Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Hardening SSH authentication using Yubikey (1/2)
  • Hardening SSH authentication using Yubikey (2/2)
  • KDE 4/5 Affected By A Root Exploit Vulnerability

    The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.

    More details on the issue are still coming to light but there is some detailed information via this oss-security posting.

  • Meson and GXml

    After a call, Yannick has pushed a patch to add Meson build system to GXml. This is my first time using Meson and I really love it.

    After a set of patches, I’ve managed to fix most installation and Unit Test integration.

  • Which Apps Would You Like to See as Snaps?

    Which applications would you like to see made available as Snap?

    That’s the question being asked by the Snapcraft community who work on the technology.

  • conjure-up dev summary for week 19

    We sent out a proposal outlining why we wanted to go with a particular solution and made sure to solicit input from the community to either get approval or see if there were any other solutions. Read about that proposal and responses for more details into that process and the pros and cons. The conclusion was to go with our proposal and bundle LXD into conjure-up snap in the same way we do Juju.

    This work has been completed and should make it's way into conjure-up 2.2. Prior to that though we need to make sure to socialize this change as it will cause users existing Localhost deployment to not be easily reachable and also documenting how users can reach their newly deployed containers.

More in Tux Machines

GitLab Web IDE

  • GitLab Web IDE Goes GA and Open-Source in GitLab 10.7
    GitLab Web IDE, aimed to simplify the workflow of accepting merge requests, is generally available in GitLab 10.7, along with other features aimed to improve C++ and Go code security and improve Kubernets integration. The GitLab Web IDE was initially released as a beta in GitLab 10.4 Ultimate with the goal of streamlining the workflow to contribute small fixes and to resolve merge requests without requiring the developer to stash their changes and switch to a new branch locally, then back. This could be of particular interest to developers who have a significant number of PRs to review, as well as to developers starting their journey with Git.
  • GitLab open sources its Web IDE
    GitLab has announced its Web IDE is now generally available and open sourced as part of the GitLab 10.7 release. The Web IDE was first introduced in GitLab Ultimate 10.4. It is designed to enable developers to change multiple files, preview Markdown, review changes and commit directly within a browser. “At GitLab, we want everyone to be able to contribute, whether you are working on your first commit and getting familiar with git, or an experienced developer reviewing a stack of changes. Setting up a local development environment, or needing to stash changes and switch branches locally, can add friction to the development process,” Joshua Lambert, senior product manager of monitoring and distribution at GitLab, wrote in a post.

Record Terminal Activity For Ubuntu 16.04 LTS Server

At times system administrators and developers need to use many, complex and lengthy commands in order to perform a critical task. Most of the users will copy those commands and output generated by those respective commands in a text file for review or future reference. Of course, “history” feature of the shell will help you in getting the list of commands used in the past but it won’t help in getting the output generated for those commands. Read
more

Linux Kernel Maintainer Statistics

As part of preparing my last two talks at LCA on the kernel community, “Burning Down the Castle” and “Maintainers Don’t Scale”, I have looked into how the Kernel’s maintainer structure can be measured. One very interesting approach is looking at the pull request flows, for example done in the LWN article “How 4.4’s patches got to the mainline”. Note that in the linux kernel process, pull requests are only used to submit development from entire subsystems, not individual contributions. What I’m trying to work out here isn’t so much the overall patch flow, but focusing on how maintainers work, and how that’s different in different subsystems. Read more

Security: Updates, Trustjacking, Breach Detection

  • Security updates for Monday
  • iOS Trustjacking – A Dangerous New iOS Vulnerability
    An iPhone user's worst nightmare is to have someone gain persistent control over his/her device, including the ability to record and control all activity without even needing to be in the same room. In this blog post, we present a new vulnerability called “Trustjacking”, which allows an attacker to do exactly that. This vulnerability exploits an iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer. A single tap by the iOS device owner when the two are connected to the same network allows an attacker to gain permanent control over the device. In addition, we will walk through past related vulnerabilities and show the changes that Apple has made in order to mitigate them, and why these are not enough to prevent similar attacks.
  • What Is ‘Trustjacking’? How This New iOS Vulnerability Allows Remote Hacking?
    This new vulnerability called trustjacking exploits a convenient WiFi feature, which allows iOS device owners to manage their devices and access data, even when they are not in the same location anymore.
  • Breach detection with Linux filesystem forensics
    Forensic analysis of a Linux disk image is often part of incident response to determine if a breach has occurred. Linux forensics is a different and fascinating world compared to Microsoft Windows forensics. In this article, I will analyze a disk image from a potentially compromised Linux system in order to determine the who, what, when, where, why, and how of the incident and create event and filesystem timelines. Finally, I will extract artifacts of interest from the disk image. In this tutorial, we will use some new tools and some old tools in creative, new ways to perform a forensic analysis of a disk image.