Language Selection

English French German Italian Portuguese Spanish

Security: SELinux, Dirk Hohndel, Gentoo, Arch Linux AUR Package Repository

Filed under
Security
  • Lukas Vrabec: Why do you see DAC_OVERRIDE SELinux denials?
  • With So Many Eyeballs, Is Open Source Security Better? [Ed: Ask a FOSS company. Not VMware. VMware puts back doors in its proprietary software blobs.]

    Back in 1999, Eric Raymond coined the term "Linus' Law," which stipulates that given enough eyeballs, all bugs are shallow.

    Linus' Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security. In recent years, open source projects and code have experienced multiple security issues, but does that mean Linus' Law isn't valid?

    According to Dirk Hohndel, VP and Chief Open Source Officer at VMware, Linus' Law still works, but there are larger software development issues that impact both open source as well as closed source code that are of equal or greater importance.

  • The aftermath of the Gentoo GitHub hack [Ed: What a bad choice of password leads to.]

    Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.

  • New Variant of Spectre Security Flaw Discovered: Speculative Buffer Overflows

    Security researchers Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) have published a paper to disclose a new variant of the infamous Spectre security vulnerability, which creates speculative buffer overflows.

    In their paper, the two security researchers explain the attacks and defenses for the new Spectre variant they discover, which they call Spectre1.1 (CVE-2018-3693), a new variant of the first Spectre security vulnerability unearthed earlier this year and later discovered to have multiple other variants.

    The new Spectre flaw leverages speculative stores to create speculative buffer overflows. Similar to the classic buffer overflow security flaws, the new Spectre vulnerability is also known as "Bounds Check Bypass Store" or BCBS to distinguish it from the original speculative execution attack.

  • AT&T acquires open-source threat intelligence firm

    As AT&T continues down its network virtualization efforts using the open-source Open Networking Automation Platform (ONAP), the operator has acquired cybersecurity firm AlienVault, which uses open-source software to provide what the companies call “threat intelligence.” Financial details of the transaction were not disclosed; AT&T expects the deal to close in Q3 this year.

  • Malware Found in Arch Linux AUR Package Repository

    Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages.

    The malicious code has been removed thanks to the quick intervention of the AUR team.

  • Amateur bid to add code to Arch Linux packages found and squashed

More in Tux Machines

Security Leftovers

NetBSD Virtual Machine Monitor

  • NetBSD Virtual Machine Monitor
    NVMM provides hardware-accelerated virtualization support for NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is shipped via libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary.
  • NetBSD Gains Hardware Accelerated Virtualization
    NetBSD, the highly portable Unix-like Open Source operating system known for its platform diversity, has gained hardware-accelerated virtualization support via an improved NetBSD Virtual Machine Monitor (NVMM).

GNU Releases: mailutils, cflow, tar and parallel

Devices: AArch64, Siemens/Mentor Embedded Linux (MEL), Raspberry Pi and Xiaomi

  • We need Arm64 systems for developers. Again.
    Getting AArch64 hardware for developers is important. When it happen? One day. Maybe even before people forget that such architecture existed. We talk about it during each Linaro Connect. So far nothing serious came from it. We had some failed attempts like Cello or Husky. There is Synquacer with own set of issues. Some people use MACCHIATObin. Some still use Applied Micro Mustangs which should get a place in computer museums. It is chicken and egg issue. No one makes affordable AArch64 systems because no one buys them. Because no one makes them. Hardware vendors concentrate on server market — no chips to choose for developer systems.
  • Siemens PLM Software announces enterprise Mentor Embedded Linux (MEL) solution
    Siemens PLM Software announced an enterprise Mentor Embedded Linux (MEL) solution that provides electronics manufacturers secure, scalable and configurable distributions for industrial, medical, aerospace and defense applications. This MEL technology is a configurable distribution that provides an operating system platform for embedded systems development and is a result of the continued integration of the recently acquired embedded systems design capabilities from Mentor Graphics. The solution is based on Debian, an enterprise class, open source Linux operating system.
  • Siemens launches new enterprise class embedded Linux solution for embedded systems development
    With the growth of internet of things (IoT) and other smart devices, it is becoming increasingly complex and expensive for manufacturers to develop embedded distributions and applications for these devices based on the Linux® operating system. Siemens PLM Software today announced a new enterprise Mentor® Embedded Linux® (MEL) solution that provides electronics manufacturers secure, scalable and configurable distributions for industrial, medical, aerospace and defense applications. This new MEL technology is a configurable distribution that provides a robust operating system platform for embedded systems development and is a result of the continued integration of the recently acquired embedded systems design capabilities from Mentor Graphics. The solution is based on Debian, a broadly utilized, enterprise class, open source Linux operating system.
  • Raspberry Pi Begins Rolling Out The Linux 4.19 Kernel
    The Raspberry Pi folks have been working the past few months on upgrading their kernel in moving from Linux 4.14 to 4.19. That roll-out has now begun. Linux 4.19 has been the target of the Raspberry Pi Foundation due to this newer kernel being a Long-Term Support (LTS) release and thus will be maintained for the long-term. That large jump in the standard kernel version for Raspberry Pi ultimately means less work too for the developers involved: between 4.14 and 4,19, a lot of Raspberry Pi patches and other Broadcom improvements were upstreamed.
  • Raspberry Pi Updates Devices to Linux 4.19
  • Xiaomi’s 2019 goal is to release kernel source code more quickly for all its devices
    Just before MWC 2019, Xiaomi took to the stage at an event in China to launch the new Xiaomi Mi 9 and Mi 9 SE. Both the devices represent the best of what OEM has to offer, bringing in a high value device at a fraction of the cost of a premium flagship. While this approach lets them appeal to the average consumer, Xiaomi has also been quite developer-friendly, which makes them a good purchase even for those who are looking for a device with a very good third party development community. Xiaomi does not void the warranty of devices (in India at least) if you unlock the bootloader, and they have worked on significantly bringing down the waiting times for bootloader unlock requests too.