Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Games: Demonizer, Taste of Power, Road to your City and More

Security: Software Security is a Civil Right, Security Isn’t a Feature, Metasploit and Software Updates

  • Software Security is a Civil Right!
  • Security isn’t a feature
    As CES draws to a close, I’ve seen more than one security person complain that nobody at the show was talking about security. There were an incredible number of consumer devices unveiled, no doubt there is no security in any of them. I think we get caught up in the security world sometimes so we forget that the VAST majority of people don’t care if something has zero security. People want interesting features that amuse them or make their lives easier. Security is rarely either of these, generally it makes their lives worse so it’s an anti-feature to many. Now the first thing many security people think goes something like this “if there’s no security they’ll be sorry when their lightbulb steals their wallet and dumps the milk on the floor!!!” The reality is that argument will convince nobody, it’s not even very funny so they’re laughing at us, not with us. Our thoughts by very nature blame all the wrong people and we try to scare them into listening to us. It’s never worked. Ever. That one time you think it worked they were only pretended to care so you would go away. So it brings us to the idea that security isn’t a feature. Turning your lights on is a feature. Cooking you dinner is a feature. Driving your car is a feature. Not bursting into flames is not a feature. Well it sort of is, but nobody talks about it. Security is a lot like the bursting into flames thing. Security really is about something not happening, things not happening is the fundamental problem we have when we try to talk about all this. You can’t build a plausible story around an event that may or may not happen. Trying to build a narrative around something that may or may not happen is incredibly confusing. This isn’t how feature work, features do positive things, they don’t not do negative things (I don’t even know if that’s right). Security isn’t a feature. So the question you should be asking then is how do we make products being created contain more of this thing we keep calling security. The reality is we can’t make this happen given our current strategies. There are two ways products will be produced that are less insecure (see what I did there). Either the market demands it, which given the current trends isn’t happening anytime soon. People just don’t care about security. The second way is a government creates regulations that demand it. Given the current state of the world’s governments, I’m not confident that will happen either.
  • Metasploit, popular hacking and security tool, gets long-awaited update
    The open-source Metasploit Framework 5.0 has long been used by hackers and security professionals alike to break into systems. Now, this popular system penetration testing platform, which enables you to find, exploit, and validate security holes, has been given a long-delayed refresh. Rapid7, Metasploit's parent company, announced this first major release since 2011. It brings many new features and a fresh release cadence to the program. While the Framework has remained the same for years, the program was kept up to date and useful with weekly module updates.
  • Security updates for Tuesday
  • [Slackware] New VLC and Flash
    AV1 is a new video codec by the Alliance for Open Media, composed of most of the important Web companies (Google, Facebook, Netflix, Amazon, Microsoft, Mozilla…). AV1 has the potential to be up to 20% better than the HEVC codec, but the patents license is totally free. VLC supports AV1 since version 3.0.0 but I never added the ‘aom‘ decoder/encoder to my vlc package, since ‘aom’ is the reference implementation of the video format and it does not really perform. The VideoLAN and FFmpeg communities are collaborating on ‘dav1d’ to make this a reference optimized decoder for AV1. Now that ‘dav1d’ has an official release I thought it would be cool to have in the VLC package. Mozilla and Google browsers already have the support for AV1 video playback built-in, so… overdue here.

Android Leftovers

Blue Collar Linux: Something Borrowed, Something New

Sometimes it takes more than a few tweaks to turn an old-style desktop design into a fresh new Linux distribution. That is the case with the public release of Blue Collar Linux. "The guidance and design were shaped by real people -- blue collar people," Blue Collar developer Steven A. Auringer told LinuxInsider. "Think useful and guided by Joe and Jane Whitebread in Suburbia." Blue Collar Linux has been under development for the last four years. Until its public release this week, it has circulated only through an invitation for private use by the developer's family, friends and associates looking for an alternative to the Windows nightmare. Read more