Bashed: So the Bash bug is out there and real. These quick notes are still valid. The point is that this hideous feature (really, exporting function definitions through environment variables) is horrid and leaky by design and it’s only this bug in how that feature is implemented thats bringing it to the fore. CGI scripting, Qmail, some SSH and DHCP services are all potentially vulnerable, so patch away but be prepared to patch again because the lid is off this can of worms. Safest end point is, most probably, that the functionality goes away, but thats unlikely and even if it did there’ll still be old bash installs out there. Least helpful response – the FSF statement which fails to apologise and then pats itself on the back that free software let the patches be shared and then rattles the donation tin. Funniest response – Brian J Fox, Bash creator, quoted in the NYT joking his first response was “Aha, my plan worked”.
Security in a Qube too: The Qubes OS developers have been working away steadily on their virtualisation-compartmented desktop operating system and now Joanna Rutkowska has announced Qubes OS Release 2. The OS is now described as “a powerful desktop OS” rather than a proof-of-concept, and to reinforce that, Casper Bowden, is joining the advisory board for Qubes to see if it can be brought to a wider world. If you’ve not met Qubes, imagine a desktop Linux where each app or group of apps are run in their own virtualised sandbox while the OS works to make it easy for the user to not be bothered by that. If you were looking for a “post-Snowden” OS, Qubes should be on your list – check the site for downloads, resources and white papers explaining whats in the OS.
Linux from Scratch: You may, “post-Snowden” want to go through every bit of code is in your running systems. One place to start there is Linux from Scratch which takes you through assembling your own Linux system (and automated or hardened versions) from component parts. It’s just been [updated to LFS version 7.6], along with updated to Beyond Linux From Scratch (BLFS) and systemd editions of LFS and BLFS.
RethinkDB 1.15: NoSQL… no come back… Cool NoSQL database RethinkDB just got updated to version 1.15 getting a huge set of geospatial functions to add to its already interesting suite of functions. There’s also server-side UUID generation and performance boosts through lazy deserialisation.
Material world: Some folks love Google’s Material look and feel. Well, now they can have some of that on thje web with Bootstrap Material Design, a Bootstrap theme what brings the stylings and gives a nice flat look to apps.
Finally: Via Adafruit, a picture of Grace Hopper teaching COBOL.