Aggregator

If you're a fan of the Google Chrome web browser and you use it on your Android smartphone or tablet, you should know that it's been updated to version 72.0.3626.76

BlackArch is a penetration testing distribution, similar to Kali Linux, but it's built on top of Arch Linux.

The Linux Mint team is currently working on speeding up the loading time by optimizing two internal components

Linuxize: Let's Encrypt is a free and open certificate authority

While the GNOME desktop environment already offers a few ways for users to stream to Chromecast, AirPlay, or Miracast devices

HowToForge: ApostropheCMS is a free and open source content management system based on Node.js and MongoDB

 ZDnet: Canonical is updating Ubuntu 18.04 to the 4.15.0-44.47 Linux kernel to fix several security bugs.

Snapcraft 3.1 is now available as a minor update to the Snapcraft 3.x series

Turning your project's accounting duties over to a fiscal sponsor can keep you out of financial trouble and help you focus on the things you do best.

Configure your desktop as you want with Budgie

opensource.com: There is significant potential for abuse when privacy protections in open data are insufficient or nonexistent.

News briefs for January 31, 2019.

Ubuntu 18.04 needs to be patched to fix several security bugs. ZDNet reports that Canonical is updating Ubuntu 18.04 to a new kernel, 4.15.0-44.47, which contains 11 security fixes. The most important of these addresses problems with the ext4 filesystem. If you use Ubuntu 18.04, patch your system as soon as possible. See also the Ubuntu security notice for more information and instructions on how to update.

Alpine 3.9 was released this week—the first release of the v3.9 stable series of the "security-oriented, lightweight Linux distribution based on musl libc and busybox". New features include support for armv7, a switch from LibreSSL to OpenSSL and improved GRUB support. Go here to download.

Three new openSUSE Tumbleweed snapshots were released this week that contained new versions of PHP7, poppler, GTK3 and LibreOffice. The first of the snapshots also included all the package upgrades for KDE Applications.

Red Hat this morning announced the latest version of the Red Hat infrastructure migration solution. New capabilities provide "greater customer choice, helping to further reduce infrastructure complexity and facilitating a pathway to open hybrid cloud environments". The two new target platforms are the Red Hat OpenStack Platform and the Red Hat Hyperconverged Infrastructure for Virtualization.

Electric Cloud yesterday announced a new version of its software build and test acceleration platform, ElectricAccelerator 11.0. The press release notes that "the platform now offers new plug-and-play support for Android Open Source Project, accelerated embedded Linux builds based on the Yocto project, and cloud bursting for AWS and Kubernetes help businesses shrink development cycles and improve software quality."

Learn about how the cutting-edge, free software Heads project detects BIOS and kernel tampering, all with keys under your control.

Disclaimer: I work for Purism, and my experience with Heads began as part of supporting it on Purism's hardware. As a technical writer, I personally find ads that mask themselves as articles in technical publications disingenuous, and this article in no way is intended to be an advertisement for my employer. However, in writing this deep dive piece, I found that mentioning Purism was unavoidable in some places without leaving out important information about Heads—in particular, the list of overall supported hardware and an explanation of Heads' HOTP alternative to TOTP authentication, because it requires a specific piece Purism hardware.

Some of the earliest computer viruses attacked the boot sector—that bit of code at the beginning of the hard drive in the Master Boot Record that allowed you to boot into your operating system. The reasons for this have to do with stealth and persistence. Viruses on the filesystem itself would be erased if users re-installed their operating systems, but if they didn't erase the boot sector as part of the re-install process, boot sector viruses could stick around and re-infect the operating system.

Antivirus software vendors ultimately added the ability to scan the boot sector for known viruses, so the problem was solved, right? Unfortunately, as computers, operating systems and BIOSes became more sophisticated, so did the boot-sector attacks. Modern attacks take over before the OS is launched and infect the OS itself, so when you try to search for the attack through the OS, the OS tells you everything is okay.

That's not to say modern defenses to this type of attack don't exist. Most modern approaches involve proprietary software that locks down the system so that it can boot only code that's signed by a vendor (typically Microsoft, Apple, Google or one of their approved third-party vendors). The downside, besides the proprietary nature of this defense, is that you are beholden to the vendor to bless whatever code you want to run, or else you have to disable this security feature completely (if you can).

Fortunately, an alternative exists that is not only free software, but that also takes a completely different approach to boot security by alerting you to tampering instead of blocking untrusted code. This approach, Heads, can detect tampering not only in the BIOS itself but also in all of your important boot files in the /boot directory, including the kernel, initrd and even your grub config. The result is a trusted boot environment with keys fully under your own control.

In this article, I describe some of the existing boot security approaches in more detail, along with some of their limitations, and then I describe how Heads works, and how to build and install it on your own system.

Learn how to install PlayOnLinux on your Ubuntu both through the command line and the graphical user interface.

LinuxLinks: Crow Translate bills itself as a cross-platform, lightweight, translator supporting 117 different languages.

2DayGeek: ODrive stands for Open Drive

Please support Linux Journal by subscribing or becoming a patron.