Language Selection

English French German Italian Portuguese Spanish

Security: Meltdown & Spectre, Critical CSRF Security Vulnerability, OpenVPN and More

Filed under
Security
  • Meltdown & Spectre
  • Meltdown and Spectre Linux Kernel Status

    By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

    Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

    If you do want technical details for how we are resolving those issues in the kernel, see the always awesome lwn.net writeup for the details.

    Also, here’s a good summary of lots of other postings that includes announcements from various vendors.

  • Spectre and Meltdown: What you need to know going forward

    As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.).

    Here's a breakdown of all the things you need to know. As things change, or new information becomes available, this article will be updated.

    The key thing to remember is not to panic, as the sky isn't about to come crashing down. The situation is one that centers on information disclosure, not code execution (a far more damning issue to deal with).

  • Open Source Leaders: Take Intel to Task

    I do not know Linus Torvalds or Theo de Raadt. I have never met either of them and have read very little about them. What I do know, gleaned from email archives, is when it comes to bum hardware: they both have pretty strong opinions. Both Linus and Theo can be a bit rough around the edges when it comes to giving their thoughts about hardware design flaws: but at least they have a voice. Also, Linus and Theo have often been at odds whether it be about how to approach OS design, licensing etc but I suspect, or I at least have to believe, the latest incident from intel (the Spectre and Meltdown flaws) is one area they agree on.

    Linus and Theo cannot possibly be the only Open Source leaders out there who are frustrated and tired of being jerked around by intel. What I hope comes out of this is not many different voices saying the same thing here and there but instead, perhaps, our various leaders could get together and take intel to task on this issue. Intel not only created a horrible design flaw they lied by omission about it for several months. During those months the Intel CEO quietly dumped his stock. What a hero.

  • Docker Performance With KPTI Page Table Isolation Patches

    Overall most of our benchmarks this week of the new Linux Kernel Page Table Isolation (KPTI) patches coming as a result of the Meltdown vulnerability have showed minimal impact overall on system performance. The exceptions have obviously been with workloads having high kernel interactions like demanding I/O cases and in terms of real-world impact, databases. But when testing VMs there's been some minor impact more broadly than bare metal testing and also Wine performance has been impacted. The latest having been benchmarked is seeing if the Docker performance has been impacted by the KPTI patches to see if it's any significant impact since overall the patched system overhead certainly isn't anything close to how it was initially hyped by some other media outlets.

  • Can We Replace Intel x86 With an Open Source Chip?
  • Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched

    A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.

  • 8 reasons to replace your VPN client with OpenVPN

    OpenVPN could be the answer. It's an ultra-configurable open source VPN client which works with just about any VPN provider that supports the OpenVPN protocol. It gives you new ways to automate, optimize, control and troubleshoot your connections, and you can use it alongside your existing client, or maybe replace it entirely – it's your call.

  • I’m harvesting credit card numbers and passwords from your site. Here’s how.

More in Tux Machines

Red Hat: Interview, Releases, Events, Compliance and Finance

Linux Foundation Expansion and Linux Development

  • Deutsche Telekom signs up as platinum member of Linux Foundation Networking
    Deutsche Telekom has doubled down on its commitment to using open source by signing up as a platinum member of Linux Foundation Networking. Earlier this year, the Linux Foundation put some of its open source communities, including the Open Network Automation Platform (ONAP), under the Linux Foundation Networking (LFN) brand in order to foster cross-project collaboration. Mainly thanks to ONAP, the LNF projects currently enable close to 70% of all the world's global mobile subscribers.
  • Deutsche Telekom Joins The Linux Foundation, Deepens Investment in Open Source Networking
  • Samsung Galaxy S Support With The Linux 4.19 Kernel
    Just in case you have your hands still on the Samsung Galaxy S or Galaxy S 4G that were released back in 2010 as once high-end Android smartphones, they have DeviceTree support with the upcoming Linux 4.19 kernel cycle. The DeviceTree additions are currently staged ahead of the Linux 4.19 kernel for these S5Pv210 Aries based smartphones. With this code in place for Linux 4.19, the Galaxy S should at least see working mainline support for storage, PMIC, RTC, fuel gauge, keys, USB, and WiFi working in order.
  • Using the Best CPU Available on Asymmetric Systems
    This is the type of situation with a patch where it might look like a lack of opposition could let it sail into the kernel tree, but really, it just hasn't been thoroughly examined by Linux bigwigs yet. Once the various contributors have gotten the patch as good as they can get it without deeper feedback, they'll probably send it up the ladder for inclusion in the main source tree. At that point, the security folks will jump all over it, looking for ways that a malicious user might force processes all onto only one particular CPU (essentially mounting a denial-of-service attack) or some such thing. Even if the patch survives that scrutiny, one of the other big-time kernel people, or even Linus Torvalds, could reject the patch on the grounds that it should represent a solution for large-scale systems as well as small. Either way, something like Dietmar and Quentin's patch will be desirable in the kernel, because it's always good to take advantages of the full range of abilities of a system. And nowadays, a lot of devices are coming out with asymmetric CPUs and other quirks that never were part of earlier general-purpose systems. So, there's definitely a lot to be gained in seeing this sort of patch go into the tree.

Games: Risin' Goat, CorsixTH, Hegemone Pass, Unreal Engine

Software: Remote Access, EncryptPad, Aria2 WebUI, Qbs

  • Best Linux remote desktop clients of 2018
    This article has been fully updated, and was provided to TechRadar by Linux Format, the number one magazine to boost your knowledge on Linux, open source developments, distro releases and much more. It appeared in issue 220, published February 2017. Subscribe to the print or digital version of Linux Format here. SSH has been the staple remote access tool for system administrators from day one. Admins use SSH to mount remote directories, backup remote servers, spring-clean remote databases, and even forward X11 connections. The popularity of single-board computers, such as the Raspberry Pi, has introduced SSH into the parlance of everyday desktop users as well. While SSH is useful for securely accessing one-off applications, it’s usually overkill, especially if you aren’t concerned about the network’s security. There are times when you need to remotely access the complete desktop session rather than just a single application. You may want to guide the person on the other end through installing software or want to tweak settings on a Windows machine from the comfort of your Linux desktop yourself.
  • EncryptPad: Encrypted Text Editor For Your Secrets
    EncryptPad is a simple, free and open source text editor that encrypts saved text files and allows protecting them with passwords, key files, or both. It's available on Windows, macOS, and Linux. The application comes with a GUI as well as a command line interface, and it also offers a tool for encrypting and decrypting binary files.
  • Aria2 WebUI: Clean Web Frontend for aria2
    Aria2 WebUI is an open source web frontend for aria2. The software bills itself as the finest interface to interact with aria2. That’s a lofty goal considering the competition from the likes of uGet Download Manager (which offers an aria2 plugin). Aria2 WebUI started as part of the GSOC program 2012. But a lot has changed since the software’s creation under that initiative. While the pace of development has lessened considerably in recent years, the software has not been abandoned.
  • qbs 1.12 released
    We are happy to announce version 1.12.0 of the Qbs build tool. [...] All command descriptions now list the product name to which the generated artifact belongs. This is particularly helpful for larger projects where several products contain files of the same name, or even use the same source file. The vcs module no longer requires a repository to create the header file. If the project is not in a repository, then the VCS_REPO_STATE macro will evaluate to a placeholder string. It is now possible to generate Makefiles from Qbs projects. While it is unlikely that complex Qbs projects are completely representable in the Makefile format, this feature might still be helpful for debugging purposes.