Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and New FUD

Filed under
Security
  • Back to windows after twenty years

    See, the whole reason I thought Windows might be a suitable alternative for me was all the enthusiasm around Windows Linux Subsystem (WSL). Basically putting all the *nix tooling at your fingertips, like it is on OSX, in a way that doesn’t require crazy hoops.

    But it’s just not there. The first version of WSL is marred with terrible file-system performance, and I got to feel that right away, when I spent eons checking out a git repository via GitHub for Windows. A 10-second operation on OSX took 5-6 minutes on Windows.

    [...]

    Windows still clearly isn’t for me. And I wouldn’t recommend it to any of our developers at Basecamp. But I kinda do wish that more people actually do make the switch. Apple needs the competition. We need to feel like there are real alternatives that not only are technically possible, but a joy to use. We need Microsoft to keep improving, and having more frustrated Apple users cross over, point out the flaws, and iron out the kinks, well, that’s only going to help.

  • These Machines Can Put You in Jail. Don’t Trust Them.

    The machines are sensitive scientific instruments, and in many cases they haven’t been properly calibrated, yielding results that were at times 40 percent too high. Maintaining machines is up to police departments that sometimes have shoddy standards and lack expertise. In some cities, lab officials have used stale or home-brewed chemical solutions that warped results. In Massachusetts, officers used a machine with rats nesting inside.

    Technical experts have found serious programming mistakes in the machines’ software. States have picked devices that their own experts didn’t trust and have disabled safeguards meant to ensure the tests’ accuracy.

    The Times interviewed more than 100 lawyers, scientists, executives and police officers and reviewed tens of thousands of pages of court records, corporate filings, confidential emails and contracts. Together, they reveal the depth of a nationwide problem that has attracted only sporadic attention.

  • Uber’s Self-Driving Car Didn’t Know Pedestrians Could Jaywalk

    The software inside the Uber self-driving SUV that killed an Arizona woman last year was not designed to detect pedestrians outside of a crosswalk, according to new documents released as part of a federal investigation into the incident. That’s the most damning revelation offered up in a trove of new documents related to the crash, but other details indicate that, in a variety of ways, Uber’s self-driving car work failed to consider how humans actually operate.

  • Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD [Ed: Very typical ZDNet FUD from Catalin Cimpanu, their drama queen hired from a lying site. To exploit the alleged bug one needs to run (and get) malicious files. But CBS tabloids with money from Microsoft don't let facts get in the way. Skip the headline and find "Exploitation scenarios include users who receive malicious files from attackers or local apps that use Libarchive's various components for file decompression."]
  • Former CIA Employee Who Allegedly Disclosed ‘Vault 7’ Files To WikiLeaks Challenges Espionage Act Charges

    Former CIA employee Josh Schulte, who is accused of leaking the “Vault 7” files to WikiLeaks, urged a federal court to rule the Espionage Act is unconstitutional. He also asked the court to dismiss the Espionage Act charges against him.

    The files Schulte allegedly released brought scrutiny to the CIA’s hacking arsenal, which targeted smartphones and computers. A program called “Weeping Angel,” that allowed the CIA to attack Samsung F8000 TVs and convert them into spying devices was exposed. They also showed how the CIA targeted Microsoft Windows, as well as Signal and WhatsApp users, with malware.

More on libarchive

  • Linux users warned to update libarchive to beat flaw [Ed: If users do not download malicious, dodgy files and then execute these, that might be fine. Same for macros in documents. It's not a major or critical issue.]

    The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive.

    No real-world exploits have been detected but if one existed, it would attempt to use a malicious archive to induce a denial-of-service state or arbitrary code execution.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

LibreOffice 7.1 Office Suite Enters Beta, Promises a Plethora of Improvements

After about six months of development, the upcoming LibreOffice 7.1 office suite is now ready for public beta testing. The first beta release has arrived and anyone willing to help the development team discover and fix bugs can download it right now from the official website for Linux, macOS, and Windows platforms. LibreOffice 7.1 promises a plethora of improvements and some new features, starting with a new outline folding mode for Writer. This adds a button with arrow next to a selected heading in a word document, allowing users to fold all text from the current heading to the next one when clicked and with all its subheadings when right clicked. Read more

today's howtos and proprietary software

  • Everything you need to know to become an expert Linux admin - TechRepublic

    IT professionals have to be life-long learners with quarterly goals for improving their skills to keep up with the industry, particularly when it comes to Linux. System administrators should be constantly looking for new ways to improve their skills for managing Linux servers and distributions.  This roundup of TechRepublic Premium resources, by Linux expert Jack Wallen, can help you fill the holes in your skills gap. There is advice for mastering the command line as well as selecting the best GUI tool. Maybe your challenge is managing users or permissions? Wallen has got you covered with that task, too. Sysadmins can use any one of these resources to get smarter about Linux and bring value to the IT team.

  • PAM Bypass: when null(is not)ok

    Someone enters an IRC support channel and proclaims their dovecot server has been hacked and a non existing user sends spam email from their server. The initial reaction might be something along the lines of Wat With the following assumption that the user clearly did something wrong. Hosting email is difficult after all. I don’t quite recall how rest of the support went, but it was solved and the root cause was not found. However, we keep on rolling! Then someone posts about a similar incident on r/archlinux. Now, if this happens twice something is amiss! Arch has had a few issues with PAM lately, thus it could be that there is a configuration issue. Johannes and I try to reproduce, but I don’t get far and Johannes keeps on working on the issue.

  • How to install Discord on Linux Mint 20 - YouTube

    In this video, we are looking at how to install Discord on Linux Mint 20.

  • How to install Discord Canary on a Chromebook

    Today we are looking at how to install Disord Canary, the Alpha Builds of Discord, on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Build your own ruler in the massive Crusader Kings III update out now | GamingOnLinux

    Paradox has released the big 1.2 update to Crusader Kings III, with it comes a fun new feature that lets you properly design your initial ruler. Since the release you've been able to step into the shoes of pre-set historical monarchs and leaders. Carrying their legacy on through the ages, and across the world. Now though, Paradox are giving us much more control over our game and our leader. You can now design them yourself with various options including appearance, age, ethnicity, sexual orientation, and more with the results sometimes looking quite amusing. You start by choosing a location, then the option to design your own will be available. Unlike how it was handled with Crusader Kings II, this is an entirely free feature added to the base game.

  • Vivaldi Web Browser Now Has a Built-in Email Client

    A fully-featured email client is the latest feature to be added to Vivaldi, the Chromium-based web browser. The bods beavering away on the wannabe web fave have added a native IMAP and POP3 email client to the app, as well as a RSS feed reader, and multi-account friendly calendar. Other recent feature additions have included a word processor and a built-in arcade game. Although Vivaldi Mail (as the feature is known) is currently of a ‘pre-Beta quality’ it is fully functional and works relatively well already. On paper Vivaldi Mail will work with most modern e-mail services via IMAP or POP. Alas, for now, this doesn’t include Google or Gmail accounts.

Programming Leftovers

  • A beginner's guide to developing with React | Opensource.com

    React is a JavaScript user interface (UI) library that was built and is maintained by Facebook. React helps JavaScript developers think logically and functionally about how they want to build a UI.

  • DOM Recording For Web Application Demos

    To show off the power of our Pernosco debugger, we wanted many short demo videos of the application interface. Regular videos are relatively heavyweight and lossy; we wanted something more like Asciinema, but for our Web application, not just a terminal. So we created DOMRec, a DOM recorder.

  • The 20 Best Kotlin Books for Beginner and Expert Developers

    Here you will find the top Kotlin books that will make it very interesting and almost effortless for you to learn Kotlin. Kotlin is a statically composed, universally useful programming language with type deduction. It is also a cross-platform language. Kotlin is intended to engage completely with Java, and Kotlin’s standard library’s JVM variant relies upon the Java Class Library. However, Kotlin’s type of derivation permits its syntax to be more compact and precise. Therefore, it has become quite crucial to learn Kotlin these days. But to learn it in the shortest number of days, a perfect set of Kotlin books is indecipherably important. Whether or not to pick Kotlin or Java for new advancement has been coming up a ton in the Android people group since the Google I/O declaration. The short answer is that Kotlin code is more secure and more succinct than Java code and that Kotlin and Java records can coincide in Android applications, so Kotlin isn’t just valuable for new applications but also for growing existing Java applications as well.

  • What the Error Handling Project Group is Working On

    The Rust community takes its error handling seriously. There’s already a strong culture in place for emphasizing helpful error handling and reporting, with multiple libraries each offering their own take (see Jane Lusby’s thorough survey of Rust error handling/reporting libraries). But there’s still room for improvement. The main focus of the group is carrying on error handling-related work that was in progress before the group's formation. To that end, we're working on systematically addressing error handling-related issues, as well as eliminating blockers that are holding up stalled RFCs. Our first few meetings saw us setting a number of short- and long-term goals. These goals fall into one of three themes: making the Error trait more universally accessible, improving error handling ergonomics, and authoring additional learning resources.

  • How to collect Rust source-based code coverage

    Source-based code coverage was recently introduced in Rust. It is more precise than the gcov-based coverage, with fewer workarounds needed. Its only drawback is that it makes the profiled program slower than with gcov-based coverage. In this post, I will show you a simple example on how to set up source-based coverage on a Rust project, and how to generate a report using grcov (in a readable format or in a JSON format which can be parsed to generate custom reports or upload results to Coveralls/Codecov).

Audiocasts/Shows/Videos: Feren OS, A First Look At Garuda Linux KDE "Dr4Gonized", and Trolling Linux