Games: Ostriv, Back to Bed, EVERSPACE, Hiveswap: Act 1

• Ostriv, a city-builder set in the 18th century will have Linux support

  Ostriv [Official Site] is a city-builder built by one developer and I think it looks reasonably impressive. The developer plans Linux support too.

• The Humble Very Positive Bundle 2 is an awesome deal

• Back to Bed, an interesting and slightly weird puzzle game is currently free on Steam

• Blowing everyone up in EVERSPACE, my thoughts

  After a long wait, EVERSPACE [Steam] arrived for Linux recently, here’s my thoughts of this rather intense space shooter. I personally purchased my copy, as space combat games are one of my original loves.

• Homestuck adventure game HIVESWAP: Act 1 releases without promised Linux support

  Looks like another possible Kickstarter disappointment. The game Hiveswap: Act 1, by Homestuck creator Andrew Hussie, set a fundraising record back in 2012, making a whopping $2 million when it only asked for $750k. Linux support was one of the early stretch goals, which was smashed on the very first day. The game was set to release in 2014. Over the following years the game saw setbacks, mostly due to the team contracted to work on the 3D graphics going off to work on King's Quest instead and leaving Hussie in the lurch. So he retooled, made a strategic alliance with Viz comics, and made a 2D adventure game instead. The game released today on Humble and Steam — with no Linux support.

Openwashing and Microsoft FUD

• Inocybe Technologies Continues to Grow with Additional Open Source Networking Expert Hires

• Nonprofit Launches Open-Source Take on Email Marketing [Ed: openwashing spam]

• Announcing immediate support for .NET Core for Linux

• Microsoft shows VMware and Oracle how to get real about open source [Ed: Mac Asay again. Second Microsoft openwashing piece in a week. He also pursued a job at Microsoft.]

• After Equifax Breach, Companies Advised to Review Open-Source Software Code [Ed: Microsoft-connected FUD proxy Black Duck is attacking FOSS again]

• News in brief: Linux advice for Equifax; fired over phish; Security.txt standard proposed

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5.

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

• Security updates for Tuesday

• The 2017 Linux Security Summit

  The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.

• Key Considerations for Software Updates for Embedded Linux and IoT

  The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.

• APNIC-sponsored proposal could vastly improve DNS resilience against DDoS