Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 22 Sep 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Open Networking Foundation (ONF) Announcements

Filed under
OSS

OSS: Sharing, Hadoop, AI, Symphony Software Foundation and Shakthi Kannan

Filed under
OSS
  • Need for speed unites open source and corporations for new serverless tech

    The open-source community used to thrive on rebellion against profitable proprietary corporations like Microsoft Corp. and others. All have since reconciled, and are now joining forces to fight common enemies holding back agile development.

    “Open source doesn’t have that enemy anymore. It’s the standard,” said John Furrier (@furrier) (pictured, right), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio. “So the questions is what is going to motivate the organizations?”

  • Evolving Government: Why government needs open-source deep learning

    Deep learning is cutting edge artificial intelligence. It’s what Google used to build AlphaGo, which beat the world champion of board game Go earlier this year in China. It’s what powers a lot of self-driving cars, by giving their machine vision human-level accuracy. And it’s being used by many of the world’s top tech companies as the basis for recommender systems, fraud detection and cybersecurity.

    [...]

    Open-source software is the bedrock of enterprise and government applications, from Linux through to Hadoop. The next layer to go open-source is AI, and that’s great news for government agencies. But open-source alone is insufficient: those agencies should make sure their tools till play well with others in the stack, so that they can march their AI solutions to the finish line. During our time in the government-focused startup accelerator, DCode42, the Skymind team learned firsthand the kind of partner and collaboration that agencies and departments require to adopt and implement new technology.

  • Open Source Artificial Intelligence: 50 Top Projects

    For this list, we selected 50 of the most well-known of these open source artificial intelligence projects. They are organized into categories and then alphabetized within those categories. The lines between some of the categories can be fuzzy, so we used the project owners' descriptions of their applications to determine where to place the various tools.

  • Symphony Software Foundation Launches Open Source Strategy Forum

    - Symphony Software Foundation (the Foundation), the nonprofit organization fostering innovation in financial services through open source software, will be hosting its inaugural Open Source Strategy Forum at the BNY Mellon Conference Center in New York on November 8, 2017. Registration is open today.

  • Shakthi Kannan – the Free and Open Source Software ‘Shakthimaan’

        

    Our Techie Tuesdays of the week, Shakthi Kannan dons the hats of Free and Open Source Software (FOSS) advocate, documentation expert, and DevOps engineer with ease. 

    Impeccably attired, Shakthi Kannan was half an hour early for our meeting, which, in essence, describes the man – meticulous and a perfectionist.

Security: Updates, Equifax, Snowden, BlueBorne, NSA Windows Hacking and Virginia Electronic Voting Devices

Filed under
Security

Red Hat: Chris Wright, Red Hat Work on Open-Source AMD Graphics, Nutanix Challenge and More

Filed under
Red Hat
  • Open Container Initiative reaches ‘great milestone,’ says Red Hat chief technologist

    After two years of work, the Open Container Initiative launched Version 1.0 for container runtime and image specifications in July. OCI’s foundation, formed by a number of container industry leaders, was tasked with the mission to create specifications that would support container portability across different operating systems and platforms. Red Hat Inc.’s chief technologist likes the specifications that he’s seen so far.

    “We had some initial code associated with those specifications as part of the OCI project and expectations that we’d get further adoptions from other parts of the ecosystem, and we’re seeing the evidence of that happening today,” said Chris Wright (pictured), vice president and chief technologist, Office of Technology, at Red Hat. “It’s a great milestone.”

  • Red Hat Is Looking For Another Developer To Work On Open-Source AMD Graphics

    Red Hat is looking for another senior software engineer to join their Desktop Graphics Team where in particular they will be working on the open-source Radeon support, including Vulkan and comp

  • University gets Nutanix for self-serve cloud to replace Red Hat

    The Nutanix cluster – which cost between £300,000 and £400,000 – replaces an existing infrastructure made up of numerous storage arrays and based around a Red Hat-supplied GlusterFS file system (covered by ComputerWeekly in 2013) that had become cumbersome and difficult to manage.

  • Red Hat Inc (RHT) Mesa Adaptive MA Sitting Above FAMA

Linux/Kernel: Linus Torvalds, Collabora, EXT4 Tests and New Benchmarks

Filed under
Linux
  • Linus Torvalds On Fun, the Linux Kernel, and the Future

    Linus Torvalds, creator of the Linux kernel, took to the stage at Open Source Summit in Los Angeles. In this keynote presentation, Torvalds joined The Linux Foundation Executive Director Jim Zemlin in conversation about Linux kernel development and how to get young open source developers involved. Here are some highlights of their talk.

  • Collabora & Linux Kernel 4.13

    Linux kernel 4.13 is out and - like in the 4.12 release - 12 Collabora developers contributed a total of 72 patches. In addition Collabora developers provided 25 Reviewed-by tags and 10 Tested-by tags. Furthermore 83 patches received a Signed-off-by tag from Collabora peoples. Again, general information about the merge window is available by LWN.net in form of the following articles: part 1 and part 2.

  • A Quick EXT4 Run With Linux 4.14 Git

    After the Linux 4.14 merge window is over, I'll begin with a lot of fresh Linux kernel benchmarks from this in-development release. But I/O and EXT4 changes already have me running some preliminary tests.

    With EXT4 are some scalability improvements to note. The scalability improvements around allocating inodes may help in some workloads. I received a report of this patch on a consumer SSD helping out the Phoronix Test Suite's BlogBench. There's also been some talk of other performance changes to find in Linux 4.14.

  • Core i9 7900X vs. Threadripper 1950X On Ubuntu 17.10, Antergos, Clear Linux

    While we have already compared the Threadripper 1950X to the current top-end Core i9 7900X processor, today we are taking things a step further with our Threadripper Linux benchmarks by doing a side-by-side showdown when each system is tested across three different Linux distributions.

    Here is a multi-way comparison when running the Threadripper 1950X and Core i9 7900X under Ubuntu 17.10 with its latest daily snapshot as of testing, Antergos 17.9 Rolling, and Clear Linux 17650. This provides a diverse look at the performance across distributions for these high-end desktop processors.

Kubernetes/Containers Adoption Rising

Filed under
Server
  • Why developer evangelism is the secret to the success of Kubernetes

    Kubernetes is the hottest thing to hit containers since...Docker. That's faint praise, given that Docker barely burst onto the scene in 2013. But, given the pace of enterprise infrastructure innovation these days, four years may be all the limelight one gets. As such, it's critical to make the most of an opportunity, which Kubernetes has done by delivering great code and, as I've called out, superior community.

  • Containers Use in Production Workloads Ticks Up Slowly

    Docker and other container platforms have caught the attention of enterprise software development teams and IT departments, but relatively few are entrusting their production workloads to the technology.

    According to the Cloud Foundry Foundation's latest Global Perception Study, 25 percent of enterprises are using containers in production, a three percent increase compared to 2016. Forty-two percent of respondents said their organizations were currently evaluating container technologies.

Apache Mounts Strong Defense, Equifax Retreats

Filed under
Security

One of the largest financial data breaches in U.S. history, it exposed names, addresses, Social Security Numbers, birth dates, driver's license numbers and other sensitive information belonging to 143 million U.S. consumers, as well as data belonging to an undisclosed number of UK and Canadian consumers.

The attackers also accessed credit card data for about 209,000 consumers and credit dispute information for about 182,000 consumers, Equifax said.

[...]

However, with respect to the possibility that it resulted from an exploitation of a vulnerability in the Apache Struts Web Framework, it was not clear which vulnerability could have been utilized, Gielen said.

One assumption connected the breach to CVE-2017-2805, one of several patches Apache announced on Sept. 4.

"However, the security breach was already detected in July, which means that the attackers either used an earlier announced vulnerabiity on an unpatched Equifax server or exploited a vulnerability not known at this point in time -- a so called Zero Day Exploit," Gielen noted.

The committee members have put enormous effort into "securing and hardening the software we produce," he added, and they fix problems that come to their attention.

There's a distinction between the existence of an unknown flaw in the wild for nine years and failing to address a known flaw for nine years, said Gielen, emphasizing that the committee just learned about this flaw.

The has not had any contact with anyone using the @equifax domain on any Apache list in more than two years, said Apache spokesperson Sally Khudairi.

"To be clear, whilst we haven't had contact with anyone using the @equifax domain -- official or otherwise -- that is not to say there isn't a chance that someone from their team may have done so using an alternate channel," she told LinuxInsider.

Read more

Software: KGraphViewer 2.4.0, Harmony, Inkscape, GCC

Filed under
Software
  • KGraphViewer 2.4.0

    KGraphViewer 2.4.0 has been released.

    KGraphViewer is a visualiser for Graphviz’s DOT format of graphs.
    https://www.kde.org/applications/graphics/kgraphviewer

    This ports KGraphViewer to use KDE Frameworks 5 and Qt 5.

  • KGraphViewer Brought To KDE Frameworks 5, Qt 5

    For those relying upon KGraphViewer as a Graphviz dot graph viewer, it's the latest package ported to Qt5 and KDE Frameworks 5.

  • Harmony: A Player That Can Play Audio Locally And From Cloud Services

    Harmony is audio player inspired from iTunes, it is built with Electron and vanilla JS, available for Linux, Windows and Mac. It plays audio files locally and from cloud services as well. It is based on plugins, and plugins are available for Spotify, SoundCloud, Google Play Music, Hype Machine, Deezer, and local files.
    It is skinable means you can write and install themes but it has two themes available other than default. Harmony can be controlled using keyboard shortcuts and media keys. Press ? to see the list of available shortcuts. It is responsive design player that means you can resize it however you want, make it compact or half screen or full screen, it will follow you. It uses the tray or the sound menu integration to control the playback even when the app isn't focused.

  •  

  • Draw Freely Vector Graphics Using Professional Inkscape

    Inkscape is a free and open-source professional vector graphics application, it is cross-platform available for GNU/Linux, Windows and Mac. You can use Inkscape if you are either professional or hobbyist designer, using this software you can create wide variety of graphics such as illustrations, icons, logos, diagrams, maps and web graphics. Inkscape uses the W3C open standard SVG (Scalable Vector Graphics) as its native format.

  • GCC 8 Might Pursue Better, More Modern Default Options

    Motivated by the 2017 GNU Tools Cauldron, an ARM developer is looking for feedback on improving the options enabled by default for the GCC 8 compiler.

    Wilco Dijkstra of ARM is looking to possibly loosen GCC's conservative defaults a bit by allowing some more modern options by default and possibly adding more optimizations to -O2 too.

Devices: Congatec, Aaeon, Anavi

Filed under
Linux
Hardware
  • Linux-ready module features Atom C3000 and 4x 10GbE ports

    Congatec’s “Conga-B7AC” is a Linux-friendly Type 7 COM with up to a 16-core Atom C3000, and support for 4x 10GbE, 32x PCIe, and industrial temperatures.

    Congatec delivered one of the first COM Express 3.0 Type 7 modules with its Conga-B7XD, based on Intel 5th Gen “Broadwell” Xeon D and Pentium processors. Now it has introduced the Conga-B7AC Type 7 module with the same 125 x 95mm dimensions, 10GbE support, Linux support, and an up to 16-core Intel Server-class SoC, but with a more power efficient Atom C3000 “Denverton” SoC. There’s also a Conga-X7/EVAL carrier board (see farther below)

  • COM Express modules build on Kaby Lake and Xeon E3

    Aaeon announced a “NanoCOM-KBU” COM Express Type 10 Mini module with Intel 7th Gen U-Series chips and a “COM-KBHB6” Type 6 Basic module with a Xeon E3.

  • pHAT adds IR to the Raspberry Pi

    Anavi has gone to Crowd Supply to launch a new run of its $16 “Anavi Infrared pHAT,” which adds IR remote control to the Pi, and offers optional sensors.

Java EE Moves to the Eclipse Foundation, Functional Programming in JavaScript, and What Motivates Today's Developers

Filed under
Development
  • Opening Up Java EE - An Update

    In a previous post, we announced that Oracle was beginning to explore moving Java EE technologies to an open source foundation in order to make the process of evolving these standards more agile, flexible and open. Since mid-August, we’ve had many discussions with other vendors, community members and open source foundations in order to move the process forward. Here’s an update on the progress we have made so far.

  • Java EE Moves to the Eclipse Foundation

    Oracle announced today that they, along with IBM and Red Hat, will be moving Java EE to the Eclipse Foundation. I would like to welcome everyone involved to our community. We look forward to working with all of the participants in the Java EE ecosystem as it moves to a more open and collaborative development model.

  • Functional Programming in JavaScript? Yes Please.

    One of the hot topics right now in the web development world is functional programming in the language of the web, JavaScript.

    Functional programming encompasses a whole host of mathematical properties and phenomena that is beyond this post, but what I am going to address here is how to write a a few functions with nominal functional programming.

  • What Motivates Today's Developers?

    That's one of many takeaways from a new survey, aptly titled The 2017 State of the Modern Developer, that was conducted by research firm Coleman Parkes for the software analysis and measurement company CAST. In all, 500 developers in four countries -- USA, UK, France and Germany -- were surveyed. According to CAST, the research was conducted "to learn more about the motivators and behavior of modern developers, in addition to their attitude towards code quality."

Porteus: portability for pros

Filed under
Reviews

Porteus 3.2.2 left a very strange feeling in my heart.

From one side, it ran smoothly, very fast (from-memory) and crashed nowhere.

On another side, complexity with installation of additional software is definitely a show-stopper for many inexperienced Linux users.

Have you used Porteus yourself? How do you like it?

Read more

Bluetooth Mess: Almost Everything Affected

Filed under
Security
  • ​Linux gets blasted by BlueBorne too

    he security company Armis has revealed eight separate Bluetooth wireless protocol flaws known collectively as BlueBorne. This new nasty set of vulnerabilities have the potential to wreak havoc on iPhones, Android devices, Windows PC, and, oh yes, Linux desktops and server, as well.

    While BlueBorne requires a Bluetooth connection to spread, once the security holes are exploited, a single infected device could infect numerous devices and computers in seconds. Attacks made with BlueBorne are silent, avoid activating most security measures, and require nothing from new victims except that their devices have Bluetooth on.

  • Linux Impacted By Information Leak & Remote Code Execution Via Bluetooth

    Armis Labs has gone public today with "Bluebourne", an IoT-focused attack vector via Bluetooth. This Bluetooth attack does not require the targeted device to even be paired with the attacker or on discoverable mode, making it more frightening.

  • The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device

    Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them.

Parrot 3.8 Release Notes

Filed under
GNU
Linux
Security

What i personally love about this project is its little but awesome developers community, and this summer was more productive than ever.

I am proud to announce the official release of Parrot 3.8, that introduces many new features and updates.

A quick look at our changelog will immediately spot the most important changes.

First of all, the new parrot 3.8 is now based on Debian 10 buster (current Debian testing release) with Linux 4.12, ZFS support, better wireless drivers support and the introduction of the new MATE 1.18, GCC 6.4 and 7.2, java 9 and so on, and all the parrot flavors now include electrum, a lightweight bitcoin client.

Read more

today's leftovers: GNU/Linux at Dropbox, Debian and Gentoo Development, Managing Linux Disks

Filed under
Misc
  • Optimizing web servers for high throughput and low latency

    This is an expanded version of my talk at NginxConf 2017 on September 6, 2017. As an SRE on the Dropbox Traffic Team, I’m responsible for our Edge network: its reliability, performance, and efficiency. The Dropbox edge network is an nginx-based proxy tier designed to handle both latency-sensitive metadata transactions and high-throughput data transfers. In a system that is handling tens of gigabits per second while simultaneously processing tens of thousands latency-sensitive transactions, there are efficiency/performance optimizations throughout the proxy stack, from drivers and interrupts, through TCP/IP and kernel, to library, and application level tunings.

  • Summary of the discussion on off-line keys.
  • Xiaomi’s stunning Mi Mix gets a sequel, the Mi Mix 2
  • Squeezing More Juice Out Of Gentoo With Graphite, LTO Optimizations

    Developer Shane Peelar has come up with a Gentoo Portage configuration for building out the distribution with aggressive compiler optimizations in the name of performance.

    Peelar's Gentoo configuration will build with -O3 optimizations, GCC Graphite optimizations, and LTO (Link Time Optimizations).

  • Debian-Administration.org is closing down

    The site will go read-only at the end of the month, and will slowly be stripped back from that point towards the end of the year - leaving only a static copy of the articles, and content.

  • What you need to know to manage Linux disks

    There are numerous other commands for examining disks and file systems. Those described here are some of the most useful and informative. Using them periodically has advantages as the easiest way to spot problems is becoming so used to the output of commands such as these that you easily spot the kind of differences that might indicate problems.

  • Install and Configure LEMP in Debian 9

Kernel and Graphics: Linus Torvalds in His Gown, Vulkan Driver News

Filed under
Linux
  • Linus Torvalds' lifestyle tips for hackers: be like me, work in a bathrobe, no showers before noon

    Linux Lord Linus Torvalds has offered some lifestyle advice for hackers, suggesting they adopt his admittedly-unglamorous lifestyle but also his ethos of working on things that matter.

    In an on-stage interview with Linux Foundation founder and executive director Jim Zemline at the Open Source summit in Los Angeles on Monday, Torvalds admitted that “I have long since gotten over the fact that the UPS guy brings me a package from Amazon at 3:00PM and I am still in my bathrobe.”

    Zemline joked that the Linux Foundation has a shower before noon policy and Torvalds shot back that it's the reason he works from home instead of coming into the office.

  • VK_EXT_debug_report Lands For Intel's Vulkan Driver
  • Better Hang Detection For The RADV Vulkan Driver

    Samuel Pitoiset of Valve's latest work on the open-source Radeon driver stack has been figuring out better GPU hang detection for the RADV Vulkan driver.

KDE: New digiKam (Version 5.7) and Randa Meeting Roundups

Filed under
KDE
  • digiKam 5.7.0 is released

    Following the release of 5.6.0 published in June, the digiKam team is proud to announce the new release 5.7.0 of the digiKam Software Collection. In this version a lot of work has happened behind the scenes and in fixing bugs, which does not mean there is no enhancements: A new tool to create print layouts has been introduces, albums can now be exported by mail, support for Hugin 2017 was added and GPS traces are storable as KML.

  • digiKam 5.7 Released With Print Creator & Email Sending Support

    For fans of the Qt-powered Digikam photo management software, the 5.7 release is out today with many bug fixes and underlying improvements along with some new user features.

  • digiKam 5.7 Image Editor Lets You Create Print Layouts, Export Albums by Email

    digiKam 5.7.0 was released today as the latest maintenance update to the open-source and cross-platform image editor, viewer and organizer software that introduces a couple of new features and many improvements.

    Two and a half months in development, digiKam 5.7.0 is here to introduce two new tools, namely "Send by Mail" and "Print Creator." The first one will allow users to send photos by email directly from the app, supporting popular email clients like Mozilla Thunderbird, Evolution, KMail, Claws Mail, Sylpheed, Balsa, and Netscape.

  • Randa Roundup - Part II

    The last time we wrote about Randa Meetings 2017, preparations for the event were still in progress. The developer sprint is now in full swing. Everyone is settled in and ready to start improving, debugging and adding features to KDE's apps and frameworks. But what exactly will the developers work on during Randa 2017? Here are some more details.

    As you're probably already aware, the theme of Randa Meetings 2017 is accessibility. This doesn't include only desktop software, but also extends to mobile apps. Sanjiban Bairagya is working on the Marble Maps Android app, KDE's answer to Google Earth. His accessibility-related tasks include making the turn-by-turn navigation experience more visually intuitive in real-time. He will also be switching Marble to the Qt 5.8 Speech module instead of using Java for text-to-speech support in navigation. Another thing Sanjiban wants to do is find a way to let users add notes to any place on the map.

  • Take Randa and Stuff It

    (O yeah, lunch was pretty expansive and tasty, so we’re stuffed. And in Randa.)

openSUSE Tumbleweed Users Will Soon Get Linux Kernel 4.13 and GNOME 3.26 Desktop

Filed under
SUSE

openSUSE Project's Dominique Leuenberger is back with a new weekly report to inform OpenSuSE Tumbleweed users about the fact that a total of four snapshots have been published this week despite infrastructure's issues still not being fully addressed.

"I’m mainly astonished that there were still 3 (4) snapshots completed, considering the issues the infrastructure had during the last days (openQA had a corrupted disk/database, then download.opensuse.org disappeared on us)," said Dominique Leuenberger in his report.

Read more

Open-Source AMDGPU and ATI Linux Video Drivers Updated for AMD Radeon GPUs

Filed under
OSS

xf86-video-amdgpu 1.4.0 and xf86-video-ati 7.10.0 ship with the same set of enhancements and are designed to work with X.Org Server version 1.13 to 1.19 on any supported GNU/Linux distribution. The new releases improve performance of clients, including composite managers that use DRI page flipping even when the "TearFree" option is enabled for any CRTC, and make sure CRTCs that don't have TearFree support won't suffer from tearing.

Both drivers are now capable of preventing certain DRM master processes from accessing buffers that have been created by the respective driver when switching away to a different VT (Virtual Terminal). This improvement alone might be useful especially when the DRM master processes come from other local users.

Read more

Games: Dominions 5, Best of Indie Legends 2 Bundle, Death Point and More

Filed under
Gaming

OSS: Chrome 63, AcadiaSoft, HAMMER2, LLVM 2017 Meeting, and GNU Tools Cauldron 2017

Filed under
OSS
Syndicate content

More in Tux Machines

Android Leftovers

Red Hat: Patent 'Promise', Proprietary 'Gifts', Imminent Results, Fedora 27 Delays

  • Red Hat pledges patent protection for 99 per cent of FOSS-ware [Ed: And when Red Hat gets taken over (like Sun and Oracle) this promise will be worthless]
    Red Hat says it has amassed over 2,000 patents and won't enforce them if the technologies they describe are used in properly-licensed open source software. The company's made more or less the same offer since the year 2002, when it first made a “Patent Promise” in order to “to discourage patent aggression in free and open source software.” In 2002 the company didn't own many patents and claimed its non-enforcement promise covered per cent of open source software. The Promise was revised in order to reflect the company's growing patent trove and to spruce up the language it uses to make it more relevant. The revised promise “applies to all software meeting the free software or open source definitions of the Free Software Foundation (FSF) or the Open Source Initiative (OSI)”. That verbiage translates into any software licensed on terms the OSI approves on this list, or which meet the Initiative’s definition of open source offered here. Licenses listed by the Free Software Foundation as a free software license at https://www.gnu.org/licenses/license-list.html#SoftwareLicenses also come under the Promise's purview, as do those here as of the date this edition of Our Promise is published.
  • Red Hat Open Source Day rewards with proprietary hardware. For the fourth time
    The above is an excerpt of the 2017 event announcement. Which, as you can see below, will be at least the fourth consecutive one in which Red Hat Italia will award participants with some of the most proprietary devices around. Please note the absence of anything like, e.g. Matchstick, “100% Linux compatible laptop, with Linux preinstalled”, or a Fairphone, in the screenshots...
  • Red Hat (RHT) to Report Q2 Earnings: Will it Beat Estimates?
    We expect Red Hat Inc. RHT to beat expectations when it reports fiscal second-quarter 2018 results on Sep 25.
  • Needle Action Activity Spotted in Enbridge Inc (ENB) and Red Hat Inc (RHT)
  • Fedora 27 Beta Hit By A Second Delay
    Last week it was decided to delay the Fedora 27 beta due to bugs while this week they've been forced to delay the release a second time. The first beta delay wasn't too bad as the F27 schedule already had a built-in "rain date", in acknowledging Fedora's frequent release delays. But today a second unplanned delay is pushing back F27 Beta by at least one more week. This will now also push back the Fedora 27 final release by at least one week.
  • Fedora 27 Beta status is NO-GO
  • News: The new Krita 3.3.0

Security: Apple's Betrayal, Intel ME Back Doors Backfire, and Optionsbleed

  • iOS 11 Muddies WiFi and Bluetooth Controls
    Turning WiFi and Bluetooth off is often viewed as a good security practice. Apple did not rationalize these changes in behavior.
  • How To Hack A Turned-Off Computer, Or Running Unsigned Code In Intel Management Engine
    Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely. Researchers have been long interested in such "God mode" capabilities, but recently we have seen a surge of interest in Intel ME. One of the reasons is the transition of this subsystem to a new hardware (x86) and software (modified MINIX as an operating system) architecture. The x86 platform allows researchers to bring to bear all the power of binary code analysis tools.
  • Optionsbleed: Don’t get your panties in a wad
    To be honest, this isn’t the first security concern you’ve run in to, and it isn’t the first security issue you’re vulnerable to, that will remain exploitable for quite some time, until after someone you rely on fixed the issue for you, meanwhile compromising your customers. [...] Is it a small part of the SSL public key? A small part of the web request response? A chunk of the path to the index.php? Or is it a chunk of the database password used? Nobody knows until you get enough data to analyse the results of all data. If you can’t appreciate the maths behind analysing multiple readings of 8 arbitrary bytes, choose another career. Not that I know what to do and how to do it, by the way.

OSS: Puppet Acquires Distelli, Mozilla Adds Tracking Protection, Fake List of Open Source Companies, and Open Source Summit

  • Puppet Acquires Distelli, Boosting Its Cloud Automation Offerings
    Puppet, the open source company that markets cloud-native software management tools, has acquired startup Distelli. Based in Seattle, Distelli offers a software as a service platform used by developers to build, test, and deploy code written in any language to any server, including cloud platforms. This is an obvious good match, as both platforms enable developers to manage infrastructure and applications across the entire software delivery process to make app development quicker. "Today, a company's success is predicated on how quickly and successfully it can deliver new experiences to customers through software," Puppet's CEO, Sanjay Mirchandani, said in a statement. "Automation makes world-class application delivery straightforward for every enterprise, not just for companies born in the cloud. Together with Distelli, we are bringing a comprehensive solution for orchestrating and automating the entire software delivery lifecycle, from infrastructure, all the way up through containers."
  • Mozilla Adds Tracking Protection to Firefox for iOS, Focus Gets Multitasking
    Mozilla released on Thursday new updates for its Firefox for iOS and Firefox Focus for Android apps adding new features like tracking protection and multi-tasking, along with various other improvements. Firefox for iOS has been updated today to version 9.0, a release that's available on the App Store for iPhone, iPad, and iPod touch devices running iOS 10.3 or later. It comes with support for Apple's recently launched iOS 11 operating system, as well as tracking protection, which is enabled by default in the private browsing mode to automatically block third-party trackers in an attempt to increase browsing speed.
  • 35 Top Open Source Companies [Ed: Easy to see that this list will be a 'scam' when the company listed in number one is Adobe. It has even listed Black Duck as "Open Source Company". It’s PROPRIETARY and ANTI-FOSS.]
  • Open Source Summit in Los Angeles: Day 1 in 5 Minutes
    Open Source Summit North America in Los Angeles was packed with keynotes, technical sessions, and special presentations, including a conversation with Linux creator Linus Torvalds. In case you couldn't make it, CodePop.com's Gregg Pollack has put together some short videos recapping highlights of the event.