Linux Discussion Continues, Fedora Welcomes Chromium
Folks are still discussing the resignation of Sarah Sharp and Matthew Garrett from Linux kernel development. Jack Wallen said Sharp (and Garrett) are cases of more developers being "turned away, simply because developers had no patience for personal respect." He said Linux rules with a "sharp and iron tongue" with "foul and abusive language." He agreed with Dr. Roy Schestowitz in that all this is a "PR nightmare" threatening the "flagship of the open-source movement." He placed part of the blame on what he calls the "Internet of hate" and said if Linux is to compete with Microsoft and Apple its developers need to "start treating the legions of programmers, who are working tirelessly to deliver, as well as they treat the code itself. Open source is about community. A community with a toxic foundation will eventually crumble."
While I was mass editing the transcripts I used to create the FSF30 wordclouds, I realized I was doing too much manual movery to get to the next misspelled word. In a moment of clarity, I was like "hey, I bet vim has a way to properly do this!" And of course it did!
Guix-Tox is a young variant of the Tox "virtualenv" management tool for Python that uses guix environment as its back-end. In essence, while Tox restricts itself to building pure Python environments, Guix-Tox takes advantages of Guix to build complete environments, including dependencies that are outside Tox's control, thereby improving environment reproducibility. Cyril will demonstrate practical use cases with OpenStack.
Tiny Core Linux 6.4.1 Gets Its First Release Candidate Build with Multiple Fixes
Robert Shingledecker has had the please of informing us about the immediate availability for download and testing of the first Release Candidate (RC) build of the upcoming Tiny Core Linux 6.4.1 operating system.
Raspberry Pi KMS Driver Updated
Eric Anholt has published an updated BCM2835 KMS driver for supporting the Raspberry Pi budget SBCs with this DRM driver.
This latest Raspberry Pi KMS driver code now supports setting new video modes thanks to having a real clock driver. There's also been DeviceTree changes with this latest patch series.
Perl 6, a long-awaited upgrade to the well-known scripting language, has gone into beta, with the general release planned for Christmastime.
The upgrade went to beta late last month, Perl designer Larry Wall told InfoWorld on Wednesday, and the October monthly release will feature the first of two beta releases of the Rakudo Perl 6 compiler. There been having monthly compiler releases for years, but the language definition has now stabilized. Wall added, “At this point we're optimizing, fixing bugs, and documenting, and I feel comfortable saying we can take a snapshot of whatever we have in December and call it the first production release.”
The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday.
One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA.
I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”
To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases,
The detection of Windows malware
The detection of Linux malware and
The test for false positives.
Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).
The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.
The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.
However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers.
Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.
The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.
The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.
Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".