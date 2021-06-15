Security Leftovers
Microsoft has issued a warning to users of PowerShell 7.0 and 7.1 to update their software to protect against a .NET Core remote code execution vulnerability.
Tracked as CVE-2021-26701, the vulnerability is described as critical and could affect Windows, macOS and Linux. The security issue has been known about for a little while, but Microsoft is only now urging users to install updates to ensure that they are protected.
Passwords are particularly problematic for programmers. You're not supposed to store them without encrypting them, and you're not supposed to reveal what's been typed when your user enters one. This became particularly important to me when I decided I wanted to boost security on my laptop. I encrypt my home directory—but once I log in, any password stored as plain text in a configuration file is potentially exposed to prying eyes.
Specifically, I use an application called Mutt as my email client. It lets me read and compose emails in my Linux terminal, but normally it expects a password in its configuration file. I restricted permissions on my Mutt config file so that only I can see it, but I'm the only user of my laptop, so I'm not really concerned about authenticated users inadvertently looking at my configs. Instead, I wanted to protect myself from absent-mindedly posting my config online, either for bragging rights or version control, with my password exposed. In addition, although I have no expectations of unwelcome guests on my system, I did want to ensure that an intruder couldn't obtain my password just by running cat on my config.
OS security features and server class systems are things that surely belong together. If a program is important enough to buy expensive servers to run it then it’s important enough that you want to have all the OS security features enabled. For such an important program you will also want to have all possible monitoring systems running so you can predict hardware failures etc. Therefore you would expect that you could buy a server, setup the vendor’s management software, configure your Linux kernel with security features such as “lockdown” (a LSM that restricts access to /dev/mem, the iopl() system call, and other dangerous things [1]), and have it run nicely! You will be disappointed if you try doing that on a HP or Dell server though.
Security updates have been issued by Arch Linux (electron11, electron12, istio, jenkins, libtpms, mediawiki, mruby, opera, puppet, and python-fastapi), Debian (djvulibre and openexr), Fedora (dovecot, libtpms, nginx, and php-league-flysystem), Gentoo (corosync, freeimage, graphviz, and libqb), Mageia (busybox, file-roller, live, networkmanager, and php), openSUSE (clamav-database, lua53, and roundcubemail), Oracle (389-ds:1.4, kernel, libxml2, python38:3.8 and python38-devel:3.8, and ruby:2.5), and SUSE (crmsh, djvulibre, python-py, and python-rsa).
Community Member Monday: Tim Brennan Jr.
I am a son and grandson of American missionaries who moved to Brazil in 1952. Since my mother was born here (my father was a seven month old baby), I was born automatically a Brazilian citizen – even though I was born in the USA. Being brought up in Brazil, I learned both American English in the home, and learned Brazilian Portuguese in parallel. I am fluent in both languages. Computers came into my life as my dad saw the importance and value of them in the eighties. Watching him hack an Apple IIe and a daisy wheel printer to get the tilde accent over the letter “y” was an adventure in and of itself.
Since I was homeschooled, the value and importance of open source software became very clear to me as soon as I heard about it around 1999. As soon as I heard of Linux, I got hooked. Then, I heard of StarOffice which later became OpenOffice, which forked into LibreOffice and saw the birth of The Document Foundation.
I have been on a learning journey for most of my life. Everything I have learned is self-taught, including LibreOffice. My main activity in life is teaching in general. Teaching software to newbies such as the elderly, the underprivileged and young people is a passion I have. LibreOffice is an excellent starting point as it has virtually all the basic areas: text, images, markup languages, programming logic on a very simple scale with macros, databases etc., and much, much, more.
Reports for GSoC in LibreOffice and OpenSUSE
Writer can group Drawing objects. For example shapes(rectangles, circles), text boxes and draw images can be grouped together to drag & drop.
However, when copy/paste or drag&drop an image into the writer document canvas, (raster/bitmap)images are handled as Frame objects (holding images/bitmaps), not Drawing objects. Drawing objects have the group feature, but this feature is not implemented for Graphics(Frame objects/bitmap). This is why Writer can’t group raster images.
In Impress, when editing a text on a slide, CTRL+SHIFT+(HOME/END/ArrowUP/ArrowDOWN) shortcuts doesn’t select the text in the slide, but move the slide to the end of the slide stack.
Solution is simple: Disable slide sorter shortcuts when in text edit mode.
For people unfamiliar with non-Latin languages, IME (Input Method) may be a completely new concept since they will find all the characters present on the keyboard when typing. However, for the majority of people in Asia, typing in their language would be impossible if without IME. For example, if you want to type Chinese, there are thousands of Chinese characters in total, and a keyboard is just too small to put them all onto it. But with the help of IME, you can choose to use pinyin or other kinds of input schemas like Wubi. Then a standard US keyboard will be sufficient for typing all the Chinese characters.
IBus is an input method framework for developing input methods providing unified user interfaces. A lot of popular input methods are based on IBus, and IBus is also the default input method framework on GNOME. Even if you don’t use non-Latin languages, you may also find IBus useful with IBus Typing Booster installed.
Kernel: Noise, Hardware, and Storage
The tracing subsystem within the Linux kernel is seeing some exciting improvements with Linux 5.14 to help with low-latency analysis and also measuring operating system noise.
Linux 5.14 brings a new "osnoise" tracer for measuring noise attributed to the operating system and hardware when it comes to isolated applications. The OSNoise tracer keeps track of noise by monitoring entry points for NMIs / IRQs / SoftIRQs / threads in determining if the noise is coming from the OS or rather than hardware. There are also tracepoints setup for helping to further debug sources of noise.
The Linux kernel's tooling around the perf subsystem is the latest area seeing a lot of work for Intel's upcoming Alder Lake processors with a mix of high performance and low power processor cores.
The perf tooling updates for this new kernel cycle bring various hybrid processor handling improvements in working towards Intel's Alder Lake processors. This includes new perf.data file header additions around hybrid topology as well as supporting PMU prefixes for hybrid CPUs, among other changes for Alder Lake and future Intel hybrid processors.
Merged back in Linux 5.4 in late 2019 was the exFAT file-system driver that has proven to be quite mature at this stage with the work led by Samsung under the blessing of Microsoft. There hasn't been much in the way of exFAT file-system driver changes in recent kernel releases given its maturity. Even with Linux 5.14 there are just two exFAT patches but end up being notable at least for some users due to fixing file-system compatibility with some digital cameras.
Linux 5.14's exFAT brings improved compatibility with the exFAT file-systems from some digital cameras. In particular, when mounting an exFAT file-system from select digital cameras under Linux, in some cases not all of the files would show up under Linux.
