Language Selection

English French German Italian Portuguese Spanish


Security Leftovers

Filed under
  • Security updates for Wednesday

    Security updates have been issued by openSUSE (firefox and tor), Oracle (stunnel and xterm), Red Hat (virt:8.2 and virt-devel:8.2 and xterm), SUSE (avahi, gnuplot, java-1_7_0-ibm, and pcp), and Ubuntu (openssl).

  • Why not rely on app developer to handle security? – Michał Górny

    One of the comments to the The modern packager’s security nightmare post posed a very important question: why is it bad to depend on the app developer to address security issues? In fact, I believe it is important enough to justify a whole post discussing the problem. To clarify, the wider context is bundling dependencies, i.e. relying on the application developer to ensure that all the dependencies included with the application to be free of vulnerabilities.

    In my opinion, the root of security in open source software is widely understood auditing. Since the code is public, everyone can read it, analyze it, test it. However, with a typical system install including thousands of packages from hundreds of different upstreams, it is really impossible even for large companies (not to mention individuals) to be able to audit all that code. Instead, we assume that with large enough number of eyes looking at the code, all vulnerabilities will eventually be found and published.

    On top of auditing we add trust. Today, CVE authorities are at the root of our vulnerability trust. We trust them to reliably publish reports of vulnerabilities found in various packages. However, once again we can’t expect users to manually make sure that the huge number of the packages they are running are free of vulnerabilities. Instead, the trust is hierarchically moved down to software authors and distributions.

    Both software authors and distribution packagers share a common goal — ensuring that their end users are running working, secure software. Why do I believe then that the user’s trust is better placed in distribution packagers than in software authors? I am going to explain this in three points.

  • Sysdig Donates Module to CNCF to Improve Linux Security

    Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security.

  • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the DizmeID Foundation and technical project with the intent to support digital identity credentialing. The effort will combine the benefits of self-sovereign identity with necessary compliance and regulation, with the aim to enable wallet holders with ownership and control over their digital identity and data access and distribution.

  • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

Proprietary Software and Security Woes

Filed under
  • Checkout Skimmers Powered by Chip Cards

    Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.

  • Why Was SolarWinds So Vulnerable to a [Crack]?

    Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The [attack] gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

    It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to hold a hearing on the breach on Tuesday. Who is at fault?

  • M1 Mac users are reporting excessive SSD wear and tear

    If you have a new M1 Mac, you probably think it's going to last for years and years, but some new troubling data suggests that might not be the case. More than a few users are reporting that SSDs on Apple’s M1 Macs are possibly being overused by the system, which could cause them to wear out earlier than usual.

  • NurseryCam suffers data breach after security concerns raised

    NurseryCam, the remote video monitoring service for parents with young children at nurseries that was dogged with claims of troubling security issues last week, has suffered a data breach.

  • Parents alerted to NurseryCam security breach

    The firm said that a "loophole" in its systems had been used to obtain data from parents' viewing accounts including: [...]

  • LinkedIn is back up after an outage

    LinkedIn is back up after a worldwide outage affecting users on both mobile and desktop. The Microsoft-owned social network first started experiencing issues around 2PM ET, and LinkedIn confirmed things were back to normal at 4:21PM ET.

Google funds Linux kernel developers to work exclusively on security

Filed under

Hardly a week goes by without yet another major Windows security problem popping up, while Linux security problems, when looked at closely, usually turn out to be blunders made by incompetent system administration. But Linux can't rest on its laurels. There are real Linux security concerns that need addressing. That's where Google and the Linux Foundation come in with a new plan to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor's exclusive focus will be to maintain and improve kernel security and associated initiatives to ensure Linux's security. There's certainly work to be done.

Read more

Security Leftovers

Filed under
  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (connman, firejail, kernel, python-django, roundcubemail, and wpa_supplicant), Fedora (gdk-pixbuf2 and gdk-pixbuf2-xlib), openSUSE (python3 and tomcat), Scientific Linux (xterm), SUSE (postgresql12 and postgresql13), and Ubuntu (gdk-pixbuf, openldap, python-django, and qemu).

  • How to Disable Automatic Updates in Ubuntu

    Ubuntu has automatic updates enabled by default. Ordinarily, this is a convenient feature that helps our system stay up to date with the latest features, and protected with the newest security patches.

  • Be wary of file sync conflicts with KeePass apps on Android

    KeePass is a tried and tested open-source encrypted password manager available for Windows. You can also use one of the many forks for Android, iOS, Linux, macOS, and other operating systems. KeePass has created the defacto standard for encrypted password vault/database files (.kdbx). Syncing the vault files between your computers and Android can cause problems with some KeePass apps, however.

    KeePass (and its many forks) stores your passwords encrypted in a secure vault/database file. Unlike other password managers like LastPass and Bitwarden, you’re solely responsible for storing and backing up your password vault. You can transfer the vault file between computers with Syncthing, Resillio, Dropbox, OneDrive, Google Drive, a floppy diskette, or however you prefer moving your files around. Multi-computer set-ups with file synchronization introduces the risk of file synchronization delays and conflicts.

  • Nvidia Linux drivers causing random hard crashes and now a major security risk still not fixed after 5+ months

    The recent fiasco with Nvidia trying to block Hardware Unboxed from future GPU review samples for the content of their review is one example of how they choose to play this game. This hatred is not only shared by reviewers, but also developers and especially Linux users.

    The infamous Torvalds videos still traverse the web today as Nvidia conjures up another evil plan to suck up more of your money and market share. This is not just one off shoot case; oh how much I wish it was. I just want my computer to work.

    If anyone has used Sway-WM with an Nvidia GPU I’m sure they would remember the –my-next-gpu-wont-be-nvidia option.

    These are a few examples of many.

Security Leftovers

Filed under
  • 30K Macs are infected with ‘Silver Sparrow’ virus and no one knows why

    Apple has since revoked the developer certificates that allowed the virus to propagate and says new machines can no longer be infected. Apple's own research echoed Red Canary's findings and uncovered no evidence that the malware has delivered a malicious payload to any of the infected machines.

  • Second case of NSA exploits being used before Brokers' leak comes to light

    A second case of NSA exploits being customised and used for attacks, before they were leaked on the Web by a group known as the Shadow Brokers in 2017, has come to light, this time following research by the Israel-based cyber security firm Check Point Research.

  • Kroger warns pharmacy customers' personal data may have been stolen in [attack]

    Compromised information could include “names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers,” a spokeswoman told the AP. The company said it is informing anyone who may have been affected and offering them free credit monitoring. No stores’ IT or grocery store systems are believed to have been accessed.

  • Kroger: Some pharmacy customer data impacted in vendor [crack]

    Kroger Co. says personal data, including Social Security numbers of some of its pharmacy and clinic customers, may have been stolen in the [crack] of a third-party vendor's file-transfer service.

    The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.

  • Privacy Talks | Interview with Josh Aas from Let's Encrypt

    This interview originally aired on August 14, 2020.

Security and Maintenance: Bad Development, Patches, and New WordPress

Filed under
  • Cheap baby monitors and security cameras – widespread flaw allows remote viewing

    The features is password-less monitoring, saving you from entering a log-in and password in the middle of the night to access the cheap baby monitors and security cameras. And it is widely used by baby monitor cameras, pet monitors and kindergarten remote viewing cameras.

  • Security updates for Monday

    Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).

  • WordPress 5.6.2 Maintenance Release

    This maintenance release includes 5 bug fixes. These bugs affect WordPress version 5.6.1, so you’ll want to upgrade.

    You can download WordPress 5.6.2 directly, or visit the Dashboard → Updates screen and click Update Now. If your sites support automatic background updates, they’ve already started the update process.

Security and DRM

Filed under
  • How the Internet Has Turned Into the Modern-Day Battlefield

    When it comes to geopolitics, the so-called ‘cyber’ and the realm of the internet has become a serious battlefield and a space where enemy states have traded disinformation campaigns and can have things like a power plant knocked out by a string of code. Since 2011, New York Times journalist Nicole Perlroth has been reporting on the secret world of cybersecurity and the arsenals of malware that nation states are stockpiling.

  • Ransomware Gang Says It's Selling Data from Cyberattack That California DMV Warned About [iophk: Windows TCO]

    This is quite alarming, given that the California Department of Motor Vehicles announced yesterday that it is a longtime client of AFTS and that the February attack may have compromised approximately 20 months of data it had shared with the company, including the “names, addresses, license plate numbers and vehicle identification numbers (VIN)” of millions of Californians.

  • John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied.

    It is now three years later. The agreement is supposed to be in effect. No right to repair legislation has been passed. Deere, the dealers, and the manufacturers got what they wanted. And, yet, farmers are still struggling to get anything promised in the agreement.

Security Leftovers

Filed under
  • Please don’t make me choose a username

    I hate username fields in registration forms. The usernames I want are, of course, already taken. Many services won’t let you change your username later, so you might get stuck with it. Who wants to settle for a name they don’t like? Just please don’t make me choose a username.

    Personal identity is hard. It molds and changes over time. Online identity is harder, but can often be more permanent. Many services won’t let you change your username without deleting the account and making another one. You’ll lose all your data with the service in the process. (Assuming you’re allowed to delete your account and set your email address free.)

    Many services make do with just your email address. Your email address isn’t truly yours, but just a rented identity. However, everyone still needs a unique name for services where you interact with other members.

  • Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux

    CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

    CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

    The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

    It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades - they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

  • Many Computer Users Never Run Updates

    A large percentage of computer users never update their operating systems. This is true of desktop Linux users as well, which may be surprising to some since Linux users are supposed to be a bit more tech-savvy than Windows and Mac users. R

  • Linux Mint users are surprisingly irresponsible regarding updates

    Linux users are more knowledgeable regarding computer maintenance than Windows users, right? Maybe. That is certainty up for debate. With that said, Linux user may not be very responsible computer users. Well, Linux Mint users, at least.

    You see, in a stunning development, it turns out Linux Mint users are often very behind in installing both operating system and application updates. In other words, Linux Mint users are often running outdated software, which could be no longer supported, or even worse, it could contain exploitable vulnerabilities. For example, a surprisingly high number of these users are running Linux Mint 17.x, which is unsupported since 2019!

Security/Proprietary Issues

Filed under
  • 10 years of Chromebooks and people still don’t know what they’re capable of

    They’ve been around for a decade and have always focused on speed, simplicity, and security. Plus, Chromebooks have continuously improved from a basic browser-only device to something far more capable than many people realize.

  • Google might have quietly teased the OS that will replace Android

    We’ve been talking about Fuchsia for years now, and Google has confirmed its existence without revealing what it can do or when it’ll be here. Fuchsia would run on any device, no matter its size or display type — it would also run on gadgets that don’t have screens. Fuchsia would support instant software updates just like iOS and macOS, as well as better privacy and security protections, again, like what’s available on iPhone and Mac. And Fuchsia will still run all of the existing Android apps so that transitioning from Android (and Chrome) to Fuchsia shouldn’t be a hassle. That’s the gist of Fuchsia rumors, although it’s unclear what Google’s vision is for Fuchsia.

  • Margaret Mitchell: Google fires AI ethics founder

    Google has fired the founder and co-head of its artificial intelligence ethics unit, claiming she violated the company's code of conduct.

    In a statement, Google said an investigation found Margaret Mitchell had moved files outside the company.

  • IBM is said to consider sale of Watson Health amid cloud focus

    Deliberations are at a very early stage and the company may opt not to pursue a deal, said the person, who asked not to be identified discussing private talks. IBM is exploring a range of alternatives, from a sale to a private equity firm or a merger with a blank-check company, according to The Wall Street Journal, which earlier Thursday reported the possibility of a deal.

    IBM has been trying to boost its share of revenue from hybrid-cloud software and services, which lets customers store data in private servers and on multiple public clouds, including those of rivals Inc. and Microsoft Corp. IBM bought RedHat for $34 billion in 2018 to boost this effort.

  • Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

    The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.

  • How secure boot and trusted boot can be owner-controlled

    Implementing owner-controlled secure boot. Moreover, it should also be noted that you don't actually need to use keyfusing to implement (1). For example, the “secure boot” functionality on x86 PCs allows users to change their own trust roots at any time. The way this is implemented is by having a region of a nonvolatile storage device reserved for boot firmware and trust configuration, which can be locked against mutation after boot. The only way to make this region writeable again is by resetting the system, restoring execution to said boot firmware.3 Thus, absent physical intervention, any mutation to the boot firmware or configuration must be approved by said boot firmware.

    Although most SoC vendors design their SoCs to support keyfusing as their officially supported means of “secure boot”, it is actually possible to implement this owner-controlled secure boot design on most SoCs via only a small amount of additional board components. This takes advantage of the fact that

    1. SoC-class devices almost never have onboard flash, and instead boot from an external flash device;
    2. external flash devices usually have a “Write Protect” pin; and
    3. many classes of flash device allow the “Write Protect” pin to be configured to write-protect some, but not all, of the device's memory.

  • Exploit Details Emerge for Unpatched Microsoft Bug

    New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world attacks — notably, by just visiting a website.

    In early February, cybersecurity researchers at South Korean consultancy ENKI identified a zero-day exploit that it said was used in the researcher attack. The vulnerability in question exists in Microsoft Internet Explorer, and at the time of writing remains unpatched, though Microsoft said it was looking into the bug report.

  • Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

    Masslogger is a spyware program, which is written in .NET and steals browser, email and instant-messaging credentials. The trojan was released in April and has since been sold on underground forums.

    “Masslogger is a commodity malware that has been in development and circulation for almost a year now,” Svajcer told Threatpost. “It is sold on underground forums for relatively modest amount of money and it can be used by any malicious actor. We wanted to emphasize that these campaigns with these particular spreading techniques can likely be linked to a single actor, based on the exfiltration server domain used in all campaign for exfiltrating credentials.”

  • Serving up zero-knowledge proofs

    Zero-knowledge (ZK) proofs are gaining popularity, and exciting new applications for this technology are emerging, particularly in the blockchain space. So we’d like to shine a spotlight on an interesting source of implementation bugs that we’ve seen—the Fiat Shamir transformation.

    A ZK proof can be either interactive, where the prover and verifier communicate via challenges in a multi-step process, or non-interactive, where a prover computes a proof once and sends it to the verifier. The non-interactive ZK proof is preferred over the multi-step interactive process, but most ZK schemes are interactive by default.

    Enter the Fiat-Shamir transformation. It transforms interactive ZK proofs into non-interactive ones. Easier said than done. This can be a tricky implementation and has led to several bugs, including one discovered in a Swiss voting system.

  • Update your computer!

    Security updates patch vulnerabilities in your computer. They protect you from local attacks (people with physical access to your computer and people who have an account on it) but also remote ones (attackers targeting your computer through your Internet connection).

    Other than directed attacks security updates also protect you from malicious software. When you ask your computer to execute external content (software you downloaded, email attachments, a link you click or even just a webpage you visit in your Web browser) you also take the risk to open a door into your computer and invite attackers in.

    When a vulnerability is found developers fix it as soon as possible and distributions ship it as an update so you can apply it in a timely fashion. These vulnerabilities then become public and known by potential attackers. This means an outdated system isn’t just vulnerable, it is known to be vulnerable.

  • Linux Mint Finds Many Of Its Users Are Running Behind On Security Updates - Phoronix

    The issue of having a beginner/easy-to-use focused desktop Linux distribution but not installing new security updates by default without user intervention is that for many users they fall behind in applying often important security fixes.

    The Linux Mint blog posted a notice today encouraging its users to install security updates as they are "very important" while the internal statistics indicate significant numbers of users are not doing so. "Apply updates right now!" the notice reads and also warning users to not run end-of-life (EOL) versions of the Ubuntu/Debian-based distribution.

  • The modern packager’s security nightmare

    One of the most important tasks of the distribution packager is to ensure that the software shipped to our users is free of security vulnerabilities. While finding and fixing the vulnerable code is usually considered upstream’s responsibility, the packager needs to ensure that all these fixes reach the end users ASAP. With the aid of central package management and dynamic linking, the Linux distributions have pretty much perfected the deployment of security fixes. Ideally, fixing a vulnerable dependency is as simple as patching a single shared library via the distribution’s automated update system.

    Of course, this works only if the package in question is actually following good security practices. Over the years, many Linux distributions (at the very least, Debian, Fedora and Gentoo) have been fighting these bad practices with some success. However, today the times have changed. Today, for every 10 packages fixed, a completely new ecosystem emerges with the bad security practices at its central point. Go, Rust and to some extent Python are just a few examples of programming languages that have integrated the bad security practices into the very fabric of their existence, and recreated the same old problems in entirely new ways.

    The root issue of bundling dependencies has been discussed many times before. The Gentoo Wiki explains why you should not bundle dependencies, and links to more material about it. I would like to take a bit wider approach, and discuss not only bundling (or vendoring) dependencies but also two closely relevant problems: static linking and pinning dependencies.


    Now, for the worst of all — one that combines all the aforementioned issues, and adds even more. Bundling (often called vendoring in newspeak) means including the dependencies of your program along with it. The exact consequences of bundling vary depending on the method used.

    In open source software, bundling usually means either including the sources of your dependencies along with your program or making the build system fetch them automatically, and then building them along with the program. In closed source software, it usually means linking the program to its dependencies statically or including the dependency libraries along with the program.

    The baseline problem is the same as with pinned dependencies — if one of them turns out to be buggy or vulnerable, the users need to wait for a new release to update the bundled dependency. In open source software or closed source software using dynamic libraries, the packager has at least a reasonable chance of replacing the problematic dependency or unbundling it entirely (i.e. forcing the system library). In statically linked closed source software, it is often impossible to even reliably determine what libraries were actually used, not to mention their exact versions. Your distribution can no longer reliably monitor security vulnerabilities; the trust is shifted to software vendors.

    However, modern software sometimes takes a step further — and vendor modified dependencies. The horror of it! Now not only the packager needs to work to replace the library but often has to actually figure out what was changed compared to the original version, and rebase the changes. In worst cases, the code becomes disconnected from upstream to the point that the program author is no longer capable of updating the vendored dependency properly.

Security Leftovers

Filed under
  • Investigators suggest [attackers] exploited weak password security to breach Florida water facility

    “The unidentified actors accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process,” the department wrote. “All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system,” which Microsoft ended support for in January of last year.

    “Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed,” the alert reads. A spokesperson for the Massachusetts department said the department received the details from the EPA.

  • I’m Controlling Your Cursor

    In the years to come, there will most assuredly be books and oral histories written about what happened in Florida, the sheer folly of leaving remote access open with so little focus on security. But it should not be a knock on remote access, which was a super-novel concept back in the mid-’80s and is still pretty awesome today as it has improved along with GUIs and network access.

  • SolarWinds hackers studied Microsoft source code for authentication and email

    The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft’s secret source code for authenticating customers, potentially aiding one of their main attack methods.


    Some of the code was downloaded, the company said, which would have allowed the hackers even more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.

    Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied.

    U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.

    Initially discovered by security provider FireEye Inc, the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based SolarWinds Corp.

  • Daniel Stenberg: “I will slaughter you”

    You might know that I’ve posted funny emails I’ve received on my blog several times in the past. The kind of emails people send me when they experience problems with some device they own (like a car) and they contact me because my email address happens to be visible somewhere.

    People sometimes say I should get a different email address or use another one in the curl license file, but I’ve truly never had a problem with these emails, as they mostly remind me about the tough challenges the modern technical life bring to people and it gives me insights about what things that run curl.

  • Reproducible Builds (diffoscope): diffoscope 167 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 167. This version includes the following changes:

    * Temporary directory handling:
      - Ensure we cleanup our temporary directory by avoiding confusion between
        the TemporaryDirectory instance and the underlying directory.
        (Closes: #981123)
      - Use a potentially-useful suffix to our temporary directory based on the
        command-line passed to diffoscope.
      - Fix some tempfile/weakref interaction in Python 3.7 (ie. Debian buster).
        (Closes: reproducible-builds/diffoscope#239)
      - If our temporary directory does not exist anymore (eg. it has been
        cleaned up in tests, signal handling or reference counting),  make sure
        we recreate it.
    * Bug fixes:
      - Don't rely on magic.Magic(...) to have an identical API between file's and PyPI's "python-magic" library.
        (Closes: reproducible-builds/diffoscope#238)
      - Don't rely on dumpimage returning an appropriate exit code; check that
        the file actually exists after we call it.
    * Codebase changes:
      - Set a default Config.extended_filesystem_attributes.
      - Drop unused Config.acl and Config.xattr attributes.
      - Tidy imports in diffoscope/comparators/
    * Tests:
      - Add u-boot-tools to test dependencies so that pipelines
        actually test the new FIT comparator.
      - Strip newlines when determining Black version to avoid "requires black
        >= 20.8b1 (18.9b0\n detected)" in test output (NB. embedded newline).
      - Gnumeric is back in testing so re-add to test dependencies.
      - Use assert_diff (over get_data, etc.) in the FIT and APK comparators.
      - Mark as being allowed to fail for now.
      - Fix the FIT tests in buster and unstable.
  • X.509 user certificate authentication with Red Hat’s single sign-on technology

    This article illustrates how to configure a browser authentication flow using X.509 user-signed certificates. Once you have set up authentication using X.509 user-signed certificates, your users will not be required to enter a username and password when authenticating against Red Hat’s single sign-on technology (SSO). Instead, they will present an X.509 certificate to the SSO instance.

Syndicate content

More in Tux Machines

today's howtos

  • Encryption at Rest in MariaDB – Linux Hint

    Encryption-at-rest prevents an attacker from accessing encrypted data stored on the disk even if he has access to the system. The open-source databases MySQL and MariaDB now support encryption-at-rest feature that meets the demands of new EU data protection legislation. MySQL encryption at rest is slightly different from MariaDB as MySQL only provides encryption for InnoDB tables. Whereas MariaDB also provides an option to encrypt files such as redo logs, slow logs, audit logs, error logs, etc. However, both can’t encrypt data on a RAM and protect it from a malicious root. In this article, we will learn to configure database-level encryption for MariaDB.

  • How To Install ERPNext on CentOS | RoseHosting Blog

    ERPNext is a completely robust ERP framework intended for small and medium-sized businesses. It covers an extensive variety of features, including accounting, CRM, inventory, selling, purchasing, manufacturing, projects, HR and payroll, website, e-commerce, and more – all of which make it profoundly adaptable and extendable. ERPNext is developed in Python and depends on the Frappe Framework. It utilizes Node.js for the front end, Nginx for the web server, Redis for caching, and MariaDB for the database.

  • How To Find Out Which Groups A User Belongs To In Linux

    A Linux group is a collection of one or more users with identical permission requirements on files and directories. An user can be a member of more than group at a time. In Linux, each group information is stored in the "/etc/group" file. In this tutorial, we will see all the possible ways to easily find out which groups a user belongs to in Linux and Unix-like operating systems. Finding out the groups to which a user account belongs will be helpful in many occasions. For instance, the other day I was installing Dropbox on my Ubuntu server. When configuring Dropbox, I had to enter my current user name and the group name. You could also be in a situation where you need to identify the groups a user belongs to. If so, use any one of the following methods to know what group a user is in.

  • How Do I Perform a Traceroute on Linux Mint 20? – Linux Hint

    Traceroute is a very useful utility that is used to track the path that a packet takes to reach a destination within a network. It can also act as a tool to report network congestion. In today’s article, we will discuss different examples that will demonstrate the usage of Traceroute on Linux Mint 20.

  • How do I Completely Remove a Package in Linux Mint 20? – Linux Hint

    The task of removing an installed package from any operating system can surely be a hassle if handled carelessly. It is because whenever you attempt to remove a package, you expect it not to leave any of its traces behind. In other words, you want a clean removal of the desired package. However, such a complete removal cannot be achieved without taking certain measures. That is why today’s article will be focused on the method of completely removing a package in Linux. Note: The method that we have attempted and shared with you in this article has been performed on a Linux Mint 20 system. However, the very same steps can also be performed on Ubuntu 20.04 and Debian 10.

  • How to Install Spotify in Fedora Linux – Linux Hint

    Spotify is a popular audio and video streaming service used by millions of people. Spotify is available for download on smartphones, tablets, and desktops for Windows, Mac, and Linux. Though Spotify works in Linux, this application is not actively supported, as it is on Windows and Mac. You can also enjoy Spotify on wearable gadgets. For example, if you have a Samsung smartwatch, you can listen to and control Spotify using the watch only. You need only install the app on your smartphone from the Play Store to start listening to tracks on Spotify. The free version of the application provides access to limited audio streaming services with advertisements. The premium service offers many features, including the ability to download media, ad-free browsing, better sound quality, and more. There are also other plans offered to specific individuals and groups. Spotify also supports various devices, such as Wireless Speakers, Wearables, Smart TVs, and Streamers.

  • How to Install Official Wallpaper Packs on Fedora? – Linux Hint

    Wallpapers are great for improving the user experience of any operating system. In the case of Fedora, one of its iconic features is the wallpapers it comes with. Every single Fedora release gets its own set of wallpaper, and these are some of the most anticipated components of any of its releases. In this guide, check out how to install official wallpaper packs on Fedora.

  • How to Reset Your Gnome Desktop to Default Settings

    Linux is a very versatile platform for not only power users, but also tweakers and tinkerers. With the rise of Linux desktop distros have come a whole new level of options for these users. Gnome is one of the most popular desktop environments on Linux and Ubuntu. The most popular desktop Linux distro now comes with Gnome out of the box following the shelving of Ubuntu’s Unity desktop environment. It, therefore, follows that there are countless ways to tweak your Gnome and make it truly yours.

  • How to Find Files Based on Timestamp in Linux

    The find command in Linux is used to search for files and folders based on different parameters. These parameters can be the filename, size, type of file, etc.

  • How to Delete Files Older Than Specified Days in Linux

    As you might already know, we use the rm command in Linux to delete files and folders. The filenames to be deleted have to be passed as arguments to rm. However, rm does not offer other options by itself, like deleting files based on timestamps. That’s the reason, we use the find command in Linux, which is used to search for files and folders based on different parameters. It is a complex command which can be used to search with parameters like the filename, size, type of file, etc. There is an option in the find command to search for files based on how old they are and today we will see how to use find and rm together to delete files older than the specified number of days.

  • How Can I Sudo Another User Without A Password? – Linux Hint

    In Linux platforms, a sudo user is a tool that implies “superuser do” to run various systems’ commands. A sudo user is typically a root user or any other user who has some privileges. To delegate important tasks like server rebooting or restarting the Apache server, or even to create a backup using the sudo command, you can use the sudo without having to enter the password again and again. By default, sudo user needs to provide some user authentication. At times, user requirements are to run a command with these root privileges, but they do not desire to type a password multiple times, especially while scripting. This is easily doable in Linux systems. In this article, we will check the method to sudo another user without entering their password.

  • How to configure Route53 with our DomainName to access a static website from S3 on AWS

    This article will help you with the steps to host a static website on S3 and redirect traffic from your subdomain to the static website on the S3 bucket. For this, you will need a domain purchased on AWS. Once you have the domain on AWS, you can create a subdomain and redirect requests from it to the S3 bucket.

  • How to install Zoom on Ubuntu, Lubuntu (latest version) using terminal

    What is zoom? Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars. You can use free and payed versios.

  • How to install mutliple Ubuntu VMs using Multipass on Ubunut 20.04 - Linux Shout

    Multipass is a platform developed by Canonical to launch and run Ubuntu virtual machines while offering a user the ability to configure them with cloud-init like a public cloud. Here we learn how to install Multipass on Ubuntu 20.04 Linux and use the same to launch Virtual machine instance. Although when it comes to launching lightweight pre-built virtual machine images with just a command, Docker comes to mind, however, Multipass could be another option for those who love to work on Ubuntu Server. Yes, if you want to launch Ubuntu Linux command line server VMs instantly on Windows, Linux and macOS then cross-platform Multipass is one of the good options to consider.

  • How to use the sipcalc Linux command line tool | Enable Sysadmin

    The only network numbers I can keep in my head are now and always have been a Class C network with a 24-bit netmask, such as I know there are 254 usable host addresses available with a broadcast address of, a gateway/router address of or (depending on who's running the network), and a human-readable netmask of That's my standard network. After all, 254 hosts are enough for any subnet, right? Wrong. A few years back, I had to step outside of my standard 254 hosts per subnet scenario when I decided to use a 22-bit netmask ( to get a 1022 usable address space. I knew little about this address space, and it was frustrating to try to search for the simple information that I needed without scrolling through forums with all the idle chatter and off-topic rhetoric. I guess some people just need a space in which to air their grievances about everything. I digress.

GhostBSD Review: Simple and Lightweight

Because there are so many different options out there for your free and open-source operating system, it can be hard to figure out what the best option is for you. Sifting between Linux distros is difficult – Debian and its derivatives, Ubuntu and its derivatives, Fedora, Arch, openSUSE, the list goes on. However, what if the best choice for you isn’t actually technically Linux? Here we review GhostBSD, a FreeBSD-based Unix OS designed for a simple desktop experience, to see if it’s the right fit for you. [...] The applications that are installed are all necessary. It’s exactly what you might expect to find in your typical lean open-source desktop OS configuration, with no frills and just the essential applications. There is not much to remark on with the user experience – it is a very simple and friendly version of the MATE desktop that’s designed to be light on system resources and simple to use. Overall, I think there is no way you could go wrong. Read more

Games: Predictions, Free Software, and Titles Developed on GNU/Linux

  • Thrilling Linux Gaming Predictions for 2021 - Boiling Steam

    Last week we reached out to the community at large with a simple question: What do you predict will happen in the world of Linux Gaming by the end of 2021? To make things a little more fun, we asked everyone to limit their Linux Gaming predictions to 5 items, and be as specific as possible as to what they expect to occur. We also asked everyone to work on their predictions individually to avoid any potential bias. Now, we are sharing with you all the predictions we received, from quite a few places across the world as you can see from the below map. The Linux Gaming Community knows no frontiers.

  • Team Cherry upgrade the excellent Hollow Knight with Vulkan for Linux | GamingOnLinux

    Team Cherry have given their excellent action-platformer metroidvania Hollow Knight a bit of an upgrade, which you can test out on Steam in a fresh Beta test. Not played it before? You're missing out. Hollow Knight is a classically styled 2D action adventure across a vast interconnected world. Explore twisting caverns, ancient cities and deadly wastes; battle tainted creatures and befriend bizarre bugs; and solve ancient mysteries at the kingdom's heart.

  • OpenLoco is a free and open source re-implementation of Chris Sawyer's Locomotion | GamingOnLinux

    Just like there's the awesome OpenTTD for fans of Transport Tycoon Deluxe, there's also OpenLoco for players who want to play through the classic Locomotion. Not a project we've covered here before it seems, so we're making that right today. Originally released back in 2004, it's actually a spiritual successor to Transport Tycoon but it was not as loved due to various problems with the original release. Perhaps though it can have a new life thanks to OpenLoco.

  • VRWorkout is a free and open source VR fitness rhythm game

    Well, that's certainly one way to get a bit more exercise in. Whatever helps right? No judgement here, I could probably do with a little more myself… It's built with the free and open source game engine Godot Engine, so not only is the source code open for the game itself it's properly open for anyone to put it together from the source and will remain so. Speaking about VRWorkout to us on Twitter, the developer mentioned they actually do develop for it on Linux but they use a Quest headset not supported on Linux so they have to work with that on Windows. Perhaps though, in time, Monado might break down that barrier.

  • Free and open source voxel game engine Minetest 5.4 is out, makes mods easier for users | GamingOnLinux

    Minetest, the Minecraft-like voxel game engine (and a basic game that comes with it) has a big new release out with Minetest 5.4.0 and it's worth trying again. As we covered before during the Release Candidate stage, one of the big features for users in this release is vastly easier modding with both small mod packs and entire games. Minetest had a way to browse and download them all directly in the game for a while, but now it will also actually download all the dependencies mods need - making it vastly easier to get what you want and then into a game. No more downloading one mod, then finding all the individual bits it needs.

GNOME 40 Beta Released for Public Testing, Here’s What’s New

As you already know, GNOME 40 will introduce a new Activities Overview design that promises better overview spatial organization, improved touchpad navigation using gestures, more engaging app browsing and launching, as well as better boot performance. But the GNOME 40 beta release is packed with many other goodies, including the ability to switch workspaces with Super+scroll on Wayland, the implementation of a Welcome dialog after major updates, improved fingerprint login support, better handling of a large number of window previews, on-screen keyboard improvements, support for handling monitor changes during screencasts, as well as integration of the clipboard with remote desktop sessions. Read more