Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Critical Exim Flaw Opens Millions of Servers to Takeover [Ed: This repeats the FUD headline from ZDNet's Bleeping Computer hire; no server is known to have been compromised by this yet. They dramatise this.]

    A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.

  • Google Fortifies Kubernetes Nodes Against Boot Attacks

    Google released a beta version of its Shielded GKE Nodes that prevents an attacker from exploiting vulnerable Kubernetes nodes.

  • Spoofing commits to repositories on GitHub

    The situation that worries me relates to distribution packaging. Debian has a policy that deltas to packages in the stable repository should be as small as possible, targetting fixes by backporting patches from newer releases.

    If you get a bug report on your Debian package with a link to a commit on GitHub, you had better double check that this commit really did come from the upstream author and hasn’t been spoofed in this way. Even if it shows it was authored by the upstream’s GitHub account or email address, this still isn’t proof because this is easily spoofed in git too.

    The best defence against being caught out by this is probably signed commits, but if the upstream is not doing that, you can clone the repository from GitHub and check to see that the commit is on a branch that exists in the upstream repository. If the commit is in another fork, the upstream repo won’t have a ref for a branch that contains that commit.

  • For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020 [Ed: When Microsoft Tim says "according to Redmonk" he means mostly according to Microsoft (because Redmonk relies on proprietary GitHub for data)]

    Python 2 will sunset on January 1st 2020 – however, many applications have not yet upgraded to version 3, causing the coding lingo's team to mount a communications campaign to persuade devs to port their code.

    Python is the third most popular programming language after JavaScript and Java, according to Redmonk. Its use has been boosted by the strong interest in machine learning, for which Python is well suited, thanks in part to its various AI-related libraries and frameworks.

    Python 2.0 was released in 2000, and Python 3.0, which is not fully backwards compatible, in 2008. The last version of Python 2.x, 2.7, was released in July 2014.

More in Tux Machines

OpenZFS Could Soon See Much Better Deduplication Support

This is good news for OpenZFS performance assuming the dedup support is punctually opened up and is an acceptable state for quickly landing in this ZFS file-system code used by Linux with "ZFS On Linux" and in the process of by the likes of FreeBSD. The ZFS file-system has supported data deduplication for the past decade. However, it's not widely recommended due to being very heavy on RAM usage as well as relatively taxing on the CPU, so it will be interesting to see just how effective is the Panzura implementation. Read more

today's howtos and programming leftovers

Become A Linux Foundation Certified Sysadmin

The Linux Foundation is offering beginner sysadmin and advanced sysadmin training and certification bundle at more than 65% off. You have better career prospect as a certified Linux professional. Read more

Audiocasts/Shows: Linux in the Ham Shack and Linux Headlines

  • LHS Episode #302: The End of Kenwood

    Welcome to Episode 302 of Linux in the Ham Shack. In this short topic episode, the hosts discuss the potential end of Kenwood in the amateur radio market, emcom in Montucky, Storm Area 51, HF on satellites, a huge update for PulseAudio, the Linux 5.3 kernel and much more. Thank you for listening and have a fantastic week.

  • 09/19/2019 | Linux Headlines

    Fresh init system controversy at the Debian project, a more scalable Samba, and a big release for LLVM. Plus GitHub's latest security steps and a new version of OBS Studio.