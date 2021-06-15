Language Selection

Security: Reproducible Builds, SELinux, and More

Monday 5th of July 2021
Security
  • Reproducible Builds: Reproducible Builds in June 2021

    Welcome to latest report from the Reproducible Builds project for June 2021. In these reports we outline the most important things that have been happening in the world of reproducible builds in the past month. As ever, if you are interested in contributing to the project, please visit the Contribute page on our website.

    [...]

    The Google Security Blog introduced a new framework called “Supply chain Levels for Software Artifacts”, or SLSA (to be pronounced as ‘salsa’). In particular, SLSA level 4 (“currently the highest level”) not only requires a two-person review of all changes but also “a hermetic, reproducible build process” due to its “many auditability and reliability benefits”. Whilst a highly welcome inclusion in Google’s requirements, by equating reproducible builds with only the highest level of supply-chain security in their list, it might lead others to conclude that only the most secure systems can benefit from the benefits of reproducible builds, whilst it is a belief of the Reproducible Builds project that many more users, if not all, can do so.

    [...]

    The NixOS Linux distribution pulled off a technical and publicity coup this month by announcing that the ISO_minimal.x86_64-Linux image is 100% reproducible. The announcement was widely discussed on Hacker News, where the article has received in excess of 200 comments.

  • Josh Bressers: Episode 278 – Could SELinux have stopped SolarWinds?

    Josh and Kurt talk about a listener provided question. Could SELinux have stopped the SolarWinds attack? Given what we know, the answer is technically yes, but practically no. SELinux is awesome, but it’s very difficult to sandbox something like a build system.

  • Common Linux vulnerabilities admins need to detect and fix

    Companies continue to scramble to secure endpoints and data center systems from constant attack. Admins must know how to both prevent attacks, such as ransomware, and mitigate the ones that get past security measures. This means using encryption, firewalls, routine vulnerability scanning and recovery plans.

    The threat landscape continues to change, with new attacks popping up all the time. Admin can't set up systems and hope they remain protected. Rather, they're in a continuous battle to keep adversaries out. Linux server admin David Clinton provides admins blueprints to tackle common Linux vulnerabilities, conduct risk assessments, configure backups and more in his book, Linux Security Fundamentals.

Best Free Alternatives to YouTube

Our recommended open source solution is PeerTube, This aims to be a decentralized and free/libre alternative to video broadcasting services. It’s powered by ActivityPub and WebTorrent. There’s no vendor lock-in. PeerTube allows you to upload your videos to a platform that you choose by yourself. And each community can help each other by caching one another’s videos. Each platform has its own terms of service, moderation and federation policies. The service offers video streaming including live streaming. Users can follow their favorite channels from PeerTube without having to create an account. There’s no mining your data! WebTorrent Desktop is a peer-to-peer (P2P) streaming torrent client for node.js and the web browser. The app never sends any personally identifying information, nor does it track which torrents you add. It bridges the two networks of WebRTC-based WebTorrent and TCP/UDP-based BitTorrent simultaneously. While WebTorrent isn’t limited only to video it’s the software’s main focus. It’s fast, offers the ability to download multiple torrents simultaneously, and exposes files as streams. This cross-platform streaming app is written in JavaScript. Read more

Kernel 'Extended' to Rust, New Stuff in Linux 5.14, and Linux Foundation 'Dilutes' Linux Mark

  • Latest Patches Sent Out For Adding Rust Support To The Linux Kernel

    This US Independence Day a revised set of patches were mailed out providing support for Rust as a secondary programming language within the Linux kernel for areas where increased security and memory safety are of utmost importance. The set of 17 patches plumb the Linux kernel with initial support, an example driver, and in total amount to more than 33k lines of new code in its early form. Miguel Ojeda who has been leading the "Rust for Linux" effort - and now funded by Google for this project - to allow this programming language to be used in the kernel sent out these patches. While the 5.14 kernel merge window is happening at the moment, this wasn't labeled as a pull request and will presumably not land until a later cycle. This succeeds the "request for comments" patches sent out in April.

  • Linux 5.14 Picks Up Support For New Sound Hardware, Including Alder Lake M - Phoronix

    Linux 5.14 is ready to begin supporting some new sound hardware while some recently proposed USB audio latency improvements were rejected for now. The sound subsystem updates were sent in on Friday. As written about last month there has been work on lowering the latency for the USB audio driver. While sent in as part of Friday's merge request, Linus Torvalds ended up rejecting that change. After pulling the changes he was getting a hang on one of his systems. There is already a possible fix pending so we'll see if the USB latency audio reduction work is re-sent in next week for Linux 5.14 or held off until 5.15.

  • Linux Gets New Thermal Driver Code Ahead of Alder Lake - Phoronix

    The thermal subsystem updates for the Linux 5.14 kernel include more work on Intel's int340x driver that is used by newer Intel laptops for dealing with their varying thermal control capabilities and exposing more thermal information to user-space for use by Intel's Thermal Daemon (Thermald). This cycle the work includes a new driver that will be used by next-gen Alder Lake SoCs.

  • Voice Interoperability Movement Gathers Momentum, Thanks To Linux Foundation [Ed: Celebrating clear misuse of the "Linux" mark to promote listening devices that are invasive]

CentOS Stream: Everything You Need to Know About it

What is CentOS Stream? In this article we shall discuss everything that you need to know about CentOS Stream. Let’s begin with a quick history refresher. As you know, CentOS, one of the most popular Linux distributions, will no longer be supported for CentOS 8, starting 31 of December 2021, while the support for CentOS 7 will end on 30 of June 2024. The CentOS team encourages the current CentOS 8 users to update to CentOS Stream, but this might not be accepted easily and many might migrate to another distro. So from now on, all the effort will be focused on CentOS Stream. Read more

5 Popular Free and Open Source VPN’s

People spend most of their time online and send critical information over the internet. Being safe online involves using many technologies, and VPN is one of them. An open source VPN software can help protect your identity online by encrypting the data you send on the network to keep it safe from eavesdropping. And if you are working in a company, It may also help you go beyond the company’s network restrictions to assure you have the experience you need on the internet. Read more

