Language Selection

English French German Italian Portuguese Spanish

Software

Leftovers: Software

Filed under
Software
  • Seafile server 6.0.2 stable is released

    This new design makes Seafile look more like a web app. Making use of technologies like backbone.js and Bootstrap, the UI is now more responsive and easier to use than ever.

    The new UI is also adaptive to screen sizes. If you have a wide screen, the new UI can take the advantage to show more content in one line. If you have a small screen, the new UI can also adapt to it.

  • Why Linux Users Will Love FastMail

    I’m not sure if FastMail’s documentation got better or if I was just in a better headspace this time, but getting it configured was pretty easy. I have a lot of old email addresses from old web projects but setting up the domain records was simple, with detailed steps from FastMail. I had one issue that the help desk resolved fairly quickly (FastMail has great email support).

  • OpenShot 2.1 Released!
  • Arcan “Monthly”, September Edition

    For this round, there’s a new tagged Arcan (i.e. the Display Server) version (0.5.1) and a new tagged Durden (i.e. the example “Desktop Environment”) version (0.2). Although some new features can’t be recorded with the setup I have here, the following demo video covers some of the major changes:

  • QEMU 2.7.0 is now available
  • nano to remain in GNU
  • Cutelyst 0.13.0 released!

    When I started Cutelyst a simple developer Engine (read HTTP engine) was created, it was very slow and mostly an ugly hackery but helped work on the APIs that matter, I then took a look at uWSGI due some friend saying it was awesome and it was great to be able to deal with many protocols without the hassled of writing parsers for them.

    Fast forwarding to 0.12.0 release and I started to feel that I was reaching a limit on Cutelyst optimizations and uWSGI was holding us back, and it wasn’t only about performance, memory usage (scalability) was too high for something that should be rather small, it’s written in C after all.

  • Yokadi 1.1.0 is out
  • VirtualBox & unknown version of X Window system

    Here's my story. As it happens, I was testing Fedora 23 in VirtualBox one day, and as a very first step to enjoying myself, I decided to install the Guest Additions. However, after a few brief, tense moments, VirtualBox told me that it had detected an unknown version of the X Window System installed and was not installing X Window System drivers.

    A quick search on the VirtualBox ticketary lists this as a five-month old bug for VirtualBox 4.3, even though I was running 5.0.6, and it mentions upgrading to a newer version of the virtualization software as a fix, which I could not do at this point. So what now?

  • Multitrack audio in Nageru 1.4.0

    Even though the Chess Olympiad takes some attention right now, development on Nageru (my live video mixer) has continued steadily throughout since the 1.3.0 release. I wanted to take a little time to talk about the upcoming 1.4.0 release, and why things are as they are; writing down things often make them a bit clearer.

    Every major release of Nageru has had a specific primary focus: 1.0.0 was about just getting everything to work, 1.1.0 was about NVIDIA support for more oomph, 1.2.0 was about stabilization and polish (and added support for Blackmagic's PCI cards as a nice little bonus), and 1.3.0 was about x264 integration. For 1.4.0, I wanted to work on multitrack audio and mixing.

  • Kaku Is An Open-Source Desktop YouTube Music Player for Linux

    Kaku is a YouTube desktop music player for Windows, Mac and Linux. It is open-source, free to download, and offers some nifty features, including an online DJ.

  • Krita Appimage for cats
  • [Kdenlive] Manage Cached Data
  • Multi-process Firefox brings 400-700% improvement in responsiveness

    Earlier this summer I wrote about Mozilla’s efforts to rollout a multi-process architecture, codename Electrolysis, for Firefox. In the months since, Mozilla has completed its initial tests on 1 percent of its user population and the initial numbers are good, according to Asa Dotzler, director of Firefox at Mozilla.

    The company is reporting a 400 percent improvement in responsiveness and a 700 percent improvement in responsiveness for loading large web pages.These numbers mean that users are far less likely to see their browser freeze, pause, lag or crash. Dotzler himself used the word “janky” to describe previous versions of the browser.

    Over the next week, multi-process will be coming to 10 percent of total Firefox users. For now, users with add-ons will not be getting the new architecture. The staggered rollout is fairly industry standard to avoid shipping bugs. Having two independent groups of users allows Mozilla to benchmark metrics from the new version against unconverted users.

    For now, multi-process is limited to a single content process and a single browser process. Later versions will include multiple content processes and sandboxing.

  • Microsoft Finally Releases Skype 1.6 for Linux [Ed: surveillance software]

    It’s been a while since Microsoft rolled out the latest update for Skype for Linux, so today the software giant finally pushed the green button for version 1.6 which brings several improvements and a few new features.

Announcing the KDE Software Store

Filed under
KDE
Software

Big news: Today, KDE announced a new software store, and that the source code for this new service has been released as Free software under the AGPL, fixing a long standing bug in KDE software: reliance on a proprietary web service.

That also means that KDE has a new software store that replaces the opendesktop sites. The migration has been happening in the background, so you may actually have used the new store from within Plasma or applications to install add-ons already without noticing it!

Read more

Also: KDE Software Store

KDE Software Store Announced, AGPL Licensed

Leftovers: Software

Filed under
Software
  • apt 1.3 RC4 – Tweaking apt update

    Did that ever happen to you: You run apt update, it fetches a Release file, then starts fetching DEP-11 metadata, then any pdiff index stuff, and then applies them; all after another? Or this: You don’t see any update progress until very near the end? Worry no more: I tweaked things a bit in 1.3~rc4 (git commit).

  • QEMU 2.7 Released With Many Improvements For The Linux Virtualization Stack

    It's time for another stable QEMU update.

    QEMU 2.7 is today's new feature release and has numerous ARM/MIPS improvements, CPU hot-remove support for x86, VirtIO-BLK now supports multi-queue, a new e1000e network device, support for Xen para-virtualized USB, VirtIO GPU improvements, speed improvements for the TCG code generator, and various other enhancements.

  • Git v2.10.0

    The latest feature release Git v2.10.0 is now available at the usual places. It is comprised of 639 non-merge commits since v2.9.0, contributed by 76 people, 22 of which are new faces.

  • Git 2.10 Released

    Git 2.10 isn't the most exciting feature release, but there is some new functionality. Git 2.10 features various minor updates to the many sub-commands, performance improvements to Git's fast-import, HTTP transfer improvements, various other improvements and a wide assortment of fixes.

  • Batch file renaming and integrated archive support added to Nautilus

    The Files application (aka Nautilus) is getting a major update in Fedora 25 Workstation. Fedora 25 is slated to include Nautilus 3.22, adding a new GUI interface for batch renaming of files, and will also add integrated archive support. GNOME Developer Carlos Soriano has blogged in depth about all the new features in Nautilus 3.22, including some additional features that might be included in the future. OMG! Ubuntu! also has a great writeup if you want to learn more about the new features.

Wine 1.9.18 Released

Filed under
Software

Leftovers: Software

Filed under
Software
  • 100+ self-hosted alternatives to popular services

    Most of us use online services like Gmail, Dropbox, Skype, Evernote etc. on a daily basis without having control over the service. However, now it’s easier than ever to find a self-hosted alternative to your favorite online service and have complete control over it. In this article, we will share a huge list of self-hosted alternatives to popular online services.

  • RockMongo - A Graphical MongoDB administration tool

    RockMongo is a free, open source GUI database administration tool for MongoDB, just like phpMyAdmin to MySQL/MariaDB.

  • Atom 1.10 Hackable Text Editor Released with New Atom Package Manager Build

    Today, August 31, 2016, GitHub has had the great pleasure of announcing the release and immediate availability of the Atom 1.10 stable version of their hackable text editor for application developers and programmers, along with the Beta of Atom 1.11.

    Atom 1.10 is here exactly 30 days after the launch of the Atom 1.9 and Atom 1.10 Beta builds on the first day of August 2016, and, as promised during the Beta stages of development, the biggest new feature of the Atom 1.10 stable release is the upgrade of the Atom Package Manager (APM) to run on Node 4.4.5 and npm 3.10.5.

  • Peek Is An Animated GIF Screen Recorder Tool for Linux

    Looking for a simple tool that lets you record a section of your screen and export it as a GIF? Take a peek at Peek, an app that can do exactly that.

  • OpenShot 2.1 Released With Animation Support, Improved Timeline

    A new version of open-source video editor OpenShot 2.1 has been released. We show you what's new and how you can install it on Ubuntu using a PPA.

  • Flowblade Linux Video Editor – Is It Any Good?

    Kdenlive is hugely popular and for good reason — it’s fast, easy to use and mostly stable.

    But open-source is all about choice, and in the comments section to that article many of you wrote about your experiences with other well-known video editors.

    Among those mentioned is long-time fave OpenShot, the hard-to-use Cinelerra, the buggy Shotcut, and (though not strictly a video editor) the powerful Blender.

    One app that wasn’t mentioned in the comments was Flowblade, a Python-based video editor for Linux.

  • Weblate 2.8

    Quite on schedule (just one day later), Weblate 2.7 is out today. This release brings Subversion support or improved zen mode.

  • Geekbench 4 Lands On iOS, Android , Windows, Linux And Mac

    Popular benchmarking application Geekbench has launched a new version of their software called Geekbench 4.

  • Stable Channel Update for Desktop
  • Chrome 53 Released With Speed Improvements, Shadow DOM

    Ending out August, Google has promoted Chrome/Chromium 53 to their stable channel.

    Chrome 53 is primarily geared at delivering new developer features with notification improvements, Shadow DOM v1 support, security fixes, various speed optimizations, and more.

  • Drupal 8.2, now with more outside-in

    Over the weekend, Drupal 8.2 beta was released. One of the reasons why I'm so excited about this release is that it ships with "more outside-in". In an "outside-in experience", you can click anything on the page, edit its configuration in place without having to navigate to the administration back end, and watch it take effect immediately. This kind of on-the-fly editorial experience could be a game changer for Drupal's usability.

    When I last discussed turning Drupal outside-in, we were still in the conceptual stages, with mockups illustrating the concepts. Since then, those designs have gone through multiple rounds of feedback from Drupal's usability team and a round of user testing led by Cheppers. This study identified some issues and provided some insights which were incorporated into subsequent designs.

    Two policy changes we introduced in Drupal 8 — semantic versioning and experimental modules — have fundamentally changed Drupal's innovation model starting with Drupal 8. I should write a longer blog post about this, but the net result of those two changes is ongoing improvements with an easy upgrade path. In this case, it enabled us to add outside-in experiences to Drupal 8.2 instead of having to wait for Drupal 9. The authoring experience improvements we made in Drupal 8 are well-received, but that doesn't mean we are done. It's exciting that we can move much faster on making Drupal easier to use.

  • LLVM 3.9 Is Set To Be Released

OpenShot 2.1

Filed under
Software

Leftovers: Software

Filed under
Software
  • A Quick Hands-On With Chatty, A Desktop Twitch Chat Client

    Chatty is a desktop Twitch Chat client for Windows, macOS and Linux written in Ja

  • HP Linux Imaging and Printing 3.16.8 Adds Support for Linux Mint 18, Fedora 24

    The open-source HP Linux Imaging and Printing (HPLIP) project has been updated on August 29, 2016, to version 3.16.8, a maintenance update that adds support for new printers and GNU/Linux operating systems.

    According to the release notes, HP Linux Imaging and Printing 3.16.8 adds support for new all-in-one HP printers, including HP OfficeJet Pro 6970, HP OfficeJet Pro 6960, HP OfficeJet 250 Mobile, HP DeskJet 3700, as well as HP DeskJet Ink Advantage 3700.

    Also new in the HPLIP 3.16.8 update is support for the recently released Linux Mint 18 "Sarah" Cinnamon, MATE, Xfce, and the upcoming KDE editions, the Fedora 24 Linux operating system, as well as the Debian GNU/Linux 8.5 "Jessie" distribution. So if you're using any of these OSes, you can now update to the latest HPLIP release.

  • MPlayer-Based MPV 0.20.0 Video Player Released with New Options and Commands

    The popular, open-source, and cross-platform MPV video player software received a new update, version 0.20.0, which comes only two weeks after the previous 0.19.0 maintenance release.

    MPV 0.20.0 is not a major update, and, according to the release notes, it only implements a couple of new options and commands, such as "--video-unscaled=downscale-big" for changing the aspect ratio.

    Additionally, the MPlayer-based video playback application also gets the "--image-display-duration" option for controlling the duration of image display, and a new "dcomposition" flag for controlling DirectComposition.

  • FFmpeg 3.1.3 "Laplace" Open-Source Multimedia Framework Now Available for Linux

    The major FFmpeg 3.1 "Laplace" open-source and cross-platform multimedia framework has received recently its third maintenance update, version 3.1.3, which brings updated components.

    FFmpeg 3.1 was announced two months ago, at the end of June, and it introduced a multitude of new features to make the popular multimedia backend even more reliable and handy to game and application developers. Dubbed Laplace, FFmpeg 3.1 is currently the most advanced FFmpeg release, cut from Git master on June 26, 2016.

  • GNU Scientific Library 2.2 released

    Version 2.2 of the GNU Scientific Library (GSL) is now available. GSL provides a large collection of routines for numerical computing in C.

    This release contains new linear algebra routines (Pivoted and Modified Cholesky, Complete Orthogonal Decomposition, matrix condition number estimation) as well as a completely rewritten nonlinear least squares module, including support for Levenberg-Marquardt, dogleg, double-dogleg, and Steihaug-Toint methods.

    The full NEWS file entry is appended below.

Cost Effective Linux Server Software for Enterprises

Filed under
Server
Software

The advantages of a Linux server over expensive Windows systems are numerous with hardly any drawbacks. Since Linux is not dominant as Windows, there are some slight difficulties to find applications based on this platform to support the needs. While security stands as an important aspect for servers, the advantage over dominant operating systems is that security flaws are caught in Linux, even before they become an issue for the public.

Linux was one of the first open-source technologies in which you can download the source code and change it any way you like. Several Linux coders have developed software that’s completely open-source for any user, improving the security and usability at each core.

Read more

Also: Weigh the pros, cons of three Linux load balancer options

Leftovers: Software

Filed under
Software
  • SDDM 0.14.0
  • Kodi v17 “Krypton” Beta 1
  • Top 10 Time Tracking Software for Linux

    Just a few days ago we were presenting software for one of the most popular mainstream Linux distribution – Ubuntu. Now let’s cover the progenitor of all free and open-source software. Its operating system was released on October 5, 1991. The creator of Linux, Linus Torvalds, was only 22 years old at that time!

    Linux is not very popular on the desktop computers (at least among regular users, software engineers, for example, prefer to work on it), but it is the leading operating system on servers, mainframe computers, and virtually all fastest supercomputers. It is also worth mentioning that without Linux there won’t be no Android as we know it now, no network routers, video game consoles, and smartwatches. We really owe a lot to Mr. Linus.

    According to Wikipedia, the development of Linux is one of the most prominent examples of free and open-source software collaboration. Its source code may be used, modified and distributed—commercially or non-commercially—by anyone under the terms of its respective licenses. Thanks to it we can use some great software like the already mentioned Ubuntu, but also Fedora, Gentoo Linux, Debian and more.

  • MPTCP v0.91 Release

    The MPTCP v0.91 release is based on the Linux Kernel Longterm Support release v4.1.x.

  • Quick Updates: Guake 0.8.7, WebTorrent Desktop 0.12.0, TLP 0.9

    Guake is a drop-down terminal emulator for GNOME (GTK2). The application is inspired from consoles in computer games, such as Quake, in which the console slides from the top of the screen when a key is pressed. In the same way, Guake can be invoked and hidden using a single key (though Guake can also automatically hide when it loses focus).

  • Switch Between Multiple Lists Of Apps Pinned To Unity Launcher With `Launcher List Indicator`
  • MATE Dock Applet Gets Unity-Like Progress Bar And Badge Support

    MATE Dock Applet is a MATE Panel applet that displays running application windows as icons. The applet features options to pin applications to the dock, supports multiple workspaces, and can be added to any MATE Panel, regardless of size and orientation.

  • AppImage – One app framework to distro them all

    Linux is highly portable. Fact. On the other hand, Linux software is the least portable technology in the world. Try running Firefox designed for Debian on Fedora. In fact, try running Firefox designed for one version of Fedora on another Fedora, perhaps a slightly older version. Godspeed, Captain Jack Sparrow.

    The fanatical rigor with which the Linux backward compatibility is maintained in the enterprise flavors, SUSE and Red Hat, is inversely proportional to all other incompatibilities that exist in the Linux space. This ain’t no news. I have most artfully elaborated on this problem in my illustrated Linux guide. But now, there’s a thing that promises to solve all these problems forever. AppImage.

  • Substance Designer 5.5 Is Here

    This version takes texture creation into the big leagues with MDL material authoring – opening up a whole new world of materials – plus Linux support, fbx camera import and support for VCA. This is a free upgrade for license holders and Substance Live subscribers, or you can get a free 30-day trial version.

Leftovers: Software

Filed under
Software
  • 5 Cool Unikernels Projects

    Unikernels are poised to become the next big thing in microservices after Docker containers. Here’s a look at some of the cool things you can do with unikernels.

    First, though, here’s a quick primer on what unikernels are, for the uninitiated. Unikernels are similar to containers in that they let you run an app inside a portable, software-defined environment. But they go a step further than containers by packaging all of the libraries required to run the app directly into the unikernel.

  • Cedrus Is Making Progress On Open-Source Allwinner Video Encode/Decode

    The developers within the Sunxi camp working on better Allwinner SoC support under Linux have been reverse-engineering Allwinner's "Cedar" video engine. Their project is being called Cedrus with a goal of "100% libre and open-source" video decode/encode for the relevant Cedar hardware.

    The developers have been making progress and yesterday they published their initial patches that add a V4L2 decoder driver for the VPU found on Allwinner's A13 SoC.

  • Phoronix Test Suite 6.6 Milestone 3 Released For Linux Benchmarking
  • Calibre 2.65.1 eBook Viewer Adds Driver for Kobo Aura One and Aura 2 Readers

    Kovid Goyal released today, August 26, 2016, a new maintenance update of his popular, cross-platform, and open-source Calibre e-book viewer, converter and library management tool.

    Calibre 2.65 was announced earlier, and it looks like it's both a feature and bugfix release that adds drivers for the Kobo Aura One and Kobo Aura Edition 2 ebook readers, along with a new option to the Kobo driver to allow users to ignore certain collections on their ebook reader.

    The list of new features continues with support for right-to-left text and tables to the DOCX Input feature, as well as the implementation of a new option to allow users to make searching case-sensitive. This option can be found and enabled in the "Searching" configuration section under Preferences.

  • Calamares 2.4 Universal Installer Framework Polishes Existing Functionality

    A new stable version of the Calamares universal installer framework used by various GNU/Linux distributions as default graphical installer has been released with various improvements and bug fixes.

    Calamares 2.4 is now the latest build, coming two months after the release of the previous version, Calamares 2.3, which introduced full-disk encryption support. However, Calamares 2.4 is not as big as the previous update as it only polished existing functionality and address various annoying issues reported by users.

  • RcppArmadillo 0.7.400.2.0

    Another Armadillo 7.* release -- now at 7.400. We skipped the 7.300.* serie release as it came too soon after our most recent CRAN release. Releasing RcppArmadillo 0.7.400.2.0 now keeps us at the (roughly monthly) cadence which works as a good compromise between getting updates out at Conrad's sometimes frantic pace, while keeping CRAN (and Debian) uploads to about once per month.

    So we may continue the pattern of helping Conrad with thorough regression tests by building against all (by now 253 (!!)) CRAN dependencies, but keeping release at the GitHub repo and only uploading to CRAN at most once a month.

  • Spotio Is A Light Skin for Spotify’s Desktop App — And Its Coming To Linux

    Spotify’s dark design is very much of its identity. No-matter the platform you use it on, the dark theme is there staring back at you. Until now. A bunch of ace websites, blogs and people I follow have spent the past 24 hours waxing lyrical over a new Spotify skin called Spotio.

Syndicate content

More in Tux Machines

LibreOffice Office Suite Celebrates 6 Years of Activity with LibreOffice 5.2.2

Today, September 29, 2016, Italo Vignoli from The Document Foundation informs Softpedia via an email announcement about the general availability of the first point release of the LibreOffice 5.2 open-source and cross-platform office suite. On September 28, the LibreOffice project celebrated its 6th anniversary, and what better way to celebrate than to push a new update of the popular open source and cross-platform office suite used by millions of computer users worldwide. Therefore, we would like to inform our readers about the general availability of LibreOffice 5.2.2, which comes just three weeks after the release of LibreOffice 5.2.1. "Just one day after the project 6th anniversary, The Document Foundation (TDF) announces the availability of LibreOffice 5.2.2, the second minor release of the LibreOffice 5.2 family," says Italo Vignoli. "LibreOffice 5.2.2, targeted at technology enthusiasts, early adopters and power users, provides a number of fixes over the major release announced in August." Read more

OSS Leftovers

  • But is it safe? Uncork a bottle of vintage open-source FUD
    Most of the open source questioners come from larger organisations. Banks very rarely pop up here, and governments have long been hip to using open source. Both have ancient, proprietary systems in place here and there that are finally crumbling to dust and need replacing fast. Their concerns are more oft around risk management and picking the right projects. It’s usually organisations whose business is dealing with actual three dimensional objects that ask about open source. Manufacturing, industrials, oil and gas, mining, and others who have typically looked at IT as, at best, a helper for their business rather than a core product enabler. These industries are witnessing the lighting fast injection of software into their products - that whole “Internet of Things” jag we keep hearing about. Companies here are being forced to look at both using open source in their products and shipping open source as part of their business. The technical and pricing requirements for IoT scale software is a perfect fit for open source, especially that pricing bit. On the other end - peddling open source themselves - companies that are looking to build and sell software-driven “platforms” are finding that partners and developers are not so keen to join closed source ecosystems. These two pulls create some weird clunking in the heads of management at these companies who aren’t used to working with a sandles and rainbow frame of mind. They have a scepticism born of their inexperience with open source. Let’s address some of their trepidation.
  • Real business innovation begins with open practices
    To business leaders, "open source" often sounds too altruistic—and altruism is in short supply on the average balance sheet. But using and contributing to open source makes hard-nosed business sense, particularly as a way of increasing innovation. Today's firms all face increased competition and dynamic markets. Yesterday's big bang can easily become today's cautionary tale. Strategically, the only viable response to this disruption is constantly striving to serve customers better through sustained and continuous innovation. But delivering innovation is hard; the key is to embrace open and collaborative innovation across organizational walls—open innovation. Open source communities' values and practices generate open innovation, and working in open source is a practical, pragmatic way of delivering innovation. To avoid the all-too-real risk of buzzword bingo we can consider two definitions of "innovation": creating value (that serves customer needs) to sell for a profit; or reducing what a firm pays for services.
  • This Week In Servo 79
    In the last week, we landed 96 PRs in the Servo organization’s repositories. Promise support has arrived in Servo, thanks to hard work by jdm, dati91, and mmatyas! This does not fully implement microtasks, but unblocks the uses of Promises in many places (e.g., the WebBluetooth test suite). Emilio rewrote the bindings generation code for rust-bindgen, dramatically improving the flow of the code and output generated when producing Rust bindings for C and C++ code. The TPAC WebBluetooth standards meeting talked a bit about the great progress by the team at the University of Szeged in the context of Servo.
  • Servo Web Engine Now Supports Promises, Continues Churning Along
    It's been nearly two months since last writing about Mozilla's Servo web layout engine (in early August, back when WebRender2 landed) but development has kept up and they continue enabling more features for this next-generation alternative to Gecko. The latest is that Servo now supports JavaScript promises. If you are unfamiliar with the promise support, see this guide. The latest Servo code has improvements around its Rust binding generator for C and C++ code plus other changes.
  • Riak TS for time series analysis at scale
    Until recently, doing time series analysis at scale was expensive and almost exclusively the domain of large enterprises. What made time series a hard and expensive problem to tackle? Until the advent of the NoSQL database, scaling up to meet increasing velocity and volumes of data generally meant scaling hardware vertically by adding CPUs, memory, or additional hard drives. When combined with database licensing models that charged per processor core, the cost of scaling was simply out of reach for most. Fortunately, the open source community is democratising large scale data analysis rapidly, and I am lucky enough to work at a company making contributions in this space. In my talk at All Things Open this year, I'll introduce Riak TS, a key-value database optimized to store and retrieve time series data for massive data sets, and demonstrate how to use it in conjunction with three other open source tools—Python, Pandas, and Jupyter—to build a completely open source time series analysis platform. And it doesn't take all that long.
  • Free Software Directory meeting recap for September 23rd, 2016

Security News

  • security things in Linux v4.5
  • Time to Kill Security Questions—or Answer Them With Lies
    The notion of using robust, random passwords has become all but mainstream—by now anyone with an inkling of security sense knows that “password1” and “1234567” aren’t doing them any favors. But even as password security improves, there’s something even more problematic that underlies them: security questions. Last week Yahoo revealed that it had been massively hacked, with at least 500 million of its users’ data compromised by state sponsored intruders. And included in the company’s list of breached data weren’t just the usual hashed passwords and email addresses, but the security questions and answers that victims had chosen as a backup means of resetting their passwords—supposedly secret information like your favorite place to vacation or the street you grew up on. Yahoo’s data debacle highlights how those innocuous-seeming questions remain a weak link in our online authentication systems. Ask the security community about security questions, and they’ll tell you that they should be abolished—and that until they are, you should never answer them honestly. From their dangerous guessability to the difficulty of changing them after a major breach like Yahoo’s, security questions have proven to be deeply inadequate as contingency mechanisms for passwords. They’re meant to be a reliable last-ditch recovery feature: Even if you forget a complicated password, the thinking goes, you won’t forget your mother’s maiden name or the city you were born in. But by relying on factual data that was never meant to be kept secret in the first place—web and social media searches can often reveal where someone grew up or what the make of their first car was—the approach puts accounts at risk. And since your first pet’s name never changes, your answers to security questions can be instantly compromised across many digital services if they are revealed through digital snooping or a data breach.
  • LibreSSL and the latest OpenSSL security advisory
    Just a quick note that LibreSSL is not impacted by either of the issues mentioned in the latest OpenSSL security advisory - both of the issues exist in code that was added to OpenSSL in the last release, which is not present in LibreSSL.
  • Record-breaking DDoS reportedly delivered by >145k hacked cameras
    Last week, security news site KrebsOnSecurity went dark for more than 24 hours following what was believed to be a record 620 gigabit-per-second denial of service attack brought on by an ensemble of routers, security cameras, or other so-called Internet of Things devices. Now, there's word of a similar attack on a French Web host that peaked at a staggering 1.1 terabits per second, more than 60 percent bigger. The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH. The first one reached 1.1 Tbps while a follow-on was 901 Gbps. Then, last Friday, he reported more attacks that were in the same almost incomprehensible range. He said the distributed denial-of-service (DDoS) attacks were delivered through a collection of hacked Internet-connected cameras and digital video recorders. With each one having the ability to bombard targets with 1 Mbps to 30 Mbps, he estimated the botnet had a capacity of 1.5 Tbps. On Monday, Klaba reported that more than 6,800 new cameras had joined the botnet and said further that over the previous 48 hours the hosting service was subjected to dozens of attacks, some ranging from 100 Gbps to 800 Gbps. On Wednesday, he said more than 15,000 new devices had participated in attacks over the past 48 hours.

Android Leftovers