Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Ease of Use and Debian Key Signing

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).

  • Balancing Linux security with usability

    Building an operating system is a difficult balance, and a Linux distribution is no different. You need to consider the out-of-the-box functionality that most people are going to want, and accessibility for a wide swath of administrators' skillsets. If you make your distro very secure, but a newbie sysadmin can't figure out how to work with it…well, they're going to find an easier distribution to go learn on, and now you've lost that admin to another distribution. So it's really no surprise that, right after install time, most Linux distributions need a little bit of tweaking to lock them down. This has gotten better over the years, as the installers themselves have gotten easier to use and more feature-rich. You can craft a pretty custom system right from the GUI installer. A base Red Hat Enterprise Linux (RHEL) system, for example, if you've chosen the base package set, is actually pretty light on unnecessary services and packages.

    There was a time when that was not true. Can you imagine passwords being hashed, but available in /etc/password for any user to read? Or all system management being carried out over Telnet? SSH wasn't even on, by default. Host-based firewall? Completely optional. So, 20 years ago, locking down a newly installed Linux system meant a laundry list of tasks. Luckily, as computing has matured, so has the default install of just about any operating system.

  • Key signing in the pandemic era

    The pandemic has changed many things in our communities, even though distance has always played a big role in free software development. Annual in-person gatherings for conferences and the like are generally paused at the moment, but even after travel and congregating become reasonable again, face-to-face meetings may be less frequent. There are both positives and negatives to that outcome, of course, but some rethinking will be in order if that comes to pass. The process of key signing is something that may need to change as well; the Debian project, which uses signed keys, has been discussing the subject.

    In early August, Enrico Zini posted a note to the debian-project mailing list about people who are trying to get involved in Debian, but who are lacking the necessary credentials in the form of an OpenPGP key signed by other Debian project members. The requirements for becoming a Debian Maintainer (DM) or Debian Developer (DD) both involve keys with signatures from existing DDs; two signatures for becoming a DD or one for becoming a DM. Those are not the only steps toward becoming formal members of Debian, but they are ones that may be hampering those who are trying to do so right now.

    DDs and DMs use their keys to sign packages that are being uploaded to the Debian repository, so the project needs to have some assurance that the keys are valid and are controlled by someone that is not trying to undermine the project or its users. In addition, votes in Debian (for project leaders and general resolutions) are made using the keys. They are a fundamental part of the Debian infrastructure.

More in Tux Machines

Security: Reproducible Builds, Patches, and 1Password

  • Reproducible Builds: Supporter spotlight: Civil Infrastructure Platform 01:00

    The Reproducible Builds project depends on our many projects, supporters and sponsors. We rely on their financial support, but they are also valued ambassadors who spread the word about the Reproducible Builds project and the work that we do. This is the first installment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. If you are a supporter of the Reproducible Builds project (of whatever size) and would like to be featured here, please let get in touch with us at contact@reproducible-builds.org. However, we are kicking off this series by featuring Urs Gleim and Yoshi Kobayashi of the Civil Infrastructure Platform (CIP) project. [...] A: Reproducibility helps a great deal in software maintenance. We have a number of use-cases that should have long-term support of more than 10 years. During this period, we encounter issues that need to be fixed in the original source code. But before we make changes to the source code, we need to check whether it is actually the original source code or not. If we can reproduce exactly the same binary from the source code even after 10 years, we can start to invest time and energy into making these fixes.

  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Arch Linux (kdeconnect, kernel, kpmcore, lib32-freetype2, linux-hardened, linux-lts, linux-zen, lua, and powerdns-recursor), Debian (mariadb-10.1 and mariadb-10.3), Fedora (thunderbird), Mageia (claw-mail, freetype2, geary, kernel, and tigervnc), Oracle (nodejs:12), Red Hat (python27, rh-postgresql96-postgresql, and rh-python38), Slackware (freetype), SUSE (hunspell, kernel, libvirt, and taglib), and Ubuntu (grunt, quassel, and tomcat9).

  • 1Password for Linux Beta now available on Ubuntu, Mint, Manjaro, Fedora, and more [Ed: Who would trust proprietary software for password handling when our governments (nowadays) openly demand back doors in everything?]

    Back in August, we told you about some very exciting news -- 1Password had come to Linux... as a development preview. Yeah, it was a pre-beta release, but still, it was a huge win for the Linux community overall. 1Password is an extremely popular password management service, available for Mac, Windows, Android, and iOS/iPadOS. Bringing it to Linux makes the software truly cross-platform. Not to mention, it says a lot about the growing popularity of Linux that Agilebits found it beneficial to assign precious resources to its development.

  • 1Password’s Linux App is Now in Beta

    The official 1Password Linux app is available for wider testing ahead of a planned stable release next year. Preview builds of the 1Password Linux app were soft-launched earlier this year, albeit with a few caveats in place. The feedback gathered as part of that early effort clearly bore fruit as the team is back with freshly ripened beta candidate for fans of the service to try. 1Password is a popular, cross-platform password manager. Official apps are available for Android and iOS, all major web browser, and Windows and macOS. The service isn’t free (though plans start at a low $2.99/m) but it packs in some pretty decent credential management features. The 1Password Linux app backend is written in Rust and leverages the ring crypto library for its end-to-end encryption. Integration with the Ubuntu desktop is also on offer. The app can detect when you’re using a dark GTK theme; uses descriptive window titles (handy if you tile windows); has support for biometric unlocking; and shows a good ol’ system tray icon for easy access.

  • How to Install 1Password Beta On Linux?

    The beta version of 1Password is now available on Linux. for starters, it is a beautiful, user-friendly, and cross-platform password manager app which is already available on various other platforms like Windows, macOS, Android, and iOS. The app is now available for Ubuntu, Fedora, Debian, CentOS, and Red Hat Enterprise Linux. Apart from that, an App Image is also available. Here’s how you can install 1Password on Linux —

today's howtos

  • Switching Xorg keyboard layout on OpenBSD

    Here’s a few minimalistic options to switch keyboard layout on OpenBSD.

  • Update all Docker Images
  • The Baseline

    Writing your technical documentation so it is easy to understand is good. This does not mean you have to remove information or “dumb down” your text. Often it just means moving things around, changing the focus of a few sentences, or expanding a couple of paragraphs. The content remains the same. What changes is the way you present it. But if you still need convincing on why you should bother going that extra mile, let’s run through some of the reasons. The truth is you never really know who your audience is going to be or how much they know. Internal documentation, aimed initially at a very specific group of people, is often pushed out elsewhere because “it is good enough”, or “we don’t have time (or money) to change it”, or someone found it on the Internet and simply started using it and linking to it. Hence, your documentation will most certainly be used in more ways than you originally anticipated. Your technical manual can get recycled into a user manual, for example. Or Darryl, from sales, may need to convince clients of the benefits of the product, and all he has to build his case on is your technical manual. [...] You could’ve written that paragraph more formally and it would’ve still been easier to understand than the original. Note also how the re-written version contains essentially the same information as the original. The original is just obtuse. Dig out a baseline to kick off your text, yes, but also every time you are about to begin a new section, any time you introduce a new topic, or simply have a tricky paragraph you are not sure how to approach. The baseline will help you focus your text, making the usefulness of what you are describing clearer to the reader throughout. The aim is that your reader, regardless of their level of technical knowledge, can always come away with a broad idea of what you are talking about. If you start by listing features or the libraries used, stating what the thing is instead of what it is used for, or forgetting about your audience entirely (and all these things happen waaaaaaaaaaaaaay more often than you think), the chances of you never getting through but to a small number of readers is virtually guaranteed.

  • 12 Tips to improve GNU/Linux server security | LibreByte

    Any server or device with a public IP address becomes a target for attackers. Therefore, it is of utmost importance to harden the security in order to neutralize any malicious activity, here are 12 tips that will help you improve the security of your server.

  • Create Windows 10 Install Media (USB flash drive) on Linux
  • How to install Teamviewer on Ubuntu 20.04 via command line - Linux Shout

    Here are the commands to install TeamViewer on Ubuntu 20.04 Linux using the official repository of this free remote desktop software

  • How To Install Apache Subversion on Ubuntu 20.04 LTS - idroot

    In this tutorial we will show you how to install Apache Subversion on Ubuntu 20.04 LTS, as well as some extra required package by Apache

  • Install Bacula Backup Server on Ubuntu 20.04

    Bacula is an open-source backup tool that can be used to backup and restore data across the network. It is simple and easy to use tool, and offers many advanced storage management features that help you to backup and recover your lost files easily. It supports Linux, Windows and macOS backup client and also supports a wide range of backup devices. Bacula is made from several components including, Bacula directory, Bacula, console, Bacula storage, Bacula file and Bacula catalog. Each components are responsible for managing specific jobs.

  • How to Run Android on Linux Using Virtual Machine | Beebom

    Learn how to run Android on Linux using Virtual Machine. You can install Android apps and games on Linux and the performance will be better than emulators.

  • How to Use AppImage on Linux (Beginner Guide) – TecAdmin

    The Linux system uses a package manager tool with central repositories like Apt, Yum etc. Which is the traditional way for the applications installation on any Linux system. Some of the application comes with extension .appimage. It may be, you are not much aware about these files. In this tutorial you will learn about the AppImage file. Also you will found details to how to install and use AppImage files on a Linux machine.

  • How to Change Color Schemes in Vim

    Vim is a text editor that can be used to edit all kinds of plain text, especially useful for writing and editing programs. It is also one of the customizable text editors heavily used in Linux operating system. The suitable color in the editor helps you to categorize, analyze and identify bug in the code. You can change color schemes that come with the software package or install vim themes. We are going to use and set Vim color schemes in centos 7 or 8. Though the tutorial is prepared on centos 8, the procedure is same for all the Linux distribution.

  • How to check TLS/SSL certificate expiration date from command-line - nixCraft

    Explains how to check the TLS/SSL certificate expiration date from Linux or Unix CLI and send an email alert using a simple script.

  • How to develop Gstreamer-based video conferencing apps for RDK & Linux set-top boxes

    CNXSoft: This is a guest post by Promwad that explains the basic steps to develop a video conferencing app with Gstreamer on TV boxes running Linux.

  • GStreamer 1.16.3 old-stable bug fix release

    The GStreamer team is pleased to announce the third and likely last bug fix release in the stable 1.16 release series of your favourite cross-platform multimedia framework! This release contains important security fixes. We suggest you upgrade at your earliest convenience, either to 1.16.3 or 1.18.

Audiocasts/Shows: Coder Radio, The Linux Link Tech Show, Talk Python and FLOSS Weekly

  • Leaping Lizard People | Coder Radio 384

    It's confession hour on the podcast, and your hosts surprise each other with several twists and turns.

  • The Linux Link Tech Show Episode 876

    repairing 3ds, power issues, ubuntu 20.10, games

  • Episode #287 Testing without dependencies, mocking in Python - [Talk Python To Me Podcast]

    We know our unit tests should be relatively independent from other parts of the system. For example, running a test shouldn't generally call a credit card possessing API and talk to a database when your goal is just to test the argument validation. And yet, your method does all three of those and more. What do you do? Some languages use elaborate dependency passing frameworks that go under the banner of inversion of control (IoC) and dependency injections (DI). In Python, the most common fix is to temporarily redefine what those two functions do using patching and mocking. On this episode, we welcome back Anna-Lena Pokes to talk us through the whole spectrum of test doubles, dummies, mocks, and more.

  • FLOSS Weekly 601: Open Source Creative - Blender, Gimp, Audacity

    Looking at open source software from a creative lens and discussing the importance and ease of using open-source software to make art, graphics, video, and more. Doc Searls and Jonathan Bennett talk with Jason van Gumster a creator, engineer, and host of the podcast, Open Source Creative. They talk about the positive side of customizing your workplace with open source software such as Blender, Gimp, Hydrogen, and Audacity. They also discuss the simplicity of open source creative software support and the great community surrounding open source creative software.

Ubuntu 20.10 Arrives Today! Here are 11 New Features in Ubuntu 20.10 Groovy Gorilla

Ubuntu 20.10 releases today. An Ubuntu fan may get excited about the new features it brings. Ubuntu 20.10 codenamed Groovy Gorilla is a non-LTS release with nine months of life cycle. You cannot expect drastic changes between subsequent releases. It doesn’t mean you won’t find new things in Ubuntu 20.10. There are some performance improvements, new Linux kernel and visual changes thanks to the latest release of GNOME 3.38 (and other desktop environments in various other Ubuntu flavors). Let’s see what new features Ubuntu 20.10 brings. Read more