Language Selection

English French German Italian Portuguese Spanish

Be More Productive By Analyzing Your Screen Time in Linux with ActivityWatch

Filed under
Software

ActivityWatch is an open-source privacy-friendly app that tracks how you spend your time on a desktop computer or on a mobile device.
Read more

More in Tux Machines

Security and DRM

     
  • Revealed: How home router manufacturers dropped the ball on security
                     
                       

    The June report by Fraunhofer-Institut fur Kommunikation (FKIE) extracted firmware images from routers made by Asus, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel—127 in all. The report (as noted by ZDNet) compared the firmware images to known vulnerabilities and exploit mitigation techniques, so that even if a vulnerability was exposed, the design of the router could mitigate it.

                       

    No matter how you slice it, Fraunhofer’s study pointed out basic lapses in security across several aspects. At the most basic level, 46 routers didn’t receive any updates at all in the last year. Many used outdated Linux kernels with their own, known vulnerabilities. Fifty routers used hard-coded credentials, where a known username and password was encoded into the router as a default credential that asked the user to change it—but would still be there, accessible, if they did not.

    FKIE could not find a single router without flaws. Nor could the institute name a single router vendor that avoided the security issues.
  •                
  • [Attackers] Start Exploiting Recently Patched BIG-IP Vulnerability
                     
                       

    F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete system compromise.”

                       

    The flaw is tracked as CVE-2020-5902 and it was reported to F5 by cybersecurity firm Positive Technologies. The vendor has released patches for impacted versions.

  •                
  • Taiwan’s defense science institute entangled in security breach over Chinese cloud service
                     
                       

    A procurement flaw has been found at Taiwan’s military technology development institute, and critics say it may have jeopardized the country’s national security because it involved a Chinese cloud service.

                       

    For successful bidders for online storage server equipment in 2018, the National Chung-Shan Institute of Science and Technology (NCSIST) required that a Beijing-based cloud service provider, Baidu, be included on a list of cloud service software to be used for backup needs. The incident was first reported by Apple Daily on Monday (July 6).

                       

    The requirement meant NCSIST files would be synchronized automatically on the Baidu program. The revelation has stunned people in many quarters, as the leaking of Taiwanese military technology to China poses a grave national security threat, wrote iThome.

  • Bryan Quigley: Wrong About Signal

    A couple years ago I was a part of a discussion about encrypted messaging. - I was in the Signal camp - we needed it to be quick and easy to setup for users to get setup. Using existing phone numbers makes it easy. - Others were in the Matrix camp - we need to start from scratch and make it distributed so no one organization is in control. We should definitely not tie it to phone numbers. I was wrong. Signal has been moving in the direction of adding PINs for some time because they realize the danger of relying on the phone number system. Signal just mandated PINs for everyone as part of that switch. Good for security? I really don't think so. They did it so you could recover some bits of "profile, settings, and who you’ve blocked". [...] In summary, Signal got people to hastily create or reuse PINs for minimal disclosed security benefits. There is a possibility that the push for mandatory cloud based PINS despite all of the pushback is that Signal knows of active attacks that these PINs would protect against. It likely would be related to using phone numbers. I'm trying out the Riot Matrix client. I'm not actively encouraging others to join me, but just exploring the communities that exist there. It's already more featureful and supports more platforms than Signal ever did.

  • Your next BMW might only have heated seats for 3 months

    In a VR presentation streamed from Germany today, BMW ran through a series of digital updates to its cars, including more details on the new BMW digital key service announced with Apple at last week's WWDC and confirming that current model cars will be fully software upgradeable over the air, a la Tesla. The first such update will hit BMW Operating System 7 cars in July. Packages are said to be approximately 1GB in size and will take roughly 20 minutes to install.

    But, the most notable part of the day's presentation was the new plan to turn many options into software services. BMW mentioned everything from advanced safety systems like adaptive cruise and automatic high-beams to other, more discrete options like heated seats.

Android Leftovers

Design an Open-Source SoC with Google SkyWater PDK, Get It Manufactured for Free

With open ISAs like RISC-V, it’s become easier – provided you have the skills – to develop or customize your own SoC using RTL files, compile it with EDA tools, and run the resulting bitstream on an FPGA. But if you ever wanted to get an actual chip that would become more complex, as you’d need to request a process design kit (PDK) from a foundry, and pay for the manufacturing cost, which amounts to at least several thousand dollars for older process nodes. But the FOSSi (Free and Open Source Silicon) Foundation has good news with Tim Ansell of Google announcing the SkyWater PDK, the first manufacturable, open-source process design kit. There are other open-source PDKs, but they aren’t manufacturable and/or only support older 0.35/0.5 micron nodes. The SkyWater PDK allows you to produce chips with the SkyWater foundry in the 130nm node. Read more

Valve Starts Official VKD3D-Proton To Bring D3D12-Based Games On Linux

Valve’s Proton compatibility tool has unarguably turned the table for gaming on Linux. As we reported months ago, Proton brought about 6,000 games to Linux in the last two years. Now Valve has started working on a new project to further bring Windows-exclusive games on Linux. Hans-Kristian Arntzen, a developer from Valve’s Proton team, has forked out a VKD3D library built on top of Vulkan. To mark it as Proton’s official project, he has renamed the project VKD3D-Proton. Read more