Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and New FUD

Filed under
Security
  • Back to windows after twenty years

    See, the whole reason I thought Windows might be a suitable alternative for me was all the enthusiasm around Windows Linux Subsystem (WSL). Basically putting all the *nix tooling at your fingertips, like it is on OSX, in a way that doesn’t require crazy hoops.

    But it’s just not there. The first version of WSL is marred with terrible file-system performance, and I got to feel that right away, when I spent eons checking out a git repository via GitHub for Windows. A 10-second operation on OSX took 5-6 minutes on Windows.

    [...]

    Windows still clearly isn’t for me. And I wouldn’t recommend it to any of our developers at Basecamp. But I kinda do wish that more people actually do make the switch. Apple needs the competition. We need to feel like there are real alternatives that not only are technically possible, but a joy to use. We need Microsoft to keep improving, and having more frustrated Apple users cross over, point out the flaws, and iron out the kinks, well, that’s only going to help.

  • These Machines Can Put You in Jail. Don’t Trust Them.

    The machines are sensitive scientific instruments, and in many cases they haven’t been properly calibrated, yielding results that were at times 40 percent too high. Maintaining machines is up to police departments that sometimes have shoddy standards and lack expertise. In some cities, lab officials have used stale or home-brewed chemical solutions that warped results. In Massachusetts, officers used a machine with rats nesting inside.

    Technical experts have found serious programming mistakes in the machines’ software. States have picked devices that their own experts didn’t trust and have disabled safeguards meant to ensure the tests’ accuracy.

    The Times interviewed more than 100 lawyers, scientists, executives and police officers and reviewed tens of thousands of pages of court records, corporate filings, confidential emails and contracts. Together, they reveal the depth of a nationwide problem that has attracted only sporadic attention.

  • Uber’s Self-Driving Car Didn’t Know Pedestrians Could Jaywalk

    The software inside the Uber self-driving SUV that killed an Arizona woman last year was not designed to detect pedestrians outside of a crosswalk, according to new documents released as part of a federal investigation into the incident. That’s the most damning revelation offered up in a trove of new documents related to the crash, but other details indicate that, in a variety of ways, Uber’s self-driving car work failed to consider how humans actually operate.

  • Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD [Ed: Very typical ZDNet FUD from Catalin Cimpanu, their drama queen hired from a lying site. To exploit the alleged bug one needs to run (and get) malicious files. But CBS tabloids with money from Microsoft don't let facts get in the way. Skip the headline and find "Exploitation scenarios include users who receive malicious files from attackers or local apps that use Libarchive's various components for file decompression."]
  • Former CIA Employee Who Allegedly Disclosed ‘Vault 7’ Files To WikiLeaks Challenges Espionage Act Charges

    Former CIA employee Josh Schulte, who is accused of leaking the “Vault 7” files to WikiLeaks, urged a federal court to rule the Espionage Act is unconstitutional. He also asked the court to dismiss the Espionage Act charges against him.

    The files Schulte allegedly released brought scrutiny to the CIA’s hacking arsenal, which targeted smartphones and computers. A program called “Weeping Angel,” that allowed the CIA to attack Samsung F8000 TVs and convert them into spying devices was exposed. They also showed how the CIA targeted Microsoft Windows, as well as Signal and WhatsApp users, with malware.

More on libarchive

  • Linux users warned to update libarchive to beat flaw [Ed: If users do not download malicious, dodgy files and then execute these, that might be fine. Same for macros in documents. It's not a major or critical issue.]

    The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive.

    No real-world exploits have been detected but if one existed, it would attempt to use a malicious archive to induce a denial-of-service state or arbitrary code execution.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

A Look At The GCC Compiler Tuning Performance Impact For Intel Ice Lake

For those wondering if it's worthwhile for performance recompiling your key Linux binaries with the microarchitecture instruction set extensions and tuning for Ice Lake, here are some GCC compiler benchmarks looking at that impact for the Core i7 1065G7 on the Dell XPS 7390. In particular, this article is looking at the affect on generated benchmark binaries when built under the following CFLAGS/CXXFLAGS configurations: -O3 -march=skylake - Just optimizing for conventional Skylake processors. -O3 -march=skylake-avx512 - Optimizing for Skylake AVX-512 processors like Skylake-SP/Skylake-X. The Skylake AVX-512 enables use of the AVX512F, CLWB, AVX512VL, AVX512BW, AVX512DQ and AVX512CD instructions. -O3 -march=icelake-client - Optimizing for Icelake client/desktop processors. New instructions exposed here not found with Skylake/Skylake-AVX512 include AVX512VBMI, AVX512IFMA, SHA, CLWB, UMIP, RDPID, GFNI, AVX512VBMI2, AVX512VPOPCNTDQ, AVX512BITALG, AVX512VNNI, VPCLMULQDQ, and VAES. Note there is also the "icelake-server" target for future Ice Lake Xeon Scalable processors where additionally PCONFIG and WBNOINVD are flipped on. Read more

Android Leftovers

PHP 7.4 Performance Benchmarks Show A Nice Improvement - But PHP 8.0-dev Is Running Even Faster

PHP 7.4 is due to be released next week as the annual major iteration to PHP7. Like we have seen through the PHP7 releases, while new features continue to be tacked on for this popular web-based programming language the performance has continued evolving. Here are the latest benchmarks of PHP 5.6 through PHP 7.4 while also looking at the PHP 8.0-dev performance that is in development on Git master. Outside of the performance realm, PHP 7.4 is another exciting update thanks to finally introducing FFI support. The Foreign Function Interface for PHP allows accessing C structs/functions/variables from native PHP code for making it easier to interact with C libraries from PHP. In addition to the headlining FFI support of PHP 7.4, this next release has a preload function to preload functions/classes to speed-up the loading of scripts by 30~50%, language alterations, TLS 1.3 support in PHP OpenSSL streams, and a variety of other smaller additions. Read more

Stable kernels 5.3.12, 4.19.85, and 4.14.155

  • Linux 5.3.12
    I'm announcing the release of the 5.3.12 kernel. All users of the 5.3 kernel series must upgrade. The updated 5.3.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.3.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.85
  • Linux 4.14.155