Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • OpenSSH adds protection against Spectre, Meltdown, RAMBleed

    OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory.

  • How to take the pain out of patching Linux and Windows systems at scale

    Patching can be manually intensive and time-consuming, requiring large amounts of coordination and processes. Tony Green gives the best tips.

  • Removal of IBRS mitigation for Spectre Variant2

    As the Meltdown and Spectre attacks were published begin of January 2018, several mitigations were planned and implemented for Spectre Variant 2.

  • Go and FIPS 140-2 on Red Hat Enterprise Linux

    Red Hat provides the Go programming language to Red Hat Enterprise Linux customers via the go-toolset package. If this package is new to you, and you want to learn more, check out some of the previous articles that have been written for some background.

    The go-toolset package is currently shipping Go version 1.11.x, with Red Hat planning to ship 1.12.x in Fall 2019. Currently, the go-toolset package only provides the Go toolchain (e.g., the compiler and associated tools like gofmt); however, we are looking into adding other tools to provide a more complete and full-featured Go development environment.

    In this article, I will talk about some of the improvements, changes, and exciting new features for go-toolset that we have been working on. These changes bring many upstream improvements and CVE fixes, as well as new features that we have been developing internally alongside upstream.

  • Check your password security with Have I Been Pwned? and pass

    Password security involves a broad set of practices, and not all of them are appropriate or possible for everyone. Therefore, the best strategy is to develop a threat model by thinking through your most significant risks—who and what you are protecting against—then model your security approach on the activities that are most effective against those specific threats. The Electronic Frontier Foundation (EFF) has a great series on threat modeling that I encourage everyone to read.

    In my threat model, I am very concerned about the security of my passwords against (among other things) dictionary attacks, in which an attacker uses a list of likely or known passwords to try to break into a system. One way to stop dictionary attacks is to have your service provider rate-limit or deny login attempts after a certain number of failures. Another way is not to use passwords in the "known passwords" dataset.

Security: Curl, Fedora, Windows and More

Filed under
Security
  • Daniel Stenberg: openssl engine code injection in curl

    This flaw is known as CVE-2019-5443.

    If you downloaded and installed a curl executable for Windows from the curl project before June 21st 2019, go get an updated one. Now.

  • Fedora's GRUB2 EFI Build To Offer Greater Security Options

    In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader.

    GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

  • Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default

    Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions.

    The default OpenSSH daemon configuration file will now respect upstream's default of prohibiting passwords for root log-ins. Those wishing to restore the old behavior of allowing root log-ins with a password can adjust their SSHD configuration file with the PermitRootLogin option, but users are encouraged to instead use a public-key for root log-ins that is more secure and will be permitted still by default.

  • Warning Issued For Millions Of Microsoft Windows 10 Users

    Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions.

    The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.

    What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.

    What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

  • Update Your Dell Laptop Now to Fix a Critical Security Flaw in Pre-Installed Software

    SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.”

    What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload.

    There are concerns the flaw may affect non-Dell PCs, as well.

    The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool.

    The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here).

    You can read a full version of the SafeBreach Labs report here.

  • TCP SACK PANIC Kernel Vulnerabilities Reported by Netflix Researchers

    On June 17th, Researchers at Netflix have identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

  • DNS Security - Getting it Right

    This paper addresses the privacy implications of two new Domain Name System (DNS) encryption protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). Each of these protocols provides a means to secure the transfer of data during Internet domain name lookup, and they prevent monitoring and abuse of user data in this process.

    DoT and DoH provide valuable new protection for users online. They add protection to one of the last remaining unencrypted ‘core’ technologies of the modern Internet, strengthen resistance to censorship and can be coupled with additional protections to provide full user anonymity.

    Whilst DoT and DoH appear to be a win for Internet users, however, they raise issues for network operators concerned with Internet security and operational efficiency. DoH in particular makes it extremely difficult for network operators to implement domain-specific filters or blocks, which may have a negative impact on UK government strategies for the Internet which rely on these. We hope that a shift to encrypted DNS will lead to decreased reliance on network-level filtering for censorship.

Security: Password Managers, 'Cyber Militia', Linux Kernel "LOCKDOWN" and IPFire 2.23

Filed under
Security
  • Open source vs proprietary password managers [Ed: If it's proprietary software, then you can never trust what it's doing with all your passwords; it can compromise everything you have. Like putting a bandit in charge of guarding a neighbourhood]

    Nowadays, we all have huge numbers of subscriptions to online accounts and services. For those accounts to be secure, each one of them must have a unique, robust password. What’s more, truly strong passwords must be complicated, which means that they are extremely difficult to remember.

  • Cyber Militia Launches Non-Profit to Share Technology [Ed: The NSA uses the term "Cyber Militia"; what a bunch of thugs.

    RockNSM is a network security monitoring platform that uses open source technologies, such as CentOS, which is an operating system derived from the RedHat enterprise-level open source system. RockNSM formed the basis for a Task Force Echo network anomaly detection system used for real-world cyber operations.

  • Linux Kernel "LOCKDOWN" Ported To Being An LSM, Still Undergoing Review

    It didn't make it for the Linux 5.2 kernel and now it's up to its 33rd revision on the Linux kernel mailing list... The "lockdown" patches for locking down access to various kernel hardware features has been reworked now and is a Linux Security Module (LSM) as it still tries to get enough endorsements to be mainlined.

    The Lockdown effort has been most recently led by Google's Matthew Garrett and with this 33rd revision he reworked the code to serve as an LSM module. The Lockdown functionality prohibits writing to /dev/mem, restricts PCI BAR and CPU MSR access, doesn't allow kernel module parameters that touch hardware settings, drops system hibernation support, and disables other functionality that could potentially change the hardware state or running Linux kernel image.

  • IPFire 2.23 - Core Update 133 has been released

    This update brings many updates on the core libraries of the system. Various changes to our build system are also helping us to build a more modern distribution, faster. The toolchain is now based on GCC 8.3.0, binutils 2.32 and glibc 2.29 which bring various bugfixes, performance improvements and some new features.

    Although these might not be the most exciting changes, we recommend upgrading as soon as possible since this is essential hardening for backbone components of the user-space.

Security Leftovers

Filed under
Security
  • [Attackers] Used Two Firefox Zero Days to Hit a Crypto Exchange

    Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.

  • Romanian hospitals, affected by ransomware attack [iophk: "Windows TCO"]

    Four hospitals in Romania have been affected by the BadRabbit 4 ransomware, the Romanian Intelligence Service (SRI) announced. One of the hospitals is the Victor Babeş Infectious Diseases Hospital in Bucharest. The other hospitals are located in Huşi, Dorohoi and Cărbuneşti.

  • Cyber-attacks on hospitals most likely come from China, SRI says

    The specialists with the Cyberint National Centre with the Romanian Intelligence Service (SRI) suspect that the recent attacks on hospitals in Romania come from China, service representatives say, quoted by digi24.ro.

    “Regarding the cyber-attacks on hospitals, the Cyberint National Centre suspect the attackers are of Chinese origin. The time interval was considered, when the Chinese hackers are active and the clues left along with the ransom requests,” SRI says in a release.

  • Five Romanian hospitals targeted by cyber attack [iophk: "Windows TCO"]

    Five hospitals in the Romanian capital Bucharest are the target of a cyber attack. Various Romanian media report this. Opposite the news platform Stiri Lazi, the Romanian Minister of Health has announced that patients will be affected by the attack.

  • US 'launched cyber-attack on Iran weapons systems'

    The cyber-attack disabled computer systems controlling rocket and missile launchers, the Washington Post said.

  • [Compromise] of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On

    Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online.

    A terabyte of torrents seeded by Distributed Denial of Secrets (DDOS)—journalists dispersing records that governments and corporations would rather nobody read—are as of writing being downloaded daily. As of this week, that includes more than 400 GB of data stolen by an unknown actor from Perceptics, a discreet contractor based in Knoxville, Tennessee, that works for Customs and Border Protection (CBP) and is, regardless of whatever U.S. officials say, right now the epicenter of a major U.S. government data breach.

Security: Windows, 'DevSecOps', SSH, Bash and More

Filed under
Security
  • Electronic Health Records at 26 Hospitals Hit by Two-Hour Outage [iophk: "Windows TCO"]

    Universal, which manages more than 350 health-care facilities in the U.S. and U.K., declined to specify the technical issues or say how many patient records were affected. The problem lasted for less than two hours and the affected hospitals have returned to normal operations, said Eric Goodwin, chief information officer of the King of Prussia, Pennsylvania-based company.

  • DevSecOps: 4 key considerations for beginners

    Security used to be the responsibility of a dedicated team in the last development stage, but with development cycles increasing in number and speed, security practices need to be constantly updated.

    This has led to the rise of DevSecOps, which emphasizes security within DevOps. Companies need DevSecOps to make sure their initiatives run safely and securely. Without DevSecOps, DevOps teams need to rebuild and update all their systems when a vulnerability is found, wasting time and effort.

  • OpenSSH to Keep Private Keys Encrypted at Rest in RAM

    A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

    OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

  • OpenSSH adds protection against Spectre, Meltdown, Rowhammer and RAMBleed attacks
  • GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711]

    A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.

  • Daily News Roundup: Malware in Your Pirated Software

    Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software.

  • A Method for Establishing Liability for Data Breaches

    Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives.

    The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.

Security FUD and Distraction From NSA Back Doors

Filed under
Security
  • Linux Cryptominer Uses Virtual Machines to Attack Windows, macOS [Ed: This is simply malware that people download and install on their machines, but hey, let's blame something else on "Linux"]

    A new cryptocurrency mining malware dubbed LoudMiner uses virtualization software to deploy a Linux XMRig coinminer variant on Windows and macOS systems via a Tiny Core Linux virtual machine.

  • Report confirms shift of botnet attack focus to Linux, IoT [Ed: A 'report' shifts focus from Microsoft Windows back doors (which are causing huge damage at the moment) to "Linux" (usually just machine with default password unchanged)]
  • Botnets shift from Windows towards Linux and IoT platforms [Ed: Microsoft money has poisoned and polluted corporate media (advertising money) to the point each time it covers "Linux" it's either a story about Linux being dangerous or a story about Vista 10 (WeaSeL)]
  • Free proxy service found running on top of 2,600+ hacked WordPress sites [Ed: Considering there are many millions of WordPress sites, many of which aren't patching properly, this is only expected and it's the fault of their administrators]
  • Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities [Ed: When searching news for "Linux" these days almost half the results are about security because corporate media chooses to focus on nothing else, even obsessing over the same story for weeks]

    Four new CVEs present issues that have a potential DoS impact on almost every Linux user.

  • Remote Desktop Protocol

    As with any piece of software, bugs arise sooner or later. A critical security exploit allowing a man-in-the-middle- style attack was discovered in RDP version 5.2. In 2012, another critical vulnerability was discovered to allow a Windows computer to be compromised by unauthenticated clients. Version 6.1, found in Windows Server 2008, revealed a critical exploit that harvested user credentials. More recently, an exploit discovered in March 2018 allowed remote code execution attack and another credential- harvesting scenario.

Security Leftovers

Filed under
Security

CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws

Filed under
Red Hat
Security

The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value.

"While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented," reads Red Hat's security advisory. "Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments."

Read more

Security: Updates, Holes, FUD and Primers

Filed under
Security
  • Security updates for Friday
  • Critical Firefox vulnerability fixed in 67.0.3
  • NASA Lab Hacked Using A $25 Raspberry Pi Computer

    Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.

    The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen.

    [...]

    Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.

  • DragonFlyBSD 5.6.1 Released To Fix TTM & OpenSSH Problems

    There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel.

    That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.

  • Google Accidentally Releases July 2019 Pixel Update In June

    Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly.

    As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.

  • 100 Million Dell [Microsoft Windows-laden] PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software

    The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.

    Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.

  • Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs [Ed: Attributing dumb people installing malicious files on their disk to "Linux".]

    One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.

    The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.

  • New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

    A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.

  • Understanding Public Key Infrastructure and X.509 Certificates

    Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates.

    This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors.

    As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Jelle Van der Waa: Mini DebConf Hamburg 2019

    The reproducible builds project was invited to join the mini DebConf Hamburg sprints and conference part. I attended with the intention to get together to work on Arch Linux reproducible test setup improvements, reproducing more packages and comparing results.

    The first improvement was adding JSON status output for Arch Linux and coincidently also OpenSUSE and in the future Alpine the commit can be viewed here. The result was deployed and the Arch Linux JSON results are live.

    The next day, I investigated why Arch Linux's kernel is not reproducible.

  • Rogue Raspberry Pi allowed hackers to infiltrate NASA's systems [iophk: "article is missing any relevant details, lack of bureaucracy was not the cause here unlike what is asserted]

    That's according to a recent audit by the agency's Office of Inspector General, which reveals a number of security weaknesses affecting its Jet Propulsion Laboratory (JPL).

    The report claims that multiple IT security control weaknesses "reduce JPL's ability to prevent, detect and mitigate attacks targeting its systems and networks" while "exposing NASA systems and data to exploitation by cybercriminals".

  • Hacking Hardware Security Modules

    This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials. Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update.

  • The looming threat of malicious backdoors in software source code

    The history of backdoors in source code has largely been about managing insider threats. For example, a rogue developer looking to sabotage the organization. What’s changed is that increasingly well-funded nation-state attackers can afford to take a much longer-term view. This means writing useful code with backdoors planted deep inside it, making the code widely available, and waiting to see who adopts it.

  • A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US [iophk: "Windows TCO"]

    A Florida city's council voted to pay a ransom of $600,000 in Bitcoin to [crackers] that targeted its computer systems — and the payout is a sign of how unprepared much of the US is to deal with a coming wave of cyberattacks.

Syndicate content

More in Tux Machines

SUSE: Release of SUSE CaaS Platform, SUSE Enterprise Storage, SUSE Linux Enterprise 15 Service Pack 1 and More

  • SUSE CaaS Platform 4.0 Beta 3 is out!

    SUSE CaaS Platform 4.0 is built on top of SLE 15 SP1 and requires either the JeOS version shipped from the product repositories or a regular SLE 15 SP1 installation. Please note that SLE 15 SP1 is now officially out! Check out the official announcement for more information. Thus you should not use a SLES 15 SP1 environment with the SLE Beta Registration Code anymore. Because the SLE Beta Registration Code has expired now, but you can either use your regular SLE Registration Code or use a Trial.

  • SUSE Enterprise Storage 6 Now Available

    With the current increase in data creation, increased costs and flat to lower budgets, IT organizations are looking for ways to deploy highly scalable and resilient storage solutions that manage data growth and complexity, reduce costs and seamlessly adapt to changing demands. Today we are pleased to announce the general availability of SUSE Enterprise Storage 6, the latest release of the award-winning SUSE software-defined storage solution designed to meet the demands of the data explosion.

  • What’s New for SUSE Linux Enterprise Server for Arm 15 SP1

    Happy Birthday! It’s been 1 year since we introduced the world’s first multimodal OS supporting 64-bit Arm systems (AArch64 architecture), SUSE Linux Enterprise Server for Arm 15. Enterprise early adopters and developers of Ceph-based storage and industrial automation systems can gain faster time to market for innovative Arm-based server and Internet of Things (IoT) solutions. SUSE Linux Enterprise Server for Arm is tested with a broad set of Arm System-on-a-Chip (SoC) processors, enabling enterprise-class security and greater reliability. And with your choice of Standard or Premium Support subscriptions you can get the latest security patches and fixes, and spend less time on problem resolution as compared to maintaining your own Linux distribution.

  • Are you ready for the world’s first Multimodal Operating System

    Today, SUSE releases SUSE Linux Enterprise 15 Service Pack 1, marking the one-year anniversary since we launched the world’s first multimodal OS. SUSE Linux Enterprise 15 SP1 advances the multimodal OS model by enhancing the core tenets of common code base, modularity and community development while hardening business-critical attributes such as data security, reduced downtime and optimized workloads.

  • The future of OpenStack?

    Before we can answer these questions, let’s take a look at its past to give some context. Since its original release in 2010 as a joint venture by Rackspace and NASA, and its subsequent spin-off into a separate open source foundation in 2012, OpenStack has seen growth and hype that was almost unparalleled. I was fortunate enough to attend the Paris OpenStack Summit in 2014, where Mark Collier was famously driven onto stage for a keynote in one of the BMW electric sports cars. The event was huge and was packed with attendees and sponsors – almost every large technology company you can think of was there. Marketing budget had clearly been splurged in a big way on this event with lots of pizazz and fancy swag to be had from the various vendor booths. Cycle forward 4 years to the next OpenStack Summit I attended – Vancouver in May 2018. This was a very different affair – most of the tech behemoths were no longer sponsoring, and while there were some nice pieces of swag for attendees to take home, it was clear that marketing budgets had been reduced as the hype had decreased. There were less attendees, less expensive giveaways, but that ever-present buzz of open source collaboration that has always been a part of OpenStack was still there. Users were still sharing their stories, and developers and engineers were sharing their learnings with each other, just on a slightly smaller scale.

  • SUSE Academic Program to be present at 2019 UCISA SSG Conference

    Engaging with the community has always been important for SUSE and this is no different for our Academic Program. That is why next week, the SUSE Academic Program is excited to attend and participate in a three day event hosted by one of the most respected networks in UK education.

Glen Barber: Statement regarding employment change and roles in the [FreeBSD] Project

Dear FreeBSD community:

As I have a highly-visible role within the community, I want to share
some news.  I have decided the time has come to move on from my role
with the FreeBSD Foundation, this Friday being my last day.  I have
accepted a position within a prominent company that uses and produces
products based on FreeBSD.

My new employer has included provisions within my job description that
allow me to continue supporting the FreeBSD Project in my current
roles, including Release Engineering.

There are no planned immediate changes with how this pertains to my
roles within the Project and the various teams of which I am a member.

FreeBSD 11.3 and 12.1 will continue as previously scheduled, with no
impact as a result of this change.

I want to thank everyone at the FreeBSD Foundation for providing the
opportunity to serve the FreeBSD Project in my various roles, and their
support for my decision.

I look forward to continue supporting the FreeBSD Project in my various
roles moving forward.

Glen
Read more Also: FreeBSD's Release Engineering Lead Departs The Foundation

There's A Professional Grade Digital Cinema Camera Powered By Linux

Digital camera startup Octopus Cinema has been designing the "OCTOPUSCAMERA" as a digital cinema camera that's professional grade yet is an open platform with removable/upgradeable parts and this camera platform itself is running Linux. The OCTOPUSCAMERA supports up to 5K full frame recording, weighs less than 1kg, and is powered by Linux. It's a rather ambitious device and they aim to be shipping in 2020. Read more Also: Old Linus Torvalds is back: Linux page caching sparks 'bulls**t' outburst [Ed: Anti-Linux writers of the CBS tabloid ZDNet are mobbing Torvalds into silence again]

Android Leftovers