Language Selection

English French German Italian Portuguese Spanish

Security

Security: Apple, Microsoft, Linux and New FUD

Filed under
Security
  • The Internet of 200 Kilogram Things: Challenges of Managing a Fleet of Slot Machines

    In a previous post we talked about Finland's Linux powered slot machines. It was mentioned that there are about 20 000 of these machines in total. It turns out that managing and maintaining all those machines is a not as easy as it may first appear.

    In the modern time of The Cloud, 20 thousand machines might not seem like much. Basic cloud management software such as Kubernetes scales to hundreds of thousands, even millions of machines without even breaking a sweat. Having "only" 20 thousand machines may seem like a small and simple thing that can be managed by one intern in their spare time. In reality things get difficult as there are many unique challenges to managing slot machines as opposed to regular servers.

    [...]

    There are roughly two different ways of updating an operating system install: image based updates and package based updates. Neither of these works particularly well in slot machine usage. Games are big, so downloading full images is not feasible, especially for machines that have poor network connections. Package based updates have the major downside that they are not atomic. In desktop and server usage this is not really an issue because you can apply updates at a known good time. For remote devices this does not work because they can be powered off at any time without any warning. If this happens during an upgrade you have a broken machine requiring a physical visit from a maintenance person. As mentioned above this is slow and expensive.

  • Security updates for Friday
  • How to Crack WinRAR Password Protected Files In Simple Steps?
  • A 16-Year-Old Hacked Apple Servers And Stored Data In Folder Named ‘hacky hack hack’

    Apple’s tall claims of keeping your data secured were shown mirror by an Australian teenager when he repeatedly hacked Apple servers and downloaded 90 GB of ‘secure files.’

    As reported by The Age, the teenager hacked Apple’s mainframe multiple times from his home because he was a fan of the iPhone maker company and dreamed of working for Apple.

  • Melbourne teen hacked into Apple's secure computer network, court told
  • SEI CERT releases open-source Source Code Analysis Laboratory for pinpointing vulnerabilities

    The Software Engineering Institute’s (SEI) CERT Division at Carnegie Mellon University released an open-source static analysis aggregator/correlator this week. Source Code Analysis application (SCALe) is designed to find vulnerabilities in application source code via multiple, independent static analysis tools.

  • Two DDoS Friendly Bugs Fixed in Linux Kernel [Ed: It wasn’t even anything critical]

    Maintainers behind the Linux kernel have rolled out patches in the past weeks for two bugs that are just ideal for causing havoc via DDoS attacks.

    Both bugs affect the Linux kernel's TCP stack and are known to trigger excessive resource usage in Linux-based systems.

  • Open-source vulnerabilities which will not die: Who is to blame? [Ed:  Charlie Osborne is amplifying several Microsoft proxies whose sole purpose is to attack and badmouth FOSS to help sell proprietary software]
  • Open Source security comes to GitHub [Ed: Sonatype is helping Microsoft entrap FOSS developers with their proprietary software]

Security: WebAssembly, HTTP Tokens and More

Filed under
Security
  • The Problems and Promise of WebAssembly

    WebAssembly is a format that allows code written in assembly-like instructions to be run from JavaScript. It has recently been implemented in all four major browsers. We reviewed each browser’s WebAssembly implementation and found three vulnerabilities. This blog post gives an overview of the features and attack surface of WebAssembly, as well as the vulnerabilities we found.

    [...]

    Overall, the majority of the bugs we found in WebAssembly were related to the parsing of WebAssembly binaries, and this has been mirrored in vulnerabilities reported by other parties. Also, compared to other recent browser features, surprisingly few vulnerabilities have been reported in it. This is likely due to the simplicity of the current design, especially with regards to memory management.

    There are two emerging features of WebAssembly that are likely to have a security impact. One is threading. Currently, WebAssembly only supports concurrency via JavaScript workers, but this is likely to change. Since JavaScript is designed assuming that this is the only concurrency model, WebAssembly threading has the potential to require a lot of code to be thread safe that did not previously need to be, and this could lead to security problems.

    WebAssembly GC is another potential feature of WebAssembly that could lead to security problems. Currently, some uses of WebAssembly have performance problems due to the lack of higher-level memory management in WebAssembly. For example, it is difficult to implement a performant Java Virtual Machine in WebAssembly. If WebAssembly GC is implemented, it will increase the number of applications that WebAssembly can be used for, but it will also make it more likely that vulnerabilities related to memory management will occur in both WebAssembly engines and applications written in WebAssembly.

  • Detecting Bomb And Guns Using Normal WiFi: Researchers Find A New Way

    The test was able to give out accurate results on 15 different objects ranging in there different categories — Metal, liquid, and non-dangerous items.

    While it’s not clear whether the government will adopt and use the newly developed tracking method in public places, this certainly looks like the best way to stop guns and bombs get into school premises.

  • What OpenShift Online customers should know about L1TF OpenShift SRE Security

    On Aug. 14, 2018, information was released about another set of “speculative execution” issues with Intel microprocessor hardware known as “L1 Terminal Fault”. As with earlier issues like Spectre and Meltdown, this information was coordinated with the release of updated software solutions to help mitigate the issue.

    At the time the embargo was lifted, the OpenShift SRE team worked to begin remediation (detailed below) on all OpenShift Online clusters. All Pro clusters finished remediation shortly before 18h00 EDT August 14, 2018. All Starter clusters were patched as of 23h30 EDT August 14, 2018.

  • L1TF (AKA Foreshadow) Explained in 3 Minutes from Red Hat
  • Google bod wants cookies to crumble and be remade into something more secure

    A key member of the Google Chrome security team has proposed the death of cookies to be replaced with secure HTTP tokens.

    This week Mike West posted his "not-fully-baked" idea on GitHub and asked for comments. "This isn't a proposal that's well thought out, and stamped solidly with the Google Seal of Approval," he warns. "It's a collection of interesting ideas for discussion, nothing more, nothing less."

    So far, people are largely receptive to the idea while pointing to the complexities that exist in trying to replace something that has become an everyday part of online interaction.

  • Mozilla Recommend a Privacy Extension That Is Tracking Your Web History

    Web Security, a Firefox extension with over 200,000 current users, tracks every website users visit and stores that information on a German web server.

    The extension was recommended by Mozilla in a blog post last week about add-ons that improve users’ privacy. Mozilla has since edited the post, removing Web Security.

Security Leftovers

Filed under
Security
  • How to Protect Your PC From the Intel Foreshadow Flaws
  • AT&T Sued After SIM Hijacker Steals $24 Million in Customer's Cryptocurrency

    It has only taken a few years, but the press, public and law enforcement appear to finally be waking up to the problem of SIM hijacking. SIM hijacking (aka SIM swapping or a "port out scam") involves a hacker hijacking your phone number, porting it over to their own device (often with a wireless carrier employee's help), then taking control of your personal accounts. As we've been noting, the practice has heated up over the last few years, with countless wireless customers saying their entire identities were stolen after thieves ported their phone number to another carrier, then took over their private data.

    Sometimes this involves selling valuable Instagram account names for bitcoin; other times it involves clearing out the target's banking or cryptocurrency accounts. Case in point: California authorities recently brought the hammer down on one 20-year-old hacker, who had covertly ported more than 40 wireless user accounts, in the process stealing nearly $5 million in bitcoin.

    One of the problems at the core of this phenomenon is that hackers have either tricked or paid wireless carrier employees to aid in the hijacking, or in some instances appear to have direct access to (apparently) poorly-secured internal carrier systems. That has resulted in lawsuits against carriers like T-Mobile for not doing enough to police their own employees, the unauthorized access of their systems, or the protocols utilized to protect consumer accounts from this happening in the first place.

  • Voting Machine Vendors, Election Officials Continue To Look Ridiculous, As Kids Hack Voting Machines In Minutes
  • Security updates for Thursday

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Filed under
Red Hat
Security
Debian
Ubuntu

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs.

"It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory.

Read more

Security Leftovers

Filed under
Security
  • Theo on the latest Intel issues

    Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

    [...]

    These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
    are the currently public artifacts of this one bug.

  • Putting Stickers On Your Laptop Is Probably a Bad Security Idea

    Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

  • Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat

    But the room check captured on video suggests the walkthroughs are subject to abuse by hotel personnel who may use them as opportunity to snoop on guests or take and post images for amusement. And accounts of other searches that involved hotel security staff refusing to show ID or showing insufficient ID, and displaying bullying and threatening behavior to guests in occupied rooms, raises questions about the legality of the searches and the tactics and training of security personnel.

  • Researchers in Finland detect vulnerability in password management software

    Researchers identified a security gap in more than 10 applications used by millions around the world, including an app used by Finland's population registry.

  • Trump ends Obama-era rules on US-led cyberattacks: report

     

    The memorandum required that an extensive interagency process take place before the U.S. government embarks on any cyberattacks. Trump reversed the rules to try and ease some of those restrictions, which critics argued were detrimental to launching the attacks quickly, according to the Journal.

Security: Updates, IPSec, Elections, AWS and Surveillance

Filed under
Security
  • Security updates for Wednesday
  • Cisco, Huawei, ZyXel, and Huawei patch Cryptographic IPSEC IKE Vulnerability
  • 11-year-old shows it’s child’s play to mess with elections

    At the DefCon Voting Village in Las Vegas last year, participants proved it was child’s play to hack voting machines: As Wired reported, within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WinVote machine.

    This year, it was literally child’s play: the DefCon village this past weekend invited 50 kids between the ages of 8 and 16 to compromise replicas of states’ websites in the so-called “DEFCON Voting Machine Hacking Village.”

  • Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

    Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.

    Two 11-year-old budding hackers last week at DEF CON in Las Vegas used SQL injection attack code to break into a replica of the Florida Secretary of State's website within 15 minutes, altering vote count reports on the site.

    Meanwhile, further down the hall in the adult Voting Machine Hacking Village at Caesars Palace, one unidentified hacker spent four hours trying to break into a replica database that housed the real, publicly available state of Ohio voter registration roll. He got as far as the secured server — penetrating two layers of firewalls with a Khali Linux pen testing tool — but in the end was unable to grab the data from the database, which included names and birthdates of registered voters.

  • How Netflix Secures AWS Cloud Credentials

    Netflix has long been the poster child for being an "all-in-the-cloud" organization. The streaming media service relies on Amazon Web Services (AWS) for infrastructure and computing resources that it uses to operate.

  • Researchers Reveal Security Vulnerabilities in Tracking Apps

    Millions of users around the world regularly install tracker apps on their Android devices to help them keep track of friends and loved ones. Some of those tracker apps, however, contain vulnerabilities that could potentially enable an attacker to track the users of the apps.

    Researchers from the Fraunhofer Institute for Secure Information Technology detailed 37 vulnerabilities found in 19 mobile tracking apps in a session at Defcon in Las Vegas on Aug. 11. The researchers responsibly disclosed the flaws to Google and noted that, as of the time of their presentation, 12 of the apps had been removed from the Google Play store, leaving seven still publicly available and vulnerable.

    "In this project it was very easy to find vulnerabilities," security researcher Siegfried Rasthofer said. "There were no sophisticated exploits."

L1TF/Foreshadow News and Benchmarks

Filed under
Graphics/Benchmarks
Security
  • Three More Intel Chip Exploits Surface
  • Spectre-like “Foreshadow” Flaw In Intel CPUs Can Leak Your Secrets
  • QEMU 3.0 Brings Spectre V4 Mitigation, OpenGL ES Support In SDL Front-End

    QEMU 3.0 is now officially available. This big version bump isn't due to some compatibility-breaking changes, but rather to simplify their versioning and begin doing major version bumps on an annual basis. As an added bonus, QEMU 3.0 comes at a time of the project marking its 15th year in existence.

    QEMU 3.0 does amount to being a big feature release with a lot of new functionality as well as many improvements. Changes in QEMU 3.0 include Spectre V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on Microsoft Hyper-V, block device support for active mirroring, improved support for AHCI and SCSI emulation, OpenGL ES support within the SDL front-end, improved latency for user-mode networking, various ARM improvements, some POWER9 / RISC-V / s390 improvements too, and various other new bits.

  • How the L1 Terminal Fault vulnerability affects Linux systems

    Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?

  • An Early Look At The L1 Terminal Fault "L1TF" Performance Impact On Virtual Machines

    Yesterday the latest speculative execution vulnerability was disclosed that was akin to Meltdown and is dubbed the L1 Terminal Fault, or "L1TF" for short. Here are some very early benchmarks of the performance impact of the L1TF mitigation on the Linux virtual machine performance when testing the various levels of mitigation as well as the unpatched system performance prior to this vulnerability coming to light.

  • Phoronix Test Suite 8.2 M2 Released With Offline Improvements, L1TF/Foreshadow Reporting

    The second development snapshot of the upcoming Phoronix Test Suite 8.2-Rakkestad to benchmark to your heart's delight on Linux, macOS, Windows, Solaris, and BSD platforms from embedded/SBC systems to cloud and servers.

  • The Linux Benchmarking Continues On The Threadripper 2950X & 2990WX

    While I haven't posted any new Threadripper 2950X/2990WX benchmarks since the embargo expired on Monday with the Threadripper 2 Linux review and some Windows 10 vs. Linux benchmarks, tests have continued under Linux -- as well as FreeBSD.

    I should have my initial BSD vs. Linux findings on Threadripper 2 out later today. There were about 24 hours worth of FreeBSD-based 2990WX tests going well albeit DragonFlyBSD currently bites the gun with my Threadripper 2 test platforms. More on that in the upcoming article as the rest of those tests finish. It's also been a madhouse with simultaneously benchmarking the new Level 1 Terminal Fault (L1TF) vulnerability and the performance impact of those Linux mitigations on Intel hardware will start to be published in the next few hours.

Security: Sonatype, Microsoft, Oracle and Linux

Filed under
Security

Security Leftovers

Filed under
Security
  • The Internet of Torts

    Rebecca Crootof at Balkinization has two interesting posts:

    • Introducing the Internet of Torts, in which she describes "how IoT devices empower companies at the expense of consumers and how extant law shields industry from liability."
    • Accountability for the Internet of Torts, in which she discusses "how new products liability law and fiduciary duties could be used to rectify this new power imbalance and ensure that IoT companies are held accountable for the harms they foreseeably cause.

    Below the fold, some commentary on both.

  • Password Analyst Says QAnon’s ‘Codes’ Are Consistent With Random Typing

    “The funny thing about people is that even when we type random stuff we tend to have a signature. This guy, for example, likes to have his hand on the ends of each side of the keyboard (e.g., 1,2,3 and 7,8,9) and alternate,” Burnett wrote in his thread.

  • Uber taps former NSA official to head security team

    Olsen, who served as the counterterrorism head under President Obama until 2014, will replace Joe Sullivan as the ride-hailing company's top security official.

    Sullivan was fired by Uber CEO Dara Khosrowshahi over his handling of a massive cyber breach last year that happened during former CEO Travis Kalanick’s tenure.

  • Malware has no trouble hiding and bypassing macOS user warnings

    With the ability to generate synthetic clicks, an attack, for example, could dismiss many of Apple's privacy-related security prompts. On recent versions of macOS, Apple has added a confirmation window that requires users to click an OK button before an installed app can access geolocation, contacts, or calendar information stored on the Mac. Apple engineers added the requirement to act as a secondary safeguard. Even if a machine was infected by malware, the thinking went, the malicious app wouldn’t be able to copy this sensitive data without the owner’s explicit permission.

  • Caesars Palace not-so-Praetorian guards intimidate DEF CON goers with searches [Updated]
  • Amazon Echo turned into snooping device by Chinese hackers [sic]

    Cybersecurity boffins from Chinese firm Tencent's Blade security research team exploited various vulnerabilities they found in the Echo smart speaker to eventually coax it into becoming an eavesdropping device.

'Foreshadow' Coverage

Filed under
Security
Syndicate content

More in Tux Machines

GNOME: NVMe Firmware and GSConnect

  • Richard Hughes: NVMe Firmware: I Need Your Data
    In a recent Google Plus post I asked what kind of hardware was most interesting to be focusing on next. UEFI updating is now working well with a large number of vendors, and the LVFS “onboarding” process is well established now. On that topic we’ll hopefully have some more announcements soon. Anyway, back to the topic in hand: The overwhelming result from the poll was that people wanted NVMe hardware supported, so that you can trivially update the firmware of your SSD. Firmware updates for SSDs are important, as most either address data consistency issues or provide nice performance fixes.
  • Gnome Shell Android Integration Extension GSConnect V12 Released
    GSConnect v12 was released yesterday with changes like more resilient sshfs connections (which should make browsing your Android device from the desktop more reliable), fixed extension icon alignment, along with other improvements. GSConnect is a Gnome Shell extension that integrates your Android device(s) with the desktop. The tool makes use of the KDE Connect protocol but without using any KDE dependencies, keeping your desktop clean of unwanted packages.
  • Linux Release Roundup: Communitheme, Cantata & VS Code
    GSconnect is a magical GNOME extension that lets your Android phone integrate with your Linux desktop. So good, in fact, that Ubuntu devs want to ship it as part of the upcoming Ubuntu 18.10 release (though last I heard it probably just end up in the repos instead). Anyway, a new version of GSconnect popped out this week. GSconnect v12 adds a nifty new features or two, as well as a few fixes here, and a few UI tweaks there.

Red Hat Leftovers

  • Red Hat Advances Container Storage
    Red Hat has moved to make storage a standard element of a container platform with the release of version 3.1 of Red Hat OpenShift Container Storage (OCS), previously known as Red Hat Container Native Storage. Irshad Raihan, senior manager for product marketing for Red Hat Storage, says Red Hat decided to rebrand its container storage offering to better reflect its tight integration with the Red Hat OpenShift platform. In addition, the term “container native” continues to lose relevance given all the different flavors of container storage that now exist, adds Raihan. The latest version of the container storage software from Red Hat adds arbiter volume support to enable high availability with efficient storage utilization and better performance, enhanced storage monitoring and configuration via the Red Hat implementation of the Prometheus container monitoring framework, and block-backed persistent volumes (PVs) that can be applied to both general application workloads and Red Hat OpenShift Container Platform (OCP) infrastructure workloads. Support for PVs is especially critical because to in the case of Red Hat OCS organizations can deploy more than 1,000 PVs per cluster, which helps to reduce cluster sprawl within the IT environment, says Raihan.
  • Is Red Hat Inc’s (NYSE:RHT) ROE Of 20.72% Sustainable?
  • FPgM report: 2018-33

OSS Leftovers

  • Infineon enables open source TSS ESAPI layer
    This is the first open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the Trusted Computing Group . “The ease of integration on Linux and other embedded platforms that comes with the release of the TPM 2.0 ESAPI stack speeds up the adoption of TPM 2.0 in embedded systems such as network equipment and industrial systems,” says Gordon Muehl, Global CTO Security at Huawei.
  • Open source RDBMS uses spurred by lower costs, cloud options
    As the volumes of data generated by organizations get larger and larger, data professionals face a dilemma: Must database bills get bigger in the process? And, increasingly, IT shops with an eye on costs are looking to open source RDBMS platforms as a potential alternative to proprietary relational database technologies.
  • Progress open sources ABL code in Spark Toolkit
    New England headquartered application development company Progress is flexing its programmer credentials this month. The Massachusetts-HQ’d firm has now come forward with its Progress Spark Toolkit… but what is it? The Progress Spark Toolkit is a set of open source ABL code combined with some recommended best-practices.
  • Mixing software development roles produces great results
    Most open source communities don’t have a lot of formal roles. There are certainly people who help with sysadmin tasks, testing, writing documentation, and translating or developing code. But people in open source communities typically move among different roles, often fulfilling several at once. In contrast, team members at most traditional companies have defined roles, working on documentation, support, QA, and in other areas. Why do open source communities take a shared-role approach, and more importantly, how does this way of collaborating affect products and customers? Nextcloud has adopted this community-style practice of mixing roles, and we see large benefits for our customers and our users.
  • FOSS Project Spotlight: SIT (Serverless Information Tracker)
    In the past decade or so, we've learned to equate the ability to collaborate with the need to be online. The advent of SaaS clearly marked the departure from a decentralized collaboration model to a heavily centralized one. While on the surface this is a very convenient delivery model, it simply doesn't fit a number of scenarios well. As somebody once said, "you can't FTP to Mars", but we don't need to go as far. There are plenty of use cases here on Earth that are less than perfectly suited for this "online world". Lower power chips and sensors, vessel/offshore collaboration, disaster recovery, remote areas, sporadically reshaping groups—all these make use of central online services a challenge. Another challenge with centralization is somewhat less thought of—building software that can handle a lot of concurrent users and that stores and processes a lot of information and never goes down is challenging and expensive, and we, as consumers, pay dearly for that effort. And not least important, software in the cloud removes our ability to adapt it perfectly for use cases beyond its owner's vision, scope and profitability considerations. Convenience isn't free, and this goes way beyond the price tag.
  • ProtonMail's open source encryption library, OpenPGPjs, passes independent audit
    ProtonMail, the secure email provider, has just had its credentials re-affirmed after its encryption library, OpenPGPjs, passed an independent security audit. The audit was carried out by the respected security firm, Cure53, after the developer community commissioned a review following the release of OpenPGPjs 3.0 back in March.
  • Uber Announces Open Source Fusion.js Framework
    Uber Announces Fusion.js, an open source "Plugin-based Universal Web Framework." In the announcement, Uber senior software engineer Leo Horie explains that Uber builds hundreds of web-based applications, and with web technologies changing quickly and best practices continually evolving, it is a challenge to have hundreds of web engineers leverage modern language features while staying current with the dynamic nature of the web platform. Fusion.js is Uber's solution to this problem.
  •  
  • ASAN And LSAN Work In rr
    AddressSanitizer has worked in rr for a while. I just found that LeakSanitizer wasn't working and landed a fix for that. This means you can record an ASAN build and if there's an ASAN error, or LSAN finds a leak, you can replay it in rr knowing the exact addresses of the data that leaked — along with the usual rr goodness of reverse execution, watchpoints, etc. Well, hopefully. Report an issue if you find more problems.
  • Oracle Open-Sources GraphPipe to Support ML Development
    Oracle on Wednesday announced that it has open-sourced GraphPipe to enhance machine learning applications. The project's goal is to improve deployment results for machine learning models, noted Project Leader Vish Abrams. That process includes creating an open standard. The company has a questionable relationship with open source developers, so its decision to open-source GraphPipe might not receive a flood of interest. Oracle hopes developers will rally behind the project to simplify and standardize the deployment of machine learning models. GraphPipe consists of a set of libraries and tools for following a deployment standard.
  • OERu makes a college education affordable
    Open, higher education courses are a boon to adults who don’t have the time, money, or confidence to enroll in traditional college courses but want to further their education for work or personal satisfaction. OERu is a great option for these learners. It allows people to take courses assembled by accredited colleges and universities for free, using open textbooks, and pay for assessment only when (and if) they want to apply for formal academic credit. I spoke with Dave Lane, open source technologist at the Open Education Resource Foundation, which is OERu’s parent organization, to learn more about the program. The OER Foundation is a nonprofit organization hosted by Otago Polytechnic in Dunedin, New Zealand. It partners with organizations around the globe to provide leadership, networking, and support to help advance open education principles.
  • Tomu Is A Tiny, Open Source Computer That Easily Fits In Your USB Port
    There are a number of USB stick computers available in the market at varying prices. One of them that really stands out is Tomu — a teeny weeny ARM processor that can entirely fit inside your computer’s USB port. Tomu is based on Silicon Labs Happy Gecko EFM32HG309 Arm Cortex-M0+ microcontroller that runs at 25 MHz. It sports 8 kb of RAM and 60 kb of flash onboard. In spite of the small size, it supports two LEDs and two capacitance touch buttons.
  • RcppArmadillo 0.9.100.5.0
    A new RcppArmadillo release 0.9.100.5.0, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian. It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.
  • PHP version 7.1.21 and 7.2.9
    RPM of PHP version 7.2.9 are available in remi repository for Fedora 28 and in remi-php72 repository for Fedora 25-27 and Enterprise Linux ≥ 6 (RHEL, CentOS). RPM of PHP version 7.1.21 are available in remi repository for Fedora 26-27 and in remi-php71 repository for Fedora 25 and Enterprise Linux (RHEL, CentOS).

GNU/Linux on Laptops and Desktops

  • Endless OS and Asus, Update on L1TF Exploit, Free Red Hat DevConf.US in Boston, Linux 4.19 Kernel Update
    Some of us may recall a time when ASUS used to ship a stripped down version of Xandros Linux with their line of Eee PC netbooks. Last week, the same company announced that Endless OS will be supporting non-OS offerings of their product. However it comes with a big disclaimer stating that ASUS will not officially support the operating system's compatibility issues.
  • The Chromebook Grows Up
    What started out as a project to provide a cheap, functional, secure and fast laptop experience has become so much more. Chromebooks in general have suffered from a lack of street-cred acceptance. Yes, they did a great job of doing the everyday basics—web browsing and...well, that was about it. Today, with the integration of Android apps, all new and recently built Chrome OS devices do much more offline—nearly as much as a conventional laptop or desktop, be it video editing, photo editing or a way to switch to a Linux desktop for developers or those who just like to do that sort of thing.
  • Windows 10 Linux Distribution Overload? We have just the thing [Ed: Microsoft is still striving to control and master GNU/Linux through malware, Vista 10]
  • What Dropbox dropping Linux support says
    You've probably already heard by now that Dropbox is nixing support for all Linux file systems but unencrypted ext4. When this was announced, much of the open source crowd was up in arms—and rightfully so. Dropbox has supported Linux for a long time, so this move came as a massive surprise.
  • Winds Beautifully Combines Feed Reader and Podcast Player in One Single App
    Billboard top 50 playlist is great for commuting. But I’m a nerd so I mostly prefer podcasts. Day after day, listening to podcasts on my phone has turned into a habit for the better and now, I crave my favorite podcasts even when I’m home, sitting in front of my computer. Thus began, my hunt for the perfect podcast app for Linux. Desktop Linux doesn’t have a huge selection of dedicated podcast applications. Of course, you can use Rhythmbox music player or VLC Media player to download podcasts (is there anything VLC can’t do?). There are even some great command line tools to download podcasts if you want to go down that road.
  • VirtualBox 5.2.18 Maintenance Update fixed VM process termination on RDP client disconnect
    Virtualbox developers released a maintenance update for virtualization solution on the 14th of August, 2018. The latest update raised the version of VirtualBox to 5.2.18. The improvements and additions have been welcomed by several users as it makes the virtualization product even more convenient to use.