Language Selection

English French German Italian Portuguese Spanish

Gentoo

Verifying Gentoo election results via Votrify

Filed under
Gentoo

Gentoo elections are conducted using a custom software called votify. During the voting period, the developers place their votes in their respective home directories on one of the Gentoo servers. Afterwards, the election officials collect the votes, count them, compare their results and finally announce them.

The simplified description stated above suggests two weak points. Firstly, we rely on honesty of election officials. If they chose to conspire, they could fake the result. Secondly, we rely on honesty of all Infrastructure members, as they could use root access to manipulate the votes (or the collection process).

To protect against possible fraud, we make the elections transparent (but pseudonymous). This means that all votes cast are public, so everyone can count them and verify the result. Furthermore, developers can verify whether their personal vote has been included. Ideally, all developers would do that and therefore confirm that no votes were manipulated.

Currently, we are pretty much implicitly relying on developers doing that, and assuming that no protest implies successful verification. However, this is not really reliable, and given the unfriendly nature of our scripts I have reasons to doubt that the majority of developers actually verify the election results. In this post, I would like to shortly explain how Gentoo elections work, how they could be manipulated and introduce Votrify — a tool to explicitly verify election results.

Read more

Michał Górny (Gentoo) and Daniel Kahn Gillmor (Debian) on OpenPGP Security

Filed under
GNU
Linux
Gentoo
Security
Debian
  • Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other non-solutions

    The recent key poisoning attack on SKS keyservers shook the world of OpenPGP. While this isn’t a new problem, it has not been exploited on this scale before. The attackers have proved how easy it is to poison commonly used keys on the keyservers and effectively render GnuPG unusably slow. A renewed discussion on improving keyservers has started as a result. It also forced Gentoo to employ countermeasures. You can read more on them in the ‘Impact of SKS keyserver poisoning on Gentoo’ news item.

    Coicidentally, the attack happened shortly after the launch of keys.openpgp.org, that advertises itself as both poisoning-resistant and GDPR-friendly keyserver. Naturally, many users see it as the ultimate solution to the issues with SKS. I’m afraid I have to disagree — in my opinion, this keyserver does not solve any problems, it merely cripples OpenPGP in order to avoid being affected by them, and harms its security in the process.

    In this article, I’d like to shortly explain what the problem is, and which of the different solutions proposed so far to it (e.g. on gnupg-users mailing list) make sense, and which make things even worse. Naturally, I will also cover the new Hagrid keyserver as one of the glorified non-solutions.

  • Daniel Kahn Gillmor: WKD for debian.org

    By default, this will show you any matching certificate that you already have in your GnuPG local keyring. But if you don't have a matching certificate already, it will fall back to using WKD.

    These certificates are extracted from the debian keyring and published at https://openpgpkey.debian.org/.well-known/debian.org/, as defined in the WKD spec. We intend to keep them up-to-date when ever the keyring-maint team publishes a new batch of certificates. Our tooling uses some repeated invocations of gpg to extract and build the published tree of files.

    Debian is current not implementing the Web Key Directory Update Protocol (and we have no plans to do so). If you are a Debian developer and you want your OpenPGP certificate updated in WKD, please follow the normal procedures for Debian keyring maintenance like you always have.

Review: Sabayon 19.03

Filed under
Gentoo
Reviews

Sabayon's claim that it is a "beginner-friendly" distro that is "bleeding edge" and "stable and reliable" is a bit of a stretch. I doubt "beginners" will comprehend the instructions for what to do after installing Sabayon - and that is assuming inexperienced users will find the information in the first place. Similarly, the systemd and GNOME versions are rather old for a distro that claims to be "bleeding edge". That said, I did find Sabayon's GNOME edition to be stable and reliable, bar a few minor issues (such as the notification about the VirtualBox kernel service not running).

I don't think it is entirely fair to ask if Sabayon lives up to the bold marketing slogans on its home page. Personally, I see Sabayon as a friendly and interesting distro for tinkerers and distro-hoppers, and a very good one at that. I should also mention that, in general, Sabayon's use of language is refreshingly informal; both the graphical Rigo package manager and the wiki put a smile on my face more than once. Even Equo has some jokes built in - the command equo moo prints an ASCII cow that says "Entromoooo!".

Sabayon does still has some way to go to become the sophisticated operating system it wants to be. With 19.03 the distro switched from the Anaconda to the Calamares installer which, to my mind at least, is a good decision. However, contrary to what is claimed in the release notes, the disk encryption issue has not been resolved yet and the wiki still talks about how to find your way through the Anaconda installer. Work on the new wiki announced in the release notes seems to be at a very early stage.

I also couldn't fail to notice that Sabayon's forums are rather quiet. Lively forums don't necessarily equate to a thriving community, but the overall feeling I got is that Sabayon could do with a bit more momentum. That shouldn't discourage you from giving Sabayon a try though. On the contrary, if you are a Linux-loving tinkerer then Sabayon might be the distro for you.

Read more

Gentoo News: Nitrokey partners with Gentoo Foundation to equip developers with USB keys

Filed under
Gentoo
Security

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.

Thanks to the Gentoo Foundation and Nitrokey’s discount, each Gentoo developer is eligible to receive one free Nitrokey Pro 2. To receive their Nitrokey, developers will need to register with their @gentoo.org email address at the dedicated order form.

A Nitrokey Pro 2 Guide is available on the Gentoo Wiki with FAQ & instructions for integrating Nitrokeys into developer workflow.

Read more

Sabayon 19.03 - New stable release

Filed under
Gentoo

The team behind Sabayon is excited to present you the latest stable release: Sabayon 19.03.

Sabayon is a modern and easy to use distribution based on Gentoo, which follows a reliable rolling release model.

Please read on or download your flavour Smile

19.03 is a long awaited release, coming with a lot of new features and enhancements...

Read more

Also: Gentoo-Based Sabayon 19.03 - Finally Supports Full Disk Encryption, Python 3 Default

Gentoo-Based Sabayon 19.03 - Finally Supports Full Disk Encryption, Python 3 Default

A Look at the New Gentoo Based Sabayon 19.03 and Gentoo Based ChromeOS

Filed under
Gentoo
Google
  • Sabayon 19.03 overview | The beginner-friendly Gentoo-based Linux distribution.

    In this video, i am going to show an overview of Sabayon 19.03 and some of the applications pre-installed.

  • Google I/O 2019 schedule goes live with sessions on Stadia, Dark Mode, Linux on Chrome OS, and more

    Google I/O is one of the biggest developer conferences held by Google every year, wherein they announce upcoming changes to Google services and how developers should react in order to prepare themselves for these changes. Google I/O 2019 is scheduled to begin on May 7, 2019 at the Shoreline Amphitheatre in Mountain View, California (USA), and now, Google has posted the initial schedule for the conference.

    As expected, I/O 2019 will kick off with the main Google keynote at 10AM PDT, and will be hosted by key Google executives, including Mr. Sundar Pichai, in all likelihood. As it does every year, this event will provide an overview of upcoming changes to Google products and services, including Android and its next version, Android Q. This event will be livestreamed, so you won’t be missing out on too much if you did not manage to score a ticket.

  • 4K Video Editing on Chromebooks May Be Possible Soon

    If Google’s Stadia project ends up delivering the way it promises, there will be a totally viable gaming solution for Chromebooks. For photo and graphic editing, there are options like Pixlr, Gravit Designer on the web and Photoshop or Lightroom on Android. Add to that a very workable solution in GIMP and Inkscape in Linux and you have most of your photo and graphic editing needs met.

Gentoo GNOME 3.30 for all init systems

Filed under
Gentoo
GNOME

GNOME 3.30 is now available in Gentoo Linux testing branch.
Starting with this release, GNOME on Gentoo once again works with OpenRC, in addition to the usual systemd option. This is achieved through the elogind project, a standalone logind implementation based on systemd code, which is currently maintained by a fellow Gentoo user. It provides the missing logind interfaces currently required by GNOME without booting with systemd.

For easier GNOME install, the desktop/gnome profiles now set up default USE flags with elogind for OpenRC systems, while the desktop/gnome/systemd profiles continue to do that for systemd systems. Both have been updated to provide a better initial GNOME install experience. After profile selection, a full install should be simply a matter of `emerge gnome` for testing branch users. Don’t forget to adapt your system to any changed USE flags on previously installed packages too.

Read more

Don't Look For Gentoo's CPU Optimization Options To Land In The Mainline Linux Kernel

Filed under
Linux
Gentoo

Gentoo's Linux kernel build has long offered various CPU options in allowing those building their distribution to optimize their kernel build to the CPU being used. Every so often the patch is suggested for upstreaming to the mainline Linux kernel before being quickly rejected by the upstream maintainers.

This week the kernel CPU options patch was suggested for mainlining in the Linux kernel. The patch adds extra CPU options to the kernel configuration (Kconfig) area for adjusting the GCC optimization values for various generations of Intel/AMD CPUs. It allows building the kernel ranging from -march=k8-sse3 to -march=cannonlake, among other prominent generations of Intel/AMD processors over the years.

Read more

Redcore Linux Gives Gentoo a Nice Facelift

Filed under
Linux
Gentoo
Reviews

I like the overall look and feel of Redcore Linux. I generally do not use Gentoo-based Linux distros.

However, this distro does a good job of leveling the field of differences among competing Linux families. I especially like the way the LXQt and the KDE Plasma desktops have a noticeable common design that makes the Redcore distro stand out.

Read more

Attack on git signature verification via crafting multiple signatures

Filed under
Development
Gentoo
Security

This article shortly explains the historical git weakness regarding handling commits with multiple OpenPGP signatures in git older than v2.20. The method of creating such commits is presented, and the results of using them are described and analyzed.

Read more

Syndicate content

More in Tux Machines

Mutter 3.33.4

About mutter
============

Mutter is a window and compositing manager that displays and manages
your desktop via OpenGL. Mutter combines a sophisticated display
engine using the Clutter toolkit with solid window-management logic
inherited from the Metacity window manager.

While Mutter can be used stand-alone, it is primarily intended to be
used as the display core of a larger system such as GNOME Shell. For
this reason, Mutter is very extensible via plugins, which are used
both to add fancy visual effects and to rework the window management
behaviors to meet the needs of the environment.

News
====

* Discard page flip retries on hotplug [Jonas; !630]
* Add xdg-output v2 support [Olivier; #645]
* Restore DRM format fallbacks [Jonas; !662]
* Don't emit ::size-changed when only position changed [Daniel; !568]
* Expose workspace layout properties [Florian; !618]
* Don't use grab modifiers when shortcuts are inhibited [Olivier; #642]
* Fix stuttering due to unchanged power save mode notifications [Georges; !674]
* Add API to reorder workspaces [Adam; !670]
* Make picking a new focus window more reliable [Marco; !669]
* Defer actor allocation till shown [Carlos; !677]
* Try to use primary GPU for copy instead of glReadPixels [Pekka; !615]
* Unset pointer focus when the cursor is hidden [Jonas D.; !448]
* Fix modifier-drag on wayland subsurfaces [Robert; !604]
* Fix background corruption on Nvidia after resuming from suspend [Daniel; !600]
* Only grab the locate-pointer key when necessary [Olivier; !685, #647]
* Misc. bug fixes and cleanups [Florian, Jonas, Daniel, Robert, Olivier,
  Georges, Marco, Carlos, Emmanuele; !648, !650, !647, !656, !658, !637,
  !663, !660, !659, !665, !666, !668, !667, #667, !676, !678, #672, !680,
  !683, !688, !689, !687]

Contributors:
  Jonas Ådahl, Emmanuele Bassi, Adam Bieńkowski, Piotr Drąg, Jonas Dreßler,
  Olivier Fourdan, Carlos Garnacho, Robert Mader, Florian Müllner,
  Georges Basile Stavracas Neto, Pekka Paalanen, Marco Trevisan (Treviño),
  Daniel van Vugt

Translators:
  Fabio Tomat [fur], Kukuh Syafaat [id]
Read more Also: GNOME Shell + Mutter 3.33.4 Released

KDE Usability & Productivity: Week 80

Somehow we’ve gone through 80 weeks of progress reports for KDE’s Usability & Productivity initiative! Does that seem like a lot to you? Because it seems like a lot to me. Speaking of a lot, features are now pouring in for KDE’s Plasma 5.17 release, as well as Applications 19.08. Even more is lined up for Applications 19.12 too, which promises to be quite a release. Read more

Android Leftovers

IBM Announcements