Language Selection

English French German Italian Portuguese Spanish

AMD Defects, Linux Affected Also

Filed under
Linux
Hardware
Security
  • AMD's SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable

    Five boffins from four US universities have explored AMD's Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.

    In a paper [PDF] presented Tuesday at the ACM Asia Conference on Computer and Communications Security in Auckland, New Zealand, computer scientists Jan Werner (UNC Chapel Hill), Joshua Mason (University of Illinois), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), and Fabian Monrose (UNC Chapel Hill) detail two novel attacks that can undo the privacy of protected processor enclaves.

    The paper, "The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves," describes techniques that can be exploited by rogue cloud server administrators, or hypervisors hijacked by hackers, to figure out what applications are running within an SEV-protected guest virtual machine, even when its RAM is encrypted, and also extract or even inject data within those VMs.

  • AMD Ryzen 3000 is experiencing problems with some Linux distributions

    Ryzen 3000 seems to have boot problems with the most modern Linux distributions. The problem affects all operating systems using a 2019 Linux distribution with Linux 5.0/5.1/5.2 kernels.

    This problem is now known to be related to the RdRand command. Remember that the previous Ryzen processors were also not friendly when they used the RNG hardware command, which caused problems on the platform. However, now with Zen2, this is even worse supported, and AMD has not yet officially detected the problem.

  • AMD Posts New CPUFreq Driver For CPPC Support With Zen 2 CPUs

    AMD Zen 2 CPUs support ACPI's Collaborative Processor Performance Control (CPPC) for tuning the system to energy and/or performance requirements. AMD has now published a new CPUfreq driver for handling their CPPC implementation and the new controls found with their new processors.

    The AMD CPPC support with Zen 2 desktop/server/mobile CPUs can be optionally enabled and allows setting min/maximum performance along with desired performance and other knobs for tuning via sysfs.

More in Tux Machines

Apache: Self Assessment and Security

  • The Apache® Software Foundation Announces Annual Report for 2019 Fiscal Year

    The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the availability of the annual report for its 2019 fiscal year, which ended 30 April 2019.

  • Open Source at the ASF: A Year in Numbers

    332 active projects, 71 million lines of code changed, 7,000+ committers… The Apache Software Foundation has published its annual report for fiscal 2019. The hub of a sprawling, influential open source community, the ASF remains in rude good health, despite challenges this year including the need for “an outsized amount of effort” dealing with trademark infringements, and “some in the tech industry trying to exploit the goodwill earned by the larger Open Source community.” [...] The ASF names 10 “platinum” sponsors: AWS, Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, the Pineapple Fund, Tencent Cloud, and Verizon Media

  • Apache Software Foundation Is Worth $20 Billion

    Yes, Apache is worth $20 billion by its own valuation of the software it offers for free. But what price can you realistically put on open source code? If you only know the name Apache in connection with the web server then you are missing out on some interesting software. The Apache Software Foundation ASF, grew out of the Apache HTTP Server project in 1999 with the aim of furthering open source software. It provides a licence, the Apache licence, a decentralized governance and requires projects to be licensed to the ASF so that it can protect the intellectual property rights.

  • Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

    Researchers have pinpointed errors in two dozen Apache Struts security advisories, which warn users of vulnerabilities in the popular open-source web app development framework. They say that the security advisories listed incorrect versions impacted by the vulnerabilities. The concern from this research is that security administrators in companies using the actual impacted versions would incorrectly think that their versions weren’t affected – and would thus refrain from applying patches, said researchers with Synopsys who made the discovery, Thursday. “The real question here from this research is whether there remain unpatched versions of the newly disclosed versions in production scenarios,” Tim Mackey, principal security strategist for the Cybersecurity Research Center at Synopsys, told Threatpost. “In all cases, the Struts community had already issued patches for the vulnerabilities so the patches exist, it’s just a question of applying them.”

Google and Android Code

  • Google releases source code for I/O 2019 app with Android Q gesture nav, dark theme

    The Google I/O companion app for Android often takes advantage of the latest design stylings and OS features. It demoed Android Q’s gesture navigation and dark theme this year, with the company today releasing the I/O 2019 source code.

  • Introducing Coil, an open-source Android image loading library backed by Kotlin Coroutines

    Yesterday, Colin White, a Senior Android Engineer at Instacart, introduced Coroutine Image Loader (Coil). It is a fast, lightweight, and modern image loading library for Android backed by Kotlin.

  • Google open-sources Live Transcribe’s speech engine

    Google today open-sourced the speech engine that powers its Android speech recognition transcription tool Live Transcribe. The company hopes doing so will let any developer deliver captions for long-form conversations. The source code is available now on GitHub. Google released Live Transcribe in February. The tool uses machine learning algorithms to turn audio into real-time captions. Unlike Android’s upcoming Live Caption feature, Live Transcribe is a full-screen experience, uses your smartphone’s microphone (or an external microphone), and relies on the Google Cloud Speech API. Live Transcribe can caption real-time spoken words in over 70 languages and dialects. You can also type back into it — Live Transcribe is really a communication tool. The other main difference: Live Transcribe is available on 1.8 billion Android devices. (When Live Caption arrives later this year, it will only work on select Android Q devices.)

FOSS in Crypto: Bots, Audius, and "Crypto Code Commits Remain Near All-Time Highs"

  • Best Free and Open-Source Crypto Trading Bots, Rated and Reviewed

    Crypto trading bots have become an increasingly popular tool for experienced bitcoin traders who want to deploy automated bitcoin trading strategies. As a result, there are now over a dozen trading bots (with ranging subscription prices) that digital currency traders can use. Fortunately, for traders who want to test out algorithmic trading before committing funds toward a specific bot, there are several free trading bots from which to choose. Here’s an introduction to the most popular free, open-source bitcoin trading bots available in 2019.

  • Blockchain Music Streaming Startup Unveils Source Code, Incentives

    Audius, a blockchain startup that aims to disrupt the music streaming industry, has uploaded its public beta version.

  • Blockchain music-streaming service Audius gears up for public beta

    A new streaming service with its sights set on making the middlemen of the music biz obsolete is inching closer toward its goal of disrupting the Spotifys and SoundClouds of the world. After a year of development, and armed with $5 million in investment capital from VC firms General Catalyst, Lightspeed, and Pantera Capital, blockchain startup Audius is finally ready to show the world what it's been working on.

  • Crypto Code Commits Remain Near All-Time Highs, Despite Price Declines

    The least committed contributors were the first to leave as cryptocurrency market caps went south. That’s the main finding from Electric Capital’s second “Developer Report,” which was published Monday. The report analyzes code activity in all the open-source repositories in crypto and follows the venture capital firm’s first such report from March. While there’s a sense that protocols and projects have been losing code contributors, the majority of developers that left crypto during the market correction in the first half of 2019 (77 percent of them) were the least committed contributors to the least promising projects.

Sharing/Collaboration/Open Data/Open Access

  • 3D printing organs may soon be a reality via a new open-source technique – Future Blink

    Bioengineers at Rice University created entangled cardiovascular networks similar to the body's natural passageways.

  • Global reinsurance experts urge investment in open-source risk models

    Strategic management experts say greater collaboration between the insurance industry and state policy makers, including investment in open-source risk models, could improve society's ability to recover from disasters linked to climate change.

  • Flume Kicks Off Open Source FlumeSounds Project

    Australian #1 bad boy of EDM Flume made a surprise project announcement FlumeSounds yesterday. He uploaded a near 8-minute video of samples to all his socials for fans and creators to manipulate.

  • Flume announces open-source sample series for producers

    Hot off the release of his new EP, 'Quits', Australian producer Flume has revealed Flume Sounds, an open-source audio loop series for producers.

  • First global open-source database for spinal cord injury research will be a ‘game-changer,’ say experts

    Experts from the University of Alberta and two universities of California are teaming up to launch the world’s first open-source database for spinal cord injury research. The Open Data Commons for preclinical Spinal Cord Injury research (ODC-SCI) will improve research and treatment worldwide by making data more accessible, according to researchers and patients. “The database has the potential to improve treatment for up to half a million people suffering from spinal cord injuries worldwide, and also enhance research in other areas of health, science and rehabilitation,” said Randy Goebel, associate vice-president of research at the U of A.

  • Nationwide project provides free science materials to meet California’s new standards

    While California students began taking a new statewide science test this past spring, school districts were still struggling to get teaching materials aligned to the state’s new science standards into classrooms. A new nationwide effort is trying to speed up that process by offering free, open source science materials to teachers and schools. In 2017, philanthropists, state leaders and curriculum writers formed OpenSciEd to get materials to teachers implementing the Next Generation Science Standards, new academic standards that emphasize hands-on projects and integrate several scientific disciplines. California adopted the new standards in 2013 and this past spring began administering a new state science test. But it wasn’t until last November that the State Board of Education approved a list of recommended textbooks and materials aligned to the new standards for kindergarten through 8th grade.