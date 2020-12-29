Security: Patching, Voting and More
Security updates for Thursday
Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).
Minimizing cyberattacks by managing the lifecycle of non-human workers
The number of non-human workers is growing, particularly as global organizations increasingly prioritize cloud computing, DevOps, IoT devices, and other digital transformation initiatives. Yet, organizations frequently only apply access controls to humans (employees, contractors, etc.), despite the risks associated with cyberattacks and data breaches linked to non-human workers and their privileged access to sensitive information.
The Mozilla Blog: Why getting voting right is hard, Part IV: Absentee Voting and Vote By Mail
As with in-person voting, the basic idea behind securing mail-in ballots is to tie each ballot to a specific registered voter and ensure that every voter votes once.
If we didn’t care about the secrecy of the ballot, the easy solution would be to give every voter a unique identifier (Operationally, it’s somewhat easier to instead give each ballot a unique serial number and then keep a record of which serial numbers correspond to each voter, but these are largely equivalent). Then when the ballots come in, we check that (1) the voter exists and (2) the voter hasn’t voted already. When put together, these checks make it very difficult for an attacker to make their own ballots: if they use non-existent serial numbers, then the ballots will be rejected, and if they use serial numbers that correspond to some other voter’s ballot then they risk being caught if that voter voted. So, from a security perspective, this works reasonably well, but it’s a privacy disaster because it permanently associates a voter’s identity with the contents of their ballots: anyone who has access to the serial number database and the ballots can determine how individual voters voted.
The solution turns out to be to authenticate the envelopes not the ballots. The way that this works is that each voter is sent a non-unique ballot (i.e., one without a serial number) and then an envelope with a unique serial number. The voter marks their ballot, puts it in the envelope and mails it back. Back at election headquarters, election officials perform the two checks described above. If they fail, then the envelope is sent aside for further processing. If they succeed, then the envelope is emptied — checking that it only contains one ballot — and put into the pile for counting.
This procedure provides some level of privacy protection: there’s no single piece of paper that has both the voter’s identity and their vote, which is good, but at the time when election officials open the ballot they can see both the voter’s identity and the ballot, which is bad. With some procedural safeguards it’s hard to mount a large scale privacy violation: you’re going to be opening a lot of ballots very quickly and so keeping track of a lot of people is impractical, but an official could, for instance, notice a particular person’s name and see how they voted.1 Some jurisdictions address this with a two envelope system: the voter marks their ballot and puts it in an unmarked “secrecy envelope” which then goes into the marked envelope that has their identity on it. At election headquarters officials check the outer envelope, then open it and put the sealed secrecy envelope in the pile for counting. Later, all of the secrecy envelopes are opened and counted; this procedure breaks the connection between the user’s identity and their ballot.
GTK/GNOME: Changes in GNOME Shell and GNOME 40, GErrors in GLib
Looking to Ditch WhatsApp? Here are 5 Better Privacy Alternatives to WhatsApp
After the latest WhatsApp privacy policy updates, many users who trusted the service seem to be making the switch to alternatives like Signal. Even though WhatsApp tries to clarify and re-assure the change in the policies, users have made their mind while considering the benefits of using privacy alternatives to WhatsApp. But, what are some useful and impressive alternatives to WhatsApp? In this article, let us take a look at some of the best options. [...] Signal is the best blend of open-source and privacy. They’ve improved a lot over the years and is safe to assume as a perfect alternative to WhatsApp. You get almost every essential feature compared to WhatsApp. However, just because it does not store your data, you may not be able to access all the messages of your smartphone on Desktop. In addition to that, it relies on local backup (which is protected by a passphrase) instead of cloud backups. So, you will have to head to the settings, start the backup, safely copy the passcode of the backup, check where the local backup gets stored, and make sure you don’t delete it.
Bullseye freeze
Bullseye is freezing! Yay! (And Trondheim is now below -10.) It's too late for that kind of change now, but it would have been nice if plocate could have been default for bullseye... It seems that since buster, there's an override in place to change its priority away from standard, and I haven't been able to find anyone who could tell me why. (It was known that it was request moved away from standard for cloud images, which makes a lot of sense, but not for desktop/server images.)
Top 7 Free Multi-Platform PDF Editors
The recent rise in popularity of eBooks has led to the emergence of several different file formats, of which the most popular and the most widely used is the Portable Document Format, or PDF for short. PDFs are one of the most reliable and efficient formats of documents that can easily be shared across computer systems. These files are also secure enough to prevent people from easily updating file contents. This article looks at seven of the best PDF Editors available on all major platforms. [...] Scribus is a free and open-source publishing software that is available for Windows, Linux, and macOS. Scribus provides several different PDF editing tools to users, of which the most notable features include highlighting, moving, and adding text; creating PDFs and lists; and making PDF files more interactive by adding text fields, checkboxes, and more. This is a property unique to Scribus, setting it apart from other PDF editors in this list.
