Language Selection

English French German Italian Portuguese Spanish

Security

2014: Year of open source miracles

Filed under
OSS
Security

We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.

This isn’t an open source problem, it’s a software management problem.

Read more

Lollipop's Encryption Takes a Hefty Toll

Filed under
Android
Security

The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.

In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.

Read more

Open Source Code Contains Fewer Defects, But There's a Catch

Filed under
Development
OSS
Security

Research suggests that software developed using open source code contains fewer defects than that built with proprietary code. The catch is that open source code rarely benefits from security teams specifically tasked with looking for bugs.

Read more

Gngr: A New Web Browser Focused On Privacy

Filed under
OSS
Security
Web

A group of developers have started writing their own open-source web browser that primarily is designed to increase web privacy and greater security.

Gngr is the new web browser under development and its conservative defaults mean no cookies, JavaScript, HTTP referring support, third-party frames, and a minimalistic user-agent string.

Gngr is written in Java to make use of the Java runtime's sandboxing abilities but ultimately they plan to switch over to some other JVM-based language.

While the code has yet to drop on Gngr, it's said to be coming after the initial release.

Those interested in more information on this privacy-focused web-browser can visit Gngr.info.

Read more

Security considerations for Enterprise Linux

Filed under
GNU
Linux
Security

To maintain an application infrastructure that meets continually expanding business demands, organizations need more than a maintenance and support contract. Organizations need a proven, scalable, reliable, and secure enterprise platform.

Read more

Synchronize Your Life with ownCloud

Filed under
OSS
Security

Like most families these days, our family is extremely busy. We have four boys who have activities and appointments. My wife and I both have our own businesses as well as outside activities. For years, we've been using eGroupware to help coordinate our schedules and manage contacts. The eGroupware system has served us well for a long time. However, it is starting to show its age. As a Web-based groupware system, it's pretty well polished, but it doesn't hold a candle to Kontact or Thunderbird. Also, my wife finds that she needs to access her calendar from her Android phone, and eGroupware just isn't very mobile-friendly. Sure, we can set up calendar synchronization, but eGroupware seems to have added synchronization as an afterthought, and it really doesn't work as well as we'd like.

Read more

Linux Security Distros Compared: Tails vs. Kali vs. Qubes

Filed under
GNU
Linux
Security

If you're interested in security, you've probably already heard of security-focused Linux distros like Tails, Kali, and Qubes. They're really useful for browsing anonymously, penetration testing, and tightening down your system so it's secure from would-be hackers. Here are the strengths and weaknesses of all three.

It seems like every other day we hear about another hack, browser exploit, or nasty bit of malware. If you do a lot of your browsing on public Wi-Fi networks, you're a lot more susceptible to these types of hacks. A security-focused distribution of Linux can help. For most of us, the use cases here are pretty simple.

Read more

Enterprise Linux 6.5 to 6.6 risk report

Filed under
Red Hat
Security

Red Hat Enterprise Linux 6.6 was released the 14th of October, 2014, eleven months since the release of 6.5 in November 2013. So lets use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 6 Server.

Read more

Google Open Sources Sophisticated Network Security Tool

Filed under
Google
OSS
Security

Google has announced an open source tool for testing network traffic security called Nogotofail. The project is now available on GitHub, and Google is inviting the community to work with it and help improve the security of networks and the Internet.

Many people are familiar with the “HTTPS everywhere” tool, and a related Firefox add-on, which protect online security. Nogotofail is a roughly similar tool, but is more robust. Here are the details.

Read more

Also: Google Releases Nogotofail Tool to Test Network Security

Syndicate content

More in Tux Machines

today's howtos

Leftovers: Gaming

KDE and Akademy

  • KDE Has Created Shashlik, A Way To Install Android Apps On Linux
    As you may know, KDE has created Shashlik, an emulator that permits the installation of Android apps on Linux systems. While Android is still Linux because they share the Linux kernel, Google’s OS has its own libraries and services while Linux uses the libraries and services brought by GNU.
  • Passing the Torch
    I hereby want to announce an open call to find a new maintainer for KDE’s speech recognition efforts.
  • Kubuntu Paddleboard Club
  • Akademy 2015 & Kate
    I didn’t do that much work on Kate, I mostly did small bugfixes for the applications bundled with the KDE Applications releases regarding their HiDPI support, finally no Konsole that can’t redraw correctly on scrolling on a HiDPI screen with scaling activated!
  • It’s the final countdown
  • Akademy 2015 coming to an end
    During the BoF days from Monday to Thursday, a great many tiny videos were shot of many of the attendees by Dan Leinir Turthra Jensen. These have been edited and cut up and turned into a video explaining, very shortly, what KDE really is. Being a community of people contributing to the development of software, the conclusion is straight forward. See the unsurprising conclusion in the video entitled What is KDE? (webm, mp4, vimeo), created as a tribute to the KDE community and all the amazing people in it.

Fedora: The Latest