Jump to content

Search the Community

Showing results for tags 'linux'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 460 results

  1. We brought you the list of the most popular programming languages as per the Stack Overflow’s annual developer survey. Being the largest survey of its kind, it’s able to deliver some fascinating insights regarding the current software development landscape. We, unsurprisingly, discovered that JavaScript continues to be the most popular programming language with about 70% of respondents using it. In the second article of that series, we are going to tell you about the preferred platforms for development. The development platform is critical as it can either make you fall in love with your work or just drive you nuts. That’s why Stack Overflow asked developers about the platforms they love working for and the ones they’ve actually worked for in the past year. 16 Most popular development platforms As the article’s title has already revealed, Linux is the most popular platform among the survey respondents. Out of the 80,144 responses, 53.3% were in favor of Linux. This means that they’d done development work for Linux over the past year. This number has increased from last year’s 48.3%, which is a really encouraging sign for the open source community. Linux was followed by its closed source nemesis Windows, which gained 50.5% votes. For the first time, Stack Overflow included container technologies in the survey, and Docker ended up at #3 with 31.5% votes. Platforms Votes Linux 53.30% Windows 50.70% Docker 31.50% Android 27.00% AWS 26.60% MacOS 22.20% Slack 20.90% Raspberry Pi 15.20% WordPress 14.50% iOS 13.00% Google Cloud Platform 12.40% Microsoft Azure 11.90% Arduino 10.70% Heroku 10.60% Kubernetes 8.50% IBM Cloud or Watson 1.90% 16 Most Loved Development Platforms Without a surprise, Linux also turned out to be the most loved platform for development with 83.1% votes. It means that developers surely loved working on Linux technologies. This is, again, an encouraging sign as this number has risen considerably as compared to last year’s 76.5%. Platforms Votes Linux 83.10% Docker 77.80% Kubernetes 76.80% Raspberry Pi 72.10% AWS 71.60% MacOS 70.50% iOS 68.10% Google Cloud Platform 66.80% Microsoft Azure 65.40% Slack 65.20% Android 64.50% Windows 64.20% Arduino 61.30% Heroku 52.70% IBM Cloud or Watson 44.60% WordPress 40.50% Keep reading, keep coding! Source
  2. Flatpak Linux App Sandboxing Gets New FUSE-Based System-Wide Installation Method The Flatpak development team released today a new stable version of their Linux application sandboxing and distribution framework that implements a new major feature around the system-wide installation method. Flatpak 1.3.2 is now available and it contains a major change in how installation of Flatpak apps is done system-wide as a user. The developers decided to rewrite the setup process of a Flatpak app due to the fact that the previous method caused unnecessary I/O and used more disk space. The new setup process relies on a custom FUSE file system. "The new setup uses a new custom fuse filesystem which the user writes to, and then when this is done we can safely revoke any access to this from the user, meaning the files can be directly imported into the system repository without needing to make a copy," explains Alexander Larsson in the GitHub announcement page. But it appears that there's also a downside of the new system-wide installation method, which apparently makes the packaging of a Flatpak app more complex due to it requiring to have a "flatpak" user already added in the package. Packagers can change the default user with the --with-system-helper-user=USERNAME parameter.Coming soon to a GNU/Linux distro near youIn addition to the new FUSE-based setup method, the Flatpak 1.3.2 release comes with a custom SELinux module, which can be enabled with the --enable-selinux-module parameters, to workaround an issue where the default SELinux policy prohibited Flatpak from passing a UNIX socket over the system bus. The selinux-module needs to be installed for this to work. Moreover, Flatpak 1.3.2 adds a new --socket=pcsc permission for accessing smart cards, a new runtime column to the "flatpak list" command, support for storing description, comment, icon and homepage fields from flatpakrepo files in the remote configuration, and lets users specify a rebasing version of end-of-life. Flatpak 1.3.2 will soon be available in the stable software repositories of your favorite GNU/Linux distribution. Source
  3. AV Linux to Drop 32-Bit Support, Focus Its Development on Debian 10 "Buster" The developers of the Debian-based AV Linux multimedia oriented GNU/Linux distribution have released a new version and announced some major upcoming changes in the development of the project. AV Linux is currently based on the stable Debian GNU/Linux 9 "Stretch" operating system series and features support for both 32-bit and 64-bit architectures, but AV Linux 2019.4.10 appears to be the last release with these features as the devs decided it's time for a change. They announced that the next major release of AV Linux will be based on the upcoming Debian GNU/Linux 10 "Buster" (currently developed under the Debian Testing umbrella), and that it will drop support for 32-bit installations. However, most probably current 32-bit installations will still be supported. "This release is basically an update of the ISO that fixes a couple of annoying bugs from the 2018.6.25 release with some notable updates and additions. It will mark the last release based on Debian Stretch and sadly it will also be the last release of the 32bit version," said the developer.What's new in AV Linux 2019.4.10AV Linux 2019.4.10 is the latest version of the Debian-based GNU/Linux distribution for musicians and video editors, shipping with some of the latest apps, including Mixbus Demo 5.2.191, LSP Plugins 1.1.9, LinVST 2.4.3, Dragonfly Reverb Plugins 1.1.2, KPP-Plugins 1.0+GIT, and AviDemux2.7.3. It also ships with a new Numix Circle theme and prepares users for the new Cinelerra-GG software by updating the repositories. The WineHQ and Spotify repository keys were refreshed as well, along with all the Debian GNU/Linux and third-party repositories, including those for the KXStudio application. Under the hood, the AV Linux 2019.4.10 release fixes the script responsible for removing the VBox Guest Additions package to keep the /etc/rc.local file executable and enable automatic mount of external drives, and fixes the missing "linvstconverttree" in LinVST. It also removes various obsoleted udev rules and the redundant "ArdourVST" build on the 32-bit ISO. You can download AV Linux 2019.4.10 right now from our free software portal if you want to install one of the best GNU/Linux distributions for audio and video production. Source
  4. In late 2017, Microsoft launched Windows 10 on ARM to let users run its operating system on the ARM processor-powered laptops, especially the ones powered by Snapdragon chips. The company also released a bunch of devices in partnership with OEMs like Asus, HP, and Lenovo, and marketed them as “Always Connected Devices.” Earlier this year, when a project named aarch64-laptops started gaining traction on GitHub, it seemed like a great idea to run Linux on ARM laptops. The project initially allowed users to run Ubuntu on Snapdragon-powered laptops like NovaGo TP370QL, HP Envy x2, and Lenovo Mixx 630. Now, it has been revealed that Red Hat is working with Fedora team to bring Fedora Linux to such devices. Red Hat is known for its commitment to the Linux hardware and it seems like this joint effort will be enough to clear different roadblocks. Red Hat’s Peter Robinson, in a tweet, mentioned that such Fedora running ARM laptops are coming “very soon.” What’s next for Linux on ARM? Just recently, we witnessed the release of Fedora 30 Beta and the final release is also around the corner. So don’t expect Fedora on the ARM laptop to ship in this cycle. To start with, the initial focus of this collaboration will be Lenovo devices running Snapdragon 850, which was introduced as a higher-binned version of 845. Yoga C630 and Miix 630 are a couple of great machines with this chip and it would be really interesting to see Linux running on these laptops that deliver ~20 hours battery life on Windows. Overall, it seems like a big development and I’d definitely love to use an ARM-based laptop running Linux. Source
  5. The AchieVer

    The Linux desktop is in trouble

    The Linux desktop is in trouble Linus Torvalds looks to Chromebooks and Android for the future of the Linux desktop, while Linux Mint developers aren't happy with each other. I'm a big believer in the Linux desktop. Heck, I used to run a site called Desktop Linux. And I believe that, as Microsoft keeps moving Windows to a Desktop-as-a-Service model, Linux will be the last traditional PC desktop operating system standing. But that doesn't mean I'm blind to its problems. First, even Linus Torvalds is tired of the fragmentation in the Linux desktop. In a recent TFiR interview with Swapnil Bhartiya, Torvalds said, "Chromebooks and Android are the path toward the desktop." Why? Because we don't have a standardized Linux desktop. For example, better Linux desktops, such as Linux Mint, provide an easy way to install applications, but under the surface, there are half-a-dozen different ways to install programs. That makes life harder for developers. Torvalds wishes "we were better at having a standardized desktop that goes across the distributions." Torvalds thinks there's been some progress. For software installation, he likes Flatpak. This software program, like its rival Snap, lets you install and maintain programs across different Linux distros. At the same time, this rivalry between Red Hat (which supports Flatpak) and Canonical (which backs Snap) bugs Torvalds. He's annoyed at how the "fragmentation of the different vendors have held the desktop back." None of the major Linux distributors -- Canonical, Red Hat, SUSE -- are really all that interested in supporting the Linux desktop. They all have them, but they're focused on servers, containers, the cloud, and the Internet of Things (IoT). That's, after all, is where the money is. True, the broad strokes of the Linux desktop are painted primarily by Canonical and Red Hat, but the desktop is far from their top priority. Instead, much of the nuts and bolts of the current generation of the Linux desktop is set by vendor-related communities: Red Hat, Fedora, SUSE's openSUSE, and Canonical's Ubuntu. Another major player in setting the tone of the Linux desktop are the smaller Linux communities. These include Linux Mint, Manjaro Linux, MX Linux, elementary OS, and Solus. They're all doing good work, but they're also running on a shoestring basis. Take Mint, my own personal favorite desktop. Its lead developer, Clement "Clem" Lefebvre, recently wrote: "It's not always easy to achieve what we want, sometimes it's not even easy to define what we want to achieve. We can have doubts, we can work really hard on something for a while and then question it so much, we're not even sure we'll ship it. We can get demotivated, uncertain, depressed even by negative reactions or interactions, and it can lead to developers stepping away from the project, taking a break or even leaving for good." These are not the words of a happy man. Lefebvre continued: "It's all about Muffin [Linux Mint's default windows manager] at the moment. We're trying to make it smoother, to make the windows feel lighter… radical changes and refactoring occurred, it's eating a lot of time and we're chasing regressions left, right and center. This is documented at https://github.com/linuxmint/cinnamon/issues/8454. It's a really tough exercise, it creates tensions within the team but the potential is there, if we can make our WM snappier it's worth the hassle." It has indeed created tensions. Jason Hicks, Muffin maintainer and member of the Linux Mint team, observed on Reddit, as reported by Brian Fagioli: "I also have a life outside open-source work, too. It's not mentally sound to put the hours I've put into the compositor. I was only able to do what I could because I was unemployed in January. Now I'm working a job full time, and trying to keep up with bug fixes. I've been spending every night and weekend, basically every spare moment of my free time trying to fix things. There's also been tension because we're 1-2 months from a release. We've had contentious debate about input latency, effects of certain patches, and ways to measure all of this. Other team members are going through their own equally hard circumstances, and it's an unfortunate amount of stress to occur all at once at the wrong times. We're human at the end of the day. I wish these aspects didn't leak into the blog post so much, so just wanted to vent and provide some context. If you take away anything from it, please try the PPA and report bugs. We need people looking for things that might get stuck in cinnamon 4.2." I've heard this before. There have been a lot of Linux desktop distros over the years. They tend to last for five or six years and then real life gets in the way of what's almost always a volunteer effort. The programmers walk away, and the distro then all too often declines to be replaced by another. It is not easy building and supporting a Linux desktop. It comes with a lot of wear and tear on its developers with far too little reward. Mint is really a winner and I hope to see it around for many more years to come. But I worry over it. Looking ahead, I'd love to see a foundation bring together the Linux desktop community and have them hammer out out a common desktop for everyone. Yes, I know, I know. Many hardcore Linux users love have a variety of choices. The world is not made up of desktop Linux users. For the million or so of us, there are hundreds of millions who want an easy-to-use desktop that's not Windows, doesn't require buying a Mac, and comes with broad software and hardware support. Are you listening Linux Foundation? Such a desktop, in turn, would be more commercially successful than our current hodgepodge of desktops. This would mean that many more Linux desktop developers could make a living from their work. That would improve the Linux desktop overall quality. It's a virtuous cycle, which would help everyone. Let's try to make this happen shall we? Otherwise, the traditional Linux desktop, in all its variations, will remain a niche operating system for power users. Source
  6. First Arch Linux ISO Snapshot Powered by Linux Kernel 5.0 Is Here The Arch Linux ISO snapshot for April 2019 is now available for download and it's the first to be powered by the recently released Linux 5.0 kernel series. Arch Linux 2019.04.01 is the first ISO image of the widely used Linux-based operating system, which follows a rolling release model where you install once and receive updates forever, to ship with a kernel (version 5.0.5) from the latest Linux 5.0 series, along with the latest updates released in March 2019. Linux kernel 5.0 brings several hardware enhancements over the Linux 4.x series, including FreeSync support for AMD Radeon GPUs via the open-source AMDGPU graphics driver, which enables a stutter-free viewing experience on LCDs with dynamic refresh rates, and a new energy-aware scheduling feature that improves power management in devices using ARM big.LITTLE CPUs. Furthermore, the Linux 5.0 kernel series adds support for swap files in the Btrfs file system, support for the Adiantum file system encryption for low power devices in fscrypt, support for the GRO (Generic Receive Offload) feature in the UDP implementation, and support for the binderfs file system to enable running of multiple Android instances.Available now only for new deploymentsThe Arch Linux 2019.04.01 ISO snapshot is available for downloadright now from the official websiteor via our free software portal. Like all Arch Linux snapshots, this one is intended only for new deployments of the operating system as existing Arch Linux users won't have to download a new ISO to keep their installations up-to-date. If you're running Arch Linux on your personal computer, you can get the latest updates and the Linux 5.0 kernel by running the "sudo pacman -Syu" command in a terminal emulator or by using a graphical package manager of your choice. Please keep in mind that you'll have to reboot your computer after installing the new Linux kernel version. Source
  7. Microsoft Officially Launches Visual Studio Code as a Snap for Linux Users Microsoft and Canonical today announced the official availability of the Visual Studio Code IDE on the Ubuntu Snap Store for GNU/Linux systems. While Visual Studio Code was already available as a Snap package in the Snap Store since May 2017, Canonical and Microsoft partnered to make it official. The old snap package was ported by an independent developer, but not users can install the official package developed and updated regularly by Microsoft itself. "The automatic update functionality of snaps is a major benefit. It is clear there is a thriving community around snaps and that it is moving forward at great pace. The backing of Canonical ensures our confidence in its ongoing development and long-term future," said João Moreno, Software Development Engineer, Microsoft Visual Studio Code. Microsoft Visual Studio Code is a powerful IDE (Integrated Development Environment) for developers with top-notch features like embedded Git control, intelligent code completion, code refactoring, syntax highlighting, debugging support, and snippets. Microsoft Visual Studio Code was previously available for Linux systems in other binary formats.How to install Microsoft Visual Studio Code as a SnapSnap is a conternized and universal package developed by Canonical for Ubuntu, and later ported to numerous other Linux-based operating systems. It provides security and rolling updates as soon as they're available upstream. Microsoft Visual Studio Code as a Snap makes the installation across a multitude of GNU/Linux distributions a breeze. Installing Microsoft Visual Studio Code as a Snap is as easy as running the "sudo snap install code --classic" command in a terminal emulator or directly from the Snap Store via you favourite package manager. However, keep in mind that your GNU/Linux distribution must be Snap-enabled first. After installation, you'll receive updates automatically as soon as Microsoft releases them. Source
  8. Purism to Beef Up Privacy of Its Linux Devices with Private Internet Access VPN Purism, the company behind the Linux-powered Librem laptops and the forthcoming Librem 5 Linux phones, announced today that it has partnered with Private Internet Access (PIA) to implement a VPN solution by default in its devices. Known for its anonymous virtual private network solutions supporting several VPN technologies like OpenVPN, PPTP, L2TP/IPsec, and SOCKS5, Private Internet Access (PIA) is the gold standard of VPNs, and Purism has just become its first OEM partner to offer PIA's VPN services in all of its devices by default. "PIA is the gold standard of VPNs, and we are thrilled to be working with a company that is so closely aligned with our ethics," said Todd Weaver, founder and CEO of Purism. "PIA has stood behind their commitment to protect user data. [...] Our partnership with them is a big win for users who don't want to sacrifice convenience or freedom in the products they use." Purism plans to integrate Private Internet Access's VPN services by default within its Debian-based PureOS operating system, which ships pre-installed with the Librem 13 and Librem 15 laptops. Of course, the company also aims to add a similar VPN solution in the privacy-focused Librem 5 phone, which is expected to hit the shelves in Q3 2019.Purism and PIA to bring tracking-free and encrypted tools to Linux usersWith this partnership, both Purism and Private Internet Access hope to bring an unprecedented combination of tracking-free and encrypted tools, as well as related services to Linux users who buy or already own the Librem laptops. It will add yet another layer of robust privacy protection on top of Purism's numerous privacy and security layers. These include Purism's industry first TPM integration with Heads, Purism’s Librem Key for physical encryption, Nextcloud for secure document management, and Matrix for secure chat. Private Internet Access is a long-term sponsor of the Software Freedom Conservancy and Electronic Frontier Foundation (EFF), and its VPN service do not log user data. Source
  9. SUSE will soon be the largest independent Linux company. In Nashville, Tenn., at SUSECon, European Linux power SUSE CEO Nils Brauckmann said his company would soon be the largest independent Linux company. That's because, of course, IBM is acquiring Red Hat. But, simultaneously, SUSE has continued to grow for seven-straight years. Brauckmann said, "We believe that makes our status as a truly independent open source company more important than ever. Our genuinely open-source solutions, flexible business practices, lack of enforced vendor lock-in, and exceptional service are more critical to customer and partner organizations, and our independence coincides with our single-minded focus on delivering what is best for them." SUSE had belonged to Micro Focus. With the SUSE's purchase by Swedish-based private equity firm EQT, it's been set loose to follow its own destiny. EQT only command: Grow. Practically speaking, SUSE has been growing by focusing on delivering high-quality Linux and open-source programs and services to enterprise customers. Looking ahead Brauckmann said, "SUSE is better positioned to bring more innovation to customers and partners faster through both organic growth and acquisitions, keeping us on track to provide them with the open solutions that keep them ahead with their own customers in their own markets. We continue to adapt so our customers and partners can succeed." Brauckmann isn't the only one seeing this. Jay Lyman, 451 Research principal analyst, said, "SUSE's independence should allow the company to maintain its strength in the operating system market (where its Linux is a leading option) while also investing dynamically in additional, emerging markets such as cloud native and DevOps. While SUSE benefited from the investments made by its previous parent companies, it is now better positioned to move beyond past successes and markets to capitalize on new opportunities." The numbers agree with his assessment. Last year SUSE's revenue grew by 15 percent in fiscal year 2018, and the business is about to surpass the $400 million revenue mark for the first time. SUSE, which sees not quite half of its business in Europe, is also seeing revenue growth around the world. North America, for example, now accounts for almost 40 percent of SUSE's revenues. The company is also expanding. SUSE added more than 300 employees in the last 12 months. For the most part this has been in engineering followed by sales and services. SUSE staff is now approaching 1,750 globally and its plans on continuing to hire aggressively. Surprisingly, IBM's acquisition of Red Hat hasn't hurt SUSE's IBM business. SUSE is one of IBM mainframe's primary Linux partner. While Brauckmann can't be sure what tomorrow will bring. For now, "IBM has retained all of their production activities with us the same level, some have even increased. It's really business as usual for us." Source
  10. Wilson Drake

    Best Set Top Box

    Best Android Box Amazon Fire TV Stick Amazon Fire TV Nvidia Shield Seguro Trongle X4 Emtec GEM Box Q-Box Amlogic S905 T95X TV Box Best Linux Box Mag 254 Pendoo X8 Pro T96N RK3229 ARNU Box Your Choice shall come with a reason or simply post your option on This Poll for Best TV Box
  11. NetworkManager 1.16 Released with WPA3-Personal and WireGuard VPN Support, More NetworkManager, the open-source program for providing detection and configuration of networks for Linux-based operating systems has reached a new important milestone, version 1.16. NetworkManager 1.16 has been released two days after the launch of the GNOME 3.32 desktop environment and promises lots of exciting new features and improvements, starting with support for the new WireGuard protocol implemented in the Linux kernel for creating secure IPv4 and IPv6 VPNs (Virtual Private Networks). "Unlike other VPN solutions NetworkManager supports, WireGuard tunneling will be entirely handled by the Linux kernel. This has an advantages in terms of performance, and also removes the needs of a VPN plugin," explained developer Lubomir Rintel in a recent blog article. NetworkManager 1.16 also adds support for the latest WPA3-Personal standard for better security of password-protected home networks thanks to the implementation of the SAE (Simultaneous Authentication of Equals) authentication, as well as support for establishing Wi-Fi Direct (Wi-Fi P2P) connections.Improved DHCP router options, AP and Ad-Hoc supportThere are numerous other new features and enhancements introduced in the NetworkManager 1.16 release, among which we can mention improved IWD backend for AP and Ad-Hoc support to create Wi-Fi hotspots, support for checking connectivities per address family, and a new PolicyKit permission for controlling Wi-Fi scanning. Furthermore, NetworkManager 1.16 supports "main.systemd-resolved" for direct configuration of DNS settings in systemd-resolved without making it the main DNS plugin, better handling of DHCP router options via the built-in DHCP plugin, and support for marking docker bridges as unmanaged via a udev rule. NetworkManager is now also able to write "/var/run/NetworkManager/no-stub-resolv.conf" with original nameservers for caching DNS plugins like "dnsmasq" or "systemd-resolved" where "/var/run/NetworkManager/resolv.conf" refers to the localhost, and warns about invalid settings in the "NetworkManager.conf" file. Also worth mentioning is the fact that NetworkManager is no longer installed as a D-Bus activatable service and it can now announce the "ANDROID_METERED" DHCP option for shared mode. You can download the NetworkManager 1.16 sourcesright now, and it will soon be available for installation from the stable software repositories of your favorite GNU/Linux distribution. Source
  12. Kodi Foundation Joins The Linux Foundation to Help Grow the Open Source Movement The Kodi Foundation was proud to announce today that it finally decided to join The Linux Foundation in their attempt to enrich the Open Source software ecosystem. As of today, The Kodi Foundation, the makers of the free, open-source, and cross-platform media center software known as Kodi (formerly XBMC), is now an Associate Member of The Linux Foundation in attempt to contribute their code to the Open Source software community and help similar projects evolve. "It seemed natural for us to join, given the fact that we are strong believers in the benefits of open-source software. We strongly believe that open-source is the best way to achieve awesome things. That was and still is what moves Kodi forward," stated The Kodi Foundation in a press release.True innovation can be achieved when people cooperate and shareBy joining The Linux Foundation, The Kodi Foundation strongly believes that their work and the work of other Open Source projects would lead to real innovation, which wouldn't be possible if the code base was closed source or if it was stifled by the visions of corporates and allocated resources. "This is a story that happens every day. An individual shares some code thinking "meh, no one is interested in this". Two days later someone across the globe sends a patch to fix a bug or suggest an improvement. Now there are two individuals working on a common problem," says The Kodi Foundation. "When people cooperate and share, the project at hand and the community will always benefit." As a non-profit consortium, The Linux Foundation dedicates its resources to help the Linux and Open Source ecosystems grow and evolve by providing them with financial and intellectual support, IT infrastructure and services, as well as training and certification. The Kodi Foundation is a non-profit technology consortium developing the Kodi open-source media player application. Source
  13. Google open-sources project for sandboxing C/C++ libraries on Linux Support for other programming languages to be added in future releases. Google has open-sourced today a project for sandboxing C and C++ libraries running on Linux systems. The project's name is the Sandboxed API, a tool that Google has been using internally for its data centers for years. The Sandboxed API is now available on GitHub, together with the documentation needed to help other programmers sandbox their C and C++ libraries and protect them from malicious user input and exploits. For ZDNet users unfamiliar with the term, "sandboxing" refers to running an app or source code inside a "sandbox." In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea behind sandboxing and sandboxes is to prevent bugs and exploit code from spreading from one process to another, or the underlying operating system and the kernel. WHAT IS THE SANDBOXED API? The Sandboxed API is a library that helps coders automate the process of porting their existing C and C++ code to run on top of Sandbox2, which is Google's custom-made sandbox environment for Linux operating systems. Sandbox2 has also been open-sourced and included with the main Sandboxed API GitHub repository. Google's Sandboxed API and Sandbox2 are not the first sandboxing tools to be open-sourced or made available online, and developers have other tools at their disposal if they ever wish to sandbox their code. However, they come with Google's seal of approval. "Many popular software containment tools might not sufficiently isolate the rest of the OS, and those which do, might require time-consuming redefinition of security boundaries for each and every project that should be sandboxed," Christian Blichmann & Robert Swiecki, from Google's ISE Sandboxing team said. The Sandboxed API project is meant to address both issues, by providing a tried and tested/trusted tool that is also easy to use. OTHER PROGRAMMING LANGUAGES TO BE SUPPORTED In a blog post today, Google said that future plans for the Sandboxed API project include supporting libraries written in other programming languages besides C and C++, but also porting Sandbox2 to other Unix-like operating systems like the BSDs (FreeBSD, OpenBSD) and macOS. "A Windows port is a bigger undertaking and will require some more groundwork to be done," Blichmann and Swiecki said. Most modern applications today run in a sandboxed environment, such as Google's Chrome browser, and more recently, Microsoft's Windows Defender --which became the first antivirus to do so last fall. The Sandboxed API is also not the first Google security tool to be open-sourced online. The company open-sourced an internal tool named BrokenType last year for finding security bugs in font display (rasterization) components. Google also open-sourced two fuzzers called Syzkaller and OSS-Fuzz, one for fuzzing OS kernel components, and the other for fuzzing more mundane and run-of-the-mill open source projects and libraries. Source
  14. Canonical Says Ubuntu 14.04 Extended Security Maintenance Begins April 25, 2019 Canonical announced that it would kick off the Extended Security Maintenance (ESM) support for the Ubuntu 14.04 LTS (Trusty Tahr) operating system series beginning April 25th, 2019. Released five years ago on April 17th, 2014, the Ubuntu 14.04 LTS (Trusty Tahr) operating system series will reach its end of life next month on April 30th. Following on the success of the Ubuntu 12.04 LTS (Precise Pangolin) operating system series, Canonical announced some time ago that it would offer its Extended Security Maintenance (ESM) commercial package to Ubuntu 14.04 LTS users as well. Canonical said it would reveal more details about when the ESM (Extended Security Maintenance) offering is available for Ubuntu 14.04 LTS (Trusty Tahr), so the company now announced that users who want to continue using the operating system and still receive security updates after the April 30th end of life, can purchase the ESM package beginning April 25th, 2019.Users are encouraged to update to Ubuntu 16.04 LTS or Ubuntu 18.04 LTSCanonical encourages all Ubuntu 14.04 LTS (Trusty Tahr) users to consider upgrading to a supported LTS (Long Term Support) Ubuntu release, such as Ubuntu 18.04 LTS (Bionic Beaver) or Ubuntu 16.04 LTS (Xenial Xerus). It's important to notice that the supported upgrade path from Ubuntu 14.04 LTS (Trusty Tahr) goes through Ubuntu 16.04 LTS (Xenial Xerus) first, than to Ubuntu 18.04 LTS (Bionic Beaver). "The standard support period is now nearing its end and Ubuntu 14.04 will transition to Extended Security Maintenance (ESM) on Thursday, April 25th, 2019," said Adam Conrad, Software Engineer at Canonical. "Users are encouraged to evaluate and upgrade to our latest 18.04 LTS release via 16.04. The supported upgrade path from Ubuntu 14.04 is via Ubuntu 16.04." However, if you decided to stay with the Ubuntu 14.04 LTS (Trusty Tahr) operating system series for your infrastructure, you should consider purchasing the Extended Security Maintenance (ESM) offering from Canonical's Ubuntu Advantage website starting April 25th, 2019. Once again, please keep in mind that after April 30th, 2019, you will no longer receive security and software updates for your Ubuntu 14.04 LTS installations. Source
  15. Canonical Releases Important Linux Kernel Patch for Ubuntu 16.04 LTS, Update Now Canonical released a new Linux kernel security update for users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address several recently discovered vulnerabilities. The new Linux kernel security update is here to address five security issues discovered by various security researchers in the Linux 4.4 kernel used in the Ubuntu 16.04 LTS (Xenial Xerus) operating system series and official derivatives that aren't using the Linux 4.15 HWE (Hardware Enablement) kernel from Ubuntu 18.04 LTS (Bionic Beaver). These include a flaw (CVE-2017-18241) in Linux kernel's F2FS file system implementation, which incorrectly handled the noflush_merge mount option, and multiple integer overflows (CVE-2018-7740) in the hugetlbfs implementation. Both issues could allow local attackers to crash the vulnerable system through a denial of service. The new Linux kernel security update also addresses an issue (CVE-2018-1120) discovered in the procfs file system that could allow a local attacker to block certain tools used to examine the procfs file system to report the state of the operating system because it failed to correctly handle processes mapping the memory elements onto files. Also patched is a race condition (CVE-2019-6133) discovered by Jann Horn of Google Project Zero in Linux kernel's fork() system call, which could allow a local attacker to gain access to services caching authorizations, and a security flaw (CVE-2018-19985) discovered by Mathias Payer and Hui Peng in the Option USB High Speed driver, which could allow a physically proximate attacker to cause crash the system.Users must update their systems as soon as possibleCanonical recommends all Ubuntu 16.04 LTS (Xenial Xerus) users to update their installations as soon as possible to the new Linux 4.4 kernel versions that are available in the stable repositories of the operating system. These are linux-image 4.4.0-143.169 for 32-bit and 64-bit systems, linux-image-raspi2 4.4.0-1104.112 for Raspberry Pi 2, linux-image-kvm 4.4.0-1041.47 for cloud environments, linux-image-snapdragon 4.4.0-1108.113 for Snapdragon processors, and linux-image-aws 4.4.0-1077.87 for Amazon Web Services (AWS) systems. Canonical also updated the Linux hardware enablement (HWE) kernel for Ubuntu 14.04.5 LTS (Trusty Tahr) users running the Linux 4.4 kernel from Ubuntu 16.04 LTS (Xenial Xerus). Therefore, these must update their systems to linux-image-generic 4.4.0-143.169~14.04.2 on 32-bit, 64-bit, and PowerPC 64-bit platforms, as well as to linux-image-aws 4.4.0-1039.42 on Amazon Web Services (AWS) systems. Please keep in mind to reboot your systems after installing the new kernel updates. Source
  16. Solus 4 "Fortitude" Officially Released, It's Now Available for Download The Solus Project announced today the general and immediate availability for download of the long-anticipated Solus 4 Linux-based operating system. More than a year in the making, the Solus 4 release is finally here as an up-to-date live and installable medium that users can use to deploy the independently developed GNU/Linux distribution on their computer without having to download hundreds of updates from the software repositories. However, as a rolling released operating system, Solus users don't need to download the Solus 4 release to update their installations, but only ensure they have all the latest updates and security fixes installed on their computers. If you have an up-to-date Solus installation, then you're already running Solus 4.Here's what's new in Solus 4Highlights of the Solus 4 release include the latest and greatest Budgie 10.5 desktop environment with refinements to the Software Center, Budgie Menu, and Calendar widget, a new Caffeine Mode applet, a major upgrade to the IconTasklist applet, Raven notification center improvements, as well as improved notification management. The Budgie 10.5 desktop environment also comes with completely rewritten and redesigned Sound widgets, a broader array of personalization options, a new Budgie Desktop Settings section for customizing Raven, along with new options for the Windows section and a much-improved GTK style. "We strongly believe that Budgie should provide a balanced, curated desktop experience for our users, enabling a reasonable level of personalization out-of-the-box and empower our users (and downstreams such as UbuntuBudgie) to open up a world of possibilities with Budgie applets," said Joshua Strobl. The GNOME and MATE flavors now ship with the Plata (Noir) GTK theme by default, the Oblivion theme is now enabled by default for the Gedit text editor in the GNOME flavor, and the MATE flavor has been updated to the latest MATE 1.20 desktop environment release. On the other hand, the KDE Plasma edition is still experimental and ships with the KDE Plasma 5.15 desktop environment. Under the hood, Solus 4 is powered by the Linux 4.20.16 kernel and Mesa 19.0 graphics stack, which provide out-of-the-box support for AMD Picasso and AMD Raven2 APUs, AMD Radeon Vega20 GPUs, as well as improved support for AMD Radeon Vega10 GPUs, and Intel Coffee Lake and Ice Lake CPUs. Updated major components in Solus 4 include the FFMpeg 4.1.1 multimedia stack, Mozilla Firefox65.0.1 web browser, Mozilla Thunderbird 60.5.2 email and news client, LibreOffice office suite, VLC 3.0.6 media player, Rhythmbox 3.4.3 music player (GNOME edition only), and GNOME MPV 0.16 media player (MATE edition only). As expected, Solus 4 is available in four flavors with the Budgie, GNOME, KDE Plasma, and MATE desktop environments, which you can download right now through our free software portal or directly from the official website. Solus 4 is supported only on 64-bit computers until Solus 5 will be released. Solus 4 with GNOME desktop Solus 4 with KDE Plasma desktop Solus 4 with MATE desktop Budgie desktop settings Developing story... Source
  17. Windows 10 Cumulative Update KB4489868 Breaks Down a Linux Feature Microsoft has recently acknowledged a new bug in the cumulative update it pushed this Patch Tuesday to Windows 10 version 1803 (April 2018 Update). The cumulative update in question, listed as KB4489868, was published on March 12 as part of the Patch Tuesday cycle in order to correct a bunch of security vulnerabilities and introduce a fix for the infamous error 1309 encountered when installing or uninstall MSI and MSP files. The known issues section of the original KB article included only two different entries at first, but Microsoft has recently updated it to reveal that users running the Windows Subsystem for Linux on their devices may experience a different glitch after installing this cumulative update. Specifically, the software giant explains the following in the updated article: “After applying this update, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.”Same bug in the Fall Creators Update patchWhile the company explains that it’s already working on a resolution, the fix would only be provided to users in an upcoming release. No specifics were provided, but I’m guessing the company is looking at the April Patch Tuesday cycle as the possible release target, despite new cumulative updates with non-security fixes are expected later this month. In the meantime, users who can’t live without this feature are provided with a small workaround which Microsoft says temporarily resolves the problem: “Disable forwarding of the authentication agent connection using a command line switch (ssh –a) or a configuration setting.” Microsoft explains that the same bug also exists in Windows 10 cumulative update KB4489886 for the Fall Creators Update (version 1709), but the October 2018 Update (version 1809) doesn’t seem to be affected. Source
  18. GNOME 3.32 "Taipei" Desktop Environment Officially Released, Here's What's New The GNOME Project released today the highly anticipated GNOME 3.32 desktop environment for Linux-based operating systems, a major release that adds numerous new features and improvements. Six months in development, the GNOME 3.32 desktop environment is finally here to upgrade your GNOME experience to the next level by adding lots of new features, fixing bugs from previous versions, improving existing components and apps, as well as polishing the look and feel of the user interface. With the GNOME 3.32 release, the GNOME desktop becomes flatter, lighter, and more modern. After upgrading, users will notice that the App Menus are no longer availableand their content was moved to other places, there are changes to the buttons, header bars, and switches, as well as more consistent colors and new app icons. "This release features a refreshed visual style ranging from an entirely new set of app icons to improvements to the user interface style. Many of the base style colors have been saturated, giving them a more vivid, vibrant appearance. Buttons are more rounded and have a softer “shadow” border," reads today's announcement.Here's what's new in GNOME 3.32Apart from the subtle revamp of the UI, the GNOME 3.32 desktop environment adds numerous other goodies including a new color temperature setting for Night Light feature, redesigned Sound Settings panel, permissions for Flatpak appsin the new Settings panel and GNOME Software. The Rhythmbox music player and organizer, Terminal terminal emulator, and Seahorse encryption keys and passwords manager apps got nicer header bars, the on-screen keyboard now supports emoji characters, and the Five or More game was completely revamped with a new theme and an improved GUI. Other than that, the GNOME 3.32 desktop environment lets users rearrange the input sources in the Region & Language Settings panel using drag and drop, adds several performance improvements to the GNOME Shell, and updates numerous translations. It also comes with fractional scaling on Waylandfor HiDPI/4K displays.How to get the GNOME 3.32 desktop environmentWhile the GNOME 3.32 desktop environment is officially out, it will take about two-three weeks for the packages to arrive in the stable software repositories of your favorite GNU/Linux distribution. This usually happens by the time the first point release, GNOME 3.32.1, is announced, which will be on April 10th, 2019. Rolling distros like Arch Linux, and OpenSuSE Tumbleweed will probably be the first to ship the GNOME 3.32 desktop environment, and the upcoming Ubuntu 19.04 (Disco Dingo) operating system, due for release on April 18th, will also feature the GNOME 3.32 desktop preinstalled by default. The source packages are available for download as we speak for those willing to compile the entire GNOME 3.32 desktop environment or only parts of it on their GNU/Linux distributions. GNOME 3.32 will have only two maintenance updates, GNOME 3.32.1 and GNOME 3.32.2, the latter being scheduled for release on May 8th, 2019. New app icon style Fractional scaling Flatpak permissions Source
  19. Flatpak 1.3 Arrives with Support for Linux Systems with Multiple Nvidia Devices Flatpak developer and maintainer Alexander Larsson released a new unstable release of the Linux application sandboxing and distribution framework, targeting the upcoming Flatpak 1.4 stable series. Flatpak 1.3 is here as the first milestone is a series of unstable releases towards the next major and stable new version of the Linux application sandboxing and distribution framework, Flatpak 1.4, adding several new features and improvements like support for systems with multiple Nvidia devices. Furthermore, the Flatpak 1.3 release adds initial support for sandboxed dconf, introduces two new options to the build-update-repo command, namely --no-update-[summary,appstream] and --static-delta-ignore-ref=PATTERN, and improves support for large repositories by making regeneration the appstream branch faster.Better Gentoo Linux support, other changesAmong other noteworthy changes implemented in Flatpak 1.3, we can mention that there's better support for GNU/Linux systems where /var/run is a symlink, such as Gentoo Linux, the size of SVG (Scalable Vector Graphics) images is no longer limited in the icon validator, and the checks in the update output were made green again. Once again, Flatpak 1.3 is an unstable release towards the next stable series of the Linux application sandboxing and distribution framework, Flatpak 1.4, which means that you shouldn't install it on production machines, nor use it for running production software. You should wait for the Flatpak 1.4 to be released in the coming months. However, power users, application developers/packages, and bleeding-edge users interested in getting an early look at the new features and improvements coming to the Flatpak 1.4 stable series, can now download and compile the Flatpak 1.3.0 sources from the GitHub announcement page, or install the binaries from the software repositories of their favorite GNU/Linux distributions. Source
  20. ExTiX 19.3 Is the First OS to Ship with Linux Kernel 5.0, Based on Ubuntu 19.04 GNU/Linux developer Arne Exton released a new version of his ExTiX Linux distro that has been rebased on the upcoming Ubuntu 19.04 operating system and ships with Linux kernel 5.0. ExTiX 19.3 is now available and it appears to be the first stable GNU/Linux distribution to ship with the recently released Linux 5.0 kernel. This milestone was achieved by developer Arne Exton due to the rebase on the forthcoming Ubuntu19.04 (Disco Dingo) operating system, which will be powered by Linux kernel 5.0 too. However, ExTiX 19.3 doesn't uses Ubuntu 19.04's GNOME desktop environment as it ships with the lightweight Xfce desktop environment, so we can say it's a derivative of Xubuntu, though it features its own modifications and artwork. Xfce 4.13 is installed by default in the ExTiX 19.3 release. "A new extra version of ExTiX is ready. This version is based on upcoming Ubuntu 19.04 Disco Dingo," said Arne Exton in the release announcement. "ExTiX 19.3 uses the Xfce Desktop 4.13 and kernel 5.0.0-exton. This version of ExTiX Xfce4 is for non-UEFI computers. Kodi 18.2 Leia is also preinstalled in this version of ExTiX."What's new in ExTiX 19.3Apart from Linux kernel 5.0 and Xfce 4.13 desktop, the ExTiX 19.3 release comes with up-to-date applications and core components. Among these, we can mention the latest Kodi 18.2 "Leia" media center, Nvidia 418.43 proprietary graphics driver, and much more. A complete list with all installed packages is available here. Also worth mentioning is that fact that ExTiX 19.3 ships with the Refracta Snapshot tool preinstalled so you can build your own ExTiX/Ubuntu live and installable system. Furthermore, ExTiX 19.3 uses the Calamares universal graphical installer instead of Ubuntu's Ubiquity live installer and supports running directly from RAM if you're computer has at least 3GB RAM. Arne Exton considers the ExTiX 19.3 release a stable one that can be installed even on a production machine since it doesn't uses a complicated desktop environment like KDE or GNOME, so applications won’t crash or anything like that. You can try it yourself if you download ExTiX 19.3 Build 190307right now from our free software portal. VirtualBox" alt="ExTiX Xfce4/Kodi running Calamares in VirtualBox" /> ExTiX Xfce4/Kodi running Calamares in VirtualBox Kodi 18.2 running Source
  21. Microsoft’s New Skype for Web Doesn’t Support Linux and Mozilla Firefox Microsoft has released the new Skype for Web, letting users chat with their contacts without the need for installing a desktop client. And while this is possible using nothing more than the browser, the new version of the service comes with some unexpected limitations. First and foremost, Microsoft says that you must be running Windows 10 or macOS 10.12 or higher to be able to connect to Skype for Web, which means that Linux isn’t officially supported. Furthermore, the only browsers that are compatible with the new Skype for Web are Google Chrome and Microsoft Edge, so you won’t be able to use Mozilla Firefox to chat in the browser. Obviously, there are ways to get around these limitations, and changing the user agent in the browser is the easiest of them all, but by the looks of things, Microsoft’s transition to the Chromium engine means Firefox users might be left behind when it comes to improvements they get on Microsoft services.New features in Skype for WebOn the other hand, Microsoft highlights several new features coming to Skype for Web, including HD video calling, call recording, a notifications panel, and a chat media gallery. Microsoft is also making another step towards killing the classic Skype, as the company introduced a new MSI installer for Skype desktop. “Today we are releasing the updated MSI distributable for Skype (version for Windows desktop, which replaces the existing MSI distributable of Skype (version 7) for Windows desktop. If you are an IT administrator, simply download the new MSI file to start distributing the latest version of Skype to your organization via the distribution software of your choice,” the company says. If you want to try out Skype for Web, it’s enough to point your browsers to web.skype.com, but Linux and Firefox users also need to change the user agent to be able to connect to the service. Source
  22. New Linux Mint Logo Revealed Alongside Further Updates Linux Mint is in the middle of getting a subtle facelift that concerns both the official website and the logo, and a few days ago, Clem Lefebvre provided us with a sneak peek at how everything could look when this redesign is finalized. First and foremost, it’s worth knowing that not everything is set in stone, and some of the elements that you see here could still change. The logo itself, for example, is still in the experimental stage, and the head of the project explains that it is specifically designed from the very beginning to resolve all the struggles with the current version, including the broken scaling model. “We’ve been working around these issues for a while now. In previous releases we shipped with flat, semi-flat and symbolic versions of the current logo (your application menu logo in 19.1 is an example of this) but we can’t address all the issues without removing that border in the shape of a leaf,” he explained.Under the hood improvementsFurthermore, Lefebvre also discussed the performance improvements that have recently been implemented in Cinnamon and which were announced the previous month. For example, both DocInfo and AppSys were reviewed and simplified, as noted in the official announcement, while the window manager should be much faster now thanks to reduced input lag. The application menu applet itself runs twice as fast as before, Lefebvre notes. The Update Manager has also received particular attention this time, with new capabilities such as the automatic removal of packages that are related to old kernels and which your system obviously no longer needs. And last but not least, mintreport, also known as System Reports, features a refined UI with a XApp sidebar and a new page for system information. For the time being, just don’t hold your breath for the next version of Linux Mint, as the 19.2 release should take place in June. Source
  23. Nvidia Releases Linux and BSD Graphics Drivers with GeForce GTX 1660 Ti Support Nvidia released new long-lived graphics drivers for GNU/Linux, FreeBSD, and Solaris systems with support for new GPUs, as well as various other improvements and bug fixes. The Nvidia 418.43 display driver is available now and comes with support for three new Nvidia GPUs, including the Nvidia GeForce GTX 1660 Ti, Nvidia GeForce RTX 2070 with Max-Q Design, and Nvidia GeForce RTX 2080 with Max-Q Design. Owners of these GPUs will need to upgrade to the Nvidia 418.43 driver to use them on GNU/Linux or FreeBSD systems (Solaris not supported). Apart from the new GPU support, the Nvidia 418.43 graphics driver adds initial support for G-SYNC compatible displays, support for Nvidia optical flow, as well as support for stereo presentation in the Vulkan driver. Additionally, the new display driver ships with the Nvidia Video Codec SDK 9.0, which adds support for Turing NVENC/NVDEC and several NvEncodeAPI improvements.OpenGL, DXVK, and PRIME improvementsThe Nvidia 418.43 display driver also addresses a few important issues reported by users from previous versions, including a bug causing visual corruption on certain Vulkan/DXVK games, a bug causing OpenGL apps to crash after repeated VT-switches, and a bug preventing PRIME displays from being selected in nvidia-settings' Display Settings page. It also fixes a bug that may cause the vkCmdPushConstants function to generate Xid 13 messages when it is executed with the VK_SHADER_STAGE_ALL environment variable on a compute queue. The VDPAU driver was updated as well in this release, which removes the libnvidia-wfb.so library and the NVreg_UseThreadedInterrupts kernel module parameter from nvidia.ko. Better support for the latest X.Org Server 1.20 display server and Linux kernel 4.4.168, as well as initial support for the upcoming Linux 5.0 kernel series are also present in the Nvidia 418.43 graphics driver, which you can download right now for GNU/Linux, FreeBSD, and Solaris64-bit systems from our free software portal. This is a recommended update for all Nvidia users. Source
  24. RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed by Aleksa Sarai, a senior software engineer and runC maintainer at SUSE Linux GmbH on Monday. The flaw resides in runC—a lightweight low-level command-line tool for spawning and running containers, an operating-system-level virtualization method for running multiple isolated systems on a host using a single kernel. Originally created by Docker, runC is the default container run-time for Docker, Kubernetes, ContainerD, CRI-O, and other container-dependent programs, and is widely being used by major cloud hosting and server providers. runC Container Escape Vulnerability [CVE-2019-5736] Though researchers have not yet released full technical details of the flaw to give people time to patch, the Red Hat advisory says the "flaw was found in the way runC handled system file descriptors when running containers." Thus, a specially-crafted malicious container or an attacker having root access to a container could exploit this flaw (with minimal user interaction) to gain administrative privileges on the host machine running the container, eventually compromising the hundreds-to-thousands of other containers running on it. For root access to the container, the attacker has to either: create a new container using an attacker-controlled image, or attach (docker exec) into an existing container which the attacker had previous write access to. "A malicious container [then] could use this flaw to overwrite contents of the runC binary and consequently run arbitrary commands on the container host system," the advisory states. How bad is this vulnerability? Scott McCarty, principal product manager for containers at Red Hat, says, "While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies...and that’s exactly what this vulnerability represents." runC Flaw: Security Patch Updates and Mitigation According to Red Hat, the vulnerability can be mitigated if SELinux in targeted enforcing mode is enabled, which is default on RedHat Enterprise Linux, CentOS, and Fedora. The maintainers of runC have published a git commit to resolving the security flaw, but all the projects built atop runC need to incorporate the patches in their products. Debian and Ubuntu have also acknowledged that their Linux distributions are vulnerable to the reported vulnerability. The issue also affects container systems using LXC, a Linux containerization tool that predates Docker, and Apache Mesos container code. Major vendors and cloud service providers have already been pushing out security patches to address the issue, including Google, Amazon, Docker, and Kubernetes. Rancher, the creator of the open-source Kubernetes management software, has also published a patching script for legacy versions of Docker. If you are running any kind of containers, consider yourself vulnerable and upgrade to an image with a fixed version of runC as soon as it is available to prevent cyber attacks. Source
  25. Dirty Sock vulnerability lets attackers gain root access on Linux systems After Dirty COW caused headaches in 2016, now Linux sysadmins have to worry about Dirty Sock. A security researcher published today proof-of-concept (PoC) code for a vulnerability primarily impacting Ubuntu, but also other Linux distros. Canonical, the company behind the Ubuntu operating system, has released a patch (USN-3887-1) for this issue yesterday, in advance of today's full disclosure. The vulnerability was discovered at the end of January by Chris Moberly, a security researcher for Shenanigans Labs, who worked closely with the Canonical team to have it fixed. The vulnerability, which Moberly refers to as Dirty Sock, doesn't allow hackers to break into vulnerable machines remotely, but once attackers have a foothold on any unpatched system they can turn a simple intrusion into a bad hack where they have control over the entire OS. In technical jargon, Dirty Sock is a local privilege escalation flaw that lets hackers create root-level accounts. The actual vulnerability isn't in the Ubuntu operating system itself, but in the Snapd daemon that's included by default with all recent Ubuntu versions, but also with some other Linux distros. Snapd is the daemon that manages "snaps," a new app packaging format developed and used by Canonical for Ubuntu apps since 2014. Snapd lets users download and install apps in the .snap file format. Moberly says that Snapd exposes a local REST API server that snap packages (and the official Ubuntu Snap Store) interact with during the installation of new apps (snaps). The researcher says he identified a way to skirt the access control restrictions imposed on this API server and gain access to all API functions, including the ones restricted for the root user. Proof-of-concept code that Moberly published on GitHub today includes two example exploits that can be used to abuse this API and create new root-level accounts. Image: Chris Moberly The malicious code to exploit this vulnerability (also tracked as CVE-2019-7304) can be run directly on an infected host, or can be hidden inside malicious snap packages --some of which have been known to make their way on the Ubuntu Snap Store in the past. Snapd versions 2.28 through 2.37 are all vulnerable to the Dirty Sock exploit. Moberly reported the issue to Canonical, Snapd's developer, who released Snapd version 2.37.1 this week to address the issue. At the same time, Canonical also released security updates for the Ubuntu Linux OS, for which the Snapd package was initially developed and where it's included and enabled by default. Other Linux distros that use Snapd also shipped security updates, such as Debian, Arch Linux, OpenSUSE, Solus, and Fedora. Moberly's in-depth technical write-up on the Dirty Sock flaw is available here while the PoC is here. Source
  • Create New...