Language Selection

English French German Italian Portuguese Spanish

Security: SELinux, Dirk Hohndel, Gentoo, Arch Linux AUR Package Repository

Filed under
Security
  • Lukas Vrabec: Why do you see DAC_OVERRIDE SELinux denials?
  • With So Many Eyeballs, Is Open Source Security Better? [Ed: Ask a FOSS company. Not VMware. VMware puts back doors in its proprietary software blobs.]

    Back in 1999, Eric Raymond coined the term "Linus' Law," which stipulates that given enough eyeballs, all bugs are shallow.

    Linus' Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security. In recent years, open source projects and code have experienced multiple security issues, but does that mean Linus' Law isn't valid?

    According to Dirk Hohndel, VP and Chief Open Source Officer at VMware, Linus' Law still works, but there are larger software development issues that impact both open source as well as closed source code that are of equal or greater importance.

  • The aftermath of the Gentoo GitHub hack [Ed: What a bad choice of password leads to.]

    Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.

  • New Variant of Spectre Security Flaw Discovered: Speculative Buffer Overflows

    Security researchers Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) have published a paper to disclose a new variant of the infamous Spectre security vulnerability, which creates speculative buffer overflows.

    In their paper, the two security researchers explain the attacks and defenses for the new Spectre variant they discover, which they call Spectre1.1 (CVE-2018-3693), a new variant of the first Spectre security vulnerability unearthed earlier this year and later discovered to have multiple other variants.

    The new Spectre flaw leverages speculative stores to create speculative buffer overflows. Similar to the classic buffer overflow security flaws, the new Spectre vulnerability is also known as "Bounds Check Bypass Store" or BCBS to distinguish it from the original speculative execution attack.

  • AT&T acquires open-source threat intelligence firm

    As AT&T continues down its network virtualization efforts using the open-source Open Networking Automation Platform (ONAP), the operator has acquired cybersecurity firm AlienVault, which uses open-source software to provide what the companies call “threat intelligence.” Financial details of the transaction were not disclosed; AT&T expects the deal to close in Q3 this year.

  • Malware Found in Arch Linux AUR Package Repository

    Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages.

    The malicious code has been removed thanks to the quick intervention of the AUR team.

  • Amateur bid to add code to Arch Linux packages found and squashed

More in Tux Machines

Results: Linux Foundation Technical Board Election 2018

The results of the 2018 election for members of the Linux Foundation's Technical Advisory Board have been posted; the members elected this time around are Chris Mason, Laura Abbott, Olof Johansson, Dan Williams, and Kees Cook. Abbott and Cook are new members to the board this time around. (The other TAB members are Ted Ts'o, Greg Kroah-Hartman, Jonathan Corbet, Tim Bird, and Steve Rostedt). Read more

10 Linux Commands For Network Diagnostics

It is difficult to find a Linux computer that is not connected to the network, be it server or workstation. From time to time it becomes necessary to diagnose faults, intermittence or slowness in the network. In this article, we will review some of the Linux commands most used for network diagnostics. Read
more

Variscite unveils its first i.MX8X module

Variscite’s “VAR-SOM-MX8X” COM runs Linux or Android on NXP’s up to quad -A35 core i.MX8X SoC with up to 4GB LPDDR4 and 64GB eMMC, plus WiFi/BT, dual GbE controllers, and -40 to 85°C support. Variscite has launched its first i.MX8X-based computer-on-module. The 67.6 x 51.6mm VAR-SOM-MX8X runs Yocto Project based Linux or Android on NXP’s dual- or quad-core Cortex-A35 based, 1.2GHz i.MX8X. The up to -40 to 85°C tolerant module is aimed at industrial automation and control, defense, medical, telematics, building control, failover displays/HMI, and robotics applications. The only other i.MX8X module we’ve seen is Phytec’s Linux-compatible, 55 x 40mm phyCORE-i.MX 8X module. Read more

today's leftovers

  • freenode #live 2018 - Doc Searls and Simon Phipps - In Conversation
  • How to edit themes in Linux Mint Cinnamon - Tutorial
  • KDE Bugsquad – Okular Bug Day on November 17th, 2018
    Thank you to everyone who participated last Bug Day! We had a turnout of about six people, who worked through about half of the existing REPORTED (unconfirmed) Konsole bugs. Lots of good discussion occurred on #kde-bugs as well, thank you for joining the channel and being part of the team! We will be holding a Bug Day on November 17th, 2018, focusing on Okular. Join at any time, the event will be occurring all day long!
  • Omarine 5.3 released! (Nov 14 2018)
    This release updates dbus and glib together with all dependencies and related packages. Some of them are rebuilt, the rest are upgraded. Glib 2.58.1 can be considered a development threshold because many dependent packages must be caught it up. Below is a list of some typically upgraded packages:
  • Achievement unlocked! I spoke at PythonBrasil[14]
    PythonBrasil is the national Python community conference that happens every year, usually in October, in Brazil. I attended PythonBrasil for the first time in 2016, the year we had started PyLadies Porto Alegre. Back then, we were a very small group and I was the only one to go. It was definitely one of the best experiences I ever had, which, of course, set a very high standard for every single tech event I attended afterwards. Because of the great time I had there, I wanted to bring more and more women from PyLadies Porto Alegre to experience PythonBrasil in the next editions. So, during the PyLadies Porto Alegre 1st birthday party, I encouraged the other women to submit activities to try and to go to the conference that would happen in Belo Horizonte.
  • Browser Based Open Source Image Optimization Tool Squoosh Comes To Google Lab’s Latest Release
    Open source, browser-based image optimization tool Squoosh is Google’s new Chrome Lab release. This new web tool is meant to make web developers work a lot simpler to optimize web pages. Images loading in a website is usually the reason for them to take so long to load and Squoosh helps web developers shrink the image so that it consumes lesser data. Squoosh can downsize, compress, and reformat images. Its purpose is to make web developers’ work less tedious and hence quicker. Google chrome labs made this tool available offline and said it would be handy to have this tool work offline. Squoosh also supports editing image codecs that are not normally available in the browser.
  • VS Code Live Share plugin [Ed: When GNU/Linux sites help Microsoft]
  • Microsoft Releases Open-Source HLSL to GLSL Shader Cross-Compiler [Ed: As above, except this is just openwashing of proprietary DX]
  • Upgrading OpenBSD 6.3 to 6.4 on Vultr
  • iGNUit has a new homepage address
  • gxmessage has a new homepage
  • It Looks Like The Raptor Blackbird Open-Source Motherboard Will Sell For Just Under $900
    Many have been curious to learn more about the Blackbird from Raptor Computing Systems as a lower-cost POWER9, open-source hardware alternative to their higher-end Talos II hardware that we've been recently benchmarking. The possible price has been revealed.  Overnight, Raptor Computing Systems tweeted a straw poll looking to gauge the interest level in "Would you pre-order a Raptor Computing Systems Blackbird system or board this year at a mainboard cost of $875?"
  • C++20 Making Progress On Modules, Memory Model Updates
    This past week was an ISO C++ committee meeting in San Diego, which happened to be their largest meeting ever, and they managed to accomplish a lot in drafting more planned changes around the C++20 language update.