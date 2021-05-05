Language Selection

Security Leftovers

Wednesday 2nd of June 2021
Security
  • Producing a trustworthy x86-based Linux appliance

    Let's say you're building some form of appliance on top of general purpose x86 hardware. You want to be able to verify the software it's running hasn't been tampered with. What's the best approach with existing technology?

    Let's split this into two separate problems. The first is to do as much as we can to ensure that the software can't be modified without our consent[1]. This requires that each component in the boot chain verify that the next component is legitimate. We call the first component in this chain the root of trust, and in the x86 world this is the system firmware[2]. This firmware is responsible for verifying the bootloader, and the easiest way to do this on x86 is to use UEFI Secure Boot. In this setup the firmware contains a set of trusted signing certificates and will only boot executables with a chain of trust to one of these certificates. Switching the system into setup mode from the firmware menu will allow you to remove the existing keys and install new ones.

  • Garrett: Producing a trustworthy x86-based Linux appliance

    Matthew Garrett has written up the long, complex series of steps required to build an x86 device that only boots code that the creator wants to run there.

  • What is Whale Phishing – Linux Hint

    Whaling or whale phishing attacks are a type of social engineering attack directed against specific wealthy individuals. The term whale phishing implies victims belong to strategic positions, usually economically.

    This is the main difference between whaling or whale phishing attacks and other types of phishing attacks, usually launched massively.

    Whale phishing or whaling is a type of digital fraud through social engineering which encourages victims to take a specific action, such as delivering funds to an attacker’s account. Whale phishing attacks are growing popular among scammers.

  • Security updates for Wednesday

    Security updates have been issued by Debian (squid), Fedora (dhcp), openSUSE (gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly and slurm), Oracle (glib2 and kernel), Red Hat (kernel, kernel-rt, perl, and tcpdump), Scientific Linux (glib2), SUSE (bind, dhcp, lz4, and shim), and Ubuntu (dnsmasq, lasso, and python-django).

  • Live Patching Requires Reproducible Builds – and Containers Are the Answer

    We know that live patching has real benefits because it significantly reduces the downtime associated with frequent patching. But live patching is relatively difficult to achieve without causing other problems and for that reason live patching is not implemented as frequently as it could be. After all, the last thing sysadmins want is a live patch that crashes a system.

    Reproducible builds are one of the tools that can help developers to implement live patching consistently and safely. In this article, I explain why reproducible builds matter for live patching, what exactly reproducible builds are, and how containers are coming to the rescue.

  • PGPainless 0.2 Released!

    I’m very proud and excited to announce the release of PGPainless version 0.2! Since the last stable release of my OpenPGP library for Java and Android 9 months ago, a lot has changed and improved! Most importantly development on PGPainless is being financially sponsored, so I was able to focus a lot more energy into working on the library. I’m very grateful for this opportunity

Krita and KDE Itinerary

  • 8 Best Free Graphics Editors for Creating Vector Images

    Krita is an open-source graphics editor that has historically specialized in raster graphics editing. However, an update in Krita 4.0 meant that it’s had an overhaul of the vector tools at its disposal and has become a pretty handy app for the creation of vector graphics. You can create vector layers, draw all kinds of special shapes, and use the calligraphy and text tool to make more bespoke vectors resembling brush strokes and other fine shapes. A big part of Krita’s recent development has been its move from the ODG to the more popular SVG file format, which makes it much more versatile for importing and exporting vector graphics.

  • [Krita art] Process for panels on episode 35
  • April/May in KDE Itinerary

    With travel remaining problematic, we mainly used the time since the previouls summary blog for a number of improvements on foundational infrastructure KDE Itinerary relies on.

Audiocasts/Shows: FLOSS Weekly, Coder Radio, mintCast and More

  • FLOSS Weekly 632: From BASH To Cryptocurrency - Brian J. Fox

    The story of the bash shell begins with Brian Fox, who wrote the original, and it continues on this show packed with interesting forays into the achievements and challenges of free software and open source. In conversation with Doc Searls and Jonathan Bennett, Fox also unpacks the thinkings and workings behind the Orchid VPN, and all the primary and secondary effects of simply making one's work maximally useful.

  • Paleofetch: Imagine A Suckless Style Neofetch

    The dev archived the repo before I could upload this, still uploading because it's cool. There are tons of fetch applications out there, the most notable being neofetch but it's quite slow, so today we're looking at Paleofetch a fetch application written in C, that you're intended to modify in the Suckless sort of manor.

  • Strange Voltron of Hell | Coder Radio 416

    Mike's unique take on the bold promises made at MS Build this year, and the one item he REALLY wants announced at WWDC next week. Plus a batch of your emails, a little proxy war, and more!

  • mintCast 362 – The Takeover

    First up, in our Wanderings, I’ve been system building, Joe has been playing with his new 3D printer, Bo has range anxiety and Tony has been learning about creating YouTube videos Then in our news, Freenode taken over by Andrew Lee and Ubuntu and Fedora abandon ship, Material Shell for Gnome 40, Fedora 32 is end of life, and more In security, a Linux rootkit that shows its face…fish.

  • Muse unsettles Audacity developers with new license plans
  • MORE changes at Audacity.

    Look, the idea of a Contributor License Agreement makes sense. But there should definitely be provisions in any CLA worth its salt that any license chosen in the future will conform to the definition of "free software."

  • Special Live Event From The New Office - DT LIVE

    This special live event will be the first live stream from the new office, assuming we don't have any networking issues. I will talk about the move, the equipment, some of the challenges I've encountered so far. I will also share my thoughts on a number of Linux-related topics and interact with you guys hanging out in the YouTube chat.

Firefox Latest and Death of Chrome Apps

  • Firefox 89: The New Contributors To MR1 – about:community

    Firefox 89 would not have been possible without our community, and it is a great privilege for us to thank all the developers who contributed their first code change to MR1, 44 of whom were brand new volunteers!

  • Data@Mozilla: This week in Glean: Glean Dictionary updates

    Lots of progress on the Glean Dictionary since I made the initial release announcement a couple of months ago. For those coming in late, the Glean Dictionary is intended to be a data dictionary for applications built using the Glean SDK and Glean.js. This currently includes Firefox for Android and Firefox iOS, as well as newer initiatives like Rally. Desktop Firefox will use Glean in the future, see Firefox on Glean (FoG).

  • Mozilla Security Blog: Updating GPG key for signing Firefox Releases

    Mozilla offers GPG signing to let you verify the integrity of our Firefox builds. GPG signatures for Linux based builds are particularly important, because it allows Linux distributions and other repackagers to verify that the source code they use to build Firefox actually comes from Mozilla. We regularly rotate our GPG signing subkey — usually every two years — to guard against the unlikely possibility that the key has been leaked without our knowledge. Last week, such a rotation happened, and we switched over to the new signing subkey. The new GPG subkey’s fingerprint is 14F2 6682 D091 6CDD 81E3 7B6D 61B7 B526 D98F 0353, and will expire on 2023-05-17.

  • Chrome Apps support on Chrome OS, Windows, Mac & Linux soon coming to an end: Here’s what you should know

    Chrome Apps were first introduced back in 2013. It was an ambitious project that aimed to make app development much easier for developers since a single app could work on almost every platform that supported the Google Chrome browser.

LibreOffice: Print Dialog, Recap, and ODF

