Tizen code is a shambles, Drupal struggles with HR, Mastodon is flavour of the month, Linux on Windows improvements, updates to the Ubuntu saga and more on LNL 09.
News
Samsung’s Tizen is riddled with security flaws, amateurishly written
Drupal needs a decent HR department
Mastodon is the latest social media fad, despite having been around for several years under different names. It might not last
Substantial update to Windows Subsystem for Linux
Entroware
This episode of Late Night Linux is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu and Ubuntu MATE preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Jesse’s black box
Jesse tells us about the Raspberry Pi that he doesn’t connect to a network and asks whether it’s OK to avoid updates.
Admin
Thanks to everyone for supporting us with PayPal and Patreon etc. We didn’t give people individual shoutouts but if you want to hear your name on the podcast, get in touch. If you want to join our existing supporters, check out the support page for various ways to do that. Also thanks to everyone who advised Jesse about moving away from LastPass.
Updates on the Ubuntu announcement
Ubuntu GNOME to merge with the main edition
Phones and tablet will only receive security patches until June 2017 (2 more months)
UBports to carry on with Ubuntu Touch and Unity 8; will integrate Anbox
Staff layoffs and CEO to leave
Ubuntu 12.04 ESM seems to only be aimed at servers
See our contact page for ways to get in touch.
Sorry Ikey, you’re only right for OS level containers on Linux.
(Yes, the BSD/”proper Unix” fanboy from the Linux Luddites comments here.)
There are implementations built for secure process isolation from the start instead of being cobbled together from a bunch of nice-to-have features which aren’t as easy to escape as LXC/docker. I haven’t heard from any exploits against Solaris zones recently (as in “since I got into OpenSolaris 2007ish because ZFS”) and only one for (in the startup scripts for) FreeBSD jails [0] but knew of the flaws of Linux’ LXC/Docker/… basically as long as they’re around.
There actually were escapes from VMware in the last years. One working on ESXi exploiting a flaw in the emulated floppy (~2 years ago?) and a recent one (from this year’s pwn2own) against VMware workstation (priv escalation in the guest, from root@guest into the host OS, then to admin on the windows 10 host – using a chain of a dozen exploits or something o0). And don’t think any of them used CPU/hardware flaws.
And yes, I’m aware jails and zones aren’t as juicy targets as VMware nowadays. But even when there was a working exploit from KVM the version ported to the OpenSolaris fork illumos mitigated the problem by having the qemu userland tools confined to an otherwise empty zone.
[0]: http://www.h-online.com/security/news/item/Escape-from-jails-in-FreeBSD-732112.html
> Sorry Ikey, you’re only right for OS level containers on Linux.
Which is what I was talking about, given the context was OS containers, and Linux. I know our Linux stuff sucks here. That’s why I said it 😛
OS Level containers on Linux? I’m not sure I follow that but does this mean running something like Red Hat’s Openshift Origin for production containers could still be open to “Escape form jails”? I thought such platforms where hardened to hell with SELinux exec?
I still don’t understand how you guys think everyone in Germany is running SUSE ^^
Maybe it’s just that I’m in Berlin but I can’t think of anyone I know who’s running SUSE … There’s a bunch of Ubuntu and MINT and some arch and Debian and the odd Fedora or Gentoo… But I never hear of anyone running any variant of SUSE unless I’m visiting something like the LinuxTage or the FSFE summit.
Common misconception – it’s German, so Germans use it, right?
Just like Solus is from Ireland, so all the Irish use it, right? :p
(Though you could argue Mint is from Ireland so … damn.)
yup, same here – living in south Germany (so, not Berlin) for quite a while now, no SuSe in sight 🙂
Got about 1/3 of the way through the episode on the trek in to work this morning and didn’t want to forget anything so I’ll comment before I’ve finished.
I completely agree that whatever Larry Garfield does in his own time is his own fucking business! Whatever two, or more, consenting people do is absolutely nobodies business whatsoever. The quick discussion on freedom brought to mind a line from Against Me’s ‘I Was A Teenage Anarchist’: “And with freedom as the doctrine, guess who was the new authority?” as well as a quote from H. L. Mencken: “The fact is that the average man’s love of liberty is nine-tenths imaginary, exactly like his love of sense, justice and truth. He is not actually happy when free; he is uncomfortable, a bit alarmed, and intolerably lonely. Liberty is not a thing for the great masses of men. It is the exclusive possession of a small and disreputable minority, like knowledge, courage and honor. It takes a special sort of man to understand and enjoy liberty — and he is usually an outlaw in democratic societies.”
I know that’s a little long winded but I think we, all too often, only like freedom and liberty as long as it’s convenient. As mentioned on the show, as long as your freedom aligns with mine then everyone is comfortable. You’d think the tech world, what with it being full of geeks, nerds, misfits, malcontents, socially awkward folks, and so on would be much more tolerant of what someone does in their private life as long as they aren’t harming anyone else by action or inaction. It seems sad that the same people who got ostracized in school, and other parts of society, for being different seem to want to pick some other group to shit on.
In the first bit about Tizen you lot ask if it being riddled with security holes will turn people off, if the average bloke on the street cares enough about security for it to matter. I think the answer is a resounding “no”. The average bloke on the street uses his dog’s name for his router password, he uses the same password for every service he logs in to or, like a relative of my daughter, has her passwords on sticky notes (held on by clear tape) attached to the bottom of her Chromebook, they open every email attachment that comes, and so on. The average person on the street simply doesn’t care. I’ve been in IT for better than two decades and preach security to my whole family and very few of them listen even when I offer free help getting their shit secured. Of course they don’t call me when they fuck it all up anymore, my five year old policy of “Sure I’ll fix it, which Linux distro do you want when I give it back to you” has curbed that quite nicely.
(FFS I am long winded)
Interesting views there on security, thank you 🙂
Love the insight into security on the street – and that was the point I was getting at. How do you convey that an OS (PC or phone) is more or less secure than another one when that person is sticking their password to the laptop.
That said – as long as the laptop isn’t stolen it’s more secure than recording it electronically!!
Another interesting social network alternative I came across while Mastodon was making the headlines is Scuttlebutt. https://www.scuttlebutt.nz/
This gets around the whole which-server-to-pick problem by being completely decentralized. You just run a client and the protocol shares the posts of followers peer to peer. It’s got a way to go but sounds very interesting.
Nice little article about it here. https://staltz.com/an-off-grid-social-network.html
Canonical’s lack of support for security updates for such new devices is unconscionable. However, I have to give them credit for making some announcement about it rather than just silently ceasing to push updates.The one redeeming factor for Canonical is that probably less 100 people actually used Ubuntu as their main mobile OS and probably all of those people know how to flash another ROM onto their phones. I wanted to try an Ubuntu Phone but one that worked with American networks was never released. If Canonical were to produce another consumer product, it would have to be a great deal for me to consider it after this.
I will be interested to see if Ubuntu can maintain its relative popularity as a Linux distro. I thought a lot of its success in the cloud was due to its popularity on the desktop and now it seems like Canonical might be giving up that edge.