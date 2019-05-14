Security Leftovers
Security updates for Tuesday
Google Joins The Evidence-Optional Assault On Huawei
So we've noted several times now how the US efforts to blacklist Huawei from global telecom markets haven't much in the way of, oh, supporting evidence. The Trump administration and FCC have taken all manner of actions to try and blackball the company, from pressuring U.S. carriers to drop plans to sell Huawei phones to the FCC's decision to ban companies from using Huawei gear if they want to receive federal subsidies.
The underlying justification for these moves has centered on the idea that Huawei operates as a surveillance extension of the Chinese government, something that still hasn't been proven despite a decade's worth of claims to this effect, and an eighteen month investigation by the White House.
That's not to say the Chinese government is an innocent little daisy. Nor is it meant to suggest that it's impossible that Huawei spies on Americans. But the lack of any actual public evidence of spying remains troubling all the same, given that if the shoe were on the other foot, there'd be no shortage of face-fanning consternation on the part of American politicians and industry.
Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password
Earlier this month, Talos released research showing that the Alpine Linux docker images were shipping with no (or nulled) root passwords. Alpine patched the docker files, and issued their response to the vulnerability here, noting that “an attacker who compromised your system via an unrelated security vulnerability, or a user with shell access, could elevate their privileges to root within the container.”
Let us subject MDS vulnerability to the glare of truth
In the last three days, we’ve received a whole bunch of questions like Should I disable Hyper-Threading or not? and How Hyper-Threading disabling can impact performance? So, here we are with some important information about the point.
But what is the problem? CPU has two execution threads per physical core. Both threads share the same resources inside the CPU. It means sibling cores can see the same data as the primary core can.
Is Linux Safer Than Windows and macOS?
Cybersecurity is extremely important – now more than ever. If you start to do research, however, you’ll find a debate going on about which operating system is the safest. These days, more IT professionals and companies are preaching the benefits of Linux systems. There are definitely some security advantages to the platform. But like everything in the computer world, so much comes down to user training. Even if you have a very secure platform, a virus can still be a problem. So let’s take a look at Linux and some of the advanced security measures you need to take.
Huawei's alternative OS to Android set to roll out as early as fall
Reports have circulated about Huawei's efforts to build an alternative OS to Android for at least 3 years at this point. It's not known if the software will be a fork off of AOSP, which the company is free to use in any case under Google's open-source license. Huawei may also elect to use another base and implement an Android runtime as the Unix-derived BlackBerry 10 OS did. In any case, we're all still playing the guessing game. Yu's statements — which were made to a quasi-public WeChat group this morning — followed a media briefing with the company's founder, Ren Zhengfei, on how it will handle its mounting challenges. Both executives have attempted to calm animosity coming from fervent fans and nationalists alike who have been ditching Apple products in favor of the company's, saying that patriots don't necessarily use Huawei products.
Spyder 4.0 takes a big step closer with the release of Beta 2!
It has been almost two months since I joined Quansight in April, to start working on Spyder maintenance and development. So far, it has been a very exciting and rewarding journey under the guidance of long time Spyder maintainer Carlos Córdoba. This is the first of a series of blog posts we will be writing to showcase updates on the development of Spyder, new planned features and news on the road to Spyder 4.0 and beyond. First off, I would like to give a warm welcome to Edgar Margffoy, who recently joined Quansight and will be working with the Spyder team to take its development even further. Edgar has been a core Spyder developer for more than two years now, and we are very excited to have his (almost) full-time commitment to the project.
Performance Impact of Serious CPU Defects
Smartphone alternatives to Google and Apple
This is a Linux Gnome 3 Debian “PureOS” based smartphone currently in development. It’s being designed with as much open-source audit-able software and hardware as possible. The intent with this device is to give you full control over your privacy. It’s not available yet, but the company behind it (Purism) also has some laptops and services that are very privacy focused.
