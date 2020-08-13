Security Leftovers
An Average IT Org
Supply chain attacks are a known issue, and also lately there was a discussion around the relevance of reproducible builds. Looking in comparison at an average IT org doing something with the internet, I believe the pressing problem is neither supply chain attacks nor a lack of reproducible builds. The real problem is the amount of prefabricated binaries supplied by someone else, created in an unknown build environment with unknown tools, the average IT org requires to do anything.
[...]
Yes some of that is even non-free and might contain spyw^telemetry.
[...]
In the end the binary supply is like a drug for the user, and somehow the Debian project is also just another dealer / middle man in this setup. There are probably a lot of open questions to think about in that context.
Are we the better dealer because we care about signed sources we retrieve from upstream and because we engage in reproducible build projects?
Are our own means of distributing binaries any better than a binary download from github via https with a manual checksum verification, or the Debian repo at download.docker.com?
Is the approach of the BSD/Gentoo ports, where you have to compile at least some software from source, the better one?
Do I really want to know how some of the software is actually build?
NSA and FBI warn that new Linux malware threatens national security
Critical vulnerabilities in Quiz And Survey Master WordPress Plugin
Quiz and Survey Master is a WordPress plugin for creating quizzes and surveys easily on WordPress sites. It is installed on over 30,000+ websites.
Recently WordFence‘s Chloe Chamberland discovered two critical vulnerabilities in Quiz and Survey Master plugin version 7.0.
Pros & Cons of WordPress Plugins Auto-updates
WordPress has released a major update yesterday with some big changes. One of the features is the ability to apply all the plugins and themes updates automatically.
Earlier plugins updates could be automatically applied with the help of additional plugins. One popular plugin is Jetpack that can apply available updates automatically. Now WordPress 5.5 core supports auto-updates out of the box.
In this article, we will discuss the auto-update feature of WordPress. For many websites, this feature can be a lifesaver but for some, there may involve some risks.
Ubuntu MATE 20.04.1 for Raspberry Pi Now Has a Second Beta Ready for Testing
Martin Wimpress published a new beta version of the upcoming Ubuntu MATE 20.04.1 images for Raspberry Pi devices, which you can download and test right now on the tiny computer. Ubuntu MATE 20.04.1 for Raspberry Pi promises major new features, such as support for the latest Raspberry Pi 4 SCBs, better graphics, experimental USB booting, basic rendering for the Firefox web browser by default, support for the rpi-eeprom utility for updating the Raspberry Pi 4 bootloader EEPROM, and a new configuration tool. Based on the recently released Ubuntu 20.04.1 LTS (Focal Fossa) operating system, the upcoming Ubuntu MATE 20.04.1 for Raspberry Pi release is now in its latest stages of development, with a second beta version ready for public testing. Since beta 1, the team fixed Wi-Fi issues that occurred on the first boot during the initial setup wizard and dropped the gpu_mem memory option that lets you specify how much memory the GPU can use from the config.txt file for better performance. The beta 2 is also powered by the same Linux 5.4 LTS kernel used in Ubuntu 20.04.1 LTS, and uses the latest MATE 1.24 desktop environment and most the core apps that are also available in the Ubuntu MATE 20.04.1 LTS release for PCs.
Android Leftovers
Video/Audio: Feren OS 2020.07, Curl, Command Line Heroes and More Red Hat
Fedora: Kernel Testing, OpenShift OKD and Project Intern
