Language Selection

English French German Italian Portuguese Spanish

Opera on Handling Security

Filed under
Security

Recently, some of our users have asked why we chose to disclose a potential security issue only after the release of Opera 9.10. Let me try to give a short overview on how security issues get reported and disclosed - and not only at Opera, but in most applications: it might help some people to understand how this works.

When somebody discovers a vulnerability in an application, they should report it to the vendor. It can happen that the reporters give a deadline by when they want to make full disclosure of the vulnerability, but usually the reporter and the vendor work out a disclosure date that makes both happy. If the exploit is not clear, both work on details and a PoC (proof of concept). When a fix has been made and a public release is available, both the reporter and the vendor publish an advisory. The vendor usually credits the reporter in the advisory for the discovery of the vulnerability.

It is important that both parties do respect each other: if a fix is included also in development snapshot builds that reach a public audience (like the weekly builds on this blog), fixes for the vulnerability are not announced: this is a form of respect both for the reporter and for all the users that only upgrade to stable releases. Making the vulnerability public knowledge before a stable version fixes the issue would leave lots of users vulnerable. Serious reporters do not announce vulnerabilities before vendors have a fix in public builds - and vendors do not announce vulnerabilities before the reporters makes their discovery public, in order to properly credit them.

Full Story.

More in Tux Machines

Turn Raspberry Pi 3 Into a Powerful Media Player With RasPlex

I have hundreds of movies, TV shows and music that I have bought over the years. They all reside on my Plex Media Server. Just like books, I tend to buy these works and watch them once in awhile, instead of relying on "streaming" services like Netflix where content isn’t always available forever. If you already have Plex Media Server running, then you can build an inexpensive Plex Media Player using Raspberry Pi 3 and RasPlex. Plex Media Server is based on open source Kodi (formerly XBMC), but is not fully open source. Plex Media Center has a friendly interface and it’s very easy to set up a media center (See our previous tutorial on how to install it on a Raspberry Pi 3 or on another dedicated Linux machine). Read more

7 Linux predictions for 2017

Last year I made a set of predictions of events that I thought would happen in the tech world (focused primarily on Linux and free software). I was mostly right. This has emboldened me to make another set of predictions for 2017. I have no inside knowledge on any of these—I am basing this entirely on the twin scientific principles of star maths and wishy thinking. Read more

GTK Graphics

  • GTK Lands A Big Refactoring Of OpenGL Code
    In addition to Red Hat's Benjamin Otte working on a Vulkan renderer for GTK4's GSK, he's also been working on a big refactoring of the OpenGL code that's now been merged to master. OpenGL is very important for GTK4 as it will play a big role in rendering with GSK. With this "large GL refactoring", a big clean-up was done of the OpenGL GDK code, affecting the X11, Win32, Wayland, and Mir code too. Some of the specific work includes no longer using buffer-age information, passing the actual OpenGL context, and simplifying the code. More details via this Git commit.
  • A Vulkan Renderer For GNOME's GTK+ GSK Is In Development
    A Vulkan back-end is in development for GNOME's GTK's tool-kit new GTK Scene Kit (GSK) code. Benjamin Otte has begun experimenting with a Vulkan back-end for GTK's GSK code with GTK Scene Kit being one of the big additions in development for the major GTK+ 4.0 milestone. GSK implements a scene graph to allow for more complex graphical control of widgets and other improvements to its graphics pipeline. GSK was merged back in October and currently uses OpenGL for rendering while there is now a branched Vulkan renderer.

Linux and Graphics