Language Selection

English French German Italian Portuguese Spanish

On Slow News Days...

Quality over quantity.

I voted the first option. Anything that interests you personally is also likely to interest your readers. This will also make important articles more visible.

Slow news

Not much news since a week before Christmas. The H is no longer publishing, a lot of coverage shifted to Android, and sites focused on FOSS and GNU/Linux are a niche. Phoronix keeps posting some opinion pieces and even gives a platform to disruptors, so one can't keep up a pace of about 20 articles per day without repetition or gossip.

More in Tux Machines

Lutris 0.5.9 Beta Released With Epic Games Store Support, DXVK-NVAPI/DLSS, Gamescope

The Lutris 0.5.9 beta delivers on initial support for the Epic Games Store, support for DXVK-NVAPI and DLSS, FidelityFX Super Resolution is now an exposed option for compatible Wine versions, Valve's Gamescope Wayland game compositor is now an option, Esync usage is now enabled by default, the Dolphin emulator is now available as a game source, improved process monitoring, and other enhancements. It's quite a hearty update for this game manager. Read more

today's leftovers

Audiocasts/Shows: Missing OBS Features On Arch Linux, Going Linux, and GNU World Order

Proprietary Software and Security Issues

  • SolarWinds [Attack] Reached 27 U.S. Attorneys’ Offices, Justice Says

    The attack compromised Microsoft 365 accounts of at least 80% of the department’s employees working in offices located in the Eastern, Northern, Southern and Western Districts of New York. Also affected to a lesser degree were employees in U.S. Attorneys’ offices in 14 other states, including California, Florida, Maryland, Texas and Virginia, as well as the District of Columbia.

  • Safari isn't protecting the web, it's killing it

    There's been a lot of discussion recently about how "Safari is the new IE" (1, 2, 3, 4, 5).

    I don't want to rehash the basics of that, but I have seen some interesting rebuttals, most commonly: Safari is actually protecting the web, by resisting adding unnecessary and experimental features that create security/privacy/bloat problems.

    That is worth further discussion, because it's widespread, and wrong.

    More specifically, Safari's approach isn't protecting the web from bloat & evil Google influence, because: [...]

  • Hasta la Vista Gmail

    I’ve been a Gmail user pretty much since day 1, when it was still an invite-only service in 2004.1 Not anymore. Over the past month I’ve migrated most of my email to Fastmail and I’m extremely happy with the result.

    Why bother? Well, I guess it won’t come to you as a shock that I’ve felt progressively more uncomfortable with how Google (and the like) are handling my personal data. I’ve also been getting quite frustrated with attempts to make email/my inbox “smarter”. I never needed a “priority inbox”, auto-categorization of email, etc. Simple is good. Just put the newest emails on the top and I’ll sort it out from there.

  • Google dodges regulation, hits advertisers with “regulatory” charges: What’s the Scam?

    We are not familiar with what draconian regulatory schemes exist for Google in Austria and Turkey, but here in Australia we know what it is – which is not much at all. And they paid no tax on their 2020 revenue of $5.2 billion.

  • Storing Encrypted Photos in Google’s Cloud

    Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos. [...]

  • Spyware revelations are a crucial moment for Indian democracy
  • Joint Open Letter: States Must Implement Moratorium on Surveillance Technology - PEN America

    We the undersigned civil society organizations and independent experts are alarmed at the media revelations that NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale. These revelations are a result of the Pegasus Project and are based on the leak of 50,000 phone numbers of potential surveillance targets. The project is a collaboration of more than 80 journalists from 16 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted forensic tests on mobile phones to identify traces of the Pegasus spyware.

  • Canonicalization Attacks Against MACs and Signatures

    Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol.

    The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the security of Flickr’s API signatures.

    But there’s a more interesting attack to think about, which affects the design of security token/envelope formats (PASETO, DSSE, etc.) and comes up often when folks try to extend basic notions of authenticated encryption (AE) to include additional authenticated (but unencrypted) data (thus yielding an AEAD mode).