Language Selection

English French German Italian Portuguese Spanish

Security: Cleartext Passwords, Windows Problems, and Meltdown Patches/Performance

Filed under
Security
  • cleartext passwords and transparency

    So let me just jump in with Lars blog post where he talks about cleartext passwords. While he has actually surmised and shared what a security problem they are, the pity is we come to know of this only because the people in question tacitly admitted to bad practises. How many more such bad actors are there, developers putting user credentials in cleartext god only knows. There was even an April Fool’s joke in 2014 which shared why putting passwords in cleartext is bad.

  • 911 operator suspended over teen’s death griped about working overtime.

    Plush called 911 again around 3:35 p.m., this time giving Smith a description of the vehicle, a gold Honda Odyssey in the parking lot at Seven Hills — information that never made it to the officers at the scene.

    “This is not a joke,” the teen told Smith. “I’m almost dead.”

    Smith tried to document the call when it came in but her computer screen had frozen, preventing her from entering information immediately, the review found.

  • Defense contractors face more aggressive ransomware attacks

    The rise of ransomware attacks against defense contractors coincides with a rise in the use of ransomware in general. Attacks can spread even after the original target has been hit, hurting unintended victims.

  • A Look At The Meltdown Performance Impact With DragonFlyBSD 5.2

    Besides looking at the HAMMER2 performance in DragonFlyBSD 5.2, another prominent change with this new BSD operating system release is the Spectre and Meltdown mitigations being shipped. In this article are some tests looking at the performance cost of DragonFlyBSD 5.2 for mitigating the Meltdown Intel CPU vulnerability.

    With DragonFlyBSD 5.2 there is the machdep.meltdown_mitigation sysctl for checking on the Meltdown mitigation presence and toggling it. Back in January we ran some tests of DragonFlyBSD's Meltdown mitigation using the page table isolation approach while now testing was done using the DragonFlyBSD 5.2 stable release.

  • A Last Minute Linux 4.17 Pull To Help Non-PCID Systems With KPTI Meltdown Performance

    While the Linux 4.17 kernel merge window is closing today and is already carrying a lot of interesting changes as covered by our Linux 4.17 feature overview, Thomas Gleixner today sent in a final round of x86 (K)PTI updates for Meltdown mitigation with this upcoming kernel release.

    This latest round of page-table isolation updates should help out systems lacking PCID, Process Context Identifiers. The KPTI code makes use of PCID for reducing the performance overhead of this Meltdown mitigation technique. PCID has been around since the Intel Westmere days, but now the latest kernel patches will help offset the KPTI performance impact for systems lacking PCID.

More in Tux Machines

From Trusty to Bionic - my Ultrabook story

I am happy with how the upgrade went, given that I've actually bumped the system two major releases. Apart from small issues, there was nothing cardinal in the move. No data loss, no complications, no crashes. All my stuff remains intact, and so does Windows 8, living happily together and sharing the disk with Ubuntu. Mission accomplished. But we ain't done. I need to make the system as usable as possible. Which means Unity testing - and Plasma testing, of course, duh! Indeed, this remains a productivity box, and as such, it must fulfill some very stringent requirements. It must be stable, fast and elegant. It must work with me every step of the way, and it must allow me to transparently and seamlessly use various programs that I need. On this particular machine, that would be video editing with Kdenlive, that would be image processing with GIMP, the use of encryption and VPN tools, tons of writing on the superbly ergonomic Asus keyboard. But all that and more - coming soon. For now, thank you Trusty for five sweet, loyal years. May you ReST in ethernet peace. Read more

Software: Avidemux, Cockpit and NVMe VFIO in Linux

  • Avidemux 2.7.3 Released with Various Decoder Fixes (Ubuntu PPA)
    Avidemux video editor released a new bug-fix version just 11 days after the last, with decoder fixes and misc small improvements
  • Cockpit Project: Cockpit 190
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 190.
  • NVMe VFIO Mediated Device Support Being Hacked On For Lower Latency Storage In VMs
    Maxim Levitsky of Red Hat sent out a "request for comments" patch series this week introducing NVMe VFIO media storage device support for the Linux kernel. Levitsky is pursuing faster virtualization of storage while striving for low latency and that led to the creation of a VFIO-based mediated device driver to pass an NVMe partition or namespace to a guest. This NVMe VFIO mediated device support would allow virtualized guests to run their unmodified/standard NVMe device drivers, including the Windows drivers, while still allowing the NVMe device to be shared between the host and guest.

Fedora: Parental Controls, FPgM, Ambassadors/Translation Sprint, Modularity Test Day and Delays

  • Allan Day: Parental Controls and Metered Data Hackfest
    This week I participated in the Parental Controls and Metered Data Hackfest, which was held at Red Hat’s London office. Parental controls and metered data already exist in Endless and/or elementary OS in some shape or form. The goal of the hackfest was to plan how to upstream the features to GNOME. It’s great to see this kind of activity from downstreams so I was very happy to contribute in my capacity as an upstream UX designer. There have been a fair few blog posts about the event already, so I’m going to try and avoid repeating what’s already been written…
  • FPgM report: 2019-12
    Fedora 30 Beta is No-Go. Another Go/No-Go meeting will be held on Thursday. I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. The Fedora 30 Beta Go/No-Go and Release Readiness meetings are next week.
  • Not posting here means not there is nothing done
    I looking with fears to this strange ideas Mindshare has for the future of the Ambassadors. You can not write reports if you not have an event, so I telling here now how hard it is in this country to organize an event. Since October 2018 I search for a place which would host the next Translation Sprint. We have tons of co-working spaces or NGO’s which have space available. But is always the same I asked e.g. Open Institute, answer we can host you just on Saturday. And I had actually to write there several times and even make calls because I got no answer for the first contact. The same on The Desk, we can host you only on Saturday. This makes no sense in Cambodia, it is a regular working day, because they have 28 holidays. So most people have to work until 2pm. What sucked on this one, I was working on it since end of January. So first meeting was setup for 11th March, I went there but nobbody there to meet me. This is normal cambodian working style I dont tell I am busy and cant meet you and give you an alternative time. Well the promised mail with an alternative time never arrived, so I had to ask for it again. Second meeting was then this Monday, I spent an hour with them with the useless result of “just Saturday”. But there is light on the horizon OpenDevelopment might host us but here just on Sunday, which is for us better then just Saturday. So six months, hundreds of mails and several meetings and achieved nothing. How easy is it to setup a Fedora Womans Day in the Pune office, compared to this and then just travel around the world to visit other events and this is then called “active”
  • Fedora 30 Modularity Test Day 2019-03-26
  • Fedora 30 Beta Won't Be Released Next Week Due To Their Arm Images Lacking A Browser

Games: Lutris, Flux Caves, Cities: Skylines

  • Lutris 0.5.1 Brings Improved GOG Integration, Various Fixes
    Released at the start of February was the big Lutris 0.5 release with an enhanced GTK interface, GOG.com support, and much more for this open-source gaming platform. Lutris 0.5.1 is now available with some much needed fixes.
  • In the puzzle game Flux Caves you will be pushing around blocks to play with large marbles
    If you like puzzle games and marbles today is your lucky day as I came across Flux Caves, which merges them into one game. It's early-on in development but it has a pretty great idea. It's like piecing together an oversized marble-run, with each level having various tubes and other special blocks missing that you need to slot into place.
  • Cities: Skylines is another game having a free weekend on Steam right now
    As a reminder, it recently turned four years old and it's showing no signs of slowing down with multiple thousands on it every day. If you do decide to give it a go, I highly recommend the Clouds & Fog Toggler mod from the Steam Workshop to give you a really clear view. That's another thing that I love about Cities: Skylines, there's a huge amount of extra content available for it like maps, mods, scenarios and more. The mod selection is incredibly varied too from simple tools to automatically bulldoze abandoned or burned down buildings to adding in entirely new ways to play.