|
|
Subscribe / Log in / New account

Brief items

Security

Poettering: Authenticated Boot and Disk Encryption on Linux

Here's a lengthy missive from Lennart Poettering taking Linux distributors to task for inadequately protecting systems from physical attacks.

So, does the scheme so far implemented by generic Linux distributions protect us against the latter two scenarios? Unfortunately not at all. Because distributions set up disk encryption the way they do, and only bind it to a user password, an attacker can easily duplicate the disk, and then attempt to brute force your password. What's worse: since code authentication ends at the kernel — and the initrd is not authenticated anymore —, backdooring is trivially easy: an attacker can change the initrd any way they want, without having to fight any kind of protections.

The article contains a lot of suggestions for how to do things better.

Comments (105 posted)

Security quote of the week

For the record, I am not Satoshi Nakamoto. I suppose I could have invented the bitcoin protocols, but I wouldn’t have done it in secret. I would have drafted a paper, showed it to a lot of smart people, and improved it based on their comments. And then I would have published it under my own name. Maybe I would have realized how dumb the whole idea is. I doubt I would have predicted that it would become so popular and contribute materially to global climate change. In any case, I did nothing of the sort.

Read the paper. It doesn’t even sound like me.

Of course, this will convince no one who doesn’t already believe. Such is the nature of conspiracy theories.

Bruce Schneier

Comments (1 posted)

Kernel development

Kernel release status

The current development kernel is 5.15-rc3, released on September 26. Linus remarked: "So after a somewhat rocky merge window and second rc, things are now actually looking pretty normal for rc3. Knock wood".

Stable updates: 5.14.8, 5.10.69, 5.4.149, 4.19.208, 4.14.248, 4.9.284, and 4.4.285 were released on September 26. The 5.14.9, 5.10.70, and 5.4.150 stable updates are in the review process; they are due at any time.

Comments (none posted)

Results from the 2021 Linux Foundation Technical Advisory Board election

The 2021 election for the Linux Foundation's Technical Advisory board resulted in all five incumbent members (Greg Kroah-Hartman, Jonathan Corbet, Steven Rostedt, Ted Ts'o, and Sasha Levin) being re-elected. Of the 1,012 developers authorized to vote, 237 actually cast ballots.

Full Story (comments: 6)

Distributions

Distribution quotes of the week

Distributions are also working on innovative projects at the scale of the entire software ecosystem, and are dealing with bigger picture things than you need to concern yourself with.

[...] There are several areas of open research, too, such as reproducible builds or deterministic whole-system configuration like Nix and Guix are working on. You can take advantage of all of this innovation and research for the low price of zero dollars by standing back and letting distros handle the distribution of your software. It’s what they’re good at.

Drew DeVault (Thanks to Paul Wise)

It's easy to be part of a community when everyone agrees. It's powerful and delightful to be part of a community when people disagree but the community still works together with respect and mutual support. Creating process that allows myself and others to do this more easily is part of how I enjoy contributing to a community.
Russ Allbery

Comments (11 posted)

Development

coreutils-9.0 released

The GNU Core Utilities (coreutils) has announced the release of version 9.0 of "the basic file, shell and text manipulation utilities" used by the GNU operating system and various Linux distributions. In the year and a half or so since the last major release (8.32), various new features were added, including:
cp has changed how it handles data
  • enables CoW [copy on write] by default (through FICLONE ioctl),
  • uses copy offload where available (through copy_file_range),
  • detects holes differently (though SEEK_HOLE)
  • This also applies to mv and install.

Full Story (comments: 22)

Miscellaneous

FSFE: Youth Hacking 4 Freedom

The Free Software Foundation Europe (FSFE) is organizing the coding competition "Youth Hacking 4 Freedom" (YH4F) for European teenagers (14-18). Six winners will receive a cash prize and a trip to Brussels. There will be an opening event October 10 and registration will remain open until October 31.
On Monday 1 November 2021, a five-month coding phase starts and the participants focus on coding until March 2022. Participants may bring all their imagination to the competition; they may code any type of software they want, as long as it is Free Software. The software project can be a stand-alone program written from scratch, or you can modify or combine existing programs. Everything is welcome! The participants will have the chance to briefly follow each other’s work and exchange ideas.

Full Story (comments: none)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds