Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 29 Sep 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Titlesort icon Author Replies Last Post
Story A great time to be a Linux person Rianne Schestowitz 17/09/2015 - 5:30am
Story A Linux distro for education: UberStudent Roy Schestowitz 18/03/2015 - 12:41pm
Story A real-time editing tool for Wikipedia Roy Schestowitz 25/12/2014 - 9:14pm
Story Accessibility in Linux is good (but could be much better) Roy Schestowitz 04/05/2015 - 4:03pm
Story Acer models its latest $199.99 Chromebook after the impressive C720 Rianne Schestowitz 16/11/2013 - 9:37pm
Story Advice for front-end developers from Adrian Pomilio of Teradata Roy Schestowitz 09/10/2014 - 12:03pm
Story Almost open: BIOS and firmware update tips for Linux users Roy Schestowitz 23/08/2016 - 11:13am
Story An introduction to Linux from Opensource.com Roy Schestowitz 06/05/2015 - 8:42am
Story An open source mantra: Avoid "no derivatives" Roy Schestowitz 06/01/2015 - 9:52pm
Story An open source tool for every classroom need Roy Schestowitz 18/12/2015 - 10:09am

Parsix GNU/Linux 8.15 "Nev" Is in the Works, to Ship with the GNOME 3.22 Desktop

Filed under
GNU
Linux
GNOME

We told you the other day that the Parsix GNU/Linux development team informed the community that new security updates are available for the current stable Parsix GNU/Linux 8.10 "Erik" and Parsix GNU/Linux 8.5 "Atticus" releases.

Read more

IPFire 2.19 Linux Firewall OS Patched Against the Latest OpenSSL Vulnerabilities

Filed under
Linux
Security

Only three days after announcing the release of IPFire 2.19 Core Update 104, Michael Tremer informs the community about the availability of a new update, Core Update 105, which brings important OpenSSL patches.

Read more

Top Web Browsers for Linux

Filed under
Linux

No matter which Linux distro you prefer, I believe the web browser remains the most commonly used software application. In this article, I'll share the best browsers available to Linux users.

Chrome – No matter how you feel about the Chrome browser, one only need to realize the following: Local news still streams in Flash and Chrome supports this. Netflix is supported using Chrome. And of course, Chrome is faster than any other browser out there. Did I mention the oodles of Chrome extensions available including various remote desktop solutions? No matter how you slice it, Chrome is king of the jungle.

Read more

Linux Kernel 4.4.22 LTS Brings ARM and EXT4 Improvements, Updated Drivers

Filed under
Linux

Immediately after announcing the release of Linux kernel 4.7.5, renowned kernel developer and maintainer Greg Kroah-Hartman informed the community about the availability of Linux kernel 4.4.22 LTS

Read more

Tor Project Releases Tor (The Onion Router) 0.2.8.8 with Important Bug Fixes

Filed under
GNU
Linux
Security

The Tor Project announced recently the release of yet another important maintenance update to the stable Tor 0.2.8.x series of the open-source and free software to protect your anonymity while surfing the Internet.

Read more

SODIMM-style i.MX7 COM features dual GbE, WiFi/BT, eMMC

Filed under
Linux

Variscite’s Linux-driven “VAR-SOM-MX7” COM is shipping with an i.MX7 Dual SoC, WiFi and BLE, dual GbE, and optional eMMC and extended temp. support.

Variscite’s VAR-SOM-MX7 follows many other Linux-ready computer-on-modules based on NXP’s i.MX7 SoC, which combines one or two power-stingy, 1GHz Cortex-A7 cores with a 200MHz Cortex-M4 MCU for real-time processing. While most of these offer a choice of a Solo or Dual model, and the NXP/Element14 WaRP7 offers only the Solo, the SODIMM-style VAR-SOM-MX7 taps the dual-core Dual. Unlike most of these modules, but like the WaRP7 and the CompuLab CL-SOM-iMX7, Variscite’s entry offers onboard WiFi and Bluetooth, in this case Bluetooth 4.1 with BLE.

Read more

Security News

Filed under
Security
  • Security advisories for Monday
  • OpenSSL security advisory for September 26

    This OpenSSL security advisory is notable in that it's the second one in four days; sites that updated after the first one may need to do so again.

  • Who left all this fire everywhere?

    If you're paying attention, you saw the news about Yahoo's breach. Five hundred million accounts. That's a whole lot of data if you think about it. But here's the thing. If you're a security person, are you surprised by this? If you are, you've not been paying attention.

Android Leftovers

Filed under
Android

Tizen News

Filed under
Linux
  • Samsung in talks with Russian government to distribute the Z3 to students

    Samsung had recently made another announcement in Russia by partnering with Gazprom to distribute its Tizen handsets to the company’s employees. The South korean technology giant are now looking at a new way to increase the Tizen adoption rate in Russia. The target market for the new plan is school students. Samsung are in talks with multiple government agencies to supply the Tizen Z3 smartphone to school students and this was hinted during the Internet of Things forum hosted by Moscow Tizen Association in Russia on the 22nd of September.

  • My Money Transfer App Enters BETA for Z1 and Z3

Red Hat News

Filed under
Red Hat
  • Red Hat's Results Underscore its Growing Focus on OpenStack

    Late last week, Red Hat reported earnings per share of 55 cents on revenue of $600 million, beating estimates of 54 cents and $590 million, respectively. One thing that went unsaid across much of the coverage is that the company is in the midst of a major shift in its strategy toward OpenStack-based cloud computing, and it looks like service revenues and positive momentum from that effort are starting to arrive.

    "Our growth was driven in part by expanding our footprint with customers as we closed a record number of deals over $1 million, up approximately 60 percent year-over-year," Red Hat CEO Jim Whitehurst said during his company's earnings call. Seven of the top 30 deals had OpenStack in there, nine had RHEV," Whitehurst said. "We had three OpenStack deals alone that were over $1 million. So I think we're seeing really, really, really good traction there."

  • Red Hat targets $5-b revenue in five years

    Open-source technology firm Red Hat Inc, which hit the $2-billion revenue milestone two quarters ago, is looking to achieve $2.4 billion in FY 2017 and $5 billion in the next five years.

    The company is betting on India, its second largest operation outside the US, as one of the key growth engines to help achieve its aspirational revenue goal of $5 billion by 2021.

    “India is a bright spot for Red Hat for three reasons,” Rajesh Rege, Managing Director, Red Hat India, told BusinessLine.

  • Red Hat Announces Ansible Tower App for Splunk, Enabling Intelligence and Automation Enhancements
  • Red Hat’s (RHT) “Outperform” Rating Reiterated at Raymond James Financial Inc.
  • Red Hat Inc. (RHT) PT Raised to $89.00

pump.io Servers Adoption

Filed under
OSS
Web
  • Adopt a pump.io server

    As most of you know, E14N is no longer my main job, and I've been putting my personal time, energy, and money into keeping the pump network up and running. I haven't always done a good job, and some of the nodes have just fallen off the network. I'd like to ask people in the community to start taking over the maintenance and upkeep of these servers.

  • Prodromou: Adopt a pump.io server

    There are currently around 25 servers in the federated network initially started by Prodromou, which does not count other pump.io instances. He notes that one important exception is the identi.ca site, which is significantly larger than the rest, and which he would like to find a trusted non-profit organization to maintain.

Black Lab Linux 8 Beta 3 Released

Filed under
GNU
Linux

The development team is pleased to announce the new Beta release of Black Lab Linux 8 – our latest OS offering to bring the best Linux desktop distribution currently on the market. This release moves the kernel and application set away from the prior LTS 14.04 base to the new 16.04 LTS base. Black Lab Linux 8 will showcase 3 desktop environments : MATE, LXDE and GNOME 3. Other improvements include:

Full EFI support
Kernel 4.4.0-38
LibreOffice 5.2
GNOME Video
Rhythmbox
Firefox 49
Thunderbird
GIMP
Full multimedia codec support

Read more

Intel Core i7 6800K Benchmarks On Ubuntu + Linux 4.8

Filed under
Graphics/Benchmarks

While the Core i7 6800K has been available for a few months now, there hadn't been any review on it since Intel hadn't sent out any Broadwell-E samples for Linux testing this time around. However, I did end up finally buying a Core i7 6800K now that the Turbo Boost Max 3.0 support is finally coming together (at first, Intel PR said it wouldn't even be supported on Linux) so that I can run some benchmarks there plus some other interesting items on the horizon for benchmarking. Here are some benchmarks of the i7-6800K from Ubuntu 16.04 LTS with the Linux 4.8 kernel.

Read more

Unimpressed with Ubuntu 16.10? Yakkety Yak... don't talk back

Filed under
Ubuntu

Before I dive into what's new in Ubuntu 16.10, called Yakkety Yak, let's just get this sentence out of the way: Ubuntu 16.10 will not feature Unity 8 or the new Mir display server.

I believe that's the seventh time I've written that since Unity 8 was announced and here we are on the second beta for 16.10.

Maybe that's why they named it Unity 8. Whatever the case, Unity 8 is available for testing if you'd like to try it. So far I haven't managed to get it working on any of the hardware I use, which goes a long way to explaining why it's not part of Ubuntu proper yet.

Read more

Reiser4 Implements Mirror & Failover Support

Filed under
Reiser

Edward Shishkin, one of the last remaining Reiser4 developers and the one who has been leading this out-of-tree file-system the past few years, has implemented logical volumes support with support for mirrors (in effect, RAID 0) and failover support at the file-system level.

Shishkin quietly announced on Sunday, "Reiser4 will support logical (compound) volumes. For now we have implemented the simplest ones - mirrors. As a supplement to existing checksums it will provide a failover - an important feature, which will reduce number of cases when your volume needs to be repaired by fsck."

Read more

Exactly What Is OpenStack? Red Hat's Rich Bowen Explains

Filed under
Red Hat
OSS

You've probably heard of OpenStack. It's in the tech news a lot, and it's an important open source project. But what exactly is it, and what is it for? Rich Bowen of Red Hat provided a high-level view of OpenStack as a software project, an open source foundation, and a community of organizations in his talk at LinuxCon North America.

OpenStack is a software stack that went from small to industry darling at warp speed. It has three major components: The compute service runs the virtual machines (VMs), and it has a networking service and a storage service, plus a dashboard to run everything. OpenStack is only six years old, and was born as a solution devised by Rackspace and NASA to solve a specific problem.

Read more

Linux Foundation Certified System Administrator: Muneeb Kalathil

Filed under
Linux
Interviews

I started using Linux when I was in school. But at that point, I was limited to Installation and running a few commands. I really started learning and growing my interest in Linux while I was working on my degree in Computer Applications. My first distribution was Red Hat CentOS. I spent many hours learning Linux and enjoyed it.

Read more

The Linux Foundation Partners with Girls in Tech to Increase Diversity in Open Source

Filed under
OSS

One of the great strengths of open source is that it provides opportunities for everyone. Regardless of background, age, gender, race, ethnicity, nationality, sexual orientation or religion, everyone can benefit from and contribute to some of the most important technologies ever developed.

Yet we know that many groups remain underrepresented in the open source community, which is why The Linux Foundation engages in efforts such as providing diversity scholarships for our training and events and sponsoring organizations such as Women Who Code, Code.org, Blacks in Technology, All Star Code and more.

Read more

KDE Advisory Board

Filed under
KDE
  • Announcing the KDE Advisory Board

    With KDE having grown from a hobby project by a few volunteers 20 years ago to the large and central Free Software community it is now, our interactions with other organizations have become increasingly important for us. KDE software is available on several platforms, is shipped by numerous distributions large and small, and KDE has become the go-to Free Software community when it comes to Qt. In addition to those who cooperate with KDE on a technical level, organizations which fight for the same vision as ours are our natural allies as well.

    To put these alliances on a more formal level, the KDE e.V. hereby introduces the KDE e.V. Advisory Board as a means to offer a space for communication between organizations which are allied with KDE, from both the corporate and the non-profit worlds.

    One of the core goals of the Advisory Board is to provide KDE with insights into the needs of the various organizations that surround us. We are very aware that we need the ability to combine our efforts for greater impact and the only way we can do that is by adopting a more diverse view from outside of our organization on topics that are relevant to us. This will allow all of us to benefit from one another's experience.

  • KDE Introduces An Advisory Board

today's leftovers

Filed under
Misc
  • Great first year at LAS GNOME!

    This was the first year of the Libre Application Summit, hosted by GNOME (aka "LAS GNOME"). Congratulations to the LAS GNOME team for a successful launch of this new conference! I hope to see more of them.

    In case you missed LAS GNOME, the conference was in Portland, Oregon. I thoroughly enjoyed this very walkable city. Portland is a great place for a conference venue. When I booked my hotel, I found lots of hotel options within easy walking distance to the LAS GNOME location. I walked every day, but you could also take any of the many light rail or bus or trolley options running throughout the city.

  • Red Hat Forum 2016 Celebrates the Power of Participation and Open Source Innovation in India Series

    Under the theme, “Power of Participation”, Red Hat Forum discussed how enterprises can transform and innovate by learning, networking, and collaborating via open source. The event was kicked off by Rajesh Rege, Managing Director, Red Hat India, which was followed by a series of topics covering various aspects of Open Source technology. Rajesh emphasized that open source is now at the forefront of every major breakthrough and the most innovative ideas do not merely come from the boardroom; but from a synergy of people working together.

  • Fedora Now Has Bootable RISC-V Disk Images Available

    Fedora has been making a lot of RISC-V build/packaging progress over the past few months while this weekend the milestone was announced that they are hosting clean, RPM-built, bootable disk images for this open-source RISC-V instruction set architecture.

  • Ghost Minitaur Robot Opens Doors & Climbs Fences & Stairs!

    Give this little droid a compatible brain, like a Raspberry Pi 3, which can display images via a built-in HDMI port and runs Linux at 1.2 Gigahertz, and is more akin to an actual computer than a microcontroller, and let programming of a robotic brain function shatter the ceiling on possibilities.

  • Attributes of Effective Project Managers

    Volunteers often work for both philanthropic and selfish reasons. For example, contributing to FreeBSD and having your code approved can translate to a career-building resume bullet (nearly ⅓ of the world’s internet traffic runs on FreeBSD). While not every contribution translates into a resume bullet, volunteers generally contribute more of their talents when their contributions are recognized. Martin takes great pride in publicly sharing information about how he gives back to his volunteers in the form of reasonably-sized monetary gifts. He remarked to me how one gift bought a programmer a new chair. While it may not seem like much, the contribution made a significant difference to that person’s sense of value to the project. Martin noticed that since the chair arrived the change requests for Ubuntu MATE that come from that programmer with the happy hind quarters seem to become his highest priority and Martin generally gets the changes in short order.

  • Show And Tell: Google Open Sources Its Image Captioning AI In TensorFlow

    Google has open sourced its Show and Tell system which will now be available in TensorFlow machine learning library. The Show and Tell system can analyze an image and provide a relevant caption describing the situation of the image. The code of the system is available on GitHub.

  • No, Google Hasn’t Killed Chromecast Support in Chromium Linux Builds

    This week a horde of angry, pitchfork-waving readers descended upon the e-mail inbox of both OMG! sites, demanding to know why we weren’t writing about the “shocking evil” Google is waging against the open-source community.

  • New Firefox 49 features in Fedora

    The latest release 49 of Firefox comes with some interesting new features. Here’s what they mean for Fedora users and how to enable them beyond default setup.

  • SDN and NFV integration, updated API documentation, and more OpenStack news
  • PostgreSQL 9.6 Preparing To Release Next Week With Its Parallel Queries Support

    PostgreSQL 9.6 is being prepared for release on 29 September as the database system's latest major update.

    Arguably the biggest feature of the upcoming PostgreSQL 9.6 release is the parallel query support for scans, joins, and aggregates that should speed up the performance of SELECTs by a lot. There are also other improvements like synchronous replication on multiple standby servers, full-text search for phrases, and more.

  • Developing a GIMP Deblur Plugin

    The original assignment was to implement Cho's algorithm for deblurring [Cho et al 2013] as a GIMP plugin. The previous bachelor thesis had found this algorithm as the best deblurring algorithm for recovering text. However, time marches on. During the literature review phase, the team came across some advances in deblurring. Moreover, the algorithm's description in the paper was incomplete, and patented. (Interestingly enough, the patent did not clarify the incompleteness.) There was a new algorithm by Pan et al [Pan et al 2014] that was simpler, faster, and: open source. However, the original was coded in Matlab, which is (1) proprietary, (2) not freely available, and (3) not in much use by people who want to edit pictures.

    So, the team investigated both algorithms in great (and hairy) detail, and implemented Pan et al's algo as an open source GIMP plugin. This required a working understanding of the maths involved (which is not explicitly taught in the Bachelor programme). Moreover, the end result is a sleek piece of work, showcasing the team's CS creds as well.

    Below, a tiny bit about how blurring works, and how to deblur. I'll skip most of the maths, promised.

  • North American Cities Slow to Adopt Open Source Software

    Most politicians who are setting the IT budgets do not have a clue what IT is doing. They demand more and more from them as technology changes. But unlike a crumbling road or rusting bridge that can be seen by all, they really do not see or understand what is happening in the IT department. As long as they can get access to their applications and data, everything is fine. This lack of knowledge leads to a lack of political willpower to make change happen or to even recognize that change is needed and that money can be saved by doing things differently.

  • Microsoft ends Tuesday patches

    Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new ‘monthly update packs’ will be combined, so for instance, the November update will include all the patches from October as well.

  • The best way to develop software with effective security

    Regardless of the level at which you're doing your programming, security is going to get in the way. No amount of application abstraction or modern development process seems capable of shielding developers from the barriers raised by security. It's pretty hard not to hate security when it doesn't seem to add any intrinsic value, and often gets in the way of providing a delightful user experience. To top it off products can get hacked anyway, in spite of any and all work you do to make your products secure.

  • IBM Preaches Cognitive, Cloud, And IT Consumption

    They say it's not just about the technology. It's really about the business. But that brings to mind an old adage from the car industry: You sell the sizzle not the steak. Right now the sizzle is cognitive computing. It has edged out big data and analytics in the one-upsmanship match of IT leadership and the next big thing. At the Edge conference last week, when IBM executives talked strategy and road maps, cognitive computing was on the tip of tongues.

    Cognitive is a differentiator, an upper hand for IBM. Big Blue has not let the world forget about Watson, its game show champion that's evolved into a must-have business advantage in the making. Watson's augmented intelligence, a term IBM prefers over artificial intelligence, has been applied to healthcare, finance, commerce, education, and security. According to IBM, it has thousands of scientists and engineers working on cognitive projects, which also extend to clients, academics, and external experts.

Syndicate content

More in Tux Machines

LibreOffice Office Suite Celebrates 6 Years of Activity with LibreOffice 5.2.2

Today, September 29, 2016, Italo Vignoli from The Document Foundation informs Softpedia via an email announcement about the general availability of the first point release of the LibreOffice 5.2 open-source and cross-platform office suite. On September 28, the LibreOffice project celebrated its 6th anniversary, and what better way to celebrate than to push a new update of the popular open source and cross-platform office suite used by millions of computer users worldwide. Therefore, we would like to inform our readers about the general availability of LibreOffice 5.2.2, which comes just three weeks after the release of LibreOffice 5.2.1. "Just one day after the project 6th anniversary, The Document Foundation (TDF) announces the availability of LibreOffice 5.2.2, the second minor release of the LibreOffice 5.2 family," says Italo Vignoli. "LibreOffice 5.2.2, targeted at technology enthusiasts, early adopters and power users, provides a number of fixes over the major release announced in August." Read more

OSS Leftovers

  • But is it safe? Uncork a bottle of vintage open-source FUD
    Most of the open source questioners come from larger organisations. Banks very rarely pop up here, and governments have long been hip to using open source. Both have ancient, proprietary systems in place here and there that are finally crumbling to dust and need replacing fast. Their concerns are more oft around risk management and picking the right projects. It’s usually organisations whose business is dealing with actual three dimensional objects that ask about open source. Manufacturing, industrials, oil and gas, mining, and others who have typically looked at IT as, at best, a helper for their business rather than a core product enabler. These industries are witnessing the lighting fast injection of software into their products - that whole “Internet of Things” jag we keep hearing about. Companies here are being forced to look at both using open source in their products and shipping open source as part of their business. The technical and pricing requirements for IoT scale software is a perfect fit for open source, especially that pricing bit. On the other end - peddling open source themselves - companies that are looking to build and sell software-driven “platforms” are finding that partners and developers are not so keen to join closed source ecosystems. These two pulls create some weird clunking in the heads of management at these companies who aren’t used to working with a sandles and rainbow frame of mind. They have a scepticism born of their inexperience with open source. Let’s address some of their trepidation.
  • Real business innovation begins with open practices
    To business leaders, "open source" often sounds too altruistic—and altruism is in short supply on the average balance sheet. But using and contributing to open source makes hard-nosed business sense, particularly as a way of increasing innovation. Today's firms all face increased competition and dynamic markets. Yesterday's big bang can easily become today's cautionary tale. Strategically, the only viable response to this disruption is constantly striving to serve customers better through sustained and continuous innovation. But delivering innovation is hard; the key is to embrace open and collaborative innovation across organizational walls—open innovation. Open source communities' values and practices generate open innovation, and working in open source is a practical, pragmatic way of delivering innovation. To avoid the all-too-real risk of buzzword bingo we can consider two definitions of "innovation": creating value (that serves customer needs) to sell for a profit; or reducing what a firm pays for services.
  • This Week In Servo 79
    In the last week, we landed 96 PRs in the Servo organization’s repositories. Promise support has arrived in Servo, thanks to hard work by jdm, dati91, and mmatyas! This does not fully implement microtasks, but unblocks the uses of Promises in many places (e.g., the WebBluetooth test suite). Emilio rewrote the bindings generation code for rust-bindgen, dramatically improving the flow of the code and output generated when producing Rust bindings for C and C++ code. The TPAC WebBluetooth standards meeting talked a bit about the great progress by the team at the University of Szeged in the context of Servo.
  • Servo Web Engine Now Supports Promises, Continues Churning Along
    It's been nearly two months since last writing about Mozilla's Servo web layout engine (in early August, back when WebRender2 landed) but development has kept up and they continue enabling more features for this next-generation alternative to Gecko. The latest is that Servo now supports JavaScript promises. If you are unfamiliar with the promise support, see this guide. The latest Servo code has improvements around its Rust binding generator for C and C++ code plus other changes.
  • Riak TS for time series analysis at scale
    Until recently, doing time series analysis at scale was expensive and almost exclusively the domain of large enterprises. What made time series a hard and expensive problem to tackle? Until the advent of the NoSQL database, scaling up to meet increasing velocity and volumes of data generally meant scaling hardware vertically by adding CPUs, memory, or additional hard drives. When combined with database licensing models that charged per processor core, the cost of scaling was simply out of reach for most. Fortunately, the open source community is democratising large scale data analysis rapidly, and I am lucky enough to work at a company making contributions in this space. In my talk at All Things Open this year, I'll introduce Riak TS, a key-value database optimized to store and retrieve time series data for massive data sets, and demonstrate how to use it in conjunction with three other open source tools—Python, Pandas, and Jupyter—to build a completely open source time series analysis platform. And it doesn't take all that long.
  • Free Software Directory meeting recap for September 23rd, 2016

Security News

  • security things in Linux v4.5
  • Time to Kill Security Questions—or Answer Them With Lies
    The notion of using robust, random passwords has become all but mainstream—by now anyone with an inkling of security sense knows that “password1” and “1234567” aren’t doing them any favors. But even as password security improves, there’s something even more problematic that underlies them: security questions. Last week Yahoo revealed that it had been massively hacked, with at least 500 million of its users’ data compromised by state sponsored intruders. And included in the company’s list of breached data weren’t just the usual hashed passwords and email addresses, but the security questions and answers that victims had chosen as a backup means of resetting their passwords—supposedly secret information like your favorite place to vacation or the street you grew up on. Yahoo’s data debacle highlights how those innocuous-seeming questions remain a weak link in our online authentication systems. Ask the security community about security questions, and they’ll tell you that they should be abolished—and that until they are, you should never answer them honestly. From their dangerous guessability to the difficulty of changing them after a major breach like Yahoo’s, security questions have proven to be deeply inadequate as contingency mechanisms for passwords. They’re meant to be a reliable last-ditch recovery feature: Even if you forget a complicated password, the thinking goes, you won’t forget your mother’s maiden name or the city you were born in. But by relying on factual data that was never meant to be kept secret in the first place—web and social media searches can often reveal where someone grew up or what the make of their first car was—the approach puts accounts at risk. And since your first pet’s name never changes, your answers to security questions can be instantly compromised across many digital services if they are revealed through digital snooping or a data breach.
  • LibreSSL and the latest OpenSSL security advisory
    Just a quick note that LibreSSL is not impacted by either of the issues mentioned in the latest OpenSSL security advisory - both of the issues exist in code that was added to OpenSSL in the last release, which is not present in LibreSSL.
  • Record-breaking DDoS reportedly delivered by >145k hacked cameras
    Last week, security news site KrebsOnSecurity went dark for more than 24 hours following what was believed to be a record 620 gigabit-per-second denial of service attack brought on by an ensemble of routers, security cameras, or other so-called Internet of Things devices. Now, there's word of a similar attack on a French Web host that peaked at a staggering 1.1 terabits per second, more than 60 percent bigger. The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH. The first one reached 1.1 Tbps while a follow-on was 901 Gbps. Then, last Friday, he reported more attacks that were in the same almost incomprehensible range. He said the distributed denial-of-service (DDoS) attacks were delivered through a collection of hacked Internet-connected cameras and digital video recorders. With each one having the ability to bombard targets with 1 Mbps to 30 Mbps, he estimated the botnet had a capacity of 1.5 Tbps. On Monday, Klaba reported that more than 6,800 new cameras had joined the botnet and said further that over the previous 48 hours the hosting service was subjected to dozens of attacks, some ranging from 100 Gbps to 800 Gbps. On Wednesday, he said more than 15,000 new devices had participated in attacks over the past 48 hours.

Android Leftovers