Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Flaws and Chromium Update on Slackware

Filed under
Security
  • Security updates for Monday
  • Lessons From Global Cybersecurity Breaches For Your Next M&A
  • Cryptocurrency attack thwarted by npm team

    Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.

    The attacker injected malicious code into Agama, a cryptocurrency wallet created by Komodo. If successful, they could have stolen around $13m of Komodo’s KMD cryptocurrency, which is a privacy-centric coin. Luckily, they were thwarted by quick action from both Komodo and software repository npm.

  • Firefox fires blocks at trackers, Exim tackles 7-day remote flaw, and RDP pops up yet again

    Are you running the latest version (4.9.2) of Exim on your Linux box? If so, you can go ahead and skip down to the next item, because you're already clear of danger.

    Everyone else may want to consider updating, because older versions of the Linux mail server have been found to contain a command execution vulnerability that has now been confirmed to be remotely exploitable.

    The bug, initially thought only to be locally exploitable, was first addressed in February of this year when the latest Exim build was released. At the time, it was not considered to be a major security issue, but rather a minor bug that wouldn't need to be addressed in older versions.

  • Chromium 75 available as Slackware packages (32bit and 64bit)

    The Chromium 75 sources were released last week by Google, and this new major release contains 42 fixes for security issues. A couple of them are serious enough that you are encouraged to update to the new 75 release ASAP.

    In terms of functionality, not much changed in Chromium 75, but there is one interesting addition that you may want to try if you read a lot of content online. It’s called “Reader Mode” and is still disabled by default, You can enable it through the Chrome flag “chrome://flags/#enable-reader-mode“. The reader mode strips away page clutter like buttons, background images and changes the page layout for better readability.

More in Tux Machines

Crostini/Google Update

  • Acer Chromebook R 13

    It has Android Apps (Google Play) and Linux Apps (crostini) support and it will receive auto-updates until September 2021.

  • HP Chromebook x360 14

    It has Android Apps (Google Play) and Linux Apps (crostini) support and it will receive auto-updates until June 2024.

  • Linux disk resizing on Chromebooks pushed back to Chrome OS 78

    Back in March, I reported on an effort that would enable resizing of the Linux partition for Crostini-supported Chromebooks. At that time, I expected the feature to land in Chrome OS 75. I’ve checked for the feature now that Chrome OS 75 is available (again) and it’s nowhere to be seen. That’s because it was recently pushed back to Chrome OS 78. [...] However, other aspects need to be considered: Storage of large media files, for example, or enabling Google Drive synchronization with the Chrome OS Files app for offline file access. And then there are Android apps, so of which – particularly games – can require one or two gigabytes of space. So far, I haven’t run into any storage issues on my Pixel Slate with 128 GB of data capacity. But it’s easy to see that the Linux container is using up the bulk of my tablet’s storage: As I understand it, /dev/vdb is the Crostini container with Linux, which is 88 GB in size with 58 GB free.

Software: Maestral, GLava and Pitivi

  • Maestral Is A New Open Source Dropbox Client For Linux And macOS

    Maestral is a new open source Dropbox client for macOS and Linux, that's currently in beta. It can be used both with and without a GUI, and it was created with the purpose of having a Dropbox client that supports folder syncing to drives which use filesystems like Btrfs, Ext3, ZFS, XFS or encrypted filesystems, which are no longer supported by Dropbox.

  • GLava – OpenGL audio spectrum visualizer for desktop windows or backgrounds

    Over the past few months, I’ve written lots of reviews of open source audio software, focusing mainly on music players. Linux has a mouthwatering array of open source multimedia tools, so I’m going to turn my attention wider afield from music players. Let’s start with some multimedia candy. GLava is an OpenGL audio spectrum visualizer for Linux. An audio visualizer works by extracting waveform and/or frequency information from the audio and feeds this information through some display rules, which produces what you see on the screen. The imagery is usually generated and rendered in real time and in a way synchronized with the music as it is played. GLava makes a real-time audio visualizer appear as if it’s embedded in your desktop background, or in a window. When displayed as the background, it’ll display on top of your wallpaper, giving the appearance of a live, animated wallpaper. GLava is a simple C program that sets up the necessary OpenGL and Xlib code for sets of 2D fragment shaders. The software uses PulseAudio to sync the desktop visualizer with any music source.

  • Millan Castro: GSoC: First month working in Pitivi

    Pitivi is a video editor, free and open source. Targeted at newcomers and professional users, it is minimalist and powerful. This summer I am fortunate to collaborate in Pitivi development through Google Summer of Code. My goal is to implement an interval time system, with the support of Mathieu Duponchell, my menthor, and other members of the Pitivi community. An interval time system is a common tool in many video editors. It will introduce new features in Pitivi. The user will be able to set up a range of time in the timeline editor, playback specific parts of the timeline, export the selected parts of the timeline, cut or copy clips inside the interval and zoom in/out the interval. Mi proposal also includes the design of a marker system to store information at a certain time position.

today's howtos

SAMBA versus SMB: Adversarial Interoperability is Judo for Network Effects

Before there was Big Tech, there was "adversarial interoperability": when someone decides to compete with a dominant company by creating a product or service that "interoperates" (works with) its offerings. In tech, "network effects" can be a powerful force to maintain market dominance: if everyone is using Facebook, then your Facebook replacement doesn't just have to be better than Facebook, it has to be so much better than Facebook that it's worth using, even though all the people you want to talk to are still on Facebook. That's a tall order. Adversarial interoperability is judo for network effects, using incumbents' dominance against them. To see how that works, let's look at a historical example of adversarial interoperability role in helping to unseat a monopolist's dominance. The first skirmishes of the PC wars were fought with incompatible file formats and even data-storage formats: Apple users couldn't open files made by Microsoft users, and vice-versa. Even when file formats were (more or less) harmonized, there was still the problems of storage media: the SCSI drive you plugged into your Mac needed a special add-on and flaky driver software to work on your Windows machine; the ZIP cartridge you formatted for your PC wouldn't play nice with Macs. But as office networking spread, the battle moved to a new front: networking compatibility. AppleTalk, Apple's proprietary protocol for connecting up Macs and networked devices like printers, pretty much Just Worked, providing you were using a Mac. If you were using a Windows PC, you had to install special, buggy, unreliable software. And for Apple users hoping to fit in at Windows shops, the problems were even worse: Windows machines used the SMB protocol for file-sharing and printers, and Microsoft's support for MacOS was patchy at best, nonexistent at worst, and costly besides. Businesses sorted themselves into Mac-only and PC-only silos, and if a Mac shop needed a PC (for the accounting software, say), it was often cheaper and easier just to get the accountant their own printer and backup tape-drive, rather than try to get that PC to talk to the network. Likewise, all PC-shops with a single graphic designer on a Mac—that person would often live offline, disconnected from the office network, tethered to their own printer, with their own stack of Mac-formatted ZIP cartridges or CD-ROMs. [...] Someone attempting to replicate the SAMBA creation feat in 2019 would likely come up against an access control that needed to be bypassed in order to peer inside the protocol's encrypted outer layer in order to create a feature-compatible tool to use in competing products. Another thing that's changed (for the worse) since 1993 is the proliferation of software patents. Software patenting went into high gear around 1994 and consistently gained speed until 2014, when Alice v. CLS Bank put the brakes on (today, Alice is under threat). After decades of low-quality patents issuing from the US Patent and Trademark Office, there are so many trivial, obvious and overlapping software patents in play that anyone trying to make a SAMBA-like product would run a real risk of being threatened with expensive litigation for patent infringement. Read more