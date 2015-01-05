Security: VLC, Threats, FUD and More
VLC media player gets biggest security update ever
The world's most popular open source media player, VLC, has issued the biggest single set of security fixes in the program's history.
Presidential text alerts are open to spoofing attacks, warn researchers
Researchers have shown that it's technically possible for hackers to target the US presidential alerts system to send fake messages on a localised basis.
How open source software is being weaponised [Ed: Sonatype is working with Microsoft, so it won't speak of NSA back doors in everything from Microsoft (software weaponised) but instead badmouth FOSS to that effect. No comment on threats associated with proprietary software.]
Report: Not all open-source software is created equal
Report: Code Responsible for Equifax Breach Downloaded 21 Million Times Last Year [Ed: So what? Equifax neglected or refused to patch it for several months, so it was Equifax's own fault. Sonatype spreading FUD.]
The popularity of open source software has skyrocketed in recent years as developers are expected to churn out more fresh tech in less time. In its fifth annual State of the Software Supply Chain report, researchers at Sonatype said the number of weekly downloads of the popular open source software package Java nearly tripled in 2018, from 3.5 billion to 10 billion.
Code that Allowed the Equifax Breach Was Downloaded 21M Times Last Year [Ed: It was not patched for several months; whereas with nonfree software there are back doors you cannot patch.]
The World Is Less Safe Than Ever for Open Source Software [Ed: Businesses that make money from badmouthing FOSS and promoting proprietary software say the world is unsafe because of FOSS, not back doors in non-free software]
Denim Group’s ThreadFix Integrates with WhiteSource, Brings Comprehensive Management to Open Source Software Vulnerabilities [Ed: WhiteSource -- an ally of Microsoft (they co-author nasty papers) -- propping up proprietary software companies that say negative things about FOSS]
Which smart bulbs should you buy (from a security perspective)
People keep asking me which smart bulbs they should buy. It's a great question! As someone who has, for some reason, ended up spending a bunch of time reverse engineering various types of lightbulb, I'm probably a reasonable person to ask. So. There are four primary communications mechanisms for bulbs: wifi, bluetooth, zigbee and zwave. There's basically zero compelling reasons to care about zwave, so I'm not going to.
Cinnamon 4.2.0 Packs Plenty of Bug Fixes, But Nothing Particularly Exciting

A new version of the Cinnamon desktop is tagged for release, but Linux Mint fans who favour major changes won't be too excited by this update. Cinnamon 4.2.0 is squarely a bug fix release that does not bring any shiny new things to the fore. Instead, the update focuses on improving the features and functions that are already present in the popular desktop environment. Such updates may be short on excitement, but they're always big on fit and finish. Among the many bug fixes and resolved issues shipping as part of Cinnamon 4.2.0 is a patch that allows auto-hidden desktop panels to 'peek' in to view for 1.5 seconds when highlighted or selected in the panel or applet settings. Other changes include window animation tweaks, layout adjustments, and the addition of tooltips to the workspace switcher applet.
