Here’s a sneak preview of a poll that will go up in a front page article in the next day our two. Feel free to…
FOSS Force
The hackers who compromised the Linux Mint site on Saturday were evidently not the brightest stars in the dark web, but they managed to create a mess for the Mint crew to clear away.
Everybody understands that none of a stage magician’s tricks are real. The one thing that is real, and which a successful illusionist must practice to perfection, is the art of misdirection — which evidently turned out the be the trick under the sleeves of the cracker/hackers who were responsible for compromising ISO downloads of Linux Mint 17.3 Cinnamon on Saturday.
In the FOSS Force news article on the hack which ran Sunday, we said “the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa).” We now know that’s not quite true, or at least not in the way we meant. The hackers didn’t bust into the Mint server and modify the binaries waiting to be grabbed by the mirror sites for downloads. Instead, this was a case of misdirection.
The hackers had a copy of Mint with their malicious payload in place, packaged as an ISO image and sitting on a Bulgarian server they controlled, waiting to serve downloads of what is arguably the worlds most popular version of GNU/Linux. The intrusion at Mint was a quick in-and-out to change the URLs in the anchor tags on Mint’s download page for the 64-bit Cinnamon version of Linux Mint 17.3 “Rosa.” Afterwards, users who clicked on a link to download from, say, the Internet Solutions mirror in South Africa, were taken to the hackers’ server in Bulgaria. Let the download begin. Wham, bam, thank you mam.
An intrusion of the Linux Mint server on Saturday makes downloads performed on Saturday of version 17.3 Cinnamon potentially vulnerable.
Linux Mint project leader Clem Lefebvre revealed in a blog post today that the popular Linux distribution’s servers were hacked on Saturday. During the “brief” intrusion, the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa) and also gained access to the distro’s forum database. Only this particular ISO is affected; other editions or releases are considered safe. Only ISO’s downloaded Saturday are potentially vulnerable.
FOSS Week in Review
The good news this week is that the latest Linux vulnerability finally scared me enough to take the time to fix the issues I’ve been having with the updater on the Linux box we use here at the office and get our machine up-to-date with all the latest patches. Other than that, it’s just been the usual, which can be summed-up as waiting for Godot, who so far remains a no show…
Now for this weeks roundup:
Often the best place to find hope is in the middle of despair. I think somebody famous once said that; if not, I’ll take credit for it. Anyway, there’s been an example of that adage this week which has me feeling…well, full of hope, and at the same time, concerned for someone I’ve never met.
In this riff, we leave no stone unturned as we trip through the past seeking portents of the elusive Year of the Linux.
The first song I heard about the Linux Desktop was Hold On, It’s Coming, released in 1971 by Country Joe McDonald. This was an amazing prediction, considering that Linus Torvalds was only two years old at the time. Is it possible that young Linus heard this piece and it spurred him to create the GNU/Linux operating system? We may never know.
Publishers of WordPress sites using the ‘Poll, Quiz & List by OpinionStage’ plugin, might want to check for unexpected advertisements.
FOSS Force has learned that the popular WordPress plugin “Poll, Quiz & List by OpinionStage” has been placing advertisements within photographs included in online quizzes that have been created using the plugin. The plugin is used by over 10,000 WordPress sites to create quizzes, polls and list articles.
Publishers using the plugin are not being made aware that ads are being placed on their sites unless, perhaps, they visit the plugin developers’ website and go to the “Pricing” page, where the developers say information about the policy is available. I say “perhaps” because we have been unable to find any such notice on this page. We discovered the issue on Sunday when considering whether to manually migrate the single FOSS Force Quiz created using the plugin to another quiz app we’ve since adopted as our default.
Larry the BSD Guy
The glibc security vulnerability that Linux developers have been scrambling to patch does not affect *BSD.
Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.
However, you can rest easy, BSDers: Not our circus, not our monkeys.
Dag-Erling Smørgrav, a FreeBSD developer since 1998 and a former FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”
The Raspberry Pi Report
The popular GNU/Linux distro Manjaro is now available in four flavors for the Raspberry Pi and other ARM devices.
While Manjaro Linux has been available for desktop Linux environments for a few years now, it has not been available for ARM devices. This past week marked a huge turning point for Raspberry Pi users, as the Manjaro Arm project marked its first alpha release. The reason this is such big news is that many Raspberry Pi users did not have a great entryway into Arch Linux prior to the Manjaro Arm Project. Arch has always been available for the Raspberry Pi, through either a direct download or using NOOBS, but neither is as user friendly as most other Raspberry Pi distros. This is where Manjaro Linux comes into the picture. Manjaro provides a more user-friendly approach to Arch with the goal of getting users into the Arch space who found either the installation or documentation a bit overwhelming.
With the Manjaro-Arm Project, Raspberry Pi users can now experience for themselves the simplicity of Arch Linux through several different editions. These featured editions are Media, Server, Base and Minimal.
Things were going good for our Indiegogo fundraising campaign, then they stalled.
In case you don’t know, we’re in the midst of our 2016 Indiegogo fundraising campaign, seeking to raise a total of $3,700 to keep us funded. Actually, this is the amount by which we missed our last fundraising campaign last May, in which you generously contributed $2,300 to FOSS Force to enable us to offer a small amount of pay to our writers. The money contributed to our current campaign will be spent the same way. If we’re successful, this will fund us until at least the end of the year and perhaps forever, if revenue from other sources such as advertising continues to rise. The campaign went up in early January and currently has 23 days left.
Seven days ago, when we hit the halfway point of the campaign, things were looking good. With 30 days left in the campaign, we were only three percentage points from having raised half of our campaign goal. Our self-set daily goal, the amount we need to collect on a daily basis to meet our goal, was stable at around $55. Then things came to a screeching halt. Since February 7, the campaign has seen only two contributions for a total of $35, which has pushed our daily goal up to $85.
We need to turn this around. Our funding goal is not arbitrary, not if we are to continue to offer you at least the same level of coverage as you have come to expect from us. If we don’t make our goal it will mean we’ll have to cut back on our content — the only place we can cut — offering you less just when we need to be offering you more. This, of course, will lead to lower traffic to our site, which will lead to lower ad revenue…I think you see where this is going.
The Heart of Linux
It didn’t happen slowly. On the contrary, it was a thunderbolt…a deep, thrumming, resounding sense of being right, of being at the right place at the right time. A sense of finding something that you knew without doubt would be important in your life. There wasn’t any need to “think it through” or “evaluate the situation.” The moment I realized the power under my fingertips, even my self-identity changed. With that moment growing like a supernova inside of me, I fully took on that new identity. As that blazing power exploded from within me, I knew who I was. I was now a firebrand. It was six years ago this month that I knew who I was.
I was a Linux Advocate. I just opted out of the cape.
It didn’t take me long to realize the uphill trudge I had ahead of me. The battle between GNU Linux and just Linux was enough to confuse any convert-to-be in front of me. When it takes more than a few sentences to explain something to almost anyone, their interest wanes quickly. It doesn’t help that I was trying to sell subscriptions to a divided camp either.
A helpful tip for those coming of age as a Linux Advocate: Temper your rhetoric when explaining just how much Microsoft sucks. It’s easy to come off as a wild-eyed zealot. These are lessons in advocacy learned rather quickly. And yeah…, that whole wide-eyed zealot thing? It didn’t work out so well for me. Nor will it for you.
As I did then, I still do.