285: Pain the APT
22 January 2019
An embarrassing vulnerability has been found in the apt package manager, we’ll break it all down. Plus Alessandro Castellani tells us about his plans to build a professional design tool for Linux.
- OggCamp 19 — OggCamp is an unconference celebrating Free Culture, Free and Open Source Software, hardware hacking, digital rights, and all manner of collaborative cultural activities.
- OggCamp on Twitter
- Remote Code Execution in apt-get — A vulnerability in apt allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt.
- Why does APT not use HTTPS?
- Turkish ISP Swapped Downloads of Popular Software with Spyware-Infected Apps
- Which block I/O scheduler is the best? We asked eBPF. — I set out expecting to see differing distributions of latencies for each block scheduler, but ultimately found that I didn’t understand low-level systems behavior to the degree I thought I did.
- Want to spin up Ubuntu VMs from Windows 10’s command line, eh? We’ll need to see a Multipass. — Windows 10 developers have been gifted yet another way of running Linux on their desktop in the form of Canonical’s Multipass.
- Microsoft Employee Hints at Windows Core OS Open Source Components
- TechSNAP Episode 395: The ACME Era
- LinuxFest Northwest 20th Anniversary
- LFNW Telegram Group
- LinuxFest Northwest Parking Lot BBQ Meetup
- SCALE 17x
- SCALE Telegram Group
- Texas Linux Fest 2019
- Public Speaking: A repository of resources about public speaking, specifically in the context of software development and IT conferences.
- Linux Operating System Fundamentals — Have you heard of Linux, but don’t really know anything about it? Are you a non-technical person just wanting to know what this ‘Linux’ thing is? Then this course is for you.
- Akira: Native Linux App for UI and UX Design
- Akira on Kickstarter
- Exponent episode 159 — Inverted Pyramids
- Late Night Linux – Episode 55 — Are you better off with the elasticity of public clouds like AWS, or should you avoid lock-in by running servers on premises?
- AWS, MongoDB, and the Economic Realities of Open Source
- Open source confronts its midlife crisis