GNU/Linux Security Leftovers
-
Our assessment is that the cause is this commit, the introduction of a "sockfs_setattr()" function. This function neglects to null-out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).
-
Last week, a Huawei engineer reported a vulnerability present in the early Linux 2.6 kernels through version 4.20.11. The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code was used to uncover the use-after-free vulnerability which was present since early Linux versions.
The use-after-free issue was found in the networking subsystem’s sockfs code and could lead to arbitrary code execution as a result.
-
So, use Linux, and preferably coreboot or Libreboot (open source BIOS). You can buy hardware based on the recommendations of well-known and respected (still a bit paranoid) cypherpunk Richard Stallman.
-
Privileged accounts hold the keys to highly sensitive company information and once these credentials are targeted, they can easily lead to a breach of a company’s most valuable assets; from databases to social media and unstructured data. Most enterprises have implemented some form of Privileged Access Management (PAM), but many find these initiatives fail to live up to expectations. Below are some common reasons why a PAM project might fail to meet the initial expectations; coupled with practical insights on how to prevent it from becoming a dud.
-
Mobile World Congress is back again! Like every single year during the Jolla journey, we are excited to take part in this event. We have had great experiences in the past MWC’s, our main drivers for attending are the current and relevant topics discussed during the congress. One of this year’s core themes is Digital Trust; “Digital trust analyses the growing responsibilities required to create the right balance with consumers, governments and regulators.” It makes us happy that these topics are being discussed, especially since several scandals have recently affected trust in digital solutions.
At Jolla we work constantly towards providing a secure and transparent solution. Our value towards our customer’s privacy is reflected in our values and actions. Back in May of 2018 our CEO Sami Pienimäki wrote a blog post on the GDPR laws passed within the European Union and stated the cornerstones on how Jolla views data privacy. This stand on privacy is not rocket science – the core idea is to respect our customers’ privacy and allow them to be in control of their data.
Which is More Secure: Windows, Linux, or macOS? [Ed: security is not an OS feature but a separate product, insists company that sells "security" as a proprietar ysoftware product]
| Games: BATTLETECH, Tesla vs Lovecraft and More
-
The weekend is about to crash into our lives once again, you're sat staring at your screen wondering what to play and we're here to help.
First up, BATTLETECH is having a free weekend so you have around 1 day and 22 hours to download it on Steam and try it out for free. If you decide you like it, there's 40% off the price right now too.
Steam also has a Square Enix sale going on, where you can grab a number of interesting titles for super cheap including Life is Strange, Life is Strange: Before the Storm, Rise of the Tomb Raider and more.
-
GOG have another good Linux game now available, with Tesla vs Lovecraft from 10tons now up on their DRM-Free digital shelves.
-
Planetary Annihilation Inc continue to make big improvements to Planetary Annihilation: TITANS, the massive-scale RTS that has Linux support.
-
I was very impressed with Rise of Industry last time I took a look at this strategic tycoon game from Dapper Penguin Studios. They have another big update out along with an announcement about leaving Early Access.
First, to get the biggest news out of the way, it's going to leave Early Access on May 2nd. Just before that, there's going to be another huge update which will add in AI competition.
-
Ventilator Shark's great looking parkour platformer, Space Rabbits in Space will be coming to Linux.
I spoke directly to the developer, who (slightly amusingly) said "There will be a Linux version, we just don't have ETA on that yet (2 people, 1 dog, exhausted to heck [we are, the dog is fine])".
-
The Talos Principle, Croteam's fantastic first-person puzzle game has a fresh beta available to test with some major changes.
It includes massive changes under the hood, including a much more up to date version of their Serious Engine. This brings with it 64bit by default, OpenGL removed in favour of Vulkan along with "various other optimizations, fixes, and tweaks that will make your gameplay experience better without you knowing why that is".
I did a few benchmarks this morning just to see how it's working now and unsurprisingly the Linux version remains incredibly smooth. With the performance options cranked to Ultra, rendering at 1080p and MSAA x4 on it was hitting an average of 112 FPS.
-
10tons, who are well known for their top-down shooters are unleashing their latest title 'Undead Horde' in Early Access on March 6th.
|
Linux Foundation, Linux 5.0 and Linux 5.1
-
I suspected Linux Foundation went to the dark side when they started strange deals with Microsoft. But I'm pretty sure they went to dark side now.
-
With the Linux 5.0 kernel due out within the next week or two, here's a look back at the biggest end-user facing changes for this kernel release that started out as Linux 4.21.
-
With the Linux 5.1 kernel cycle soon to kick-off, an early batch of fixes for the AMDGPU DRM driver and other fixes were sent in on Thursday to queue along with all of the new functionality being staged in DRM-Next.
There's a lot of DRM improvements and throughout all the kernel subsystems of new material queuing up for Linux 5.1. On the AMDGPU side there is AMDGPU DC seamless boot bits, PCI Express bandwidth utilization is now exported to user-space, Vega power management updates, DCC support for scanout surfaces, better page-flipping in DC, and various Vega 20 fixes.
| Videos: Manjaro 18.0.3 Cinnamon, Bash Commands and FLOSS Weekly With ClearlyDefined
-
In this video, we look at Manjaro 18.0.3 Cinnamon.
-
We chill and look at some cool commands for the BASH terminal and scripts.
-
Carol Smith is the program manager for ClearlyDefined, a project under the Open Source Initiative. ClearlyDefined is an open source project to crowd-source the gathering, curation, and upstreaming of licensing and security (and more) data about free and open source projects.
|
Printer-friendly version
PDF version
.svg_.png)
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
1 min 2 sec ago
33 min 1 sec ago
38 min 18 sec ago
57 min 55 sec ago
20 hours 38 min ago
1 day 7 hours ago
1 day 8 hours ago
1 day 12 hours ago
1 day 13 hours ago
1 day 14 hours ago