Language Selection

English French German Italian Portuguese Spanish

November 2019

Proprietary Software and Digital Jails

Filed under
Hardware
Software
  • checkra1n on Linux nearing release, Apple TV DFU helper coming too

    Despite being a closed ecosystem, iDevice users enjoy an advanced level of control over the OS through jailbreaking. But, not many opt for it because the Cupertino tech giant denies warranty claims for jailbroken gadgets.

    Moreover, one has to choose the jailbreaking tool so carefully that an incompatible selection will make your iPhone/iPad a fiasco. Owing to the frequent vulnerability fixes released by Apple, we can’t use a single tool for every iOS iteration.

  •                    

  • Jony Ive is no longer on Apple's leadership page

                         

                           

    His new firm is called LoveForm, which sounds an awful lot like LoveFilm - right down to the fact that both will score you 16 in a Scrabble match, assuming you're competing without someone that plays fast and loose with the ‘no brand names' rule. That's where the similarities end though: it's more focused on design than posting DVDs to people.

                           

    Unlike most people starting their own business, Ive won't have to hustle for new clients right away. Apple led the press release announcing Ive's exit by saying it would be one of LoveForm's clients, which is kind of like writing a blank cheque. But, hey, if anybody can write a blank cheque and not worry about the consequences then it's Cook & Co.

  •                    

  • Security firm Prosegur hit by Windows Ryuk ransomware

                         

                           

    Well-known British security researcher Kevin Beaumont was one of the first to point to a statement on on the Spain-based company's website in which it said that there had been "a security information incident on its telecommunications platforms".

                           

    Prosegur is the largest security firm in Spain and listed on Madrid Stock Exchange in 1987.

Entrapment in Microsoft GitHub

Filed under
Microsoft
  • Alibaba Cloud makes available its self-developed algorithm via open source on Github [Ed: Outsourcing one's code to a proprietary spying and censorship platform of a foreign firm and foreign regime]

    Launched in 2009 and headquartered in Singapore, the cloud subsidiary of Alibaba Group offers cloud computing services to enterprises.

  • Alibaba Publishes AI Algorithms on Github [Ed: Alibaba gives its code to Microsoft to further facilitate surveillance]
  • GitHub Seeks Security Dominance With Developers [Ed: GitHub is proprietary software in NSA PRISM, so assume back doors. Ignore these Forbes puff pieces of Microsoft (lots of them).]
  • Rav1e Picks Up More Speed Optimizations For Rust-Written AV1 Encoding [Ed: Still stuck inside GitHub]

    The Rust-based "rav1e" AV1 video encoder continues picking up performance optimizations. 

    During the month of November we've seen SSE4.1 and various x86 Assembly optimizations, other CPU performance optimizations, and also happening recently was the initial tagged release of rav1e (v0.1). 

  • Daniel Stenberg: curl: 25000 commits [Ed: Unhealthy dependence on GitHub]

    The first ever public release of curl was uploaded on March 20, 1998. 7924 days ago.

    3.15 commits per day on average since inception.

    These 25000 commits have been authored by 751 different persons.

    Through the years, 47 of these 751 authors have ever authored 10 commits or more within a single year. In fact, the largest number of people that did 10 commits or more within a single year is 13 that happened in both 2014 and 2017.

    19 of the 751 authors did ten or more changes in more than one calendar year. 5 of the authors have done ten or more changes during ten or more years.

Openwashing by Microsoft and the US Air Force

Filed under
Microsoft
  • Microsoft Teams spurs open source in Aussie channel [Ed: Gross case of openwashing. How on Earth did Microsoft manage to have proprietary software that's mass surveillance inside businesses framed as "open source"?

    Qbot is the brainchild of UNSW senior lecturer David Kellermann. Antares helped bring Qbot to life and, as it is the bot's primary developer, supports the code.

  • US Air Force says they are developing an Open Source Jet Engine

    The Responsive Open Source Engine (ROSE) is designed to be cheap enough that it can be disposable, which has obvious military applications for the Air Force such as small jet-powered drones or even missiles. But even for the pacifists in the audience, it’s hard not to get excited about the idea of a low-cost open source turbine. Obviously an engine this small would have limited use to commercial aviation, but hackers and makers have always been obsessed with small jet engines, and getting one fired up and self-sustaining has traditionally been something of a badge of honor.

    The economies of scale generally dictate that anything produced in large enough numbers will eventually become cheap. But despite the fact that a few thousand of them are tearing across the sky above our heads at any given moment, turbine jet engines are still expensive to produce compared to other forms of propulsion. The United States Air Force Research Laboratory is hoping to change that by developing their own in-house, open source turbine engine that they believe could reduce costs by as much as 75%.

Red Hat, IBM and SUSE

Filed under
Red Hat
SUSE
  • Raytheon Leans on Red Hat to Advance DevSecOps

    Jon Check, senior director for cyber protection solutions for Raytheon Intelligence, Information and Services, said Raytheon has developed a set of DevSecOps practices for organizations building applications deployed in highly secure environments, involving government contracts.

    Raytheon and these customers have been challenged by a chronic shortage of IT professionals with the appropriate level of clearance to work on these classified projects. To overcome that issue, Check said Raytheon developed what it describes as a “code low, deploy high” approach to DevSecOps. Developers who lack security clearances can still build applications; however, those applications can only be deployed by IT professionals having the appropriate security clearance.

    In addition, Check said Raytheon has developed integrations between its DevSecOps framework and various IT tools based on the ITIL framework, which so many IT operations teams depend on to foster collaboration across the application development and deployment process. For example, he said, whenever code gets checked into a repository, an alert can be sent to an IT service management application from ServiceNow.

  •                    

  • [Older] IBM: ‘Mac users are happier and more productive’ [iophk: duh]

                         

                           

    IBM CIO Fletcher Previn talked up fresh IBM findings that show those of its employees who use Macs are more likely to stay with IBM and exceed performance expectations compared to [Windows] users.

  •                    

  • [Older] IBM: Mac users perform better at work and close larger high-value sales compared to [Windows] users

                         

                           

    Today, IBM announced some major news showing the benefits of using a Mac over a [Windows machine] at work. According to IBM research, there are 22% more macOS users who exceed expectations in performance reviews compared to Windows users. High-value sales deals also tend to be 16% higher for Mac users compared to [Windows] users.

  •                    

  • [Older] IBM: Our Mac-Using Employees Outperform Windows Users in Every Way

                         

                           

    According to IBM, one staff member can support 5,400 Mac users, while the company needed one staff member per 242 [Windows] users. Only 5 percent of Mac users called the help desk for assistance, compared with 40 percent of [Windows] users. This Mac-IBM love affair has been ongoing for a few years, and the same IBM PR points out that in 2016, IBM CIO Fletcher Previn declared that IBM saves anywhere from $273 to $543 when its end users choose Mac over [Windows].

  • Centiq receives highest SUSE Solution Partner certification to bolster best-in-class enterprise cloud application migration and implementation expertise for SAP projects
  • Noop now named none

    Lately more and more people approached me with saptune warnings regarding ‘noop’ being an invalid scheduler.
    With new Servie Packs we see a transition from non-multiqueue schedulers (noop, cfq, deadline) to multiqueue schedulers (none, mq-deadline, bfq, kyber).
    This transition will be finished with kernel 5.x (SLES 15 SP2). Only multiqueue schedulers will remain.
    Even if you do not have upgraded lately, new hardware like NVMe’s can come with multiqueue support only.

Games and Programming: Epic Games, Godot, Haskell and Python

Filed under
Development
Gaming
  • Epic Games have awarded the FOSS game manager Lutris with an Epic MegaGrant

    The Lutris team announced yesterday that Epic Games have now awarded them a sum of money from the Epic MegaGrants pot.

    In the Patreon post, the Lutris team announced they've been awarded $25,000. While this might be quite a surprise to some, Tim Sweeney the CEO of Epic Games, did actually suggest they apply for it which we covered here back in April. To see it actually happen though, that's seriously awesome for the team building this free and open source game manager.

  • Play-ing with Godot

    I’ve finally come to a point where I have a project that is useful, and at a good enough quality (anyone with graphics skills who wants to help?) to be shared with the broader world: Mattemonster. What I’m trying to say is that I just went through the process of publishing a Godot app to the Google Play store.

    There is already good documentation for how you export a Godot app for Android, and detailed guides how to publish to Google Play. This blog is not a step by step tutorial, but instead mentioning some of the things I learned or noticed.

    First of all, when setting up the Android tooling, you usually have an android-tools package for your distro. This way, you don’t have to install Android Studio provided by Google.

    The configuration settings that you use to export your app goes into the export_presets.cfg file. Once you put the details for your release key in, you should avoid storing this file in a public git, as it contains sensitive data. But even before then, it contains paths that are local to your machine, so I would recommend not storing it in a public git anyway, as it makes merging with others painful.

  •      

  • Haskell
  • Python 3.7.5 : Script install and import python packages.

    This script will try to import Python packages from a list.
    If these packages are not installed then will be installed on system.

Security: Updates, Ken Thompson's Chess Secret, Healthcare Breaches Spike in October, "Private Internet Access Sold Out!" and Undercover Mode for the Fedora Security Lab

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel).

  • Friday Fluff: Chess password cracked after four decades

    A good password paired with strong encryption protects data against unexpected loss. No password is unbreakable, but some can last for quote a long time. After 39 years, recently a few old Unix passwords were cracked. Computer pioneer Ken Thompson had hidden his access behind a chess opening.

  • ThreatList: Healthcare Breaches Spike in October

    October experienced a 44.44 percent month-over-month increase in healthcare data breaches, resulting in 661,830 healthcare records exposed or stolen during the month.

    That’s according to the Health and Human Services (HHS) Office for Civil Rights’ monthly report reported via HIPAA Journal. The department said that hospitals and other healthcare organizations reported 52 breaches to HHS during the month. Year-to-date, the total number of breached healthcare records stands at 38 million, affecting 11.64 percent of the population of the United States.

  • Private Internet Access Sold Out! | Choosing A New VPN

    This video goes over the purchase of Private Internet Access and Choosing a new VPN. I also layout the 3 points you NEED when choosing a new VPN.

  • Undercover mode for the Fedora Security Lab

    Every time when there is a new release of Kali Linux it doesn’t take long till people start to ask when a feature or tool will be added to the Fedora Security Lab.

    This time the most asked feature is the “undercover mode”.

    To make it short: Never.

    The reason is that the Fedora Security Lab live media doesn’t need this. We are running Xfce (in the meantime for several years now) with the default Fedora wallpaper and a default theme. It pretty hard to tell (reading impossible if you don’t have the menu open) for a person who only get a quick look at your desktop that you have a lot of specialized tools at your disposal.

    You are even stealthier if you only add the Fedora Security Lab toolset to your default Fedora installation. This make the Fedora Security Lab the perfect tool to perform security-related tasks in an office environment at customer’s sites.

Debian and Canonical/Ubuntu: Debian's Outreachy Interns, Debian LTS and Mir/Ubuntu Core Promotion

Filed under
Debian
Ubuntu
  • Debian welcomes its new Outreachy interns

    Debian continues participating in Outreachy, and we'd like to welcome our new Outreachy interns for this round, lasting from December 2019 to March 2020.

    Anisa Kuci will work on Improving the DebConf fundraising processes, mentored by Karina Ture and Daniel Lange.

    Sakshi Sangwan will work on Packaging GitLab's JS Modules, mentored by Utkarsh Gupta, Sruthi Chandran and Pirate Praveen.

    Congratulations, Anisa and Sakshi! Welcome!

  • Mike Gabriel: My Work on Debian LTS/ELTS (November 2019)

    In November 2019, I have worked on the Debian LTS project for 15 hours (of 15 hours planned) and on the Debian ELTS project for 5 hours (of 5 hours planned) as a paid contributor.

    For LTS, I, in fact, pulled over 1.7 hours from October, so I realy only did 13.3 hours for LTS in November.

    (This is only half-true, I worked a considerable amount of hours on this libvncserver code bundle audit, but I am just not invoicing all of it).

  • Build smart display devices with Mir: fast to production, secure, open-source

    Mir is a library for writing graphical shells for Linux and similar operating systems. Compared to traditional display servers, it offers numerous benefits that are important for IoT devices: efficiency, speed of development, security, performance, and flexibility. All are required by the devices of today, and even more so for the devices of tomorrow. In this whitepaper we’ll explain how Mir, alongside Ubuntu Core and Snapcraft, lets developers build devices that are ready for the future of IoT, while offering stable, secure and performant solutions to the problems the industry faces today.

More in Tux Machines

Proprietary Software and Digital Restrictions (DRM)

  • GitHub still won’t explain if it fired someone for saying ‘Nazi,’ and employees are pissed

    The current conflict began the day of the riots in Washington, DC when a Jewish employee told co-workers: “stay safe homies, nazis are about.” Some colleagues took offense to the language, although neo-Nazi organizations were, in fact, present at the riots. One engineer responded: “This is untasteful conduct for workplace [in my opinion], people have the right to protest period.”

  • Amazon Web Services opens first office in Greece

    It said services covered areas from big data analytics and mobile, web and social media applications to enterprise business applications and the internet of things.

  • Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

    Researchers believe the vulnerability, tracked as CVE-2021-1647, has been exploited for the past three months and was leveraged by hackers as part of the massive SolarWinds attack. Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.

    Affected versions of Microsoft Malware Protection Engine range from 1.1.17600.5 to 1.1.17700.4 running on Windows 10, Windows 7 and 2004 Windows Server, according to the security bulletin.

  • Making Clouds Rain :: Remote Code Execution in Microsoft Office 365

    TL;DR; This post is a story on how I found and exploited CVE-2020-168751, a remote code execution vulnerability in Exchange Online and bypassed two different patches for the vulnerability. Exchange Online is part of the Office 365 suite that impacted multiple cloud servers operated by Microsoft that could have resulted in the access to millions of corporate email accounts.

  • Dropbox lays off 11% of its workforce as COO departs

    Dropbox in November provided revenue guidance of $497 million to $499 million for the fourth quarter. The company said at the time that it’s aiming to achieve margins of 28% to 30% in the long term.

  • Technical Error 'Saw 150,000 U.K. Police Records Wiped' From Databases

    Police have been asked to assess if there is a threat to public safety after it was revealed that thousands of police records were deleted in error, including data on fingerprints, DNA, and arrest histories.

    The error, first reported in the Times, saw 150,000 files lost, with fears it could mean offenders go free. A coding error is thought to have caused the earmarking of the files for deletion.

    The U.K. Home Office said the lost entries related to people who were arrested and then released without further action and no records of criminal or dangerous people had been deleted. Home secretary Priti Patel is now under pressure to explain the mistake, which the opposition Labour party said "presents huge dangers" for public safety.

  • January 2021 Linux Foundation Newsletter: Bootcamp Sale, SolarWinds Orion, New Kubernetes & WebAssembly Classes, LFX Webinar Series
  • How I hijacked the top-level domain of a sovereign state

    Note: This issue has been resolved and the .cd ccTLD no longer sends NS delegations to the compromised domain.

    TL;DR: Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I (@Almroot) bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD that could have been exploited for MITM or other abuse.

  • Apple begins blocking M1 Mac users from side loading iPhone and iPad applications

    As a refresher, Apple Silicon Macs allow users to run iOS and iPad applications on their Mac, but developers can opt out of allowing their apps to be installed on the Mac. This is the path that many developers have taken, making the necessary change in App Store Connect to remove their app from the Mac App Store.

    But with that being said, until today, you could manually install iOS apps like Netflix, Instagram, and Facebook on an M1 Mac by using their respective IPA files downloaded under a valid Apple ID. Many people were using tools such as iMazing to complete this process.

    9to5Mac has now confirmed that, starting today, this is no longer possible unless the application is available on the Mac App Store. Apple has flipped the necessary sever-side switch to block iPhone and iPad applications from being installed on Apple Silicon Macs.

  • Apple is blocking Apple Silicon Mac users from sideloading iPhone apps

    Apple has turned off users’ ability to unofficially install iOS apps onto their M1 Macs (via 9to5Mac). While iOS apps are still available in the Mac App Store, many apps, such as Dark Sky and Netflix, don’t have their developer’s approval to be run on macOS. Up until now, there was a workaround that allowed the use of third-party software to install the apps without having to use the Mac App Store, but it seems like Apple has remotely disabled it.

    When we tried to install an unsupported app on an M1 Mac running macOS 11.1, we got an error message saying that we couldn’t install it and should “try again later”. You can see a screenshot at the top of this article.

  • Apple TV Plus Free Subscriptions Extended Again, This Time Through July 2021

    The tech giant is extending the free-access period for Apple TV Plus customers who have signed up through its 12-month free subscription offer through July 2021. That’s after it had previously pushed that gratis period to February. So if you were among the first to take the one-year-free deal back in November 2019, that’s turned into 21 months free of Apple TV Plus.

  • Spotify Enters Settlement Talks With PRO Music Rights Founder Jake P. Noch

    But a new legal filing, shared with DMN this afternoon, reveals that Spotify and Noch have officially entered settlement talks. The involved parties “jointly” moved for a 60-day stay, “including discovery and all deadlines,” so that they can “attempt to negotiate a resolution of this matter,” the three-page-long document (dated January 13th, 2021) indicates.

    Furthermore, the filing specifies that Sosa Entertainment, Jake P. Noch, and Spotify “have recently made progress towards a potential resolution of the litigation.” The joint motion doesn’t elaborate upon the terms of this possible agreement – though Noch said in a statement that he’s eager to begin working towards an “excellent resolution” in earnest.

  • The FSF fights for your right to repair

    It is this example of automated vehicles that served as inspiration for the FSF's animated video Fight to Repair.

    However, any technology we use could potentially be co-opted by the proprietary, DRM-controlled subscription model Tesla and the tractor manufacturers are proposing. Imagine your "smart home" having a broken lock, or worse, being broken into, and not having the control, or the simple right to repair the bug. Countless other examples can be found showing us that the key to a free future is the right to repair. We need to fight for a future in which the software used is free in order to maintain ownership and control not only over our technology, but over our lives.

Debian Developers: Christian Kastner, Junichi Uekawa, and Michael Prokop

  • Christian Kastner: Keeping your Workstation Silent

    I've tried numerous coolers in the past, some of monstrous proportions (always thinking that more mass must be better, and reputable brands are equally good), but I was never really satisfied; hence, I was doubtful that trying yet another cooler would make a difference. I'm glad I tried the Noctua NH-D15 anyway. With some tweaking to the fan profile in the BIOS, it's totally inaudible at normal to medium workloads, and just a very gentle hum at full load—subtle enough to disappear in the background. For the past decade, I've also regularly purchased sound-proofed cases, but this habit appears anachronistic now. Years ago, sound-proofed cases helped contain the noise of a few HDDs. However, all of my boxes now contain NVMe drives (which, to me, are the biggest improvement to computing since CPUs going multi-core). On the other hand, some of my boxes now contain powerful GPUs used for GPGPU computing, and with the recent higher-end Nvidia and AMD cards all pulling in over 300W, there is a lot of heat to manage. The best way to quickly dump heat is with good airflow. Sound-proofing works against that. Its insulation restricts airflow, which ultimately causes even more noise, as the GPU's fans need to spin at very high RPMs. This is, of course, totally obvious in hindsight.

  • Junichi Uekawa: It's been 20 years since I became a Debian Developer.

    It's been 20 years since I became a Debian Developer. Lots of fun things happened, and I think fondly of the team. I am no longer active for the past 10 years due to family reasons, and it's surprising that I have been inactive for that long. I still use Debian, and I still participate in the local Debian meetings.

  • Michael Prokop: Revisiting 2020

    Mainly to recall what happened last year and to give thoughts and plan for the upcoming year(s) I’m once again revisiting my previous year (previous editions: 2019, 2018, 2017, 2016, 2015, 2014, 2013 + 2012). Due to the Coronavirus disease (COVID-19) pandemic, 2020 was special™ for several reasons, but overall I consider myself and my family privileged and am very grateful for that. In terms of IT events, I planned to attend Grazer Linuxdays and DebConf in Haifa/Israel. Sadly Grazer Linuxdays didn’t take place at all, and DebConf took place online instead (which I didn’t really participate in for several reasons). I took part in the well organized DENOG12 + ATNOG 2020/1 online meetings. I still organize our monthly Security Treff Graz (STG) meetups, and for half of the year, those meetings took place online (which worked OK-ish overall IMO). Only at the beginning of 2020, I managed to play Badminton (still playing in the highest available training class (in german: “Kader”) at the University of Graz / Universitäts-Sportinstitut, USI). For the rest of the year – except for ~2 weeks in October or so – the sessions couldn’t occur. Plenty of concerts I planned to attend were cancelled for obvious reasons, including the ones I would have played myself. But I managed to attend Jazz Redoute 2020 – Dom im Berg, Martin Grubinger in Musikverein Graz and Emiliano Sampaio’s Mega Mereneu Project at WIST Moserhofgasse (all before the corona situation kicked in). The concert from Tonč Feinig & RTV Slovenia Big Band occurred under strict regulations in Summer. At the beginning of 2020, I also visited Literaturshow “Roboter mit Senf” at Literaturhaus Graz.

Games: Familiars.io, Valve and Godot

  • Familiars.io is a MMO monster catching game where the creatures have permadeath

    Well this is quite unusual. You've played monster catching games before but not like this. Familiars.io put a fresh spin on it all and it's quite ingenious. Developed as a pixel-art retro-looking browser game, it's super accessible since you can play it on pretty much anything that can run some simple graphics in a browser window. It's an MMO too, so you can join up with others and chill out. When you want to, go off and catch some monsters, engage is some PvP and perhaps find a new favourite game waiting for you.

  • What we expect to come from Valve to help Linux gaming in 2021 | GamingOnLinux

    By now you've probably heard either through us in our previous article or elsewhere that Valve are cooking something up to help Linux gaming even further. We have an idea on what one part of it is. Valve already do quite a lot. There's the Steam Play Proton compatibility layer, the new container runtime feature to have Linux games both natively supported and Windows games in Proton run through a contained system to ensure compatibility, their work on Mesa drivers and much more. In Valve's review of Steam in 2020 that we covered in the link above, one thing caught our eye and has been gaining attention. Valve mentioned for 2021 they will be "putting together new ways for prospective users to get into Linux gaming and experience these improvements" so what exactly does that mean? Well, a big part of that might have already been suggested directly.

  • Godot Engine - Dev snapshot: Godot 3.2.4 beta 6

    While our main focus stays on the 4.0 branch, the current stable 3.2 branch is receiving a lot of great improvements, and the upcoming 3.2.4 release is going to be packed with many new features.

Zeroshell 3.9.5 Released

Zeroshell 3.9.5 is ready. In this release TLS 1.0 has been disabled and TLS 1.2 enabled for HTTPS. This improves security and compatibility with new browser releases. Read more