Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Linux 5.1, Red Hat's RHEL 8, Ubuntu Touch, GCC, App Store, Alpine, WSL2 | This Week in Linux 66

    On this episode of This Week in Linux, we’ve got a lot of big news to cover like the release of Linux 5.1, the new version of Red Hat Enterprise Linux, Microsoft announcing the Linux Kernel inside of Windows 10, Linux on Chromebooks, and more. We’ll also check out the latest release from Ubuntu Touch,…

  • Open Source Advocates express concern about Microsoft monopolizing OSS tooling [Ed: Everyone needs to delete GitHub now that dedicated Microsoft propaganda sites try to dismiss claims that Microsoft uses GitHub to sabotage the FOSS world]

    The executive director of the Eclipse Foundation, Mike Milinkovich now believes that Microsoft is heading for a complete monopoly which might endanger other companies and projects like Eclipse IDE. According to a recent survey by Stack Overflow (via The Register), Eclipse leads the market share for Jakarta EE development and is followed by IntelliJ IDEA and Visual Studio Code.

  • Recap: FOSDEM19

    This year’s FOSDEM (Free and Open source Software Developers’ European Meeting) has been held in in the beautiful city of Brussels (Belgium), as usual, on February 2 & 3, 2019. It was organised by volunteers to promote the widespread use of free and open source software..

    This was my first FOSDEM as a deputy member of the MC, and a fresh member of the Collabora team.

    I will try to give some information about my talks, and share my experience.

  • AT&T, DT, China Telecom throw support behind TM Forum's Open APIs

    The TM Forum announced that AT&T, Deutsche Telekom, Salesforce and China Telecom have signed on in support of its Open APIs.

    Those companies showed their support by signing the TM Forum's Open API Manifesto, which commits them to using the TM Forum's APIs in their products and service offerings as well as in their request-for-proposal (RFP) processes.

    “Open APIs and open source software are at the heart of our network transformation, and we're thrilled at the broader ecosystem that's adopting the same approach,” said AT&T's Chris Rice, senior vice president, network cloud and infrastructure, in a statement. “TM Forum has played a critical role in nurturing this ecosystem, and we're pleased to support their Open API initiative.”

    The new members also agreed to take part in the TM Forum’s Collaboration program to continuously innovate and update the suite of Open APIs. Those APIs are in use by more than 7,000 software developers In over 1,200 companies worldwide

  • Cisco Making its MindMeld Conversational AI Platform Open Source [Ed: Cisco openwashing of mass surveillance listening devices]
  • A Cisco Router Bug Has Massive Global Implications

    THE CISCO 1001-X series router doesn't look much like the one you have in your home. It's bigger and much more expensive, responsible for reliable connectivity at stock exchanges, corporate offices, your local mall, and so on. The devices play a pivotal role at institutions, in other words, including some that deal with hypersensitive information. Now, researchers are disclosing a remote attack that would potentially allow a hacker to take over any 1001-X router and compromise all the data and commands that flow through it.

  • Daily News Roundup: Apple’s App Store Monopoly

    As of late, Apple has been under fire for its App Store practices. Specifically, the fact that it takes a 30% cut of all app sales, causing developers to raise prices, leaving users no other choice but to pay up.

    Yesterday, the Supreme Court ruled iPhone owners could proceed with a suit against Apple for the practice. Since Apple only allows apps to be downloaded directly from its App Store on iOS, the claim is that it has a monopoly over app distribution. It’s an interesting angle because iOS is one of the only (or perhaps the only?) operating systems that works like this. Android, Windows, Linux, and even macOS allow users to install whatever they like outside of any official channels that exist.

More in Tux Machines

Security Leftovers

  • Why Are Cryptographers Being Denied Entry into the US?

    Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know.

  • Security Engineering: Third Edition

    Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

    There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

  • Google halts some business with China's Huawei: report

    Huawei will reportedly no longer be able to access Android updates, the Gmail app, the Google Play store and new versions of Google phones outside of China.

  • Google restricts Huawei's use of Android

    Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services.

    But when Google launches the next version of Android later this year, it may not be available on Huawei devices.

    Future Huawei devices may no longer have apps such as YouTube and Maps.

  • Forget Huawei, The Internet Of Things Is The Real Security Threat
    We've noted for a while how a lot of the US protectionist security hysteria surrounding Huawei isn't supported by much in the way of hard data. And while it's certainly possible that Huawei helps the Chinese government spy, the reality is that Chinese (or any other) intelligence services don't really need to rely on Huawei to spy on the American public. Why? Because people around the world keep connecting millions of internet of broken things devices to their home and business networks that lack even the most rudimentary of security and privacy protections. Week after week we've documented how these devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors.

today's howtos

Android Leftovers

A Look At The MDS Cost On Xeon, EPYC & Xeon Total Impact Of Affected CPU Vulnerabilities

This weekend I posted a number of benchmarks looking at the performance impact of the new MDS/Zombieload vulnerabilities that also included a look at the overall cost of Spectre/Meltdown/L1TF/MDS on Intel desktop CPUs and AMD CPUs (Spectre). In this article are similar benchmarks but turning the attention now to Intel Xeon hardware and also comparing those total mitigation costs against AMD EPYC with its Spectre mitigations. This article offers a look at the MDS/Zombieload mitigations on a 1st Gen Skylake Xeon Scalable server as well as a Kabylake Xeon E3 server for reference. Following that is a look at the total CPU vulnerability mitigation costs for 1st Gen Xeon Scalable, 2nd Gen Xeon Scalable (Cascade Lake), and an AMD EPYC 2P server as well for its Spectre mitigations. As expected given Intel's guidance last week of their latest Xeon processors being mitigated for MDS, indeed, the dual Xeon Platinum 8280 Cascade Lake server reported it was not affected by the MDS mitigations and thus not enabled. So for the MDS tests up first it's just some reference results using a dual Xeon Gold 6138 Skylake server running Ubuntu 19.04 with the Linux 5.0 patched kernel and reference results side-by-side for a separate Xeon E3-1275 v6 server. Read more