Language Selection

English French German Italian Portuguese Spanish

Security/Integrity/Availability Leftovers

Filed under
Security
  • DDoS Mitigation Firm Founder Admits to DDoS

    A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

  • Siemens Warns of Security Risks Associated With Use of ActiveX

    Some of Siemens’ industrial products — the list includes SIMATIC WinCC, SIMATIC STEP 7, SIMATIC PCS 7, TIA Portal, and S7-PLCSIM Advanced — rely on ActiveX components and customers need to use Internet Explorer to execute these components.

    However, the German industrial giant has warned that using Internet Explorer to access untrusted websites can pose serious security risks. Siemens recommends using a web browser that does not support ActiveX if accessing web pages other than the ones associated with the company’s products.

  • Y2038: It's a Threat

    On Unix-derived systems, including Linux and MacOS, time is stored internally as the number of seconds since midnight GMT, January 1, 1970, a time known as "the Epoch." Back when Unix was created, timestamps were stored in a 32-bit number. Well, like any fixed-size value, only a limited range of numbers can be stored in 32 bits: numbers from -2,147,483,648 to 2,147,483,647. (Without going into technical details, the first of those 32 bits is used to denote a negative number. The asymmetry in range is to allow for zero.)

    I immediately got pushback: did I really think that 18 years hence, people would still be using 32-bit systems? Modern computers use 64-bit integers, which can allow for times up to 9,223,372,036,854,775,807 seconds since the Epoch. (What date is that? I didn't bother to calculate it, but it's about 292,271,023,045 years, a date that's well beyond when it is projected that the Sun will run out of fuel. I don't propose to worry about computer timestamps after that.)

    It turns out, though, that just as with Y2K, the problems don't start when the magic date hits; rather, they start when a computer first encounters dates after the rollover point, and that can be a lot earlier. In fact, I just had such an experience.

More in Tux Machines

Android Leftovers

Rules for product managers at open source companies

Product management is an interesting career. It's immensely rewarding to be the interface between users, business strategy, engineering, and product design. And it's also a highly lucrative career with increasing demand for ambitious and empathetic practitioners. It's also a role with no single path. You might see various certifications and courses emerging to help address the serious skills shortage. The good news is that these are starting to contribute to the talent pipeline, but they struggle to address the wider demands of the role. This is especially the case where roles require direct experience across the enormous range of what it takes to build and ship successful products. Read more

How we decide when to release Fedora

Open source projects can use a variety of different models for deciding when to put out a release. Some projects release on a set schedule. Others decide on what the next release should contain and release whenever that is ready. Some just wake up one day and decide it’s time to release. And other projects go for a rolling release model, avoiding the question entirely. For Fedora, we go with a schedule-based approach. Releasing twice a year means we can give our contributors time to implement large changes while still keeping on the leading edge. Targeting releases for the end of April and the end of October gives everyone predictability: contributors, users, upstreams, and downstreams. But it’s not enough to release whatever’s ready on the scheduled date. We want to make sure that we’re releasing quality software. Over the years, the Fedora community has developed a set of processes to help ensure we can meet both our time and and quality targets. Read more

Raspberry Pi 4: Chronicling the Desktop Experience – Firefox Upgrade – Week 18

This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers. I’ve previously looked at web browsing on the RPI4 in Week 4 of my blog, recommending Chromium and Vivaldi on this tiny machine. Chromium offers the virtue of official Raspbian support on the RPI4 and it’s published under an open source license. On the other hand, Vivaldi is no-charge proprietary software. Both web browsers earned my recommendation. At the time, I was unable to recommend Firefox because the Raspbian repositories hosted a prehistoric version; version 60.9.0 ESR to be specific. Running a version of a web browser that’s 2 years behind the latest version is totally unacceptable, even from a security standpoint alone. Read more