Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Microsoft TCO and Red Hat Enterprise Linux 8

Filed under
Security
  • Security updates for Tuesday
  • Hack Brief: [Attackers] [Copied] a Border Agency Database of Traveler Photos [iophk: "Microsoft TCO"]

    In its rush to gather biometric data from travelers in the US, Customs and Border Protection has apparently neglected basic safeguards to protect it. One of its subcontractors was recently breached, leaving photos of travelers and license plates in the hands of [attackers].

    The Washington Post first reported the incident, whose full scope remains unclear. But the [attack] has raised sharp questions about the agency’s already controversial push for biometrics. Facial recognition scans have become more routine at airports; CBP wants it in the top 20 US airports by 2021.

  • Consistent PKCS #11 support in Red Hat Enterprise Linux 8

    In recent years, there have been a number of security issues taking advantage of flaws in applications and even computer processors. These opened new attack vectors or made some others more viable and exploitable than before. We can talk about timing differences, cache access patterns and other side-channel attacks that can be exploited either locally, from the same machine or even over the network to read or reconstruct our secrets.

    Keeping secret information storage isolated from other unrelated applications on a single system is a long-standing data protection technique. Storage isolation is usually implemented in software by isolating processes, applications, containers or virtual machines running on the same physical machine. Hardware tokens are taking this principle to another level, providing the physical isolation of the secret information, which has the potential to improve security significantly. Working with external hardware for storing secrets in an operating system historically has been difficult for system administrators and end users, and this is what we are improving in Red Hat Enterprise Linux 8.

More in Tux Machines

Debian: Introducing Noir, miniDebConf19 Vaumarcus and New FAI.me Feature

  • Introducing Noir

    Noir is a drop-in replacement for Black (the uncompromising code formatter), with the default line length set to PEP-8's preferred 79 characters. If you want to use it, just replace black with noir in your requirements.txt and/or setup.py and you're good to go. Black is a Python code formatter that reformats your code to make it more PEP-8 compliant. It implements a subset of PEP-8, most notably it deliberately ignores PEP-8's suggestion for a line length of 79 characters and defaults to a length of 88. I find the decision and the reasoning behind that somewhat arbitrary. PEP-8 is a good standard and there's a lot of value in having a style guide that is generally accepted and has a lot of tooling to support it. When people ask to change Black's default line length to 79, the issue is usually closed with a reference to the reasoning in the README. But Black's developers are at least aware of this controversial decision, as Black's only option that allows to configure the (otherwise uncompromising) code formatter, is in fact the line length. Apart from that, Black is a good formatter that's gaining more and more popularity. And, of course, the developers have every right to follow their own taste. However, since Black is licensed under the terms of the MIT license, I tried to see what needs to be done in order to fix the line length issue.

  • miniDebConf19 Vaumarcus – Oct 25-27 2019 – Registration is open

    The Vaumarcus miniDebConf19 is happening! Come see the fantastic view from the shores of Lake Neuchâtel, in Switzerland! We’re going to have two-and-a-half days of presentations and hacking in this marvelous venue and anybody interested in Debian development is welcome.

  • New FAI.me feature

    FAI.me, the build service for installation and cloud images has a new feature. When building an installation images, you can enable automatic reboot or shutdown at the end of the installation in the advanced options. This was implemented due to request by users, that are using the service for their VM instances or computers without any keyboard connected.

FreeBSD's Executive Director Calls For Linux + BSD Devs To Work Together

While called the Open-Source Summit, the event is primarily about Linux as after all it's hosted by the Linux Foundation. But at this week's Open-Source Summit in San Diego, Deb Goodkin as the executive director of the FreeBSD Foundation presented. Deb's talk was of course on FreeBSD but also why FreeBSD and Linux developers should work together. The presentation covered FreeBSD's development workflow and various features of this open-source operating system project for those unfamiliar as well as some of the companies utilizing FreeBSD and their different use-cases. It's a good overview for those not familiar with FreeBSD. Read more

Enlightenment DR 0.23.0 Release

Highlights: New padded screenshot option Meson build now is the build system Music Control now supports rage mpris dbus protocol Add Bluez5 support with totally new and redone module and gadget Add dpms option to turn it off or on Alt-tab window switcher allows moving of windows while alt-tabbing Lots of bug fixes, compile warning fixes etc. Massive improvements to Wayland support Read more Also: Enlightenment 0.23 Released With Massive Wayland Improvements

LG Has Been Working On Reduced Boot Times With Hibernation Optimizations

LG Electronics has been exploring improvements around hibernation/suspend-to-disk to speed-up the Linux boot process for consumer electronics rather than performing cold boots and as part of that is working towards upstream optimizations. While hibernation-based booting is generally quicker than performing cold boots, suspending to disk does yield extra writes to the NAND flash memory on these consumer devices and that is one of the things they are seeking to avoid. So it's been an effort not only to speed-up the hibernation boot process but also reducing the amount of data that needs to be written out to the flash storage. Read more