An embarrassing vulnerability has been found in the apt package manager, we’ll break it all down. Plus Alessandro Castellani tells us about his plans to build a professional design tool for Linux.

We also have a batch of big community news, and the case for the cloud killing Open Source.

Special Guests: Alessandro Castellani and Brent Gervais.

Support LINUX Unplugged

Links:

• OggCamp 19 — OggCamp is an unconference celebrating Free Culture, Free and Open Source Software, hardware hacking, digital rights, and all manner of collaborative cultural activities.
• OggCamp on Twitter
• Remote Code Execution in apt-get — A vulnerability in apt allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt.
• Why does APT not use HTTPS?
• Turkish ISP Swapped Downloads of Popular Software with Spyware-Infected Apps
• Which block I/O scheduler is the best? We asked eBPF. — I set out expecting to see differing distributions of latencies for each block scheduler, but ultimately found that I didn’t understand low-level systems behavior to the degree I thought I did.
• Want to spin up Ubuntu VMs from Windows 10's command line, eh? We'll need to see a Multipass. — Windows 10 developers have been gifted yet another way of running Linux on their desktop in the form of Canonical's Multipass.