Google has revealed its emergency patching efforts to fix a widespread and “pernicious” software vulnerability that affected thousands of open source projects in 2015.
Referred to as “Mad Gadget” by Google (aka the Java “Apache Commons Collections Deserialization Vulnerability” CVE 2015-6420), the flaw was first highlighted by FoxGlove Security in November of that year, months after the first proof-of-concept code garnered almost zero attention.
The Vault 7 document and code cache released yesterday by WikiLeaks revealed that many big software companies were being actively exploited by the CIA. Apple, Microsoft, Google, Samsung, and even Linux were all named as having vulnerabilities that could be used for surveillance.
In the wake of WikiLeaks' Vault 7 CIA leaks, Apple has been quick to point out that vulnerabilities mentioned in the documents have already been addressed. Microsoft and Samsung have said they are "looking into" things, and now the Linux Foundation has spoken out.
Nicko van Someren, Chief Technology Officer at The Linux Foundation says that while it is "not surprising" that Linux would find itself a target, the open source project has a very fast release cycle, meaning that kernel updates are released every few days to address issues that are found.
THE LINUX FOUNDATION has become the latest firm to responded to the revelations that its products have been compromised by the CIA.
Wikileaks on Tuesday published 8,761 documents dubbed 'Year Zero', the first part in a series of leaks on the agency that Wikileaks has dubbed 'Vault 7'.
The whistleblowing foundation claims the document dump reveals full details of the CIA's 'global covert hacking program', including 'weaponised exploits' used against operating systems including Android, iOS, Linux, macOS, Windows and "even Samsung TVs, which are turned into cover microphones".
I spent from 2004 to 2014 working at Red Hat, the world's largest open source software engineering company. On my very first day there, in July 2004, my boss Marty Messer said to me, "All the work you do here will be in the open. In the future, you won't have a CV—people will just Google you."
This was one of the unique characteristics of working at Red Hat at the time. We had the opportunity to create our own personal brands and reputation in the open. Communication with other software engineers through mailing lists and bug trackers, and source code commits to mercurial, subversion, and CVS (Concurrent Versions System) repositories were all open and indexed by Google.
There's a bit of a hole in open source that Red Hat's been working to fill. Well, not a hole actually, but a missing feature in access control that is required by many enterprise users.
Red Hat is working to tackle session recording, which means exactly what it says: the recording of everything a user does while working in a system. This is necessary for a variety of reasons, and is often mandated and sometimes required by law for medical and financial institutions. SysAdmins find it useful for things like monitoring what contractors do when given access to a system. And when someone makes a mistake that brings a system down, with session recording in place there's a much better chance of getting back up quickly by seeing what the user did to bring about the crash.
Second, the fedora-hubs team is a good group of people. Welcoming, helpful, and unfailingly polite. I may have only been there for a few months, but I will miss them.
I have completed my summaries of the initial interviews for event creation/planning and ambassadors as resources. I did not manage to translate the CSS from table to div, as things were behaving very oddly when I tried. However, I did pass along the CSS/HTML work I had done to Máirín Duffy.
Today I tried out GNOME Twitch [Github, Official Site], a native desktop application for watching Twitch streams and it's really quite amazing.
-
After quite a bit of work, we finally have the sponsorship brochure produced for GUADEC and GNOME.Asia. Huge thanks to everyone who helped, I’m really pleased with the result. Again, if you or your company are interested in sponsoring us, please drop a mail to sponsors@guadec.org!
I’ve been slowly getting started on documentation for Builder in-between the 3.24 stabilization process and conference time. But there is a lot to do and we could use your help. Here is me publicly requesting that you help us get some documentation in place for 3.24.
In Builder, we landed a new feature for 3.24 that allows you to create a new terminal inside the application runtime. If you’re building against your host system, then this is nothing special. If you’re building against jhbuild you’ll get a shell inside of that (but again, nothing really special).
The watchmaker unveiled a partnership with Google to launch the Movado Connect smartwatch collection, which will be powered by the newly updated Android Wear 2.0.
Tommy Hilfiger and Hugo Boss, brands in the Movado licensed portfolio, are also partnering with Google to launch smartwatch collections for fall.
Movado, which has been dabbling in the smartwatch category, is one of the first to design a watch specifically for the new operating system. The Movado Connect collection will be unveiled at the Baselworld trade show, which starts March 23, and will launch this fall. It will include five men’s styles starting at $495 and be available in the U.S., the Caribbean, Canada and the U.K.
It seems like Google is trying to make its mobile platform more convenient to use as the search giant is reportedly working on some assistive features that might make their way to the next version of Android - codenamed Android O. If the newly revealed information is to be believed, Google is working towards adding features that would make use of artificial intelligence to make life easier for Android users. There are also talks of adding gesture triggers to help users perform functions with speed and ease.
