Actions>Open as Text)

net.ipv4.tcp_challenge_ack_limit = 999999999

Then open a terminal and execute

sudo sysctl -p

and it will do the same thing as the patch below.

Automated Patch: Download – tcpatch.tar.gz

The above patch automates the process and contains a workaround implementation of a modified sysctl.conf that should protect Gigastrand OS and other Linux PCs from attack while a system patch is being developed. Instructions are below.

Chrome and Firefox will download the GsNVR.tar.gz file to Computer>Downloads (/home/user/Downloads).

1. Extract the downloaded file with Ark to your home folder (/home/user) also called Computer


2. Right-click on the tcpatch.sh file and select Properties


3. Click on the Permissions tab and select Is Executable


4. Click Ok

Now we are ready to install.

1. Right click in a blank area and go to Actions>Open Terminal Here


2. type ./tcpatch.sh or sh tcpatch.sh


3. Your output should look like this:

tcpatch output screen

TCP Flaw Workaround Patch for Gigastrand OS

Hulu and Netflix working in Gigastrand OS

We are happy to report that Hulu and Netflix are working in Chrome in the Gigastrand OS 3.x.

As much as we would like to take credit, we only tested to see if it was working. We suspect changes to Chrome have made it possible.

We were hoping that Netflix and Hulu could be working before we released 4.0. We have been maintaining subscriptions with both in the hopes that this would be resolved. Looks like we can cross that one off the list.

In the meantime…

While we are waiting for an update to the stable codebase for 4.0, we are making great strides for the live view monitoring software for Gigastrand NVR.

We are calling it Advanced Live View for NVR – or ALVN (alvin) for short. It is designed to run locally on the system for a better live view experience. For now, it will be a separate system from the main software.

It can be accessed by a remote PC but it currently does not work on mobile devices. This will not be remedied immediately, but it will in future versions.

 

Hulu and Netflix working in Gigastrand OS

What Happened After Gigastrand OS Wouldn't Install

When one woman bought a Gigastrand OS PC over 2 years ago, she knew she was moving from a slow, buggy, and out of date Windows PC to a brand new one with a different kind of operating system on it.

“I remember explaining to her that, if she absolutely hated Gigastrand OS, we can always just load a new version of Windows on it instead.” Gigastrand CEO Josh Tordsen explains. “But, I knew from over 15 years of experience in Linux, that she was the perfect candidate.”

Gigastrand built a system that they thought was future-proof. It was a fast system with plenty of memory and a large solid-state hard drive. More importantly, it was the first direct sale of a brand new Gigastrand OS system in South Dakota.

“The operating system software makes all the difference. It doesn’t just determine how user-friendly it is. It is one of the most important determining factors when it comes to system security, stability, and reliability.”

Recently, Google dropped support for 32-bit operating systems like Windows XP and Gigastrand OS 2.x. So when Chrome began telling its user that they were no longer supporting the operating system, Gigastrand was already trying to figure out what needed to be done.

“When I got her call, I was already seeing the same thing on my screen. I was still using gigastrand OS 2.x on my personal computers despite the fact we upgraded all the rest to 3.0 by that time. Ideally, we would have liked to use the multiarch feature in our OS to piggyback 64-bit programs on a 32-bit system. It would have extended usable life and compatibility for 2.0.  It seemed like we were so close to doing it too, but it proved impossible.”

Gigastrand began recommending that an upgrade to 3.0 was necessary to resolve the Chrome issue. Mr. Tordsen travelled to his customer’s house to upgrade her computer.

“It was going to be a straightforward upgrade. Backup data, pop the disc in, upgrade the system. We’ve done it hundreds of times.”

This time was different. Several errors were noted by Mr. Tordsen resulting in the system being unable to startup to the installation disc.

“I tried all the usual tricks. Is the disc dirty? Is it a bad disc? Was the version incompatible? Was the drive bad? Nothing worked. We even left site, made a new install image with some things removed, and tried again. That didn’t work.”

After the last attempt, Mr. Tordsen knew he would need to examine the problem more closely. He loaned her a laptop and took the computer to fix it. What he discovered was the hardware used in the original build was not compatible with 64-bit versions of Linux – including Gigastrand OS 3.0. The only option was a hardware upgrade.

As this was a new computer purchased with Gigastrand OS and the OS upgrade was the cause for the hardware requiring to be upgraded, Gigastrand chose to liberally interpret their Lifetime Upgrade Guarantee – which usually applies to hardware upgrades only – and give this customer the hardware she needed to upgrade to Gigastrand OS 3.2.

“All of the trips, all of the troubleshooting, and all of the hardware – and the customer only paid the cost of the software – $25. I don’t know of any other company that stands behind their products like Gigastrand does.”

What Happened After Gigastrand OS Wouldn't Install

Gigastrand OS 4.0 Development Postponed

Gigastrand OS 4.0 development has been postponed because Debian has not released a new stable codebase. We had figured Debian 9 would be the new stable release by now, but it hasn’t quite come to pass just yet. That is perfectly fine by us as we want to work with the best possible product.

We are going to instead redouble our development efforts on Gigastrand NVR. The big push now is to get a real-time live view. Ideally, we want to integrate it into the code, but it may take the form of a link off the main live view page for now.

While we haven’t announced anything about Gigastrand NVR 2.0 but it is definitely on our minds. Customers will likely see incremental changes to 1.0 while we develop features for 2.0.

 

Gigastrand OS 4.0 Development Postponed