Free Republic

There are countless Linux distributions available, a vast majority are free to download and use. Some are more appropriate for performing particular tasks than others. For example, Ubuntu, Mint, and Elementary OS are more recommended in desktop and laptop PCs than Arch Linux or Alpine.In this guide, we seek to compare RHEL and Debian from an administrative point of view. We will look at the technical and philosophical differences between the two and see which fairs better than the other.Software LicensingRHEL is an open-source and commercial Linux distribution developed by Red Hat, Inc which was acquired by IBM on May...

U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, have introduced bipartisan legislation to help protect federal and critical infrastructure systems by strengthening the security of open source software. The legislation comes after a hearing convened by Peters and Portman on the Log4j incident earlier this year, and would direct the Cybersecurity and Infrastructure Security Agency (CISA) to help ensure that open source software is used safely and securely by the federal government, critical infrastructure, and others. A vulnerability discovered in Log4j – which is widely used open...

Summary: We turn our attention to the Debian Project and Software in the Public Interest (SPI), knowing that theyÂ’re vulnerable to cash that groups recklessly take without foresight (likely negative consequences) THIS post might offend some people; not because of offensive language but because some people associate and affiliate with organisations that are named here. WeÂ’ll refrain from using names. Please donÂ’t personify these things (itÂ’s a trap); we only care about whatÂ’s true because facts and accuracy matter. ItÂ’s never ad hominem. We have the facts. Our track record is good. We focus on issues that we understand very...

For many early Linux users, Slackware was their introduction. One user told me her first Linux install was Slackware—and she had to use a hex editor to fix the partition tables so that Slackware would install. Support for her hardware was added in a later release. Another got his start building the data center that would power one of the first internet-enabled real estate sites. In the mid-1990s, Slackware was one of the easiest distributions to get and didn't require a lot of effort to get IP masquerading to work correctly. A third person mentioned going to sleep while...

In a press call to journalists, Canonical founder Mark Shuttleworth (accompanied at times by a rather excitable Labrador) explained that shortly after the Snap release several Linux developers, particularly from Arch and Gentoo, approached Canonical with an idea to make Snap a more universal system. Snap, originally developed for Ubuntu's mobile flavor of Linux, is a way of packaging an application with all the dependencies it needs to run in isolation. This means it's easier to run on any device, and the main operating system doesn't risk suffering a Total Inability To Support Usual Performance (TITSUP) if an application gets...

Docker today announced that Ian Murdock, a member of the startup's technical staff and a former Sun and Salesforce employee known for founding the Debian Linux operating system, has passed away. He was 42. A cause of death was not provided in the blog post announcing the news. Docker declined to comment. The San Francisco Police Department did not immediately have information on Murdock's cause of death.

A serious vulnerability in the popular OpenSSL cryptographic library has been discovered that allows attackers to steal information unnoticed. Known as the Heartbleed bug, the vulnerability allows anyone on the Internet to read the memory of systems that run vulnerable versions of OpenSSL, revealing the secret authentication and encryption keys to protect the traffic. User names, passwords and the actual content of the communications can also be read. ... OpenSSL recommends that uses immediately upgrade to version 1.0.1g. If that's not possible, users should recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag to remove the the heartbeat handshake. The 1.0.2 version of...

Back in May 2006, a few programmers working on an open-source security project made a whopper of a mistake. Last week, the full impact of that mistake was just beginning to dawn on security professionals around the world. In technical terms, a programming error reduced the amount of entropy used to create the cryptographic keys in a piece of code called the OpenSSL library, which is used by programs like the Apache Web server, the SSH remote access program, the IPsec Virtual Private Network (VPN), secure e-mail programs, some software used for anonymously accessing the Internet, and so on. The...

Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 Vulnerability : userland can access full kernel memory Problem type : local Debian-specific: no CVE Id(s) : CAN-2003-0961 Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to...

Hi, *NB* bear in mind that: a) the information on the break-in in comes from compromised machines and thus has to be taken with appropriate skepticism. b) the investigation is still ongoing - as I was writing this draft further information came to light which may invalidate a lot of it. [Or not - as it turns out]. Detection --------- On November 20 it was noticed that master was kernel oops-ing lots. While investigating this it was discovered that murphy was showing the exact same oops, which was an overly suspicious coincidence. Also klecker, murphy and gluck have aide installed...