Language Selection

English French German Italian Portuguese Spanish

Security

Security and FUD: Updates, Keeper, WireGuard and Concerns About 2038

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, mariadb-100, openssl, php5, python, rsyslog, and texlive-filesystem). 

  • Keeper – A Robust, Security-Centric Password Manager [Ed: This 'article' from FOSSmint (not FOSS) is referral SPAM. Proprietary software promoted for a fee. This -- yes, this -- is what kills journalism.]

    We’ve covered several password managers over the years with popular names like RememBear, Buttercup, Pass, and Enpass, and I am happy about the positive feedback from readers over the years.

    Today, I would like to introduce you to a strong password generator and security-centric manager application and it goes by the convenient name of Keeper.

    Keeper is a top-rated freemium password manager designed to provide personal users, families, students, and businesses with a reliable application for generating strong passwords as well as storing them while ensuring protection from cyberthreats and password-related data breaches.

  • WireGuard – A Fast, Modern and Secure VPN Tunnel for Linux

    WireGuard is a modern, secure, cross-platform and general-purpose VPN implementation that uses state-of-the-art cryptography. It aims to be speedy, simpler, leaner and more functional than IPsec and it intends to be more performant than OpenVPN.

    It is designed for use in various circumstances and can be deployed on embedded interfaces, fully loaded backbone routers, and supercomputers alike; and runs on Linux, Windows, macOS, BSD, iOS, and Android operating systems.

    It presents an extremely basic yet powerful interface that aims to be simple, as easy to configure and deploy as SSH. Its key features include a simple network interface, crypto key routing, built-in roaming and container support.

    Note that at the time of writing, it is under heavy development: some of its parts are working toward a stable 1.0 release, while others are already there (working fine).

  • Modern Computers Might Stop Working on January 19, 2038

    Nearly every computer in the history of computers keep time using a 32-bit integer, counting forward from 00:00:00 UTC on the 1st of January 1970, referred to as the epoch. This instant of time was set as the standard for modern computing systems, but there's a major problem. Seven seconds after 3:14 am UTC on the 19th of January 2038, the 32-bit integer storing this time data will run out of positions.

    The problem is similar to the Y2K issue where a 2-digit value could no longer be used to encode the years 2000 or later, but different in that this 32-bit bug is related to Unix-like systems and the Unix time format.

    These similarities to the Y2K bug have widely lead to the 2038 problem being known as the Unix Millennium Bug.

    [...]

    Embedded systems like those in cars and appliances are designed to last the lifecycle of the device without a software update. Connected electronics can be quickly fixed with a software update when the time comes, but these embedded systems will likely wreak the most havoc in 2038 since most won't be updated.

    One option is to change the data storage system of the 32-bit integer to an unsigned 32-bit integer. This would theoretically allow for date storage all the way to 2106, but any system that used a date prior to 1970 would run into issues accessing this data.

    If we increased the data storage to 64-bit, we would run into compatibility storage issues between older systems that only use 32-bit data storage.

    There's no current universal solution to the problem and even the most widely accepted fixes still have bugs in certain usage areas. There is positive news at the end of this.

Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty

Filed under
OSS
Security

The recent security scandal around WhatsApp and access to the content of private groups shows that there is an urgent need for action with regard to secure communication.
Links to private chat groups in the proprietary WhatsApp messenger can be used to show the communication and private data of group members, even if you are not a member. The links could be found on various search engines. Even if they are removed from search results, links still work and give access to private group communication. Among these groups are also administrations like civil servants of the Indonesian Ministry of Finance. This case shows again that digital sovereignty is crucial for states and administrations. The security breach was first reported by Deutsche Welle.

In order to establish trustworthy and secure communication, governments need to strengthen interoperable Free Software solutions using Open Standards and enable decentralisation. This helps administrations as well as individuals to protect their privacy and empowers them to have control of the technology they use. The software is already in place and was used by most of the internet users before Google and Facebook joined the market: XMPP! This open protocol, also known as Jabber, has been developed by the Free Software community since 1999. Thanks to Open Standards it is possible to communicate with people who use a completely different client software and XMPP server. You are even able to communicate with other services like ICQ or AIM - some might remember. XMPP has also been used by tech enterprises like Facebook and Google for their chat systems, but both eventually switched to isolated proprietary solutions, so XMPP has been forgotten by many users.

Read more

Security, Proprietary Software and Openwashing

Filed under
Software
Security
  • Linux 4.4.215 / 4.9.215 / 4.14.172 / 5.5.7 Kernels Bringing Intel KVM Security Fix

    A few days back we reported on a security vulnerability within Intel's KVM virtualization code for the Linux kernel. That vulnerability stems from unfinished kernel code and was fixed for Linux 5.6 Git and is now being back-ported to the 4.4 / 4.9 / 4.14 / 5.5 supported kernels.

    Back on Monday when the CVE-2020-2732 patches first came to light, little was publicly known about the issue but that it stemmed from incomplete code in the vmx_check_intercept functionality in not checking all possible intercepts and in turn could end up emulating instructions that should be disabled by the hypervisor.

  • Let's Encrypt Has Issued a Billion Certificates

    We issued our billionth certificate on February 27, 2020. We’re going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event. In particular, we want to talk about what has happened since the last time we talked about a big round number of certificates - one hundred million.

    One thing that’s different now is that the Web is much more encrypted than it was. In June of 2017 approximately 58% of page loads used HTTPS globally, 64% in the United States. Today 81% of page loads use HTTPS globally, and we’re at 91% in the United States! This is an incredible achievement. That’s a lot more privacy and security for everybody.

    Another thing that’s different is that our organization has grown a bit, but not by much! In June of 2017 we were serving approximately 46M websites, and we did so with 11 full time staff and an annual budget of $2.61M. Today we serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M. This means we’re serving more than 4x the websites with only two additional staff and a 28% increase in budget. The additional staff and budget did more than just improve our ability to scale though - we’ve made improvements across the board to provide even more secure and reliable service.

    Nothing drives adoption like ease of use, and the foundation for ease of use in the certificate space is our ACME protocol. ACME allows for extensive automation, which means computers can do most of the work. It was also standardized as RFC 8555 in 2019, which allows the Web community to confidently build an even richer ecosystem of software around it. Today, thanks to our incredible community, there is an ACME client for just about every deployment environment. Certbot is one of our favorites, and they’ve been working hard to make it even easier for people to use.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: Sophos citing itself, hyping up the threat is installing malicious software on one's own server]

    SophosLabs has just published a detailed report about a malware attack dubbed Cloud Snooper.

    The reason for the name is not so much that the attack is cloud-specific (the technique could be used against pretty much any server, wherever it’s hosted), but that it’s a sneaky way for cybercrooks to open up your server to the cloud, in ways you very definitely don’t want, “from the inside out”.

    The Cloud Snooper report covers a whole raft of related malware samples that our researchers found deployed in combination.

  • OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems [Ed: It is this package, not the operating systems (GNU/Linux rarely uses this)]

    A critical vulnerability has been discovered in the OpenBSD email server OpenSMTPD. Exploiting the flaw could allow remote code execution attacks. The seriousness of the vulnerability poses a threat to the integrity of OpenBSD and Linux systems.

  • A billion Wi-Fi devices suffer from a newly discovered security fla

    More than a billion internet-connected devices—including Apple's iPhone and Amazon's Echo—are affected by a security vulnerability that could allow [attackers] to spy on traffic sent over Wi-Fi.

  • New ‘Haken’ Malware Found On Eight Apps In Google Play Store

    Eight apps – mostly camera utilities and children’s games – were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.

  •                            

  • What does it take to commit to 100% open source?

                                 

                                   

    While experts in the database market in particular agree that open source is becoming the norm, the question remains, just how open is this sector’s open-source software? Can software providers realistically succeed with a company that’s 100% open source? Furthermore, would a proprietary infrastructure software provider with a freemium tier be able to achieve the same benefits as those committing to open source?

                                   

    The short answer is, yes — a proprietary infrastructure software company with a freemium tier could theoretically achieve the same benefits as companies going fully open source. However, it’s important to recognize that it would take a freemium model company a significantly longer period of time for its software to mature to the same level as that of an open-source company. Also, the loss of collaborative development and slower feedback loops would likely lead to a higher probability of the software never achieving market traction and ultimately fading away into oblivion.

  • Mirantis: Balancing Open Source With Guardrails

    Mirantis, an open infrastructure company that rose to popularity with its OpenStack offering, is now moving into the Kubernetes space very aggressively. Last year, the company acquired the Docker Enterprise business from Docker. This week, it announced that they were hiring the Kubernetes experts from the Finnish company Kontena and established a Mirantis office in Finland, expanding the company’s footprint in Europe. Mirantis already has a significant presence in Europe due to large customers such as Bosch and Volkswagen.

IPFire 2.25 - Core Update 142 is available for testing

Filed under
GNU
Linux
Security

Only days after finally releasing our new DNS stack in IPFire 2.25 - Core Update 141, we are ready to publish the next update for testing: IPFire 2.25 - Core Update 142.

This update comes with many features that massively improve the security and hardening of the IPFire operating system. We have also removed some more components of the systems that are no longer needed to shrink the size of the operating system on disk.

We have a huge backlog of changes that are ready for testing in a wider audience. Hopefully we will be able to deliver those to you in a swift series of Core Updates. Please help us testing, or if you prefer, send us a donation so that we can keep working on these things.

Read more

Security: Patches, Whonix, IPFire and More

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid). 

  • Whonix VirtualBox 15.0.0.8.9 - Point Release! - vanguards; TCP ISN Leak Protection; Extensive Hardening!

    This is a point release.

    Download Whonix for VirtualBox:

  • Build your career in Computer Forensics: List of Digital Forensic Tools - Part I

    Digital devices are present everywhere and considered to be the primary source of evidence in the case of cybercrime. Out of all the devices, phones and laptops are the top weapons used in cybercrimes. Regardless of who the device belonged to, either the victim or suspect, it offers an abundance of data to investigate the crime. But retrieving evidence from these devices in a secure environment can be very challenging. To overcome the time constraint and other complications, cyber forensic professionals use digital forensic tools.  

  • What are Open Source Security Approaches? With Examples

    Open source security approaches enable organizations to secure their applications and networks while avoiding expensive proprietary security offerings. 

    An open source approach allows organizations to secure their applications across cloud providers and other platforms using platform-agnostic APIs. These APIs are written by contributors to the open source software code while cloud providers may use open source code that allows the open APIs to connect to the cloud.

    Open source approaches, for security or not, also bring in collaboration across an industry. It isn’t just one organization that benefits from a program or technology, but everyone who contributes to and uses it.

    The open source projects and programs used as examples in this article come from two major open source entities: The Linux Foundation and the Cloud Native Computing Foundation (CNCF). The two also work closely together to further the projects under their purview.

  • Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server [Ed: So, if you install malicious software in Linux, due to recklessness or sabotage, it'll do malicious things. How is that a Linux weakness?]

    Whether you’re a Linux user or not, you must have heard the buzzword about the Linux — “Best OS for security.” Well, it is true, but being a computer program, Linux also has some downside that challenges its security.

    Talking about the security risks, recently, SophosLab published a report about a new malware dubbed Cloud Snooper, that can compromise the security of any Linux or other OS based servers by deploying a kernel driver.

  • IPFire on AWS: Update to IPFire 2.25 - Core Update 141

    Today, we have updated IPFire on AWS to IPFire 2.25 - Core Update 141 - the latest official release of IPFire.

    Since IPFire is available on AWS, we are gaining more and more users who are securing their cloud infrastructure behind an easy to configure, yet fast and secure firewall.

    This update adds the rewritten DNS stack and brings many bug fixes to the cloud.

No More WhatsApp! The EU Commission Switches To ‘Signal’ For Internal Communication

Filed under
OSS
Security

In a move to improve the cyber-security, EU has recommended its staff to use open source secure messaging app Signal instead of the popular apps like WhatsApp.

Signal is an open source secure messaging application with end to end encryption. It is praised by the likes of Edward Snowden and other privacy activists, journalists and researchers. We’ve recently covered it in our ‘open source app of the week‘ series.

Signal is in news for good reasons. The European Union Commissions have instructed its staff to use Signal for public instant messaging.

This is part of EU”s new cybersecurity strategy. There has been cases of data leaks and hacking against EU diplomats and thus policy is being put in place to encourage better security practices.

Read more

Security: Updates, DNS Features in IPFire, Shodan and Canonical's Role in Robot Operating System (ROS 2)

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).

  • What you can do with the new DNS features in IPFire

    Every time you try to access a website - for example ipfire.org - you will ask a DNS server for the IP address to connect to. They won't see anything past "the slash" in the URL, but that is not necessary to know what you probably have in mind to do. That DNS server now knows which bank you are with, where you work, where you do your online shopping, who is hosting your emails and many things more...

    Although this data is not too interesting about one individual, it becomes very relevant when you are looking at many profiles. People who shop at a certain place or are with a certain bank might be high earners. People who shop at another place might have trouble to stay afloat financially. Now I know what advertisements I need to show to which group so that they will become my customers.

    In short, your whole browser history tells a lot about you and you might be giving it away for free to the advertising industry or other parties who will use your data against you.

  • How Shodan Has Been Improved to Help Protect Energy Utilities

    Shodan is a well-known security hacking tool that has even been showcased on the popular Mr. Robot TV show. While Shodan can potentially be used by hackers, it can also be used for good to help protect critical infrastructure, including energy utilities.

    At the RSA Conference in San Francisco, Michael Mylrea, Director of Cybersecurity R&D (ICS, IoT, IIoT) at GE Global Research, led a session titled "Shodan 2.0: The World’s Most Dangerous Search Engine Goes on the Defensive," where he outlined how Shodan has been enabled to help utilities identify risks in critical energy infrastructure. Shodan, to the uninitiated, is a publicly available search engine tool that crawls the internet looking for publicly exposed devices.

    Mylrea explained that utilities are often resource constrained when it comes to cybersecurity and are typically unaware of their risk. In recent years, there have been a number of publicly disclosed incidents involving utilities. To help solve that challenge, Mylrea proposed a project to the US Department of Energy (DoE) to enhance Shodan for utilities so they could use the tool to find risks quickly.

  • Canonical takes leadership role in security for ROS

    Canonical is committed to the future of robotics, as proven a short time ago when we joined the Technical Steering Committee of the second version of the Robot Operating System (ROS 2). We’re also dedicated to building a foundation of enterprise-grade, industry leading security practices within Ubuntu, so we’re excited to join both of these strengths with our own Joe McManus taking the helm of the ROS 2 Security Working Group.

    We believe robots based on Linux are cheaper to develop, more flexible, faster to market, easier to manage, and more secure. While ROS began as an academic project over a decade ago, it has grown to become the most popular middleware for creating Linux-powered robots. It has harnessed the power of open source, allowing for many of the complex problems faced by robotics to be solved through collaboration. The ROS developer community has continued to grow, and ROS now enjoys an increasing amount of commercial use and supported robots. In response, the ROS community has completely overhauled the ROS codebase and started distributing ROS 2.

Red Hat Enterprise Linux 7 and CentOS 7 Receive Important Kernel Security Update

Filed under
Red Hat
Security

The new kernel security update is marked as “Important” by the Red Hat Product Security team and patches two heap overflows (CVE-2019-14816 and CVE-2019-14901) in the Marvell Wi-Fi chip driver.

While CVE-2019-14816 could allow an attacker on the same Wi-Fi physical network segment to cause a denial of service (system crash) or even maybe execute arbitrary code, CVE-2019-14901is more dangerous as it lets a remote attacker crash the system or execute arbitrary code.

Read more

Security, FUD, Openwashing and Threats

Filed under
Server
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

  • New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros [Ed: Typical FUD associating "Linux" with a package that GNU/Linux distros do not come with]

    Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system.

  • New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers [Ed: Again attributing to operating systems bugs in pertinent packages they may not even have]

    OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
    OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
    It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

  • Y2K bug has a 2020 echo

    The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

    It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

    [...]

    This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

    Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: They don't want to mention that people actually need to install this malware on GNU/Linux for dangers to become viable. Typical Sophos FUD/sales.]
  • Cybersecurity alliance launches first open source messaging framework for security tools [Ed: Openwash of proprietary software firms]

    Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux [Ed: Truly laughable stuff as Microsoft specialises in adding back doors, then abusing those who speak about it]
  • Azure Sphere, Microsoft's Linux-Powered IoT Security Service, Launches [Ed: Microsoft is Googlebombing "Linux" again; you search for Linux news, you get Microsoft Azure (surveillance) and proprietary malware, instead.]

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).

  • U.S. Government Says Update Chrome 80 As High-Rated Security Flaws Found

    Are you a Google Chrome user? High-rated security vulnerabilities have already been discovered in version 80 of Google Chrome. The Cybersecurity and Infrastructure Security Agency is encouraging Google users to update again just weeks after the Chrome 80 release. Here’s what you need to know.

  • OpenBSD Pwned, Patched Again: Bug is Remotely Exploitable [Ed: Misleading. This is about OpenSMTPD.]

    There’s a fresh remote code execution (RCE) vulnerability in OpenSMTPD, and by extension in OpenBSD. Yes, it feels like déjà vu all over again.

    The severity of the vulnerability, CVE-2020-8794, means that anyone running a public-facing OpenSMTPD deployments should update as soon as possible.

    OpenBSD’s developers describe the issue as a “an out of bounds read in smtpd [that] allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.”

  • Kali Linux explained: A pentester’s toolkit

    Kali Linux is the world's most popular offensive-security-optimized Linux distro. Maintained and managed by the fine folks at Offensive Security, Kali was born in 2006 as BackTrack Linux, but after a major refactoring in 2013 got the name Kali. What does the name mean? Well, we'll get to that.

  • Police to get right to use spyware in serious crime investigations

    The new bill, that will allow the police to use trojans or virus programmes to tap into the chats, is expected to be voted through parliament on Thursday. Home Affairs Minister Mikael Damberg says he is convinced it will lead to more convictions.

  • McAfee WebAdvisor: From XSS in a sandboxed browser extension to administrator privileges

    A while back I wrote about a bunch of vulnerabilities in McAfee WebAdvisor, a component of McAfee antivirus products which is also available as a stand-alone application. Part of the fix was adding a bunch of pages to the extension which were previously hosted on siteadvisor.com, generally a good move. However, when I looked closely I noticed a Cross-Site Scripting (XSS) vulnerability in one of these pages (CVE-2019-3670).

    Now an XSS vulnerability in a browser extension is usually very hard to exploit thanks to security mechanisms like Content Security Policy and sandboxing. These mechanisms were intact for McAfee WebAdvisor and I didn’t manage to circumvent them. Yet I still ended up with a proof of concept that demonstrated how attackers could gain local administrator privileges through this vulnerability, something that came as a huge surprise to me as well.

Syndicate content

More in Tux Machines

Security and FUD: Updates, Keeper, WireGuard and Concerns About 2038

  • Security updates for Friday

    Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, mariadb-100, openssl, php5, python, rsyslog, and texlive-filesystem). 

  • Keeper – A Robust, Security-Centric Password Manager [Ed: This 'article' from FOSSmint (not FOSS) is referral SPAM. Proprietary software promoted for a fee. This -- yes, this -- is what kills journalism.]

    We’ve covered several password managers over the years with popular names like RememBear, Buttercup, Pass, and Enpass, and I am happy about the positive feedback from readers over the years. Today, I would like to introduce you to a strong password generator and security-centric manager application and it goes by the convenient name of Keeper. Keeper is a top-rated freemium password manager designed to provide personal users, families, students, and businesses with a reliable application for generating strong passwords as well as storing them while ensuring protection from cyberthreats and password-related data breaches.

  • WireGuard – A Fast, Modern and Secure VPN Tunnel for Linux

    WireGuard is a modern, secure, cross-platform and general-purpose VPN implementation that uses state-of-the-art cryptography. It aims to be speedy, simpler, leaner and more functional than IPsec and it intends to be more performant than OpenVPN. It is designed for use in various circumstances and can be deployed on embedded interfaces, fully loaded backbone routers, and supercomputers alike; and runs on Linux, Windows, macOS, BSD, iOS, and Android operating systems. It presents an extremely basic yet powerful interface that aims to be simple, as easy to configure and deploy as SSH. Its key features include a simple network interface, crypto key routing, built-in roaming and container support. Note that at the time of writing, it is under heavy development: some of its parts are working toward a stable 1.0 release, while others are already there (working fine).

  • Modern Computers Might Stop Working on January 19, 2038

    Nearly every computer in the history of computers keep time using a 32-bit integer, counting forward from 00:00:00 UTC on the 1st of January 1970, referred to as the epoch. This instant of time was set as the standard for modern computing systems, but there's a major problem. Seven seconds after 3:14 am UTC on the 19th of January 2038, the 32-bit integer storing this time data will run out of positions. The problem is similar to the Y2K issue where a 2-digit value could no longer be used to encode the years 2000 or later, but different in that this 32-bit bug is related to Unix-like systems and the Unix time format. These similarities to the Y2K bug have widely lead to the 2038 problem being known as the Unix Millennium Bug. [...] Embedded systems like those in cars and appliances are designed to last the lifecycle of the device without a software update. Connected electronics can be quickly fixed with a software update when the time comes, but these embedded systems will likely wreak the most havoc in 2038 since most won't be updated. One option is to change the data storage system of the 32-bit integer to an unsigned 32-bit integer. This would theoretically allow for date storage all the way to 2106, but any system that used a date prior to 1970 would run into issues accessing this data. If we increased the data storage to 64-bit, we would run into compatibility storage issues between older systems that only use 32-bit data storage. There's no current universal solution to the problem and even the most widely accepted fixes still have bugs in certain usage areas. There is positive news at the end of this.

The Chrome Cast 50: Linux on Chromebooks and the future of Chrome OS tablets

This week on The Chrome Cast, we’re exploring a couple seemingly-unconnected ideas that actually tie into one another quite well. First up is the heightened interest in Linux apps on Chrome OS. While we’ve been tracking along with the development of Crostini since before it was actually a thing, it’s been a while since we’ve really dug into what Chromebooks are capable of with Linux. As part of that renewed effort, we’ve launched Command Line, where we are focusing more on what users can do and get done with Linux apps on their Chromebook. Read more Another new show:

  • 2020-02-28 | Linux Headlines

    The Open Source Initiative kicks a co-founder from its mailing lists, OBS faces backlash for receiving support from Facebook Gaming, and Collabora launches its version of LibreOffice for mobile.

Linux-powered module charges up the RISC-V PolarFire SoC

Aries’ “M100PFS” module runs Linux on Microchip’s RISC-V based PolarFire SoC with FPGAs up to 265K LE. Features include up to 8GB LPDDR4, up to 64GB eMMC, and support for up to 16x SERDES lanes. Aries Embedded announced one of the first compute modules equipped with the PolarFire SoC, a Linux-powered, FPGA-enabled RISC-V SoC from Microchip’s Microsemi unit (see farther below). The M100PFS has the same 74 x 42mm footprint as Aries’ similar M100PF module, which is equipped with the PolarFire FPGA without the Linux-ready RISC-V cores. Read more

Android as a Desktop

  • Android-x86 project lets you run Android 9 Pie on a desktop, laptop, or table

    The team at the Android-x86 project Abba released their latest version of an Android based desktop operating system, offering an open source platform that can run Android 9 Pie on a desktop, laptop, or tablet with an Intel or AMD processor. Today the team announced the public release of Android-x86 9.0, the first stable release for Android-x86 9.0 (pie-x86). The prebuilt images are now available to download from Foss Hub and OSDN, check out the links below. The latest release includes support for 32-bit and 64-bit x86 processors, hardware-accelerated graphics with support for OpenGL ES 3.x on Intel, AMD, and NVIDIA GPUs, as well as experimental Vulkan graphics support, together with an optional Taskbar launcher, although you can also use the default Android-style launcher if you prefer. Other supported areas within the Android desktop operating system include WiFi, Bluetooth, Ethernet, camera, audio, and multitouch input.

  • Android-x86 9.0 Offering Android Pie Experience on Computer Released
  • Android is NOT Linux

    Android is NOT Linux Let's go over why Android is nothing like Linux. While it may use a Linux Kernel it is a completely different beast altogether.