Language Selection

English French German Italian Portuguese Spanish

Security: Firewalld, NSA, WPA, Supply-chain Attacks and Facebook

Filed under
Security
  • Firewalld: The Future is nftables

    Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

  • How SELinux helps mitigate risk while facilitating compliance

    Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStack Platform.

  • WPA3: How and why the Wi-Fi standard matters

    WPA2 has given us 14 years of secure wireless networking. WPA3 will fix a number of big problems in WPA2 and make strong security the default condition.

  • How one man could have hacked every Mac developer (73% of them, anyway)

    OK, in some ways that’s only very loosely true, when you think of all the non-Unixy stuff on top of the Darwin base layer, and we welcome your comments below to explain just how carelessly loose we have been…

    [...]

    The potential impact of a well-thought-out hack into one of the many package management ecosystems out there is a pet concern of security researcher Eric Holmes.

    Hacks against the very repositories that many of us rely upon for software updates are known in the jargon as supply-chain attacks – after all, the modern supply chain often doesn’t involve any factories, ships, trains, inventories, trucks, pallets or forklifts.

    So, Holmes decided to take a look at the supply chain for Homebrew, or Brew for short – we’re guessing he picked Brew not only because he knew it was the most popular amongst the Mac community, but also because he uses it himself.

    The results were, in a word, salutary.

  • SD Times Open-Source Project of the Week: Fizz

    In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library.

    TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning how secret keys are derived, and a zero round-trip connection setup.

    “We are excited to be open-sourcing Fizz to help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure,” Facebook wrote in a post.

More in Tux Machines

OSS: Huawei and "GNU's Not Unix."

  • Huawei Could Rebuild Trust in Their Products Through Open Source

    Open source code for Huawei equipment would allow nations, companies, and individuals alike to verify that the code is free of malware, and that it contains no obvious security problems.

    Reproducible builds allow everyone to be reassured that the code running on the network devices matches the open source code that is reviewed by the public. This removes another layer of distrust.

    And if you want to protect against the advent of Chinese “malicious updates” you can use multi-party key signature schemes for firmware updates, to ensure that updates are approved by the government/company before they are rolled out.

  • The WIRED Guide to Open Source Software

    The open source software movement grew out of the related, but separate, "free software" movement. In 1983, Richard Stallman, at the time a programmer at the MIT Artificial Intelligence Laboratory, said he would create a free alternative to the Unix operating system, then owned by AT&T; Stallman dubbed his alternative GNU, a recursive acronym for "GNU's Not Unix."

    For Stallman, the idea of "free" software was about more than giving software away. It was about ensuring that users were free to use software as they saw fit, free to study its source code, free to modify it for their own purposes, and free to share it with others. Stallman released his code under a license known as the GNU Public License, or GPL, which guarantees users those four software freedoms. The GPL is a "viral" license, meaning that anyone who creates software based on code licensed under the GPL must also release that derivative code under a GPL license.

GNOME 3.34 Desktop Environment Development Kicks Off with First Snapshot

GNOME 3.34 will be the next major release of the popular free and open-source desktop environment for Linux-based operating systems, expected to hit the streets later this year on September 11th. During its entire development cycle, GNOME 3.34 will be developed under the GNOME 3.33.x umbrella. Work on the GNOME 3.34 desktop environment begun a few weeks ago, after the launch of the GNOME 3.32 "Taipei" desktop environment, which is already the default desktop environment of the recently released Ubuntu 19.04 (Disco Dingo) operating system and other GNU/Linux distributions. Read more

The mysterious history of the MIT License

I say "seemingly straightforward" because the MIT License is one of the most popular licenses used by open source software. The MIT License, Apache License, and BSD license are the main permissive licenses, a term that contrasts with reciprocal licenses like the GPL, which require source code to be made available when software is redistributed. Given its popularity, you'd think the license's inception would be well-documented. I found various clues that added up to a date in the late 1980s but nothing definitive. However, Keith Packard and Jim Gettys jumped on the thread to offer first-hand accounts of the license's creation. In addition to providing early examples of the license, their help also gave me the context to better understand how the license evolved over time. Read more

BSD: A Look at NomadBSD and Audiocasts About BSDs and ZFS

  • NomadBSD, a BSD for the Road
    As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD. [...] This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD. Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.
  • Fun with funlinkat() | BSD Now 295
    Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.
  • Snapshot Sanity | TechSNAP 402
    We continue our take on ZFS as Jim and Wes dive in to snapshots, replication, and the magic on copy on write. Plus some handy tools to manage your snapshots, rsync war stories, and more!