Language Selection

English French German Italian Portuguese Spanish

Interview with Linux security expert Kurt Seifried

Filed under
Interviews

Linux.com readers might know Kurt Seifried as the author of the Linux Administrators' Security Guide or proprietor of the popular security mailing list. In this interview, he gives his views on how security in Linux has been stacking up and where it's lacking, what users can do to secure their systems, and whether every admin needs to know much about security.

Over the years Seifried has made a name for himself in the world of Linux security, and he's not resting on past accomplishments. He's part of the technical team at iDefense/Verisign, which he says "allows me to spend most of my time keeping on top of all the current security threats." Seifried is also working on a new site called RiskBloggers.com, a blog/magazine with articles on security and risk.

Linux.com: Is it true that you're planning to launch a Linux-specific security list soon?

Kurt Seifried: Yeah, "as soon as I have time"™ . It'll basically be all the vendor lists (Debian, Slackware, etc.) collated into one, so there will be a lot of overlap since they tend to ship the same software, but since some vendors are faster than others for shipping security updates, it'll also provide a heads up.

Lc: Linux has been around for a good 15 years now. How has the area of Linux security changed in that time?

Full Story.

More in Tux Machines

NHS open-source Spine 2 platform to go live next week

Last year, the NHS said open source would be a key feature of the new approach to healthcare IT. It hopes embracing open source will both cut the upfront costs of implementing new IT systems and take advantage of using the best brains from different areas of healthcare to develop collaborative solutions. Meyer said the Spine switchover team has “picked up the gauntlet around open-source software”. The HSCIC and BJSS have collaborated to build the core services of Spine 2, such as electronic prescriptions and care records, “in a series of iterative developments”. Read more

What the Linux Foundation Does for Linux

Jim Zemlin, the executive director of the Linux Foundation, talks about Linux a lot. During his keynote at the LinuxCon USA event here, Zemlin noted that it's often difficult for him to come up with new material for talking about the state of Linux at this point. Every year at LinuxCon, Zemlin delivers his State of Linux address, but this time he took a different approach. Zemlin detailed what he actually does and how the Linux Foundation works to advance the state of Linux. Fundamentally it's all about enabling the open source collaboration model for software development. "We are seeing a shift now where the majority of code in any product or service is going to be open source," Zemlin said. Zemlin added that open source is the new Pareto Principle for software development, where 80 percent of software code is open source. The nature of collaborative development itself has changed in recent years. For years the software collaboration was achieved mostly through standards organizations. Read more

Arch-based Linux distro KaOS 2014.08 is here with KDE 4.14.0

The Linux desktop community has reached a sad state. Ubuntu 14.04 was a disappointing release and Fedora is taking way too long between releases. Hell, OpenSUSE is an overall disaster. It is hard to recommend any Linux-based operating system beyond Mint. Even the popular KDE plasma environment and its associated programs are in a transition phase, moving from 4.x to 5.x. As exciting as KDE 5 may be, it is still not ready for prime-time; it is recommended to stay with 4 for now. Read more

diff -u: What's New in Kernel Development

One problem with Linux has been its implementation of system calls. As Andy Lutomirski pointed out recently, it's very messy. Even identifying which system calls were implemented for which architectures, he said, was very difficult, as was identifying the mapping between a call's name and its number, and mapping between call argument registers and system call arguments. Some user programs like strace and glibc needed to know this sort of information, but their way of gathering it together—although well accomplished—was very messy too. Read more