Language Selection

English French German Italian Portuguese Spanish

Security

Open source is not dead

Filed under
Red Hat
Interviews
OSS
Security

I don’t think you can compare Red Hat to other Linux distributions because we are not a distribution company. We have a business model on Enterprise Linux. But I would compare the other distributions to Fedora because it’s a community-driven distribution. The commercially-driven distribution for Red Hat which is Enterprise Linux has paid staff behind it and unlike Microsoft we have a Security Response Team. So for example, even if we have the smallest security issue, we have a guaranteed resolution pattern which nobody else can give because everybody has volunteers, which is fine. I am not saying that the volunteers are not good people, they are often the best people in the industry but they have no hard commitments to fixing certain things within certain timeframes. They will fix it when they can. Most of those people are committed and will immediately get onto it. But as a company that uses open source you have no guarantee about the resolution time. So in terms of this, it is much better using Red Hat in that sense. It’s really what our business model is designed around; to give securities and certainties to the customers who want to use open source.

Read more

Google is making encryption standard in the next version of Android

Filed under
Android
Security

Less than a day after Apple detailed new efforts in user privacy for its products, Google now says it plans to encrypt user data on all Android devices. Speaking to The Washington Post, Google says data encryption will now be a part of the activation process instead of an optional feature. The end result is that whatever data is stored on that device, be it a phone or tablet, will be inaccessible unless the person has the correct password.

Read more

Qubes: The Open Source OS Built for Security

Filed under
Linux
Interviews
Security

No matter how good the code review process is, or how high the standards for acceptance, applications will always have bugs, says Joanna Rutkowska, founder and CEO of Invisible Things Lab. So will drivers. And filesystems.

“Nobody, not even Google Security Team, can find and patch all those bugs in all the desktop apps we all use,” Rutkowska says in the Q&A interview, below.

Read more

Open-source project promises easy-to-use encryption for email, instant messaging and more

Filed under
OSS
Security

Called "Pretty Easy Privacy" (PEP), the project's goal is to integrate the technology with existing communication tools on different desktop and mobile platforms. The development team launched a preview PEP implementation Monday for the Microsoft Outlook email client, but plans to build similar products to encrypt communications in Android, iOS, Firefox OS, Thunderbird, Apple Mail, Jabber, IRC (Internet Relay Chat), WhatsApp, Facebook Messenger, Snapchat and Twitter.

Read more

Free Linux Firewall OS IPFire 2.15 Core 82 Has Windows Active-Directory Single Sign-On Web Proxy

Filed under
Android
GNU
Security

Michael Tremer, a developer for the ipfire.org team, has announced that IPFire 2.13 Core 82, a new stable build of the popular Linux-based firewall distribution, is available, bringing quite a few security fixes.

IPFire releases are not usually very big, but this latest update in the series is quite substantial. A number of features and changes have been made and the devs are working to bring even more options to the masses.

Read more

Kolab creates a privacy refugee camp in Switzerland

Filed under
KDE
Security
Web

The disclosure by NSA contractor Edward Snowden has exposed the ‘out-of-control’ surveillance system of the US and the UK. The more stories we are getting from Guardian and NYTimes, the more people are losing trust in the proprietary solutions offered by the companies which operate from the US and seemingly work closely with the spy agencies.

This is a category of people who don’t yet understand the dangers of breach of privacy, but the more we are moving our lives into the digital world, the more important it is becoming to take control of our communication and privacy from the prying hands of those for whom we are the product.

Then there are those need this privacy, due to the profession they are in or for purely sensible reasons that our privacy should be respected.

Read more

Free Software Foundation statement on the new iPhone, Apple Pay, and Apple Watch

Filed under
Security

The Free Software Foundation encourages users to avoid all Apple products, in the interest of their own freedom and the freedom of those around them.

Read more

Why open source and collaboration are the future of security

Filed under
OSS
Security

In this podcast recorded at Black Hat USA 2014, Greg Martin, CTO at ThreatStream, talks about why open source and collaboration are the key drivers of information security innovation. He raises an important question - what will happen if we don't start actively sharing information?

Read more

New ultra secure cell phone, Blackphone, is reportedly flying off the shelves

Filed under
Android
Security

There is, apparently, a big demand for commercially available encrypted smartphones perhaps impervious to the data demands of spy agencies and cyber criminals worldwide.

Indeed, Toby Weir-Jones says sales of his new ultra-encrypted smartphone, called the Blackphone, are flying off the shelves since it began officially shipping in June.

Read more

NBC, Today Show Use Ubuntu to Illustrate Celebrity Hacking Story

Filed under
Security
Ubuntu

Spotting Ubuntu in the wild should be promoted to a sport and records must be set for the most interesting places where the distro has been seen. It looks like NBC and the Today Show have used Ubuntu to illustrate the nefarious practices of the hacker that release some nude pictures of various celebrities.

Read more

Syndicate content

More in Tux Machines

SUSE and Fedora Leftovers

  • Introducing SUSE Enterprise Storage 6
    SUSE Enterprise Storage 6 enables IT organizations to seamlessly adapt to changing business demands while reducing IT operational expense by transforming their enterprise storage infrastructure with our intelligent software-defined storage solution. Based on the Ceph Nautilus release and built on SUSE Linux Enterprise Server 15 SP1, SUSE Enterprise Storage 6 enables IT organizations to seamlessly adapt to changing business demands while reducing IT operational expense with new features focused on containerized and cloud workload support, improved integration with public cloud, and enhanced data protection capabilities
  • Introducing Fedora Summer Coding Class of Summer 2019
    Starting today, interns from the Fedora Summer Coding (F.S.C.) class of Summer 2019 start working on their projects. Three interns selected for Outreachy begin today, and another five interns selected for Google Summer of Code begin on Monday, May 27. The Fedora CommOps and Diversity and Inclusion teams worked together to interview all eight interns. This week on the Fedora Community Blog, we’ll introduce two interns each day of this week!
  • Getting set up with Fedora Project services
    In addition to providing an operating system, the Fedora Project provides numerous services for users and developers. Services such as Ask Fedora, the Fedora Project Wiki and the Fedora Project Mailing Lists provide users with valuable resources for learning how to best take advantage of Fedora. For developers of Fedora, there are many other services such as dist-git, Pagure, Bodhi, COPR and Bugzilla that are involved with the packaging and release process. These services are available for use with a free account from the Fedora Accounts System (FAS). This account is the passport to all things Fedora! This article covers how to get set up with an account and configure Fedora Workstation for browser single sign-on.

Kernel: Ted Tso is Switching to Hugo, Linux's vmalloc Seeing "Large Performance Benefits" With 5.2 Kernel Changes

  • Ted Tso: Switching to Hugo
    With the demise of Google+, I’ve decided to try to resurrect my blog. Previously, I was using Wordpress, but I’ve decided that it’s just too risky from a security perspective. So I’ve decided my blog over to Hugo. A consequence of this switch is that all of the Wordpress comments have been dropped, at least for now.
  • Linux's vmalloc Seeing "Large Performance Benefits" With 5.2 Kernel Changes
    On top of all the changes queued for Linux 5.2 is an interesting last-minute performance improvement for the vmalloc code. The Linux kernel's vmalloc code has the potential of performing much faster on Linux 5.2, particularly with embedded devices. Vmalloc is used for allocating contiguous memory in the virtual address space and saw a nice optimization merged today on the expected final day of the Linux 5.2 merge window.

Security: CBS FUD, .NET Push and Intel Disaster Due to Defects

  • Security researchers discover Linux version of Winnti malware [Ed: This targets already-vulnerable servers and GNU/Linux has little to do with that. It can be proprietary software on top of it.]
    Chronicle says it discovered this Linux variant after news broke last month that Bayer, one of the world's largest pharmaceutical companies, had been hit by Chinese hackers, and the Winnti malware was discovered on its systems.
  • Microsoft's Attack Surface Analyzer now works on Macs and Linux, too [Ed: Microsoft is now pushing .NET in the name of "security"]
  • Intel Loses 5X More Average Performance Than AMD From Mitigations: Report
    Intel has published its own set of benchmark results for the mitigations to the latest round of vulnerabilities, but Phoronix, a publication that focuses on Linux-related news and reviews, has conducted its own testing and found a significant impact. Phoronix's recent testing of all mitigations in Linux found the fixes reduce Intel's performance by 16% (on average) with Hyper-Threading enabled, while AMD only suffers a 3% average loss. Phoronix derived these percentages from the geometric mean of test results from its entire test suite. From a performance perspective, the overhead of the mitigations narrow the gap between Intel and AMD's processors. Intel's chips can suffer even more with Hyper-Threading (HT) disabled, a measure that some companies (such as Apple and Google) say is the only way to make Intel processors completely safe from the latest vulnerabilities. In some of Phoronix's testing, disabling HT reduced performance almost 50%. The difference was not that great in many cases, but the gap did widen in almost every test by at least a few points.

Licensing: Companies That Close Down FOSS 'in the Cloud' and Latest GPL Compliance at OnePlus

  • Confluent says it has the first cloud-native Kafka streaming platform
    Open-source unicorn Confluent Inc. is ready to go head-to-head with cloud computing giants with the release of a cloud-native and fully managed service based upon the Apache Kafka streaming platform.
  • For open source vs. proprietary, AWS might have it both ways [Ed: Mac Asay, Adobe, proponent of calling proprietary "open". IDG has just received money from Adobe (“BrandPost Sponsored by Adobe”) and Asay is now publishing articles owing to his employer paying the media. He’s is some kind of editor at InfoWorld (IDG). So the corporations basically buy ‘journalism’ (their staff as editors) at IDG.]
  • Why Open Source Should Remain Open
    On one hand, the validation that comes along with major tech players offering open source fuels growth in the software. On the other, it also changes the platform from one that’s always been free and available to one that is only available with limitations and has red tape all around it. As some of these companies join in the open source community, they’re losing sight of the original goal and community. Instead, they are building artificial walls and shutting down many parts of what makes open source open. This isn’t a unique occurrence, it’s happening more and more frequently and is something that will completely rearrange the core of open source as we know it.
  • BREAKING: OnePlus 7 Pro root achieved on global and Indian variants, kernel source codes released
    OnePlus phones are known for their developer friendliness as well as strong aftermarket development community. The Chinese OEM prefers to mandate GPL and push kernel source codes in a timely manner, which is a godsend compared to most of their competitors.
  • OnePlus 7 / 7 Pro kernel source code is now out, expect custom ROMs soon
    OnePlus announced the most-awaited OnePlus 7 and OnePlus 7 Pro last week. Both the smartphones are already on sale and can be bought in all the countries they are available. Even the OnePlus 7 Pro received its maiden update which brings April security patch and more. As usual, the kernel source for the OnePlus 7 series is now out too in a timely manner. Thus, users can expect custom ROMS sooner than later.