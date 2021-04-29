Security leftovers
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (libimage-exiftool-perl and postgresql-9.6), Fedora (chromium, exiv2, firefox, kernel, kernel-headers, kernel-tools, mariadb, and python-impacket), Mageia (avahi), openSUSE (chromium, drbd-utils, dtc, ipvsadm, jhead, nagios, netdata, openvpn, opera, prosody, and virtualbox), Slackware (libxml2), SUSE (kernel and lz4), and Ubuntu (intel-microcode, python-eventlet, and rust-pleaser).
Dominique Dumont: Important bug fix for OpenSsh cme config editor
The new release of Config::Model::OpenSsh fixes a bugs that impacted experienced users: the order of Hosts or Match sections is now preserved when writing back ~/.ssh/config file.
Why does this matter ?
Well, the beginning of ssh_config man page mentions that “For each parameter, the first obtained value will be used.” and “Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.“.
Looks like I missed these statements when I designed the model for OpenSsh configuration: the Host section was written back in a neat, but wrong, alphabetical order.
[...]
This is now fixed with Config::Model::OpenSsh 2.8.4.3 which is available on cpan and in Debian/experimental.
PGP Encryption: How It Works and How You Can Get Started - Make Tech Easier
Don’t let the name “Pretty Good Privacy” mislead you. PGP encryption is the gold standard for encrypted communication and has been used by everyone from nuclear activists to criminals since its invention in 1991. While the execution is complex, the concept is simple: you can encrypt text, making it unreadable to anyone who doesn’t have the key to decode it.
Try This One Weird Trick Russian Hackers Hate [Ed: KrebsOnSecurity cannot tell the difference between crackers and hackers even in 2021?]
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.
[...]
Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online.
But is there really a downside to taking this simple, free, prophylactic approach? None that I can see, other than perhaps a sinking feeling of capitulation. The worst that could happen is that you accidentally toggle the language settings and all your menu options are in Russian.
If this happens (and the first time it does the experience may be a bit jarring) hit the Windows key and the space bar at the same time; if you have more than one language installed you will see the ability to quickly toggle from one to the other. The little box that pops up when one hits that keyboard combo looks like this...
T2 Linux 21.5 "Because we can" for 18 architectures
Today the T2 System Development Environment Linux 21.5 was released with an even larger amount of supported, 18 pre- and cross-compiled set of architectures ever: alpha, arm, arm64, hppa, ia64, m68k, mips64, mipsel, ppc, ppc64-32, ppc64le, riscv, riscv64, s390x, sparc64, superh, x86, and x86-64. Major performance improemvnts were implemented, including: not yet upstream x86 concurrent TLB flushing, faster in-kernel zstd update as well as smarter (profile guided Os vs O3) whole system optimizations! The 21.5 release received updates across the board, while a major point of work was the GCC 11 update as well as re-basing and fixing upstream regressions for the Sony PS3 support as well as various small improvements, including an up to 15 seconds faster system shutdown when using sysvinit. All 18 official ISO images are fully cross compiled! Over 224 Subversion revisions, of which many are now AI updated by our nightly package bot we named “Data” ;-) Usually most packages are up-to-date, including Linux 5.12.4, GCC 11.0, LLVM/Clang 12, as well as the latest version of X.org, Mesa, Firefox, Rust, KDE and GNOME 40! More information, source and binary downloads are open source and free at: https://t2sde.org Recently the development can also be followed live on YouTube at: https://youtube.com/morerenerebe There were 224 changesets with 251 lines of commit messages. Approximately 132 packages got updates, 25 issues fixed, 132 packages or features added and 10 removed. Multiple improvements have been committed.
GeckoLinux Switches to Btrfs by Default, Now Offers GNOME 40.1, LXQt 0.17, and Budgie 10.5.3
GeckoLinux ROLLING 999.210517 editions are now available for download built with unmodified openSUSE Tumbleweed and Packman packages, and they come with a major change for those who want to install this desktop-oriented distribution, namely using Btrfs as default filesystem for the guided installation. While Btrfs is now the default file system for new installations, your existing GeckoLinux ROLLING installation won’t be affected the next time you update your system. Also, if you want to install GeckoLinux with another file system, you can select from the various supported filesystem via the custom partitioning option.
GeckoLinux ROLLING 999.210517 released
GeckoLinux is pleased to announce updates to its complete lineup of ROLLING spins, which are proudly built with unmodified openSUSE Tumbleweed and Packman packages from those projects' own repositories.
Please download GeckoLinux from https://geckolinux.github.io and find more information about what makes GeckoLinux different from openSUSE. Thanks a lot, have fun!
This release offers several quality of life improvements for GeckoLinux ROLLING users. By majority vote, the default filesystem for the various Calamares guided installation options is now Btrfs with transparent Zstd data compression. Of course, all other modern Linux filesystems are also still supported via the custom partitioning option. Additionally, zRAM swap is enabled out of the box, and the EarlyOOM daemon is also enabled to help prevent unrecoverable system freezes in low memory situations. For users of new Ryzen hardware the
This set of GeckoLinux ROLLING spins also includes a plethora of new software directly from the openSUSE Tumbleweed repositories. The Linux kernel is currently at version 5.12.3, and all GeckoLinux editions feature Firefox 88. Current desktop environment versions include the following:
GeckoLinux ROLLING spins are generated directly from unmodified openSUSE Tumbleweed and Packman repositories, and the installed system can be updated directly from those official sources. GeckoLinux continues to be focused on eliminating pain points and polishing its unique out-of-the-box configuration on top of the stable and flexible openSUSE base. Proprietary media formats play out of the box, and additional user-installed multimedia applications work automatically with restricted media codecs thanks to the prioritized inclusion of the Packman repository. Proprietary hardware driver and firmware support has also been included as much as possible. Google and Skype repositories are also configured out-of-the-box for optional user installation of proprietary applications from those vendors. Third-party RPM packages can be easily installed using the graphical YaST package manager, and various configuration tweaks are included to modify openSUSE's default package management behavior. GeckoLinux uses the Calamares system installer, providing easy but powerful options for reliable installation of the live system.
Please download GeckoLinux from https://geckolinux.github.io and find more information about what makes GeckoLinux different from openSUSE. Thanks a lot, have fun!
Android Leftovers
