Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Windows, Reproducible Builds and More

Filed under
Security
  • Security updates for Monday
  • Windows apps made on Linux hit by security fail

    Troublingly, CERT/CC doesn't know of a practical way to fix the missing relocations table bug, tagged as CVE-2018-5392.

    However, it has suggested a workaround whereby mingw-w64 can be "coerced" into outputting executables with the relocations table intact. The advisory explains how to implement the workaround.

    According to CERT/CC, the bug affects Ubuntu, Debian, Red Hat, SUSE Linux, Arch Linux, CentOS, and more. However, none of the vendors has released a statement about the bug or its fix. The vendors were notified in late July.

  • An 18-Year-Old Information Security Consultant Donates Earnings To Charity

    Mahatma Gandhi once said that “be the change you want to see in the world.” Giving back to the society is a good way of changing the world and making it a better place to live in.

    And, Sagar Bansal, who is an eighteen-year-old information security consultant from India, is trying to be the change he wants to see in the world: by giving back his earnings to support needy students in advancing their education.

  • Reproducible Builds: Weekly report #171
  • Open Source Collaborative Hopes to Make Reporting Security Bugs Safer for All

    Despite the overall increase in companies offering bug bounty rewards to those who find and report vulnerabilities, ethical security research can still be a bit of a legal minefield. For example, back in May 2018 it fell to Governor Nathan Deal of Georgia to veto a bill that would have made even it difficult to do basic, ethical cybersecurity research. In addition, there is little in the way of a coherent framework for reporting bugs, creating a wide disparity between companies on what constitutes legal disclosure. In some instances, this has led to a reluctance among some white hat hackers to disclose vulnerabilities they’ve discovered.

More in Tux Machines

Server: HTTP Clients, IIS DDoS and 'DevOps' Hype From Red Hat

  • What are good command line HTTP clients?
    The whole is greater than the sum of its parts is a very famous quote from Aristotle, a Greek philosopher and scientist. This quote is particularly pertinent to Linux. In my view, one of Linux’s biggest strengths is its synergy. The usefulness of Linux doesn’t derive only from the huge raft of open source (command line) utilities. Instead, it’s the synergy generated by using them together, sometimes in conjunction with larger applications. The Unix philosophy spawned a “software tools” movement which focused on developing concise, basic, clear, modular and extensible code that can be used for other projects. This philosophy remains an important element for many Linux projects. Good open source developers writing utilities seek to make sure the utility does its job as well as possible, and work well with other utilities. The goal is that users have a handful of tools, each of which seeks to excel at one thing. Some utilities work well independently. This article looks at 4 open source command line HTTP clients. These clients let you download files over the internet from the command line. But they can also be used for many more interesting purposes such as testing, debugging and interacting with HTTP servers and web applications. Working with HTTP from the command-line is a worthwhile skill for HTTP architects and API designers. If you need to play around with an API, HTTPie and curl will be invaluable.
  • Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
    The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology.
  • 5 things to master to be a DevOps engineer
    There's an increasing global demand for DevOps professionals, IT pros who are skilled in software development and operations. In fact, the Linux Foundation's Open Source Jobs Report ranked DevOps as the most in-demand skill, and DevOps career opportunities are thriving worldwide. The main focus of DevOps is bridging the gap between development and operations teams by reducing painful handoffs and increasing collaboration. This is not accomplished by making developers work on operations tasks nor by making system administrators work on development tasks. Instead, both of these roles are replaced by a single role, DevOps, that works on tasks within a cooperative team. As Dave Zwieback wrote in DevOps Hiring, "organizations that have embraced DevOps need people who would naturally resist organization silos."

Purism's Privacy and Security-Focused Librem 5 Linux Phone to Arrive in Q3 2019

Initially planned to ship in early 2019, the revolutionary Librem 5 mobile phone was delayed for April 2019, but now it suffered just one more delay due to the CPU choices the development team had to make to deliver a stable and reliable device that won't heat up or discharge too quickly. Purism had to choose between the i.MX8M Quad or the i.MX8M Mini processors for their Librem 5 Linux-powered smartphone, but after many trials and errors they decided to go with the i.MX8M Quad CPU as manufacturer NXP recently released a new software stack solving all previous power consumption and heating issues. Read more

Qt Creator 4.9 Beta released

We are happy to announce the release of Qt Creator 4.9 Beta! There are many improvements and fixes included in Qt Creator 4.9. I’ll just mention some highlights in this blog post. Please refer to our change log for a more thorough overview. Read more

Hack Week - Browsersync integration for Online

Recently my LibreOffice work is mostly focused on the Online. It's nice to see how it is growing with new features and has better UI. But when I was working on improving toolbars (eg. folding menubar or reorganization of items) I noticed one annoying thing from the developer perspective. After every small change, I had to restart the server to provide updated content for the browser. It takes few seconds for switching windows, killing old server then running new one which requires some tests to be passed. Last week during the Hack Week funded by Collabora Productivity I was able to work on my own projects. It was a good opportunity for me to try to improve the process mentioned above. I've heard previously about browsersync so I decided to try it out. It is a tool which can automatically reload used .css and .js files in all browser sessions after change detection. To make it work browsersync can start proxy server watching files on the original server and sending events to the browser clients if needed. Read more