Language Selection

English French German Italian Portuguese Spanish

Google

Proprietary Software and Security Issues

Filed under
Google
Microsoft
Security
  • Google Blames Gmail, YouTube Outage on Error in User ID System

    Google diagnosed a widespread outage that knocked out major services earlier this week, such as Gmail and YouTube, as a mistake with its system for identifying people online.

    Alphabet Inc.’s Google has several tools that enable it to verify and track logged-in users. In October, the company began moving those tools to a new file storage system, and in the process misreported portions of the data, according to a Friday post. That caused several of its services to go down for 47 minutes Monday morning, a rare technical misstep.

  • Windows 10 updates cause CorsairVBusDriver BSOD crash loop
  • Microsoft has delivered a partial fix for this nagging Windows 10 bug

    Microsoft has released a partial fix for a known issue affecting Windows 10 devices with certain audio drivers for Conexant and Synaptics devices. The issue has been under investigation since May this year.

  • Attackers in compromised US system at least since mid-2019: report

    Malicious attackers, who were exposed as having hit a number of government and private sector entities through software made by Texas firm SolarWinds, appear to have gained access to that firm's network as early as mid-2019, Yahoo! News claims.

  • Suspected Russian [attack]: Was it an epic cyber attack or spy operation?

    But for many current and former American officials, that’s not the right way to look at it. By [cracking] into dozens of corporations and government agencies, they say, the [crackers] have pulled off a stunning and distressing feat of espionage. But they note that it’s just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries.

    It might constitute an attack if the intruders destroyed data, for example, or used their access to do damage in the physical world, say, by shutting down power grids. But breaking into unclassified government and corporate networks? Reading other people’s emails? That’s spying.

  • Exploiting a stack-based buffer overflow in practice

    In my previous post, I detailed a fun method of obtaining root access on the Zyxel VMG8825-T50 router, which required physical access to the device and authenticated access to the web interface.

    In this post, I will detail the exploitation of a vulnerability that could potentially result in unauthenticated RCE as root, given LAN access only. This vulnerability was also found on the VMG8825-T50 router, but it turns out to be present in multiple other Zyxel devices.

Expanding Fuchsia's open source model

Filed under
Google
OSS

Fuchsia is a long-term project to create a general-purpose, open source operating system, and today we are expanding Fuchsia’s open source model to welcome contributions from the public.

Fuchsia is designed to prioritize security, updatability, and performance, and is currently under active development by the Fuchsia team. We have been developing Fuchsia in the open, in our git repository for the last four years. You can browse the repository history at https://fuchsia.googlesource.com to see how Fuchsia has evolved over time. We are laying this foundation from the kernel up to make it easier to create long-lasting, secure products and experiences.

Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what’s being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access.

Read more

Also: Google's Fuchsia Open-Source OS To Begin Accepting Community Contributions

WWW: WordPress, Chrome, Mozilla

Filed under
Server
Google
Moz/FF
Web
  • Half of Websites Will Be WordPress-Driven by 2025 / Digital Information World

    Based on CMS usage trends, now available for 2019 and most of the current year, several outlets have projected that WordPress will be the driving force behind half of all websites by 2025. According to the newest numbers by W3Techs, its usage is growing by 2.47% per year on average. If it continues at this rate, WordPress will surpass 50% market share, potentially within the next five years.

    [...]

    The pandemic has hastened the shift from brick-and-mortar to e-commerce by roughly five years. Today's 'online first' strategy is commonplace for many new and established businesses. However, as of 2019, less than two-thirds of small businesses had a website. For many business thought-leaders, the idea that a brand is too small or unsuitable for online trade ceases to exist. In the post-millennial marketplace, stores without an online presence give the impression that you're no longer in business.

    The trajectory of WordPress has historically depended on the demands of its users. It's continuously unfolded to cater to millions of bloggers and webmasters around the globe. Improvements such as REST API and the Gutenberg editor means WordPress is now better placed to contend with closed-source competitors Shopify, Wix, and Squarespace. Furthermore, you can anticipate developers will see WordPress as a simple solution to power the expansion of all varieties of mobile and web apps.

  • Chrome to remove HTTP/2 Push

    Chromium developers have announced that they plan to remove support for HTTP/2 server push from the market-leading browser engine. Server push lets web servers preemptively send clients resources it expects them to request later. The technique can reduce the number of network round-trips required before the client has all the resources it needs to display a page. The announcement cited high implementation complexity, low adoption among websites, and questionable performance gains as the reason for the removal.

    Server push is an optional feature introduced in the HTTP/2 standard. Chrome can remove it and remain compatible with the HTTP/2 standard. When used correctly, server push can greatly improve page-load times. It also enables use-cases like instant redirects.

  • celery-batches 0.4 released!

    Earlier today I released a version 0.4 of celery-batches with support for Celery 5.0. As part of this release support for Python < 3.6 was dropped and support for Celery < 4.4 was dropped.

  • This Week in Glean: Glean is Frictionless Data Collection

    So you want to collect data in your project? Okay, it’s pretty straightforward.

Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core

Filed under
Linux
Google

Google engineer Joel Fernandes sent out the ninth version of their "core scheduling" patches for the Linux kernel that allows for allowing only trusted tasks to run concurrently on the same CPU core -- in cases where Hyper Threading is involved to safeguard the system against the possible security exploits.

Core Scheduling has been a popular topic since vulnerabilities like MDS and L1TF have come to light. Core Scheduling aims to make Hyper Threading safer and by only letting trusted tasks share a CPU core is a reasonable safeguard for still leaving Hyper Threading active on servers rather than disabling it in the name of security. DigitalOcean, Oracle, Google, and other major x86_64 players have all been interested in core scheduling and working on different solutions in order to keep HT/SMT active. Particularly for the major cloud server providers having to disable HT/SMT would be a big blow to their models.

Read more

FydeOS beta brings Chromium OS to the PineBook Pro (Android app support too)

Filed under
GNU
Linux
Google

The PineBook Pro is a $200 laptop with a 14 inch full HD display, a Rockchip RK3399 processor, 4GB of RAM, 64GB of storage, and support for a bunch of different operating systems… most of which are GNU/Linux distributions.

But you can also turn the laptop into a Chromebook-like device by installing a new beta release of FydeOS 11.2 for the PineBook Pro.

Read more

Noscript cures font vulnerabilities

Filed under
Google
Moz/FF
Security
Web

In the past month, I've read about a dozen security bulletins involving remote execution exploits due to font parsing vulnerabilities in a range of operating systems, from desktop to mobile. In all these cases, there was a detailed mention of problems, but very little if any mention of possible solutions, other than vendor updates, that is.

Which is rather intriguing, because there is a tool that can help you with fonts. It's called Noscript, it's a supreme browser extension available in Firefox and more recently in Chrome, and it allows you to govern the loading of fonts in your webpages. A simple and elegant tool that can save - or at the very least, significantly minimize, headache with fonts. But does it get the spotlight it deserves? Of course not, drama and fear are far more interesting. Let's see what gives.

Read more

Uncovering the Best Open Source Google Analytics Alternatives

Filed under
Google
OSS
Web

Web analytics is the measurement, collection, analysis and reporting of internet data. In a nutshell, it is the study of website visitor behavior. It is the process of using online data to transform a organization from faith-based to data driven.

This type of software helps you generate a holistic view of your business by turning customer interactions into actionable insights. Using reports and dashboards, web analytics software lets you sort, sift and share real-time information to help identify opportunities and issues. Keeping track of web visitors, analyzing traffic sources, measuring sales and conversions are just some of the possibilities.

Google Analytics is an excellent well known free service that lets webmasters and site owners access web analytics data. The web service generates detailed statistics about a website’s traffic and sources. It helps marketers and is the most widely used website statistics service. But the biggest downside with Google Analytics is that your data is controlled and used for Google’s own purposes, not just by you. It is also not an open source solution, with a webmaster or site owner being denied access to the raw data.

There are also many other remote-hosted web analytics services that are well-designed and comprehensive. However, if you want an open source solution where the software is hosted on your own server, there are some good alternatives. Having the software installed on your server means that you retain full control over your data, with the possibility of integrating that data into your own system. This solution might, for example, be important to people who do not want to give Google (or another organization) the invitation to control a large portion of their online activity, or who want to be fully in control of visitor privacy.

To provide an insight into the quality of software that is available, we have compiled the following list of open source web analytics software.

Read more

Also: ITFirms Lists Top Free, Open-Source Statistical Analysis Software

USDOJ Takes on Google, Mozilla Responds

Filed under
Google
Moz/FF
Web
Legal
  • Justice Department Sues Monopolist Google For Violating Antitrust Laws

    oday, the Department of Justice — along with eleven state Attorneys General — filed a civil antitrust lawsuit in the U.S. District Court for the District of Columbia to stop Google from unlawfully maintaining monopolies through anticompetitive and exclusionary practices in the search and search advertising markets and to remedy the competitive harms. The participating state Attorneys General offices represent Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina, and Texas.

    “Today, millions of Americans rely on the Internet and online platforms for their daily lives. Competition in this industry is vitally important, which is why today’s challenge against Google — the gatekeeper of the Internet — for violating antitrust laws is a monumental case both for the Department of Justice and for the American people,” said Attorney General William Barr. “Since my confirmation, I have prioritized the Department’s review of online market-leading platforms to ensure that our technology industries remain competitive. This lawsuit strikes at the heart of Google’s grip over the internet for millions of American consumers, advertisers, small businesses and entrepreneurs beholden to an unlawful monopolist.”

  • Mozilla Reaction to U.S. v. Google

    Like millions of everyday internet users, we share concerns about how Big Tech’s growing power can deter innovation and reduce consumer choice. We believe that scrutiny of these issues is healthy, and critical if we’re going to build a better internet. We also know from firsthand experience there is no overnight solution to these complex issues. Mozilla’s origins are closely tied to the last major antitrust case against Microsoft in the nineties.

    In this new lawsuit, the DOJ referenced Google’s search agreement with Mozilla as one example of Google’s monopolization of the search engine market in the United States. Small and independent companies such as Mozilla thrive by innovating, disrupting and providing users with industry leading features and services in areas like search. The ultimate outcomes of an antitrust lawsuit should not cause collateral damage to the very organizations – like Mozilla – best positioned to drive competition and protect the interests of consumers on the web.

  • DOJ May Force Google To Sell Chrome To Settle Antitrust Case: Report

    he U.S. Department of Justice may force Google to sell its Chrome browser. The development came after the US Congress’ antitrust report on big tech companies.

    It is also told that the DOJ is targeting Google’s advertising business as well. The prosecutors aim at breaking Google’s monopoly on the $162 billion digital advertising market. Politico reported the development via anonymous sources.

Will Google Stadia Boost Linux Gaming?

Filed under
GNU
Linux
Google
Gaming

Following my recent article on Steam Machines, quite a few comments appeared on the interwebs. Among them, someone remarked that my final point about Linux Gaming being too reliant on Valve was missing the fact that Google Stadia exists. And therefore this would be akin to having several companies for which Linux gaming matters.

This is a valid point. I had to address it.

What is Stadia? Stadia is a solution designed by Google to stream games to any device with little latency, as long as such devices have a Google Stadia client, the Chrome web browser or a Chromecast. There is a free tier where you can use Stadia and purchase games as you go, and a Pro version which costs about 10 bucks per month after you buy the Premiere Edition with the controller (129 USD).

Read more

Google Coral Dev Board mini SBC is now available for $100

Filed under
Linux
Google
Hardware
Debian

Google Coral SBC was the first development board with Google Edge TPU. The AI accelerator was combined with an NXP i.MX 8M quad-core Arm Cortex-A53 processor and 1GB RAM to provide an all-in-all AI edge computing platform. It launched for $175, and now still retails for $160 which may not be affordable to students and hobbyists.

[...]

The board runs Debian based Mendel Linux distribution developed by Google for Coral boards and supports TensorFlow Lite and AutoML Vision Edge with the latter enabling “fast, high-accuracy custom image classification models”.

Read more

Syndicate content

More in Tux Machines

Devices: Xtra-PC, Arduino and Inventor Coding Kit

  • Xtra-PC Reviews – Best Linux USB-Stick? - Product Review by Rick Finn

    The Xtra-PC Linux USB-Stick might be your solution if you have problems with your old and slow PC. It's a small flash drive stick and it's using Linux OS to boost you PC's operations. Check out now.

  • Arduino Blog » Old keyboard turned into a new children’s learning toy

    Peter Turczak’s toddler son loves “technical stuff,” especially things like keyboards and computers that adults use. After discussing this with other likeminded technical parents, the idea of giving new life to an old (PS/2 or AT) keyboard as a teaching tool was hatched.

  • SiFive Helping To Teach Kids Programming With RISC-V HiFive Inventor Coding Kit

    SiFive in cooperation with Tynker and BBC Learning have launched a Doctor Who themed HiFive Inventor Coding Kit. This Initial HiFive Inventor Coding Kit is intended to help kids as young as seven years of age get involved with computer programming through a variety of fun exercises and challenges involving the RISC-V powered mini computer and related peripherals like LED lighting and speaker control. [...] So for those looking to get their kids involved with computer programming and looking for an IoT-type device with some fun sensors and various themed exercises to get them experimenting, the HiFive Inventor Coding Kit is worth looking into further. More details on the programming platform can be found via Tynker.com and on the hardware at HiFiveInventor.com. The HiFive Inventor Kit is available from Amazon.com and other Internet retailers for $75 USD.

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages… [...] The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution. It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Audiocasts/Shows: Blender 2.91, Server Security, Linux in the Ham Shack and More

IBM/Red Hat Leftovers

  • Davie Street Enterprises: A case study in digital transformation

    We would like to introduce you to Davie Street Enterprises (DSE). DSE is a fictitious 100-year-old multinational corporation that is beginning its digital transformation journey. In this post we will lay the groundwork for a series following DSE as an illustration of how some Red Hat customers are preparing for and succeeding at digital transformation to save money, become more efficient, and compete more effectively. The company isn't real, but its struggle is very real for many organizations. Throughout this series, we will explore the business problems any number of organizations are challenged with and how DSE, with the help of Red Hat and its partners, plan to solve those problems. To start, let’s learn more about DSE, its business, and some of the associates involved in its digital transformation journey.

  • Farewell 2020: A year of togetherness with our EMEA partners

    When reflecting on 2020, I do what many people do and think about what things were like prior to this year. For me, I immediately go back to a spring day three years ago. Red Hat was hosting our EMEA Partner Conference; a mix of distributors, independent software vendors (ISVs), system integrators and solution providers from across the region. Alongside the usual product updates and market insight sessions you might expect, we decided to do a little drumming. A lot of drumming, in fact — 900 people banging bongos and clashing cymbals. Other than the noise, what I remember was the genuine sense of togetherness; embarrassment and egos put to the side in the pursuit of the perfect tempo. It seems drumming is a good signal of solidarity. Even in a large group, it’s easy to notice someone beating to a different rhythm. Trainers and coaches use this drumming technique frequently to promote unity and coordination. Our coach that day later congratulated me on "having such a tight knit group of employees." When I told him they weren’t our employees but partners from 550 different companies, he couldn’t believe it.

  • Visualizing system performance with RHEL 8 using Performance Co-Pilot (PCP) and Grafana (Part 1)

    When it comes to performance metrics data collection and visualization on Linux, PCP metrics collection and visualization are key. Red Hat Enterprise Linux (RHEL) 8 provides an excellent framework for collecting performance metrics and visualizing them! The days of poring over command line output to try and figure out what is happening on a system are gone. In this series, I’d like to introduce the power of using Performance Co-Pilot (PCP) and Grafana to visualize system performance data in RHEL. By default, Performance Co-Pilot is not installed on RHEL 8. We believe in giving users choices and as such, you have to opt-in to using Performance Co-Pilot.