CoreOS and the Open Container Initiative on Wednesday introduced image and runtime specifications largely based on Docker's image format technology.
However, OCI's decision to model the standard on Docker's de facto platform has raised questions. Some critics have argued for other options.
Version 1.0 provides a stable standard for application containers, according to Brandon Philips, CTO at CoreOS and chair of the OCI Technical Oversight Board.
Today marks an important milestone for the Open Container Initiative (OCI) with the release of the OCI v1.0 runtime and image specifications – a journey that Docker has been central in driving and navigating over the last two years. It has been our goal to provide low-level standards as building blocks for the community, customers and the broader industry. To understand the significance of this milestone, let’s take a look at the history of Docker’s growth and progress in developing industry-standard container technologies.
For those that have been in the technology industry for some time, there is a tendency to compare or even equate the current microservices phenomenon with the more archaic Service Oriented Architecture (SOA) approach. This is done implicitly in many cases, but also quite explicitly with statements such as “microservices is nothing more than the new SOA” or “Amazon is the only company to get SOA right.”
This is unsurprising, because it’s rooted in fact. For all of its other faults, SOA was a vision of enterprises that looks remarkably like what progressive organizations are building today with cloud native architectures composed of, among other things, microservices. Stripped to its core, SOA was the idea that architectures should be composed of services rather than monolithic applications.
If you know anything about Linus Torvalds, you know he's the mastermind and overlord of Linux. If you know him at all well, you know he's also an enthusiastic scuba diver and author of SubSurface, a do-it-all dive log program. And, if you know him really well, you'd know, like many other developers, he loves gadgets. Now, he's starting his own gadget review site on Google+: Working Gadgets.
As of this writing, just over 7,600 non-merge changesets have been pulled into the mainline repository for the 4.13 kernel release — and the patch rate does not look like it will be slowing down anytime soon. It will be another busy development cycle but, as has often been the case recently, many of the changes are internal cleanups that will not be visible to most users. That said, there are a number of interesting new features in this release.
For those looking to use Intel Kabylake hardware with Intel's Graphics Virtualization Technology, it looks like that support will finally be here come Linux 4.14.
With the Linux 4.13 kernel currently under development there are new module parameters that can make it easier switching from the Radeon DRM default on GCN 1.0 and GCN 1.1 GPUs to instead using the newer AMDGPU DRM driver, but Radeon remains the default. Here's my test experiences and benchmark results of AMDGPU vs. Radeon for GCN 1.0/1.1 GPUs.
Besides testing the Radeon/AMDGPU work in Linux 4.13, here are some fresh benchmarks of Intel Kabylake GT 2 / HD Graphics 630 from this new in-development kernel.
The Intel kernel graphics driver changes for 4.13 are outlined in our Linux 4.13 feature overview. Using the Intel Core i7 7700K I did some comparison tests of Linux 4.13-rc1 compared to 4.12.0 and 4.11.0 stable.
Terminals were fullscreened before running tests. This affects test results, and resizing the terminal windows can and does significantly change performance (e.g., it’s possible to get hyper to be slower than iterm2 by changing the window size while holding everything else constant). st on macOS was running as an X client under XQuartz. To see if XQuartz is inherently slow, I tried runes, another “native” Linux terminal that uses XQuartz; runes had much better tail latency than st and iterm2.
The Git source-code management system is widely known for its flexibility and for the distributed development model that it supports. Its reputation for ease of use is ... less well established. There should, thus, be an opening for front-end systems that can make Git easier to use. One of the most comprehensive Git front ends, Magit, works within the Emacs editor and has a wide following. But Magit has run into some turbulence within the Emacs development community that is blocking its wider distribution.
Do you always forget your password or want to have strongest password which can be hard to remember? If yes, then here is an application for you which will keep your passwords safe, strongest and encrypted. KeePassXC is an open-source forked from KeePassX by community released under GNU GPL license, it is cross-platform and all features works perfectly on every platform (Linux, Mac and Windows), as it is mentioned on KeePassXC website they have thoroughly tested features on multiple systems to provide user with the same look and feel on every supported operating system. This includes the beloved Auto-Type feature. KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.
Having publicly running web application always brings challenges in terms of security and in generally in handling untrusted data. Security wise Weblate has been always quite good (mostly thanks to using Django which comes with built in protection against many vulnerabilities), but there were always things to improve in input validation or possible information leaks.
The Available Updates and Restart recommended pages now show the packages from the previous update run. This makes it easier to see which services to check or to decide whether a restart is really necessary...
In October, I started working for Undo and, now that I understand our technology better, it’s time to explain what I do.
Undo produces a (closed source) technology which allows to record, rewind and replay Linux programs (on x86 and ARM). One of our products using this technology is UndoDB, a debugger built on top of gdb which allows you to do everything you do with gdb, but also to go back in time.
WPS Office is a slang for Writer, Presentation ad Spreadsheets, formerly known as Kingsoft Office. It is free (basic version) Office suite available for all platforms Linux, Windows, Mac, Android and iOS. A fully featured professional-grade version is also available for a subscription fee.
The Wine project has today announced Wine 2.0.2 as the newest stable update for running Windows programs on Linux, macOS, and other operating systems.
If you aren't using the Wine 2.x bi-weekly development releases for the bleeding-edge experience to culminate with the stable Wine 3.0 release in a few months, Wine 2.0.2 is the newest and best for the time being.
The Wine maintenance release 2.0.2 is now available.
The development team behind the very popular Wine (Wine Is Not an Emulator) compatibility layer for running Windows apps and games on several UNIX-like operating systems, announced today the release of Wine 2.0.2.
Wine 2.0.2 is the second stable bug fix release of the major Wine 2.0 series of the application, which comes exactly three months after the first one, Wine 2.0.1. As usual with a point release, only bugs are squashed, and it looks like Wine 2.0.2 manages to fix a total of 62 issues for various Windows apps and games, as well as other components.
It turns out the rather great looking exploration and combat game 'Abandon Ship' [Steam, Official Site] will come to Linux. The art style of the game is actually inspired by classic navy oil paintings.
The funny thing is, I got an email from one of our followers notifying me that last year the developer said they would do a Linux version. I posted in the forum to ask for an update, without realizing the very next email in my inbox was the actual developer telling me it's coming! Fun when little things like that happen.
The latest DLC for the fantasy-themed Total War game will be brought over by Feral Interactive. This DLC will make a new faction playable, focusing attention to the many dangers of the frigid wastelands of the north.
On August 15th the game will release for Windows and consoles, but there's now no Linux date set. To be clear, the Linux version hasn't been dropped, but it seems it will see a delayed release. Aspyr Media should be reaching out to us when it gets closer to releasing on Linux.
One week passed since the dependency freeze stage took place for the upcoming KDE Applications 17.08 software suite, which means that today we can download and test drive the Beta milestone.
It’s with all the joy in my heart that I share with you this amazing notice: AtCore was officially moved today to KDE Extragear by my favorite sysadmin Ben Cooksley after more than a month on KDE Review.
This is the first huge milestone that we achieve on this 11 months of team work made by me, Patrick, Chris and sometimes Tomaz.
Particularly I thanks, Luigui Toscano and Albert Cid for all the attention and review on AtCore code, that allowed us to make this move to Extragear. =D
The widely-used GNOME Tweak Tool utility that GNOME users can't live without was renamed the other day to GNOME Tweaks as part of a minor update towards version 3.26 for the upcoming GNOME 3.26 desktop environment.
The first part of my project was focused in adding support for creating Python-based plugin managers in libpeas and polishing the Pitivi Plugin Manager. Initially, before the Google Summer of Code started, the Pitivi Plugin Manager was done using the PeasGtkPluginManager. However the design didn’t fit pretty well in the Pitivi Preferences Dialog, so I had to implement it again but in Python. I took as reference the GNOME Builder Preferences window. It is worth to say that I could have used libdazzle, but Pitivi doesn’t use GSettings and instead it uses ConfigParser.
In my last blog post, I was telling you how my GSOC project was close to its completion. Since then, I’ve been working on getting it to a deployable state, while also adding some final touches. Now, it should be ready to land and you’ll probably see it included in Pitivi 2.0.
GtkUIManager has been deprecated without a good replacement for applications that want to keep a traditional UI (with a menubar, toolbar and statusbar). So I’ve written a new shared library called Amtk, currently developed inside the Tepl repository. It is a basic GtkUIManager replacement based on GAction. If you are interested, read the Amtk introduction (it explains the problems with what GTK+ currently provides and that Amtk solves) and the API reference.
Like every year, GUADEC has snuck up on me. I’ll be heading out to Manchester in a handful of days which means things are going to get hectic any moment now.
We just reached another milestone in our development phase towards 3.26. I’ve landed two important components which will have important roles in Builder’s future. The new visual layout, and the new shortcut engine. Neither are complete yet, but they are good enough to land on master and allow us to iterate without giant branches.
By the name yes it’s really small and lightweight (had to utter this word too “damn!”). Damn Small Linux is a distro that offers a GUI based OS for low resource systems and some applications for normal users task-alike. It’s designed with the intention to pack all the modern features under 50 MB. ââ¬â¹Well, that may sound crazy but you cannot rely on it as a primary OS if you have a recent modern hardware. Instead take a U-turn now and see what Ubuntu, Fedora or OpenSUSE has to offer.
Damn Small Linux latest version is v4.11rc2 and development has been in a long pause since 2015. Don’t be put off by that because that’s how some people roll. Slow and steady until they sort things out.
With the addition of Google Cloud Platform, SUSE Linux Enterprise Server for SAP Applications is now available on three major public cloud providers, including Amazon Web Services and Microsoft Azure.
Last week Red Hat introduced its new and improved version of Red Hat OpenShift Online, its platform as a service cloud offering. It comes in a free or paid version, both hosted on AWS. If my experience is any indication, however, you might have to stand in line for a while in order to take the free version for a ride.
Today Red Hat announced that the University of Alabama at Birmingham (UAB) is using Red Hat Ceph Storage to support the growing needs of its research community. UAB selected Red Hat Ceph Storage because it offers researchers a flexible platform that can accommodate the vast amounts of data necessary to support future innovation and discovery.
The much anticipated release of Fedora 26 was made on July 11. As usual, it came with a wide array of updated packages, everything from the kernel through programming languages to desktops, but there are also internal tools and installation mechanisms that have changed as well. Beyond that, the new Python Classroom Lab is aimed at teachers and instructors to make it easier to get a full-featured Python (of various flavors and with lots of extras) in several different easily installable forms. Though it was delayed by more than a month from its original planned release date—something the project embraces at some level—Fedora 26 looks like it was worth waiting for.
The distribution is delivered for workstations and servers, as well as a version, Atomic Host, for container deployments. The Fedora Cloud Base has virtual machine (VM) images for several different cloud options including raw, QEMU copy on write (qcow2), libvirt/KVM, VirtualBox, and two versions for the Amazon Public Cloud. For server installations, there is a preview version of the Modularity initiative, which will (eventually) allow mixing newer components with older ones in ways that will mirror some of the advantages of a rolling release model.
You know what’s even better then making something overcomplicated? Changing decades of expected behavior and not providing a way to, say, opt out. I don’t want to run a fuckload of stupid shell scripts every time I login that do super informative tasks like telling me the IP address assigned to my loopback device. I also don’t want to be told that I should use Landscape, or that there are 83 processes running on my machine.
The development team behind the Debian-based Elive GNU/Linux distribution was proud to announce today the availability for download of a new Beta version towards the upcoming Elive 3.0 major release.
I mentioned in my recent post about the release of Debian 9 (stretch) that the changes in Debian should soon start filtering through into the Debian-derived distributions. Sure enough, Sparky Linux announced a new release last weekend.
Sparky Linux is one of the few distributions which offers two versions, based on the Debian stable and testing branches. The new release is Sparky Linux 5, based on Debian testing.
The release announcement gives a brief overview, but because this version of Sparky is a rolling release distribution, there are not huge changes from the previous version.
Yup, Ubuntu 16.10 Yakkety Yak hit end of life (EOL) on July 20.
Released on October 13, 2016, Ubuntu 16.10 is a short-term release with a 9-month support cycle.
That support period is at an end and Ubuntu 16.10 will reach end of life on Thursday, July 20, 2017.
If you are still running Ubuntu 16.10, which was released last October, it’s time to upgrade. Also known as 'Yakkety Yak', it was released on October 13, 2016, and as per short-term release lifespans, has petered out its nine-month support cycle. If you’re still running 16.10, then it’s time to upgrade to Ubuntu 17.04 which will be supported until the start of 2018.
Today, July 20, 2017, is the last day when the Ubuntu 16.10 (Yakkety Yak) was supported by Canonical as the operating system now reached end of life, and it will no longer receive security and software updates.
Dubbed by Canonical and Ubuntu founder Mark Shuttleworth as the Yakkety Yak, Ubuntu 16.10 was launched on October 13, 2016, and it was a short-lived release that only received nine (9) months of support through kernel updates, bug fixes, and security patches for various components.
Recently, I posted a piece about distributions consolidating around a consistent app store. In it I mentioned Flatpak as a potential component and some people wondered why I didn’t recommend Snappy, particularly due to my Canonical heritage.
To be clear (and to clear up my in-articulation): I am a fan of both Snappy and Flatpak: they are both important technologies solving important problems and they are both driven by great teams. To be frank, my main interest and focus in my post was the notion of a consolidated app store platform as opposed to what the specific individual components would be (other people can make a better judgement call on that). Thus, please don’t read my single-line mention of Flatpak as any criticism of Snappy. I realize that this may have been misconstrued as me suggesting that Snappy is somehow not up to the job, which was absolutely not my intent.
Juju 2.3 is under heavy development, and one thing we all want when we're working on the next big release of our software product is to get feedback from users. Are you solving the problems your user has? Are there bugs in the corner cases that a user can find before the release? Are the performance improvements you made working for everyone like you expect? The more folks that test the software before it's out, the better off your software will be!
It’s Season Ten Episode Twenty of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.
It would have been impossible to avoid hearing that Canonical has decided to shift their flagship product away from their in-house Unity desktop back to an old friend: GNOME. You may remember that desktop — the one that so many abandoned after the shift from 2.x to 3.x.
A few years later, GNOME 3 is now one of the most rock-solid desktops to be found, and one of the most user-friendly Linux desktop distributions is heading back to that particular future. As much as I enjoyed Unity, this was the right move for Canonical. GNOME is a mature desktop interface that is as reliable as it is user-friendly.
A huge THANK YOU to the entire HackerNews community, from the Ubuntu community! Holy smokes...wow...you are an amazing bunch! Your feedback in the thread, "Ask HN: What do you want to see in Ubuntu 17.10?" is almost unbelievable!
We're truly humbled by your response.
I penned this thread, somewhat on a whim, from the Terminal 2 lounge at London Heathrow last Friday morning before flying home to Austin, Texas. I clicked "submit", closed my laptop, and boarded an 11-hour flight, wondering if I'd be apologizing to my boss and colleagues later in the day, for such a cowboy approach to Product Management...
Canonical is running a survey in trying to figure out what should be the default applications for next year's Ubuntu 18.04 LTS release.
Nine months after its release, the "Yakkety Yak" Ubuntu release, also carrying the version number 16.10, reaches its last day of support. Those still using it should upgrade to Ubuntu 17.04.
Ubunsys gives you power to access some dangerous features of your Ubuntu system. It is an advanced system utility application designed for Ubuntu to manage you system with just mouse clicks. It can be help with package list, able to do changes on system configuration, updates, execute improves, fixes, executing actions to blow of mouse click.
I'm a cord cutter—one of the many people who have canceled their expensive cable channel subscription and switched to cheaper, legal, alternative methods to get their TV entertainment. Just a few hours after I returned my cable set-top box, it became clear I had a gap to fill. The clock that was part of my cable box, sitting underneath my TV, was gone, and I never realized how much I used it until now!
A 15 x 15mm “Arduino Pico” board has launched on Kickstarter with a Leonardo-compatible 16MHz ATMEGA32U4 chip and a micro-USB port.
A Toronto based startup called MellBell Electronics is closing in on funding its Arduino Pico Kickstarter project. Billed as “the world’s smallest Arduino board,” the Arduino Pico measures 0.6 x 0.6 inches, or approximately 15mm squared. This can’t quite beat the recent, 12 x 12mm, $18 €µduino, which similarly offers an Arduino Leonardo compatible ATMEGA32U4 MCU. However, the Arduino Pico is available for $18 (early bird) or $20 in Canadian dollars, which translates to $14 or $15.50 U.S.
It was announced earlier this year, that Android had surpassed Windows as the most widely used operating system. While the Linux kernel that Android is based on is open source, very few Android applications are. And those that are, can be hard to find. F-Droid fixes that problem.
Started six years ago, F-Droid is a collection of free and open-source apps. This includes an app store that you can download to your Android device to easily access the apps. There are currently 2,553 apps available.
When building big data pipelines, we need to think on how to ingest the volume, variety, and velocity of data showing up at the gates of what would typically be a Hadoop ecosystem. Preliminary considerations such as scalability, reliability, adaptability, cost in terms of development time, etc. will all come into play when deciding on which tools to adopt to meet our requirements. In this article, we’ll focus briefly on three Apache ingestion tools: Flume, Kafka, and NiFi. All three products offer great performance, can be scaled horizontally, and provide a plug-in architecture where functionality can be extended through custom components.
Distributed Ledger Technology (DLT) is one of the hottest technology platforms these days. Businesses across various industries are currently exploring the implementation of blockchain solutions into their applications. Catering to these rising requirements, few companies are involved in the development of proprietary solutions.
As the technology progresses, the Japanese internet giant, GMO Internet Inc., has decided to make development and implementation of blockchain solutions easier by creating an open source software project. The company recently announced the official launch of the GMO Blockchain Open Source Software Project, which allows developers to build, modify and implement the projects for free.
Software Freedom Conservancy proudly welcomes Etherpad as Conservancy's newest member project. Etherpad is is a highly customizable web-based editor providing collaborative real-time editing.
Conservancy, a public charity focused on ethical technology, is the home of over forty member projects dedicated to developing free and open source software. Conservancy acts as a corporate umbrella, allowing member projects to operate as charitable initiatives without having to independently manage their own corporate structure and administrative services.
"We're excited to be joining Conservancy," said John McLear, Etherpad's chief maintainer. "Conservancy is well-known for its expertise in free and open source software project administration and mentorship. Now that Etherpad is a member, we look forward to working with Conservancy to advance our project."
The company behind the Utility Settlement Coin project, one of the first designed to enable central banks to utilize distributed ledger tech, is preparing a coming-out party of sorts.
After working in almost complete secret on what founder and CEO Robert Sams calls "foundational technology," venture-backed blockchain startup Clearmatics will soon begin a rather unusual roll-out of new offerings for the open-source community.
[...]
While Sams acknowledged that his work with the Utility Settlement Coin, his most well-known project, "informs" the soon-to-be-revealed open-source code, he made explicit that they are distinct from each other.
I agree with much of what Gans writes. There is indeed a problem with unmaintained crusty code, which manifests itself in the form of security vulnerabilities and things that break more easily than they should. In fact, it’s become such a well-known issue that GitHub and others recently sponsored a conference in SF to talk about it. But in all this discussion, and in going through the non-profit organizations dedicated to working on sustainable open source code, I have to ask: where are the vendors?
What if we applied the techniques Google applied to index the internet back in 1998 to the world of open source software? That's exactly the thought Andrew Nesbitt had in 2014 which lead to the creation of Libraries.io, an open source project for indexing other open source projects. This month Libraries.io released metadata on over 25 million open source projects.
You can download it right now from Zenodo, but what can you do with it? To understand what is contained within this dataset, I'll take a quick look at how it's collected.
For a complete cloud native application lifecycle Kubernetes needs some tools to “close the loop”. The promise of the new way of doing things, is that you’ll speed up your software delivery with microservices and devops teams. But how should you really do that? Join this webinar to find out!
MesosCon North America is an annual conference organized by the Apache Mesos community, bringing together users and developers to share and learn about the project and its growing ecosystem. The conference will feature a one-day hackathon followed by two days of sessions focused on the Apache Mesos Core and related technologies.
His #AskLF chat will take place the Monday after SysAdmin Day: a professional holiday the organization has recognized for years.
Since the launch of Firefox Focus for Android less than a month ago, one million users have downloaded our fast, simple privacy browser app. Thank you for all your tremendous support for our Firefox Focus for Android app. This milestone marks a huge demand for users who want to be in the driver’s seat when it comes to their personal information and web browsing habits.
A new security and bug fix maintenance update just landed today for the pfSense 2.3.4 stable release of the open-source and free firewall distribution based on the FreeBSD technologies.
The pfSense 2.3.4-p1 patch is being released two and a half months after the launch of pfSense 2.3.4, and it looks like it attempts to inject new security fixes in pfSense and several of its components, including OpenVPN, as well as to fix various bugs that have been reported during this time. For example, it fixes Hover Dynamic DNS updates to be able to verify the SSL peer.
A less than two-month-old project for OpenBSD, kernel address space randomized link (KARL), has turned the kernel into an object that is randomized on every boot. Instead of the code being stored in the same location for every boot of a given kernel, each boot will be unique. Unlike Linux's kernel address space layout randomization (KASLR), which randomizes the base address for all of the kernel code on each boot, KARL individually randomizes the object files that get linked into the binary. That means that a single information leak of a function address from the kernel does not leak information about the location of all other functions.
Theo de Raadt first posted about the idea on the OpenBSD tech mailing list on May 30. He described the current layout of the OpenBSD kernel code, which is effectively the boot code and assembly runtime (in locore.o), followed by the kernel .o files in a fixed order. His post had some changes that would split out the assembly runtime from locore.o and link it and all of the kernel .o files in a random order. The only piece that would be placed at a known address would be locore.o; it would be followed by a randomly sized gap, then by the kernel text that has its .o files arranged in a random order. There would also be random gaps before other sections (i.e. .rodata, .data, and .bss) that are placed after the kernel text.
There is some security benefit, of course, but really it’s all about the speed. I want flak to be as fast as possible, thus we need to be using the fastest protocol.
The municipality of Tirana, the biggest municipality in the country serving over 800,000 citizens, decided to make an Important move onto open source technologies, by implementing yet another open source software in its infrastructure and offering a major improvement with the deployment of a private cloud service: cloud.tirana.al.
Now, Lewis is known as the founder of the open source APS and leads a community of DIY diabetes patients who are constantly innovating new technology to help manage the condition.
People have scoffed that 3-D printers are simply toys themselves. But they probably didn't realize how much money is made off playthings. Do-it-yourself (DIY) manufacturing -- making goods at home with a 3-D printer using open source designs from a free online repository -- has a multimillion-dollar impact on the overall toy industry.
A lot of criticisms come from users that probably wrote Java code when it was born.
Instead of offering a workaround for human biases, the tools we designed to help us predict the future may be dooming us to repeat the past by replicating and even amplifying societal inequalities that already exist.
In my younger days—about the time that Erik the Red was making a name for himself—I was really into electronics. Countless never-quite-working-as-expected circuits should have taught me the futility of telling electrons what to do. Yet my interest in electronics peaked with the construction of an electronically steerable phased-array antenna. This is where, by varying the timing slightly, numerous small antennas create a signal that can be sent in specific directions without moving any hardware.
Donald Trump appears not to know how much health insurance costs or how it works.
Despite declaring to Republican senators that he is ready to sign a healthcare bill, the President has demonstrated a shaky understanding of the legislation he is pushing and the healthcare industry he wants to reform.
In an interview with The New York Times, Mr Trump said, “So pre-existing conditions are a tough deal. Because you are basically saying from the moment the insurance, you’re 21 years old, you start working and you’re paying $12 a year for insurance, and by the time you’re 70, you get a nice plan.”
The notion of paying $12 a year for health insurance is even less than the $15 per month amount he suggested in an interview with The Economist earlier this year.
The WHO said the prequalification could open the way to expand treatment access by increasing the number of generic medicines on the market that have met quality assurances.
For the first time, more than half of people in the world living with HIV have access to treatment, UNAIDS said in a report released today in Geneva. In addition, AIDS-related deaths have been nearly cut in half since 2005, it said. As of 2016, nearly 20 million people were living with HIV.
The report is available here. The report highlights areas where gains have been made and where gaps continue, and points out that funding for addressing HIV/AIDS has been flat.
Inherently in open source, the number of eye balls focused on software at any point of time outpaces the number of people in a proprietary environment. So theoretically the potential for spotting vulnerabilities earlier and fixing is much-much higher in an open source environment. So the ability to respond to and manage those threats by design are much faster.
The CVE in question, named “Bad Taste” (with even a logo(!) of a wine glass) can be found here.
[...]
In conclusion, it takes 2 minutes to contact any of us and verify your statements/blog post/tech news. Please do, before posting.
Last August, after being alerted by GitHub's security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company's certificate issuance practices. The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."
More than a month after a ransomware attack on their Windows computers, journalists at San Francisco's public TV and radio station KQED are still reduced to doing most of their work manually.
I registered two test domains at a provider that would allow me to hide my identity and not show up in the whois information. I then ordered test certificates from Symantec (via their brand RapidSSL) and Comodo. These are the biggest certificate authorities and they both offer short term test certificates for free. I then tried to trick them into revoking those certificates with a fake private key.
Previous posts discussed the security challenge presented by IoT devices, using IP Video Cameras as an example. Now let’s consider some security alternatives...
Rather than trying to fix the big problems, our time is better spent ignoring the thought leaders and just doing something small. Conferences are important, but not to listen to the leaders. Go find the vendors and attendees who are doing new and interesting things. They are the ones that will make a difference, they are literally the future. Even the smallest bug bounty, feature, or pull request can make a difference. The end goal isn't to be a noisy gasbag, instead it should be all about being useful.
Security updates have been issued by Debian (php5 and ruby-mixlib-archive), Fedora (knot, knot-resolver, and spice), Oracle (graphite2 and java-1.8.0-openjdk), Red Hat (graphite2, java-1.6.0-sun, java-1.7.0-oracle, java-1.8.0-openjdk, and java-1.8.0-oracle), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (kernel, linux, linux-raspi2, linux-hwe, and mysql-5.5, mysql-5.7).
There are many ways to attempt to subvert an operating-system kernel. One particularly effective way, if it can be arranged, is to attack the operations that copy data between user-space and kernel-space memory. If the kernel can be fooled into copying too much data back to user space, the result can be an information-disclosure vulnerability. Errors in the other direction can be even worse, overwriting kernel memory with attacker-controlled data. The kernel has gained some defenses against this sort of attack in recent development cycles, but there is more work yet to be merged.
Much of the heap memory used within the kernel is obtained from the slab allocator. The hardened usercopy patch set, merged for the 4.8 kernel, attempts to limit the impact of erroneous copy operations by ensuring that no single operation can cross the boundary between one slab-allocated object and the next. But the kernel gets a lot of large memory objects from the slab allocator, and it is often not necessary to copy the entire object between the kernel and user space. In cases where only part of an object needs to be copied, it would be useful to prevent a rogue copy operation from copying to or from parts of the structure that do not need to be exposed in this way.
Validating user input is a long-established security best practice, but there can be differences of opinion about what should be done when that validation fails. A recently reported bug in systemd has fostered a discussion on that topic; along the way there has also been discussion about how much validation systemd should actually be doing and how much should be left up to the underlying distribution. The controversy all revolves around usernames that systemd does not accept, but that some distributions (and POSIX) find to be perfectly acceptable.
The bug was opened in late June by GitHub user "mapleray". It describes setting up a systemd service file with a "User=0day" entry, which means that the service should run as the 0day user. However, mapleray found that it ran as root instead, which is, at the least, rather surprising. It turns out that usernames starting with a digit are disallowed by systemd—so it ignores the line and puts a warning in the log. Since there is no user specified, systemd falls back running it as the default user: root.
House Speaker Paul Ryan had an opportunity not merely to reassert the authority of the chamber he is supposed to lead but also to steer the United States away from the dangerous course of endless war and steady subservience to an ever-more-powerful military-industrial complex. Ryan squandered that opportunity.
The son of Cecil - the lion killed by a US dentist two years ago - has been shot dead by hunters in Zimbabwe.
Xanda, aged six with several young cubs, died at the Hwange National Park where his father was also killed.
Cecil was shot by trophy-hunting American dentist Walter Palmer, sparking an international outcry.
The Lions of Hwange National Park shared a Facebook post that said: "Today we heard that a few days ago, Xanda, the son of #CecilTheLion has been shot on a trophy hunt.
Clovis, who does not have a science degree, according to a Washington Post report, takes over a position that it said has generally gone to someone with an advanced degree in science or medicine.
Yesterday, the Trump administration formally named its candidate for the Department of Agriculture's undersecretary of research, education, and economics, a post that serves as the agency's chief scientist. Its choice? Sam Clovis, who has no scientific background but is notable primarily for having been a conservative talk-radio host. If approved by the Senate, the US' attempts to understand climate change's impact on agriculture will be led by someone who called climate research "junk science."
If the world keeps burning fossil fuels and releasing carbon emissions indefinitely, climate change will eventually melt all the ice at the poles and on mountains, according to National Geographic.
This would raise global sea levels by approximately 216 feet, engulfing oceanside cities like Miami, Buenos Aires, and Cairo.
This week, change could finally be on the way, as 110 professional bodies in Catalonia have signed up to a plan to change the region’s daily timetable by 2025, shortening the classic three-hour lunch break so that employees can finish work earlier in the evening.
On the heels of the resignation of State Department Cyber Coordinator Chris Painter—the top diplomat for negotiations on setting norms for nations' behavior in "cyberspace"—a State Department spokesperson confirmed that Secretary of State Rex Tillerson is moving toward shutting down the department's Office for the Coordination of Cyber Issues.
The office, set up by former Secretary of State Hillary Clinton during the Obama administration, has taken the lead in negotiations with other nations on cybersecurity policy issues. It also works out how existing international law applies to hacking, cyber-espionage, and other state-directed activities on the Internet. The Cyber Coordinator, who leads the office, has reported directly to the secretary of state. As the head of the office, Chris Painter—a career Department of Justice employee who was detailed to the State Department for the post six years ago—took part in multiple multinational negotiations resulting in agreements to halt economic electronic espionage against other countries' companies. Among these was an agreement reached by the Group of 20 leading world economic powers (G20) in November of 2015.
Last month we wrote about the tragic and hugely problematic ruling in Canada that said a Canadian court could order global censorship of content it deems to be illegal. As lots of people pointed out, that is going to have dangerous consequences for speech around the world. If you accept that Canada can censor the global internet, what's to stop China, Iran or Russia from claiming the same rights?
And now we'll get to find out if the EU similarly believes in the ability of one country to demand global censorship online. In another case that we've been following, French data protection officials had been demanding Google censor content globally, and Google had been refusing. Now, the issue has been sent to the EU Court of Justice, the very same court who created this mess three years ago in saying that Google was subject to "right to be forgotten" claims. Google had reasonably interpreted the law to just apply in the EU (where the jurisdiction existed). But now the same court will decide if EU officials can censor globally.
With the threat of a single gateway still looming over the heads of netizens, the recent dust-up over limiting access to Facebook content deemed inappropriate by the government, a future internet chock-full of stringent government controls still seems an inevitable reality.
While the government has asserted in the past that its motivation for any restrictions to the kingdom’s internet access is cybersecurity, it would also seem that term covers blocking content it feels is not in its best interest – which was recently the case when it requested the Thai Internet Service Provider Association, or TISPA, to engage Facebook in an attempt to get specific content blocked.
Oh, James Woods. He has now "settled" the ridiculous lawsuit he filed against someone mocking him on Twitter... but is still fighting a fairly similar lawsuit that was filed against him -- complaining that it's an attack on his free speech rights.
If you don't recall, the rather opinionated actor sued a trollish Twitter user who went by the name Abe List, after Abe referred to Woods as a "cocaine addict" in a clearly hyperbolic tweet. As the case progressed, "Abe List" died unexpectedly, leading to Woods obnoxiously gloating on Twitter that List had "dropped" his anti-SLAPP appeal, and when people pointed out it was only because List had died, Woods demonstrated what kind of character he is by cheering on the fact that someone died.
Google's dispute with France's privacy watchdog over a call to apply "right to be forgotten" rules globally to some Web links will be weighed by Europe's top court—three years after it told the ad giant to comply with an order to remove old, out of date, or irrelevant listings from its powerful search index, so long as they weren't found to be in the public interest.
As of today, when users search for hateful content on YouTube using certain keywords, the platform will return playlists comprising content that debunks violent and extremist rhetoric.
A few weeks ago, we warned about a dangerous new German law that would fine social media companies if they didn't magically block "hate speech" on their platforms. As we pointed out, this would lead to widespread censorship, as the risk of liability for leaving up even borderline speech would be massive. And, equally important, this would embolden oppressive, dictatorial and autocratic regimes to press on with their own crackdowns on free speech by using laws like this one and claiming that they're doing the exact same thing as supposedly democratic nations like Germany.
Acclaimed director Prakash Jha believes that censorship is an offshoot of a patriarchal mentality governing the Indian mindset for centuries. "Censor or the government or the people with the authority have a patriarchal attitude. Censorship isn't getting abolished because nobody wants to lose control over popular culture," Jha said during a visit to the city.
A fake browser called Rodeo that imitates Tor browser has been discovered luring users to create their accounts on the website which is essentially present in the dark web. The fake website is a marketplace for all kinds of illegal products stealing money from users.
As hidden services, both AlphaBay and Hansa were accessible only through the Tor network, presenting a significant challenge to law enforcement agents hoping to seize the host servers. It’s still unclear how authorities were able to locate the servers or site administrators, but it appears to have been done without compromising the underlying protections of Tor.
An opinion is expected by November 7th from Advocate General Michal Bobek, a court advisor, the final judgment by the end of the year.
The case is C-498/16, Schrems.
Taimoor Raza, a 30-year-old Shia Muslim from a “poor but literate” family, was sentenced to death in June by an anti-terrorist court in Pakistan. His crime? Allegedly insulting the prophet Muhammad on Facebook.
It occurred during an online debate with a man who turned out to be an undercover counter-terrorism agent. His death sentence, the first to result from a social media posting, is an extreme example of the Pakistani government’s escalating battle to enforce its blasphemy laws, which criminalize insulting Islam.
The Finnish Border Guard is set to receive expanded powers to combat hybrid threats both independently and in collaboration with other security authorities.
The Ministry of the Interior has drafted a bill that would grant border officers the same powers as police officers under normal circumstances to uphold order and security at border-crossing points, their immediate vicinity, and other areas and facilities controlled by the Finnish Border Guard.
President Trump's lawyers are looking into the president's authority to grant pardons in connection with the special counsel investigation into Russia's role in the 2016 election, The Washington Post reported Thursday.
Trump himself has talked to advisers about his ability to pardon his aides, family members and himself in the investigations, according to the Post, though one adviser cautioned that the president's inquiries were made in curiosity, rather than in connection to the Russia probes.
The "new" email request system will aid more New Yorkers in having their requests ignored by the NYPD. The NYPD's future use of email for FOI responses will ensure requesters are informed of denials in a much speedier fashion. The portal the NYPD is setting up on its website will provide instructions for requesters, as well as information on how to challenge denials and non-responses. If nothing else, the NYPD will be forced to follow the letter of the law a bit more closely, but it will take far more than a steady stream of FOI lawsuits for it to approach the law's spirit.
The NYPD has made a opacity a cottage industry. It has been dubbed the least responsive government agency in the US, worse than the CIA, FBI and NSA. It has developed an in-house classification system that allows pretty much anyone to designate almost any document "top secret" for almost any reason, and reached its nadir when it refused to release a copy of its FOIL response guidelines to a FOIL requester.
But this is an ugly victory -- one that should subject the department to a steady stream of ridicule. It takes a lawsuit to make a law enforcement agency follow the law. That's just depressing.
A Massachusetts lawmaker is looking to give law enforcement another way to bust people and seize vehicles. Modify a vehicle you own in a certain way and you can expect to never see that vehicle again.
It is the same here as it is with everything else. Stingrays were supposed to be counterterrorism devices, what with them being repurposed war gear. But then it was homicides. Then drug dealers. Then pretty much anyone cops wanted to locate, even if all they'd done was steal $60 of fast food.
Likewise, National Security Letters. The clue is in the name. Maybe they're only being used for national security purposes, but if so, America is under constant threat from prolific terrorists. The FBI issues thousands of these a year. And we know very little about the underlying crimes, thanks to indefinite gag orders and loads of government court filings still under seal.
Anycasting IP space has become quite a meme in the networking world in the last few years, with it being used sparsely in the past for UDP based services like DNS. Now it’s being used for TCP based services too, meaning that all the services that use TCP are now also being served on Anycast IP ranges. (ie, HTTP, or other TCP based applications, like games)
The evidence for repealing net neutrality rules isn't good enough, Senator Edward Markey (D-Mass.) told Federal Communications Commission Chairman Ajit Pai yesterday.
Pai claims that the rules issued in 2015 are reducing investment in broadband networks, but Markey pointed out during a Senate hearing that ISPs have not reported any dramatic problems to their investors.
[...] YouTube and Netflix are being throttled to 10Mbps regardless of the speed you have paid for. If it sounds like a step towards a world without net neutrality, that’s because it is. The reported speed cap, 10 Mbps, allows for 1080p streaming video, but starts to falter when streaming anything higher quality such as 1440p or 4k video. Whether or not 1080p video is enough for mobile streaming or not isn’t the matter – the consensus seems to be that the throttling is very unwelcome. Using a VPN defeats this throttling and allows you to get the streaming speed that you paid for.
The Federal Communications Commission (FCC) says it cannot provide more information proving that it was the victim of a cyberattack in May.
The agency's Electronic Comment Filing System (ECFS) went down shortly after comedian John Oliver told viewers to file comments in favor of net neutrality in a segment on his HBO show "Last Week Tonight."
The FCC claimed at the time that the website did not crash because of the large amount of traffic Oliver generated, but was instead the result of a Distributed Denial of Service Attack. An FCC official cited an "analysis" that lead the agency to that conclusion.
In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation." Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.
When Ajit Pai was first appointed as the new head of the FCC, he promised to be a stickler for transparency at the agency. And in one way he followed through, by making it standard operating procedure to now publish FCC orders a month before they're voted on (even though former staffers and consumer advocates believe he only did so to give ISP lobbyists more time to construct counter-arguments and their legal and policy assaults). Elsewhere, this supposed dedication to transparency has been decidedly lacking however, especially in regards to his efforts to repeal net neutrality protections.
You might recall that when HBO comedian John Oliver originally addressed net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of real net neutrality rules. When Oliver revisited the topic last May to discuss FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. Both instances did a fantastic job highlighting how satire often tops traditional journalism in driving interest toward what can often be rather wonky tech policy issues.
This leads to the fifth hard truth: the United States will certainly push Canada to accept patent standards that are not in Canada’s best interest. As US firms own nearly four times more Canadian patents than Canadian firms do themselves, the United States has a clear interest in having Canadian patent laws be more patent-holder friendly. Each trade negotiation is another opportunity for the United States to export its desires in Canada. At the end of the 1980s, at the time of the negotiations of the Canada–United States Free Trade Agreement, the Reagan administration successfully used the access to the large American market to pressure the Canadian government to extend patent protection to pharmaceutical products and restricted the possibilities for the government to provide licences to generic manufacturers. Later, with NAFTA, the United States made sure that Canada could no longer provide a more favourable treatment for pharmaceutical inventions and generic products made in Canada. This time, one could expect that the United States will ask for a 12-year data exclusivity for biologics and a five-year patent term extension to compensate patent holders for regulatory delays. These rules would not serve Canadian interests.
Earlier this year, the United Nations International Civil Service Commission called for a decrease in the compensation for the high cost of living for professional staff of Geneva-based United Nations agencies. At the World Intellectual Property Organization Program and Budget Committee last week, some countries asked why the decision was not reflected in the draft budget for 2018/2019. WIPO replied that discussions to curb the decision are ongoing.
Malone documents his travails online with detailed photos, often in brief form, such as: "My mind has actually come around completely on the garlic alfredo sauce since its original launch in 2015. Perhaps the recipe has changed, or maybe my palate has been deadened by years of conspicuous consumption, but the flavor is actually fairly mild and the grated cheese adds a bit of depth to the traditionally bland alfredo."
If you're not familiar with Perfect 10 by now, it is a company that billed itself as a smutty porn magazine that was actually mostly in the far more immoral business of copyright trolling. Rather than peddling skin, Perfect 10 mostly peddled laughably frivolous copyright lawsuits against roughly everyone, managing in this process to suffer legal losses to Google, CCBill, Amazon, and Visa among others. One of those others was Usenet provider Giganews, which won big in its court battle with Perfect 10 to the tune of the latter being ordered to pay over $5 million in attorney's fees to the former. Perfect 10 immediately cried poor at that point, stating it didn't have the money to cover the award, leading the court to put its assets in receivership.
The EU is in the process of hammering out a new copyright directive. Here is a leaked amendment from the European Parliaments Committee on Culture and Education (CULT)…
[...]
"2. The right of an author or performer to obtain fair remuneration for the making available of his/her work as described in paragraph 1 cannot be waived."
Anti-piracy group BREIN is determined to have The Pirate Bay blocked in the Netherlands, preferably as soon as possible. The group no longer wants to wait for a local Supreme Court hearing on the matter and hopes to speed up the issue with a preliminary injunction.
Between December 2011 and March 2012, New Zealand's Government Communications Security Bureau illegally intercepted the private conversations of Kim and Mona Dotcom, and Megaupload co-defendant Bram van der Kolk. A new ruling handed down by the High Court means that Dotcom will be denied access to the recordings.
Information is Beautiful has updated their comparison of artist payments on streaming services, estimating that 2.4 million plays on YouTube will net a whopping $1,472 for an unsigned artist. That's $0.0006 per play!