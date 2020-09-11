Security: TSL, Keys, Patches and KeePassXC
On public TLS certificates lifetime
Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not. This clients’ freedom makes the whole situation very messy since every client can decide their own set, and a subset of the options accepted by every client can be very small if not empty.
Since the various CAs are different companies (and often competing among themselves), the problem of coordination is not a new one. In 2005, Melih Abdulhayoğlu, founder and CEO of Comodo Security, proposed to create a voluntary consortium of Certificate Authorities, browser creators, and other companies related to the Public Key Infrastructure (PKI). In November 2005, the first meeting of The Certification Authority/Browser Forum (CA/Browser Forum) took place in New York.
Since the large majority of PKI stakeholders are represented in the CA/Browser Forum , it is in a unique position to be able to mediate the stakeholders’ wishes and to create guidelines that are then (voluntary) followed by everyone.
To ensure that everyone’s interests (with additional focus on CAs interests) were preserved, to pass any ballot, a proposal has to obtain at least 66.6% of positive votes from the CAs and at least 50% of positive votes from the browsers.
Protecting Keys to the Kingdom with Automated Key Management
Security updates for Monday
Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, python-Flask-Cors, and slurm), Oracle (.NET Core 3.1, dovecot, go-toolset:ol8, httpd:2.4, and kernel), Red Hat (dovecot, httpd24-httpd, httpd:2.4, and mysql:8.0), and Slackware (thunderbird).
KeePassXC is An Amazing Community Driven Open Source Password Manager [Not Cloud Based]
KeePassXC is a community fork of KeePassX which aims to be a cross-platform port for KeePass Password Safe (available for Windows). It is completely free to use and cross-platform as well (Windows, Linux, and macOS)
In fact, it is one of the best password managers for Linux out there. It features options for both newbies and power users who want advanced controls to secure their password database on their system.
Yes, unlike my favorite Bitwarden password manager, KeePassXC is not cloud-based and the passwords never leave the system. Some users do prefer to not save their passwords and secrets in cloud servers.
You should find all the essential features you will ever need on a password manager when you start using it. But, here, to give you a head start, I’ll highlight some features offered.
Programming Leftovers
Kernel: Proprietary Hyper-V, New Stuff, KVM and More
Radeon GPU Profiler 1.8 Released With Redesigned Developer Panel
AMD today released a new version of their Radeon GPU Profiler utility for Linux and Windows systems for profiling games/applications on Radeon graphics hardware under both Linux and Windows. Among the changes with this new Radeon GPU Profiler 1.8 release include: - Support for Ubuntu 20.04 LTS. However, Radeon GPU Profiler continues to require AMDGPU-PRO Vulkan rather than Mesa's RADV Vulkan.
Mozilla Addons Blog: Extensions in Firefox 81
In Firefox 81, we have improved error messages for extension developers and updated user-facing notifications to provide more information on how extensions are modifying their settings. For developers, the menus.create API now provides more meaningful error messages when supplying invalid match or url patterns. This updated message should make it easier for developers to quickly identify and fix the error. In addition, webNavigation.getAllFrames and webNavigation.getFrame will return a promise resolved with null in case the tab is discarded, which is how these APIs behave in Chrome. Also: Mozilla applauds TRAI for maintaining the status quo on OTT regulation, upholding a key aspect of net neutrality in India
