Language Selection

English French German Italian Portuguese Spanish

Leftovers: Software

Filed under

More in Tux Machines

Security: Dropbox, FUD, CNCF, 'Cloud'

  • Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

    Dropbox's position, however reasonable in many of its aspects, is woefully deficient, because the company reserves the right to invoke DMCA 1201 and/or CFAA and other tools that give companies the power to choose who can say true things abour mistakes they've made.

    This is not normal. Before DRM in embedded software and cloud connectivity, became routine there were no restrictions on who could utter true words about defects in a product. [...]

  • Hackers Infect Linux Servers With Monero Miner via 5-Year-Old Vulnerability [Ed: A five-year-old vulnerability implies total neglect by sysadmins, not a GNU/Linux weakness]
    Attackers also modified the local cron jobs to trigger a "watchd0g" Bash script every three minutes, a script that checked to see if the Monero miner was still active and restarted XMRig's process whenever it was down.
  • GitHub: Our dependency scan has found four million security flaws in public repos [Ed: No, GitHub just ran a scan for old versions being used and reused. It cannot do this for proprietary software, but the issues are there and the risks are no better.]
    GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.
  • Envoy CNCF Project Completes Security Audit, Delivers New Release
    The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project. The Envoy proxy project was created by ride-sharing company Lyft and officially joined the CNCF in September 2017. Envoy is a service mesh reverse proxy technology that is used to help scale micro-services data traffic.
  • Hybrid cloud security: Emerging lessons [Ed: 'Cloud' and security do not belong in the same headline because 'cloud' is a data breach, typically involving a company giving all its (and customers') data to some spying giant abroad]

A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

The latest in our Windows versus Linux benchmarking is looking at the relative performance impact on both Linux and Windows of their Spectre and Meltdown mitigation techniques. This round of tests were done on Windows 10 Pro, Ubuntu 18.04 LTS, and Clear Linux when having an up-to-date system on each OS where there is Spectre/Meltdown protection and then repeating the same benchmarks after reverting/disabling the security functionality. Read more

Raspberry Pi atmospheric sensor HAT can detect distant explosions

OSOP’s $179 and up “Raspberry Boom” Raspberry Pi HAT add-on detects infrasound from volcanoes, explosions, and rockets. A $299 and up Shake and Boom HAT adds a seismograph. Panama-based OSOP, which found Kickstarter success with its Raspberry Shake seismograph add-on board for the Raspberry Pi, has now returned with a Raspberry Boom add-on board and infrasound sensor that detects inaudible sound. The same Kickstarter campaign is also selling a new Raspberry Shake and Boom product that combines the Boom with the seismograph capabilities of the Shake. Both products can tap into OSOPs large citizen science network to detect real-time events around the world. Read more

Wireless crazed Orange Pi boasts 4G LTE, WiFi, BT, FM, and GPS

The “Orange Pi 4G-IOT” SBC that runs Android 6.0 on a quad -A53 MediaTek MT6737 SoC, and offers a 40-pin header, WiFi, Bluetooth, FM, GPS, a 4G LTE radio, and fingerprint sensor support. Shenzhen Xunlong open spec Orange Pi 4G-IOT SBC, which just launched for $45 on AliExpress, is the most wireless savvy Orange Pi to date. The open-spec SBC includes an unnamed, 4G LTE radio module with mini-SIM card slot, as well as a combo module that includes WiFi, Bluetooth, FM, and GPS. There is also support for a fingerprint sensor. Read more