Paul Sutton

Security

Bullseye – Official Announcement

Reposting


The Debian Project https://www.debian.org/ Debian 11 “bullseye” released press@debian.org August 14th, 2021 https://www.debian.org/News/2021/20210814


After 2 years, 1 month, and 9 days of development, the Debian project is proud to present its new stable version 11 (code name “bullseye”), which will be supported for the next 5 years thanks to the combined work of the Debian Security team [1] and the Debian Long Term Support [2] team.

1: https://security-team.debian.org/ 2: https://wiki.debian.org/LTS

Debian 11 “bullseye” ships with several desktop applications and environments. Amongst others it now includes the desktop environments:

  • Gnome 3.38,
  • KDE Plasma 5.20,
  • LXDE 11,
  • LXQt 0.16,
  • MATE 1.24,
  • Xfce 4.16.

This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as “obsolete” and removed. 42,821 packages were updated and 5,434 packages remained unchanged.

“bullseye” becomes our first release to provide a Linux kernel with support for the exFAT filesystem and defaults to using it for mount exFAT filesystems. Consequently it is no longer required to use the filesystem-in-userspace implementation provided via the exfat-fuse package. Tools for creating and checking an exFAT filesystem are provided in the exfatprogs package.

Most modern printers are able to use driverless printing and scanning without the need for vendor specific (often non-free) drivers.“bullseye” brings forward a new package, ipp-usb, which uses the vendor neutral IPP-over-USB protocol supported by many modern printers. This allows a USB device to be treated as a network device. The official SANE driverless backend is provided by sane-escl in libsane1, which uses the eSCL protocol.

Systemd in “bullseye” activates its persistent journal functionality, by default, with an implicit fallback to volatile storage. This allows users that are not relying on special features to uninstall traditional logging daemons and switch over to using only the systemd journal.

The Debian Med team has been taking part in the fight against COVID-19 by packaging software for researching the virus on the sequence level and for fighting the pandemic with the tools used in epidemiology; this work will continue with focus on machine learning tools for both fields. The team's work with Quality Assurance and Continuous integration is critical to the consistent reproducible results required in the sciences. Debian Med Blend has a range of performance critical applications which now benefit from SIMD Everywhere. To install packages maintained by the Debian Med team, install the metapackages named med-*, which are at version 3.6.x.

Chinese, Japanese, Korean, and many other languages now have a new Fcitx 5 input method, which is the successor of the popular Fcitx4 in “buster” ; this new version has much better Wayland (default display manager) addon support.

Debian 11 “bullseye” includes numerous updated software packages (over 72% of all packages in the previous release), such as:

  • Apache 2.4.48
  • BIND DNS Server 9.16
  • Calligra 3.2
  • Cryptsetup 2.3
  • Emacs 27.1
  • GIMP 2.10.22
  • GNU Compiler Collection 10.2
  • GnuPG 2.2.20
  • Inkscape 1.0.2
  • LibreOffice 7.0
  • Linux kernel 5.10 series
  • MariaDB 10.5
  • OpenSSH 8.4p1
  • Perl 5.32
  • PHP 7.4
  • PostgreSQL 13
  • Python 3, 3.9.1
  • Rustc 1.48
  • Samba 4.13
  • Vim 8.2
  • more than 59,000 other ready-to-use software packages, built from more than 30,000 source packages.

With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being”The Universal Operating System”. It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, and storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that “bullseye” fulfills the high expectations that users have of a stable Debian release.

A total of nine architectures are supported: 64-bit PC / Intel EM64T / x86-64 (amd64), 32-bit PC / Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), 64-bit IBM S/390 (s390x), for ARM, armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit “AArch64” architecture, and for MIPS, mipsel (little-endian) architectures for 32-bit hardware and mips64el architecture for 64-bit little-endian hardware.

If you simply want to try Debian 11 “bullseye” without installing it, you can use one of the available live images [3] which load and run the complete operating system in a read-only state via your computer's memory.

3: https://www.debian.org/CD/live/

These live images are provided for the amd64 and i386 architectures and are available for DVDs, USB sticks, and netboot setups. The user can choose among different desktop environments to try: GNOME, KDE Plasma, LXDE, LXQt, MATE, and Xfce. Debian Live “bullseye” has a standard live image, so it is also possible to try a base Debian system without any of the graphical user interfaces.

Should you enjoy the operating system you have the option of installing from the live image onto your computer's hard disk. The live image includes the Calamares independent installer as well as the standard Debian Installer. More information is available in the release notes [4] and the live install images [5] sections of the Debian website.

4: https://www.debian.org/releases/bullseye/releasenotes 5: https://www.debian.org/CD/live/

To install Debian 11 “bullseye” directly onto your computer's hard disk you can choose from a variety of installation media such as Blu-ray Disc, DVD, CD, USB stick, or via a network connection. Several desktop environments — Cinnamon, GNOME, KDE Plasma Desktop and Applications, LXDE, LXQt, MATE and Xfce — may be installed through those images. In addition, “multi-architecture” CDs are available which support installation from a choice of architectures from a single disc. Or you can always create bootable USB installation media (see the Installation Guide [6] for more details).

6: https://www.debian.org/releases/bullseye/installmanual

There has been a lot of development on the Debian Installer, resulting in improved hardware support and other new features.

In some cases, a successful installation can still have display issues when rebooting into the installed system; for those cases there are a few workarounds [7] that might help log in anyway. There is also an isenkram-based procedure [7] which lets users detect and fix missing firmware on their systems, in an automated fashion. Of course, one has to weigh the pros and cons of using that tool since it's very likely that it will need to install non-free packages.

7: https://www.debian.org/releases/bullseye/amd64/ch06s04#completing-installed-system

In addition to this, the non-free installer images that include firmware packages [8] have been improved so that they can anticipate the need for firmware in the installed system (e.g. firmware for AMD or Nvidia graphics cards, or newer generations of Intel audio hardware).

8: https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/

For cloud users, Debian offers direct support for many of the best-known cloud platforms. Official Debian images are easily selected through each image marketplace. Debian also publishes pre-built OpenStack images [9] for the amd64 and arm64 architectures, ready to download and use in local cloud setups.

9: https://cloud.debian.org/images/openstack/current/

Debian can now be installed in 76 languages, with most of them available in both text-based and graphical user interfaces.

The installation images may be downloaded right now via bittorrent [10] (the recommended method), jigdo [11], or HTTP [12]; see Debian on CDs [13] for further information. “bullseye” will soon be available on physical DVD, CD-ROM, and Blu-ray Discs from numerous vendors [14] too.

10: https://www.debian.org/CD/torrent-cd/ 11: https://www.debian.org/CD/jigdo-cd/#which 12: https://www.debian.org/CD/http-ftp/ 13: https://www.debian.org/CD/ 14: https://www.debian.org/CD/vendors

Upgrades to Debian 11 from the previous release, Debian 10 (code name”buster”) are automatically handled by the APT package management tool for most configurations.

For bullseye, the security suite is now named bullseye-security and users should adapt their APT source-list files accordingly when upgrading. If your APT configuration also involves pinning or APT::Default-Release, it is likely to require adjustments too. See the Changed security archive layout [15] section of the release notes for more details.

15: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#security-archive

If you are upgrading remotely, be aware of the section No new SSH connections possible during upgrade [16].

16: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#ssh-not-available

As always, Debian systems may be upgraded painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes [17] as well as the installation guide [18] for possible issues, and for detailed instructions on installing and upgrading. The release notes will be further improved and translated to additional languages in the weeks after the release.

17: https://www.debian.org/releases/bullseye/releasenotes 18: https://www.debian.org/releases/bullseye/installmanual

About Debian


Debian is a free operating system, developed by thousands of volunteers from all over the world who collaborate via the Internet. The Debian project's key strengths are its volunteer base, its dedication to the Debian Social Contract and Free Software, and its commitment to provide the best operating system possible. This new release is another important step in that direction.

Contact Information


For further information, please visit the Debian web pages at https://www.debian.org/ or send mail to press@debian.org.

Safer Internet Day 2021

Donate using Liberapay

Tuesday 9th Feb 2021

Safer Internet Day 2021

A few resources that have been shared on the Fediverse recently

The Digital Detox website [1] gives some useful information on how to protect your digital security, privacy and well being online.

Email self defense [2] covers encryption and how you can use techniques to both sign and encrypt email.

The Free Software Foundation : India [4] have produced a nice guide on different messaging apps. I made a post on this a while back.

Of course a good way to stay safe and private is to also use the privacy respecting search engines such as duckduckgo [5] and perhaps install browser extensions such as libreJS [6]

Supporting and following what people such the Electronic Frontier Foundation [7] as the Small Technology Foundation [8] and the Solid Project [9] also a good idea, see what is happening and how these project can give the end user, true control of their data.

Choose better software and hardware, that supports user freedom. Devices such as the PineBook / Phone [10] could really put power back in your hands.

REFERENCES

1 Data Detox Kit * Five steps to reduce your digital footprint * SmartPhone Data * Privacy Search 2 Email Self Defense 3 Free Software Foundation 4 Free Software Foundation : India 5 Duckduckgo 6 LibreJS 7 Electronic Frontier Foundation * EFF – Mastodon 8 Small Technology Foundation * Aral Balkan * Laura Kalbag 9 Solid Project 10 Pinebook / Phone

TAGS

#YearOfTheFediverse,#Data,#Privacy,#Security,#Detox

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

Site Index

Donate using Liberapay

  1. Click on a link.
  2. Scroll to bottom of page.
    • Any posts / pages within this blog will be displayed.

A

#Astronify #Adenine #AminoAcid #Astronomy #AralBalkan #AstroBiology #AstroChemistry #apg #Apt #Aptitude #Africa #Activism #Analytics #Api #Arduino #AMES #arXiv #Academy #Abuse #Afghanistan

B

#Blog #BioChemistry #Biology #bash #better #BigBluButton #BibTeX #Browser #Beamer #Bullseye #Buster #Bookworm

C

#Cytosine #Conditions #Cryptpad #Cosmology #Chemistry #Console #Chat #Conference #Code #Coding #CodeClub #Cornwall #Covid19 #Corona #CoronaVirus #CreativeCommons #Commons #Chrome #Chromium #Charity #Creative #Education #CPD #cpd #CreativeEducation #CTAN

D

#dna #DNA #Disroot #disroot #Decentralised #Decentralized #dcglug #dclug #Debian #Donate #Donation #Debconf #BASH #Devon #Digital #DRM #Diaspora #DiodeZone #Development #Data #Detox #Docker #DeepLearning #Documentation

E

#emacs #Editing #Events #EventManagement #Employment #Email #Education #Exploration, #Ethics #Elements #Exploration #EveryonesInvited

F

#Flockingbird #Framablog #FramaBlog #Fediverse #Federated #Firefox #Fosdem #Freedom #FreeSoftware #Foundation #FSF #FSFE #Friendica #Framework #FreeBSD #FalconsEye #FOSSandCrafts #FutureLearn

G

#GoatCounter #Guanine #Greek #Gimp #Galaxy #GoDot #GNU #GNOME #GUI #Gamma #Ghostreply #GPL #GraphicsMagick #gm #GoAccess #gold #GettingStarted #Git #GitLab #Gitlab #GDPR #Galculator #Games #Engine

H

#Hubble #Hexchat #Hack #Hacking #Hardware #Hosting #htop

I

#information #Inkscape #Image #ImageManipulation #IRC #Index #Invidious

J

#JamesWebb #JoeEditor #Jitsi #Jit.si

K

#kstars #Kanban #Kenya #KDE #KeepingChildrenSafeinEducation, #KCSIE

L

#Linux #LinuxMint #LibreOffice #LiberaPay #LibrePlanet #Lecture #Learning #LibreOfficeWriter #LibreOfficeCalc #LibreOfficeImpres #LibreOfficeDraw #LibreOfficeGettingStarted #LaTeX #LXDE #LGPL #Lynx #Librem #Libre #LibreLounge

M

#Mastodon #Meetings #Management #Mobilizon #Meeting #Matomo #Map #Mapscii #Mercury #mercury #mining #Matrix #Moon #Mars #Manganese #Materials

N

#Nextcloud #Nebula #NetHack #Nano #Nucleobases #network #NGINX #NaCl

O

#OpenUniversity #OpenLearn #OU #Online #Overleaf #OwnCloud #OpenStreetMap #OpenData #Open #Overleaf

P

#Physics #Podcast #Payment #Password #Public #Paypal #Photo #Photograph #Photos #Photographs #Python #Python3 #Programming #PixelFed #PeerTube #PowderToy #Pleroma #Planet #PDF #Package #pinebook #pinephone #Purism #Plausible #ProtoSchool #PeriodicTable #Paper #Privacy

Q

R

#rna #RNA #Rights #RocksAndDiamonds #Recovery #RadioAstronomy #Research #RedBubble

S

#Science #Scratch #Scratch2 #Scratch3 #smallweb #Sitejs #Space #Stars #Stellarium #Stripe #Security #stsci #Seagl #Social #SocialHub #SDTJ #SouthDevonTechJam #Solarus #Synaptic #Schools #Solid #Shynet #Scismic #ScienceDaily #Stickers #Symmetry #Salt #SodiumChloride

T

#terms #Telescope #TheOpenUniversity #Terminal #Talk #Thunderbird #Torbay #TeX #Topic #Thunar #Thymine #tailings #Top #Tilde #TextEditor #Toot #Translation #Trojans #TorbayTrojans

U

#Uracil #Umami #UniverseOfLearning

V

#Vaccine #VokoScreen #VLC #Volunteering #Volunteer #VultureNethack #vultureseye #Virgo

W

#Website #Work #wireless #wicd #wayland #weatherinfo #Wormhole

X

#Xournal #Xchat #XFCE #XFCE4 #xray #XMPP #xorg

Y

#YearOfTheFediverse

Z

#Zoo

Data Detox

This is a really useful website, with tools and advice on how to stay safe.

Everyday steps you can take to control your digital privacy, security, and wellbeing in ways that feel right to you.

#privacy,#security,#wellbeing,#digital,#internet

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

APG password generator

Debian comes with a useful command line utility called apg for generating passwords, based on criteria set when it is run.

You may need to install with apt install apg

Running just apg produces


ag"OnAub3 (ag-QUOTATION_MARK-On-Aub-THREE)
yissheav-Flas6 (yis-sheav-HYPHEN-Flas-SIX)
rek_OfDot6ly (rek-UNDERSCORE-Of-Dot-SIX-ly)
yorthIs0Ot; (yorth-Is-ZERO-Ot-SEMICOLON)
NapOl{aj6 (Nap-Ol-LEFT_BRACE-aj-SIX)
9Knyhik. (NINE-Kny-hik-PERIOD)

Where as using -m 16 produces a min length of 16 characters

apg -m 16


cryhejIryoatEpBi
DuVospewjopOtsye
veldIc@Ogguckeys
IalNexBeckOdjav1
drureroarAkucEdd
WinquivadLitsUk4

As a good password should be made up of Letters (upper and lower case) Numbers (0-9) Other characters ( !“£$()%^&* )

Then you need to run something like

apg -M sncl -m 16 -n 5

apg  -M sncl -m 16 -n 5 
EgUrr1slaibzydAr
IrgiOcyibgauvKan
jemUndafMinvieHo
Fliadweuldyeebup
enyaighKuedoobr3

The program man page also gives more info and an example shell script to help with the process.

man apg

shell script

[begin]----> pwgen.sh
       #!/bin/sh
       /usr/local/bin/apg -m 8 -x 12 -s
       [ end ]----> pwgen.sh

#linux,#debian,#shell,#password,#generation,#security,#help,#scripts,#secure,#unix,#gpl,#fsf,#freesoftware,#manpage, #manual,#web,#internet,#links,#letters,#numbers, #alphanumeric,#specialcharacters

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

Security and Privacy

The Electronic Frontier Foundation have produced a range of guides to help people with privacy and security.

ssd

Tips, Tools and How-tos for Safer Online Communications

Links

#eff,#tips,#privacy,#security,pgp

ShellCon 2020

ShellCon 2020 takes place 9th – 10th October 2020

ShellCon is an information security conference that is held annually in the beautiful beach cities of Los Angeles. Our conference is a growing event that creates an atmosphere of open communication, collaboration, and connection. We value community, technical knowledge, and getting your hands dirty. Presentations and events at the con will have a focus on practicality and real-world applications. We want you to walk away from ShellCon with an itch to try what you just learned and the knowledge to do so

ShellCon

#conference,#information,#security,#InfoSec,#virtual,#event