Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Alas, Poor PGP

    The first is an assertion that email is inherently insecure and can’t be made secure. There are some fairly convincing arguments to be made on that score; as it currently stands, there is little ability to hide metadata from prying eyes. And any format that is capable of talking on the network — as HTML is — is just begging for vulnerabilities like EFAIL.

    But PGP isn’t used just for this. In fact, one could argue that sending a binary PGP message as an attachment gets around a lot of that email clunkiness — and would be right, at the expense of potentially more clunkiness (and forgetfulness).

    What about the web-of-trust issues? I’m in agreement. I have never really used WoT to authenticate a key, only in rare instances trusting an introducer I know personally and from personal experience understand how stringent they are in signing keys. But this is hardly a problem for PGP alone. Every encryption tool mentioned has the problem of validating keys. The author suggests Signal. Signal has some very strong encryption, but you have to have a phone number and a smartphone to use it. Signal’s strength when setting up a remote contact is as strong as SMS. Let that disheartening reality sink in for a bit. (A little social engineering could probably get many contacts to accept a hijacked SIM in Signal as well.)

    How about forward secrecy? This is protection against a private key that gets compromised in the future, because an ephemeral session key (or more than one) is negotiated on each communication, and the secret key is never stored. This is a great plan, but it really requires synchronous communication (or something approaching it) between the sender and the recipient. It can’t be used if I want to, for instance, burn a backup onto a Bluray and give it to a friend for offsite storage without giving the friend access to its contents. There are many, many situations where synchronous key negotiation is impossible, so although forward secrecy is great and a nice enhancement, we should assume it to be always applicable.

    [...]

    My current estimate is that there’s no magic solution right now. The Sequoia PGP folks seem to have a good thing going, as does Saltpack. Both projects are early in development, so as a privacy-concerned person, should you trust them more than GPG with appropriate options? That’s really hard to say.

  • Armadillo Is An Open-Source “USB Firewall” Device To Protect You Against USB Attacks

    Exchanging data using USB devices is something that we do on a daily basis. But how often do you think that the next USB device that you’ll plug into your PC’s port could be malicious? In the past, researchers have unveiled 29 types of USB attacks that could compromise your sensitive data by simply plugging in a USB device.

    Globotron’s Armadillo is a device that you could use to protect yourself from USB attacks.

  • Open source solutions in autonomous driving: safety is more than an afterthought [Ed: A lot less likely to contain back doors, unlike proprietary software where this has become rather 'standard' a 'feature']

    In the automotive industry, in-vehicle infotainment (IVI) systems were one of the early adopters of open source operating systems, namely Linux. Today’s innovation and success with IVIs can largely be attributed to this approach.

    Collaborative efforts such as the GENIVI Alliance and Automotive Grade Linux—where automakers, suppliers, and their competitors agree to share common elements of the IVI software stack—are enabling rapid development in this area.

  • New open source solution reduces the risks associated with cloud deployments [Ed: This is an inherently flawed kind of logic because if you handed over control to AWS, then the Pentagon already controls everything and thus you have zero security, you're 'pwned' by definition]

    The Galahad software will be deployed to AWS and provides a nested hypervisor on AWS instances. There, it will monitor role-based virtual machines virtually across all levels of the application stack including the docker container: the basic unit of software that packages an application to run quickly between computing environments.

  • Open-Source Exploit: Private Keys in MyDashWallet Exposed for Two Months- Users Should Move Funds Immediately [Ed: Highly misleading headline. This has nothing to do with "Open Source"; it's about some fool who uploaded private keys]

    The private keys of Dash crypto coins being held in online software “hot wallet” called MyDashWallet have been exposed to hackers for two months, and anyone using the wallet should immediately move funds out.

    A “hot wallet” is any cryptocurrency software “wallet” connected to the Internet.

Security Leftovers

Filed under
Security
  • Researchers Build App That Kills To Highlight Insulin Pump Exploit

    By now the half-baked security in most internet of things (IOT) devices has become a bit of a running joke, leading to amusing Twitter accounts like Internet of Shit that highlight the sordid depth of this particular apathy rabbit hole. And while refrigerators leaking your gmail credentials and tea kettles that expose your home networks are entertaining in their own way, it's easy to lose sight of the fact that the same half-assed security in the IOT space also exists on most home routers, your car, your pacemaker, and countless other essential devices and services your life may depend on.

    Case in point: just about two years ago, security researchers discovered some major vulnerabilities Medtronic's popular MiniMed and MiniMed Paradigm insulin pumps. At a talk last year, they highlighted how a hacker could trigger the pumps to either withhold insulin doses, or deliver a lethal dose of insulin remotely. But while Medtronic and the FDA warned customers about the vulnerability and issued a recall over time, security researchers Billy Rios and Jonathan Butts found that initially, nobody was doing much to actually fix or replace the existing devices.

    [...]

    And of course that's not just a problem in the medical sector, but most internet-connected tech sectors. As security researcher Bruce Schneier often points out, it's part of a cycle of dysfunction where the consumer and the manufacturer of a flawed product have already moved on to the next big purchase, often leaving compromised products, and users, in a lurch. And more often than not, when researchers are forced to get creative to highlight the importance of a particular flaw, the companies in question enjoy shooting the messenger.

  • Desktop Operating Systems: Which is the safest? [Ed: This shallow article does not discuss NSA back doors and blames on "Linux" devices with open ports and laughable passwords -- based on narrative often pushed by corporate media to give illusion of parity. Also pushes the lie of Linux having minuscule usage.]
  • How Open Source Data Can Protect Consumer Credit Card Information
  • Open Source Hacking Tool Grows Up

    An open source white-hat hacking tool that nation-state hacking teams out of China, Iran, and Russia have at times employed to avoid detection....

Security: EvilGnome Scaremongering, Intel Defects, New Patches and the "Desktop Security Nightmare"

Filed under
Security
  • EvilGnome Is A Linux Spyware That Records Audio And Steals Your Files [Ed: FOSSBytes has moved on from pushing non-FOSS misinformation to actually doing anti-FOSS FUD. Painting malware one needs to actually install as a real threat.]
  • CPU vulnerability mitigations keeping Linux devs busy: SUSE's Pavlík [Ed: Intel defects now waste software developers' time. They should just replace/recall those billions of defective chips]

    A veteran Linux kernel developer at Germany-based SUSE says the one thing that keeps him and his team busy these days is CPU vulnerability mitigations...

  • Security updates for Friday

    Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).

  • The Desktop Security Nightmare

    Many of us have extremely sensitive data on our systems. Emails to family, medical or bank records, Bitcoin wallets, browsing history, the list goes on. Although we have isolation between our user account and root, we have no isolation between applications that run as our user account. We still, in effect, have to be careful about what attachments we open in email.

    Only now it’s worse. You might “npm install hello-world”, and audit hello-world itself, but get some totally malicious code as well. How many times do we see instructions to gem install this, pip install that, go get the other, and even curl | sh? Nowadays our risky click isn’t an email attachment. It’s hosted on Github with a README.md.

    Not only that, but my /usr/bin has over 4000 binaries. Have every one been carefully audited? Certainly not, and this is from a distro with some of the highest quality control around. What about the PPAs that people add? The debs or rpms that are installed from the Internet? Are you sure that the postinst scripts — which run as root — aren’t doing anything malicious when you install Oracle Virtualbox?

    [...]

    One thing a person could do would be to keep the sensitive data on a separate, ideally encrypted, filesystem. (Maybe even a fuse one such as gocryptfs.) Then, at least, it could be unavailable for most of the time the system is on.

    Of course, the downside here is that it’s still going to be available to everything when it is mounted, and there’s the hassle of mounting, remembering to unmount, password typing, etc. Not exactly transparent.

    I wondered if mount namespaces might be an answer here. A filesystem could be mounted but left pretty much unavailable to processes unless a proper mount namespace is joined. Indeed that might be a solution. It is somewhat complicated, though, since nsenter requires root to work. Enter sudo, and dropping privileges back to a particular user — a not particularly ideal situation, and complex as well.

    Still, it might well have some promise for some of these things.

Security Leftovers

Filed under
Security
  • Re: [DNG] EvilGnome

    Basically, this doesn't strike me as even a tiny bit interesting. The template of '$EVILCODE does $STUFF to your system if you run it' raises the obvious question of 'What about _not_ running it?' By and large, code doesn't run itself, so failure to answer that 'one interesting question' means the interesting bit got omitted.

  • Web server security – Part 0: How to start

    Many server hardening or server security guides directly start with installing software packages and changing some configuration files. This is fine for experienced server administrators. However, people who try to set up their first server hit on problems and most importantly they very likely forget things that aren’t covered by such guides.

    So, please do not start to set up your first server by blindly following any guide on the internet (including our guides!).

  • “Sudo Mastery, 2nd Edition” open for tech review

    I need all reviews back by 5 August. This gives me time (if everything goes well) to have the book in print for vBSDCon. Assuming they accept my proposal, that is.

Security, DRM and Privacy

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

  • EvilGnomes Linux malware record activities & spy on users [Ed: This is something the user actually installs, harming his/her machine. Original post here.]]

    Dubbed EvilGnomes by researchers; the malware was found masquerading as a Gnome shell extension targeting Linux’s desktop users.

  • Mike Driscoll: New Malicious Python Libraries Found Targeting Linux

    They were written by a user named ruri12. These packages were removed by the PyPI team on July 9, 2019. However they were available since November 2017 and had been downloaded fairly regularly.

    See the original article for more details.

    As always, when using a package that you aren’t familiar with, be sure to do your own thorough vetting to be sure you are not installing malware accidentally.

  • Latest Huawei 'Smoking Gun' Still Doesn't Prove Global Blackball Effort's Primary Justification

    We've noted a few times now how the protectionist assault against Huawei hasn't been supported by much in the way of public evidence. As in, despite widespread allegations that Huawei helps China spy on Americans wholesale, nobody has actually been able to provide any hard public evidence proving that claim. That's a bit of a problem when you're talking about a global blackballing effort. Especially when previous investigations as long as 18 months couldn't find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don't want to compete with cheaper Chinese kit.

    That said, a new report (you can find the full thing here) dug through the CVs of many Huawei executives and employees, and found that a small number of "key mid-level technical personnel employed by Huawei have strong backgrounds in work closely associated with intelligence gathering and military activities."

  • No love lost between security specialists and developers

    Unless you've been under a rock, you've noticed hardly a day goes by without another serious security foul-up. While there's plenty of blame to go around for these endless security problems, some of it goes to developers who write bad code.

    That makes sense. But when GitLab, a DevOps company, surveyed over 4,000 developers and operators, they found 68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes.

  • GitLab Survey Surfaces Major DevSecOps Challenges Ahead

    A report based on a survey of 4,071 software professionals published this week by GitLab, a provider of a continuous integration and continuous deployment (CI/CD) platform, found that while appreciation of the potential value of DevSecOps best practices is high, the ability to implement those practices is uneven at best.

  • GitLab Survey Reveals Disconnect Between Developer And Security Teams

    In a survey conducted by GitLab, software professionals recognize the need for security to be baked into the development lifecycle, but the survey showed long-standing friction between security and development teams remain. While 69% of developers say they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel fewer than half of developers are able to spot security vulnerabilities later in the lifecycle.

  • Cook: security things in Linux v5.2

    Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2.

  • Doctorow's novella "Unauthorized Bread" explains why we have to fight DRM today to avoid a grim future

    Salima has a problem: her Boulangism toaster is locked down with software that ensures that it will only toast bread sold to her by the Boulangism company… and as Boulangism has gone out of business, there's no way to buy authorized bread. Thus, Salima can no longer have toast.

    This sneakily familiar scenario sends our resourceful heroine down a rabbit hole into the world of hacking appliances, but it also puts her in danger of losing her home -- and prosecution under the draconian terms of the Digital Millennium Copyright Act (DMCA). Her story, told in the novella “Unauthorized Bread,” which opens Cory Doctorow’s recent book Radicalized, guides readers through a process of discovering what Digital Restrictions Management (DRM) is, and how the future can look mightily grim if we don’t join forces to stop DRM now.

    “Unauthorized Bread” takes place in the near future, maybe five or ten years at most, and the steady creep of technology that takes away more than it gives has simply advanced a few degrees. Salima and her friends and neighbors are refugees, and they live precariously in low-income housing equipped with high-tech, networked appliances. These gizmos and gadgets may seem nifty on the surface, but immediately begin to exact an unacceptable price, since they require residents to purchase the expensive approved bread for the toaster, the expensive approved dishes for the dishwasher, and so on. And just as Microsoft can whisk away ebooks that people “own” by closing down its ebook service, the vagaries of the business world cause Boulangism to whisk away Salima’s ability to use her own toaster.

  • New Linux Malware Called EvilGnome Discovered; First Preview of Fedora CoreOS Now Available; Germany Bans Schools from Using Microsoft, Google and Apple; VirtualBox 6.0.10 Released; and Sparky 5.8 Has New Live/Install Media for Download

    Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."

  • Microsoft, Google and Apple clouds banned in Germany’s schools

    Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple. The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned.

    The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.

  • Microsoft, Google and Apple clouds banned in Germanys schools

    Did you know that Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple? The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned. What are your thoughts?

    The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.

Shrinking Linux Attack Surfaces

Filed under
Linux
Security

Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches that really close a hole, rather than just give attackers a slightly harder time of it.

Matthew Garrett recognized that userspace applications might have secret data that might be sitting in RAM at any given time, and that those applications might want to wipe that data clean so no one could look at it.

There were various ways to do this already in the kernel, as Matthew pointed out. An application could use mlock() to prevent its memory contents from being pushed into swap, where it might be read more easily by attackers. An application also could use atexit() to cause its memory to be thoroughly overwritten when the application exited, thus leaving no secret data in the general pool of available RAM.

The problem, Matthew pointed out, came if an attacker was able to reboot the system at a critical moment—say, before the user's data could be safely overwritten. If attackers then booted into a different OS, they might be able to examine the data still stored in RAM, left over from the previously running Linux system.

As Matthew also noted, the existing way to prevent even that was to tell the UEFI firmware to wipe system memory before booting to another OS, but this would dramatically increase the amount of time it took to reboot. And if the good guys had won out over the attackers, forcing them to wait a long time for a reboot could be considered a denial of service attack—or at least downright annoying.

Read more

Security: Linux 5.2 Dissection, New Patches, New ZDNet (CBS) FUD and Kali NetHunter App Store

Filed under
Linux
Security
  • Kees Cook: security things in Linux v5.2

    Gustavo A. R. Silva is nearly done with marking (and fixing) all the implicit fall-through cases in the kernel. Based on the pull request from Gustavo, it looks very much like v5.3 will see -Wimplicit-fallthrough added to the global build flags and then this class of bug should stay extinct in the kernel.

    That’s it for now; let me know if you think I should add anything here. We’re almost to -rc1 for v5.3!

  • Security updates for Wednesday

    Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack).

  • Malicious Python libraries targeting Linux servers removed from PyPI [Ed: Python does not run only on Linux, but Microsoft-funded sites like ZDNet (CBS) look for ways to blame everything on "Linux", even malicious software that gets caught in the supply chain]
  • Malicious Python Libraries Discovered on PyPI, Offensive Security Launches the Kali NetHunter App Store, IBM Livestreaming a Panel with Original Apollo 11 Technicians Today, Azul Systems Announces OpenJSSE and Krita 4.2.3 Released

    Offensive Security, the creators of open-source Kali Linux, has launched the Kali NetHunter App Store, "a new one stop shop for security relevant Android applications. Designed as an alternative to the Google Play store for Android devices, the NetHunter store is an installable catalogue of Android apps for pentesting and forensics". The press release also notes that the NetHunter store is a slightly modified version of F-Droid: "While F-Droid installs its clients with telemetry disabled and asks for consent before submitting crash reports, the NetHunter store goes a step further by removing the entire code to ensure that privacy cannot be accidentally compromised". See the Kali.org blog post for more details.

OPNsense 19.7 "Jazzy Jaguar" released

Filed under
OS
Security

For four and a half years now, OPNsense is driving innovation through
modularising and hardening the open source firewall, with simple
and reliable firmware upgrades, multi-language support, HardenedBSD
security, fast adoption of upstream software updates as well as clear
and stable 2-Clause BSD licensing.

19.7, nicknamed "Jazzy Jaguar", embodies an iteration of what should be
considered enjoyable user experience for firewalls in general: improved
statistics and visibility of rules, reliable and consistent live logging
and alias utility improvements.  Apart from the usual upgrades of third
party software to up-to-date releases, OPNsense now also offers built-in
remote system logging through Syslog-ng, route-based IPsec, updated
translations with Spanish as a brand new and already fully translated
language and newer Netmap code with VirtIO, VLAN child and vmxnet support.

Last but not least we would like to thank m.a.x. it for their sponsorship
of the default gateway priority switching feature and their continued work
of writing and maintaining plenty of community plugins.  This time around,
Maltrail, Netdata and WireGuard VPN have been freshly added to the mix.


Read more

Security and Spying With Listening Devices (Google, Amazon, Microsoft)

Filed under
Security
  • Was DNS intentionally designed to be insecure?

    but noone considered that now-controversial near-truism at all when the core internet protocols were first designed and implemented. the idea of abuse was considered novel in the 1990's when commercialization and privatization brought abuse into the internet world and burst the academic bubble. a lot of old timers blamed AOL and MSN and even Usenet for the problems, but in actuality, it's what humans _always_ do at scale. putting the full spectrum of human culture atop a technology platform designed for academic and professional culture should have been understood to be a recipe for disaster.

  • Smart meters in England are mysteriously switching to Welsh

    Bulb says that the problem has occurred in around 200 cases and that it takes five steps to fix it, though if you don't know Welsh, you'll need to get Bulb to talk you through it by way of numbers of button pushes.

    "While we think Welsh is a great language, we understand that in many cases people will want their display to be in English." it jibbered in a statement.

  • 'Defnydd heddiw': Smart meter displays in England turn Welsh in bizarre language glitch

    One customer, James Tombs, who lives well over 100 miles from the Welsh border, in West Sussex, told us: "I don't live in Wales and don't know Welsh. One day I saw my meter was in Welsh but ignored it as I was busy. I then came back to it later and realised that the screen was locked, the buttons didn't do anything and the unit wasn't updating. The clock was stuck at 15.47.

  • iOS 13 beta exposes iCloud Keychain passwords and usernames

    This allows for access to iCloud Keychain passwords, which pretty much means access to a whole suite of usernames and passwords stored by Apple's cloud service. We can envision the potential for another iCloud hack, only with leaked nudes of early adopter Apple fanatics rather than celebs indulging their promiscuous sides.

  • Windows 10 will soon allow third-party voice assistants to take precedence over Cortana

    Watch out for the change is 19H2 - which will be the first bi-annual update to the operating system to be a patch rollup, similar to the old Service Packs, instead of a full new build.

  • Google Home integrations are borking left, right and centre

    So what's the problem? Well, from the sound of the workaround, it appears that Google has been mucking about with the API under the hood again.

  • Google Assistant currently can’t connect to Philips Hue lights, fix is in the works

    For the past several months, Google Home owners have been encountering spotty issues between Assitant and Philips Hue products. In recent weeks especially, this problem has only gotten worse, and currently, the two products can’t talk to each other whatsoever. For most users, this results in attempting to unlink and relink a Hue account to Assistant, but that only results in an error when trying to relink the two accounts.

Security Leftovers

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

  • Explainer: What is post-quantum cryptography?

    Few of us give much thought to the tiny padlock symbol that appears in our web browsers every time we use an e-commerce site, send and receive emails, or check our bank or credit card accounts. But it’s a signal that the online services are using HTTPS, a web protocol that encrypts the data we send across the internet and the responses we receive. This and other forms of encryption protect all kinds of electronic communications, as well as things like passwords, digital signatures, and health records.

  • Monitoring Linux Logs with Kibana and Rsyslog

    f you are a system administrator, or even a curious application developer, there is a high chance that you are regularly digging into your logs to find precious information in them.

    Sometimes you may want to monitor SSH intrusions on your VMs.

    Sometimes, you might want to see what errors were raised by your application server on a certain day, on a very specific hour. Or you may want to have some insights about who stopped your systemd service on one of your VMs.

    If you pictured yourself in one of those points, you are probably on the right tutorial.

    In this tutorial, we are to build a complete log monitoring pipeline using the ELK stack (ElasticSearch, Logstash and Kibana) and Rsyslog as a powerful syslog server.

    Before going any further, and jumping into technical considerations right away, let’s have a talk about why do we want to monitor Linux logs with Kibana.

  • Critical Vulnerability Found In Ad Inserter WordPress Plugin [Ed: Well, ads are malicious, many are literally malware, so people who put this crap in their site ask for if not deserve the worst.]

    On July 12, Wordfence team(Another popular security plugin for WordPress), discovered a vulnerability called RCE — Remote Code Execution in Ad inserter. This vulnerability can allow an attacker to run any arbitrary PHP code on the site.

    The vulnerability was found in Ad preview module of the plugin where you can preview the ads position, size, etc. before publishing it. This action can only be executed by the WordPress administrators and to ensure this, the plugin writer used WordPress function ‘check_admin_referer()‘ which ensures that the action is being performed by the administrator.

    Wordfence threat intelligence team who discovered this vulnerability said the ‘check_admin_referer()‘ function is not enough protection. check_admin_referer() is designed to protect against CSRF (Cross-site request forgery) and the way it ensures this is by checking if nonce (a one-time token) exists in the request.

  • Wanna work on Debian LTS (and get funded)?

    If you are in Curitiba and are interested to work on Debian LTS (and get paid for that work), please come and talk to me, Debian LTS is still looking for more contributors!

Syndicate content