For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware.
The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.
The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.
When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems (CSCO.O) swung into action.
The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco's widely used Internet switches, which direct electronic traffic, to enable eavesdropping.
Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.
Network time synchronization—aligning your computer's clock to the same Universal Coordinated Time (UTC) that everyone else is using—is both necessary and a hard problem. Many internet protocols rely on being able to exchange UTC timestamps accurate to small tolerances, but the clock crystal in your computer drifts (its frequency varies by temperature), so it needs occasional adjustments.
That's where life gets complicated. Sure, you can get another computer to tell you what time it thinks it is, but if you don't know how long that packet took to get to you, the report isn't very useful. On top of that, its clock might be broken—or lying.
To get anywhere, you need to exchange packets with several computers that allow you to compare your notion of UTC with theirs, estimate network delays, apply statistical cluster analysis to the resulting inputs to get a plausible approximation of real UTC, and then adjust your local clock to it. Generally speaking, you can get sustained accuracy to on the close order of 10 milliseconds this way, although asymmetrical routing delays can make it much worse if you're in a bad neighborhood of the internet.
I assume that every permutation of scams will eventually be tried; it is interesting that the initial ones preyed on people's avarice and dishonesty: "I will transfer millions to your bank account, then you share with me" - with subsequent scams appealing to another demographic: "I want to donate a large sum to your religious charity" - to perhaps capture a more virtuous but still credulous lot. Where will it end ?
The Samsung Galaxy S8 and S8 Plus are the successors to the S7 and S7 Edge, coming in strong after last fall's horrific Note 7 fiasco. Just like Apple, Samsung is sure to sell millions of its new Galaxy smartphones, but that doesn't mean they are the best for everyone.
LG came out swinging with its LG G6, erasing the G5 from our minds. I've been using one now for more than a month and as I assemble my biannual ten best smartphones post, it is a candidate for the top spot.
AT&T’s commitment to open source follows news of the company’s contribution of several million lines of ECOMP code to The Linux Foundation. Additionally, Chris Rice, senior vice president of AT&T Labs, joined The Linux Foundation Board of Directors and was also recently selected as the ONAP chairman.
The NTFS-3G open-source driver providing that lets Linux, macOS, OpenSolaris, FreeBSD, QNX, and other UNIX-like operating systems accessing storage drives formatted with the NTFS file system was updated recently with many changes.
The NTFS-3G project gets a new stable update once a year, around the end of March, and this year's release adds a bunch of goodies, such as the ability to allow kernel caching by lowntfs-3g when Posix ACLs aren't used, as well as to enable read-only mount fallback when the drive enters hibernate state.
Andres Gomez of Igalia has stepped up to the plate to manage Mesa 17.0.3 as the newest Mesa stable update. The plan is to release it officially by the end of week while today the release candidate is available.
Over Mesa 17.0.2, the 17.0.3 update currently has 32 patches queued but potentially more may still make it into this next release. The fixes include problems with the GLSL compiler, the Intel OpenGL and Vulkan drivers, Nouveau performance improvements, RADV fixes, and various other fixes.
Intel has published a series of patches today adding FPGA device drivers to their Linux kernel for their selection of FPGA hardware.
Developer Wu Hao explained, "The Intel FPGA driver provides interfaces for userspace applications to configure, enumerate, open, and access FPGA accelerators on platforms equipped with Intel(R) FPGA solutions and enables system level management functions such as FPGA partial reconfiguration, power management and virtualization."
If you read around these parts with any frequency you’ll know that I love using emoji.
Often I need to quickly find and enter emoji in a desktop app a moments notice.
Be it a well timed cheeky grin or a totally inappropriate aubergine glyph, emoji rely on context, and in real-time conversations context changes fast.
I don’t like to write about things I am not confident or experienced in using. This is why don’t see listicles about Vim, op-ed’s about DevOps, and so on.
But writing about a desktop application should be within my abilities¹ — but I’ve been finding it difficult to know how to cover an app called Pext.
New open source software tomviz—short for tomographic visualization—enables researchers to interactively understand large 3D datasets. More specifically, the software analyzes 3D tomographic data similar to a medical CT-scan but at the nanoscale.
"When you can take a nanoparticle or biomolecule and spin it around, slice it, look inside it, and quantitatively analyze it, you get a complete picture from all angles," says Yi Jiang, a physics Ph.D. candidate at Cornell University.
The developers of the Avidemux open-source video editor software for GNU/Linux, macOS, and Microsoft Windows operating systems announced the availability of Avidemux 2.6.19, a new maintenance update that adds various improvements.
If you're wondering, there was no Avidemux 2.6.18 update released, and it looks like Avidemux 2.6.19 comes almost three months after the small 2.6.17 bugfix update that only allowed E-AC3 for MP4/MP4v2 streams and fixed a handful of bugs for the Preview component.
The days of Linux being a barren plug-in desert may at last be over. And if you’re a developer, there are some other nice things happening to VST development on all platforms.
Steinberg has quietly rolled out the 3.6.7 version of their plug-in SDK for Windows, Mac, iOS, and now Linux. Actually, your plug-ins may be using their SDK even if you’re unaware – because many plug-ins that appear as “AU” use a wrapper from VST to Apple’s Audio Unit. (One is included in the SDK.)
The GNOME 3.26 release date is set for September 13, 2017.
That’s the date listed in the full GNOME 3.26 release schedule, though is still subject to change (bugs don’t adhere to deadlines, after all).
Over the coming 6 months GNOME developers will work on honing, improving and revising the hugely popular open-source desktop environment.
The Qt Company, through Eike Ziller, announced today the availability of the Beta release of the upcoming Qt Creator 4.3 open-source and cross-platform IDE (Integrated Development Environment) for Qt application developers.
Qt Creator 4.3 promises to be a major release adding some very exciting changes, starting with the integration of a QML code editor into the Qt Quick Designer component to allow developers to use the Properties editor or the Navigator views, among many others, also for text-based editing.
Linux Mint 18.2 may ship with LightDM and Unity Greeter by default, replacing the current MDM login screen.
Developers behind the popular Ubuntu-derivative say they’ve ‘been testing [LightDM] as an alternative to Mint Display Manager [MDM] and adding support where it was missing and the results are promising.’