2016 ended in big style for hackers and security researchers from all over the world, who gathered together at the well-known Chaos Communication Congress (33c3) annual event organized by the Chaos Computer Club (CCC) of Germany
Even the one exception, the end-user, is moving to Linux. Android is now the most popular end-user opearating system. In addition, Chromebooks are becoming more popular. Indeed, even traditional Linux desktops such as Fedora, openSUSE, Mint, and Ubuntu are finally gaining traction. Heck, my TechRepublic Linux buddy Jack Wallen even predicts that "Linux [desktop] market share will finally breach the 5-percent mark".
This is a team that values the same things I do. The interface is clean and refined. The pre-installed application selection is minimal and each one feels like a perfect piece of the system.
The main drawback of Elementary to me is that it’s built on top of Ubuntu LTS. As time goes on all the packages get further from the current versions published upstream. I’d much rather a regular release like Fedora (6 months) or a rolling release like Arch.
For more information on the new Kreative Mediabook Pro jump over to the Kickstarter website for details and to make a pledge from $460 by following the link below.
Linux has much to offer any computer user, but we’re all human and everybody makes mistakes. A user in a recent thread on the Linux subreddit asked folks what their dumbest mistake was when using Linux, and he got some funny answers.
Intent on keeping its developers happy, the e-commerce company has developed a framework for deploying containers on its large-scale OpenStack cloud.
What are micro operating systems and why should individuals and organizations focused on the cloud care about them? In the cloud, performance, elasticity, and security are all paramount. A lean operating system that facilitates simple server workloads and allows for containers to run optimally can serve each of these purposes. Unlike standard desktop or server operating systems, the micro OS has a narrow, targeted focus on server workloads and optimizing containers while eschewing the applications and graphical subsystems that cause bloat and latency.
In fact, these tiny platforms are often called “container operating systems.” Containers are key to the modern data center and central to many smart cloud deployments. According to Cloud Foundry’s report “Containers in 2016,” 53 percent of organizations are either investigating or using containers in development and production. The micro OS can function as optimal bedrock for technology stacks incorporating tools such as Docker and Kubernetes.
To achieve high performance, modern computer systems rely on two basic methodologies to scale resources. Each design attempts to bring more processors (cores) and memory to the user. A scale-up design that allows multiple cores to share a large global pool of memory is the most flexible and allows large data sets to take advantage of full in-memory computing. A scale-out design distributes data sets across the memory on separate host systems in a computing cluster. Although the scale-out cluster often has a lower hardware acquisition cost, the scale-up in-memory system provides a much better total cost of ownership (TCO) based on the following advantages:
With Microsoft having begun to mandate TPM2 (Trusted Platform Module 2) support be present in all platforms for newer versions of Windows, these chips are going to become a lot more common to laptops and desktops. Thus veteran kernel developer James Bottomley is looking closely at the current and future support for TPM2 on Linux.
With the Linux 4.10 kernel there remains experimental Kconfig switches for being able to build the Linux kernel with GCN 1.0 "Southern Islands" and GCN 1.1 "Sea Islands" support in the newer AMDGPU DRM driver rather than the mature Radeon DRM driver. For your viewing pleasure today are benchmarks of a few GCN 1.0/1.1 GPUs when testing the Linux 4.10 Git kernel with Radeon DRM and then the experimental AMDGPU DRM driver while both kernel drivers were tested in conjunction with the same Mesa 13.1-dev snapshot as of this week.
Google Analytics is the most widely used cloud-based web analytics service. However, your data is locked into Google Eco-system. If you want 100% data ownership, try the following open source web analytics software to get information about the number of visitors to your website and the number of page views. The information is useful for market research and understanding popularity trends on your website.
Cutelyst the C++/Qt web framework has a new release.
Ubuntu podcast app Podbird has marked its 2nd birthday with an all-new release.
Podbird 0.8 is said to bring a number of “major improvements” to the fore, chief among them the ability to queue podcasts so that they play one after another.
Elsewhere, the update sees the episodes page gain a “downloaded” tab, which groups together all previously downloaded episodes (and any in progress) from one page, and a new setting allows cached podcast artwork to be refreshed.
A new minor release with version number 0.6.11 of the digest package is now on CRAN and in Debian.
Some people like Vim as a text editor, and other people like Emacs. Having such different opinions are the way of the UNIX world.
I'm an Emacs user through and through. Sure, I spent a few obligatory years in my early days of UNIX using Vim, but once I learned Emacs properly, there was no going back. The thing about Vi(m) is that it's on nearly every UNIX box because it's been around forever, and it's pretty small. It's the obvious choice for a default editor that people can use in a pinch.
It looks like many open-source software developers kicked off 2017 with new releases of their applications. DVDStyler, the cross-platform, free, and open-source DVD authoring tool was updated to version 3.0.3.
DVDStyler is quite a popular application amongst nostalgics who still adore to watch movies or create their own with the DVD-Video format. Besides the fact that it makes it possible for these DVD-Video enthusiasts to create professional-looking DVDs, DVDStyler works on all major platforms, including GNU/Linux, macOS, and Windows.
On Christmas Day 2016, the developers of the popular, open-source and multiplatform darktable RAW image editor proudly unveiled the major 2.2 release, which just got its first point release the other day.
Yes, you're reading it right, darktable 2.2.1 is already here, one week after the release of the 2.2 series, which brought countless improvements, but it's a small maintenance update adding a couple of new features, such as the ability to display a dialog window that informs the user when locking of the library and database fails.
LFTP, the free, open-source, and sophisticated command-line file transfer program (FTP) supporting a wide range of network protocols, including FTP, SFTP, HTTP, FISH, and Torrent, was updated on the first day of 2017 to version 4.7.5.
LFTP 4.7.5 arrives one and a half months after the release of version 4.7.4 on November 16, 2016, and promises to add detection of Apache listings with ISO date and time to the HTTP protocol support, implements a new setting for logging, namely log:prefix-{recv,send,note,error}, and improves the help manual and documentation a bit.
Lots of open-source software developers were busy to announce new versions of their applications on GNU/Linux distributions on the first day of 2017, and today we'd like to tell you a little bit about the latest release of the Otter Browser.
For those unfamiliar with Otter Browser, it's a cross-platform and open-source clone of the old-school Opera 12.x web browser series beloved by most of you out there. The project's aim is to recreate the best aspects of Opera 12's user interface using the newest Qt 5 technologies, and works on Linux, macOS and Windows platforms.
Portainer is a lightweight, cross-platform, and open source management UI for Docker. Portainer provides a detailed overview of Docker and allows you to manage containers, images, networks and volumes via simple web-abed dashboard. It was originally the fork of Docker UI. However, the developer has rewritten pretty much all of the Docker UI original code now. Also, he changed the UX completely and added some more functionality in the recent version. As of now, It caught the user attention tremendously and it has now had over 1 million downloads and counting! It will support GNU/Linux, Microsoft Windows, and Mac OS X.
In addition to working on sharply improving the performance of Deus Ex: Mankind Divided when using the RadeonSI Gallium3D driver, Marek Olšák has published some patches for improving The Witcher 2 with the open-source AMD driver stack.
The Witcher 2 has been out for Linux since 2014 while coming now is a workaround for Witcher 2 having some black transitions when using the RadeonSI Gallium3D driver.
The developer of Solaroids: Prologue [Official Site] tweeted out to let everyone know that the indie arcade/action shooter will be coming to Linux. The developer is using FNA for the port and doing it themselves.
Happy New Year! 2016 was a really big year for Lumina with the release of version 1.0.0, TrueOS adopting Lumina as it’s only supported desktop environment, the newfound availability of Lumina in many Linux distributions, and so much more. By the same token, 2017 is already shaping up to be another big year for Lumina with things like the new window manager on the horizon. So let’s start this year on the right foot with another release!
Ken Moore, the creator of the TrueOS BSD-based distribution that was formerly known as PC-BSD, kicks off 2017 with a new stable release of his lightweight Lumina desktop environment.
Primarily an enhancement release, Lumina 1.2.0 desktop environment is here a little over two months after the release of version 1.1.0, and promises to bring a whole lot of goodies, including new plugins, a brand-new utility, as well as various under-the-hood improvements that users might find useful if they use Lumina on their OS.
A new release of Lumina is now available to ring in 2017, the BSD-first Qt-powered open-source desktop environment.
With today's Lumina 1.2 desktop environment, the libLuminaUtils.so library is no longer used/needed, the internal Lumina Theme engine has been separated from all utilities, there are new panel and menu plug-ins and a new Lumina Archiver utility as a Qt5 front to Tar. The new plug-ins are an audio player, JSON menu, and a lock desktop menu plugin for locking the current session.
2017 kicked off for KDE user with the first Beta release of the upcoming Kirigami 2.0 UI framework for building convergent user interfaces that work on mobile and desktop platforms, as announced by Thomas Pfeiffer.
While the first public preview of the Kirigami UI framework hit the streets at the beginning of August 2016, and reached the 1.1 milestone two months later, at the end of September, it looks like the Beta of the major 2.0 release is ready for developers interesting in test driving it to produce convergent UIs.
4MLinux developer Zbigniew Konojacki is yet another GNU/Linux distribution maintainer that kicked off 2017 in style, with the release of the second maintenance update to the 4MLinux 20 operating system.
That's right, 4MLinux 20.2 has landed, as the latest and most advanced ISO respin of the 4MLinux 20.0 stable series of the independently-developed Linux distro, shipping with the long-term supported Linux 4.4.39 kernel, as well as up-to-date software applications and the proprietary Broadcom Wi-Fi driver called "wl driver."
"This is a minor maintenance release in the 4MLinux STABLE channel. The release ships with the Linux kernel 4.4.39," said Zbigniew Konojacki in the release announcement. "This is the first 4MLinux live CD that includes the Broadcom proprietary WiFi driver (aka 'wl driver')."
The 25th anniversary of Linux was a big milestone celebrated by many of us at LinuxCon events throughout the year, and it was a theme throughout many of the presentations. Thomas Di Giacomo, Chief Technology Officer at SUSE started his LinuxCon Europe keynote with a brief clip in the style of Mr. Robot where in 2016 even Evil Corp has gone open source and we have won. He says that “open source is seen as a technology savior. That's why companies have been embracing it, because they have to, to remain viable.”
Absolute Linux is a distro that raises the question: Is it really worth the bother?
Any version of this Slackware-based Linux OS is just that -- a really big bother -- unless you love Unix-like systems that give you total control. It likely would be especially bothersome for less experienced users and for folks comfortable with Debian distros such as Ubuntu, Linux Mint and such.
Some Slackware-based distros are easier than others to use -- but the text-based installation and mostly manual operating routine makes using Absolute Linux a challenge. Once you get beyond the configuration steps, you still face a considerable learning curve to keep it running smoothly.
Clearly, I am not overly impressed with the Absolute flavor of Slackware Linux. I see it as the equivalent of driving a stick shift automobile with a crank-to-start mechanism instead of an automatic model with keyless ignition. That said, once you have the engine purring, it drives fast and furious along the highway.
I like to offer unique computing options in these weekly Linux Picks and Pans reviews, so I set my comfort zone aside and rolled up my sleeves to get my hands a little scraped reaching under Absolute Linux's hood.
With 2017 predicted to be the year of the conatiner, Red Hat is now shipping OpenShift Dedicated on Google Cloud Platform. With the launch, Red Hat’s OpenShift container orchestration platform will let customers avoid tedious administrative and operational management tasks.
After the sudden resignation of Raleigh-based Red Hat's chief financial officer, Frank Calderoni, the open-source software developer's stock fell nearly 15 percent.
Jona Azizaj is currently pursuing a bachelor degree in Business Informatics at the University of Tirana. She is also on the board of Open Labs Hackerspace. Open Labs Hackerspace promotes free/libre open source culture in Albania. She is also a co-organizer of Open Source Conference Albania (OSCAL). Azizaj is part of the Fedora Project and the first Fedora Ambassador in Albania.
The first time Azizaj heard about Linux was when she went to university. “At first I used Ubuntu because that’s what our teachers suggested, but after OSCAL I switched to Fedora just to see if it met my needs,” Azizaj says. “I was really satisfied with Fedora as an operating system and the community. That’s why I am still using it.” She has been using Linux for the last four years.
I use Fedora as my primary Operating System. I am currently running Fedora 25 in all my boxes except one home server, which runs Fedora 24. In the data center, I have CentOS on the bare-metal, and Fedora in the VM(s). The very same goes for any quick VM that I create over Fedora Infra Cloud.
The Neptune team was proud to announce the release of Neptune 4.5.3 on the first day of the year, which appears to be a minor maintenance update bringing various updated applications and a newer Linux kernel version.
Neptune is a GNU/Linux distribution developed for desktop computers and fully based on the Debian GNU/Linux 7.0 "Wheezy" operating system and KDE Plasma 5. Neptune 4.5 is currently the latest stable release of the Linux OS, but from time to time, it gets up-to-date ISO snapshots featuring recent technologies and updated packages.
Our dearest Arne Exton ended 2016 in big style with the release of a new build of his Ubuntu-based Exton|OS computer operating system running the latest MATE desktop environment and Linux 4.9 kernel.
Exton|OS Build 161231 launched on December 31, 2016, based on the stable Ubuntu 16.10 (Yakkety Yak) operating system and MATE 1.16 desktop environment. However, the most exciting thing about the new release is the implementation of a custom and fully patched Linux kernel 4.9.0-11-exton build.
Table compares 90 hacker-friendly single board computers
In 2017, The Linux Foundation’s Embedded Linux Conference marks its 12th year as the premier vendor-neutral technical conference for companies and developers using Linux in embedded products.
Now co-located with OpenIoT Summit, ELC promises to be the best place for embedded and application developers, product vendors, kernel and systems developers as well systems architects and firmware developers to learn, share and advance the technical work required for embedded Linux and IoT.
Congatec unveiled the first COM based on Intel’s 7th Gen “Kaby Lake” Core CPUs, offering faster performance, speedy Optane memory support, and 10-bit video.
A FREE shopping app called Zopper has been released in the Tizen Store. This app allows you to shop for electronics and see what it retails for. First, you enter your city in India and then your area that you are located in – it asks this so you can only see the products in / near the area you are in. Zopper sells lots of products including smartphones , power banks , tablets , smartwatches , smartphone accessories , smart TVs , gaming tools , sound gadgets , ACs , fans , washing machines , water purifiers , induction ovens , gas stoves , mixer grinders , micro-ovens , laptops , hard drives , MMC , monitors , keyboard , mouse , laptop accessories , trimmers , hair dryers , bi- cycles , D-SLRs , binoculars , VR boxes , light bulbs etc.
Swarovski will soon join the smartwatch market thanks to a partnership with Qualcomm and Google — but we won’t learn more until the “smartwatch for her” is unveiled at Baselworld 2017 in Switzerland.
Qualcomm and Swarovski offered a teaser of the announcement at CES 2017, and what we know at this point is that the smartwatch will pack a Qualcomm processor. While it’s Swarovski’s first smartwatch, the company has collaborated with Misfit and Huawei in the past on devices such as the Huawei Watch Ladies. It looks like Swarovski will continue to target women with the watch, as it does with most of its products.
At Qualcomm's CES press conference on Tuesday, Osterhout Design Group showed off a pair of smart glasses running on Android and powered by Qualcomm's new Snapdragon 835 powerhouse chip -- the kind of processing power that usually runs a high-end phone like a Samsung Galaxy S7 or Google Pixel.
Are you a "cost-conscious yet uncompromising Internet-minded millennial?" If so, this is your lucky day, because Huawei's Honor sub-brand says it knows how you think. It understands the "double or nothing motto that millennials live and breathe." Finally, someone gets it! These are all things Honor has said in its PR today as it announced the global launch of the Honor 6X. It only costs $249, and I assume you can buy it even if you're not a "young and bold consumer." I myself am old and cautious.
The rumors of a set-top box designed to combine Dish’s Sling TV service, Netflix, and over-the-air television were true. Today, Dish officially announced the AirTV Player, an Android TV streaming device that the company is pitching as “a single platform” for on-demand streaming, internet TV, and over-the-air local channels.
LeEco, the Chinese company whose recent push into the U.S. has been met with excitement, trepidation and more than a little skepticism, is launching a pair of smart bicycles at CES 2017, powered by the company's own Android 6.0-based BikeOS.
It's a new year, and open source software is more popular than ever. But the open source community is also confronting a new set of challenges. Here's what open source programmers and companies will need to do to keep thriving in 2017.
Contrary to popular belief, open source is neither a company nor a product. It is a way of innovating and collaborating to create ground breaking ideas. Today’s most innovative technologies, from the Internet of Things (IoT) to machine learning, are all being driven by open source. All across Asia Pacific, we’re seeing exceptionally strong growth in the open source movement, as the open source ecosystem increasingly plays a key role in offering customers broader choice.
Open source has the potential to impact people from all strata of society, and significantly enrich the way we live. Growing from just a coding method to a value philosophy, open source is currently being used to drive innovation and solve big national questions in emerging economies across the region. For example, open source has greatly benefited the development of smart city initiatives, such as Singapore’s Smart Nation vision. Without open source, these projects will become beholden to proprietary technology which can potentially hold back progress.
Aside from that, we have also witnessed many organizations in Singapore being receptive to the idea of embarking on a digital transformation journey by using new ways of developing, delivering and integrating applications as a response to digital disruptions we are seeing across industries.
An open source environment has long been enticing in theory to the enterprise but rather difficult to implement in practice.
The idea of compiling your own data environment from legions of low-cost, interoperable components is indeed compelling, particularly when support is lacking from a proprietary vendor. But integration issues and the fairly substantial in-house expertise required to support an open environment are not to be dismissed.
But that might not be the case for much longer. Along with the increased prevalence of open source solutions in the IT market today, there is also an accelerated trend toward greater automation and intelligent management that just might remove many of the headaches that accompany open architectures.
DronePan is a mobile-based autopilot app for DJI drones that automates the process of shooting aerial imagery for spherical panoramas. Users fly their aircraft to the desired panorama location and then launch DronePan, which temporarily takes control of the aircraft heading and camera angle. After a simple tap or two, DronePan begins shooting 15 to 25 photos automatically with the proper overlap required for an aerial spherical panorama. When the panorama is complete, users resume manual control and can fly to other locations to shoot more panoramas.
DronePan started as an experiment in early 2015, and it has since gone through countless iterations based on constant testing by the now 30,000-strong user base. It is compatible with most DJI drones, and the most recent project added support for the newly released and ultra-portable drone known as the DJI Mavic.
DeepMind, Alphabet's artificial intelligence group, announced announced recently that it is open sourcing DeepMind Lab, its 3D gameified platform for agent-based AI research.
Microsoft's Internet Explorer (IE) and Edge browsers may be near the bottom of their unprecedented crash in user share, measurements published Sunday show.
Analytics vendor Net Applications reported that the user share of IE and Edge -- an estimate of the proportion of the world's personal computer owners who ran those browsers -- dropped by seven-tenths of a percentage point in December, falling to a combined 26.2%.
That seven-tenths of a point decline was notable because it was less than half that of the browsers' average monthly reductions over the last 12, six and three months, which were 1.9, 1.8 and 1.5 points, respectively. The slowly-shrinking averages over the three different spans supported the idea that IE and Edge may be reaching rock bottom.
Ashley was most recently Vice President & Chief Field Officer for MomsRising, a national grassroots organization in the U.S. As a founding staff member, she was instrumental in building MomsRising into an organization of one million grassroots supporters, 200 partner organizations and over 20 funding partners.
Are you concerned about the amount of tracking you seem to experience online? Mozilla knows that a lot of people are, and we recently reported on a potential solution to the issue for iPhone users. Mozilla has launched a browser for iOS users that offers security features that block unwanted trackers.The new browser, called Firefox Focus, secures the users’ privacy by blocking web trackers, including analytics, social, and advertising trackers.
Mozilla is taking the stance that many users are losing control of their digital lives and seeing their privacy compromised. Now, early reviews of Firefox Focus are rolling in, and they are quite positive.
Often times whenever mentioning a new security vulnerability in any piece of open-source/Linux software, it generally gets brought up in our forums "they should write that software in Rust" or similar comments about how XYZ project should see a rewrite in Rust for its memory-safety features. But is it really worthwhile porting your codebase to Rust?
Jamey Sharp, the long-time open-source developer known for his X.Org contributions and recently developing Corrode as a way to translate C code into Rust code, has written a lengthy blog post about the subject of whether it's worth it to translate -- and hopefully with somewhat automated assistance of Corrode -- push your project into Rustlang.
Programme will involve selecting code to develop to software in effort to promote reusability
The Government Digital Service (GDS) has begun to shift its work on open source towards producing more software rather than simply releasing code.
[...]
The Government recently stepped up its involvement in the international open source community in signing up to the Paris Declaration as part of the Open Government Partnership. This commits it to promoting the transparency and accountability of the relevant code and algorithms “wherever possible and appropriate”.
Frank Morton has been breeding lettuce since the 1980s. His company offers 114 varieties, among them Outredgeous, which last year became the first plant that NASA astronauts grew and ate in space.
For nearly 20 years, Morton’s work was limited only by his imagination and by how many kinds of lettuce he could get his hands on.
But in the early 2000s, he started noticing more lettuces were patented, meaning he would not be able to use them for breeding. The patents weren’t just for types of lettuce, but specific traits such as resistance to a disease, a particular shade of red or green, or curliness of the leaf.
Aldric Negrier, a Portuguese Maker and owner of RepRap Algarve, has unveiled a new SLA/DLP 3D printer he has created in the form of the RooBee One.
Watch the demonstration video below to learn more about the new 3D printer which has been constructed using an aluminium frame that offers an adjustable build volume from 80 x 60 x 200 mm up to a maximum 150 x 105 x 200mm
As consumers watch another wave of home IoT devices emerge from CES this week, they’ll still be waiting for one technology that can make all those products work together.
The ZigBee Alliance, a group of more than 400 companies that make things with the ZigBee wireless protocol, made a bid to provide that unifying technology right before the annual consumer electronics gathering kicks off.
On Tuesday, ZigBee announced Dotdot, which it calls a universal language for IoT. Even though ZigBee is best known as an open wireless communications protocol used in many home IoT products, Dotdot is intended for use with any wireless technology. It defines things like how devices tell each other what they are and what they can do, which is important for making different objects around a home do things together.
A lawsuit filed against Apple this week argues that, by not actually making a product that it patented, the company is partly responsible for an automobile accident. According to Jalopnik, James and Bethany Modisette are suing the tech company after a car crash two years ago that killed one of their daughters and injured the rest of the family. The driver of the car who hit them had been using Apple’s FaceTime video chat at the time.
The patent in question was first applied for in 2008, and describes “a lock-out mechanism to prevent operation of one or more functions of handheld computing devices by drivers when operating vehicles,” such as texting or video chatting.
Apple, maker of the ever-popular iPhone, is being sued on allegations that its FaceTime app contributed to the highway death of a 5-year-old girl named Moriah Modisette. In Denton County, Texas, on Christmas Eve 2014, a man smashed into the Modisette family's Toyota Camry as it stopped in traffic on southbound Interstate 35W. Police say that the driver was using the FaceTime application and never saw the brake lights ahead of him. In addition to the tragedy, father James, mother Bethany, and daughter Isabella all suffered non-fatal injuries during the crash two years ago.
My wife’s family are nice people. They’ve kind of gotten used to me hanging around. It’s been over a quarter century, I guess you can eventually get used to anything.
My sister-in-law, DR, and her family always get me a gift at Christmas. It’s usually something practical and clearly well-intended, if not something I’d pick out for myself.
This year, DR’s seven-year-old twins are really excited about the present I’m getting this year. It’s a big box. It’s heavy. And they tell me I’m going to love it. They’re quite sure of this. I’ve had a few more Christmases than those two, so I’m not quite as excited. But they’ve gone into this frenzy of anticipation, so I let them help me rip the paper off.
While there is a range of Windows-based reviews for the Core i7 7700K on the web this morning, unfortunately, no Linux results yet... Intel's PR hasn't been too helpful when it comes to Linux
One hot evening last July, I visited the Michelin-starred unagi, or eel, restaurant Nodaiwa, which sits in a quiet basement beneath Tokyo’s glamorous Ginza shopping district. Next door is the world’s most famous sushi restaurant, Sukiyabashi Jiro, which was the subject of a documentary from 2012 called “Jiro Dreams of Sushi.” The restaurant is now so famous that a sign, written in English, sits outside its entrance, asking visitors not to take photographs.
In recent years, less benign developments have forced Nodaiwa to place a sign at its entrance as well. Whenever I visit, I count myself lucky to find the following message written on it, in Japanese: “Today we have natural Japanese eel.”
On a CVE basis for the number of distinct vulnerabilities, Android is ranked as having the most vulnerability of any piece of software for 2016 followed by Debian and Ubuntu Linux while coming in behind them is the Adobe Flash Player.
The CVEDetails.com tracking service has compiled a list of software with the most active CVEs. The list isn't limited to just operating systems but all software with Common Vulnerabilities and Exposures.
The AF_PACKET local privilege escalation (also known as CVE-2016-8655) has been fixed by most distributions at this point; stable kernels addressing the problem were released on December 10. But, as a discussion on the fedora-devel mailing list shows, systemd now provides options that could help mitigate CVE-2016-8655 and, more importantly, other vulnerabilities that remain undiscovered or have yet to be introduced. The genesis for the discussion was a blog post from Lennart Poettering about the RestrictAddressFamilies directive, but recent systemd versions have other sandboxing features that could be used to head off the next vulnerability.
Fedora project leader Matthew Miller noted the blog post and wondered if the RestrictAddressFamilies directive could be more widely applied in Fedora. That directive allows administrators to restrict access to the network address families a service can use. For example, most services do not require the raw packet access that AF_PACKET provides, so turning off access to that will harden those services to some extent. But Miller was also curious if there were other systemd security features that the distribution should be taking advantage of.
A new version of the musl libc standard library is available for those interested in this lightweight alternative to glibc and others.
Musl 1.1.16 was released to fix CVE-2016-8859, an under-allocation bug in regexec with an integer overflow. Besides this CVE, Musl 1.1.16 improves overflow handling as part of it and has also made other noteworthy bug fixes.
A long time ago pretty much every application and library carried around its own copy of zlib. zlib is a library that does really fast and really good compression and decompression. If you’re storing data or transmitting data, it’s very likely this library is in use. It’s easy to use and is public domain. It’s no surprise it became the industry standard.
Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain insecure. In this post, we will describe the changes planned for the 6.9 release of Red Hat Enterprise Linux 6, which is already on Production Phase 2.
In August 2016, Apple issued updates to iOS and macOS that patched three zero-day vulnerabilities that were being exploited in the wild to remotely install persistent malcode on a target’s device if they tapped on a specially crafted link. We linked the vulnerabilities and malcode to US-owned, Israel-based NSO Group, a government-exclusive surveillance vendor described by one of its founders as “a complete ghost”.
Apple’s updates were the latest chapter in a yearlong investigation by Citizen Lab into a UAE-based threat actor targeting critics of the UAE at home and around the world. In this talk, we will explain how Citizen Lab discovered and tracked this threat actor, and uncovered the first publicly-reported iOS remote jailbreak used in the wild for mobile espionage. Using the NSO case, we will detail some of the tools and techniques we use to track these groups, and how they try to avoid detection and scrutiny. This investigation is Citizen Lab’s latest expose into the abuse of commercial “lawful intercept” malcode.
There's a concept from computer security known as a class break. It's a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system's software. Or a vulnerability in Internet-enabled digital video recorders and webcams that allow an attacker to recruit those devices into a massive botnet.
It's a particular way computer systems can fail, exacerbated by the characteristics of computers and software. It only takes one smart person to figure out how to attack the system. Once he does that, he can write software that automates his attack. He can do it over the Internet, so he doesn't have to be near his victim. He can automate his attack so it works while he sleeps. And then he can pass the ability to someone€ -- or to lots of people -- €without the skill. This changes the nature of security failures, and completely upends how we need to defend against them.
The far-right Israeli education minister, Naftali Bennett, has vowed to introduce a bill this month to formally annex Maale Adumim, one of Israel’s largest settlement blocks in the occupied Palestinian territories.
In remarks made at a museum in the city of 40,000 located outside Jerusalem, Bennett said: “After being here for 50 years, the time has come to end military rule.”
The hardline leader of the Jewish Home party also made clear that he saw the annexation of Maale Adumim as a first step in annexing all of “area C”, the part of the occupied territories still under full Israeli control.
“For this reason,” said Bennett, “by the end of the month, we will submit the bill for applying [Israeli] law to Judea and Samaria [the name used by Israelis for the occupied territories] and will embark on a new path. We will present to the cabinet a bill for applying Israeli law in Maale Adumim.”
So, we just wrote about Obama administration's tepid response to claims that Russians "interfered" with the Presidential election. In that post, we noted our concerns about the fact that we seem to be escalating a situation based on claims where we're not allowed to see any of the actual evidence. I've seen a bunch of people arguing that anyone who won't automatically accept that Russia interfered in the election should be dubbed either Putin supporters or, at the very least, "useful idiots" but we should be very, very careful about where this leads. I certainly think that there's a tremendous possibility that Russian forces did intend to interfere with our election, but I'd certainly like to see some actual evidence -- and the "evidence" provided so far shows no such thing.
And this should scare you. Not because it means that anyone is lying, but because it's setting the stage for very dangerous things. If we're setting the precedent that the US government can escalate situations based on purely secret knowledge, what's to stop them from doing so over and over again? Put another way: for those who dislike Trump, but are happy about the White House calling out and sanctioning Russia, how will you feel when President Trump makes similar claims about some other country (perhaps one blocking a new Trump hotel?), and proceeds to issue US government sanctions on that country -- but without releasing any actual evidence of wrongdoing beyond "government agencies say they did bad things." Won't that be concerning too?
Matt Taibbi, over at Rolling Stone, has an excellent article comparing this to when we started the war in Iraq -- noting the similarities, in that the government (and the press) kept insisting that because certain government agencies said something ("Iraq has WMDs"), it must be true...
As President Obama reflects on his legacy, a recording of Secretary of State John Kerry conversing with leaders of Syrian opposition groups is casting more light on his approach to ISIS, indicating his administration believed that allowing the Islamic State to grow would serve the White House’s objective of ousting Syrian President Bashar Assad.
As federal officials investigate suspicious Internet activity found last week on a Vermont utility computer, they are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility, according to experts and officials close to the investigation.
An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
When a mainstream press that isn't always good at what it does meets technology it doesn't understand, the end result is often frustrating, if not comedic. Hacking is certainly no exception, given it's a realm where perpetrators are difficult to identify, hard proof is often impossible to come by, and hackers worth their salt either leave false footprints -- or no footprints at all. Throw in a press that's incapable of identifying and avoiding its own nationalism, and often all-too-gullible to intelligence industry influence, and you've got a fairly solid recipe for dysfunction when it comes to hacking-related news coverage.
Some of the resulting coverage has been highly entertaining -- such as CNN using a screen shot from the popular game Fallout 4 in a story about hacking and hoping nobody would notice. Other examples have been decidedly more troubling, such as the Washington Post's epic face plant over the holiday break.
Finland has become the first country in Europe to pay its unemployed citizens a basic monthly income, amounting to €560 (€£477/US$587), in a unique social experiment that is hoped to cut government red tape, reduce poverty and boost employment.
Olli Kangas from the Finnish government agency KELA, which is responsible for the country’s social benefits, said on Monday that the two-year trial with 2,000 randomly picked citizens receiving unemployment benefits began on 1 January.
Last month, we noted how Donald Trump proudly implied he was single-handedly responsible for Japan's Softbank bringing 50,000 jobs and $50 billion in investment to the United States. The problem, of course, is that it's not clear those numbers are entirely real, and there's absolutely no evidence suggesting they had anything to do with Donald Trump. The jobs were first unveiled back in October as part of a somewhat ambiguous $100 billion global investment investment fund between Softbank and Saudi Arabia aimed at boosting technology spending worldwide.
Britain’s ambassador to the European Union Sir Ivan Rogers dealt a blow to the UK’s Brexit negotiations by quitting and urging his fellow British civil servants in Brussels to assert their independence by challenging “ill-founded arguments and muddled thinking”.
Sir Ivan Rogers said, in an email explaining his reasons for his abrupt departure to the UK’s Brussels diplomatic staff at UKRep, that he was leaving now to give time for his successor to take charge of the lengthy negotiations process which starts in March. But he also made it clear that he had been frustrated by politicians who disliked his warnings about the potential pitfalls in the Brexit process.
He also revealed that the basic structure of the UK Brexit negotiating team had not yet been resolved, let alone a negotiating strategy.
“Brexit means Brexit” has quickly passed from a convenient political slogan to something approaching a national joke.
Any discussion of the meaning of Brexit is haunted by what is now a stock catchphrase.
Like a game show host, one only has to ask what Brexit means to get the Pavlovian, chucklesome response of “Brexit means Brexit”.
The announcement today of the resignation of Sir Ivan Rogers as the UK’s ambassador to the EU is significant.
Coming just weeks before the planned Article 50 notification, the resignation is a setback on any sensible view.
During the run up to the notification, when the government (we are told) is finalising its negotiation strategy, the UK is likely not to have a lead negotiator in place in Brussels, let alone one helping shape the Brexit strategy.
In an interview with Fox News Channel host Sean Hannity, WikLeaks founder Julian Assange doubled down on a claim he had made last month on Hannity’s radio show, which was the Russian government nor any state party of Russia were the source of hacks that exposed thousands of confidential Democratic Party emails.
“We can say – we have said repeatedly over the last two months, our source is not the Russian government and it is not the state party,” Assange said.
Well, we're into a new year, and the promised "swamp draining" in Washington DC continues to move in the other direction. Rep. Bob Goodlatte (whose name you may remember from the fact that he's leading the charge on copyright reform (but who has a history of being terrible on copyright), or perhaps from the fact that he's also bad on surveillance) has made the surprise move of completely gutting the Office of Congressional Ethics, and basically taking away its independence from Congress.
The former head of MI6 has warned against adopting electronic voting systems owing to fears about international cyber warfare.
Sir John Sawers told the BBC that casting a ballot with pencil and paper was "actually much more secure".
He warned: "The more things that go online, the more susceptible you are to cyber attacks."
But campaigners for electronic voting said there was "no evidence" it was more open to fraud.
Electronic voting allows people to make their choices via a computer or smartphone, instead of people having to go to a polling station.
President-elect Trump and green jobs advocates rarely find themselves on the same side. Today is an exception. All it seems to have taken was a little trolling.
Ford Motor Company said this morning that it’s spending $700 million to expand its Flat Rock, Michigan, plant to develop a new generation of electric and autonomous vehicles. The expansion will add 700 production jobs, according to the company’s official announcement.
New Senate Majority Leader Chuck Schumer (D-N.Y.) said Tuesday that President-elect Donald Trump is “being really dumb” by taking on the Intelligence Community and its assessments on Russia’s cyber activities.
“Let me tell you, you take on the intelligence community, they have six ways from Sunday at getting back at you,” Schumer told MSNBC's Rachel Maddow.
“So even for a practical supposedly hard-nosed businessman, he’s being really dumb to do this.”
House Republicans abruptly withdrew a proposal to weaken an independent ethics watchdog on Tuesday, in a rocky start to the new Congress.
The 115th session hadn't even formally gaveled in before House GOP leaders held an emergency conference meeting to discuss blowback against the party's vote to gut the chamber's independent ethics watchdog.
The reversal of course came hours after President-elect Donald Trump issued a series of tweets questioning the timing of the changes, which would put the independent Office of Congressional Ethics (OCE) under oversight of the House Ethics Committee.
Even before Trump weighed in, a barrage of negative headlines and public outcry made it difficult for Republicans to stand by the measure, especially given that the Republican president-elect had campaigned on a promise to "drain the swamp" of Washington, D.C., of corruption.
"We shot ourselves in the foot," Rep. Mike Simpson (R-Idaho) told reporters after the conference meeting.
Republicans control the House, Senate, and presidency. It’s time we start calling this what it is.
Just a couple of days into the new year, Facebook has already apologized for censorship — it blocked a photo of a nude statue of Neptune, the sea god.
It was a mistake for the social network to tell an Italian art historian that the image of the statue was “explicitly sexual” and “excessively shows the body or unnecessarily concentrates on body parts,” the company said in a statement to Mashable.
Sewlyn Duke’s recent op-ed for The Hill, “Antitrust should be used to break up partisan tech giants like Facebook, Google,” addresses the serious problem of how a few privately owned internet companies have unprecedented control over the distribution of information.
As Jeffrey Rosen has noted, “lawyers at Google, YouTube, Facebook, and Twit€ter have more power over who can speak and who can be heard than any president, judge, or monarch.”
However, using antitrust laws to address this would be ineffective and likely illegal without new legislation.
Facebook has apologized for mistakenly blocking a photo of a famous statue for being "sexually explicit."
The social media giant flagged a photograph of a 16th-century statue of the sea god Neptune in the Italian city of Bologna, Mashable reported. The picture of the sculpture—which was created in the 1560s—was featured on the Facebook page of local writer and art historian Elisa Barbari called "Stories, curiosities and view of Bologna."
Hoo, boy. It’s a world-eating tech company that arguably threatens a free press and a democratic society in the U.S. and wants to fly laser drones over developing countries. Run by a founder who is at turns both ruthless and clueless in a way that would be funny if it weren’t also terrifying. Gave shit-poster supporter Palmer Luckey $2 billion. Many, very bad media companies wouldn’t exist without it. Jokes about it being the place where all your racist classmates from high school hang out are well-trodden territory, but, you know, also true? Changing the color of your profile pic to support [FILL IN THE BLANK]. “Maybe” attending events. Trending topics. Untagging yourself.
Mark Zuckerberg has given more weight to the idea that he could move into politics with the announcement of a statesmanly personal challenge for 2017.
In previous years the Facebook CEO has learned Mandarin, pledged to run at least a mile each day and built a virtual assistant called Jarvis to control his home. This year he wants to have visited and met people in every state in the US. He’s already visited about 20 states, which means he has to travel to about 30 states by the end of the year.
“After a tumultuous last year, my hope for this challenge is to get out and talk to more people about how they’re living, working and thinking about the future,” he said in a Facebook post announcing the challenge.
“For decades, technology and globalization have made us more productive and connected. This has created many benefits, but for a lot of people it has also made life more challenging. This has contributed to a greater sense of division than I have felt in my lifetime. We need to find a way to change the game so it works for everyone.”
People often say that online behavior would improve if every comment system forced people to use their real names. It sounds like it should be true – surely nobody would say mean things if they faced consequences for their actions?
Yet the balance of experimental evidence over the past thirty years suggests that this is not the case. Not only would removing anonymity fail to consistently improve online community behavior – forcing real names in online communities could also increase discrimination and worsen harassment.
We need to change our entire approach to the question. Our concerns about anonymity are overly-simplistic; system design can’t solve social problems without actual social change.
At this point, it's well-known that Facebook is as much an advertising company as it is a social network. The company is probably second only to Google in the data it collects on users, but the info we all share on the Facebook site just isn't enough. A report from ProPublica published this week digs into the vast network of third-party data that Facebook can purchase to fill out what it knows about its users. The fact that Facebook is buying data on its users isn't new -- the company first signed a deal with data broker Datalogix in 2012 -- but ProPublica's report nonetheless contains a lot of info on the visibility Facebook may have into your life.
Currently, Facebook works with six data partners in the US: Acxiom, Epsilon, Experian, Oracle Data Cloud, TransUnion and WPP. For the most part, these providers deal in financial info; ProPublica notes that the categories coming from these sources include things like "total liquid investible assets $1-$24,999," "People in households that have an estimated household income of between $100K and $125K and "Individuals that are frequent transactor at lower cost department or dollar stores." Specifically, the report notes that this data is focused on Facebook users' offline behavior, not just what they do online.
When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession.
When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. Companies which are quite big, with thousands of employees but names you maybe never heard of. They all try to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who's willing to pay.
There was a time when I was a fan of Malcolm Gladwell. He's an astoundingly good story teller, and a great writer. But he's also got a pretty long history of... just being wrong. Over the years, Gladwell's willingness to go for the good story over the facts has become increasingly clear. Famously, Steven Pinker ripped Gladwell's serial problems many years ago, but it hasn't really stopped Gladwell since then. If you've ever quoted "the 10,000 hour rule" or suggested that someone can become an expert in something if they just spend 10,000 hours doing it, you've been fooled by Gladwell. Even the guy whose one study Gladwell based the idea on loudly debunked the claim, and just this past year put out his own book that is basically trying to rectify the false beliefs that have spread around the globe from people believing Gladwell's incorrect spin.
So, suffice it to say I was already skeptical of Gladwell's recent piece attacking Ed Snowden as not being a "real" whistleblower. But the piece is much, much worse than even I expected. The short, Gladwellian-style summary of it might be: real whistleblowers have to look the part, and they need to be part of an Ivy League elite, with clear, noble reasons behind what they did. Here's how Gladwell describes Daniel Ellsberg, the guy who leaked the Pentagon Papers, and to whom Gladwell has given his stamp of approval as a "Real Whistleblowerââ¢"
United Nations Special Rapporteur on extreme poverty and human rights, Philip Alston, will undertake an official visit to Saudi Arabia from 8 to 19 January 2017 to consider the Saudi Government’s efforts to eradicate poverty and how such efforts relate to its international human rights obligations.
“Saudi Arabia is a rich country in many respects, but as in all countries, challenges relating to poverty still exist,” noted the independent expert designated by the UN Human Rights Council to monitor, report and advise on extreme poverty and human rights.
When Sadia left her faith at 15, she faced abandonment, now she lives a life completely detached from her childhood. Jessica Langton reports
Most imams in France (and Belgium) forbid the faithful from celebrating Christmas and the New Year and call on Muslims not to extend holidays greetings. This is what French imam Hocine Drouiche wrote on his Facebook page. He is one of the most open-minded French Muslim clerics opposed to extremism. A tireless promoter and supporter of dialogue between different faiths, he condemns those who repeat the "mantra" that Islam is a religion of peace but then consider expressing season’s greetings "as an insult" because "this is not our religion."
For him, the Islam professed by these imams, who are the majority in France, in Belgium, and in many other countries, "is not a true Islam of peace and shared life". Qurþānic schools in the West are places that extol political Islam based on jihad and hatred of the "enemies." Fortunately, there are also “open-minded Muslims, who greet you with a big smile and wish you a Happy New Year.”
The leap second caused CloudFlare’s RRDNS software to “panic,” but the error was quickly identified
The extra leap second added on to the end of 2016 may not have had an effect on most people, but it did catch out a few web companies who failed to factor it in.
Web services and security firm CloudFlare was one such example. A small number of its servers went down at midnight UTC on New Year’s Day due to an error in its RRDNS software, a domain name service (DNS) proxy that was written to help scale CloudFlare’s DNS infrastructure, which limited web access for some of its customers.
Each year, at the beginning of January, we have the unfortunate job of highlighting the works that were supposed to be entering the public domain on January 1st, but didn't (in the US at least) thanks to retroactive copyright term extension. As we've noted, copyright term extension makes absolutely no sense if you understand the supposed purpose of copyright. Remember, the idea behind copyright is that it is supposed to be an important incentive to get people to create a work. And the deal is that in exchange for creating the work, the copyright holder (who may not be the creator...) is given an exclusive monopoly on certain elements of that work for a set period of time, after which it goes into the public domain. That means that any work created under an old regime had enough incentive to be created. Retroactively extending the copyright makes no sense. The work was already created. It needs no greater incentive. The only thing it serves to do is to take away works from the public domain that the public was promised in exchange for the original copyright holder's monopoly. It's a disgrace.
Rightscorp is doing some aggressive whistling in the dark. The company that thought it could tackle piracy with threatening letters, threatening robocalls, and suing ISPs for contributory infringement has been bleeding money since its inception.
By the middle of 2015, Rightscorp's letter-writing campaign to torrenters had led to nothing resembling a viable business model.
A new academic study shows that graduated response policies against file-sharers fail to boost box office revenues. The empirical research, which looked at the effects in various countries including the United States, suggests that these anti-piracy measures are not as effective as the movie studios had hoped.