Easier Self Hosting With Umbrel

While it is undeniable that cloud-based services are handy, there are people who would rather do it themselves. For many of us, it is because we want what we want the way we want it. For others, it is a distrust of leaving your personal data on someone’s server you don’t control. Umbrel is a Linux distribution just for people who want to self-host popular applications like NextCloud or Home Assistant. [ItsFoss] has a good review that points out some of the plusses and minuses of the early version of Umbrel.

What’s really interesting, though, is the approach the distro takes to installing software. Like most modern distributions, Umbrel has a package manager. Unlike most, though, the packages are actually docker containers. So when you install an app, it is preconfigured and lives in its own bubble, unlikely to conflict with other things you might install.

We also like that it has a specific build for a Raspberry Pi, although it will work on other 64-bit hardware and you can even install it within docker on top of your normal operating system. Of course, the docker container concept is also a drawback — at least for now — because it can be difficult to adjust settings inside the container compared to a more conventional install.

It amazes us that hardware has become so capable that it is easier to just duplicate entire operating systems than it is to work out the required dependency interactions. Still, it works, and in most cases, it works well.

If you want to know more about Docker, we’ve covered it a few times in the past. You can even use it for very simple development cases if you like.

Continue reading “Easier Self Hosting With Umbrel”

This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass

There is another WhatsApp flaw, but instead of malicious GIFs, this time it’s malicious mp4 files. Facebook announced the vulnerability late last week. An update has been released, so first go make sure WhatsApp is updated. Facebook’s advisory is a bit light on the details, simply saying that a “stack-based buffer overflow” was possible as a result of “parsing the elementary stream metadata of an mp4 file”.

Shortly after the bug was announced, a GitHub repository popped up, with a claimed proof-of-concept mp4 file for CVE-2019-11931. (Thanks to [justtransit] on Reddit for the link.) I can’t easily test the PoC file, but we can take a look at it to see what the vulnerability is. What tools do we need to take a look? A hex editor is a good start. I’m using GHex, simply because it was available and easily installed on Fedora. Continue reading “This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass”