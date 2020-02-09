Language Selection

Security: systemd, Elector app, IPFire, Patches, "Myths and Facts" (FUD)

Monday 10th of February 2020
Security
  • Limit the impact of security compromises with systemd security directives

    Three weeks ago, I wrote systemd service sandboxing and security hardening 101: an introduction to Linux security features for service processes managed by systemd.

    This week, I’ll explore how you can use some of the more advanced security features offered by systemd. You’ll want to read the 101-introduction before proceeding with this article.

    Last week, researchers at Qualys disclosed a remote code execution (RCE) vulnerability in OpenSMTPD: an open-source email server. This seems like an opportune time to make sure you’ve locked down this service. It will serve as our example service for this tutorial.

    Most parts of OpenSMTPD is designed to run in unprivileged processes. However, this was a “worst-case scenario”, as Gilles Chehade put it. The vulnerability lets attackers execute remote commands with full administrative privileges. Remotely executed arbitrary code running rampant is the last thing you want on your email server.

  • App Used by Netanyahu's Likud Leaks Israel's Entire Voter Registry

    Names, identification numbers and addresses of over 6 million voters were leaked through the unsecured Elector app

  • Where did Core Update 140 go?

    You will have seen that we have just release an announcement for testing the next release of IPFire - IPFire 2.25 - Core Update 141. The major release number has changed as well as a Core Update has been skipped. But why?

    Rolling, rolling, rolling...

    IPFire is a rolling release. There are very few, but some systems that have been updated all the way through since 2007, when the first release of IPFire 2 was published. Despite some bugs during the update process, it is never necessary to reinstall your firewall. And why would you do that? We have replaced the whole base system underneath it not only once, but countless times.

    IPFire is a modern distribution with its roots somewhere in the past. However, sometimes we need to break things. On purpose. We have removed old crypto that is dangerously broken and we have removed features that virtually nobody has been using any more - simply because the world looked different in 2007 than in 2017.

    Bump to IPFire 2.25

    This time, the reason for bumping the release to 2.25 is that we have upgraded to GCC 9. A new compiler brings some new libraries and changes some other things that are not backwards-compatible. So add-ons compiled with the new compiler won't work on older systems. We create a new directory on the server with everything compiled with the new compiler every time this happens. It is as simple as that.

  • Security updates for Monday

    Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, and wicked), and Ubuntu (libxml2 and qtbase-opensource-src).

  • Open-Source Security in 2020: Myths and Facts

    Open-source software isn’t a completely chaotic and breached wasteland of vulnerabilities. It’s a global effort to make the development lifecycle faster.

    Open-source components are publicly-made codebases. Some are created and maintained by experienced developers and companies, while others are created by beginners. Open-source components are often used in enterprise software, for the purpose of reducing development time. However, the security aspect of these components isn’t always clear.

    [...]

    Open-source software is software with publicly accessible code. It is generally freely available for use and developed and maintained through community collaboration. The most commonly known example of open-source software is Linux, but many applications and systems use open-source components.

    The difference between open-source software and proprietary software is reflected in its licensing, liability, and cost.

MATE 1.24 released

After about a year of development, the MATE Desktop team have finally released MATE 1.24. A big thank you to all contributors who helped to make this happen. This release contains plenty of new features, bug-fixes, and general improvements. Some of the most important highlights include... Read more

Outreachy: Anisa Kuci at FOSDEM 2020 & Outreachy Summer 2020 Openings

  • FOSDEM 2020

    As many other people, this year I attended FOSDEM. For the ones that might not be familiar with the name, FOSDEM is the biggest free software developers gathering in Europe, happening every year in Brussels, Belgium. This year I decided to attend again as it is an event I have really enjoyed the last two times I have attended during the past years. As I am currently doing my Outreachy internship I found FOSDEM a very good opportunity to receive some more inspiration. My goal was to come back from this event with some ideas or motivation that would help during the last phases of my internship, as I need to work on documentation and best practices on fundraising. I also wanted to meet in person the people that I have worked with so far regarding Outreachy and discuss with them in person about organizational topics and even ask for advice. [...] My Outreachy internship finishes soon and this is also one of the reasons why my mentor supported attending FOSDEM using the Outreachy stipend. FOSDEM is huge, and you meet hundreds of people within two days, so it is a good opportunity to look for a future job. There is also a job fair booth where companies post job offers. I surely passed by and got myself some offers that I thought would be suitable for me. And the cherry on top of the cake during FOSDEM, are all the booths distributed in different buildings. I did not only meet friends from different communities, but also got to know so many new projects that I had not heard of before. And of course, got some very nice swag. Stickers and other goodies are never too much!

  • Two Weeks Are Left To Apply For An Outreachy Summer 2020 Open-Source Internship

    Accepted Outreachy interns are awarded with a $5,500 USD stipend (and $500 travel stipend) for contributing from May to August. For this round, there are six HTML/CSS projects, five JavaScript projects, four Python projects, four Git projects, and other skill-sets. This summer 2020 round includes working on Creative Commons, improving internationalization for the Guix data service, better desktop environment integration for Guix, improving Sound Open Firmware debugging, and creating a command-line runner for Wikimedia's MediaWiki maintenance tasks, among others.

Open Hardware/Boot: Coreboot, Oreboot, Bootlin

  • The Current State of AMD Zen Coreboot Support: Basically Limited To Chromebooks

    Firmware developer Michał Żygowski of embedded consulting firm 3mdeb has provided a convenient overview over the current state of AMD Coreboot support for booting with this open-source alternative to conventional proprietary BIOS.

  • Oreboot Continues Advancing For Open-Source, Rust-Based Booting On RISC-V

    Oreboot is the effort that has been taking shape over the past year as an open-source focused, Rustlang-based downstream of Coreboot. Oreboot continues advancing in its own right concurrent to the wonderful Coreboot advancements. Oreboot continues to pride itself on being as open-source as possible though acknowledging at least for now on x86 CPUs they need the likes of ME/FSP firmware. Oreboot is also still focused on using Rust code rather than C code in the name of better security and reliability.

  • Bootlin at Embedded World 2020

    Bootlin will be preent at Embedded World 2020, in Nuremberg on February 25-27. We will be present on STMicroelectronics booth in hall 4A, stand 138. We will have two demos of the STM32MP1 platform running Linux, and of course details about Bootlin services around embedded Linux and Linux kernel development and training. Three people from Bootlin will be present: Michael Opdenacker (CEO), Thomas Petazzoni (CTO) and Alexandre Belloni (embedded Linux engineer and trainer).

Android Leftovers

