Language Selection

English French German Italian Portuguese Spanish

Security: Trusting the delivery of Firefox Updates, Reproducible Builds Weekly Report and Security updates for Tuesday

Filed under
Security
  • Trusting the delivery of Firefox Updates

    Providing a web browser that you can depend on year after year is one of the core tenet of the Firefox security strategy. We put a lot of time and energy into making sure that the software you run has not been tampered with while being delivered to you.

    In an effort to increase trust in Firefox, we regularly partner with external firms to verify the security of our products. Earlier this year, we hired X41 D-SEC Gmbh to audit the mechanism by which Firefox ships updates, known internally as AUS for Application Update Service. Today, we are releasing their report.

    Four researchers spent a total of 27 days running a technical security review of both the backend service that manages updates (Balrog) and the client code that updates your browser. The scope of the audit included a cryptographic review of the update signing protocol, fuzzing of the client code, pentesting of the backend and manual code review of all components.

  • Reproducible Builds: Weekly report #180
  • Security updates for Tuesday

More in Tux Machines

Five-Way Linux OS Comparison On Amazon's ARM Graviton CPU

Last month Amazon rolled out their "Graviton" ARM processors in the Elastic Compute Cloud. Those first-generation Graviton ARMv8 processors are based on the ARM Cortex-A72 cores and designed to offer better pricing than traditional x86_64 EC2 instances. However, our initial testing of the Amazon Graviton EC2 "A1" instances didn't reveal significant performance-per-dollar benefits for these new instances. In this second round of Graviton CPU benchmarking we are seeing what is the fastest of five of the leading ARM Linux distributions. An Amazon EC2 a1.4xlarge instance with 16 cores / 32GB RAM was used for this round of benchmarking across the five most common ARM Linux distributions that were available at the time of testing on the Elastic Compute Cloud. The tests included: Amazon Linux 2 - The reference Amazon Linux machine image with the Linux 4.14 kernel and GCC 7.3. Read more

Take a swim at your Linux terminal with asciiquarium

We're now nearing the end of our 24-day-long Linux command-line toys advent calendar. Just one week left after today! If this is your first visit to the series, you might be asking yourself what a command-line toy even is. We’re figuring that out as we go, but generally, it could be a game, or any simple diversion that helps you have fun at the terminal. Read more

Photography and Linux

So, as you can see, except for the printing step, pretty much the whole workflow is handled very easily by Linux and open-source photography software. Could I have done the whole thing in Linux? Yes and no. Depending on your printing needs, you could forego the printer entirely and use a local professional printing service. Many of those shops use the ROES system for the uploading and management of images to be printed. The ROES client is written in Java and is compatible with Linux. If you invest in a large format printer, you may have to investigate using a solution similar to what I have set up. Open-source software RIPs exist, but they have not been updated for more than a decade. Some commercial Linux solutions are available, but they are prohibitively expensive. Read more

Linux 3.18.130

I'm announcing the release of the 3.18.130 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more