Today KDE releases Plasma 5.2. This release adds a number of new components, many new features and many more bugfixes.
Why screen lockers on X11 cannot be secure
Today we released Plasma 5.2 and this new release comes with two fixes for security vulnerabilities in our screen locker implementation. As I found, exploited, reported and fixed these vulnerabilities I decided to put them a little bit into context.
The first vulnerability concerns our QtQuick user interface for the lock screen. Through the Look and Feel package it was possible to send the login information to a remote location. That’s pretty bad but luckily also only a theoretical problem: we have not yet implemented a way to install new Look and Feel packages from the Internet. So we found the issue before any harm was done.
Also: Plasma 5.2 for openSUSE? You bet!
Tiny $26 WiFi-ready IoT SBC runs OpenWRT Linux
Smart Electronics is prepping a tiny $26 open-source “Black Swift” SBC that runs OpenWRT on an Atheros AR9331 and offers WiFi, dual micro-USB, and header I/O.
The Black Swift, which is set to launch on Kickstarter on Jan. 27, comes from Russian firm Smart Electronics LLC, the new name for Virt2real Ltd. This is the same company that brought us the Linux-based Virt2real WiFi controller board and robotic “Bond Car,” which is controlled by the board.
Dell updates Linux-powered Developer Edition portables with M3800 monster
This morning, Dell has announced that their Developer Edition line of Linux-powered laptops is getting a pretty significant revamp. In addition to an upgraded XPS-13 Developer Edition based on Dell’s 2015 XPS-13 refresh, the line is adding a piece of workstation-class hardware: the Dell Precision M3800 mobile workstation, Developer Edition.
GHOST, a critical Linux security hole, is revealed
Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.
Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network."
This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.
4MLinux Allinone Edition 11.0 Is a Complete OS
4MLinux Allinone Edition, a Linux distro that encompasses multiple tools for Maintenance (system rescue Live CD), Multimedia (e.g. playing video DVDs), Miniserver (using the inetd daemon), and Mystery (Linux games), is finally out of the Beta stages and has reached version 11.0.
White House CTO calls for open source APIs, visibility for women
While Smith’s characterization of Washington as “incredibly entrepreneurial” may be a tad optimistic, she did appear sincere in her support for promoting the use of open source development, and introducing a culture of “APIs, not RFPs.”
Echoing a mantra of executives at Google X, Smith also expressed a desire to find ways for the government to exhibit the sort of technological prowess that normally occurs only in wartime. She also emphasized that she and her deputy, former Twitter lawyer Alex Macgillivray, want to reduce the sort of regulatory morass that can inhibit innovation.