285: Pain the APT
Jan. 23, 2019, 3:45 a.m. (5 years, 10 months ago)
0 Comments
An embarrassing vulnerability has been found in the apt package manager, we’ll break it all down. Plus Alessandro Castellani tells us about his plans to build a professional design tool for Linux.
We also have a batch of big community news, and the case for the cloud killing Open Source.
Special Guests: Alessandro Castellani and Brent Gervais.
Links:
- OggCamp 19 — OggCamp is an unconference celebrating Free Culture, Free and Open Source Software, hardware hacking, digital rights, and all manner of collaborative cultural activities.
- OggCamp on Twitter
- Remote Code Execution in apt-get — A vulnerability in apt allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt.
- Why does APT not use HTTPS?
- Turkish ISP Swapped Downloads of Popular Software with Spyware-Infected Apps
- Which block I/O scheduler is the best? We asked eBPF. — I set out expecting to see differing distributions of latencies for each block scheduler, but ultimately found that I didn’t understand low-level systems behavior to the degree I thought I did.
- Want to spin up Ubuntu VMs from Windows 10's command line, eh? We'll need to see a Multipass. — Windows 10 developers have been gifted yet another way of running Linux on their desktop in the form of Canonical's Multipass.
- Microsoft Employee Hints at Windows Core OS Open Source Components
- TechSNAP Episode 395: The ACME Era
- LinuxFest Northwest 20th Anniversary
- LFNW Telegram Group
- LinuxFest Northwest Parking Lot BBQ Meetup
- SCALE 17x
- SCALE Telegram Group
- Texas Linux Fest 2019
- Public Speaking: A repository of resources about public speaking, specifically in the context of software development and IT conferences.
- Linux Operating System Fundamentals — Have you heard of Linux, but don't really know anything about it? Are you a non-technical person just wanting to know what this 'Linux' thing is? Then this course is for you.
- Akira: Native Linux App for UI and UX Design
- Akira on Kickstarter
- Exponent episode 159 — Inverted Pyramids
- Late Night Linux – Episode 55 — Are you better off with the elasticity of public clouds like AWS, or should you avoid lock-in by running servers on premises?
- AWS, MongoDB, and the Economic Realities of Open Source
- Open source confronts its midlife crisis
No comments have been posted yet, be the first one to comment.
