Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 16 Aug 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
goblinxfc srlinuxx 26/04/2007 - 6:30pm
nixsys.com srlinuxx 24/09/2007 - 11:24pm
wolvixondisk srlinuxx 02/10/2007 - 10:49pm
arnybw srlinuxx 18/10/2007 - 3:39pm
webpathinlovelinux srlinuxx 07/02/2008 - 3:44pm
bluewhite srlinuxx 25/03/2008 - 10:44pm
pclos srlinuxx 15/06/2008 - 11:18pm
nixsys2 srlinuxx 18/08/2008 - 7:12am
nixsys3 srlinuxx 18/08/2008 - 7:22am
gg 480x60 srlinuxx 03/09/2008 - 11:55am

CentOS Linux 7.5 Operating System Is Now Available for IBM POWER9 Architecture

Filed under
Red Hat

Released back in May 2018, CentOS Linux 7.5 is based on the Red Hat Enterprise Linux 7.5 operating system and supported 32-bit (i386), 64-bit (x86_64), ARM64 (AArch64), PowerPC 64-bit Little Endian (PPC64el), PowerPC 64-bit (PPC64), and ARMhf architectures. However, the initial release only supported IBM POWER8 processors, but it's now available for IBM POWER9 processors too.

"I am pleased to announce the general availability of CentOS Linux 7 (1804) for POWER9 processors (ppc64le - powerpc 64-bit little endian). This release is derived from Red Hat Enterprise Linux 7.5 ALT," said James O'Connor. "Note this release is 99% equivalent to the existing CentOS 7 Linux 7 (1804) for POWER8 processors (ppc64le - powerpc 64-bit little endian)."

Read more

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Filed under
Red Hat
Security
Debian
Ubuntu

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs.

"It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory.

Read more

Hands-on with Linux Mint Debian Edition 3 Beta

Filed under
Debian
HowTos

I have been out of touch for the past six months, because I accepted a teaching position in Amsterdam. The amount of time that required, and the weekly commute from Switzerland (yes, really, weekly), was vastly more than I expected, and left me no time to do justice to my blog. But now I am back again, and determined to manage my time more effectively and keep up with blogging.

Although I haven't been writing, I certainly have been keeping up with news and developments in the Linux world. What really inspired me to get busy and write again was the announcement of LMDE 3 (Cindy) Beta. Hooray! How long have we been waiting for this? It feels like years. Oh, that's because it has been years.

Read more

Security Leftovers

Filed under
Security
  • Theo on the latest Intel issues

    Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

    [...]

    These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
    are the currently public artifacts of this one bug.

  • Putting Stickers On Your Laptop Is Probably a Bad Security Idea

    Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

  • Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat

    But the room check captured on video suggests the walkthroughs are subject to abuse by hotel personnel who may use them as opportunity to snoop on guests or take and post images for amusement. And accounts of other searches that involved hotel security staff refusing to show ID or showing insufficient ID, and displaying bullying and threatening behavior to guests in occupied rooms, raises questions about the legality of the searches and the tactics and training of security personnel.

  • Researchers in Finland detect vulnerability in password management software

    Researchers identified a security gap in more than 10 applications used by millions around the world, including an app used by Finland's population registry.

  • Trump ends Obama-era rules on US-led cyberattacks: report

     

    The memorandum required that an extensive interagency process take place before the U.S. government embarks on any cyberattacks. Trump reversed the rules to try and ease some of those restrictions, which critics argued were detrimental to launching the attacks quickly, according to the Journal.

Red Hat News

Filed under
Red Hat

Debian Turns 25! Here are Some Interesting Facts About Debian Linux

Filed under
Linux

One of the oldest Linux distribution still in development, Debian has just turned 25. Let’s have a look at some interesting facts about this awesome FOSS project.
Read more

Linux Foundation Zephyr Project Attracts IoT Developers and Tech Giants

Filed under
Linux

The Linux Foundation has always been committed to welcoming companies and organizations of all sizes as part of its heritage and ongoing vision for opening technology for all to experiment with and to build things.

The Zephyr Project, an open source project to build a real-time operating system (RTOS) for the Internet of Things (IoT), announced last week they grew their community of contributors with support for more than 100 developer boards and the addition of six new members.

These industry and academic leaders include Antmicro, DeviceTone, SiFive, the Beijing University of Posts and Telecommunications, The Institute of Communication and Computer Systems (ICCS) and Northeastern University.

Read more

GNU/Linux on Chromebooks

Filed under
GNU
Linux
Google
  • How to install Linux apps on your Chromebook

    Chromebooks are great because they're simple: there's a lot you can get done with web services without exposing yourself to the troubles and security issues that plague more complex platforms.

    But if you need to do a bit more with your Chromebook, you have a few options. Most Chromebooks these days allow you to install apps from the Google Play Store, which should fill most productivity gaps. If not, you'll soon have one more option: installing Linux apps. To be clear, you've been able to install Linux apps on Chromebooks for years because Chrome OS is Linux. But, it's about to get much easier.

  • Top 5 Features Still Missing From Chrome OS

    Google’s Chrome OS gets a lot of things right, and the platform has evolved considerably over the years. Not only does it offer an always up-to-date version of the Chrome browser, but there are also Android apps, stylus input, and even Linux support on some devices. However, Chrome OS is far from perfect. You have to make compromises if you choose to live with a Chromebook, but you shouldn’t have to make quite this many. Here are the top five things Google should fix.

  • Walmart's selling an all-aluminum Chromebook with a comfy keyboard for just $220

    If you’re not considering a Chromebook when you're shopping for a notebook, you’re doing it wrong. Google's low-cost laptops are typically light, fast, secure, and have almost everything you need for remote work a.k.a. the Internet. Today, you can get in on the action for a great price. Walmart is selling the Acer Chromebook 14 (CB3-431-C6ZB) for $220. That’s about $30 to $40 cheaper than you’d usually pay for this laptop.

Microsoft Versus Linux

Filed under
GNU
Linux
Microsoft

OSCON 2018 Events Coverage by LWN

Filed under
OSS
  • Using AI on patents

    Software patents account for more than half of all utility patents granted in the US over the past few years. Clearly, many companies see these patents as a way to fortune and growth, even while software patents are hated by many people working in the free and open-source movements. The field of patenting has now joined the onward march of artificial intelligence. This was the topic of a talk at OSCON 2018 by Van Lindberg, an intellectual-property lawyer, board member and general counsel for the Python Software Foundation, and author of the book Intellectual Property and Open Source. The disruption presented by deep learning ranges from modest enhancements that have already been exploited—making searches for prior art easier—to harbingers of automatic patent generation in the future.

  • Diverse technical topics from OSCON 2018

    The O'Reilly Open Source Conference (OSCON) returned to Portland, Oregon in July for its 20th meeting. Previously, we covered some retrospectives and community-management talks that were a big part of the conference. Of course, OSCON is also a technology conference, and there were lots of talks on various open-source software platforms and tools.

    An attendee who was coming back to OSCON after a decade would have been somewhat surprised by the themes of the general technical sessions, though. Early OSCONs had a program full of Perl, Python, and PHP developer talks, including the famous "State of The Onion" (Perl) keynote. Instead, this year's conference mostly limited the language-specific programming content to the tutorials. Most of the technical sessions in the main program were about platforms, administration, or other topics of general interest, some of which we will explore below.

LWN on Linux Kernel: Scheduler, Speck, and WireGuard

Filed under
Linux
  • Scheduler utilization clamping

    Once upon a time, the only way to control how the kernel's CPU scheduler treated any given process was to adjust that process's priority. Priorities are no longer enough to fully control CPU scheduling, though, especially when power-management concerns are taken into account. The utilization clamping patch set from Patrick Bellasi is the latest in a series of attempts to allow user space to tell the scheduler more about any specific process's needs.

    Contemporary CPU schedulers have a number of decisions to make at any given time. They must, of course, pick the process that will be allowed to execute in each CPU on the system, distributing processes across those CPUs to keep the system as a whole in an optimal state of busyness. Increasingly, the scheduler is also involved in power management — ensuring that the CPUs do not burn more energy than they have to. Filling that role requires placing each process on a CPU that is appropriate for that process's needs; modern systems often have more than one type of CPU available. The scheduler must also pick an appropriate operating power point — frequency and voltage — for each CPU to enable it to run the workload in a timely manner while minimizing energy consumption.

  • Reconsidering Speck

    The Speck cipher is geared toward good performance in software, which makes it attractive for smaller, often embedded, systems with underpowered CPUs that lack hardware crypto acceleration. But it also comes from the US National Security Agency (NSA), which worries lots of people outside the US—and, in truth, a fair number of US citizens as well. The NSA has earned a reputation for promulgating various types of cryptographic algorithms with dubious properties. While the technical arguments against Speck, which is a fairly simple and straightforward algorithm with little room for backdoors, have not been all that compelling, the political arguments are potent—to the point where it is being dropped by the main proponent for including it in the kernel.

  • WireGuarding the mainline

    The WireGuard VPN tunnel has been under development — and attracting attention — for a few years now; LWN ran a review of it in March. While WireGuard can be found in a number of distribution repositories, it is not yet shipped with the mainline kernel because its author, Jason Donenfeld, hasn't gotten around to proposing it for upstreaming. That changed on on July 31, when Donenfeld posted WireGuard for review. Getting WireGuard itself into the mainline would probably not be all that hard; merging some of the support code it depends on could be another story, though.

    WireGuard implements a simple tunneling protocol allowing network traffic to be routed through a virtual private network provider. It has been developed with an eye toward smallness, ease of verification, and performance, rather than large numbers of features. It is, according to the patch posting, "used by some massive companies pushing enormous amounts of traffic". Some effort has gone into making WireGuard widely available, an effort that has helped to create a significant user community. But the ultimate way to make this kind of software widely available is to get it into everybody's kernel; that requires upstreaming.

Software: Selenium, Password Managers, MAAS

Filed under
Software
  • Testing web applications with Selenium

    Whenever one is engaged in large-scale changes to a software project, it is nice to have some assurance that regressions are not being introduced in the process. Test suites can be helpful in that regard. But while the testing of low-level components can be relatively straightforward, testing at the user-interface level can be harder. Web applications, which must also interact with web browsers, can be especially challenging in this regard. While working on just this sort of project, your editor finally got around to looking at Selenium WebDriver as a potential source of help for the testing problem.

    The overall goal of the Selenium project is automating the task of dealing with web browsers (from the user side). The WebDriver component, in particular, provides an API allowing a program to control a browser and observe how the browser reacts. There are many potential applications for this kind of functionality; it could be used to automate any of a number of tiresome, web-oriented tasks that resist the use of simpler tools, for example. But perhaps the most obvious use case is regression-testing of web applications.

    The Selenium code is distributed under version 2.0 of the Apache license; it is available on GitHub. The WebDriver component offers API bindings for a number of languages, including Java, JavaScript, C#, Perl, PHP, Python (2 and 3), and Ruby. Your editor, naturally, was interested in the Python bindings. Fedora 28 packages the relatively old 3.7.0 release from December 2017, which is discouraging, but the current 3.14.0 release can be had from PyPI. One must also obtain a "driver" for one or more specific browsers; your editor has been using geckodriver to test with Firefox.

  • Best Free Linux Password Managers

    A password manager is a utility which helps users store and retrieve passwords and other data. Most password managers use a local database to hold the encrypted password data.

    In modern society, people face a bamboozling amount of information to retain. Most people read a considerable amount of information online on a regular basis. Whether you conduct business online, read for your job, or just read for pleasure, the internet is a vast source of information. Retaining that information on a long-term basis can be difficult. However, some nuggets of information need to be recalled quickly. Passwords are one such example.

    As a computer user, you’ll no doubt have numerous passwords to remember. Sites have arbitrary rules for various services. For example, a site may insist on a minimum number of characters, capital letters, numerals, and special characters which make choosing the same password for each site to be impossible. More importantly, there are good security reasons not to duplicate passwords. Password reuse and simple, easy-to-guess passwords are difficult issues. If you’re using the same password on more than one site, you risk having several accounts stolen if any one of them is breached.

  • MAAS 2.4.1 released!

    MAAS 2.4.1 has now been released and it is a bug fix release. Please see more details in discourse.maas.io [1].

Oracle Yields GraphPipe

Filed under
OSS
  • Oracle open sources Graphpipe to standardize machine learning model deployment

    Oracle, a company not exactly known for having the best relationship with the open source community, is releasing a new open source tool today called Graphpipe, which is designed to simplify and standardize the deployment of machine learning models.

    The tool consists of a set of libraries and tools for following the standard.

  • Oracle open-sources Graphpipe to make it easier to deploy machine learning models

    Oracle today open-sourced Graphpipe, a tool created to make it easy to serve machine learning models in the cloud made by popular frameworks like TensorFlow, MXNet, Caffe2, and PyTorch. Graphpipe was designed to simplify the deployment of machine learning for use on mobile apps and IoT devices, as well as web services for end users or AI for internal use at companies.

    “Graphpipe is an attempt to standardize the protocol by which you speak to a remotely deployed machine learning model, and it includes some reference servers that allow you to deploy machine learning models from existing frameworks very easily in an efficient way,” Oracle cloud architect Vish Abrams told VentureBeat in a phone interview. Prior to joining Oracle, Abrams led efforts at NASA to open-source the OpenStack cloud computing platform.

  • Oracle open sources GraphPipe, a new standard for machine learning models

    Machine learning is expected to transform industries. However, its adoption in the enterprise has been slower than some might expect because it's difficult for organizations to deploy and manage machine learning technology on their own. Part of the challenge is that machine learning models are often trained and deployed using bespoke techniques, making it difficult to deploy models across servers or within different departments.

  • Oracle offers GraphPipe spec for machine learning data transmission

    Oracle has developed an open source specification for transmitting tensor data, which the company wants to become a standard for machine learning.

    Called GraphPipe, the specification provides a protocol for network data transmission. GraphPipe is intended to bring the efficiency of a binary, memory-mapped format while being simple and light on dependencies. There also are clients and servers for deploying and querying machine learning models from any framework.

  • Oracle releases GraphPipe, an open-source tool for deploying AI models

    Major tech firms regularly open-source internal software projects, but it’s not often that Oracle Corp.’s name comes up in this context. Today marked one of those occasions.

    The database giant this morning released GraphPipe, a tool for easing the deployment of machine learning models. Development on the project was led by Oracle cloud architect Vish Abrams, an open-source veteran who previously worked at NASA as part of the team that created the OpenStack data center operating system.

  • Oracle Open Sources GraphPipe for 'Dead Simple' Machine Learning Deployment

A 'Bridge' for GNU/Linux Games

Filed under
GNU
Linux
Gaming
  • Valve seems to be working on tools to get Windows games running on Linux

    Valve appears to be working on a set of "compatibility tools," called Steam Play, that would allow at least some Windows-based titles to run on Linux-based SteamOS systems.

    Yesterday, Reddit users noticed that Steam's GUI files (as captured by SteamDB's Steam Tracker) include a hidden section with unused text related to the unannounced Steam Play system. According to that text, "Steam Play will automatically install compatibility tools that allow you to play games from your library that were built for other operating systems."

  • Valve could be working on compatibility tools to make gaming on Linux easier than ever

    Something to look forward to: Gaming on Linux has never been the ideal experience, and the lack of AAA game compatibility is one of the main reasons for this. That's where Valve comes in, apparently - the company seems to be quietly working on a compatibility tool of its own, called "Steam Play."

    It seems Valve could be taking another shot at bringing Linux to the forefront of PC gaming if recently-discovered Steam GUI files are anything to go by.

    Curious Reddit users dug into Steam database files obtained by Steam Tracker. Recent updates to the database include numerous hints at something called "Steam Play," which is beginning to sound like a compatibility tool of sorts.

  • Steam may be getting tools that will enable Windows games to run in Linux

    Valve announced the Linux-based SteamOS in 2013, just prior to the reveal of the vaguely console-like Steam Machine PCs. It was a big, bold move that ultimately petered out: Valve ditched the Steam Machines section of its website in April, aalthough you can still hit it directly if you know the URL.

  • Looks like Steam’s getting built-in tools to run Windows games on Linux

    A few lines of code uncovered in Steam suggest that Valve is working on compatibility tools to allow users to play games regardless of operating system. Put another way, Steam’s going to let you run Windows games on Mac and Linux with a set of software built directly into the client.

    Uncovered strings all come under the “Steam_Settings_Compat” header, and all reference back to Steam Play. That’s currently the moniker Valve used to distinguish games that come as a single purchase playable across Windows, Mac, and Linux, but the strings suggest a new definition on the way.

  • Rumour: Valve May Be Adding Windows Steam Game Compatibility to Linux

    In a very interesting move, sleuths over at GamingOnLinux appear to unearthed evidence that Valve is experimenting with tools that could allow Windows Steam games to be playable on Linux operating systems.

    Up until this point, a game has to be specifically developed for Linux in order to be compatible with Unix-based operating systems. There are workarounds available right now, but it’s notoriously unreliable and a major hassle to get sorted.

    However, updates posted to the Steam Database github indicates Valve is at least testing an automatic method for running Windows games on Linux. Picking through the github notes, the tool appears to be called ‘Steam Play’, which the compatibility info says “Steam Play will automatically install compatibility tools that allow you to play games from your library that were built for other operating systems.”

Security: Updates, IPSec, Elections, AWS and Surveillance

Filed under
Security
  • Security updates for Wednesday
  • Cisco, Huawei, ZyXel, and Huawei patch Cryptographic IPSEC IKE Vulnerability
  • 11-year-old shows it’s child’s play to mess with elections

    At the DefCon Voting Village in Las Vegas last year, participants proved it was child’s play to hack voting machines: As Wired reported, within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WinVote machine.

    This year, it was literally child’s play: the DefCon village this past weekend invited 50 kids between the ages of 8 and 16 to compromise replicas of states’ websites in the so-called “DEFCON Voting Machine Hacking Village.”

  • Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

    Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.

    Two 11-year-old budding hackers last week at DEF CON in Las Vegas used SQL injection attack code to break into a replica of the Florida Secretary of State's website within 15 minutes, altering vote count reports on the site.

    Meanwhile, further down the hall in the adult Voting Machine Hacking Village at Caesars Palace, one unidentified hacker spent four hours trying to break into a replica database that housed the real, publicly available state of Ohio voter registration roll. He got as far as the secured server — penetrating two layers of firewalls with a Khali Linux pen testing tool — but in the end was unable to grab the data from the database, which included names and birthdates of registered voters.

  • How Netflix Secures AWS Cloud Credentials

    Netflix has long been the poster child for being an "all-in-the-cloud" organization. The streaming media service relies on Amazon Web Services (AWS) for infrastructure and computing resources that it uses to operate.

  • Researchers Reveal Security Vulnerabilities in Tracking Apps

    Millions of users around the world regularly install tracker apps on their Android devices to help them keep track of friends and loved ones. Some of those tracker apps, however, contain vulnerabilities that could potentially enable an attacker to track the users of the apps.

    Researchers from the Fraunhofer Institute for Secure Information Technology detailed 37 vulnerabilities found in 19 mobile tracking apps in a session at Defcon in Las Vegas on Aug. 11. The researchers responsibly disclosed the flaws to Google and noted that, as of the time of their presentation, 12 of the apps had been removed from the Google Play store, leaving seven still publicly available and vulnerable.

    "In this project it was very easy to find vulnerabilities," security researcher Siegfried Rasthofer said. "There were no sophisticated exploits."

L1TF/Foreshadow News and Benchmarks

Filed under
Graphics/Benchmarks
Security
  • Three More Intel Chip Exploits Surface
  • Spectre-like “Foreshadow” Flaw In Intel CPUs Can Leak Your Secrets
  • QEMU 3.0 Brings Spectre V4 Mitigation, OpenGL ES Support In SDL Front-End

    QEMU 3.0 is now officially available. This big version bump isn't due to some compatibility-breaking changes, but rather to simplify their versioning and begin doing major version bumps on an annual basis. As an added bonus, QEMU 3.0 comes at a time of the project marking its 15th year in existence.

    QEMU 3.0 does amount to being a big feature release with a lot of new functionality as well as many improvements. Changes in QEMU 3.0 include Spectre V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on Microsoft Hyper-V, block device support for active mirroring, improved support for AHCI and SCSI emulation, OpenGL ES support within the SDL front-end, improved latency for user-mode networking, various ARM improvements, some POWER9 / RISC-V / s390 improvements too, and various other new bits.

  • How the L1 Terminal Fault vulnerability affects Linux systems

    Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?

  • An Early Look At The L1 Terminal Fault "L1TF" Performance Impact On Virtual Machines

    Yesterday the latest speculative execution vulnerability was disclosed that was akin to Meltdown and is dubbed the L1 Terminal Fault, or "L1TF" for short. Here are some very early benchmarks of the performance impact of the L1TF mitigation on the Linux virtual machine performance when testing the various levels of mitigation as well as the unpatched system performance prior to this vulnerability coming to light.

  • Phoronix Test Suite 8.2 M2 Released With Offline Improvements, L1TF/Foreshadow Reporting

    The second development snapshot of the upcoming Phoronix Test Suite 8.2-Rakkestad to benchmark to your heart's delight on Linux, macOS, Windows, Solaris, and BSD platforms from embedded/SBC systems to cloud and servers.

  • The Linux Benchmarking Continues On The Threadripper 2950X & 2990WX

    While I haven't posted any new Threadripper 2950X/2990WX benchmarks since the embargo expired on Monday with the Threadripper 2 Linux review and some Windows 10 vs. Linux benchmarks, tests have continued under Linux -- as well as FreeBSD.

    I should have my initial BSD vs. Linux findings on Threadripper 2 out later today. There were about 24 hours worth of FreeBSD-based 2990WX tests going well albeit DragonFlyBSD currently bites the gun with my Threadripper 2 test platforms. More on that in the upcoming article as the rest of those tests finish. It's also been a madhouse with simultaneously benchmarking the new Level 1 Terminal Fault (L1TF) vulnerability and the performance impact of those Linux mitigations on Intel hardware will start to be published in the next few hours.

Mozilla: WebTorrent, Bitslicing, Firefox Security Add-on and Time Dilation

Filed under
Moz/FF
  • These Weeks in Firefox: Issue 42
  • Dweb: Building a Resilient Web with WebTorrent

    WebTorrent is the first torrent client that works in the browser. It’s written completely in JavaScript – the language of the web – and uses WebRTC for true peer-to-peer transport. No browser plugin, extension, or installation is required.

    Using open web standards, WebTorrent connects website users together to form a distributed, decentralized browser-to-browser network for efficient file transfer. The more people use a WebTorrent-powered website, the faster and more resilient it becomes.

  • Bitslicing, An Introduction

    Bitslicing (in software) is an implementation strategy enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

    This post intends to give a brief overview of the general technique, not requiring much of a cryptographic background. It will demonstrate bitslicing a small S-box, talk about multiplexers, LUTs, Boolean functions, and minimal forms.

  • Firefox Security Add-on on 222k Devices Found Sending Browsing Data to Remote German Server

    There is a popular browser add-on which is installed by 222,746 Firefox users according to Mozilla’s own statistics of add-on downloads. According to a German security blogger, Mike Kuketz, and the author of uBlock Origin, Raymond Hill, this particular add-on has been spying on users’ activity by tapping into their browser histories and keeping track of the web pages that they visit. This add-on is the Web Security extension for the Mozilla Firefox browser.

    Web Security is designed to protect users from online phishing and malware attacks that could potentially steal personal information. This comes across as ironic as the extension is found to be unethically keeping tabs (pun intended) on your own information, evading your privacy without your consent. The reason that this news is hitting the stands so massively is that the add-on was publicized by Mozilla itself in a blog post just last week. The add-on boasts fantastic reviews and that’s why it is used so widely by so many people too.

  • Time Dilation

    I riffed on this a bit over at twitter some time ago; this has been sitting in the drafts folder for too long, and it’s incomplete, but I might as well get it out the door. Feel free to suggest additions or corrections if you’re so inclined.

    You may have seen this list of latency numbers every programmer should know, and I trust we’ve all seen Grace Hopper’s classic description of a nanosecond at the top of this page, but I thought it might be a bit more accessible to talk about CPU-scale events in human-scale transactional terms. So: if a single CPU cycle on a modern computer was stretched out as long as one of our absurdly tedious human seconds, how long do other computing transactions take?

Syndicate content