Language Selection

English French German Italian Portuguese Spanish

Debian

Debian GNU/Linux 9 "Stretch" Receives L1 Terminal Fault Mitigations, Update Now

Filed under
Debian

According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests.

"Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses," reads today's security advisory.

Read more

Debian at Montreal, Kernel Event (Linux Plumbers Conference), and Latest in Linux 4.19

Filed under
Linux
Debian
  • Montreal's Debian & Stuff - August 2018

    Summer is slowly coming to an end in Montreal and as much as I would like it to last another month, I'm also glad to fall back into my regular routine.

    Part of that routine means the return of Montreal's Debian & Stuff - our informal gathering of the local Debian community!

  • Testing & Fuzzing Microconference Accepted into 2018 Linux Plumbers Conference

    Testing, fuzzing, and other diagnostics have greatly increased the robustness of the Linux ecosystem, but embarrassing bugs still escape to end users. Furthermore, a million-year bug would happen several tens of times per day across Linux's installed base (said to number more than 20 billion), so the best we can possibly do is hardly good enough.

  • Linux 4.19 Is Finally Offering An In-Kernel GPS Subsystem

    The Linux 4.19 kernel will finally be introducing a GPS subsystem to hopefully better standardize a lot of the Linux GPS drivers that have been out there for years out-of-tree.

    The GNSS subsystem (Global Navigation Satellite System, i.e. GPS) provides initial support for receivers. This subsystem abstracts the underlying interfaces of the devices and provides a new class type that exposes a character device to user-space for reading these GNSS receivers. The protocol handling and more is left to user-space.

Debian-Based Q4OS Linux Operating System for Raspberry Pi Goes Stable

Filed under
Linux
Debian

Q4OS emphasizes the Trinity Desktop Environment (TDE), which continues the legacy of the old KDE 3.5 desktop. The latest release, Q4OS 2.5, was available only for 64-bit (x86_64) and 32-bit (i686 PAE) hardware architectures, but now it can also be installed on ARM hardware like the Raspberry Pi, Pine64, and Pinebook.

"Q4OS on Raspberry Pi performs at lightning speed due to its exceptionally low hardware requirements," say the devs in the announcement. "All the native Q4OS features, for example "Desktop profiler" and "Setup tool," are available and fully functional within the Raspberry Pi Q4OS edition."

Read more

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Filed under
Red Hat
Security
Debian
Ubuntu

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs.

"It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory.

Read more

Hands-on with Linux Mint Debian Edition 3 Beta

Filed under
Debian
HowTos

I have been out of touch for the past six months, because I accepted a teaching position in Amsterdam. The amount of time that required, and the weekly commute from Switzerland (yes, really, weekly), was vastly more than I expected, and left me no time to do justice to my blog. But now I am back again, and determined to manage my time more effectively and keep up with blogging.

Although I haven't been writing, I certainly have been keeping up with news and developments in the Linux world. What really inspired me to get busy and write again was the announcement of LMDE 3 (Cindy) Beta. Hooray! How long have we been waiting for this? It feels like years. Oh, that's because it has been years.

Read more

Debian GNU/Linux project to mark 25th birthday on Thursday

Filed under
Debian

The Debian GNU/Linux project will turn 25 on Thursday, with the Linux distribution having made its debut on 16 August in 1993 under the leadership of the late Ian Murdock.

In its original manifesto, Murdock stated: "Many distributions have started out as fairly good systems, but as time passes attention to maintaining the distribution becomes a secondary concern."

Maintaining a Debian system was made simple after some developers created a package management system known as apt.

Apt — and its derivatives like aptitude and synaptic — have served to make the task of updating a Debian system simple. With apt, the secondary concern that Murdock referred to was effectively taken care of. Incidentally, there are now about 29,000 packages available in Debian.

Read more

Also new (Debian-related news):

  • DebConf 18
  • Google Summer of Code 2018- Final Report

    This project aims at developing tools and packages which would simplify the process for new applicants in the open source community to get the required setup. It would consist of a GUI/Wizard with integrated scripts to setup various communication and development tools like PGP and SSH key, DNS, IRC, XMPP, mail filters along with Jekyll blog creation, mailing lists subscription, project planner, searching for developer meet-ups, source code scanner and much more! The project would be free and open source hosted on Salsa (Debian based Gitlab)

    I created various scripts and packages for automating tasks and helping a user get started by managing contacts, emails, subscribe to developer’s lists, getting started with Github, IRC and more.

The House of Elive Linux Revamped!

Filed under
GNU
Linux
Debian

I visited the www.elivecd.org, the page that houses Elive. This is one Linux distro that caught my eye in 2009 and that I have been following ever since.

The site is being redecorated and renovated, which is a great change to reflect the polished nature of the distro that Thanatermesis (Samuel Flores Baggen) crafts there.

Read more

Also: DebConf in Taiwan!

Debian: DebConf 18, nacho and Tomu

Filed under
Debian
  • DebConf 18 – Day 2

    Although I have already returned from this year’s DebConf, I try to continue to write up my comments on the talks I have attended. The first one was DebConf 18 – Day 1, here we go for Day 2.

  • Final GSOC 2018 Report

    This is the final report of my 2018 Google Summer of Code project. It also serves as my final code submission.

    ...]

    The main project was nacho, the web frontend for the guest accounts of the Debian project. The software is now in a state where it can be used in a production enviroment and there is already work being done to deploy the application on Debian infrastructure. It was a lot of fun programming that software and i learned a lot about Python and Django. My mentors gave me valuable feedback and pointed me in the right direction in case i had questions. There are still some ideas or features that can be implemented and i’m sure some feature requests will come up in the future. Those can be tracked in the issue tracker in the salsa repository. An overview of the activity in the project, including both commits and issues, can be seen in the activity list.

    The SSO evaluations i did give an overview of existing solutions and will help in the decision making process. The README in the evaluation repository has a table taht summarizes the findings of the evaluations.

  • I am Tomu!

    While I was away for DebConf18, I received the Tomu boards I ordered on Crowdsupply a while ago while the project was still going through crowdfunding.

Debian Linux Package Support Hits Chrome OS Canary, Android Leftovers

Filed under
Android
Google
Debian
  • Debian Linux Package Support Hits Chrome OS Canary

    Google’s Chrome OS can now install and run Debian Linux packages with the .deb extension, at least in the Canary channel. This happens by simply double-clicking the file in your file browser. From there, the automated installer takes over. Once a Linux application is installed, it will be available in your terminal, invoked in the same way as a Chrome OS app, and some apps may show up in your Chrome OS launcher, depending on the metadata present in them and whether they support such operations. Most Linux apps that have a graphical user interface fall into this category, though there are many command line utilities out there for Linux users to enjoy. Both are now available to Chrome OS users. You still cannot replace default Chrome OS utilities, so don’t expect to run an i3 desktop with a brand new ALSA media handler unless you’re willing to gut your Chromebook entirely and install Linux.

  • Debian Linux Packages Now Working In Chrome OS Developer Channel

    A recent update to the experimental Canary Channel of Chrome OS brought about the ability to install Debian packages with a simple double-click. The only prerequisite being you are on a Chromebook or Chromebox that has support for the Crostini Project.

    Now, thanks to our Brother in Chrome Kevin Tofel, we’ve learned this ability has already found its way into the Developer channel of Chrome OS. Again, there are some requirements but if your device supports the Crostini Linux project, you can have this feature up and running with just a few, simple steps.

  • Android Q Name Predictions: What’s Next “Dessert” For Android 10?

    Now that Google has officially released Android Pie marking August 6th as the new “Pie” day, we are wondering what will Google call its next Android version: Android Q. In the past, we’ve also prepared a list of Android P names.

  • 6 Best Song Finder Apps For Android To Identify Songs By Tune
  • Google introduces Android 9 Pie

Debian: .Deb Packages in Chrome OS, GHDL Back in Debian

Filed under
Debian
  • Installing Linux app on Chromebooks gets easier with support for .deb packages

    You can already run some Linux applications on some Chromebooks thanks to Google’s Project Crostini software. But as I noted when testing Crostini on the Acer Chromebook Tab 10 last month, the feature is still very much a work in progress.

    For now it’s not available if you’re using the stable channel version of Chrome OS, it doesn’t run on all Chromebooks, and you have to jump through some hoops to enable Crostini. Once you do that, you’ll find that you generally need a little Linux know-how to find and install applications using the command-line apt tool.

  • Chrome OS Can Now Install Debian Linux Packages

    A few weeks back, I was tinkering around in the Canary channel and through some hacky loops and multiple attempts, I was able to install a Linux installer that allowed me to launch Debian(.deb) Linux packages on my Chromebox.

    Granted, the workaround was in vain as I got Steam up and running just to find that GPU support is still nowhere to be seen but hey, the installation worked so the experiment was a success.

  • GHDL Back in Debian

    As I have noted, I have been working on packaging the VHDL simulator GHDL for Debian after it has dropped out of the archive for a few years. This work has been on slow burner for a while and last week I used some time at DebConf 18 to finally push this to completion and upload it. ftpmasters were also working fast, so yesterday the package got accepted and is now available from Debian unstable.

    The package you get supports up to VHDL-93, which is entirely down to VHDL library issues. The libraries published by IEEE along with the VHDL standard are not free enough to be suitable for Debian main. Instead, the package uses the openieee libraries developed as part of GHDL, which are GPL’ed from-scratch implementations of the libraries required by the VHDL standard. Currently these only implement VHDL-89 and VHDL-93, hence the limitation.

Syndicate content

More in Tux Machines

Security: Lustre, Aqua Security, Election Security and Reproducible Builds

  • Fix for July's Spectre-like bug is breaking some supers
    High-performance computing geeks are sweating on a Red Hat fix, after a previous patch broke the Lustre file system. In July, Intel disclosed patches for another Spectre-like data leak bug, CVE-2018-3693. Red Hat included its own fixes in an August 14 suite of security patches, and soon after, HPC sysadmins found themselves in trouble. The original report, from Stanford Research Computing Center, details a failure in LustreNet – a Lustre implementation over InfiniBand that uses RDMA for high-speed file and metadata transfer.
  • Aqua Security Launches Open-Source Kube-Hunter Container Security Tool
    Aqua Security has made its new Kube-hunter open-source tool generally available, enabling organizations to conduct penetration tests against Kubernetes container orchestration deployments. Aqua released Kube-hunter on Aug.17, and project code is freely available on GitHub. Rather than looking for vulnerabilities inside of container images, Kube-hunter looks for exploitable vulnerabilities in the configuration and deployment of Kubernetes clusters. The project code is open-source and can be run against an organization's own clusters, with additional online reporting capabilities provided by Aqua Security.
  • Election Security Bill Without Paper Records and Risk Limiting Audits? No Way.
    The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits. Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.
  • Reproducible Builds: Weekly report #173

Android Leftovers

Debian GNU/Linux 9 "Stretch" Receives L1 Terminal Fault Mitigations, Update Now

According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests. "Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses," reads today's security advisory. Read more