You are here

Agreguesi i feed

4.15.3: stable

Kernel Linux - Hën, 12/02/2018 - 7:07pd
Version:4.15.3 (stable) Released:2018-02-12 Source:linux-4.15.3.tar.xz PGP Signature:linux-4.15.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.15.3

next-20180212: linux-next

Kernel Linux - Hën, 12/02/2018 - 3:44pd
Version:next-20180212 (linux-next) Released:2018-02-12

4.16-rc1: mainline

Kernel Linux - Hën, 12/02/2018 - 12:04pd
Version:4.16-rc1 (mainline) Released:2018-02-11 Source:linux-4.16-rc1.tar.gz Patch:full

Why Linux is better than Windows or macOS for security

LinuxSecurity.com - Pre, 09/02/2018 - 11:48pd
LinuxSecurity.com: Enterprises invest a lot of time, effort and money in keeping their systems secure. The most security-conscious might have a security operations center. They of course use firewalls and antivirus tools. They probably spend a lot of time monitoring their networks, looking for telltale anomalies that could indicate a breach. What with IDS, SIEM and NGFWs, they deploy a veritable alphabet of defenses.

Hackers Get Linux Running On Switch And Claim Nintendo Can't Patch The Exploit

LinuxSecurity.com - Pre, 09/02/2018 - 11:47pd
LinuxSecurity.com: No piece of hardware is totally hack-proof but Nintendo's consoles usually put up a pretty good fight - this a company that is prepared to offer a reward to people who find exploits, lest we forget.

Beware the looming Google Chrome HTTPS certificate apocalypse!

LinuxSecurity.com - Enj, 08/02/2018 - 12:02md
LinuxSecurity.com: Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate in the next two months.

Electronic Frontier Foundation chap John Perry Barlow has died

LinuxSecurity.com - Enj, 08/02/2018 - 12:00md
LinuxSecurity.com: John Perry Barlow, a co-founder of the US Electronic Frontier Foundation, and also a lyricist for the Grateful Dead, has died aged 70. Barlow passed away "quietly in his sleep" yesterday, according to the EFF, which he helped set up in 1990.

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

LinuxSecurity.com - Enj, 08/02/2018 - 11:59pd
LinuxSecurity.com: The confidential source code to Apple's iBoot firmware in iPhones, iPads and other iOS devices has leaked into a public GitHub repo.

4.14.18: longterm

Kernel Linux - Mër, 07/02/2018 - 8:12md
Version:4.14.18 (longterm) Released:2018-02-07 Source:linux-4.14.18.tar.xz PGP Signature:linux-4.14.18.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.18

3.18.94: longterm

Kernel Linux - Mër, 07/02/2018 - 8:07md
Version:3.18.94 (EOL) (longterm) Released:2018-02-07 Source:linux-3.18.94.tar.xz PGP Signature:linux-3.18.94.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-3.18.94

DDoS attacks: How an 18-year-old got arrested for trying to knock out systems

LinuxSecurity.com - Mër, 07/02/2018 - 11:03pd
LinuxSecurity.com: Netherlands police's high-tech crime unit has arrested an 18-year-old man on suspicion of launching distributed denial-of-service (DDoS) attacks on the Dutch tax authority, tech site Tweakers, and internet service provider Tweak.

Boffins crack smartphone location tracking - even if you've turned off the GPS

LinuxSecurity.com - Mër, 07/02/2018 - 10:59pd
LinuxSecurity.com: Religiously turning off location services might not save you from having your phone tracked: a paper from a group of IEEE researchers demonstrates tracking when GPS and Wi-Fi are turned off.

Amazon explained 'Key' crack before it shipped fix, says hacker who found the hole

LinuxSecurity.com - Mër, 07/02/2018 - 10:58pd
LinuxSecurity.com: The researcher behind the teaser of a new method to crack Amazon.com's "Key" connected door locks has revealed how his method works, and criticised Amazon's response to his work because it detailed the flaw before shipping a fix.

Abusing X.509 Digital Certificates for Covert Data Exchange

LinuxSecurity.com - Mar, 06/02/2018 - 10:12pd
LinuxSecurity.com: Newly discovered hack would allow attackers to send data between two systems during TLS negotiation, researchers say.

Hacking suspect Lauri Love wins landmark appeal against US extradition

LinuxSecurity.com - Mar, 06/02/2018 - 10:11pd
LinuxSecurity.com: Lauri Love has won a High Court appeal to prevent his extradition from the UK to the US on hacking charges. Love is wanted by US prosecutors to stand trial for allegedly hacking into the FBI, the US Central Bank, the US Army, and NASA, among others.

Australian cops to enter kindergartens to teach kids not to cyber

LinuxSecurity.com - Mar, 06/02/2018 - 10:10pd
LinuxSecurity.com: The Australian Federal Police (AFP) will enter the nation's infants schools to train children in online stranger danger, Minister for Law Enforcement and Cyber Security Angus Taylor announced on Tuesday.

Malware Exploiting Spectre, Meltdown Flaws Emerges

LinuxSecurity.com - Mar, 06/02/2018 - 10:08pd
LinuxSecurity.com: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks.

Ubuntu Insights: Building Slack for the Linux community and adopting snaps

Planet Ubuntu - Mar, 06/02/2018 - 10:05pd

Used by millions around the world, Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively. Slack works seamlessly with other software tools within a single integrated environment, providing an accessible archive of an organisation’s communications, information and projects. Although Slack has grown at a rapid rate in the 4 years since their inception, their desktop engineering team who work across Windows, MacOS and Linux consists of just 4 people currently. We spoke to Felix Rieseberg, Staff Software Engineer, who works on this team following the release of Slack’s first snap last month to discover more about the company’s attitude to the Linux community and why they decided to build a snap.

Install Slack snap

Can you tell us about the Slack snap which has been published?

We launched our first snap last month as a new way to distribute to our Linux community. In the enterprise space, we find that people tend to adopt new technology at a slower pace than consumers, so we will continue to offer a .deb package.

What level of interest do you see for Slack from the Linux community?

I’m excited that interest for Slack is growing across all platforms, so it is hard for us to say whether the interest coming out of the Linux community is different from the one we’re generally seeing. However, it is important for us to meet users wherever they do their work. We have a dedicated QA engineer focusing entirely on Linux and we really do try hard to deliver the best possible experience.

We generally find it is a little harder to build for Linux, than say Windows, as there is a less predictable base to work from – and this is an area where the Linux community truly shines. We have a fairly large number of users that are quite helpful when it comes to reporting bugs and hunting root causes down.

How did you find out about snaps?

Martin Wimpress at Canonical reached out to me and explained the concept of snaps. Honestly, initially I was hesitant – even though I use Ubuntu – because it seemed like another standard to build and maintain. However, once understanding the benefits I was convinced it was a worthwhile investment.

What was the appeal of snaps that made you decide to invest in them?

Without doubt, the biggest reason we decided to build the snap is the updating feature. We at Slack make heavy use of web technologies, which in turn allows us to offer a wide variety of features – like the integration of YouTube videos or Spotify playlists. Much like a browser, that means that we frequently need to update the application.

On macOS and Windows, we already had a dedicated auto-updater that doesn’t require the user to even think about updates. We have found that any sort of interruption, even for an update, is an annoyance that we’d like to avoid. Therefore, the automatic updates via snaps seemed far more seamless and easy.

How does building snaps compare to other forms of packaging you produce? How easy was it to integrate with your existing infrastructure and process?

As far as Linux is concerned, we have not tried other “new” packaging formats, but we’ll never say never. Snaps were an easy choice given that the majority of our Linux customers do use Ubuntu. The fact that snaps also run on other distributions was a decent bonus. I think it is really neat how Canonical is making snaps cross-distro rather than focusing on just Ubuntu.

Building it was surprisingly easy: We have one unified build process that creates installers and packages – and our snap creation simply takes the .deb package and churns out a snap. For other technologies, we sometimes had to build in-house tools to support our buildchain, but the `snapcraft` tool turned out to be just the right thing. The team at Canonical were incredibly helpful to push it through as we did experience a few problems along the way.

How do you see the store changing the way users find and install your software?

What is really unique about Slack is that people don’t just stumble upon it – they know about it from elsewhere and actively try to find it. Therefore, our levels of awareness are already high but having the snap available in the store, I hope, will make installation a lot easier for our users.

We always try to do the best for our users. The more convinced we become that it is better than other installation options, the more we will recommend the snap to our users.

What are your expectations or already seen savings by using snaps instead of having to package for other distros?

We expect the snap to offer more convenience for our users and ensure they enjoy using Slack more. From our side, the snap will save time on customer support as users won’t be stuck on previous versions which will naturally resolve a lot of issues. Having the snap is an additional bonus for us and something to build on, rather than displacing anything we already have.

What release channels (edge/beta/candidate/stable) in the store are you using or plan to use, if any?

We used the edge channel exclusively in the development to share with the team at Canonical. Slack for Linux as a whole is still in beta, but long-term, having the options for channels is interesting and being able to release versions to interested customers a little earlier will certainly be beneficial.

How do you think packaging your software as a snap helps your users? Did you get any feedback from them?

Installation and updating generally being easier will be the big benefit to our users. Long-term, the question is “Will users that installed the snap experience less problems than other customers?” I have a decent amount of hope that the built-in dependencies in snaps make it likely.

What advice or knowledge would you share with developers who are new to snaps?

I would recommend starting with the Debian package to build your snap – that was shockingly easy. It also starts the scope smaller to avoid being overwhelmed. It is a fairly small time investment and probably worth it. Also if you can, try to find someone at Canonical to work with – they have amazing engineers.

Where do you see the biggest opportunity for development?

We are taking it step by step currently – first get people on the snap, and build from there. People using it will already be more secure as they will benefit from the latest updates.

next-20180206: linux-next

Kernel Linux - Mar, 06/02/2018 - 4:34pd
Version:next-20180206 (linux-next) Released:2018-02-06

Dustin Kirkland: RFC: Ubuntu 18.04 LTS Minimal Images

Planet Ubuntu - Hën, 05/02/2018 - 8:44md
  • To date, we've shaved the Bionic (18.04 LTS) minimal images down by over 53%, since Ubuntu 14.04 LTS, and trimmed nearly 100 packages and thousands of files.
  • Feedback welcome here: https://ubu.one/imgSurvey
In last year's AskHN HackerNews post, "Ask HN: What do you want to see in Ubuntu 17.10?", and the subsequent treatment of the data, we noticed a recurring request for "lighter, smaller, more minimal" Ubuntu images.
This is particularly useful for container images (Docker, LXD, Kubernetes, etc.), embedded device environments, and anywhere a developer wants to bootstrap an Ubuntu system from the smallest possible starting point.  Smaller images generally:
  • are subject to fewer security vulnerabilities and subsequent updates
  • reduce overall network bandwidth consumption
  • and require less on disk storage
First, a definition..."The Ubuntu Minimal Image is the smallest base upon which a user can apt install any package in the Ubuntu archive."By design, Ubuntu Minimal Images specifically lack the creature comforts, user interfaces and user design experience that have come to define the Ubuntu Desktop and Ubuntu Cloud images.
To date, we've shaved the Bionic (18.04 LTS) minimal images down by over 53%, since Ubuntu 14.04 LTS, and trimmed nearly 100 packages and thousands of files.

Faqet

Subscribe to AlbLinux agreguesi