Language Selection

English French German Italian Portuguese Spanish

Security: Windows Ransomware, Cortana Holes, Google Play Protect and More

Filed under
Security
  • The worst types of ransomware attacks
  • Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen
  • What is Google Play Protect and How Does it Keep Android Secure?
  • ​Another day, another Intel CPU security hole: Lazy State

    Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

  • Eric S. Raymond on Keeping the Bazaar Secure and Functional
  • Purple testing and chaos engineering in security experimentation

    The way we use technology to construct products and services is constantly evolving, at a rate that is difficult to comprehend. Regrettably, the predominant approach used to secure design methodology is preventative, which means we are designing stateful security in a stateless world. The way we design, implement, and instrument security has not kept pace with modern product engineering techniques such as continuous delivery and complex distributed systems. We typically design security controls for Day Zero of a production release, failing to evolve the state of our controls from Day 1 to Day (N).

    This problem is also rooted in the lack of feedback loops between modern software-based architectures and security controls. Iterative build practices constantly push product updates, creating immutable environments and applying complex blue-green deployments and dependencies on ever-changing third-party microservices. As a result, modern products and services are changing every day, even as security drifts into the unknown.

More in Tux Machines

Programming: C++, Python and In-house OpenJDK Implementation of Alibaba

  • Next C++ workshop: Pointers and Linked Lists, 28 March at 19:00 UTC
    Another workshop is coming up! Improve your C++ skills with the help of LibreOffice developers: we’re running regular workshops which focus on a specific topic, and are accompanied by a real-time IRC meeting. For the next one, the topics are Pointers and Linked Lists. Start by watching this presentation:
  • Python programming language: Pyboard D-series arrives for MicroPython robots
    The new Pyboard D-series micro-controller is now available for purchase at a rather hefty price of £43 ($56), offering developers a low-powered device for running programs created with MicroPython, a stripped-back version of the hugely popular Python 3 programming language.
  • Commenting Python Code
    Programming reflects your way of thinking in order to describe the single steps that you took to solve a problem using a computer. Commenting your code helps explain your thought process, and helps you and others to understand later on the intention of your code. This allows you to more easily find errors, to fix them, to improve the code later on, and to reuse it in other applications as well. Commenting is important to all kinds of projects, no matter whether they are - small, medium, or rather large. It is an essential part of your workflow, and is seen as good practice for developers. Without comments, things can get confusing, real fast. In this article we will explain the various methods of commenting Python supports, and how it can be used to automatically create documentation for your code using the so-called module-level docstrings.
  • Documenting Python Projects With Sphinx and Read The Docs
  • Django Migrations 101
  • PyCoder’s Weekly: Issue #361 (March 26, 2019)
  • MongoDB connections
  • Alibaba Dragonwell8 : The In-house OpenJDK Implementation At Alibaba
    Alibaba requires no introduction. It is one of the popular and largest multinational conglomerate founded by Jack Ma, a business magnate and philanthropist from China. It is also world’s fifth-largest internet company by revenue. It specializes in various sectors such as e-commerce, retail, Internet and technology. Alibaba team has provided significant contribution to open source projects. One such project is OpenJDK. The development team at Alibaba has developed many Java-based applications over the years. They have adopted OpenJDK and created their own JDK named “Alibaba Dragonwell8”. It is the downstream version of OpenJDK and completely open source. Alibaba Dragonwell is optimized for developing e-commerce, financial, logistics applications which are running on their 100k+ servers. It is certified as compatible with the Java SE standard. It is currently supports Linux/x86_64 platform only. Let us hope they will extend the support to Unix and other platforms soon. In this guide, we will see how to install Alibaba Dragonwell8 in Linux. I have tested this guide on Ubuntu 18.04 LTS server. However, it should work on other Linux distributions as well.

4MLinux 29.0 BETA released.

4MLinux 29.0 BETA is ready for testing. Basically, at this stage of development, 4MLinux BETA has the same features as 4MLinux STABLE, but it provides a huge number of updated packages. Read more

Why We Need Our Nonprofits

SPARC was at best a relatively small success. But RISC did succeed, massively, with ARM (which stands for Advanced RISC Machine). ARM started as the Acorn RISC Machine in 1983. Today, most of the world's mobile devices run ARM chips. I don't know how well the CHIPS Alliance will do, but I do know that only an entity big and experienced enough to pull giant competing companies together can do it. For Linux, that's the Linux Foundation. I'm glad we have it. I'm also glad we have the Software Freedom Conservancy. Times are getting tough for FLOSS, and we need all the help we can get. Read more

See GNOME 3.32 on Ubuntu 19.04 Beta

Although the 19.04 is still not officially released this March, but even today we can download the development version and run it (LiveCD) on our computer. We find that it includes the 3.32, the latest version of GNOME desktop environment. I want to highlight some interesting aspects of it on Ubuntu as we saw it on Fedora Rawhide few days ago. I suggest you to download the 19.04 daily-live ISO and quickly test it, I believe you can feel the performance improvements especially how quick it's now to open the start menu and it's now even quicker to search files on Nautilus. Here we go. Happy testing! Read more