Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Security updates for Friday
  • Understanding SELinux Roles

    I received a container bugzilla today for someone who was attempting to assign a container process to the object_r role. Hopefully this blog will help explain how roles work with SELinux.

    When we describe SELinux we often concentrate on Type Enforcement, which is the most important and most used feature of SELinux. This is what describe in the SELinux Coloring book as Dogs and Cats. We also describe MLS/MCS Separation in the coloring book.

  • The Internet Society is unhappy about security – pretty much all of it

    The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”.

    Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the Internet (by Ipsos on behalf of the Centre for International Governance Innovation).

    Report author, economist and ISOC fellow Michael Kende, reckons companies aren't doing enough to control breaches.

    “According to the Online Trust Alliance, 93 per cent of breaches are preventable” he said, but “steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted.”

  • UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

    Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.

    As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.

  • EU budget creates bug bounty programme to improve cybersecurity

    Today the European Parliament approved the EU Budget for 2017. The budget sets aside 1.9 million euros in order to improve the EU's IT infrastructure by extending the free software audit programme (FOSSA) that MEPs Max Anderson and Julia Reda initiated two years ago, and by including a bug bounty approach in the programme that was proposed by MEP Marietje Schaake.

  • Qubes OS Begins Commercialization and Community Funding Efforts

    Since the initial launch of Qubes OS back in April 2010, work on Qubes has been funded in several different ways. Originally a pet project, it was first supported by Invisible Things Lab (ITL) out of the money we earned on various R&D and consulting contracts. Later, we decided that we should try to commercialize it. Our idea, back then, was to commercialize Windows AppVM support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought we would offer Windows AppVM support under a proprietary license. Even though we made a lot of progress on both the business and technical sides of this endeavor, it ultimately failed.

    Luckily, we got a helping hand from the Open Technology Fund (OTF), which has supported the project for the past two years. While not a large sum of money in itself, it did help us a lot, especially with all the work necessary to improve Qubes’ user interface, documentation, and outreach to new communities. Indeed, the (estimated) Qubes user base has grown significantly over that period. Thank you, OTF!

  • Linux Security Basics: What System Administrators Need to Know

    Every new Linux system administrator needs to learn a few core concepts before delving into the operating system and its applications. This short guide gives a summary of some of the essential security measures that every root user must know. All advice given follows the best security practices that are mandated by the community and the industry.

  • BitUnmap: Attacking Android Ashmem

    The law of leaky abstractions states that “all non-trivial abstractions, to some degree, are leaky”. In this blog post we’ll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.

Parental Controls for Linux Unleashed

Filed under
GNU
Linux
Security

For years, one of the overlooked areas for the Linux desktop was access to “effective” parental controls. Back in 2003, I remember the now defunct Linspire (then known as Lindows) offered a proprietary option called SurfSafe. Surprisingly, at least back then, the product worked very well in providing accurate content filtering capabilities; something that was not,in fact, available and easy-to-use at that time.

Years later, an open-source alternative was released to the greater Linux community known as GNOME Nanny. Fantastic in terms of usage control, its web content web filter was laughably terrible. As expected, crowd-sourcing a filtering list isn’t a great solution. And like SurfSafe, the project is now defunct.

Read more

Mofo Linux: The Raw Materials for Security

Filed under
GNU
Linux
Security
Ubuntu

The developers of Mofo Linux talk a good game. From the name’s origin in abusive street slang to its self-description on the home page as “Linux designed to defeat state censorship and surveillance,” Mofo presents itself as a champion of security and privacy. Nor is the claim unjustified. However, rather than putting security and privacy into the hands of ordinary users, Mofo simply presents the tools and leaves users to figure them out with a minimum of help. The result is a promising distribution that with only slightly more work, could be a leading one.

Just possibly, though, this approach is a deliberate tactic, and not the carelessness it appears. Based on Ubuntu, the current release of Mofo offers nothing different in the way of productivity tools. It uses Unity for a desktop, and its applications are the standard GNOME ones. In fact, Mofo shows such little interest in such matters that it does not bother to change the title bar in the installer from Ubuntu.

Read more

Security News

Filed under
Security
  • Mozilla Patches Zero-Day Flaw in Firefox

    Mozilla moves quickly to fix vulnerability that was being actively exploited in attacks against Tor Browser, which is based on Firefox.

    Late afternoon on November 30, Mozilla rushed out an emergency update for its open-source Firefox web browser, fixing a zero-day vulnerability that was being actively exploited by attackers. The vulnerability was used in attacks against the Tor web browser which is based on Firefox.

  • Thursday's security advisories
  • 'Fatal' flaws found in medical implant software

    Security flaws found in 10 different types of medical implants could have "fatal" consequences, warn researchers.

    The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them.

    By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets.

    The attacks were also able to steal confidential data about patients and their health history.

    A software patch has been created to help thwart any real-world attacks.

    The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.

  • Lenovo: If you value your server, block Microsoft's November security update

    Lenovo server admins should disable Windows Update and apply a UEFI fix to avoid Microsoft’s November security patches freezing their systems.

    The world’s third-largest server-maker advised the step after revealing that 19 configurations of its x M5 and M6 rack, as well as its x6 systems are susceptible.

  • Symantec and VMware patches, Linux encryption bug: Security news IT leaders need to know
  • UK homes lose internet access after cyber-attack

    More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million.

    TalkTalk, one of Britain’s biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers.

    The Post Office said 100,000 customers had experienced problems since the attack began on Sunday and KCom put its figure at about 10,000 customers since Saturday. TalkTalk confirmed that it had also been affected but declined to give a precise number of customers involved.

  • New Mirai Worm Knocks 900K Germans Offline

    More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • What Malware Is on Your Router?

    Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

    Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

    After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

    It’s not just routers. I’m also seriously considering installing the low-tech sliding door devices that were handed out as swag at this year’s All Things Open to block the all-seeing-eye of the web cams on my laptops. And I’m becoming worried about the $10 Vonage VoIP modem that keeps my office phone up and running. Thank goodness I don’t have a need for a baby monitor and I don’t own a digital camera, other than what’s on my burner phone.

  • National Lottery 'hack' is the poster-girl of consumer security fails

    IN THE NEW age of hacking, you don't even need to be a hacker. National Lottery management company Camelot has confirmed that up to 26,500 online accounts for their systems may have been compromised in an attempted hack, that required no hacking.

    It appears the players affected have been targetted from hacks to other sites, and the resulting availability of their credentials on the dark web. With so many people using the same password across multiple sites, it takes very little brute force to attack another site, which is what appears to have happened here.

  • Mozilla and Tor release urgent update for Firefox 0-day under active attack

    "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

    The Tor browser is based on the open-source Firefox browser developed by the Mozilla Foundation. Shortly after this post went live, Mozilla security official Daniel Veditz published a blog post that said the vulnerability has also been fixed in a just-released version of Firefox for mainstream users. On early Wednesday, Veditz said, his team received a copy of the attack code that exploited a previously unknown vulnerability in Firefox.

  • Tor Browser 6.0.7 is released

    Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

    This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

    The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

    Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

  • Firefox 0-day in the wild is being used to attack Tor users

    Firefox developer Mozilla and Tor have patched the underlying vulnerability, which is found not only in the Windows version of the browser, but also the versions of Mac OS X and Linux.

    There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.

    Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.

  • Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

    If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Reproducible Builds: week 83 in Stretch cycle
  • Neutralizing Intel’s Management Engine

    Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

  • Muni system hacker hit others by scanning for year-old Java vulnerability

    The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

    In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."

  • Researchers’ Attack Code Circumvents Defense Mechanisms on Linux, Leaving Machines Susceptible

    Researchers develop such attack codes for aiding Linux security's onward movement. A demonstration of the way an attack code is possible to write towards effectively exploiting just any flaw, the above kinds emphasize that Linux vendors require vigorously enhancing the safety mechanism on Linux instead of just reacting when attacks occur.

Security News

Filed under
Security
  • ‘You Hacked,’ Cyber Attackers Crash Muni Computer System Across SF [Ed: Microsoft Windows]

    That was the message on San Francisco Muni station computer screens across the city, giving passengers free rides all day on Saturday.

  • SF’s Transit Hack Could’ve Been Way Worse—And Cities Must Prepare

    This weekend, San Francisco’s public transit riders got what seemed like a Black Friday surprise: The system wouldn’t take their money. Not that Muni’s bosses didn’t want to, or suddenly forgot about their agency’s budget shortfalls.

    Nope—someone had attacked and locked the computer system through which riders pay their fares. Payment machines told riders, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded a 100 Bitcoin ransom (about $73,000).

    The agency acknowledged the attack, which also disrupted its email system, and a representative said the agency refused to pay off the attacker. Unable to collect fares, Muni opened the gates and kept trains running, so people could at least get where they were going. By Monday morning, everything was back to normal.

  • Newly discovered router flaw being hammered by in-the-wild attacks

    Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.

  • Locking Down Your Linux Server

    No matter what your Linux, you need to protect it with an iptable-based firewall.

    Yes! You’ve just set up your first Linux server and you’re ready to rock and roll! Right? Uh, no.

    By default, your Linux box is not secure against attackers. Oh sure, it’s more secure than Windows XP, but that’s not saying much.

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • FutureVault Inc.'s FutureVault

    Though short of Mr Torvalds' aim of world domination, FutureVault, Inc., has set the ambitious goal to "change the way business is done" with its FutureVault digital collaborative vault application. Described by its developer as "at the epicenter of a brand new disruptive category in the financial services world", FutureVault allows users to deposit, store and manage important financial, legal and personal documents digitally by means of a white-label, cloud-based, SaaS platform.

  • Azure glitch allowed attackers to gain admin rights over hosted Red Hat Linux instances

    A VULNERABILITY in Microsoft's Azure cloud platform could have been exploited by an attacker to gain admin rights to instances of Red Hat Enterprise Linux (RHEL) and storage accounts hosted on Azure.

  • Microsoft update servers leave Azure RHEL instances hackable
  • Microsoft update left Azure Linux virtual machines open to hacking
  • Microsoft Azure bug put Red Hat instances at risk
  • Microsoft update servers left all Azure RHEL instances hackable

    Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.

    Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.

    From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.

    Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.

  • Deutsche Telekom Says Cyber Attack Hits 900,000 Customers

    Deutsche Telekom (DTEGY) , Europe's largest, said it could have been a victim of a cyber attack as 900,000 fixed-line customers face a second consecutive day of outages.

    The Bonn, Germany-based company, which has 20 million fixed network customers, said 900,000 customers with specific routers have faced temporary problems and marked fluctuations in quality, with some also receiving no service at all. It added that the problems have occurred in a wide region, not in a specific area.

  • San Francisco’s Muni Hacked

    It seems that on Friday, right in the midst of busy Thanksgiving weekend holiday traffic, the San Francisco Municipal Transportation Agency or Muni, was hit by hackers, forcing the system to offer Saturday free rides on the system’s light rail trains. The breach was apparently a ransomware attack, with the hackers demanding 100 Bitcoin, or approximately $73,000, to unencrypt the system.

    It all began when the words “You Hacked, ALL Data Encrypted” appeared on Muni agents’ screens. It’s not known whether Muni paid the ransom, although that’s considered unlikely. Operations of the system’s vehicles were not affected.

Security News

Filed under
Security
  • European Commission knocked offline by 'large scale' DDoS attack

    THE EUROPEAN COMMISSION (EC) was struck by a large-scale distributed denial of service (DDoS) attack on Thursday, bringing down its internet access for hours.

    The EC confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.

    "No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."

  • Overclocked Wearables Can Pick Up Bio-Acoustic Signals

    The sensors incorporated into wearables can sometimes be repurposed to perform tasks beyond their intended applications. For example, it's been shown that it's possible to discover a victim user’s passwords and PINs by applying a sophisticated algorithm to the data gathered by wearable embedded sensors.

    Recently, researchers at the Future Interfaces Group at Carnegie Mellon University have overclocked the accelerometer of an LG smartwatch to extend its capabilities to more than just tracking fitness. By overclocking the off-the-shelf smartwatch via some software updates, they can now detect and process very small vibrations and audio signals.

    The new technology, dubbed ViBand, can allow different apps to understand the context of your activities by capturing bio-acoustic signals.

  • The Economics of stealing a Tesla with a phone

    A few days ago there was a story about how to steal a Tesla by installing malware on the owner's phone. If you look at the big picture view of this problem it's not all that bad, but our security brains want to make a huge deal out of this. Now I'm not saying that Tesla shouldn't fix this problem, especially since it's going to be a trivial fix. What we want to think about is how all these working parts have to fit together. This is something we're not very good at in the security universe; there can be one single horrible problem, but when we paint the full picture, it's not what it seems.

  • Config fumble left Azure Red Hat Enterprise Linux wide open

    A software engineer setting up a secure Red Hat Enterprise Linux virtual machine in the cloud discovered a serious configuration flaw that could be exploited to upload arbitrary software packages to Microsoft Azure update infrastructure.

    Ian Duffy found Microsoft had configured the Red Hat Update Appliance used for Azure in such a way that an attacker could easily get access to the content delivery servers and upload packages that client virtual machines would acquire when updating.

    Duffy was able to bypass the username and password authentication on the content delivery server by running a log file collector application. Once completed, the log file collector provided a link to a downloadable compressed archive.

  • Azure bug bounty Root to storage account administrator

    In my previous blog post Azure bug bounty Pwning Red Hat Enterprise Linux I detailed how it was possible to get administrative access to the Red Hat Update Infrastructure consumed by Red Hat Enterprise Linux virtual machines booted from the Microsoft Azure Marketplace image. In theory, if exploited one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute yum update.

Security News

Filed under
Security
  • Azure bug bounty Pwning Red Hat Enterprise Linux

    Acquired administrator level access to all of the Microsoft Azure managed Red Hat Update Infrastructure that supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.

  • pledge(2) … or, how I learned to love web application sandboxing

    I use application-level sandboxing a lot because I make mistakes a lot; and when writing web applications, the price of making mistakes is very dear. In the early 2000s, that meant using systrace(4) on OpenBSD and NetBSD. Then it was seccomp(2) (followed by libseccomp(3)) on Linux. Then there was capsicum(4) on FreeBSD and sandbox_init(3) on Mac OS X.

  • [Older] Why is Apache Vulnerable by Default?

    Apache is the most popular web server on Earth, with a market share of 46.4% — well above Nginx (21.8%) and Microsoft IIS (9.8%). Thanks to Linux package managers like Yum and APT you can install and get it up and running in minutes. The core installation even features powerful modules for URL rewriting, user authentication, and more.

Syndicate content

More in Tux Machines

today's leftovers

  • How fast is KVM? Host vs virtual machine performance!
  • Kernel maintenance, Brillo style
    Brillo, he said, is a software stack for the Internet of things based on the Android system. These deployments bring a number of challenges, starting with the need to support a different sort of hardware than Android normally runs on; target devices may have no display or input devices, but might well have "fun buses" to drive interesting peripherals. The mix of vendors interested in this area is different; handset vendors are present, but many more traditional embedded vendors can also be found there. Brillo is still in an early state of development.
  • Reviewing Project Management Service `Wrike` And Seems Interesting
    I have been testing some services for our project and found this amazing service, thought why not share it with you guys, it might be useful for you. Project management is a term that in some respects appears common, yet in practice still seems to be limited to large companies. While this may be true, the foundations of project management are actually rather simple and can be adopted by anyone, in any industry. One of the major requirements you need to consider when selecting a good project management software is the ability to run and operate it on the go via your mobile devices. Other factors include the ability to access the software from any platform whether it be Linux, Mac, or Windows. This can be achieved when the project management software is web-based. Wrike is a software that does of all this.
  • World Wine News Issue 403
  • OSVR on Steam, Unity drops legacy OpenGL, and more gaming news
  • GNOME Core Apps Hackfest 2016
    This November from Friday 25 to Sunday 27 was held in Berlin the GNOME Core Apps Hackfest. My focus during this hackfest was to start implementing a widget for the series view of the Videos application, following a mockup by Allan Day.
  • Worth Watching: What Will Happen to Red Hat Inc Next? The Stock Just Declined A Lot
  • Vetr Inc. Lowers Red Hat Inc. (RHT) to Buy
  • Redshift functionality on Fedora 25 (GNOME + Wayland). Yes, it's possible!
    For those who can't live without screen colour shifting technology such as Redshift or f.lux, myself being one of them, using Wayland did pose the challenge of having these existing tools not working with the Xorg replacement. Thankfully, all is not lost and it is possible even right now. Thanks to a copr repo, it's particularly easy on Fedora 25. One of the changes that comes with Wayland is there is currently no way for third-party apps to modify screen gamma curves. Therefore, no redshift apps, such as Redshift itself (which I recently covered here) will work while running under Wayland.
  • My Free Software Activities in November 2016
  • Google's ambitious smartwatch vision is failing to materialise
    In February this year, Google's smartwatch boss painted me a rosy picture of the future of wearable technology. The wrist is, David Singleton said, "the ideal place for the power of Google to help people with their lives."
  • Giving Thanks (along with a Shipping Update)
    Mycroft will soon be available as a pre-built Raspberry Pi 3 image for any hobbyist to use. The new backend we have been quietly building is emerging from beta, making the configuration and management of you devices simple. We are forming partnerships to get Mycroft onto laptops, desktops and other devices in the world. Mycroft will soon be speaking to you throughout your day.
  • App: Ixigo Indian Rail Train PNR Status for Tizen Smart Phones
    Going on a train journey in India? Ixigo will check the PNR status, the train arrival and departure & how many of the particular tickets are left that you can purchase. You can also do a PNR status check to make sure that your seat is booked and confirmed.

Networking and Servers

  • How We Knew It Was Time to Leave the Cloud
    In my last infrastructure update, I documented our challenges with storage as GitLab scales. We built a CephFS cluster to tackle both the capacity and performance issues of NFS and decided to replace PostgreSQL standard Vacuum with the pg_repack extension. Now, we're feeling the pain of running a high performance distributed filesystem on the cloud.
  • Hype Driven Development
  • SysAdmins Arena in a nutshell
    Sysadmins can use the product to improve their skills or prepare for an interview by practicing some day to day job scenarios. There is an invitation list opened for the first testers of the product.

Desktop GNU/Linux

  • PINEBOOK Latest News: Affordable Linux Laptop at Only $89 Made by Raspberry Pi Rival, PINE
    PINE, the rival company of Raspberry Pi and maker of the $20 Pine A64, has just announced its two below $100-priced Linux laptops, known as PINEBOOK. The affordable Linux laptop is powered by Quad-Core ARM Cortex A53 64-bit processor and comes with an 11.6" or 14" monitor.
  • Some thoughts about options for light Unix laptops
    I have an odd confession: sometimes I feel (irrationally) embarrassed that despite being a computer person, I don't have a laptop. Everyone else seems to have one, yet here I am, clearly behind the times, clinging to a desktop-only setup. At times like this I naturally wind up considering the issue of what laptop I might get if I was going to get one, and after my recent exposure to a Chromebook I've been thinking about this once again. I'll never be someone who uses a laptop by itself as my only computer, so I'm not interested in a giant laptop with a giant display; giant displays are one of the things that the desktop is for. Based on my experiences so far I think that a roughly 13" laptop is at the sweet spot of a display that's big enough without things being too big, and I would like something that's nicely portable.
  • What is HiDPI and Why Does it Matter?

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.