Language Selection

English French German Italian Portuguese Spanish

Gentoo

Pentoo – A Security-Focused Linux Distro Based on Gentoo

Filed under
Gentoo
Security

Pentoo is an open-source Live CD and Live USB Gentoo Linux-based operating system designed for experts in the field of penetration testing and security assessment. It is available for both 32-bit and 64-bit architectures and is can be run as an overlay on an existing Gentoo installation.

If you’re not familiar with Gentoo Linux, it is an advanced Linux distro that enables users to compile their operating system from the source in other to enjoy advantages such as applications and optimal performance specific to the computer, to mention a couple.

It does not have an installer and users are to translate the software they want before continuing with the installation. In short, one shouldn’t go near it if they don’t have the perseverance for filing through Linux documentation.

Just like with Gentoo, Pentoo has an advanced Python-based package management system with cool features such as “fake” (OpenBSD-style) installs, system profiles, config file management, safe unmerging, and virtual packages, among others.

Read more

exGENT 2020 Linux Distro Makes Gentoo Fun to Use with the LXQt Desktop

Filed under
Linux
Gentoo

Arne Exton’s exGENT GNU/Linux distribution aims to continue the tradition of Gentoo-based live distros with a new release that puts the latest LXQt 0.14.1 desktop environment in the spotlight.

We all know by now that Gentoo is one of the hardest Linux-based operating systems to install due to packages needing to be compiled from sources locally. But the good thing about Gentoo is that it doesn’t uses a one-size fits all approach, which mens that it can be fully optimized for specific hardware.

Newcomers who want to try Gentoo Linux on their personal computer have a hard time due to the lack of Gentoo-based live distributions. Here’s where exGENT Linux comes into play, promising to offer users an up-to-date Gentoo-based live system that can be installed in a few minutes.

Read more

Meet Calculate Linux 20!

Filed under
Gentoo

For this new (year) release, Gentoo 17.1 was used as the base profile, all binary packages recompiled with GCC 9.2, and overlays managed with eselect. Calculate Linux will no longer come in 32 bits.

Are available for download: Calculate Linux Desktop featuring the KDE (CLD), Cinnamon (CLDC), LXQt (CLDL), Mate (CLDM) or else Xfce (CLDX and CLDXS) scientific, Calculate Directory Server (CDS), Calculate Linux Scratch (CLS) and Calculate Scratch Server (CSS).

Read more

Also: Gentoo-Based Calculate Linux 20 Released To Ring In The New Year, Free Of 32-Bit Support

Calculate Linux 20 Now Available For Download

Michał Górny: A distribution kernel for Gentoo

Filed under
Linux
Gentoo

The traditional Gentoo way of getting a kernel is to install the sources, and then configure and build one yourself. For those who didn’t want to go through the tedious process of configuring it manually, an alternative route of using genkernel was provided. However, neither of those variants was able to really provide the equivalent of kernels provided by binary distributions.

I have manually configured the kernels for my private systems long time ago. Today, I wouldn’t really have bothered. In fact, I realized that for some time I’m really hesitant to even upgrade them because of the effort needed to update configuration. The worst part is, whenever a new kernel does not boot, I have to ask myself: is it a real bug, or is it my fault for configuring it wrong?

I’m not alone in this. Recently Михаил Коляда has talked to me about providing binary kernels for Gentoo. While I have not strictly implemented what he had in mind, he inspired me to start working on a distribution kernel. The goal was to create a kernel package that users can install to get a working kernel with minimal effort, and that would be upgraded automatically as part of regular @world upgrades.

Read more

Also: Gentoo Developers Exploring The Possibility Of Shipping Distribution Binary Kernels

Chrome OS 79 Adds Media Controls in Lock Screen, Mouse Acceleration Control

Filed under
GNU
Linux
Gentoo
Google

Just a few days after the release of its Chrome 79 web browser, Google promoted the Chrome OS 79 Linux-based operating system for Chromebooks to the stable channel, rolling out now to all supported devices.

Based on the recently released Google Chrome 79 web browser, which landed for Linux, Android, macOS, and Windows platforms last week, Chrome OS 79 is here with a bunch of improvements and new features, starting with media controls in the lock screen to make it more convenient for users to control their media.

The new media controls in lock screen feature allows users to control their media right from the lock screen when they're listening to audio on their Chromebook. Users will be able to play, pause, and skip audio tracks Spotify, YouTube Music, and many other apps without unlocking their Chromebook.

Read more

Funtoo Linux 1.4 Released

Filed under
GNU
Linux
Gentoo

Drobbins has announced the new release of Funtoo Linux 1.4 on Sep 11, 2019.

This release is based on a 21 June 2019 snapshot of Gentoo Linux with significant updates to key parts of the system, such as compiler and OpenGL subsystem.

This is the fourth release of the Funtoo Linux 1.x series, which may be the last update of this release, as the developer said he would start developing 2.0 a month later.

Read more

A Look at Redcore Linux: Gentoo based Linux Distribution

Filed under
GNU
Linux
Gentoo
Reviews

Many people in the technology world have heard, at least in passing, of the Linux distribution Gentoo. Gentoo is one of the most famous distributions to the point of becoming a joke; with it’s complexity and depth, installing Gentoo has been a daunting task for many.

Redcore is one of the latest distributions to attempt to bring the power of Gentoo to the everyday user.

I previously wrote an article in 2017 about Sabayon Linux, another popular Gentoo based system; but Redcore Linux holds its own and pulls its own weight.

Read more

[Gentoo] AArch64 (arm64) profiles are now stable!

Filed under
Gentoo

The ARM64 project is pleased to announce that all ARM64 profiles are now stable.

While our developers and users have contributed significantly in this accomplishment, we must also thank our Packet sponsor for their contribution. Providing the Gentoo developer community with access to bare metal hardware has accelerated progress in acheiving the stabilization of the ARM64 profiles.

Read more

Verifying Gentoo election results via Votrify

Filed under
Gentoo

Gentoo elections are conducted using a custom software called votify. During the voting period, the developers place their votes in their respective home directories on one of the Gentoo servers. Afterwards, the election officials collect the votes, count them, compare their results and finally announce them.

The simplified description stated above suggests two weak points. Firstly, we rely on honesty of election officials. If they chose to conspire, they could fake the result. Secondly, we rely on honesty of all Infrastructure members, as they could use root access to manipulate the votes (or the collection process).

To protect against possible fraud, we make the elections transparent (but pseudonymous). This means that all votes cast are public, so everyone can count them and verify the result. Furthermore, developers can verify whether their personal vote has been included. Ideally, all developers would do that and therefore confirm that no votes were manipulated.

Currently, we are pretty much implicitly relying on developers doing that, and assuming that no protest implies successful verification. However, this is not really reliable, and given the unfriendly nature of our scripts I have reasons to doubt that the majority of developers actually verify the election results. In this post, I would like to shortly explain how Gentoo elections work, how they could be manipulated and introduce Votrify — a tool to explicitly verify election results.

Read more

Michał Górny (Gentoo) and Daniel Kahn Gillmor (Debian) on OpenPGP Security

Filed under
GNU
Linux
Gentoo
Security
Debian
  • Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other non-solutions

    The recent key poisoning attack on SKS keyservers shook the world of OpenPGP. While this isn’t a new problem, it has not been exploited on this scale before. The attackers have proved how easy it is to poison commonly used keys on the keyservers and effectively render GnuPG unusably slow. A renewed discussion on improving keyservers has started as a result. It also forced Gentoo to employ countermeasures. You can read more on them in the ‘Impact of SKS keyserver poisoning on Gentoo’ news item.

    Coicidentally, the attack happened shortly after the launch of keys.openpgp.org, that advertises itself as both poisoning-resistant and GDPR-friendly keyserver. Naturally, many users see it as the ultimate solution to the issues with SKS. I’m afraid I have to disagree — in my opinion, this keyserver does not solve any problems, it merely cripples OpenPGP in order to avoid being affected by them, and harms its security in the process.

    In this article, I’d like to shortly explain what the problem is, and which of the different solutions proposed so far to it (e.g. on gnupg-users mailing list) make sense, and which make things even worse. Naturally, I will also cover the new Hagrid keyserver as one of the glorified non-solutions.

  • Daniel Kahn Gillmor: WKD for debian.org

    By default, this will show you any matching certificate that you already have in your GnuPG local keyring. But if you don't have a matching certificate already, it will fall back to using WKD.

    These certificates are extracted from the debian keyring and published at https://openpgpkey.debian.org/.well-known/debian.org/, as defined in the WKD spec. We intend to keep them up-to-date when ever the keyring-maint team publishes a new batch of certificates. Our tooling uses some repeated invocations of gpg to extract and build the published tree of files.

    Debian is current not implementing the Web Key Directory Update Protocol (and we have no plans to do so). If you are a Debian developer and you want your OpenPGP certificate updated in WKD, please follow the normal procedures for Debian keyring maintenance like you always have.

Syndicate content

More in Tux Machines

Antitrust Laws and Open Collaboration

If you participate in standards development organizations, open source foundations, trade associations, or the like (Organizations), you already know that you’re required to comply with antitrust laws. The risks of noncompliance are not theoretical – violations can result in severe criminal and civil penalties, both for your organization and the individuals involved. The U.S. Department of Justice (DOJ) has in fact opened investigations into several standards organizations in recent years. Maybe you’ve had a training session at your company, or at least are aware that there’s an antitrust policy you’re supposed to read and comply with. But what if you’re a working group chair, or even an executive director, and therefore responsible for actually making sure nothing happens that’s not supposed to? Beyond paying attention, posting or reviewing an antitrust statement at meetings, and perhaps calling your attorney when member discussions drift into grey zones, what do you actually do to keep antitrust risk in check? Well, the good news is that regulators recognize that standards and other collaboration deliverables are good for consumers. The challenge is knowing where the boundaries of appropriate conduct can be found, whether you’re hosting, leading or just participating in activity involving competitors. Once you know the rules, you can forge ahead, expecting to navigate those risks, and knowing the benefits of collaboration can be powerful and procompetitive. We don’t often get glimpses into the specific criteria regulators use to evaluate potential antitrust violations, particularly as applicable to collaborative organizations. But when we do, it can help consortia and other collaborative foundations focus their efforts and take concrete steps to ensure compliance. In July 2019, the DOJ Antitrust Division (Division) provided a new glimpse, in its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Guidance). Although the Guidance is specifically intended to assist Division prosecutors evaluating corporate compliance programs when charging and sentencing, it provides valuable insights for building or improving an Organization’s antitrust compliance program (Program). At a high level, the Guidance suggests that an effective Program will be one that is well designed, is applied earnestly and in good faith by management, and includes adequate procedures to maximize effectiveness through efficiency, leadership, training, education, information and due diligence. This is important because organizations that detect violations and self-report to the Division’s Corporate Leniency program may receive credit (e.g. lower charges or penalties) for having an effective antitrust compliance program in place. Read more

today's howtos

Events: SUSECON, OpenShift Troubleshooting Workshop and Kubernetes Contributor Summit Amsterdam

  • Get Expert Guided Hands-On Experience at the SUSECON 2020 Pre-Conference Workshops

    Are you ready for SUSECON 2020? It’s coming up fast! Join us in Dublin Ireland from March 23 – 27 for a week packed with learning and networking.

  • Get Certified During SUSECON 2020

    Working in IT is not for the feint of heart; the work is demanding, and change is constant. Right now, your organization is undoubtedly seeking new ways to extend the value of their investment in IT and get more done faster.

  • The OpenShift Troubleshooting Workshop

    The first workshop in our Customer Empathy Workshop series was held October 28, 2019 during the AI/ML (Artificial Intelligence and Machine Learning) OpenShift Commons event in San Francisco. We collaborated with 5 Red Hat OpenShift customers for 2 hours on the topic of troubleshooting. We learned about the challenges faced by operations and development teams in the field and together brainstormed ways to reduce blockers and increase efficiency for users. The open source spirit was very much alive in this workshop. We came together with customers to work as a team so that we can better understand their unique challenges with troubleshooting. Here are some highlights from the experience.

  • [Kubernetes] Contributor Summit Amsterdam Schedule Announced

Security: Patches, Bugs, RMS Talk and NG Firewall 15.0

  • Security updates for Wednesday

    Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, ksh, and sudo), Debian (php7.0 and python-django), Fedora (cacti, cacti-spine, mbedtls, and thunderbird), openSUSE (chromium, re2), Oracle (firefox, java-1.7.0-openjdk, and sudo), Red Hat (openjpeg2 and sudo), Scientific Linux (java-1.7.0-openjdk and sudo), SUSE (dbus-1, dpdk, enigmail, fontforge, gcc9, ImageMagick, ipmitool, php72, sudo, and wicked), and Ubuntu (clamav, linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-azure, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, linux-lts-xenial, linux-aws, and qemu).

  • Certificate validity and a y2k20 bug

    One of the standard fields of an SSL certificate is the validity period. This field includes notBefore and notAfter dates which, according to RFC5280 section 4.1.2.5, indicates the interval "during which the CA warrants that it will maintain information about the status of the certificate" This is one of the fields that should be inspected when accepting new or unknown certificates. When creating certificates, there are a number of theories on how long to set that period of validity. A short period reduces risk if a private key is compromised. The certificate expires soon after and can no longer be used. On the other hand, if the keys are well protected, then there is a need to regularly renew those short-lived certificates.

  • Free Software is protecting your data – 2014 TEDx Richard Stallman Free Software Windows and the NSA

    Libre booted (BIOS with Linux overwritten) Thinkpad T400s running Trisquel GNU/Linux OS. (src: https://stallman.org/stallman-computing.html) LibreBooting the BIOS? Yes! It is possible to overwrite the BIOS of some Lenovo laptops (why only some?) with a minimal version of Linux.

  • NG Firewall 15.0 is here with better protection for SMB assets

    Here comes the release of NG Firewall 15.0 by Untangle with the creators claiming top-notch security for SMB assets. Let’s thoroughly discuss the latest NG Firewall update. With that being said, it only makes sense to first introduce this software to the readers who aren’t familiar with it. As the name ‘NG Firewall’ suggests, it is indeed a firewall but a very powerful one. It is a Debian-based and network gateway designed for small to medium-sized enterprises. If you want to be up-to-date with the latest firewall technology, your best bet would be to opt for this third-generation firewall. Another factor that distinguishes the NG Firewall from other such products in the market is that it combines network device filtering functions and traditional firewall technology.