Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Android Leftovers

Security: Patches, Ease of Use and Debian Key Signing

  • Security updates for Wednesday

    Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).

  • Balancing Linux security with usability

    Building an operating system is a difficult balance, and a Linux distribution is no different. You need to consider the out-of-the-box functionality that most people are going to want, and accessibility for a wide swath of administrators' skillsets. If you make your distro very secure, but a newbie sysadmin can't figure out how to work with it…well, they're going to find an easier distribution to go learn on, and now you've lost that admin to another distribution. So it's really no surprise that, right after install time, most Linux distributions need a little bit of tweaking to lock them down. This has gotten better over the years, as the installers themselves have gotten easier to use and more feature-rich. You can craft a pretty custom system right from the GUI installer. A base Red Hat Enterprise Linux (RHEL) system, for example, if you've chosen the base package set, is actually pretty light on unnecessary services and packages. There was a time when that was not true. Can you imagine passwords being hashed, but available in /etc/password for any user to read? Or all system management being carried out over Telnet? SSH wasn't even on, by default. Host-based firewall? Completely optional. So, 20 years ago, locking down a newly installed Linux system meant a laundry list of tasks. Luckily, as computing has matured, so has the default install of just about any operating system.

  • Key signing in the pandemic era

    The pandemic has changed many things in our communities, even though distance has always played a big role in free software development. Annual in-person gatherings for conferences and the like are generally paused at the moment, but even after travel and congregating become reasonable again, face-to-face meetings may be less frequent. There are both positives and negatives to that outcome, of course, but some rethinking will be in order if that comes to pass. The process of key signing is something that may need to change as well; the Debian project, which uses signed keys, has been discussing the subject. In early August, Enrico Zini posted a note to the debian-project mailing list about people who are trying to get involved in Debian, but who are lacking the necessary credentials in the form of an OpenPGP key signed by other Debian project members. The requirements for becoming a Debian Maintainer (DM) or Debian Developer (DD) both involve keys with signatures from existing DDs; two signatures for becoming a DD or one for becoming a DM. Those are not the only steps toward becoming formal members of Debian, but they are ones that may be hampering those who are trying to do so right now. DDs and DMs use their keys to sign packages that are being uploaded to the Debian repository, so the project needs to have some assurance that the keys are valid and are controlled by someone that is not trying to undermine the project or its users. In addition, votes in Debian (for project leaders and general resolutions) are made using the keys. They are a fundamental part of the Debian infrastructure.

KDDockWidgets 1.0 has been released

KDDockWidgets is an advanced docking system for Qt, with features that are not available in QDockWidget. See our first blog post, for a quick introduction and the motivation for a new docking framework. We’ve come a long way since the initial announcement of KDDockWidgets. The 1.0 release represents the culmination of one year of using the library in production for five different huge projects — one year of incorporating real feedback in the form of new features, bug fixes, or simply making the framework more customizable. Read more

Tumbleweed Gets New KDE Frameworks, systemd

KDE Frameworks 5.74.0 and systemd 246.4 became available in openSUSE Tumbleweed after two respective snapshots were released this week. Hypervisor Xen, libstorage-ng, which is a C++ library used by YaST, and text editor vim were also some of the packages update this week in Tumbleweed. The most recent snapshot released is 20200919. KDE Frameworks 5.74.0 was released earlier this month and its packages made it into this snapshot. KConfig introduced a method to query the KConfigSkeletonItem default value. KContacts now checks the length of the full name of an email address before trimming it with an address parser. KDE’s lightweight UI framework for mobile and convergent applications, Kirigami, made OverlaySheet of headers and footers use appropriate background colors, updated the app template and introduced a ToolBarLayout native object. Several other 5.74.0 Framework packages were update like Plasma Framework, KTestEditor and KIO. Bluetooth protocol bluez 5.55 fixed several handling issues related to the Audio/Video Remote Control Profile and the Generic Attribute Profile. A reverted Common Vulnerabilities and Exposures patch that was recommended by upstream in cpio 2.13 was once again added. GObject wrapper libgusb 0.3.5 fixed version scripts to be more portable. Documentation was fixed and translations were made for Finnish, Hindi and Russian in the 4.3.42 libstorage-ng update. YaST2 4.3.27 made a change to hide the heading of the dialog when no title is defined or the title is set to an empty string. Xen’s minor updated reverted a previous libexec change for a qemu compatibility wrapper; the path used exists in domU.xml files in the emulator field. The snapshot is trending stable at a 99 rating, according to the Tumbleweed snapshot reviewer. Read more