Language Selection

English French German Italian Portuguese Spanish

Security: Cleartext Passwords, Windows Problems, and Meltdown Patches/Performance

Filed under
Security
  • cleartext passwords and transparency

    So let me just jump in with Lars blog post where he talks about cleartext passwords. While he has actually surmised and shared what a security problem they are, the pity is we come to know of this only because the people in question tacitly admitted to bad practises. How many more such bad actors are there, developers putting user credentials in cleartext god only knows. There was even an April Fool’s joke in 2014 which shared why putting passwords in cleartext is bad.

  • 911 operator suspended over teen’s death griped about working overtime.

    Plush called 911 again around 3:35 p.m., this time giving Smith a description of the vehicle, a gold Honda Odyssey in the parking lot at Seven Hills — information that never made it to the officers at the scene.

    “This is not a joke,” the teen told Smith. “I’m almost dead.”

    Smith tried to document the call when it came in but her computer screen had frozen, preventing her from entering information immediately, the review found.

  • Defense contractors face more aggressive ransomware attacks

    The rise of ransomware attacks against defense contractors coincides with a rise in the use of ransomware in general. Attacks can spread even after the original target has been hit, hurting unintended victims.

  • A Look At The Meltdown Performance Impact With DragonFlyBSD 5.2

    Besides looking at the HAMMER2 performance in DragonFlyBSD 5.2, another prominent change with this new BSD operating system release is the Spectre and Meltdown mitigations being shipped. In this article are some tests looking at the performance cost of DragonFlyBSD 5.2 for mitigating the Meltdown Intel CPU vulnerability.

    With DragonFlyBSD 5.2 there is the machdep.meltdown_mitigation sysctl for checking on the Meltdown mitigation presence and toggling it. Back in January we ran some tests of DragonFlyBSD's Meltdown mitigation using the page table isolation approach while now testing was done using the DragonFlyBSD 5.2 stable release.

  • A Last Minute Linux 4.17 Pull To Help Non-PCID Systems With KPTI Meltdown Performance

    While the Linux 4.17 kernel merge window is closing today and is already carrying a lot of interesting changes as covered by our Linux 4.17 feature overview, Thomas Gleixner today sent in a final round of x86 (K)PTI updates for Meltdown mitigation with this upcoming kernel release.

    This latest round of page-table isolation updates should help out systems lacking PCID, Process Context Identifiers. The KPTI code makes use of PCID for reducing the performance overhead of this Meltdown mitigation technique. PCID has been around since the Intel Westmere days, but now the latest kernel patches will help offset the KPTI performance impact for systems lacking PCID.

More in Tux Machines

Survey: Console Based Linux File Managers

The term ‘file management functions’ refers to the functions used to manage files, such as creating, deleting, opening, closing, reading from, and writing to files. In the field of system administration, Linux has bags of graphical file managers. However, some users prefer managing files from the shell, finding it the quickest way to navigate the file system and perform file operations. This is, in part, because console based file managers are more keyboard friendly, enabling users to perform file operations without using a mouse, and make it quicker to navigate the filesystem and issue commands in the console at the same time. A console application is computer software which can be used with a text-only computer interface, the command line interface, or a text-based interface included within a graphical user interface operating system, such as a terminal emulator. Whereas a graphical user interface application generally involves using the mouse and keyboard (or touch control), with a console application the primary (and often only) input method is the keyboard. Many console applications are command line tools, but there is a wealth of software that has a text-based user interface making use of ncurses, a library which allow programmers to write text-based user interfaces. Read more

Linux and Open Source FAQs: Common Myths and Misconceptions Addressed

LinuxSecurity debunks some common myths and misconceptions regarding open source and Linux by answering a few Linux-related frequently asked questions. Open source and Linux are becoming increasingly well-known and well-respected because of the myriad benefits they offer. Seventy-eight percent of businesses of all sizes across all industries are now choosing open source software over alternative proprietary solutions according to ZDNet (https://zd.net/2GCrTrk). Facebook, Twitter and Google are are among the many companies currently using, sponsoring and contributing to open source projects. Although Linux and open source are widely recognized for the advantages they provide, there are still many myths and misconceptions that surround these terms. Here are some answers to frequently asked questions about Linux and open source: Question: What are the advantages of the open source development model? How can using and contributing to open source software benefit my business? Answer: Open source offers an array of inherent advantages which include increased security, superior product quality, lower costs and greater freedom and flexibility compared to other models. It also is accompanied by strong community values and high standards, which encourage the highest levels of creativity and innovation in engineering. Read more

Mozilla and Data Protection and Privacy Commissioners

  • Lessons from Carpenter – Mozilla panel discussion at ICDPPC
    The US Supreme Court recently released a landmark ruling in Carpenter vs. United States, which held that law enforcement authorities must secure a warrant in order to access citizens’ cell-site location data. At the upcoming 40th Conference of Data Protection and Privacy Commissioners, we’re hosting a panel discussion to unpack what Carpenter means in a globalised world.
  • The future of online advertising – Mozilla panel discussion at ICDPPC
    At the upcoming 40th International Conference of Data Protection and Privacy Commissioners, we’re convening a timely high-level panel discussion on the future of advertising in an open and sustainable internet ecosystem.

Games: Spearmint, Rise to Ruins, Depth of Extinction, Puzlogic, Never Split the Party, Godot Engine, DXVK

  • Ioquake3-Derived Spearmint 1.0 Engine Coming Next Month, But Ceasing Development
    Spearmint, an enhanced version of the open-source ioquake3 engine in turn derived from the id Tech 3 source code, will see the big "1.0" milestone in October. But that will also coincide with the developer and ioquake3 maintainer ceasing work on this engine now with an eighteen year lineage.
  • Village building god sim 'Rise to Ruins' had an absolutely massive update
    Rise to Ruins, a village builder that mixes in some god sim fun just went through a bit of an evolution with the latest patch, which really is absolutely massive. In terms of file-size the patch was relatively small, but good things come in small packages!
  • Roguelike RPG 'Depth of Extinction' is nearing release with a launch trailer
    I'm personally very excited about Depth of Extinction, a roguelike RPG with turn-based battles and an interesting setting. The release is closing in for this month and they have a new launch trailer. Note: This was a personal purchase for me.
  • Puzlogic combines elements from Sudoku and Kakuro to make an interesting puzzle game
    Puzlogic from developer Eduardo Barreto was released on Steam back in July and it just recently gained Linux support. It combines elements from Sudoku and Kakuro along with some lovely ambient music to create a pretty decent and relaxing experience. Currently in Early Access, the developer expects the full release to be available in the first part of 2019.
  • Never Split the Party, a free online team-based action-RPG is now on Linux
    Never one to pass up trying out a free game, today I tested out some of Never Split the Party, an "an ultra social rogue-like" and it's not bad. While the game is free to play, you only get given one single character. If you want access to the others, you need to buy the Fellowship DLC which will unlock the Cleric, Rogue, Mage, Ranger and Mercenary.
  • Godot Engine 3.1 will have support for simplex noise generation which looks incredibly useful
    Godot Engine 3.1 [Official Site], the big upgrade coming to the open source game engine has gained another exciting feature with simplex noise generation.
  • One of the fine folks in the Intel Mesa driver team has written up a post on their work improving games in DXVK
    Writing on their personal blog, Jason Ekstrand from the Intel Mesa team has written up some information on what they've been doing to improve the Intel drivers on Linux. What they're talking about isn't exactly new, since the fixes are already in Mesa but it's nice to get some information about how they came across the issues and what they did to solve them. Regardless of your feelings towards Wine, DXVK, Steam Play and so on, no one can ignore the benefits they bring to the people actually working on the drivers. Giving them so many more ways to test and push Linux graphics drivers is a good thing, as it means we can end up with much better drivers for all sorts of workloads (not just gaming!).