Are there dangerous security flaws hidden in Linux?

In today's open source roundup: The GnuTLS bug has many people wondering about security in Linux. Plus: MATE 1.8 released, and senior citizens learn to use Linux

Ars Technica has a very disturbing report about the GnuTLS bug. It has many wondering if there are other hidden security flaws in Linux, and what must be done to stop such bugs from happening again.

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

More at Ars Technica
Linux Security Flaws GnuTLS
Image credit: Ars Technica

Please note that you can upgrade to gnutls 3.2.12 to fix the bug noted in Ars' article.

So it seems that Apple's iOS isn't the only operating system with security problems. I know that the GnuTLS bug has freaked a lot of people out, they just didn't expect this kind of a thing to happen with Linux. But it did, and now we have to deal with it.

Let's face it folks, there is no bullet-proof computer operating system out there. Linux has many strengths but it's not perfect and it never will be. I think this is a situation where you have to take a lemon and make lemonade out of it, as much as is humanly possible.

And the way to do that is to consider this an opportunity to step back and take stock in how reviews and coding are handled. Developers need to put on their Sherlock Holmes hats and go into detective mode. They should work to identify all of the possible problem areas and then make the necessary changes to help prevent this kind of problem from ever happening again.

sherlock_tux.jpg

I know that some people will probably use this as a chance to bash Linux and open source. Fine, let them go ahead and do that. Chances are that they would be bashing anyway regardless of what the actual problem was so there's no point in worrying about it.

If the critics actually have useful and valid criticism then it's worth paying attention to their thoughts and noting any useful suggestions. If not, then just disregard them as usual since it's always been that way with some folks that dislike Linux and open source in general.

The GnuTLS bug should be a wake up call for open source developers to review their work, and try to make sure that other potential security headaches are fixed or removed. If that happens then this nasty and bitter lemon will indeed be turned into a sweet, delicious glass of lemonade.

MATE 1.8 desktop released

WebUpd8 reports that version 1.8 of the MATE desktop environment has been released.

After 11 months of development, MATE 1.8 has been released, bringing various refinements and new features such as support for Metacity as window manager, side-by-side window tiling and more, as well as many bug fixes.

Changes in MATE Desktop 1.8:

Control Center: added support for Metacity as window manager;

Marco (window manager): added side-by-side tiling (windows snapping);

Caja (file manager):

added option to use IEC units instead of SI units;

added “Open parent location” option in context menu in search view;

Panel: Added support to run dialog and main menu opening with Metacity keybindings;

Screensaver: show date and time in lock dialog;

Applets:

added undo functionality to sticky note applet;

new “command” applet to show the output of a command;

rewritten “timer” applet in C;

mouse middle click on volume applet toggles mute state;

added MATE User Guide;

added mpaste tool for paste.mate-desktop.org;

Eye Of MATE (image viewer): added shuffle mode in slideshow

More at WebUpd8

MATE 1.8 Desktop Released
Image credit: WebUpd8

MATE is a great alternative if you prefer a classic kind of desktop environment. It's definitely a favorite of mine since I lean toward the GNOME 2 type of user interface. I've found it's very tough to beat the older interfaces for my work flow and personal comfort.

Your mileage may vary, of course. I know that some folks prefer Cinnamon, Unity or even GNOME 3. And more power to you if they are your preference. One of the great things about Linux is that there are choices for everybody in desktop user interfaces.

The MATE site has more screenshots of MATE 1.8 available if you want to view them.

Linux and senior citizens

Foss Force tells the tale of senior citizens learning to use computers.

Last year, we began holding two day “Computer 101″ classes each week. For two hours each night, we taught people the most basic computer skills. We discovered that the majority of people attending were in the age group of 50-70 years old.

So it’s good when you can remember to be patient with older folks like me. Lots of people in my age group were caught off guard by the dizzying advancement of technology. Many of us were in a place where our jobs didn’t entail using a computer and the technology parade passed us by. So I do what I can to help my age group accomplish the simple things…email with the kids and grandkids, search for stuff on the Internet and maybe some online banking and purchasing. And of course, we want to teach them how to use Linux for those tasks.

More at Foss Force

Kudos to the author for teaching older generations how to use a computer. I think it's an admirable thing to do, particularly if they are learning to use Linux and open source software. You are never too old to learn new things, and older people have so much to offer to the younger generations too.

What's your take on all this? Tell me in the comments below.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies