Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Please don’t make me choose a username

    I hate username fields in registration forms. The usernames I want are, of course, already taken. Many services won’t let you change your username later, so you might get stuck with it. Who wants to settle for a name they don’t like? Just please don’t make me choose a username.

    Personal identity is hard. It molds and changes over time. Online identity is harder, but can often be more permanent. Many services won’t let you change your username without deleting the account and making another one. You’ll lose all your data with the service in the process. (Assuming you’re allowed to delete your account and set your email address free.)

    Many services make do with just your email address. Your email address isn’t truly yours, but just a rented identity. However, everyone still needs a unique name for services where you interact with other members.

  • Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux

    CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

    CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

    The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

    It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades - they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

  • Many Computer Users Never Run Updates

    A large percentage of computer users never update their operating systems. This is true of desktop Linux users as well, which may be surprising to some since Linux users are supposed to be a bit more tech-savvy than Windows and Mac users. R

  • Linux Mint users are surprisingly irresponsible regarding updates

    Linux users are more knowledgeable regarding computer maintenance than Windows users, right? Maybe. That is certainty up for debate. With that said, Linux user may not be very responsible computer users. Well, Linux Mint users, at least.

    You see, in a stunning development, it turns out Linux Mint users are often very behind in installing both operating system and application updates. In other words, Linux Mint users are often running outdated software, which could be no longer supported, or even worse, it could contain exploitable vulnerabilities. For example, a surprisingly high number of these users are running Linux Mint 17.x, which is unsupported since 2019!

Linux Mint want to remind you to run updates

  • Linux Mint want to remind you to run updates

    In a fresh blog post, Linux Mint's leader Clem Lefebvre has written about some statistics on people running out of date software and warned people to ensure they're running updates.

    While Linux users often claim they know what they're doing, they're smarter than Windows users and more (I've seen a lot of claims over the years…) plenty still seem to delay or just not run updates it seems. When you hear about new security problems all the time, it's never been more important to stay up to date. Especially your web browser, the last thing you want is to have that and your entire online life compromised!

    In the post Lefebvre mentions that only around 30% of users updated their web browser in less than a week, although perhaps much more alarming is that between "5% and 30% of users run Linux Mint 17.x" which has not seen security updates for two years since it reached EOL (end of life).

Microsoft boosters cover this

A Tale of Two Updates

  • A Tale of Two Updates

    Helping your users stay up to date on their workstation is something I believe OS vendors should endeavour to do, to the best of their ability. Some users aren’t able to find time to install updates, or are irritated by update dialogs. Others are skeptical of their contents, some even block updates completely.
    No OS vendor wants to be “That Guy” featuring in the news as millions of their customers are found to be vulnerable on their watch. Equally, respecting the user, given it’s their computing device, is vital too. It’s a difficult balance to strike. Somewhere in between “That Linux distro which nags me constantly to do updates” and “That distro which is outdated and insecure” erring towards the former, is probably the sweet spot.
    So when I read today in typical El Reg fashion that “Linux Mint users in hot water for being slow with security updates, running old versions” I was reminded of an issue we had in Ubuntu a few years back. I’m going to muddy things a little to save engineer embarrassment, but you’ll get the gist.
    First though, a small backstory.

  • Linux Mint users in hot water for being slow with security updates, running old versions [Ed: By Microsoft Tim]

    Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.

    Lefebvre used Firefox as an example. Mozilla's browser is frequently updated and has fixes for security vulnerabilities described by the firm as critical, which it defined as "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing." The latest such update is dated 5 February 2021 (though it is a Windows-only problem).

Apply Security Updates Now

  • Apply Security Updates Now

    Nonetheless, many users fail to apply updates or perform upgrades in a timely fashion. For example, he notes that between 5% and 30% of users run Linux Mint 17.x, which no longer receives security updates. “If you are still using Linux Mint 17.x you need to back up your data and reinstall a modern version ASAP,” he says.

    The blog post provides simple steps for finding out which version of Linux Mint you’re running and applying all necessary updates to your machine.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.