After announcing a few days ago that a new, important OpenSSL update is available for all supported Ubuntu Linux operating systems, Canonical's Marc Deslauriers now informs the community about another patch to address a regression.
The new security advisory (USN-3087-2) talks about a regression that was accidentally introduced along with the previous OpenSSL update (as detailed on USN-3087-1), which addressed no less than eleven (11) security vulnerabilities discovered upstream by the OpenSSL team.
If Cellebrite sounds familiar, that’s because the name of this Israeli company came up during Apple’s standoff with the FBI over breaking iPhone encryption. The agency managed to crack the San Bernardino iPhone with the help of an undisclosed company. Many people believe it was Cellebrite that came to the rescue. Meanwhile, the company revealed that it could hack just about any modern smartphone, but refused to say whether its expertise is used by the police forces of repressive regimes.
Microsegmentation, a method to create secure, virtual connections in software-defined data centers (SDDCs), has already emerged as one of the primary reasons to embrace network virtualization (NV). But some vendors believe that East-West encryption of traffic inside the data center could be the next stop in data-center security.
For example, VMware says it is looking at encrypting East-West traffic inside the data center, adding another layer of security to the SDDC. Why is that important? Today, most firewalls operate on the perimeter of the data center – either guarding or encrypting data leaving the data center for the WAN. And some security products may encrypt data at rest inside the data center. But encrypting the traffic in motion between servers inside the data center – known in the business as the East-West traffic – is not something that’s typically done.
It's generally agreed that the state of security for the Internet of Things runs from "abysmal" to "compromised during unboxing." The government -- despite no one asking it to -- is offering to help out… somehow. DHS Assistant Secretary for Cyber Policy Robert Silvers spoke at the Internet of Things forum, offering up a pile of words that indicates Silvers is pretty cool with the "cyber" part of his title... but not all that strong on the "policy" part.
Uruk GNU/Linux appears to be a fairly young project with some lofty goals, but some rough edges and unusual characteristics. I applaud the developers' attempts to provide a pure free software distribution, particularly their use of Gnash to provide a pretty good stand-in for Adobe's Flash player. Gnash is not perfect, but it should work well enough for most people.
On the other hand, Uruk does not appear to offer much above and beyond what Trisquel provides. Uruk uses Trisquel's repositories and maintains the same free software only stance, but does not appear to provide a lot that Trisquel on its own does not already offer. Uruk does feature some add-ons from Linux Mint, like the update manager. However, this tends to work against the distribution as the update manager hides most security updates by default while Mint usually shows all updates, minus just the ones known to cause problems with stability.
As I mentioned above, the package compatibility tools talked about on the Uruk website do not really deliver and are hampered by the missing alien package in the default installation. The build-from-source u-src tool may be handy in some limited cases, but it only works in very simple scenarios with specific archive types and build processes. Hopefully these package compatibility tools will be expanded for future releases.
Right now I'm not sure Uruk provides much above what Trisquel 7.0 provided two years ago. The project is still young and may grow in time. This is a 1.0 release and I would hold off trying the distribution until it has time to build toward its goals.
OpenSUSE Leap 42.2 Beta2 OpenSUSE Leap 42.2 Beta2
Leap 42.2 Beta2 is looking pretty good, except for the problems with Plasma 5 and the nouveau driver. That’s really an upstream issue (a “kde.org” issue). I hope that is fixed in time for the final release. Otherwise, I may have to give up on KDE for that box.