Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Claims a Monopoly Over 'Open Source'

Filed under
Microsoft

Lots of Microsoft Openwashing This Past Week

Filed under
Microsoft

Microsoft Self-Promotion Using the "Linux" Brand

Filed under
Linux
Microsoft

today's leftovers

Filed under
Microsoft
Gaming
Misc
  • Microsoft cloud services may be hitting their limit in some regions [Ed: So what we heard was correct]
  •                    

  • An Unnamed Source Who Shouldn’t Be Anonymous

                         

                           

    “When you find a problem in the source code, it’s very difficult to explain the consequences of that problem to a judge or jury,” he told me. “It’s written in a foreign language, and the effects are hard to trace. We’re rarely able to say, ‘Aha, here’s this person’s breath test and here’s the problem that caused it to be wrong.’”

                           

    Mr. Workman’s mind worked a lot like the computer systems into which he delved: He had a mental index of more than 15 years of legal battles and civic investigations into problems with breath-testing programs, and he knew exactly where to find the incendiary bits. When I dug into flawed test results in Washington, D.C., for example, he sent me a video recording of a police officer turned whistle-blower testifying at an oversight hearing.

  •                    

  • The upcoming action RPG Bound By Blades now has a Linux demo

    Developer Zeth recently put up a Linux demo of their in-development action RPG, Bound By Blades, which is in need of some testing and feedback.

    Using a pretty fun sounding four-corner combat system, where you run from corner to corner around the outside of enemies and attack/defend at each point. It's pretty unusual and good to see something a little different. Sadly, their recent Kickstarter failed to get funding. However, they've confirmed development will continue but it's going to be smaller in scope.

  • Proton GE has a another new release out with patches for GTA V and lots of updates

    Proton GE, the unofficial and updated build of Proton for Steam Play has another big new release out. To help those who can't wait for Valve/CodeWeavers to update the official Proton or you need some extra fixes.

    With Proton-4.19-GE-1 now available it includes updated builds of DXVK, D9VK, FAudio and Vkd3d. On top of that, it's also pulled in patches to help with GTA V and the Rockstar Launcher, a patch to help with Origin client downloads, patches to fix Skyrim SkyUI status effect icons, patches to help Mortal Kombat 11 run (although online matches won't work) and more.

  • Linux Action News 130

    Fedora arrives from the future, the big players line up behind KernelCI, and researchers claim significant vulnerabilities in Horde.

    Plus, Google's new dashboard for WordPress and ProtonMail's apps go open source.

  • stress-ng Embedded Linux Conference Europe 2019 presentation
  • Giveaway Week – Balena Fin Developer Kit

    We’ve been organizing “giveaway weeks” every year since 2014 on CNX Software to send some of the review samples to our readers.

FUD, Security and Microsoft Spin

Filed under
Microsoft
Security
  • Commercial vs open source software [Ed: Falsehoods all along. FOSS is also "commercial"; they deceive to make proprietary software seem like the only option for commerce]

    Every business owner that needs a personalized software needs to make a choice between two options. Choosing a commercial software or open-source software. If you are not familiar with these two terms, worry not, we’ll explain everything.

  • The need for open source audits in cybersecurity M&As [Ed: Microsoft-connected Black Duck is smearing FOSS again... to sell its proprietary software snakeoil]
  • Software Security Witching Hour is Upon us [Ed: Microsoft-connected Black Duck continues to attack FOSS with FUD. Microsoft hates FOSS. It just uses Synopsys et al as proxies for the badmouthing.]
  • Let’s Talk Open Source Trends (A 2020 Early Look) [Ed: Well, Flexera views "open source" as little more than opportunity for "compliance" job (money), much like Black Duck]

    There are two emerging trends to take note of now. First, there’s an increased importance around open source compliance and security due to specific industry regulatory changes and requirements. For example, this year the PCI Security Standards Council introduced a new standard of making electronic payments more secure. The standard requires software companies to continuously identify and assess weaknesses in software applications, including the entire software supply chain; key word here being “continuously.” Prior to the implementation of this standard, companies were advised to monitor their use of open source software with no emphasis on ongoing scanning and management.

  • The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic [Ed: NSA collusion with Microsoft gives us this and much more]

    When Microsoft revealed last May that millions of Windows devices had a serious hackable flaw known as BlueKeep—one that could enable an automated worm to spread malware from computer to computer—it seemed only a matter of time before someone unleashed a global attack. As predicted, a BlueKeep campaign has finally struck. But so far it's fallen short of the worst case scenario.

    Security researchers have spotted evidence that their so-called honeypots—bait machines designed to help detect and analyze malware outbreaks—are being compromised en masse using the BlueKeep vulnerability. The bug in Microsoft's Remote Desktop Protocol allows a hacker to gain full remote code execution on unpatched machines; while it had previously only been exploited in proofs of concept, it has potentially devastating consequences. Another worm that targeted Windows machines in 2017, the NotPetya ransomware attack, caused more than 10 billion dollars in damage worldwide.

    But so far, the widespread BlueKeep hacking merely installs a cryptocurrency miner, leeching a victim's processing power to generate cryptocurrency. And rather than a worm that jumps unassisted from one computer to the next, these attackers appear to have scanned the internet for vulnerable machines to exploit. That makes this current wave unlikely to result in an epidemic.

  • Hackers can steal the contents of Horde webmail inboxes with one click [Ed: Microsoft Zack ('former' employee) not covering Microsoft NSA back doors that cause billions in damage, instead trying to damage the name of FOSS because sending people a malicious link and a trick can cause problems?

    A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox.

    Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the wider open-source community. It’s used by universities, libraries and many web hosting providers as the default email client.

    Numan Ozdemir disclosed his vulnerabilities to Horde in May. An attacker can scrape and download a victim’s entire inbox by tricking them into clicking a malicious link in an email.

  • New Tool Will Find Secrets – Including Crypto Keys – in Your Public Code

    The app, which is open source, scans code repository GitHub for dangerous files and data. As a beginning coder, you may have left your password data or private keys inside public repository without realizing. When this happens, hackers and other nasties can easily access your stuff.

  • Briefing: Microsoft's GitHub Employees Still Pushing Back On ICE Contract

    Employees from Microsoft’s GitHub subsidiary are continuing to voice their concerns over the recent decision to renew a software contract with U.S. Immigration and Customs Enforcement (ICE), and least one GitHub employee has resigned in protest, the Los Angeles Times reported.

    The situation illustrates the difficulties large software companies sometimes experience when integrating acquisitions of smaller companies.

    GitHub, which has built a more diverse and inclusive corporate culture in the years following a gender harassment scandal in 2014, is one of several open source companies where employees pay close attention to how their products are used, said Josh McKenty, an executive who has worked at companies that sell open source software.

    “The open source ethos represents a fundamental attitude of being able to control what happens to your work product,” he said.

GEEK TO ME: Linux as a Windows alternative involves a steep learning curve

Filed under
GNU
Linux
Microsoft

For some people, such as yourself, Linux is a great alternative to Windows. It’s cheap enough – usually free. It requires less memory, and less CPU horsepower than Windows, making it an excellent choice for keeping older hardware alive. But, for many (I would say most) users, for all the reasons above, and probably more, it’s just not a good fit.

Read more

EU link (the above is blocked in the EU for breaching GDPR): GEEK TO ME: Linux as a Windows alternative involves a steep learning curve

Censorship at Microsoft GitHub and Employees Protesting, Leaving

Filed under
Development
Microsoft
  • Github removes Tsunami Democràtic’s APK after a takedown order from Spain

    Microsoft-owned Github has removed the APK of an app for organizing political protests in the autonomous community of Catalonia — acting on a court takedown request sent by Spain’s Guardia Civil, a national police force with military status.

    As we reported earlier this month supporters of independence for Catalonia have regrouped under a new banner — calling itself Tsunami Democràtic — with the aim of rebooting the political movement and campaigning for self-determination by mobilizing street protests and peaceful civil disobedience.

    The group has also been developing bespoke technology tools to coordinate protest action. It’s one of these tools, the Tsunami Democràtic app, which was being hosted as an APK on Github and has now been taken down.

  • GitHub is trying to quell employee anger over its ICE contract. It’s not going well

    When GitHub Chief Executive Nat Friedman announced on Oct. 9 his company would donate half a million dollars to nonprofits helping communities affected by the Trump administration’s immigration policies, it was a peace offering of sorts.

    Employees had recently learned that the Microsoft-owned software development platform had renewed its 2016 contract with the U.S. Immigration and Customs Enforcement Agency.

    In donating the money and making clear his personal disagreement with harsh immigration law enforcement, Friedman appeared intent on averting an internal protest of the sort that has roiled other technology firms whose software powers controversial government policies.

    It didn’t work.

    In the weeks since, frustration has risen among some within GitHub. After promising to address questions on the ICE relationship at a Q&A session scheduled for Oct. 11, executives canceled the meeting, blaming the cancellation on employee leaks, according to an email reviewed by The Times. At an all-hands meeting held Oct. 24, executives did not discuss the results of a quarterly survey showing negative sentiment toward GitHub’s leadership as planned, according to two employees.

    With the issue refusing to go away, GitHub executives have changed their internal messaging, including a memo to employees saying that barring ICE from “access to GitHub could actually hurt the very people we all want to help,” in the words of Chief Operating Officer Erica Brescia.

    “We have learned from a number of nonprofits and refugee advocates that one of the greatest challenges facing immigrants is a lack of technology at ICE and related agencies, resulting in lost case files, court date notifications not being delivered, or the wrong people being charged or deported,” read a companywide posting sent Oct. 22, signed by Brescia and the leadership team.

    Brescia’s letter was a second response to an Oct. 9 open letter from employees calling on GitHub to cancel its contract with ICE. The employees behind it said continuing to work with ICE would make the San Francisco-based company “complicit in widespread human rights abuses.” In the company’s initial response, Friedman said that though he disagreed with the immigration policies ICE is enforcing, canceling the contract would not convince the Trump administration to change them. Friedman also said the revenue from the contract — about $200,000 — was not financially material for the company.

    In response to requests for comment, GitHub referred The Times back to Friedman’s Oct. 9 blog post.

    GitHub is just the latest tech company to face employee resistance to government contracts, particularly those with the Department of Homeland Security. In June 2018, Google, facing employee opposition, said it would not renew its contract to develop artificial intelligence systems for the Pentagon. In the same month, 500 Amazon workers called on executives to stop selling facial recognition to the government, without result. Employees of the e-commerce brand Wayfair walked out of their offices in June 2019 to protest the sale of beds to immigration detention centers.

Microsoft Windows Goes Ballistic in India

Filed under
Microsoft
Security
  • Indian Nuclear Power Facility Denies Unverified Reports of a Cyber Attack

    A statement attributed to R. Ramdoss, the training superintendent and information officer at the plant, clarified that 'Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and Internet,' apparently asserting that physical separation from global networks --or 'air-gapping' --would suffice as a protective measure.

  • Cyber attack at Kudankulam; critical system safe [iophk: Windows TCO]

    'Domain controller-level access [gained] at Kudankulam Nuclear Power Plant. The government was notified way back,' said cyber security professional Pukhraj Singh, who in a series of tweets on Monday and Tuesday contended that he was first alerted by a 'third party that discovered the hack and had in turn alerted the National Cyber Security Coordinator on September 3.

  • In these hours an alleged cyber attack on the Kudankulam Nuclear Power Plant in Tamil Nadu made the headlines, but the KKNPP denies it.

    Worrying news made the headlines, the Kudankulam Nuclear Power Plant (KKNPP) was hit by a cyber attack. Some users are claiming on the social media that a piece of the 'DTrack' malware has infected the systems at the KKNPP.

    The DTrackmalware was described by Kaspersky in September as a tool that could be used to spy on the victims and exfiltrate data of interest. The malware supports features normally implemented in remote access trojan (RAT). Below a list of some functionalities supported by the Dtrack payload executables analyzed by Kaspersky: [...]

  • Over 15 Indian States Have Been Infected By The Dtrack Malware: Kaspersky Report

    Researchers at Kaspersky had also uncovered "ATMDtrack" back in 2018, a malware that invades the Indian Automated Teller Machines (ATMs) and steal customer card data. "Following further investigation using the Kaspersky Attribution Engine and other tools, the researchers found more than 180 new malware samples which had code sequence similarities with the ATMDtrack - but at the same time clearly were not aimed at ATMs," Kaspersky told IANS.

  • What is Dtrack, the spytool that is to blame for attacks on Indian financial institutions?

    Cybersecurity firm Kaspersky announced the discovery of Dtrack, a hitherto undetected spytool which has proliferated Indian financial institutions and research centres. The new spyware is a different strain of the ARMDtrack malware that was discovered in 2018. It was created to infiltrate ATMs in the country and siphon card data of customers.

Proprietary Attacks on Software Freedom

Filed under
Microsoft
OSS
  • Microsoft Pentagon Win Changes Cloud Game But Will Face Protests

    In the past year, Azure has racked up some large deals from Kroger Co. to AT&T Inc., but a customer as big, demanding and secretive as the Pentagon will go a long way toward cementing Azure’s reputation as a serious contender.

    Amazon, which won a lucrative cloud contract with the Central Intelligence Agency in 2013, was seen to have the upper hand in the competition. But politics entered the picture. Trump has long been at odds with Amazon’s Chief Executive Officer Jeff Bezos. The world’s richest man also owns the Washington Post, which Trump claims has treated him unfairly in its coverage.

  • I'm not Boeing anywhere near that: Coder whizz heads off jumbo-sized maintenance snafu

    We're back again with Who, Me?, The Register's Monday morning crowdsourced tale of reader misdeeds and close calls.

    Today's confession from "Pete" will tighten the sphincters of those who flew on Boeing's finest back when 1990 rolled around.

    Pete was something of a multimedia whizz at a time when Windows 3.0 was a thing, sound cards were unusual and CD-ROMs even more so. He was fresh off an award-winning stint coding up the multimedia add-on for a well-known UK publication.

    It was early days for the technology, and Pete had cleverly coded things so audio would play from the mixed-mode CD if users lacked a sound card, but the indexing software leaked memory like a sieve under Windows 3.0. The vendor ended up having to send their lead programmer over to Blighty to sort out the issues but Pete persevered "and my CD-ROM launched successfully on Mac and Windows".

  • Not LibreOffice too? Beloved open-source suite latest to fall victim to the curse of Catalina

    Users who download and attempt to run LibreOffice on the new macOS Catalina are presented with two options – "Move to bin" or "Cancel".

    In the face of being told that the developer cannot be verified, savvy users will know that there must be more options – and there are. If you cancel the dialog, you can head to Security and Privacy in Preferences, where there is an option alongside the blocked application to "Open anyway". Then you get another warning message, but this time with an option to take your chances and Open. The good news is that you only need to do this once, but it is a considerable annoyance.

    Apple reminded developers earlier this month that apps must be notarized to run on Catalina. "In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina. Make sure to test all versions of your software on the macOS Catalina GM seed and submit it to Apple to be notarized."

    [...]

    LibreOffice is not the only open-source project to suffer at the hands of Catalina. The GIMP image-editing application also has problems, giving permission errors when trying to access files in locations such as Desktop and Documents. What should happen is that macOS prompts you for permission, but this dialog is not being triggered. A workaround is to run GIMP from the Terminal, visiting any required folders from the command line before launching the application. The thread referenced above has more details.

  • Ethical Open Source: Is The World Ready? [Ed: Can we please stop feeding known trolls who are trying to destroy Software Freedom with so-called 'ethical' licences?]

    Most users of OSS have been content to rely upon OSS licenses (many less restrictive than the GPL), that are approved and maintained for the ‘good of the community’ by the Open Source Initiative (OSI), a California-based public benefit company that sees itself as the steward of the cause. OSI is the creator (and proponent) of the Open Source Definition, a detailed document that sets out the central tenants of certain OSS philosophy —including requirements of free distribution, distribution of source code, integrity of the author’s source code, code not specific to a product, license to be technology-neutral, etc. —governing which OSS licenses can be labeled with the open-source certification mark, the OSI “seal of approval.”

    However, the open source status quo is increasingly being challenged by a number of developers who are unsatisfied with the current state of ethics in open source. These individuals advocate a more activist approach to ethics by creating new OSS licenses that contain deliberate moral clauses that most certainly contravene the current Open Source Definition. Three such licenses will be briefly discussed, followed by analysis as to likely next steps.

Syndicate content

More in Tux Machines

today's howtos

GameMode 1.5

  • Feral's GameMode 1.5 Now Supports Changing The CPU Governor Differently For iGPUs

    With Feral's GameMode 1.5 the big change facing users is for those running integrated graphics. In a change led by an Intel open-source graphics driver developer, GameMode now supports setting an alternative CPU frequency scaling governor for integrated graphics use-cases. Up to now GameMode has defaulted to always using the "performance" CPU frequency scaling governor for normally delivering the best performance, but for integrated graphics that in some situations can lead to lower performance. Due to the integrated graphics and CPU cores sharing the same power envelope, ramping up the CPU performance can throw the graphics performance out of balance and at least for some games lead to lower performance. So with GameMode 1.5, the user can now opt for "powersave" or an alternative governor instead when using an iGPU.

  • Feral Interactive's open source 'GameMode' system performance booster has a new release

    Feral Interactive don't just port a lot of games to Linux, they also work on some open source bits here and there. One of their projects is GameMode, which just got a new release. GameMode is a "daemon/lib combo for Linux that allows games to request a set of optimisations be temporarily applied to the host OS and/or a game process". In simple terms, it can help ensure your Linux PC is giving the game all it can to run smoothly. Looks like someone new is handling the project too, with Alex Smith having left Feral Interactive.

Mozilla on Privacy Badger, Rust and Digital ID Systems

  • Firefox Extension Spotlight: Privacy Badger

    People can't be expected to understand all of the technically complex ways their online behavior is tracked by hidden entities. As you casually surf the web, there are countless techniques different third party actors use to secretly track your online movement. So how are we supposed to protect our privacy online if we don't even understand how the game works? To help answer this, the good folks at the Electronic Frontier Foundation (a non-profit devoted to defending digital privacy) built Privacy Badger--a browser extension designed to give you highly advanced tracking protection, while requiring you to do nothing more than install it on Firefox. No configuration, no advanced settings, no fuss. Once you have Privacy Badger installed, it automatically scours every website you visit in its relentless hunt for hidden trackers. And when it finds them, blocks them.

  • This Week In Rust: This Week in Rust 322
  • What could an “Open” ID system look like?: Recommendations and Guardrails for National Biometric ID Projects

    Digital ID systems are increasingly the battlefield where the fight for privacy, security, competition, and social inclusion is playing out. In our ever more connected world, some form of identity is almost always mediating our interactions online and offline. From the corporate giants that dominate our online lives using services like Apple ID and Facebook and Google’s login systems to government IDs which are increasingly required to vote, get access to welfare benefits, loans, pay taxes, get on transportation or access medical care. Part of the push to adopt digital ID comes from the international development community who argue that this is necessary in order to expand access to legal ID. The UN Sustainable Development Goals (SDGs) call for “providing legal identity for all, including birth registration” by 2030. Possessing legal identity is increasingly a precondition to accessing basic services and entitlements from both state and private services. For the most marginalised communities, using digital ID systems to access essential services and entitlements from both state and private services are often one of their first interactions with digital technologies. Without these commonly recognized forms of official identification, individuals are at risk of exclusion and denial of services. However, the conflation of digital identity as the same as (or an extension of) “legal identity”, especially by the international development community, has led to an often uncritical embrace of digital ID projects. In this white paper, we survey the landscape around government digital ID projects and biometric systems in particular. We recommend several policy prescriptions and guardrails for these systems, drawing heavily from our experiences in India and Kenya, among other countries. In designing, implementing, and operating digital ID systems, governments must make a series of technical and policy choices. It is these choices that largely determine if an ID system will be empowering or exploitative and exclusionary. While several organizations have published principles around digital identity, too often they don’t act as a meaningful constraint on the relentless push to expand digital identity around the world. In this paper, we propose that openness provides a useful framework to guide and critique these choices and to ensure that identity systems put people first. Specifically, we examine and make recommendations around five elements of openness: multiplicity of choices, decentralization, accountability, inclusion, and participation.

Red Hat/IBM: Red Hat Enterprise Linux, OpenShift 4.3 and OpenSCAP

  • Red Hat Enterprise Linux 8 for SAP Solutions on IBM POWER9: An open foundation to power intelligent business decisions

    At Red Hat Summit 2019, we unveiled Red Hat Enterprise Linux 8, the next generation of the world’s leading enterprise Linux platform, which provides the scale, flexibility and innovation to drive enterprise workloads across the hybrid cloud. Even with the advancements across the platform, we recognize that there’s no singular panacea to overcome every unique IT challenge. To meet these needs, Red Hat delivers specialized offerings built around Red Hat Enterprise Linux to address specific hardware, applications and environment requirements, and Red Hat Enterprise Linux 8 continues this strategy with the availability of Red Hat Enterprise Linux 8 for SAP Solutions on IBM Power Systems (POWER9).

  • OpenShift 4.3: Quay Container Security Integration

    In the Red Hat OpenShift 4.2 Web UI Console, we introduced a new Cluster Overview Dashboard as the landing page when users first log in. The dashboard is there to help users resolve issues more efficiently and maintain a healthy cluster. With the latest 4.3 release, we added an image security section to the cluster health dashboard card. This section will appear on the dashboard when the Container Security Operator gets installed.

  • Deploying OpenSCAP on Satellite using Ansible

    In many environments today, security is one of the top priorities. New information security vulnerabilities are discovered regularly, and these incidents can have a significant impact on businesses and their customers. Red Hat customers I talk to are frequently looking for tools they can use to help evaluate and secure their environments. One of these tools is OpenSCAP, which is included in Red Hat Enterprise Linux (RHEL), and can perform compliance and vulnerability scanning on RHEL servers. Satellite makes OpenSCAP easier to use by allowing you to deploy the OpenSCAP agent to hosts, manage the OpenSCAP policies centrally, and to view OpenSCAP reports from the Satellite web interface.