Plus our concerns about Debian's future, and the unfixable Intel flaw announced this week.

Support Linux Action News

Links:

• Let’s Encrypt discovers CAA bug, must revoke customer certificates — On Leap Day, Let's Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.
• Let’s Encrypt changes course on certificate revocation — Administrators are getting a little more time to replace affected certificates.
• Check code loop blunder strikes
• Let's Encrypt Has Issued a Billion Certificates
• 2020.02.29 CAA Rechecking Bug
• Revoking certain certificates on March 4
• 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable — Converged Security and Management Engine flaw may jeopardize Intel's root of trust.
• New AMD Side Channel Attacks Discovered, Impacts Zen Architecture
• Opposite of a Platform for DPL 2020 — I hope to be DPL again some year, but 2020 is the wrong year for me and for the project. So I will not nominate myself this year, but hope to do so some future year.
• DPL elections 2019, congratulations Sam Hartman! — The Debian Project Leader elections just finished and the winner is Sam Hartman!
• Bits from the DPL For December 2019
• systemd v245 released, with homed stuff — A small new service systemd-homed.service has been added, that may be used to securely manage home directories with built-in encryption.
• FreeNAS and TrueNAS are Unifying — With the 12.0 release coming in the latter half of the year, we will not only bring more features and improvements than any release that has come before it, we will also unify both products into a single software image and name!
• Facebook is shifting its Libra cryptocurrency plans — The Libra project will now support existing currencies in addition to the proposed Libra token
• Jailbreak your iPhone using a rooted Android phone and checkra1n — Checkra1n gained support for Linux, making it possible to jailbreak iOS 13 devices using a Linux computer.
• Install Android 10 on your Apple iPhone 7 — Project Sandcastle, allowing you to run Android on your Apple iPhone 7.

Plus our thoughts on LVFS for Chromebooks, and the recent Monero hack.

Support Linux Action News

Links:

• Updates to the Mozilla Web Security Bounty Program — To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program.
• GitLab: We are increasing bounties in our bug bounty program — Since we opened our bug bounty program to the public in December 2018, our community of external security researchers submitted 1,282 reports and we paid out $515,899 in bounties.
• Expanding the Android Security Rewards Program
• Google will pay $1.5 million for the most severe Android exploits
• Google and fwupd sitting in a tree
• Google To Require "Designed For Chromebook" Devices Support Fwupd Firmware Updates
• Debian init systems - what, another GR ? — Sam Hartman, the Debian Project Leader, has proposed a General Resolution (a plebiscite of the whole project) about init systems. In this posting I am going to try to summarise the situation. This will necessarily be a personal view but I will try to be fair. Also, sorry that it's so long but there is a lot of ground to cover.
• General Resolution: Init systems and systemd
• Open Invention Network Teams with IBM, Linux Foundation and Microsoft to Further Protect Open Source from Patent Trolls — Open Invention Network announced today it is partnering with IBM, the Linux Foundation and Microsoft to further protect open source software (OSS) from Patent Assertion Entities (PAEs) leveraging low quality patents, also called patent trolls.
• IBM, Microsoft and Linux Foundation link arms to fight patent trolls with 'multimillion' scheme
• Official Monero website is hacked to deliver currency-stealing malware — GetMonero.org delivers Linux and Windows binaries that steal users' funds.