Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • [JumpCloud] Recent Linux Releases: Desktop MFA & Security Commands

    Operating system diversity is a defining characteristic of today’s IT environments. Windows may have dominated historically, but enterprise Mac management has evolved in a meaningful way and Linux distributions have become a critical part of IT infrastructure. Cross-OS device management is here to stay, and presents a unique challenge for IT admins.

    Linux in particular can be a complex beast to manage because unlike MacOS and Windows, it is not a proprietary OS and can be found across multiple distros. There are many benefits to this openness however, including cost, interoperability, and flexibility. These factors, and more, have led to a strong Linux following among its community of users.

    With an increasing number of employee workstations running a wide variety of Linux distros, administrators need a way to increase visibility into their fleets, and improve the management of not only Linux systems, but Mac and Windows as well. IT admins can use the JumpCloud Directory Platform to comprehensively accomplish these tasks, thanks to the recent Linux releases detailed in this article.

  • Mozilla Security Blog: Making Client Certificates Available By Default in Firefox 90

    Starting with version 90, Firefox will automatically find and offer to use client authentication certificates provided by the operating system on macOS and Windows. This security and usability improvement has been available in Firefox since version 75, but previously end users had to manually enable it.

    When a web browser negotiates a secure connection with a website, the web server sends a certificate to the browser to prove its identity. Some websites (most commonly corporate authentication systems) request that the browser sends a certificate back to it as well, so that the website visitor can prove their identity to the website (similar to logging in with a username and password). This is sometimes called “mutual authentication”.

  • The Sequoia seq_file vulnerability

    A local root hole in the Linux kernel, called Sequoia, was disclosed by Qualys on July 20. A full system compromise is possible until the kernel is patched (or mitigations that may not be fully effective are applied). At its core, the vulnerability relies on a path through the kernel where 64-bit size_t values are "converted" to signed integers, which effectively results in an overflow. The flaw was reported to Red Hat on June 9, along with a local systemd denial-of-service vulnerability, leading to a kernel crash, found at the same time. Systems with untrusted local users need updates for both problems applied as soon as they are available—out of an abundance of caution, other systems likely should be updated as well.

    Down in the guts of the kernel's seq_file interface, which is used for handling virtual files in /proc and the like, buffers are needed to store each line of the file's "contents". To start, a page of memory is allocated for the buffer, but if that is not sufficient, a new buffer that is twice the size of the old one is allocated. This is all done using a size_t, which is an unsigned 64-bit quantity (on x86_64) that is large enough to hold the results, so "the system would run out of memory long before this multiplication overflows".

More in Tux Machines

pgAdmin 4 v6.1 Released

The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.1. This release of pgAdmin 4 includes 30 bug fixes and new features. For more details please see the release notes. pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website. Read more Also: pgexporter 0.2.0

today's leftovers

  • GPL Had Better be a Contract

    Software Freedom Conservancy announced today that they are suing Vizio, which makes TVs, for violations of GPLv2 and LGPLv2.1. Their website has a copy of a signed complaint, the legal document you file with a court to get a lawsuit started.

    Upshot: It looks like SFC’s suing for breach of contract. They’re claiming explicitly that GPLv2 and LGPLv2.1 are contracts, that Vizio breached those contracts, and that they should be held accountable under contract law.

    The main remedy SFC requests—the thing they’re asking the court to do for them—is to order Vizio to give them full corresponding source code, as agreed under GPLv2 and LGPLv2.1. That’s called “specific performance”. It’s a remedy under contract law. Not property law or intellectual property law, like copyright law.

  • Open access switch picks up pace in Australia and New Zealand

    Australian and New Zealand universities have notched up open access deals with two major academic publishers inside a week after Springer Nature unveiled a “transformative agreement” with the Council of Australian University Librarians (Caul).

    The three-year “read and publish” arrangement covers the article processing charges that authors normally pay to move their work in front of paywalls. Researchers will be able to make their articles freely accessible if they are accepted for publication in more than 2,000 journals, provided that their universities subscribe to those journals.

  • OK Lenovo, we need to talk!

    I’ve been wanting to publicly comment on Lenovo’s statement on Linux support for a while, as there’s much to say about it, and my failing attempt at finding a suitable replacement for my venerable T510 gave me an excuse to document my love-hate relationship with Lenovo all at once.

    This is of course my own personal views and ideas, and does not reflect the Haiku project’s position on the topic, nor that of Haiku, Inc. But I feel they deserve to be brought here due to history and the direct and indirect effect it might have had on the project, including previous failed attempts at commercial applications using it.

    While Lenovo is still above many other manufacturers on some aspects, and on others domains, well, nobody does any better anyway, they purport to perpetuating the IBM legacy, so I think (sic) they should be held up to the standard they claim to follow. Yet the discussion about repair and documentation pertains to almost every vendor.

  • sh(1): make it the default shell for the root user

    This changes also simplifies making tiny freebsd images with only sh(1) as a shell

  • #13 It begins…

    Update on what happened across the GNOME project in the week from October 01 to October 08.

  • CUDA-Python Reaches "GA" With NVIDIA CUDA 11.5 Release, __int128 Preview

    NVIDIA has made available CUDA 11.5 today as the latest version of their popular but proprietary compute stack/platform. Notable with CUDA 11.5 is that CUDA-Python has reached general availability status. NVIDIA CUDA 11.5 was posted today along with updated device drivers for Windows and Linux systems. Some of the CUDA 11.5 highlights include:

  • AMD GPU Driver Looks To Make Use Of Intel's New Buddy Allocator Code In The Linux Kernel - Phoronix

    Thanks to the nature of open-source, AMD engineers for the "AMDGPU" kernel graphics driver are looking to make use of Intel's new i915 buddy allocator code they introduced as part of all their video memory management changes as part of their discrete graphics bring-up. As part of Intel's bring-up of device local memory support for their dedicated GPU enablement and adding the notion of memory regions and other changes, they added a buddy allocator implementation for allocating video memory. This is an implementation of the well known buddy system for dividing of memory into equal parts (buddies) and continuing equal splitting that until able to satisfy the memory request.

Programming Leftovers

  • Ruby Lands "YJIT" As A Speedy, In-Process JIT Compiler - Phoronix

    YJIT is a JIT compiler for Ruby that leverages the lazy Basic Block Versioning (LBBV) architecture. YJIT has been in the works for a number of years. Most exciting for end-users and developers is that YJIT yields an average speed-up of around 23% compared to the current CRuby interpreter for realistic benchmarks.

  • Release: rebuilderd v0.15.0

    rebuilderd 0.15.0 very recently released, this is a short intro into what it is, how it works and how to build our own integrations!

  • Eclipse OpenJ9 0.29 Released With Full AArch64 Linux Support, More Mature JITServer Tech

    The newest feature release to Eclipse OpenJ9 is now available, the high performance Java Virtual Machine originating from IBM J9. Eclipse OpenJ9 v0.29 was released today, one day after the GraalVM 21.3 release and one month after the OpenJDK 17 debut. But in the case of OpenJ9 v0.29 it continues to target just OpenJDK 8 and OpenJDK 11.

Security, Entrapment (Microsoft GitHub), and Microsoft FUD