Devices: Android Auto, Librem 5, and Aitech Group Google's big Android Auto update starts rollout: Here's what you get Android Auto users should see a new look on their infotainment system in a few weeks, with a new navigation bar, notification center and launcher, as well as a dark theme, and improved screen optimization.

What a No-Carrier Phone Could Look Like Now that we are in the home stretch for the Librem 5 launch, it’s a good time to start discussing some visions for the future. While the Librem 5 can operate as a traditional cellular phone today, in this post we are going to discuss its potential as a “no-carrier phone.” The term “no-carrier phone” is used for a mobile phone that does not get its phone number from a carrier. This can take a couple of forms: a WiFi connection-only phone, or a Cellular Data connection-only phone. In other industries, for instance in media distribution, this is called “Over-The-Top” (OTT); the underlying idea is that Internet Service Providers (ISPs) should be, and are just, “dumb pipes”. Why?, because they provide internet data only–and all the services ride over-the-top of the internet connection. Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. This was done against the wishes of many entrenched media groups and ISPs, of course–but the majority of us have now adopted the OTT model: we call them streaming services.

Proven Linux OS Expanded to Aitech’s Multi-core Remote I/O Subsystem Aitech Defense Systems, Inc., a part of the Aitech Group, has ported the cost-effective, open source Linux operating system onto its intelligent Ai-RIO remote I/O interface unit (RIU). This modular small form factor (SFF) RIU internally networks up to eight expansion modules – or ‘slices’ – for extremely high density and low power in a compact physical space. George Romaniuk, director of space products, for Aitech Group noted, “By increasing the available OS options on the Ai-RIO, we’re providing customers with technology advantages to ensure their systems are developed on-time and on-budget, while incorporating the needed processing speeds and real-time functionality of critical embedded systems.”

Security Leftovers Security updates for Friday Security updates have been issued by Debian (firefox-esr and thunderbird), openSUSE (openexr and rmt-server), Oracle (bind, container-tools:rhel8, cyrus-imapd, dotnet, edk2, firefox, flatpak, freeradius:3.0, ghostscript, gvfs, httpd:2.4, java-1.8.0-openjdk, java-11-openjdk, kernel, mod_auth_mellon, pacemaker, pki-deps:10.6, python-jinja2, python27:2.7, python3, python36:3.6, systemd, thunderbird, vim, virt:rhel, WALinuxAgent, and wget), Slackware (mariadb), SUSE (java-1_8_0-openjdk, polkit, and python-Django1), and Ubuntu (Sigil and sox).

Securing BGP on the host with the RPKI An increasingly popular design for a data-center network is BGP on the host: each host ships with a BGP daemon to advertise the IPs it handles and receives the routes to its fellow servers. Compared to a L2-based design, it is very scalable, resilient, cross-vendor and safe to operate.1 Take a look at “L3 routing to the hypervisor with BGP” for a usage example. [...] On the Internet, BGP is mostly relying on trust. This contributes to various incidents due to operator errors, like the one that affected Cloudflare a few months ago, or to malicious attackers, like the hijack of Amazon DNS to steal cryptocurrency wallets. RFC 7454 explains the best practices to avoid such issues. People often use AS sets, like AS-APPLE in this example, as they are convenient if you have multiple AS numbers or customers. However, there is currently nothing preventing a rogue actor to add arbitrary AS numbers to their AS set. IP addresses are allocated by five Regional Internet Registries (RIR). Each of them maintains a database of the assigned Internet resources, notably the IP addresses and the associated AS numbers. These databases may not be totally reliable but are widely used to build ACLs to ensure peers only announce the prefixes they are expected to. Here is an example of ACLs generated by bgpq3 when peering directly with Apple:

Fernando ‘Corby’ Corbató Fernando “Corby” Corbató lived long enough to curse his most famous invention: the computer password. In 1961 he adapted the ancient system of secret codes almost as an afterthought for his truly groundbreaking invention: the ability for several people to simultaneously use the same computer — in those days room-sized elephants — remotely. But five years ago he admitted that passwords had become “a nightmare”. For a while he carried round three sheets of closely typed paper with his own collection of 150 codes. He eventually entrusted them to an electronic file.