Language Selection

English French German Italian Portuguese Spanish

Proprietary Stuff and Openwashing

Filed under
Software
  • Federal, State, and Local Law Enforcement Warn Against Teleconferencing [Cracking] During Coronavirus Pandemic

    Western District of Michigan U.S. Attorney Andrew Birge advised video conference users: “Whether you run a business, a law enforcement meeting, a classroom or you just want to video chat with family, you need to be aware that your video conference may not be secure and information you share may be compromised. Be careful. If you do get [attacked], call us.”

  • Zoom CEO says company reached 200 million daily users in March

    In order to address the company’s problems, Yuan detailed steps taken including removing Facebook’s software development kit to stop the collection of unnecessary user data, updating Zoom’s privacy policy to be more transparent, giving tips to users to prevent Zoom bombings and offering more specific programs for classes on Zoom.

  • Update: Zoom issues fix for UNC vulnerability that lets [attackers] steal Windows credentials via chat

    All an attacker needs to do is to send a link to another user and convince them to click it, for the attack to commence. Though the Windows password is still encrypted, the hack claims it can be easily decrypted by third-party tools if the password is a weak one.

  • Thousands of Zoom recordings exposed because of the way Zoom names recordings

    Thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings, according to a report by The Washington Post. The recordings are apparently named in “an identical way” and many have been posted onto unprotected Amazon Web Services (AWS) buckets, making it possible to find them through an online search.

    One search engine that can look through cloud storage space turned up more than 15,000 Zoom recordings, according to The Washington Post. “Thousands” of clips have apparently also been uploaded to YouTube and Vimeo. The Washington Post said it was able to view recordings of therapy sessions, orientations, business meetings, elementary school classes, and more.

  • Move Fast & Roll Your Own Crypto

    Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.

    The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.

    Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

  • ‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn

    Federal prosecutors are now warning pranksters and [attackers] of the potential legal implications of “Zoombombing,” wherein someone successfully invades a public or sometimes even private meeting over the videoconferencing platform to broadcast shock videos, pornography, or other disruptive content.

    The warning was posted as a press released to the Department of Justice’s website under the US Attorney’s office for the state’s Eastern district with support from the state attorney general and the FBI.

  • [Attackers] are targeting your kids to infect Android and Chromebook devices with malware

    Hide your kids; hide your wives. Security investigators from Check Point Research discovered 56 malware-infected Google Play apps. Before Google had a chance to pull them down, users already downloaded the apps one million times; 24 of those apps, Check Point Research discovered, targeted children.

    The study -- spearheaded by Israel Wernik, Danil Golubenko , Aviran Hazum -- found that the Google Play Store-based apps were poisoned with Tekya, which is a form of adware. The goal of Tekya, Hazum told Laptop Mag, is to commit mobile-ad fraud.

  • Apparently Microsoft’s Claim of 775 Percent Surge in Cloud Services Wasn’t Really Accurate

    The company has now made a correction, saying that the 775 percent increase was experienced by Microsoft Teams, not all of the cloud offerings, which isn't as surprising since the video calling app generated over 900 million meeting and calling minutes daily in a one-week period alone.

    As it turns out the figure also only came from Microsoft Teams' users in Italy, where millions of people were put under lockdown. The corrected statement now reads: [...]

  • Zoom isn’t actually end-to-end encrypted

    Zoom does use TLS encryption, the same standard that web browsers use to secure HTTPS websites. In practice, that means that data is encrypted between you and Zoom’s servers, similar to Gmail or Facebook content. But the term end-to-end encryption typically refers to protecting content between the users entirely with no company access at all, similar to Signal or WhatsApp. Zoom does not offer that level of encryption, making the use of “end-to-end” highly misleading.

  • Zoom Calls Are Not End-to-End Encrypted Contrary to Claims

    What this means it that Zoom can access the video feed of your meetings. The company did confirm that it does not “directly access, mine, or sell user data.”

    Zoom offers an option where a meeting can only be hosted with mandatory encryption for third-party endpoints. However, when contacted, the company clarified that it is currently not possible to hold E2E video meetings using Zoom.

  • Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems

    With its vaguely worded privacy policies and misleading marketing materials, Zoom’s real overarching issue seems to be a lack of transparency. Combine that with an apparent lack of forethought about how video meetings with insufficient privacy protections — both on the back and the front end — could be exploited by [attackers] or trolls. This entire scenario becomes especially problematic considering the growing number of students that Zoom eagerly recruits for the platform. It all seems like a bad publicity time bomb that went off as soon as Zoom became an essential piece of pandemic software and people started really looking more closely at how the service worked.

  • Dark Sky Has a New Home

    Android and Wear OS App

    The app will no longer be available for download. Service to existing users and subscribers will continue until July 1, 2020, at which point the app will be shut down. Subscribers who are still active at that time will receive a refund.

    Website

    Weather forecasts, maps, and embeds will continue until July 1, 2020. The website will remain active beyond that time in support of API and iOS App customers.

  • Microsoft’s Skype struggles have created a Zoom moment

    The transition lasted years, and resulted in calls, messages, and notifications repeating on multiple devices. Skype became unreliable, at a time when rivals were continuing to offer solid alternatives that incorporated messaging functionality that actually worked and synced across devices. Instead of quickly fixing the underlying issues, Microsoft spent years trying to redesign Skype. This led to a lethal combination of an unreliable product with a user experience that changed on a monthly basis.

  • ‘War Dialing’ Tool Exposes Zoom’s Password Problems

    Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day. Each instance, he said, has a success rate of approximately 14 percent, meaning for each random meeting number it tries, the program has a 14 percent chance of finding an open meeting.

    Only meetings that are protected by a password are undetectable by zWarDial, Lo said.

  • Open Source Moves From Rebel to Mainstream

    That shift has its critics. “The degree in which corporations knowingly and openly use open source has grown,” says Karl Fogel, a developer and open-source advocate. Still, some open-source developers feel that although these businesses build a lot of value on top of their work, they’re not seeing “enough of it flowing back to them,” Fogel says.

    But the narrative of a noncommercial open source being colonized by the corporate world also has its flaws, cautions Fogel. Open source has always been commercial to a certain degree. Even in the more radical currents of the movement, where the term “free software” is preferred over open source, making money isn’t necessarily shunned. Richard Stallman, one of the movement’s pioneers, famously said that the “free” in “free software” should be taken as “free speech, not free beer.” All the talk about freedom and digital self-ownership doesn’t preclude making money.

  • HPE announces new open source programme to simplify 5G rollout

    Hewlett Packard Enterprise (HPE) today announced the Open Distributed Infrastructure Management initiative, a new open source programme that will simplify the management of large-scale geographically distributed physical infrastructure deployments. In addition, HPE will introduce an enterprise offering, the HPE Open Distributed Infrastructure Management Resource Aggregator that is aligned with the initiative.

    Open Distributed Infrastructure Management helps resolve the complexity that telcos face in rolling out 5G networks across thousands of sites equipped with IT infrastructure from multiple vendors and different generations of technology. This new initiative underlines HPE’s continued leadership in open 5G technologies and commitment to accelerating industry alignment through open source innovation.

More in Tux Machines

FSF Chasing Members and GNU Project Has a Dozen New Releases This Month

  • Don’t miss your chance to win fabulous prizes: Get your friends to join the FSF!

    As you may already know, every associate member is incredibly valuable to the Free Software Foundation (FSF). Since most of our funding comes from individual donations and memberships, associate members aren’t just a number. Each new membership magnifies our reach and our ability to effect social change, by demonstrating your commitment to the crucial cause of software freedom. Right now, FSF associate members have the opportunity to reap some fantastic rewards by participating in our virtual LibrePlanet membership drive. We still have the raffle prizes generously donated by Technoethical, Vikings, JMP.chat, and ThinkPenguin for this year’s LibrePlanet conference, which we held entirely online this year due to the COVID-19 pandemic. Now, we’re giving them away to those who go the extra mile to help us grow by referring new annual associate members to sign up!

  • May GNU Spotlight with Mike Gerwitz: 12 new releases!

    bison-3.6.2 denemo-2.4.0 emms-5.4 freeipmi-1.6.5 gcc-10.1.0 gdb-9.2 gnuastro-0.12 gnuhealth-3.6.4 mediagoblin-0.10.0 nano-4.9.3 nettle-3.6 parallel-20200522

Programming: SDL, QML, Python, Awk/Bash and More

  • Photoframe Hack

    Sometimes you just want to get something done. Something for yourself. You do not intend it to be reused, or even pretty. You build a tool. My tool was a photoframe with some basic overlays. I wanted the family calendar, some weather information (current temperature + forecast), time, and the next bus heading for the train station. [...] I also have a bunch of REST calls to my local home assistant server. Most of these reside in the HassButton class, but I also get the current temperature from there. These are hardcoded for my local network, so needs refactoring to be used outside of my LAN. All of these interfaces require API keys of one kind or another – be it a proper key, or a secret URL. These are pulled from environment variables in main.cpp and then exposed to QML. That way, you can reuse the components without having to share your secrets.

  • Writing the Ultimate Locking Check

    In theory a clever programmer could discover all the bugs in a piece of software just by examining it carefully, but in reality humans can't keep track of everything and they get distracted easily. A computer could use the same logic and find the bugs through static analysis. There are two main limitations for static analysis. The first is that it is hard to know the difference between a bug and feature. Here we're going to specify that holding a lock for certain returns is a bug. This rule is generally is true but occasionally the kernel programmers hold a lock deliberately. The second limitation is that to understand the code, sometimes you need to understand how the variables are related to each other. It's difficult to know in advance which variables are related and it's impossible to track all the relationships without running out of memory. This will become more clear later. Nevertheless, static analysis can find many bugs so it is a useful tool. Many static analysis tools have a check for locking bugs. Smatch has had one since 2002 but it wasn't exceptional. My first ten patches in the Linux kernel git history fixed locking bugs and I have written hundreds of these fixes in the years since. When Smatch gained the ability to do cross function analysis in 2010, I knew that I had to re-write the locking check to take advantage of the new cross function analysis feature. When you combine cross function analysis with top of the line flow analysis available and in depth knowledge of kernel locks then the result is the Ultimate Locking Check! Unfortunately, I have a tendency towards procrastination and it took me a decade to get around to it, but it is done now. This blog will step through how the locking analysis works.

  • Raising the ground

    To read this blog I recommend you to be familiar with C programming language and (not mandatory) basics about SDL2. The main goal of this blog is not to give you a copy and paste code, instead it will guide you along the way until you get results by your own merit, also if you find any issues/mistakes/room for improvement please leave a response, thanks for reading.

  • PyCoder’s Weekly: Issue #422 (May 26, 2020)
  • Real Python: A Beginner's Guide to Pip

    What is pip? pip is the standard package manager for Python. It allows you to install and manage additional packages that are not part of the Python standard library. This course is an introduction to pip for new Pythonistas.

  • Awk Cheatsheet And Examples

    Awk is a great utility for text parsing and maniupulation. All unix operating systems have Awk installed by default. If you are on Windows. Please check out at the bottom of this tutorial on how to install and enable awk on Windows.

  • Printing repeats within repeats, and splitting a list into columns

    Repeats within repeats. BASH printf is a complex piece of machinery. The man page says a printf command should look like printf FORMAT [ARGUMENT]..., which makes it seem the "argument" is the thing to be printed and the "format" describes how.

Devices/Embedded With Linux

  • Gemini Lake industrial mini-PCs are loaded with USB and COM ports

    GigaIPC latest QBiX Series industrial mini-PCs run Linux or Windows on Intel Gemini Lake and offer up to 8x USB and 5x COM ports plus dual displays, GbE, SATA III, M.2, and ruggedization features. Taiwanese computer vendor Gigabyte primarily produces consumer and enterprise desktop PC and server equipment, so we were surprised in 2017 when it launched an embedded 3.5-inch, Intel Apollo Lake GA-SBCAP3350 SBC. The following year in 2018, Gigabyte spun off GigaIPC as an embedded unit, and it has already generated a large catalog of Intel-based products including Micro-ATX, Mini-ITX, thin Mini-ITX, and 110 x 105mm “10×10” boards. There are 15 different 3.5-inch “QBi Pro” boards much like the GA-SBCAP3350, but also available with Whiskey Lake and Kaby Lake-U processors.

  • 19″ Rackmounts Support up to 12 Raspberry Pi SBCs

    Last time, we wrote about myelectronics.nl we covered their Tesla Cybertruck Case for Intel NUCs which housed the mini PC into a mini CyberTruck looking enclosure. The company has now come up with new housing solutions specifically designed for Raspberry Pi 1/2/3/4 Model B/B+ boards.

  • PoE-ready Ryzen V1000 SBC is all about camera control

    Axiomtek’s “MIRU130” SBC targets embedded vision applications with a Ryzen V1000 SoC, 4x USB 3.1 Gen2, HDMI and DP ports, cam triggers and lighting controls, 2x M.2, PCIe x16, and 4x GbE ports, 2x of which offer PoE. Axiomtek recently launched a CAPA13R, joineing Seco’s similarly 3.5-inch SBC-C90 as the only SBCs we have seen based on AMD’s Ryzen Embedded V100. Now Axiomtek has returned with a larger, V1000-based MIRU130 motherboard with a 244 x 170mm form factor that falls in between Mini-ITX and Micro-ATX.

  • IAR Systems Delivers Efficient Embedded Software Building on Linux

    Through the C/C++ compiler and debugger toolchain IAR Embedded Workbench®, IAR Systems provides its customers with the market's most diverse microcontroller support as well as adapted licensing options to fit different organizations' needs. This flexibility is now extended to the build environment as the well-known build tools in IAR Embedded Workbench now support Linux. The tools offer leading code quality, outstanding optimizations for size and speed, and fast build times. Supporting implementation in Linux-based frameworks for automated application build and test processes, the tools enable large-scale deployments of critical software building and testing and is suitable for installations ranging from a few licenses on a small build server, to massive installations with several hundreds of parallel builds active at the same time.

  • Librem 5 April 2020 Software Development Update

    This is another incarnation of the software development progress for the Librem 5. This time for April 2020 (weeks 14-18). Some items are covered in more detail in separate blog posts at https://puri.sm/news. The idea of this summaries is so you can have a closer look at the coding and design side of things. It also shows how much we’re standing on the shoulders of giants reusing existing software and how contributions are flowing back and forth. So these reports are usually rather link heavy pointing to individual merge requests on https://source.puri.sm/ or to the upstream side (like e.g. GNOME’s gitlab.)

Games: Burning Knight, Elder Scrolls, Cities: Skylines and PyGame

  • Burning Knight is a roguelike where you rob a dungeon, coming soon

    At least the setting is honest, you're totally robbing the dungeons in Burning Knight and then attempting to flee. Burning Knight is an action-packed procedurally generated roguelike, with fast-paced action and plenty of exploration across various floors in the Burning Knight's castle that you're stealing goods from. It can turn into a bullet-hell in some rooms, there's hundreds of items to find and they can be combined to "build your very own game-breaking combos" and it does sound awesome. The developer, Rexcellent Games, just announced on Twitter yesterday that it's now actually complete. They're waiting on Valve's approval, and it looks like it will hopefully release next month. SteamDB captured the date changing to June 5 but that might be a temporary date.

  • Stadia gets Elder Scrolls Online on June 16, 1440p in web and more

    A few bits of Stadia news for you as Google have announced the next set of additions coming to their game streaming service. For players who were a bit let down by resolution options, there's some good news. As some players already saw across the last few weeks and today being made properly official, 1440p is now an option when playing Stadia in a web browser.

  • Humble Cities: Skylines Bundle is up for some easy city building

    Cities: Skylines, one of the finest city builders ever is now available in a big Humble Bundle for you to grab the base game and lots of extra content. This is honestly a ridiculously good deal and probably the cheapest Cities: Skylines has ever been. For £1 you can get Cities: Skylines and the Deep Focus Radio DLC. Even if you only go for that, there's a lot to enjoy without any expansions.

  • Python Qt5 - PyQt5 and PyGame compatibility with source code.

    This tutorial tries to solve from the objectives related to solving and stabilizing compatibility errors between PyQt4 and PyQt5 and creating a common interface between PyQt5 and PyGame. There is always the same problem in programming when the developer for some reason has to change classes, methods and functions and reusing the old code is no longer valid. In this case, common or other errors occur, which leads to a waste of time.