Language Selection

English French German Italian Portuguese Spanish


How Linux Kernel Development Impacts Security

Filed under

The Linux kernel is a fast moving project, and it's important for both users and developers to quickly update to new releases to remain up-to-date and secure. That was the keynote message Greg Kroah-Hartman, maintainer of the stable Linux kernel, delivered at CoreOS Fest on May 9 here.

Kroah-Hartman is a luminary in the Linux community and is employed by the Linux Foundation, publishing on average a new Linux stable kernel update every week. In recent years, he has also taken upon himself the task of helping to author the "Who Writes Linux" report that details the latest statistics on kernel development. He noted that, from April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day.

Read more

Also: Neat drm/i915 Stuff for 4.7

Here's a List of All the Ethical Hacking Tools Included in BlackArch Linux

Filed under

At the beginning of the month, we informed you about the general availability of an updated ISO image for the Arch Linux-based BlackArch Linux operating system, which gave users access to over 1,400 penetration testing tools.

BlackArch Linux 2016.04.28 was, as its version number suggests, baked and cooked at the end of April, and it introduced 80 new security-oriented utilities to the ever growing collection of tools that are available in the software repositories of this GNU/Linux operating system.

Read more

Compare to: IE and Graphics head Microsoft's Patch Tuesday critical list

Debian-Based Univention Corporate Server 4.1-2 Brings Important Security Updates

Filed under

Maren Abatielos of Univention GmbH informs us today, May 10, 2016, about the release of the second maintenance build of Univention Corporate Server (UCS) 4.1.

Read more

Security Leftovers

Filed under
  • Security updates for Tuesday
  • This Botnet, Called Jaku, Only Targets Scientists, Engineers, And Academics

    Jaku Botnet discriminates while targeting its victims in the wild. It is easier to download from the famous sources like images or Torrents — thanks to the unforced human errors — and once installed, it grips that computer and makes that a part of the Botnet network.

  • Reproducible builds: week 54 in Stretch cycle

    There has been a surprising tweet last week: "Props to @FiloSottile for his nifty gvt golang tool. We're using it to get reproducible builds for a Zika & West Nile monitoring project." and to our surprise Kenn confirmed privately that he indeed meant "reproducible builds" as in "bit by bit identical builds". Wow. We're looking forward to learn more details about this; for now we just know that they are doing this for software quality reasons basically.

  • Security Analyst Arrested For Disclosing Security Flaw In Florida County's Election Systems

    A Florida man has been charged with felony criminal hacking charges after disclosing vulnerabilities in the voting systems used in Lee County, Florida. Security analyst David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the county's election systems. Levin was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond. Levin's first and biggest mistake was to post a video of himself on YouTube logging into the Lee County Elections Office network using the credentials of Sharon Harrington, the Lee County Supervisor of Elections.

KDE Applications 16.04 Gets Its First Point Release, Includes Over 25 Bug Fixes

Filed under

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

Read more

Security Leftovers

Filed under

Ubuntu LTS Kernel Vulnerabilities

Filed under

Security Leftovers

Filed under
  • Secure from whom

    Side-channel attacks are a thing, this is true. But they also cost a lot of time and money to develop. If you want something that can be applied to more than just a single target, that cost explodes. That is why the two most common places where side-channel attacks are developed are nation states and universities specializing in that research.


    So in summation, I’m far more interested in focusing on our ability to get security fixes out to users in a timely fashion. Herd immunity can work for software too.

  • Security isn't a feature, it's a part of everything

    Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know that web browsers used to cost money? Times were crazy.

  • Student Tried to Hack His School Network, Police Calls Him An Anonymous Member

    The State police and school district officials in Pennsylvania are investigating a case that involves a school student trying to hack into the school’s Wi-Fi network. The officials have told a local newspaper that they have found some evidence regarding his association with the hacktivist group Anonymous

Security Leftovers

Filed under
  • This Single Command Can Hack Your Windows AppLocker In Seconds

    If you use Windows AppLocker to restrict others from using some applications and locking down your Windows PC, here’s something to worry about. Casey Smith, a security researcher, has found a way to bypass the AppLocker whitelist and run arbitrary scripts. IT admins are advised to run this command on their systems and see if some loopholes exist in their network.

  • Here's how I verify data breaches

    Other headlines went on to suggest that you need to change your password right now if you're using the likes of Hotmail or Gmail, among others. The strong implication across the stories I've read is that these mail providers have been hacked and now there's a mega-list of stolen accounts floating around the webs.

  • The Top 4 in a Linux Environment
  • An update on SSH protocol 1

    At this stage, we're most of the way towards fully deprecating SSH protocol 1 - this outlines our plans to complete this task.

  • High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
  • Firejail 0.9.40-rc1 Release Announcement

    We are happy to announce the release candidate of Firejail version 0.9.40-rc1 (download). Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release includes a number of major features, such as X11 sandboxing support, file transfers between sandboxes and the host system, run-time configuration support, Ubuntu 14.04 AppArmor support, and firecfg, a desktop configuration utility. A number of smaller features, documentation and bugfixes are also included:

Security Leftovers

Filed under
  • Friday's security updates
  • OpenSSL Patches Six Vulnerabilities

    Only two of the flaws patched are rated as high impact, and none is getting the Heartbleed treatment.
    The open-source OpenSSL cryptographic library project issued a security update this week that patched six issues, though only two of them are rated "critical."

  • Critical Linux Kernel Update for Ubuntu 16.04 LTS Patches 15 Vulnerabilities

    Canonical published a new security notice to inform the community about the availability of an important kernel update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system.

  • Linus Torvalds Talks IoT, Smart Devices, Security Concerns, and More [Video]

    Torvalds remained customarily philosophical when Hohndel asked about the gaping security holes in IoT. “I don’t worry about security because there’s not a lot we can do,” he said. “IoT is unpatchable -- it’s a fact of life.”

    The Linux creator seemed more concerned about the lack of timely upstream contributions from one-off embedded projects, although he noted there have been significant improvements in recent years, partially due to consolidation on hardware.

    “The embedded world has traditionally been hard to interact with as an open source developer, but I think that’s improving,” Torvalds said. “The ARM community has become so much better. Kernel people can now actually keep up with some of the hardware improvements. It’s improving, but we’re not nearly there yet.”

    Torvalds admitted to being more at home on the desktop than in embedded and to having “two left hands” when it comes to hardware.

    “I’ve destroyed things with a soldering iron many times,” he said. “I’m not really set up to do hardware.” On the other hand, Torvalds guessed that if he were a teenager today, he would be fiddling around with a Raspberry Pi or BeagleBone. “The great part is if you’re not great at soldering, you can just buy a new one.”

Syndicate content

More in Tux Machines

Leftovers: Software

  • i2pd 2.10 released
    i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers). I2P allows people from all around the world to communicate and share information without restrictions.
  • Pixeluvo Review | Photo Editor for Linux & Windows
    A review of Pixeluvo, a great photo editor available on Linux and Windows. Pixeluvo is not free or open source.
  • Blit, A Retrospective On My Largest Project Ever
    I’ve always been someone who’s liked art and programming. Especially combining the two. One of my favorite genres is pixel art, or sprites as they are also known. I’ve dabbled in making a few other art programs before, but nothing like this. Originally Blit supposed to be only a sprite animation tool that had a modern look and feel, but my ideas for it grew greater (*sigh* feature creep). There are many other sprinting tools out there like GrafX2, Aseprite, (and other 2D animation programs like TVPaint). I’m not saying that it’s wrong that they make their own GUI toolkit, but it feels kind of odd. I really wanted to bring these types of programs out of the days of the Amiga. After doing some initial research, I settled on using Qt.
  • An alert on the upcoming 7.51.0 release
    In two weeks time, on Wednesday November 2nd, we will release curl and libcurl 7.51.0 unless something earth shattering happens.
  • Desktop Gmail Client `WMail` 2.0.0 Stable Released
    WMail is a free, open source desktop client for Gmail and Google Inbox, available for Linux, Windows, and Mac.
  • SpaceView: Ubuntu File System Usage Indicator
  • FunYahoo++: New Yahoo Messenger Plugin For Pidgin / libpurple [PPA]
    Yahoo retired its old Messenger protocol in favor of a new one, breaking compatibility with third-party applications, such as Pidgin, Empathy, and so on. Eion Robb, the SkypeWeb and Hangouts developer, has created a replacement Yahoo prpl plugin, called FunYahoo++, that works with the new Yahoo Messenger protocol. Note that I tested the plugin with Pidgin, but it should work with other instant messaging applications that support libpurple, like BitlBee or Empathy.
  • GCC Lands Loop Splitting Optimization
    The latest GCC 7 development code has an optimization pass now for loop splitting.
  • GCC 7 To End Feature Development Next Month
    Friday's GCC 7 status report indicates the feature freeze is coming up in just a few weeks. Red Hat developer Jakub Jelinek wrote in the latest status report, "Trunk which will eventually become GCC 7 is still in Stage 1 but its end is near and we are planning to transition into Stage 3 starting Nov 13th end of day time zone of your choice. This means it is time to get things you want to have in GCC 7 finalized and reviewed. As usual there may be exceptions to late reviewed features but don't count on that. Likewise target specific features can sneak in during Stage 3 if maintainers ok them."
  • GNU Parallel 20161022 ('Matthew') released [stable]
    GNU Parallel 20161022 ('Matthew') [stable] has been released. It is available for download at: No new functionality was introduced so this is a good candidate for a stable release.
  • GNU Health 3.0.4 patchset released
    GNU Health 3.0.4 patchset has been released !
  • guile-ncurses 2.0 released
    I am pleased to announce the release of guile-ncurses 2.0 guile-ncurses is a library for the creation of text user interfaces in the GNU Guile dialect of the Scheme programming language. It is a wrapper to the ncurses TUI library. It contains some basic text display and keyboard and mouse input functionality, as well as a menu widget and a form widget. It also has lower level terminfo and termios functionality.
  • Unifont 9.0.03 Released
    Unifont 9.0.03 is released. The main changes are the addition of the Pikto and Tonal ConScript Unicode Registry scripts.
  • PATHspider 1.0.0 released!
    In today’s Internet we see an increasing deployment of middleboxes. While middleboxes provide in-network functionality that is necessary to keep networks manageable and economically viable, any packet mangling — whether essential for the needed functionality or accidental as an unwanted side effect — makes it more and more difficult to deploy new protocols or extensions of existing protocols. For the evolution of the protocol stack, it is important to know which network impairments exist and potentially need to be worked around. While classical network measurement tools are often focused on absolute performance values, PATHspider performs A/B testing between two different protocols or different protocol extensions to perform controlled experiments of protocol-dependent connectivity problems as well as differential treatment.
  • The Domain Name System

today's howtos

Leftovers: KDE

  • Happy 20th birthday, KDE!
    KDE turned twenty recently, which seems significant in a world that seems to change so fast. Yet somehow we stay relevant, and excited to continue to build a better future. Lydia asked recently on the KDE-Community list what we were most proud of.
  • SETI – Week of Information Technology
  • KDevelop for Windows available on Chocolatey now
    Which is already great in itself! But now it's also possible to install it via the super popular Windows package manager for Windows, Chocolatey.
  • colord-kde 0.5.0 released!
    Last official stable release was done more than 3 years ago, it was based on Qt/KDE 4 tech, after that a few fixes got in what would be 0.4.0 but as I needed to change my priorities it was never released. Thanks to Lukáš Tinkl it was ported to KF5, on his port he increased the version number to 0.5.0, still without a proper release distros rely on a git checkout.
  • Call for attendees Lakademy 2017
    As many of you know, since 2012 we organize the Lakademy, a sort of Latin American Akademy. The event brings together KDE Latin American contributors in hacking sessions to work on their projects, promo meetings to think KDE dissemination strategies in the region and other activities.
  • Plasma 5 Desktop on FreeBSD Branding
    The FreeBSD packages of KDE software — the KDE 4 desktop, and soon KDE Frameworks 5 and Plasma 5 Desktop and KDE Applications — have traditionally been shipped pretty much as delivered from the upstream source. We compile, we package, and there is very little customization we do as a “distro”. The KDE 4 packages came with a default wallpaper that was a smidgen different from the one shipped with several Linux distro’s. I think Ivan Cukic did that artwork originally. For Plasma 5 Desktop, we also wanted to do a tiny bit of branding — just the default wallpaper for new users, mind.
  • A bit on Tooling
    So on the weekend I also worked on updating Qt 5.6.1 to Qt 5.6.2 on FreeBSD, which involves using new and scary tools as well. Power tools, they can be really useful, or they can take off a finger if you’re not careful. In this case it was Phabricator, which is also used in KDE — but not everywhere in KDE. For FreeBSD, the tool is used to review updates to ports (the packaging instructions), so I did an update of Qt from 5.6.1 to 5.6.2 and we handled the review through FreeBSD’s Phab. The ports infrastructure is stored in SVN, so the review is relatively straightforward: update the ports-tree checkout, apply your changes, use arc to create or update a review request. I was amazed by how painless it was — somehow I’d been frightened. Using the tool once, properly, makes a big difference in self-confidence.
  • Krita 3.1 second beta.
    The Krita 3.1 beta come with a full features and fixes. The linux version to download your krita-3.0.91-x86_64.appimage.
  • Second Beta for Krita 3.1 Available
    We’re still fixing bugs like madmen… And working on some cool new features as well, but that’s for a later release. In any case, here is the second Krita 3.1 beta! Yes, you’re reading that correctly. Originally, we had planned to use 3.0.2 as the version for this release, but there is so much news in it that it merits a bigger version bump.


  • Consequences of the HACK CAMP 2016 FEDORA + GNOME
    I used to do install parties in order to promote the use of FEDORA and GNOME project since five years ago. As you can see more details in the Release Party FEDORA 17 for Fedora, and Linux Camp 2012, GNOME PERU 2013, GNOME PERU 2014...
  • GNOME Shell Making It Easy To Launch Apps/Games For Optimus / Dual GPU Systems
    With the GNOME 3.24 desktop that's currently in development the latest GNOME Shell code has support for easily letting the user launch an app on a dedicated GPU when applicable for handling NVIDIA Optimus use-cases of having integrated and discrete GPU laptops. When a dual-GPU system is detected, a menu item will be added to opt for "Launch using Dedicated Graphics Card", per this commit. The GNOME Shell change for supporting discrete GPUs was made and when the user opts to launch on the dedicated GPU, the DRI_PRIME=1 environment variable will automatically be set for that new program/game.