Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Krebs Goes Down, Opera Gets a VPN & More…

    Krebs on Security in record DDOS attack: Everybody’s go-to site for news and views of security issues, has been temporarily knocked offline in a DDOS attack for the record books. We first heard about the attack on Thursday morning after Brian Krebs reported that his site was being hit by as much as 620 Gbs, more than double the previous record which was considered to be a mind-blower back in 2013 when the anti-spam site Spamhaus was brought to its knees.

    Security sites such as Krebs’ that perform investigative research into security issues are often targets of the bad guys. In this latest case, Ars Technica reported the attack came after Krebs published the identity of people connected with vDOS, Israeli black hats who launched DDOS attacks for pay and took in $600,000 in two years doing so. Akamai had been donating DDoS mitigation services to Krebs, but by 4 p.m. on the day the attack began they withdrew the service, motivated by the high cost of defending against such a massive attack. At this point, Krebs decided to shut down his site.

  • Upgrade your SSH keys!

    When generating the keypair, you're asked for a passphrase to encrypt the private key with. If you will ever lose your private key it should protect others from impersonating you because it will be encrypted with the passphrase. To actually prevent this, one should make sure to prevent easy brute-forcing of the passphrase.

    OpenSSH key generator offers two options to resistance to brute-force password cracking: using the new OpenSSH key format and increasing the amount of key derivation function rounds. It slows down the process of unlocking the key, but this is what prevents efficient brute-forcing by a malicious user too. I'd say experiment with the amount of rounds on your system. Start at about 100 rounds. On my system it takes about one second to decrypt and load the key once per day using an agent. Very much acceptable, imo.

  • Irssi 0.8.20 Released
  • What It Costs to Run Let's Encrypt

    Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting.

    Let’s Encrypt will require about $2.9M USD to operate in 2017. We believe this is an incredible value for a secure and reliable service that is capable of issuing certificates globally, to every server on the Web free of charge.

    We’re currently working to raise the money we need to operate through the next year. Please consider donating or becoming a sponsor if you’re able to do so! In the event that we end up being able to raise more money than we need to just keep Let’s Encrypt running we can look into adding other services to improve access to a more secure and privacy-respecting Web.

  • North Korean DNS Leak reveals North Korean websites

    One of North Korea’s top level DNS servers was mis-configured today (20th September 2016) accidentally allowing global DNS zone transfers. This allowed anyone who makes a zone transfer request (AXFR) to retrieve a copy of the nation’s top level DNS data.

    [...]

    This data showed there are 28 domains configured inside North Korea, here is the list:

    airkoryo.com.kp
    cooks.org.kp
    friend.com.kp
    gnu.rep.kp
    kass.org.kp
    kcna.kp
    kiyctc.com.kp
    knic.com.kp
    koredufund.org.kp
    korelcfund.org.kp
    korfilm.com.kp
    ma.gov.kp
    masikryong.com.kp
    naenara.com.kp
    nta.gov.kp
    portal.net.kp
    rcc.net.kp
    rep.kp
    rodong.rep.kp
    ryongnamsan.edu.kp
    sdprk.org.kp
    silibank.net.kp
    star-co.net.kp
    star-di.net.kp
    star.co.kp
    star.edu.kp
    star.net.kp
    vok.rep.kp

  • Yahoo’s Three Hacks

    As a number of outlets have reported, Yahoo has announced that 500 million of its users’ accounts got hacked in 2014 by a suspected state actor.

    But that massive hack is actually one of three interesting hacks of Yahoo in recent years.

Security News

Filed under
Security
  • Friday's security updates
  • Impending cumulative updates unnerve Windows patch experts

    Microsoft's decision to force Windows 10's patch and maintenance model on customers running the older-but-more-popular Windows 7 has patch experts nervous.

    "Bottom line, everyone is holding their breath, hoping for the best, expecting the worst," said Susan Bradley in an email. Bradley is well known in Windows circles for her expertise on Microsoft's patching processes: She writes on the topic for the Windows Secrets newsletter and moderates the PatchMangement.org mailing list, where business IT administrators discuss update tradecraft.

  • Yahoo is sued for gross negligence over huge hacking

    Yahoo Inc (YHOO.O) was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts.

    The lawsuit was filed in the federal court in San Jose, California, one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a "state-sponsored actor."

    Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages.

    A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation.

  • Yahoo faces questions after hack of half a billion accounts

    Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers.

    Details, including names, email addresses, phone numbers and security questions were taken from the company’s network in late 2014. Passwords were also taken, but in a “hashed” form, which prevents them from being immediately re-used, and the company believes that financial information held with it remains safe.

IPFire 2.19 - Core Update 105 released

Filed under
GNU
Linux
Security

This is the official release announcement for IPFire 2.19 – Core Update 105 which patches a number of security issues in two cryptographic libaries: openssl and libgcrypt. We recommend installing this update as soon as possible and reboot the IPFire system to complete the update.

Read more

Security News

Filed under
Security
  • A pile of security updates for Thursday
  • What this Yahoo data breach means for you

    On Thursday afternoon Yahoo confirmed a massive data leak of at least 500 million user accounts, which is a very big deal.

    Though the data breach obviously spells trouble for those with YahooMail accounts, users with hacked accounts need to keep in mind that the breach goes so much further.

    Yahoo owns a bunch of other major sites like Flickr, Tumblr and fantasy football site Rivals.com, which means the 500 million users affected by the data breach also have to worry about their personal information associated with all additional Yahoo services.

  • Hackers now have a treasure trove of user data with the Yahoo breach
  • Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

    Hackers strongly believed to be state-sponsored swiped account records for 500 million Yahoo! webmail users. And who knew there were that many people using its email?

    The troubled online giant said on Thursday that the break-in occurred in late 2014, and that names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, were lifted.

    This comes after a miscreant calling themselves Peace was touting copies of the Yahoo! account database on the dark web. At the time, in early August, Yahoo! said it was aware of claims that sensitive information was being sold online – and then today, nearly two months later, it alerted the world to the embarrassing security breach.

  • Brian Krebs' blog banged in bloody massive DDoS

    YOU KNOW that Brian Krebs guy? Well, his website has been hit with a huge denial-of-service (DDoS) attack that he couldn't handle on his own.

    Krebs is that security guy. He is bound to have some enemies out there, so we expect that sooner or later someone will take the credit for ruining the pathway to his pages.

    For now we have Krebs to explain what happened and who helped him deal with it. The short version is that there was great big whack of an attack on him, and that he needed assistance from security firm Akamai.

Security Fallacies

Filed under
Security
  • Matthew Garrett Explains How to Increase Security at Boot Time [Ed: Microsoft apologist Matthew Garrett is promoting UEFI again, even after the Lenovo debacle]

    Security of the boot chain is a vital component of any other security solution, said Matthew Garrett of CoreOS in his presentation at Linux Security Summit. If someone is able to tamper with your boot chain then any other security functionality can be subverted. And, if someone can interfere with your kernel, any amount of self-protection the kernel might have doesn’t really matter.

    “The boot loader is in a kind of intermediate position,” Garrett said. It can modify the kernel before it passes control to it, and then there’s no way the kernel can verify itself once it’s running. In the Linux ecosystem, he continued, the primary protection in the desktop and server space is UEFI secure boot, which is a firmware feature whereby the firmware verifies a signature on the bootloader before it executes it. The bootloader in turn verifies a signature on the next step of the boot process, and so on.

  • Is open source security software too much of a risk for enterprises? [Ed: inverses the truth; proprietary software has secret back doors that cannot be found and patched]

    Although free, there are many institutions that are reluctant to use open source software, for obvious reasons. Using open source software that is not controlled by the enterprise -- in production environments and in mission-critical applications -- introduces risks that could be detrimental to the basic tenants of cybersecurity, such as confidentiality, integrity and availability. This includes open source security software like the tools Netflix uses.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • Why we should just simply call ourselves Hackers

    Developers, Programmers, Engineers, Code Artists, Coders, Codesmiths, Code Warriors, Craftsmen … these are currently the labels we use to explain our profession. One can get an idea of how this can appear confusing to the outsider.

    Computers can enrich our lives, give focus, amplify our adventures, gauge our science and grow our business. Right now computing is being embedded into everything and it is now more than ever that we need to redefine our role and show. some. fucking. solidarity.

    Rather than confusing pre-existing labels and shoe-horning them to our profession, which makes use of synthetic intelligence more than any, I propose that we call ourselves Hackers instead of the myriad other ways.

  • Germany surveys cyber-attacks

    Germany’s Federal Office for Information Security (BSI) has launched a survey to obtain information about actual cyber-attacks on business and government, to assess potential risks, and to determine protective measures. The study should result in new ICT security recommendations.

FOSS in Government (US and UK)

Filed under
OSS
Security
  • Dear The Sun: we need to talk about your understanding of open source

    I want to talk to you about this article, and the claims it makes about open source software. I would have liked to chat to your cited expert, whom you’ve listed only as Neil Doyle. Sadly, the article fails to specify his area of expertise and both messages and emails to author Ryan Sabey asking for further information have gone unanswered. So I’m responding to it here, supported by some brilliant, contactable experts in security and open source.

    After sitting open-mouthed at the misinformation in this article for some time, I began to reach out to fellow tech experts to see if they felt the same. I first contacted Dr. Jessica Barker, the independent cybersecurity authority behind cyber.uk. I asked if she could address the concerns you raised that use of open source software in the public sector would pose security risks.

    [...]

    “The Sun seems to be implying that open source software is more vulnerable to attack than closed source, which is a sweeping misunderstanding that fails to take the complex nature of cybersecurity into account.

    Both open source and closed source software can be vulnerable to exploit, however these vulnerabilities are arguably more likely to be discovered in open source rather than closed source software as more people (including security researchers) are able to look at it. By its nature, it is publicly available and so it’s harder to hide malicious vulnerabilities”.

  • DOD Aims to Make Cybersecurity a Fundamental Part of Its Tech Mission
  • The Department of Software?

    Well-developed software can make or break modern weapons systems. Software problems initially hindered F-35 production, for example. The Department of Defense (DOD) set up a Digital Service team last year to help the military solve its information technology problems. Future work on autonomous systems will heavily rely on software development. Most importantly, the DOD will have to protect its own data. To improve the DOD’s use of software, the Center for a New American Security (CNAS) looked at how the Pentagon could better use “open source software.” While the DOD uses some open source software, its full utilization for military software development will require deeper changes to how the DOD approaches code.

  • John Weathersby: Selling Open Source to the Federal Government

    John Weathersby founded and ran the Open Source Software Institute to “promote the development and implementation of open source software solutions within U.S. federal, state, and local government agencies.” A worthy goal!

    But why stick to nothing but software? In 2014, Weathersby founded The Open Technology Center at Camp Shelby Joint Forces Training Center (in Mississippi), which is a “non-profit research and development entity sponsored by the Mississippi National Guard and U.S. Department of Homeland Security whose mission is to innovate and integrate open source software technologies for use within national defense and security organizations.”

    The OTC is doing some neat stuff, ranging from autonomous vehicles to making it easier for local governments to request, receive, and account for disaster recovery funds in the wake of an emergency. It’s all good! And it’s all about open source, which is why it’s worth listening to what Weathersby has to say.

Security Leftovers

Filed under
Security
  • DDoS attacks: For the hell of it or targeted – how do you see them off?

    Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative.

    DDoS attacks can be massive, in some cases reaching hundreds of Gbits/sec, but those mammoths are relatively rare. For the most part, attackers will flood companies with around 1 Gbit/sec of traffic or less. They’re also relatively short affairs, with most attacks lasting 30 minutes or less. This enables attackers to slow down computing resources or take them offline altogether while flying under the radar, making it especially difficult for companies to detect and stop them.

  • IoT and a new type of threat for Linux

    Linux has played a significant role in establishing IoT devices as increasingly important parts of our everyday lives, both at home and in the enterprise. Linux based OSes make it easy for developers to create applications that can run on anything, from a fridge to a car, and as a result 73 percent of IoT developers use Linux to run applications on.

    Now, however, questions of security are arising. With IoT gesturing in a brave new world of connected devices, businesses must cope with a greater number of entry points and vulnerabilities, with security the top concern in the industry.

    By placing such a burden on Linux’s security capabilities, there are now real fears that IoT devices will be left exposed and businesses will pay the price.

  • NIST Seeks Comments on Cybersecurity Reports

    The US National Institute of Standards and Technology (NIST) has recently issued two draft reports on cybersecurity issues of interest to industrial IoT users, and is seeking industry comment before making their final revisions. One report describes the proposed manufacturing profile for NIST's Cybersecurity Framework. The other addresses cryptography standards and practices for resource-constrained processors.

    Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, NIST created in 2014 a voluntary Cybersecurity Framework, which is a compendium of industry standards and best practices to help organizations manage cybersecurity risks. Created through collaboration between government and the private sector, the Framework helps guide cybersecurity activities and encourages organizations to consider cybersecurity risks as part of their risk management processes. Profiles, a key element of the Framework, help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. A profile is intended both to help identify opportunities for improving cybersecurity as well as providing a touchstone to compare against in order to prioritize process improvement activities.

  • Hackers Able To Control Tesla S Systems From Twelve Miles Away

    Over the last few years, we've well documented the abysmal security in the internet of things space. And while refrigerators that leak your Gmail credentials are certainly problematic, the rise in exploitable vehicle network security is exponentially more worrying. Reports emerge almost monthly detailing how easy it is for hackers to bypass vehicle security, allowing them to at best fiddle with in-car systems like air conditioning, and at worst take total control of a compromised vehicle. It's particularly problematic given these exploits may take years to identify and patch.

Security News

Filed under
Security
  • Bug that hit Firefox and Tor browsers was hard to spot—now we know why

    As a result, the cross-platform, malicious code-execution risk most recently visited users of browsers based on the Firefox Extended Release on September 3 and lasted until Tuesday, or a total of 17 days. The same Firefox version was vulnerable for an even longer window last year, starting on July 4 and lasting until August 11. The bug was scheduled to reappear for a few days in November and for five weeks in December and January. Both the Tor Browser and the production version of Firefox were vulnerable during similarly irregular windows of time.

  • Florida Man Charged With Hacking Linux Servers

    Donald Ryan Austin of South Florida has been arrested on charges of hacking into the networks of Linux Kernel Organization and Linux Foundation and installing malicious software. A US Department of Justice (DoJ) release said Austin, who is a computer programmer, is now out on bail and could face a maximum sentence of 10 years if convicted.

    According to the indictment, Austin stole the credentials of an employee to break into the Linux networks and installed rootkit and Trojan software apart from altering the servers. He has been charged with four counts of deliberate damage to a protected computer.

  • Why do hackers prefer Linux?

    Linux has much to offer any computer user, but it has proven to be particularly popular with hackers. A writer at The Merkle recently considered the reasons why hackers have so much love for Linux.

  • How To Get “Hollywood Hacker Feel” In Your Linux Command Line?

    A developer has created a command line utility which can give you the feel of Hollywood movie hacker. His tool replicates the decrypting text seen from the 1992 hacker movie Sneakers. The code is freely available on his GitHub page.

Security News

Filed under
Security
  • Security updates for Tuesday
  • Aid Security Incident Statistics: 18-month trends based on open source reported events affectng aid infrastructure (December 2014 to May 2016)
  • Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt

    s recently as just a few years ago, I hosted my personal website, VPN, and personal email on a computer running OpenBSD in my basement. I respected OpenBSD for providing a well-engineered, no-nonsense, and secure operating system. But when I finally packed up that basement computer, I moved my website to an inexpensive cloud server running Linux instead.

    Linux was serviceable, but I really missed having an OpenBSD server. Then I received an email last week announcing that the StartSSL certificate I had been using was about to expire and realized I was facing a tedious manual certificate replacement process. I decided that I would finally move back to OpenBSD, running in the cloud on Vultr, and try the recently-imported acme-client (formerly “letskencrypt”) to get my HTTPS certificate from the free, automated certificate authority Let’s Encrypt.

  • iPhone passcode bypassed with NAND mirroring attack

    Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist.

    Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards."

    In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement.

    The attack works by cloning the iPhone's flash memory chip. iPhones generally allow users six attempts to guess a passcode before locking them out for incrementally longer periods of time; by the complex process of taking the phone apart, removing its memory chip, and then cloning it, an attacker is able to have as many clusters of six tries as they have the patience to make fresh clones. Skorobogatov estimates that each run of six attempts would take about 45 seconds, meaning that it would take around 20 hours to do a full cycle of all 10,000 passcode permutations. For a six-digit passcode, this would grow to about three months—which he says might still be acceptable for national security.

  • Seagate NAS hack should scare us all

    No fewer than 70 percent of internet-connected Seagate NAS hard drives have been compromised by a single malware program. That’s a pretty startling figure. Security vendor Sophos says the bitcoin-mining malware Miner-C is the culprit.

Syndicate content

More in Tux Machines

Networking and Security

  • FAQ: What's so special about 802.11ad Wi-Fi?
    Here are the broad strokes about 802.11ad, the wireless technology that’s just starting to hit the market.
  • 2.5 and 5 Gigabit Ethernet Now Official Standards
    In 2014, multiple groups started efforts to create new mid-tier Ethernet speeds with the NBASE-T Alliance starting in October 2014 and MGBASE-T Alliance getting started a few months later in December 2014. While those groups started out on different paths, the final 802.3bz standard represents a unified protocol that is interoperable across multiple vendors. The promise of 2.5 and 5 Gbps Ethernet is that they can work over existing Cat5 cabling, which to date has only been able to support 1 Gbps. Now with the 802.3bz standard, organizations do not need to rip and replace cabling to get Ethernet that is up to five times faster. "Now, the 1000BASE-T uplink from the wireless to wired network is no longer sufficient, and users are searching for ways to tap into higher data rates without having to overhaul the 70 billion meters of Cat5e / Cat6 wiring already sold," David Chalupsky, board of directors of the Ethernet Alliance and Intel principal engineer, said in a statement. "IEEE 802.3bz is an elegant solution that not only addresses the demand for faster access to rapidly rising data volumes, but also capitalizes on previous infrastructure investments, thereby extending their life and maximizing value."
  • A quick fix for stupid password reset questions
    It didn’t take 500 million hacked Yahoo accounts to make me hate, hate, hate password reset questions (otherwise known as knowledge-based authentication or KBA). It didn't help when I heard that password reset questions and answers -- which are often identical, required, and reused on other websites -- were compromised in that massive hack, too. Is there any security person or respected security guidance that likes them? They are so last century. What is your mother’s maiden name? What is your favorite color? What was your first pet’s name?
  • French hosting provider hit by DDoS close to 1TBps
    A hosting provider in France has been hit by a distributed denial of service attack that went close to one terabyte per second. Concurrent attacks against OVH clocked in at 990GBps. The attack vector is said to be the same Internet-of-Things botnet of 152,464 devices that brought down the website of security expert Brian Krebs. OVH chief technology officer Octave Klaba tweeted that the network was capable of attacks up to 1.5TBps.
  • Latest IoT DDoS Attack Dwarfs Krebs Takedown At Nearly 1Tbps Driven By 150K Devices
    If you thought that the massive DDoS attack earlier this month on Brian Krebs’ security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these types devices' network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks.

Android Leftovers

  • Goodbye QWERTY: BlackBerry stops making hardware
    BlackBerry CEO John Chen has been hinting at this move for almost a year now: today BlackBerry announced it will no longer design hardware. Say goodbye to all the crazy hardware QWERTY devices, ultra-wide phones, and unique slider designs. Speaking to investors, BlackBerry CEO John Chen described the move as a "pivot to software," saying, "The company plans to end all internal hardware development and will outsource that function to partners. This allows us to reduce capital requirements and enhance return on invested capital." The "Outsourcing to partners" plan is something we've already seen with the "BlackBerry" DTEK50, which was just a rebranded Alcatel Idol 4. Chen is now betting the future of the company on software, saying, "In Q2, we more than doubled our software revenue year over year and delivered the highest gross margin in the company's history. We also completed initial shipments of BlackBerry Radar, an end-to-end asset tracking system, and signed a strategic licensing agreement to drive global growth in our BBM consumer business." BlackBerry never effectively responded to the 2007 launch of the iPhone and the resulting transition to modern touchscreen smartphones. BlackBerry took swings with devices like the BlackBerry Storm in 2008, its first touchscreen phone; and the BlackBerry Z10 in 2013, the first BlackBerry phone with an OS designed for touch, but neither caught on. BlackBerry's first viable competitor to the iPhone didn't arrive until it finally switched to Android in 2015 with the BlackBerry Priv. It was the first decent BlackBerry phone in some time, but the high price and subpar hardware led to poor sales.
  • Oracle's 'Gamechanger' Evidence Really Just Evidence Of Oracle Lawyers Failing To Read
    Then on to the main show: Oracle's claim that Google hid the plans to make Android apps work on Chrome OS. Google had revealed to Oracle its "App Runtime for Chrome" (ARC) setup, and it was discussed by Oracle's experts, but at Google I/O, Google revealed new plans for apps to run in Chrome OS that were not using ARC, but rather a brand new setup, which Google internally referred to as ARC++. Oracle argued that Google only revealed to them ARC, but not ARC++ and that was super relevant to the fair use argument, because it showed that Android was replacing more than just the mobile device market for Java. But, here's Oracle's big problem: Google had actually revealed to Oracle the plans for ARC++. It appears that Oracle's lawyers just missed that fact. Ouch.
  • Understanding Android's balance between openness and security
    At the 2016 Structure Security conference, Google's Adrian Ludwig talked about the balance between keeping Android as open as possible, while also keeping it secure.
  • Google's Nougat Android update hits the sweet spot: Software 'isn't flashy, but still pretty handy'
    Nougat, Google's latest update of its Android smartphone software, isn't particularly flashy; you might not even notice what's different about it at first. But it offers a number of practical time-saving features, plus a few that could save money — and perhaps even your life. Nougat is starting to appear on phones, including new ones expected from Google next week.
  • How to change the home screen launcher on Android
  • Andromeda: Chrome OS and Android will merge
  • Sale of Kodi 'fully-loaded' streaming boxes faces legal test
  • Android boxes: Middlesbrough man to be first to be prosecuted for selling streaming kits

Endless OS 3.0 is out!

So our latest and greatest Endless OS is out with the new 3.0 version series! The shiny new things include the use of Flatpak to manage the applications; a new app center (GNOME Software); a new icon set; a new Windows installer that gives you the possibility of installing Endless OS in dual-boot; and many bug fixes. Read more

Expandable, outdoor IoT gateway runs Android on i.MX6

VIA’s “Artigo A830” IoT gateway runs Android on an i.MX6 DualLite SoC and offers HDMI, GbE, microSD, numerous serial and USB ports, plus -20 to 60° operation. As the name suggests, the VIA Technologies Artigo A830 Streetwise IoT Platform is designed for outdoor Internet of Things gateway applications. These are said to include smart lockers, vending machines, information kiosks, and signage devices that run “intensive multimedia shopping, entertainment, and navigation applications.” The outdoors focus is supported with an extended -20 to 60°C operating range, as well as surge and ESD protection for surviving challenges such as a nearby lightning strike. Read more