Language Selection

English French German Italian Portuguese Spanish

Security

Linux distributor security list destroyed after hacker compromise

Filed under
Linux
Security
BSD

zdnet.com: Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list.

Once Upon A Time, There Was A USB Vulnerability In Linux

Filed under
Security

muktware.com: GNU/Linux systems are immune to viruses is anything but myth. Viruses, malware are programs with destructive intentions and can be installed on any machine, if an attacker/cracker (not hacker for god's sake, you idiot) has physical access to it. You can install a malicious code on your own computer if you want. No one can stop you.

London Stock Exchange 'under major cyberattack' during Linux switch

Filed under
Linux
Security

computerworlduk.com: The London Stock Exchange’s new open source trading system may have been hacked last year, according to a report.

Sourceforge Attack: Full Report

Filed under
Security
Web

sourceforge.net: As we’ve previously announced, SourceForge.net has been the target of a directed attack. We have completed the first round of analysis, and have a much more solid picture of what happened, the extent of the impact, our plan to reduce future risk of attack.

Bot attacks Linux and Mac but can't lock down its booty

Filed under
Security

theregister.co.uk: From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.

Backdoors in OpenBSD? Reply hazy, try again

Filed under
Security
BSD

itworld.com: The fallout from last month's allegations that the Federal Bureau of Investigations attempted to deploy backdoors in the OpenBSD operating system are continuing to echo through developer circles, as more potential clues are unearthed.

Feds relax export curbs on open-source crypto

Filed under
Security

theregister.co.uk: Federal restrictions will be relaxed on the export of open-source software that incorporates strong encryption, the US government announced on Friday in a lengthy disclosure.

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

linuxjournal.com: It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

Developer defends claims of backdoors in OpenBSD

Filed under
Security
BSD

itwire.com: Perry, chief executive of a company named GoVirtual, told iTWire: "I have absolutely, positively nothing to gain from making those statements to Theo, and only did so to encourage a source code audit of the OpenBSD Project. If I had this to do over again, I would have sent an anonymous postcard to WikiLeaks.

Software flaws don't negate "many eyes" in open source

Filed under
OSS
Security

itworld.com: The allegations from Greg Perry regarding backdoors allegedly placed within OpenBSD about a decade ago seem to be shifting more and more into the realm of fantasy as each day goes by.

Syndicate content

More in Tux Machines

Graphics: Wayland and Vulkan

  • Canonical Reportedly Not Planning To Enable Wayland-By-Default For Ubuntu 20.04 LTS
    Since the short-lived Ubuntu 17.10 GNOME + Wayland experience, the Ubuntu desktop has still been using the trusted X.Org Server session by default. While Ubuntu 19.04 will soon be shipping and the Ubuntu 19.10 development cycle then getting underway, don't look for any Wayland-by-default change to be around the corner. Twice in the past week I've received communication from two indicating that Canonical reportedly isn't planning on enabling Wayland-by-default for Ubuntu 20.04 LTS. If Canonical were planning to go ahead with Wayland used by default, they would need to make the change for Ubuntu 19.10 as is customary for them to make large changes in the LTS-release-1 version in order to facilitate more widespread testing ahead of the Long Term Support cycle. But Canonical engineers feel that the Wayland support isn't mature enough to enable in the next year for Ubuntu 20.04 LTS.
  • Vulkan Working To Expose Video Encode/Decode, Machine Learning
    During this week's Game Developers Conference was the usual Khronos Dev Day where Vulkan, WebGL, glTF, and OpenXR took center stage. During the Vulkan State of the Union some details on their future endeavors were covered. Among some of the larger efforts that are "in flight" are improving the portability of Vulkan to closed platforms without native drivers (MoltenVK, etc), continuing to work on ray-tracing (complementing the existing VK_NV_ray_tracing), exposing video encode/decode through Vulkan, exposing machine learning capabilities, and the separate effort on safety critical Vulkan.

OSS: Blockchain, DeepBrain, Redox OS, OpenBuilds, Red Hat Summit and FOSSASIA

  • It's About Time DApps Unlocked the Mass-Market Momentum for Blockchain
    There’s more to Blockchain technology than Bitcoin and other cryptocurrencies. At its fundamental level, Blockchain technology engenders trusts in inherently trustless environments. Protocol blockchains such as Bitcoin, Ethereum, EOS, GoChain, Steem and xDai have provided a launchpad for developers to work on DApps. DApps are typically open source applications not owned by anyone, immune from downtimes; and that cannot be shut down by a government or its agencies. The rapid proliferation of Decentralized Applications (DApps) powered a bull run in cryptocurrencies in 2017. Right now, there are more than 2000 DApps designed to solve specific market problems across industries such as health, data storage, finance, gaming, and governance.
  • DeepBrain Chain outlines release of DBC 0.3.6.0 beta in progress report
    DeepBrain Chain detailed the release of DBC 0.3.6.0 beta of its AI Training Net, which allows users to rent computing power to train artificial intelligence algorithms. DeepBrain Chain claimed numerous feature inclusions and and improvements, many pertaining to the scheduling and activation of tasks. In DBC 0.3.6.0, if an AI training task has been stopped a specified period of time, its storage will be deleted automatically. However, the task can be restarted at any time before deletion. If a node has been restarted, reactivation of any previous training tasks will require manual user authorization. [...] A decision was made recently by the community concerning the open source licensing of DeepBrain Chain’s code. Over 55 percent of the members polled voted to not make the code fully open source by the end of March.
  • Redox OS 0.5.0
    It has been one year and four days since the last release of Redox OS! In this time, we have been hard at work improving the Redox ecosystem. Much of this work was related to relibc, a new C library written in Rust and maintained by the Redox OS project, and adding new packages to the cookbook. We are proud to report that we have now far exceeded the capabilities of newlib, which we were using as our system C library before. We have added many important libraries and programs, which you can see listed below.
  • Redox OS 0.5 Released With New C Library Written In Rust
    It's been just over one year since the previous release of Redox OS while today this Rust-written operating system has finally been succeeded by Redox OS 0.5.  It's taken a while since the previous release of Redox OS as they have been focusing their attention on Relibc, a C library implementation written within the Rust programming language. Relibc is now used as the operating system's default C library.
  • Get Moving with New Software from OpenBuilds
    If you’re reading Hackaday, you’ve probably heard of OpenBuilds. Even if the name doesn’t sound familiar, you’ve absolutely seen something on these pages that was built with their components. Not only is OpenBuilds a fantastic place to get steppers, linear rails, lead screws, pulleys, wheels, and whatever else you need to make your project go, they’re also home to an active forum of people who are passionate about developing open source machines. As if that wasn’t enough reason to head over to the OpenBuilds website, [Peter Van Der Walt] recently wrote in to tell us about some new free and open source software he and the team have been working on that’s designed to make it easier than ever to get your creations cutting, lasing, milling, and whatever else you could possibly imagine. If you’ve got a machine that moves, they’ve got some tools you’ll probably want to check out.
  • Dive into developer-focused sessions at Red Hat Summit
    Red Hat Summit is just around the corner, and it’s shaping up to be best Red Hat developer event ever. This year, attendees will get to choose from more than 300 sessions, not to mention booth presentations, parties, labs, and training. To help you cut through the clutter, we’ve created a list of developer specific activities and sessions that will help you shape your Red Hat Summit experience. Most of these sessions are part of the Cloud-Native App Dev track, with a few other sessions that we think will appeal to you as a developer. For more information on these sessions, visit the Red Hat Summit session listing page and sort by “cloud-native app dev” track.
  • 10th year of FOSSASIA
    This FOSSASIA was special as it marked its 10th year! It was quite impressive to witness a FOSS conference to continue growing this long with growing community. The four day conference schedule was packed with various interesting talks, workshops, hackathon and other engaging activities.

Reducing sysadmin toil with Kubernetes controllers

Kubernetes is a platform for reducing toil cunningly disguised as a platform for running containers. The element that allows for both running containers and reducing toil is the Kubernetes concept of a Controller. [...] The canonical example of this in action is in how we manage Pods in Kubernetes. A Pod is effectively a running copy of an application that a specific worker node is asked to run. If that application crashes, the kubelet running on that node will start it again. However, if that node crashes, the Pod is not recovered, as the control loop (via the kubelet process) responsible for the resource no longer exists. To make applications more resilient, Kubernetes has the ReplicaSet controller. The ReplicaSet controller is bundled inside the Kubernetes controller-manager, which runs on the Kubernetes master node and contains the controllers for these more advanced resources. The ReplicaSet controller is responsible for ensuring that a set number of copies of your application is always running. To do this, the ReplicaSet controller requests that a given number of Pods is created. It then routinely checks that the correct number of Pods is still running and will request more Pods or destroy existing Pods to do so. By requesting a ReplicaSet from Kubernetes, you get a self-healing deployment of your application. You can further add lifecycle management to your workload by requesting a Deployment, which is a controller that manages ReplicaSets and provides rolling upgrades by managing multiple versions of your application's ReplicaSets. Read more

Android Leftovers