Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 28 Sep 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Web browsers for GNU/Linux Roy Schestowitz 20/09/2016 - 9:43pm
Story GNOME/GTK News Roy Schestowitz 20/09/2016 - 9:42pm
Story Servers (Linux Foundation and IBM) Roy Schestowitz 20/09/2016 - 9:41pm
Story Riot secure messaging Roy Schestowitz 20/09/2016 - 9:12pm
Story Start-up sells a stamp-sized Linux server for $5 Rianne Schestowitz 20/09/2016 - 8:29pm
Story Samsung open sources its HbbTV media player Rianne Schestowitz 20/09/2016 - 8:11pm
Story 21 Open Source Projects for IoT Rianne Schestowitz 20/09/2016 - 8:06pm
Story Games for GNU/Linux Roy Schestowitz 20/09/2016 - 7:09pm
Story Today in Techrights Roy Schestowitz 20/09/2016 - 6:55pm
Story today's leftovers Roy Schestowitz 20/09/2016 - 1:49pm

Apache News

Filed under
OSS
  • Oracle's NetBeans Headed to The Apache Software Foundation

    Oracle's open-source NetBeans IDE could become the next former Sun Microsystems project to land at the Apache Software Foundation (ASF).

  • Apache Announces Updated Syncope Identity Management Toolset

    In recent posts, we've taken note of the many projects that the Apache Software Foundation has been moving up to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support and more.

    Recently, Apache Bahir became a Top-Level Project (TLP). Now, the foundation has announced that it is making available Apache Syncope 2.0, a digital identity and access management system. Implemented in Java EE technology, Apache Syncope is designed to keep enterprise identity data consistent and synchronized across repositories, data formats, and models.

    "Syncope 2.0.0 is a major milestone for the community," said Francesco Chicchiriccò, Vice President of Apache Syncope, and one of the original creators of the project. "The numbers of this release look great --new features, new components and tools, new contributors, more enterprise appeal, and even more extensibility."

OpenStack, Red Hat, and Rackspace

  • OpenStack Mitaka software arrives as developers tease Newton release

    As vendors scramble to update their OpenStack distributions based on the latest Mitaka release, developers are already teasing what’s in store for the next version of the cloud computing fabric, dubbed OpenStack Newton.

    A number of vendors have already gotten their latest releases based on Mitaka out of the door, including Red Hat Inc. and Rackspace Inc. The latter released its updated private cloud distribution on Monday, labeling it a “managed services” platform rather than just a regular OpenStack platform due to its reference architecture based on the OpenStack-Ansible project that aims to add “security hardening” to the open-source software. Rackspace is clearly gunning for the more security-conscious among the OpenStack crowd, and took pains to emphasize in a whitepaper about the trade-off relating the application of more comprehensive security configurations and potential performance and availability issues.

  • Veritas and Red Hat Collaborate to Support Requirements for Business Critical Applications on OpenStack
  • Rackspace Private Cloud, Based on OpenStack, Arrives in New Version

    OpenStack cloud computing distributions, many of them based on the latest Mitaka build of the OpenStack platform, are proliferating. With so many vendors competing in this arena, market consolidation is also underway.

    Only days ago, Red Hat announced its latest platform: OpenStack Platform 9. Directly on the heels of that, VMware introduced VMware Integrated OpenStack 3. These distributions are based on the OpenStack Mitaka release. Now, Rackspace has rolled out version 13 of Rackspace Private Cloud powered by OpenStack. The new version addresses stability and security requirements for enterprise customers and is based on the Mitaka release.

    Stability and security are points of focus for Rackspace because the OpenStack market is now competitive enough that each vendor participating needs to make clear what the competitive differentiators are. Rackspace is also, as usual, focused on "fanatical support."

Games for GNU/Linux

Filed under
Gaming

Security News

Filed under
Security
  • Securing the Programmer

    I have a favorite saying: "If you are a systems administrator, you have the keys to the kingdom. If you are an open-source programmer, you don't know which or how many kingdoms you have the keys to." We send our programs out into the world to be run by anyone for any purpose. Think about that: by anyone, for any purpose. Your code might be running in a nuclear reactor right now, or on a missile system or on a medical device, and no one told you. This is not conjecture; this is everyday reality. Case in point: the US Army installed gpsd on all armor (tanks, armored personnel carriers and up-armored Humvees) without telling its developers.

    This article focuses on the needs of infrastructure software developers—that is, developers of anything that runs as root, has a security function, keeps the Internet as a whole working or is life-critical. Of course, one never knows where one's software will be run or under what circumstances, so feel free to follow this advice even if all you maintain is a toddler login manager. This article also covers basic security concepts and hygiene: how to think about security needs and how to keep your development system in good shape to reduce the risk of major computing security mishaps.

  • Software-Defined Security Market Worth 6.76 Billion USD by 2021
  • Two critical bugs and more malicious apps make for a bad week for Android
  • Let's Encrypt Aiming to Encrypt the Web

    By default, the web is not secure, enabling data to travel in the clear, but that's a situation that is easily corrected through the use of SSL/TLS. A challenge with implementing Secure Sockets Layer/Transport Layer Security has been the cost to acquire an SSL/TSL certificate from a known Certificate Authority (CA), but that has changed in 2016, thanks to the efforts of Let's Encrypt.

    Let's Encrypt is a non-profit effort that that was was announced in November 2014 and became a Linux Foundation Collaborative Project in April 2015. Let's Encrypt exited its beta period in April 2016 and to date has provided more than 5 million free certificates.

OSS Leftovers

Filed under
OSS

Linux Foundation and Linux

Filed under
Linux
  • Tridgell: ArduPilot and DroneCode
  • ArduPilot and DroneCode

    For the attention of the users, supporters, fans and corporate users of ArduPilot:

    The ArduPilot project is going through a transition. We will no longer be associated with DroneCode and instead will be focused directly on the needs of our users, contributors and partners.

    We had high hopes for DroneCode as a collaborative project. DroneCode was born out of the ArduPilot project and we led the technical collaboration since its inception nearly two years ago. As part of that collaboration we welcomed and nurtured close ties with the PX4 project and worked closely with a number of corporate partners.

    Unfortunately DroneCode has a built-in flaw. The structure and bylaws of DroneCode are built around exceptional power for the Platinum members, giving them extraordinary control over the future of DroneCode. This is a fundamental flaw in a project meant to promote free and open source software as it means that the business interests of a very small number of members can override the interests of the rest of the members and the community.

  • Raspberry Pi VC4 DRM To Get Lower Memory/CPU Overhead On Linux 4.9

    The latest Raspberry Pi VC4 DRM driver changes have now landed in DRM-Next for in turn landing in the mainline kernel when the Linux 4.9 merge window opens in a few weeks.

    The two main feature additions for the VC4 DRM driver are interlaced vblank timing and a memory/CPU overhead reduction when 3D rendering is taking place. The overhead reduction is from not forcing the new binner overflow allocation per-draw. Aside from the VC4 DRM driver work, with Linux 4.9 is where there finally might be mainline support for the Raspberry Pi Zero.

  • OpenDayLight Boron Set to Stabilize Open-Source SDN

    The open-source OpenDayLight Software Defined Networking (SDN) project is set to debut its fifth release this week, codenamed Boron. The Boron release follows the Beryllium update, which debuted in February.

  • Improvements, New Extension Hit Mesa

    There has already been more improvements hitting Mesa Git this week.

    Among the noteworthy recent additions in Mesa Git include:

    - A RadeonSI change not to preload constants at the beginning of shaders. By doing so, very simple tests are seeing improvements -- a big decrease in SGPR spilling for shader-db tests by up to 68%.

Red Hat and Fedora

Filed under
Red Hat

15 Top Open Source Artificial Intelligence Tools

Filed under
OSS

In a recent article, we provided an overview of 45 AI projects that seem particularly promising or interesting. In this slideshow, we're focusing in on open source artificial intelligence tools, with a closer look at fifteen of the best-known open source AI projects.

Read more

Everyone Wins With Open Source Software

Filed under
OSS

As open source software matures and is used by more and more major corporations, it is becoming clear that the enterprise software game has changed. Sam Ramji, CEO of the Cloud Foundry Foundation, believes that open source software is a positive sum game, as reflected in his keynote at ApacheCon in Vancouver in May.

Invoking his love of game theory, Ramji stated emphatically that open source software is a positive-sum game, where the more contributors there are to the common good, the more good there is for everyone. This idea is the opposite of a zero-sum game, where if someone benefits or wins, then another person must suffer, or lose.

Read more

Missiles to Legos: 10 reasons to run Linux instead of Windows

Filed under
Linux
Microsoft

Over the years, I've had my fair share of disagreements with both Linux and Linux users. But as Linux has entered its second quarter century, I've found myself thinking about all the fabulous things that run Linux.

Two years ago, I wrote an article about the five reasons I'd rather run Windows 8 than Linux. While Windows 8 didn't work out all that well, Windows 10 is clearly a barn-burner. Today, in fact, you can find Windows 10 running inside a Raspberry Pi (and it's free for individuals) as well as inside of very inexpensive PCs.

But ever since I threw OctoPrint on a $35 Raspberry Pi and created a 3D printing server, I've felt I've come to terms with Linux. I think we can be friends again.

So I thought, if I can use Linux to build 3D objects, what else would I use Linux for? Here are 10 places where the phrase "I'd rather run Linux than Windows" applies quite nicely.

Read more

today's leftovers

Filed under
Misc
  • Canonical Shaky On Sharing

    Remember Canonical, the company that produces the distribution Ubuntu GNU/Linux? They have a hard time even mentioning “Linux” on their website yet they manage to customize the Linux kernel for their distro without actively contributing the modifications to kernel.org.

  • AMD's GPUOpen HIP Project Made Progress Over The Summer

    The HIP project has made good progress over the summer. HIP from AMD's GPUOpen project is part of the puzzle for converting CUDA to portable C++ code. That source code can then run on AMD GPUs while having little to no performance impact, at least according to AMD.

  • A Unity developer is teasing the Vulkan API in the Unity engine [Ed: but it brings in Microsoft Mono]
  • 4 Weeks Left to Gentoo Miniconf

    4 weeks are left until LinuxDays and Gentoo Miniconf 2016 in Prague.

  • Freexian’s report about Debian Long Term Support, August 2016
  • New Parrot S.L.A.M.dunk Drone Development Kit Makes Use of Ubuntu Snappy and ROS

    Dubbed Parrot S.L.A.M.dunk, the new development kit is here to help developers create obstacle avoidance and autonomous robots and drones that use the slimmed-down version of the popular Ubuntu Linux distribution designed for embedded and IoT (Internet of Things) devices, Ubuntu Snappy Core, as well as ROS (Robot Operating System).

    "Parrot developed S.L.A.M.dunk to be as easy and user-friendly as possible for developers, researchers, integrators, and academics," reads the press release. "All Ubuntu functionalities and benefits from ROS (Robot Operating System) framework are embedded in the Parrot S.L.A.M.dunk making it user-friendly. The HDMI port makes it possible to develop directly on the product."

  • Enabling Geocode API for Tizen apps with Tizen studio and Here Maps

    If you’re a deveoper working on the Tizen platform with apps that require location access, then the new Tizen Studio’s Native Geocode API is just what you should be looking for. The API provides coordinates data to your app which can be achieved by following a fairly simple process.

Leftovers: Software

Filed under
Software
  • Vim 8.0 released
  • MKVToolNix 9.4.2 Free MKV Manipulation App Improves the AVC and HEVC Readers

    On September 11, 2016, MKVToolNix developer Moritz Bunkus released the first maintenance update to the major 9.4 series, version 9.4.1, with various improvements to the mkvmerge component, and several bug fixes.

    MKVToolNix 9.4.1 is dubbed "Black Rain," and, according to the release notes, it looks like it adds many improvements to the mkvmerge tool, a component that lets users merge MKV files with different audio, video, or subtitle streams. For example, the HEVC parser, MP4 reader, and AAC reader received various fixes.

  • qBittorrent 3.3.7 Free BitTorrent Client Removes KickassTorrents Search Engine

    A new stable version of the open-source, free, and cross-platform qBittorrent BitTorrent client used in Linux, Mac, and Windows computers was released on September 11, 2016.

    qBittorrent 3.3.7 comes one and a half months after the launch of the previous maintenance update, namely qBittorrent 3.3.6, and, according to the release notes, it only adds a single feature, fixes four annoying issues reported by users since then, and updates the search functionality.

  • Orion Is a Qt/QML Twitch desktop Client That I’d Love To Try

    It feels a little bit mean to write about an app that I know most of you won’t get to try anytime soon. But when I saw Orion, a Qt-based Twitch desktop app, surface on Reddit this evening I …I felt like I had to mention it here.

GNOME News

Filed under
GNOME
  • Maps marching towards 3.22

    So, I just rolled the 3.21.92 release of GNOME Maps. This is final beta release before the next stable (3.22.0).

    The most noteworthy change will ofcourse be the new tile provider, replacing the discontinued MapQuest tiles, courtesy of Mapbox!
    We have also backported this to prior stable versions to keep things working in current distribution releases, and for the future we will also have the ability to swich tile sources without patching release versions, as Maps now fetches a service definition file. And maybe (if time and effort permits) we might expand into the territory of client-side rendering of vector data, which opens up some possibilties, such as rendering various layers of interesting stuff such as a specific type of point-of-interests, like "show all restaurants in this area".

  • GUADEC 2017 to take place in Manchester, UK

    It is with great pleasure that the GNOME Foundation announces next year’s GUADEC to be held in Manchester, United Kingdom during the summer of 2017. The GNOME User and Developer European Conference (GUADEC) brings together hundreds of users and developers every year to further the GNOME Project. It is one of the Foundation’s longest-standing and most noteworthy events.

    Manchester is located about 160 miles (260 km) northwest of London, with Manchester Airport providing easy access for international guests, as well as plenty of public transportation. It has a long history of being a place of learning and innovation, with over 20 Nobel Prize winners having worked or studied in Manchester, Chetham’s Library being the oldest public library in the English-speaking world, and notable accomplishments like the splitting of the atom by Ernest Rutherford in the early 1900s.

Red Hat and Fedora

Filed under
Red Hat
  • Nominations Open for 2017 Red Hat Innovation Awards
  • Red Hat Virtualization 4: An Overview

    Red Hat's clearly investing in adding value to the open source KVM (kernel virtual machine) project and integrating virtual machine technology more tightly into other products to make it easier for enterprises to adopt and use the complete Red Hat software environment. Red Hat Virtualization 4 (RHV4) is the next step in that campaign.

  • Red Hat files to sell $368M in stock for employee plan
  • PostgreSQL 9.5: A quick start on Fedora 24

    PostgreSQL is one of the most popular object-relational database management system (shortened to ORDBMS) and is 100% open-source. It is not purely about relations anymore: PostgreSQL is more and more about NoSQL as well. The following article is a short tutorial to set up PostgreSQL 9.5 on Fedora 24, so it can be used for a development environment. For a production deployment, it is recommended to use a different set-up and harden the service.

  • Heroes of Fedora (HoF) – F24 Final

    Welcome back to the final installment of Heroes of Fedora 24 – Final edition! The purpose of this post is to recognize the contributors who made a difference in releasing Fedora 24 Final. Below you’ll find stats for Bodhi updates, release-validation tests, and Bugzilla reports. Without further ado, let’s get started!

  • Downgrading Fedora ‘rawhide’ -> Fedora 24

Leftovers: OSS and Sharing

Filed under
OSS
  • Arya.ai launches open source tool called Braid to rapidly integrate AI into systems

    Artificial Intelligence start-up Arya.ai announced on Monday the global launch of ‘Braid, an open Source tool to build intelligence quickly into systems. “Open sourcing key tools in AI, will help discover newer, interesting and more impactful use cases and applications for AI that we may not have even thought of,” said Vinay Kumar Sankarapu, CEO and founder of Arya.ai.

    Technology companies and start-ups trying to create products that use Artificial Intelligence are racing to build neural networks. By their very nature however, neural networks are complex and call for Deep Learning. Building neural networks, which are not unlike actual human brains with their complex layers, is a resource-intensive, expensive and time consuming process. And yet, these need to function flawlessly at large scale to handle tasks like speech and language processing, image processing, intelligent virtual assistants and even self-driving cars.

  • BTC.com Launches New, Open Source Mining Pool

    BTC.com has launched a new, open source bitcoin mining pool. Out of the gate, the pool seems to have some advantages in the pool sector of the mining industry. They have iOS and Android apps ready from launch, but the highlight is the efficient system underneath the platform.

  • How to Participate in Open Source Projects

    Some huge startup successes in recent years have come from the open source community, but many developers are still hesitant to devote much (or any) of their spare time to new open source projects. For those that do recognize the value, there’s still the question of how to participate, and in what? Allow us to help.

  • EximBank deploys Allevo open-source FinTP to achieve Sepa compliance

    As the SEPA scheme becomes applicable for non-Euro countries as well, EximBank, a Romanian state-owned bank dedicated to corporate financing, chooses to partner with Allevo in order to ensure the smooth alignment of bank operations to the Sepa standard.

    By implementing the open-source transactions processing solution offered by Allevo, the bank now processes its low-value payment instructions denominated in Euro according to the industry requirements.

  • Copyleft and data: database law as (poor) platform

    Defenders of copyleft often have to point out that copyleft isn’t necessarily anti-copyright, because copyleft depends on copyright. This is true, of course, but the more I think about databases and open licensing, the more I think “copyleft depends on copyright” almost understates the case – global copyleft depends not just on “copyright”, but on very specific features of the international copyright system which database law lacks.

  • Open Library Foundation Established

    The Open Library Foundation has been established to promote open source projects for libraries and to foster and support contribution, distribution, and sustainability of the benefits of these projects. The foundation provides the infrastructure for librarians, developers, designers, service providers, and vendors to collaborate with innovative open source technologies and develop transformative solutions for libraries.

  • Can open source and education save our electronic voting systems?

    With the recent disclosures of Democratic National Committee emails, allegations the election is rigged and other political machinations, conversations about the security of the general election are growing more frequent. People are asking, “How safe is my vote?”

    It has become such an important issue that Department of Homeland Security Secretary Jeh Johnson discussed classifying election systems as critical infrastructure, entitling the states to the same level of cyber protection as the national power grid and the financial system. While classifying election infrastructure as critical may be a step in the right direction, it won’t be a cure-all for what ails us. To save our electronic voting system, we need to learn from the past to ready our systems for future demands.

  • Open Government Partnership turning five, refocusing on transformative impact

    This month, the Open Government Partnership (OGP) is celebrating its fifth anniversary. Over the past five years the project has grown into a movement of 70 countries and thousands of civil society organisations, together creating National Action Plans whose implementation is assessed by the Independent Reporting Mechanism (IRM).

  • Licensing with Open Source and Creative Commons: Not as Simple as it Seems

    The culture of sharing is deeply embedded in the 3D printing community. This doesn’t mean that it is universal, but rather that it is more of a choice not to participate. Sharing openly is seen as something to be declared proudly and its absence somewhat suspiciously regarded. A recent think piece authored by Michael Weinberg (tagline for his blog: ‘I put things here so they are on the internet’) brings to light some interesting difficulties being brought about by the success of the open source and Creative Commons copyright movements.

  • Global citizens unite to improve housing with open design and development

    Mass-scale collaboration in free and open source software has proven so successful the concept has expanded to free and open source hardware. A strong case can be made that the area of hardware with the most promise for an open source approach is appropriate technology (AT).

  • I Built A Smart Clock

    Software is my comfort zone, you don’t get burnt, electrocuted, or spend a whole day 3D printing just to find out your design is shit. My plan was to compensate for all the hardware imperfection in software. Have it be self-tuning, smart and terrific.

    I chose to have NodeJS drive the clock. Mostly because I have recently got comfortable with it, but also because it is easy to give this project a slick web interface.

  • The unspeakable horror of Visual Studio PDB files

    When compiling C-like languages, debug information is not a problem. It gets written in the object file along with code and when objects are linked to form an executable or shared library, each individual file's debug info is combined and written in the result file. If necessary, this information can then be stripped into a standalone file.

    This seems like the simplest thing in the world. Which it is. Unless you are Microsoft.

4 big ways companies benefit from having open source program offices

Filed under
OSS

At first glance, one big reason why a company not in the business of software development might more enthusiastically embrace an open source program office is because they have less to lose. After all, they're not gambling with software products that are directly tied to revenue. Facebook, for example, can easily unleash a distributed key-value datastore as an open source project because they don't sell a product called "enterprise key-value datastore." That answers the question of risk, but it still doesn't answer the question of what they gain from contributing to the open source ecosystem. Let's look at a few potential reasons and then tackle each. You'll notice a lot of overlap with vendor open source program offices, but some of the motivations are slightly different.

Read more

Security News

Filed under
Security
  • Security advisories for Monday
  • Linux with a irc trojan.
  • On Experts

    There are a rather large number of people who think they are experts, some think they're experts at everything. Nobody is an expert at everything. People who claim to have done everything should be looked at with great suspicion. Everyone can be an expert at something though.

  • OPM Hacking Report Says Agency Missed One Set Of Attacks, Spent Little On Cybersecurity [Ed: spent on Windows]

    The twice-hacked Office of Personnel Management has had little to offer but promises of "taking security seriously" and free identity theft protection for the thousands of government employees whose personal information was pried loose by hackers.

    Twice-hacked, because there was one breach the OPM did discover, and one it didn't. While it spent time walling off the breach it had detected, another went unnoticed, leaking enough info on government employees that the CIA began worrying about the safety of agents located abroad.

    A new report [PDF] by the Committee on Oversight and Government Reform (which AP refers to but, oddly, does not feel compelled to LINK to, despite it being a completely PUBLIC document) details where the OPM initially went wrong.

  • Hollywood Keeps Insisting Tech Is Easy, Yet Can't Secure Its Own Screeners

    While some will just look at this and mock Hollywood for bad security practices, it does raise more serious questions: if Hollywood can't figure out its own (basic) technology issues, why does it think that the tech industry should solve all its problems for it? If it doesn't even understand the basics, how can it insist that those in Silicon Valley can fix the things that it doesn't understand itself?

    We're already seeing this with the MPAA's ridiculous and misguided freakout over the FCC's plan to have cable companies offer up app versions so that authorized subscribers can access authorized, licensed content. The MPAA and its think tank friends keep falsely insisting that the FCC's recommendation requires the cable companies to ship the actual content to third parties. But the plan has never said that. It only required that third-party devices be able to access the content -- such as by passing through credentials so that the content could flow from the (licensed) cable service to the end user.

    The fact that these guys don't seem to understand the basics of how the technology works comes through not just in the fact that they failed to secure their screener system, but also in the policy proposals that they keep making. It's becoming increasingly difficult to take those policies seriously when they seem to be based on a fundamental ignorance of how technology actually works.

Ubuntu Infringing, AlienBob Quits, Linus' Laptop

Filed under
-s

The top story today proves once again that Hollywood has way too much power. A DMCA takedown request to Google, to which they relented, included an address to Ubuntu 12.04.2 LTS. In other news, Slackware developer and Slackware Live founder Eric "AlienBob" Hameleers has given his notice and Bodhi Linux 4.0.0 Alpha 2 was released. Steven J. Vaughan-Nichols spoke to Linus Torvalds about his development computer and Matt Hartley posted some ideas for the perfect Linux desktop.

Read more

Syndicate content

More in Tux Machines

Proxmox VE 4.3 released

Proxmox Server Solutions GmbH today announced the general availability of Proxmox Virtual Environment 4.3. The hyper-converged open source server virtualization solution enables users to create and manage LXC containers and KVM virtual machines on the same host, and makes it easy to set up highly available clusters as well as to manage network and storage via an integrated web-based management interface. The new version of Proxmox VE 4.3 comes with a completely new comprehensive reference documentation. The new docu framework allows a global as well as contextual help function. Proxmox users can access and download the technical documentation via the central help-button (available in various formats like html, pdf and epub). A main asset of the new documentation is that it is always version specific to the current user’s software version. Opposed to the global help, the contextual help-button shows the user the documentation part he currently needs. Read more

Games for GNU/Linux

Security News

  • Tuesday's security updates
  • New Open Source Linux Ransomware Divides Infosec Community
    Following our investigation into this matter, and seeing the vitriol-filled reaction from some people in the infosec community, Zaitsev has told Softpedia that he decided to remove the project from GitHub, shortly after this article's publication. The original, unedited article is below.
  • Fax machines' custom Linux allows dial-up hack
    Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection. The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line. The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected. Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.
  • Google just saved the journalist who was hit by a 'record' cyberattack
    Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs. Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks. Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists' websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.
  • Krebs DDoS aftermath: industry in shock at size, depth and complexity of attack
    “This attack didn’t stop, it came in wave after wave, hundreds of millions of packets per second,” says Josh Shaul, Akamai’s vice president of product management, when Techworld spoke to him. “This was different from anything we’ve ever seen before in our history of DDoS attacks. They hit our systems pretty hard.” Clearly still a bit stunned, Shaul describes the Krebs DDoS as unprecedented. Unlike previous large DDoS attacks such as the infamous one carried out on cyber-campaign group Spamhaus in 2013, this one did not use fancy amplification or reflection to muster its traffic. It was straight packet assault from the old school.
  • iOS 10 makes it easier to crack iPhone back-ups, says security firm
    INSECURITY FIRM Elcomsoft has measured the security of iOS 10 and found that the software is easier to hack than ever before. Elcomsoft is not doing Apple any favours here. The fruity firm has just launched the iPhone 7, which has as many problems as it has good things. Of course, there are no circumstances when vulnerable software is a good thing, but when you have just launched that version of the software, it is really bad timing. Don't hate the player, though, as this is what Elcomsoft, and what Apple, are supposed to be doing right. "We discovered a major security flaw in the iOS 10 back-up protection mechanism. This security flaw allowed us to develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) back-ups made by iOS 10 devices," said Elcomsoft's Oleg Afonin in a blog post.
  • After Tesla: why cybersecurity is central to the car industry's future
    The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security. This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production. This leads to a ‘fire brigade approach’ to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.

Ofcom blesses Linux-powered, open source DIY radio ‘revolution’

Small scale DAB radio was (quite literally) conceived in an Ofcom engineer’s garden shed in Brighton, on a Raspberry Pi, running a full open source stack, in his spare time. Four years later, Ofcom has given the thumbs up to small scale DAB after concluding that trials in 10 UK cities were judged to be a hit. We gave you an exclusive glimpse into the trials last year, where you could compare the specialised proprietary encoders with the Raspberry Pi-powered encoders. “We believe that there is a significant level of demand from smaller radio stations for small scale DAB, and that a wider roll-out of additional small scale services into more geographic areas would be both technically possible and commercially sustainable,” notes Ofcom. Read more