Python Programming

Security Leftovers

Security updates for Monday Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt).

Getting Started in Cybersecurity Interested in learning more about cybersecurity? Whether you’re considering specializing in the field or want to round out your current job skills through courses and certification, this article will provide tips and resources to help you get started.

Digital Security Is as Easy as PGP Average computer users would be forgiven for not having any idea what PGP is. There is so much going on below the surface of the modern computing experience that even critically important security tools like PGP are tucked away. To be sure, there are specialized circles that make regular explicit use of PGP. Diligent Linux users would have at least a passing familiarity with PGP, since the fact that manufacturers didn’t install our OS for us means we have to verify its integrity ourselves. Otherwise, if your work doesn’t touch on information security, PGP would understandably be a mystery to you. But like I said, it is no less important for this reality. In fact, PGP played a significant part in why we have secure communications on the Internet. This actually isn’t because it’s widely used, although it definitely is utilized in software installation utilities the world over. Rather, its significance stems from its defiant challenge to an overzealous government that sought to compromise encryption long before most Americans used the Internet regularly. My aim in treating PGP here is twofold. The first is to shed some light on it for the uninitiated. The second, and more importantly, is to teach the daring among you how to wield this powerful tool. Hopefully, you found your way here after reading my security guide. If not, check out the last installment, and you will see that PGP can be useful in certain high-stakes threat scenarios. Before we proceed, keep in mind that, as with any tool, the usefulness of PGP adheres to the network effect. Its practicability is extremely limited due to scant adoption software development circles. If you seek to apply PGP toward interpersonal communication, those you communicate with must do the same.

Telegram updated to 2.3.0 Telegram is an open source, multiplatform, modern and free graphical application that allows any Linux user to easily and quickly talk with friends, co-workers and family members who use the Telegram messenger, from the comfort of their GNU/Linux desktops.

Ian Jackson: Doctrinal obstructiveness in Free Software

Any software system has underlying design principles, and any software project has process rules. But I seem to be seeing more often, a pathological pattern where abstract and shakily-grounded broad principles, and even contrived and sophistic objections, are used to block sensible changes. [...] I could come up with a lot more examples of other projects that have exhibited similar arrogance. It is becoming a plague! But every example is contentious, and I don't really feel I need to annoy a dozen separate Free Software communities. So I won't make a laundry list of obstructiveness. If you are an upstream software developer, or a distributor of software to users (eg, a distro maintainer), you have a lot of practical power. In theory it is Free Software so your users could just change it themselves. But for a user or downstream, carrying a patch is often an unsustainable amount of work and risk. Most of us have patches we would love to be running, but which we haven't even written because simply running a nonstandard build is too difficult, no matter how technically excellent our delta. As an upstream, it is very easy to get into a mindset of defending your code's existing behaviour, and to turn your project's guidelines into inflexible rules. Constant exposure to users who make silly mistakes, and rudely ask for absurd changes, can lead to core project members feeling embattled. But there is no need for an upstream to feel embattled! You have the vast majority of the power over the software, and over your project communication fora. Use that power consciously, for good. I can't say that arrogance will hurt you in the short term. Users of software with obstructive upstreams do not have many good immediate options. But we do have longer-term choices: we can choose which software to use, and we can choose whether to try to help improve the software we use. After reading Colin's experience, I am less likely to try to help improve the experience of other PostgreSQL users by contributing upstream. It doesn't seem like there would be any point. Indeed, instead of helping the PostgreSQL community I am now using them as an example of bad practice. I'm only half sorry about that.