Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • SHA-1 Deprecation: Pro, Con, or Extend?

    I read Ryan's article about why SHA-1 should be deprecated faster and why we should veto the proposed extensions. It is an excellent explanation of what's going on. I highly recommend it (and look forward to the complete series when he publishes it):

  • Legacy Verified: Legacy Solutions

    While the previous post explored the historical context in which the SHA-1 deprecation fits, and in the many failures to respond adequately to known risks, it didn’t really address the actual Legacy Verified proposal made by CloudFlare and Facebook, and subsequently endorsed by Twitter, nor how it attempts to mitigate the concerns with continuing SHA-1 allocation.

  • Let’s Encrypt Now Being Abused By Malvertisers

    Encrypting all HTTP traffic has long been considered a key security goal, but there have been two key obstacles to this. First, certificates are not free and many owners are unwilling to pay; secondly the certificates themselves are not always something that could be set up by a site owner.

  • Security Guide: How to Protect Your Infrastructure Against the Basic Attacker
  • Linux.Encoder Authors Couldn’t Correctly Disguise Encryption Key

    Renowned Security Software Company in Russia named Doctor Web happened to be first to detect as well as report one wholly working ransomware Trojan created to infect Linux computers. A sample named Linux.Encoder.1 recently showed quite resembling activity with the notorious CryptoWall ransomware. Fifty percent of the widely used AV engines of VirusTotal could not recognize the sample which broke new ground during the Linux domain. The malware chiefly concentrated on hijacking computers using Web servers as also encrypted critical folders utilized during Web-hosting as well as within Web-development ambience.

More in Tux Machines

Android Leftovers

MX Linux MX-21 Xfce

MX Linux MX-21 Xfce is the complete opposite of my MX-21 KDE review - that one was delightful. The Xfce one is the worst experience I had with this distro, probably ever. I didn't really get to properly test anything due to the general sluggishness, the login freeze, the suspend & wake problems, the Firefox slowness, the kernel oops, and all the rest of it. But the visual customization did show me one important aspect - how much more advanced KDE is, and how fragile scaling is in Xfce. I really am not in the mood to manually tweak 20-30 separate Xfce elements just to have a nice, presentable desktop. That's 2005, and it needs to stop. The Xfce version of MX-21 ain't bad, but it's fragile. Worse yet, the distro behaved far better in the past, so we also have a regression on our hands. All I can say, go for the KDE version, it's amazing (among the best systems I ever tried). Whereas the Xfce one needs to go back to the workshop and get some serious rework. Alas, on that note, and with some mild paranoia swirling in my brain, we end this sad review. Read more

YouTube Downloader and Firefox in EasyOS

  • YouTube downloader fixes

    The YouTube downloader GUI is a frontend for /usr/bin/youtube-dl, which is a python script. A problem is that YouTube move the goal posts, in an attempt to stop these downloaders from working. The youtube-dl developers respond by changing their script so that it works again.

  • Firefox version 94.0.2

    Have just downloaded English, French and German Firefox 94.0.2 tarballs, and it will be in the next release of EasyOS.

Use BespokeSynth on Fedora Linux

Sun Aug 14 10:36:37 2016, this is the birth date of BespokeSynth. Since that date, BespokeSynth has grown a lot; both in terms of its user base and the size of its codebase. BespokeSynth is an application for performing modular synthesis. Because it has been written by a newcomer to modular synthesis, it is quite different from the usual modular synthesizer. Note: I am the manager of the LinuxMAO / Audinux Copr repository. Read more