Systemd maintainer David Strauss has published a response to my blog post about systemd. The first part of his post is replete with ad hominem fallacies, strawmen, and factual errors. Ironically, in the same breath that he attacks me for not understanding the issues around threads and umasks, he betrays an ignorance of how the very project which he works on uses threads and umasks. This doesn't deserve a response beyond what I've called out on Twitter.
In the second part of his blog post, Strauss argues that systemd improves security by making it easy to apply hardening techniques to the network services which he calls the "keepers of data attackers want." According to Strauss, I'm "fighting one of the most powerful tools we have to harden the front lines against the real attacks we see every day." Although systemd does make it easy to restrict the privileges of services, Strauss vastly overstates the value of these features.
Harden Debian with PIE and bindnow!
Shipping Position Independent Executables and using read-only Global Offset Table was already possible for packages but needed package maintainers to opt-in for each package (see Hardening wiki) using the “pie” and “bindnow” Dpkg hardening flags.
Many critical packages enabled the extra flags but there are still way more left out according to Lintian hardening-no-bindnow and hardening-no-pie warnings.
Now we can change that. We can make those hardening flags the default for every package.
My Free Software Activities in September 2016
Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Android, Java, Games and LTS topics, this might be interesting for you.
Several donations boost reliability of Debian's core infrastructure
Over the last several months, Hewlett Packard Enterprise (HPE), one of Debian's primary hardware partners, has made several large in-kind donations in support of Debian core services. The donated equipment will be deployed in the data centers of multiple hosting partners in Canada, the United States, and Australia.
Gitano - Approaching Release - Work
I have been working quite hard, along with my friend and colleague Richard Maw, on getting Gitano ready for a release suitable for inclusion into Debian Stretch.
OverlayFS SELinux Support For Linux 4.9 Kernel
James Morris has submitted the security subsystem updates for the new Linux 4.9 kernel development cycle.
BFS Updated For Linux 4.8, To Be Succeeded By New MuQSS Scheduler
Con Kolivas has rolled out the BFS scheduler v0.512 release for Linux 4.8, which may be his last "BFS" release as he's getting ready to premiere a new scheduler.
Scheduler Changes Published For The Linux 4.9 Kernel
Ingo Molnar was prompt as usual in submitting his various pull requests for the opening of the Linux 4.9 merge window, including the scheduler changes.
Looks like Homefront: The Revolution might be gearing up for a Linux release now
It seems Homefront: The Revolution [Steam] is seeing some fresh Linux-related activity on SteamDB, with it being giving a launch configuration.
If I may direct your attention to this and this it seems that someone has started focusing on the Linux version some more. The latest update being today and only a few hours ago too.
Stardew Valley 1.1 is now officially live on Steam with lots of new stuff
Stardew Valley [Official Site, Steam] 1.1 the big content update is now live on Steam, you can divorce people now, choose a different map and more.
- Crowdfunding roundup with internet sim Hypnospace Outlaw, 3D point & click Woven and more
WalmartLabs open sources the application platform that powers Walmart.com
Walmart probably isn’t the first company that comes to mind when you think about open-source software (or the second or third, really), but WalmartLabs, Walmart’s innovation-focused tech division, has already launched a number of open-source projects into the wild. The most interesting of these so far was OneOps, its DevOps platform, but today it is launching a similarly ambitious project.
Over the course of the last year, Walmart.com — a site that handles 80 million monthly visitors and offers 15 million items for sale — migrated to React and Node.js. In the process of this transition, the WalmartLabs team built Electrode, a React-based application platform to power Walmart.com. It’s now open sourcing this platform.
Electrode provides developers with boilerplate code to build universal React apps that consist of a number of standalone modules that developers can choose to add more functionality to their Node apps. These include a tool for managing the configuration of Node.js apps, for example, as well as a React component that helps you render above-the-fold content faster.
Riot Founder Describes Vision of Open Source Collaboration
Initially built by developers for developers, Riot is free and open source software. It publishes all of the code on GitHub, where anyone can see, modify and run it.
Yahoo Open Sources Porn-Hunting Neural Network
The artificial intelligence system is trained to automatically identify risque images using a probability scale between zero and one. Scores below 0.2 indicate the image is likely safe for all eyes. But those above 0.8 signal the high probability of a long chat with your boss if they spot your computer screen.
- Yahoo is open sourcing its deep learning model to identify pornography
Linux Foundation Leader Jim Zemlin to Keynote Postgres Vision 2016
The Linux Foundation Executive Director Jim Zemlin will keynote Postgres Vision 2016, the international conference for technology and industry visionaries to explore the future of enterprise Postgres, open source, entrepreneurship, and innovation. Postgres Vision will be held October 11-13, 2016, at the iconic Innovation Hangar (iHangar) in the Palace of Fine Arts, San Francisco.
France is developing a free consultation platform for public authorities
Etalab and the CNNum (Conseil National du Numérique, the National Digital Council) planned to collaborate with civil society members and the Open Government ecosystem in France to develop an consultation platform. The idea was presented during an Open Democracy Now Hackathon, which took place in Paris on September 17 and 18.
The Open Source Initiative® (OSI), the premiere organization working globally to champion open source in society through education, infrastructure and collaboration; announced today that Powering Potential has joined the OSI as an Affiliate Member.
Powering Potential provides access to educational resources on solar-powered computers running open source software at schools in rural Tanzania. The technology initiative works to enhance education and stimulate imagination of students in Tanzania while respecting and incorporating values of the local culture.
“The Board of Directors at the OSI is pleased to have Powering Potential as an OSI Affiliate Member,” said Patrick Masson, general manager and director at the Open Source Initiative. “Their work fully aligns with our mission to raise awareness and adoption of open source software, and as our first African Affiliate Member, build bridges among different constituencies in the open source community.”
Over the years I've bought some less than impressive consumer routers, so these days I run my own self-built hardware firewall appliance. Surprisingly, deciding on which option was best for my needs was not as easy as I had hoped.
Building a hardware firewall requires you to decide on the hardware your firewall/router computer operating system will be installed on. Like myself, some people might use an old PC. Others might decide to install their selected firewall operating system onto a rack mount server. However one decides to do this, the completed act of installing this OS onto the dedicated hardware creates a dedicated hardware firewall.
And unlike a software firewall, hardware firewalls serve a single dedicated purpose – to act as a gateway appliance for your network. Having had experience with three popular firewall operating systems in the past, I found that choosing the "right one" is a matter of perspective.
In this article, I'm going to share my experience and overall impressions about those three different firewall solutions. Some of these are highly advanced while others are incredibly easy to use. Each of these solutions share something that I feel good about sharing with my readers. All of the firewalls are easily downloadable without any annoying sign-up pages (I'm looking at you, Sophos).