Language Selection

English French German Italian Portuguese Spanish

Security

Security News

Filed under
Security
  • Thursday's security updates
  • Why I don’t Use 2048 or 4096 RSA Key Sizes

    I have used non-standard RSA key size for maybe 15 years. For example, my old OpenPGP key created in 2002. With non-standard key sizes, I mean a RSA key size that is not 2048 or 4096. I do this when I generate OpenPGP/SSH keys (using GnuPG with a smartcard like this) and PKIX certificates (using GnuTLS or OpenSSL, e.g. for XMPP or for HTTPS). People sometimes ask me why. I haven’t seen anyone talk about this, or provide a writeup, that is consistent with my views. So I wanted to write about my motivation, so that it is easy for me to refer to, and hopefully to inspire others to think similarily. Or to provoke discussion and disagreement — that’s fine, and hopefully I will learn something.

  • Black Hat Europe: IoT devices can hack phones

    The Internet of things (IoT) has already been used to launch the biggest DDoS attacks ever, but now it represents a potential path for attackers to compromise cell phones.

    Flaws in Belkin WeMo devices - electrical switches, cameras, light bulbs, coffee makers, air purifiers, etc. – enabled Invincea Labs researchers to not only hack into the devices, but to use that access to attack an Android phone running the app that controls the WeMo devices.

    “This is the first instance we’ve seen of IoT hacking something else,” says researcher Scott Tenaglia, who pledges to look for other vulnerable devices that might be abused to carry out similar attacks.

  • Why Light Bulbs May Be the Next Hacker Target

    The so-called Internet of Things, its proponents argue, offers many benefits: energy efficiency, technology so convenient it can anticipate what you want, even reduced congestion on the roads.

    Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.

    Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats and many of the components of the much-ballyhooed “smart home” of the future.

    The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs, according to researchers at the Weizmann Institute of Science near Tel Aviv and Dalhousie University in Halifax, Canada.

  • Microsoft extends EMET end of life date

    Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account.

    EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software.

Security News

Filed under
Security
  • Security advisories for Wednesday
  • ​Linux developers under denial of service attack

    According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, "Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious."

    The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it's being mugged by one of the oldest attacks in the DoS book: a SYN flood.

  • Computer Virus Cripples UK Hospital System [iophk: “dodges naming OS affected…does a lot of victim blaming”]

    Citing a computer virus outbreak, a hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities. The incident came as U.K. leaders detailed a national cyber security strategy that promises billions in cybersecurity spending, new special police units to pursue organized online gangs, and the possibility of retaliation for major attacks.

    In a “major incident” alert posted to its Web site, the National Health Service’s Lincolnshire and Goole trust said it made the decision to cancel surgeries and divert trauma patients after a virus infected its electronic systems on Sunday, October 30.

  • Breaking: NHS Trust crippled by cyberattack [iophk: "again, dodges naming the OS causing the malware"]

    Patients who had a scheduled operation on Tuesday November 1 have been told to presume it has been cancelled, unless they are contacted. A select number of services will continue; inpatients will continue to be looked after and patients who would be at “significant clinical risk should their treatment be delayed”, will also be treated. The trust is apparently reviewing the situation on an hourly basis.

    Few details have been released about the nature of the attack but the shutdown has affected Goole and District Hospital, Scunthorpe General Hospital and Diana, Princess of Wales Hospital.
    Ed Macnair, CEO of CensorNet told SCMagazineUK.com that the “NHS is one of the most advanced in the world in terms of digitisation, which clearly has its benefits, but also increases the impact of a cyber attack. The NHS holds hugely personal information about patients and the consequences of that getting into the wrong hands could be devastating.”

    Independent Security Evaluators (ISE) carried out a study into the cyber-resilience of the US healthcare industry last year, finding that security teams in the healthcare sector overemphasised protection of data and didn't focus on more advanced threats.

  • How Hackers Could Steal Your Cellphone Pictures From Your IoT Crock-Pot

    If you have an internet-connected home appliance, such as a crock-pot, a lightbulb, or a coffee maker, you can control it from the comfort of your smartphone. But a bug in the Android app that controls some of those devices made by a popular manufacturer also allowed hackers to steal all your cellphone photos and even track your movements.

    Security researchers found that the Android app for internet-connected gizmos made by Belkin had a critical bug that let anyone who was on the same network hack the app and get access to the user’s cellphone. This gave them a chance to download all photos and track the user’s position, according to new research by Scott Tenaglia and Joe Tanen, from Invincea Labs.

  • Reproducible Builds: week 79 in Stretch cycle

    Reproducible Debian Hackathon - A small hackathon organized in Boston, USA on December 3rd and 4th. If you are interested in attending, contact Valerie Young - spectranaut in the #debian-reproducible IRC channel on irc.oftc.net.

  • Linux/Moose: Still breathing

    Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can also infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator. In practice, these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate “follows”, “views” and “likes”.

  • Cyber security governance in public, private sectors falls short

    Cybercrime is the second most-reported economic crime in Australia and costs the economy an estimated $17 billion annually, but despite this there are widespread “frailities” in the governance of cyber security among executives in both the public sector and private enterprise, according to a newly published report.

    The survey of Australia's security preparedness by the Macquarie Telecom Group and the National Security College found that there is considerable variation in cyber-risk governance arrangements and an absence of cyber-risk knowledge at the executive/board level.

More Security News

Filed under
Security
  • Microsoft says Russia-linked hackers exploiting Windows flaw [Ed: So it says the back doors it gave the NSA are used by many others]

    Microsoft Corp (MSFT.O) said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks was behind recent cyber attacks that exploited a newly discovered Windows security flaw.

    The software maker said in an advisory on its website there had been a small number of attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear," or APT 28. Microsoft did not identify any victims.

    Microsoft's disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election.

  • Lack of cybersecurity standards leaves election process vulnerable [Ed: Windows in voting machines is a real issue [1, 2]]

    Hackers continue to exploit vulnerabilities in the U.S. political technology, highlighting the need for cybersecurity standards and guidelines to help protect voter information.

  • Windows zero-day exploited by same group behind DNC hack

    On Oct. 31, Google's Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks.

    Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign. And while a patch is on the way for the vulnerability, he encouraged customers to upgrade to Windows 10 for protection from further advanced threats.

  • How DNS Works: A Primer

    DNS has been in the news a great deal as of late. First, there was the controversy over the United States government essentially handing over control of the Internet's root domain naming system. Then DNS made headlines when cybercriminals performed three separate distributed denial of service (DDoS) attacks on a major DNS service provider by leveraging a botnet army of millions of compromised IoT devices. Yet with all the hoopla surrounding DNS, it surprises me how many IT pros don't fully understand DNS and how it actually works.

    DNS stands for Domain Name System. Its purpose is to resolve and translate human-readable website names to IPv4 or IPv6 addresses. Technically speaking, it's not a necessary part of the networking processes. Rather, DNS simply makes it easier for human beings to know and remember what server they are trying to reach. For example, it's much easier to remember that if you want to perform an internet web search, you type in www.google.com as opposed to the IPv4 address of 216.58.217.4.

IPFire 2.19 Linux Firewall Distribution Switches to Unbound as DNS Proxy

Filed under
GNU
Linux
Security

On the first day of November 2016, Michael Tremer from the IPFire project, an open source, professional, secure and hardened Linux-based firewall distribution, proudly announced the release of IPFire 2.19 Core Update 106.

IPFire 2.19 Core Update 106 is the latest stable release of the Linux firewall OS, and it looks like it implements a new DNS proxy, namely Unbound, which replaces the Dnsmasq DNS forwarder and DHCP server used in previous releases. The decision was made because of the recent DNSSEC implementation by default in the distribution, which proves to offer better DNSSEC reliability, enhanced features, such as import of static leases, and improved performance.

Read more

Security News

Filed under
Security
  • Security updates for Tuesday
  • Let's Automate Let's Encrypt

    HTTPS is a small island of security in this insecure world, and in this day and age, there is absolutely no reason not to have it on every Web site you host. Up until last year, there was just a single last excuse: purchasing certificates was kind of pricey. That probably was not a big deal for enterprises; however, if you routinely host a dozen Web sites, each with multiple subdomains, and have to pay for each certificate out of your own dear pocket—well, that quickly could become a burden.

    Now you have no more excuses. Enter Let's Encrypt a free Certificate Authority that officially left Beta status in April 2016.

    Aside from being totally free, there is another special thing about Let's Encrypt certificates: they don't last long. Currently all certificates issued by Let's Encrypt are valid for only 90 days, and you should expect that someday this term will become even shorter. Although this short lifespan definitely creates a much higher level of security, many people consider it as an inconvenience, and I've seen people going back from using Let's Encrypt to buying certificates from commercial certificate authorities for this very reason.

  • Aporeto Announces Trireme, an Open-Source Security Project for Kubernetes and Docker
  • Trireme Open-Source Security Project Debuts for Kubernetes, Docker

    Network isolation isn't the only way to secure application containers anymore, so Aporeto unveils a new security model for containers running in Docker or as part of Kubernetes cluster.
    Dimitri Stiliadis co-founded software-defined networking (SDN) vendor Nuage Networks in 2011 in a bid to help organizations improve agility and security via network isolation. In the container world, however, network isolation alone isn't always enough to provide security, which is why Stiliadis founded Aporeto in August 2015. On Nov. 1, Aporeto announced its open-source Trireme project, providing a new security model for containers running in Docker or as part of a Kubernetes cluster.

Security Leftovers

Filed under
Security
  • DDoS defenses emerging from Homeland Security

    Government, academic, and private-sector officials are collaborating on new ways to prevent and mitigate distributed denial-of-service (DDoS) attacks, based on research years in the making but kicked into high gear by the massive takedown this month of domain name system provider Dyn.

  • US DMCA rules updated to give security experts legal backing to research

    The US government has updated and published a new list of exemptions to the Digital Millennium Copyright Act, a move perhaps long-overdue which will protect cybersecurity professionals from prosecution when reverse-engineering products for research purposes.

    On October 28, the US Copyright Office and the Librarian of Congress published the updated rules on the federal register.

    The DMCA regulations now include exceptions relating to security research and vehicle repair relevant to today's cybersecurity field. For the next two years, researchers can circumvent digital access controls, reverse engineer, access, copy, and manipulate digital content which is protected by copyright without fear of prosecution -- within reason.

  • Stop being the monkey's paw

    This story got me thinking about security, how we ask questions and how we answer questions. What if we think about this in the context of application security specifically for this example. If someone was to ask the security the question “does this code have a buffer overflow in it?” The person I asked for help is going to look for buffer overflows and they may or may not notice that it has a SQL injection problem. Or maybe it has an integer overflow or some other problem. The point is that's not what they were looking for so we didn't ask the right question. You can even bring this little farther and occasionally someone might ask the question “is my system secure” the answer is definitively no. You don't even have to look at it to answer that question and so they don't even know what to ask in reality. They are asking the monkey paw to bring them their money, it's going to do it, but they're not going to like the consequences.

  • Tyfone looks to open-source to solve IoT security issues

    It came as no surprise to Tyfone CEO Siva Narendra when tens of millions of Internet connected devices were able to bring down the Web during a coordinated distributed denial of service attack on Oct. 21.

    Narendra's Portland-based company Tyfone has been working on digital security platforms to safeguard identity and transactions of people and things for years.

    Narendra says mobile devices in conjunction with the cloud have brought new levels of productivity to our lives. Internet of Things devices (the common name given to these connected items) are poised to bring even greater levels of productivity and cost-savings to businesses, and safety and convenience to our everyday lives.

  • Google just disclosed a major Windows bug — and Microsoft isn’t happy

    Today, Google’s Threat Analysis group disclosed a critical vulnerability in Windows in a public post on the company’s security blog. The bug itself is very specific — allowing attackers to escape from security sandboxes through a flaw in the win32k system — but it’s serious enough to be categorized as critical, and according to Google, it’s being actively exploited. As a result, Google went public just 10 days after reporting the bug to Microsoft, before a patch could be coded and deployed. The result is that, while Google has already deployed a fix to protect Chrome users, Windows itself is still vulnerable — and now, everybody knows it.

    Google’s disclosure provides only a general description of the bug, giving users enough information to recognize a possible attack without making it too easy for criminals to replicate. Exploiting the bug also depends on a separate exploit in Adobe Flash, for which the company has also released a patch. Still, simply knowing that the bug exists will likely spur a lot of criminals to look for viable ways to exploit it against computers that have yet to update Flash.

  • AtomBombing: A Code Injection that Bypasses Current Security Solutions

    Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection. We named this technique AtomBombing based on the name of the underlying mechanism that this technique exploits.

    AtomBombing affects all Windows version. In particular, we tested this against Windows 10.

  • Disclosing vulnerabilities to protect users

    On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.

    After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

    The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call

  • The next president will face a cybercrisis within 100 days, predicts report

    The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report.

    The crisis could come as a result of hostile actions from another country or internal conflict over privacy and security legislation, said Forrester analyst Amy DeMartine, lead author of the firm's top cybersecurity risks for 2017 report, due to be made public Tuesday.

    History grades a president's first 100 days as the mark of how their four-year term will unfold, so those early days are particularly precarious, said DeMartine. The new commander in chief will face pressure from foreign entities looking to embarrass them early on, just as U.S. government agencies jockey for position within the new administration, she said.

  • Hackforums Shutters Booter Service Bazaar

    Perhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter” and “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last week that it has permanently banned the sale and advertising of these services.

    On Friday, Oct. 28, Jesse LaBrocca — the administrator of the popular English-language hacking forum Hackforums[dot]net — said he was shutting down the “server stress testing” (SST) section of the forum. The move comes amid heightened public scrutiny of the SST industry, which has been linked to several unusually powerful recent attacks and is responsible for the vast majority of denial-of-service (DOS) attacks on the Internet today.

Security News

Filed under
Security
  • Security advisories for Monday
  • Tug of war between SELinux and Chrome Sandbox, who's right?

    Over the years, people have wanted to use SELinux to confine the web browser. The most common vulnerabilty for a desktop user is attacks caused by bugs in the browser. A user goes to a questionable web site, and the web site has code that triggers a bug in the browser that takes over your machine. Even if the browser has no blogs, you have to worry about helper plugins like flash-plugin, having vulnerabilities.

  • Trick or Treat! Google issues warning of critical Windows vulnerability in wild

    Recently, Google’s Threat Analysis Group discovered a set of zero-day vulnerabilities in Adobe Flash and the Microsoft Windows kernel that were already being actively used by malware attacks against the Chrome browser. Google alerted both Adobe and Microsoft of the discovery on October 21, and Adobe issued a critical fix to patch its vulnerability last Friday. But Microsoft has yet to patch a critical bug in the Windows kernel that allows these attacks to work—which prompted Google to publicly announce the vulnerabilities today.

    “After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” wrote Neel Mehta and Billy Leonard of Google’s Threat Analysis Group.”This vulnerability is particularly serious because we know it is being actively exploited.”

    The bug being exploited could allow an attacker to escape from Windows’ security sandbox. The sandbox, which normally allows only user-level applications to execute, lets programs execute without needing administrator access while isolating what it can access on the local system through a set of policies.

    But by using a specific type of call to a legacy support Windows system library generally used for the graphics subsystem—win32k.sys—malicious code can escalate its privileges and execute outside of the sandbox, allowing it to execute code with full access to the Windows environment. Win32k.sys has been a problem before: Microsoft issued a warning back in June about a similar privilege escalation problem that had not yet been exploited, and another arrived in August.

Security News

Filed under
Security
  • DDoS of SN Underway [Updated]

    Right, so there's currently a DDoS of our site specifically happening. Part of me is mildly annoyed, part of me is proud that we're worth DDoS-ing now. Since it's only slowing us down a bit and not actually shutting us down, I'm half tempted to just let them run their botnet time out. I suppose we should tweak the firewall a bit though. Sigh, I hate working on weekends.

  • AtomBomb: The New Zero-Day Windows Exploit Microsoft Can't Fix?

    There's a new zero-day Microsoft Windows exploit in the wild by the name of AtomBomb, and Microsoft may not be able to fix it.

  • New code injection method affects all Windows versions [iophk: “watch the ‘news’ play this one down or ignore it; full product recall is needed at this point”]

    Researchers at cyber-security firm enSilo have discovered a method of code injection in all versions of Windows that cannot be eliminated as it is part of the operating system design.

    The design flaw allows for code injection and is dubbed AtomBomb as it makes use of the system's atom tables.

    As Microsoft defines it, "An atom table is a system-defined table that stores strings and corresponding identifiers. An application places a string in an atom table and receives a 16-bit integer, called an atom, that can be used to access the string. A string that has been placed in an atom table is called an atom name."

    In a blog post describing the method of attack, enSilo's Tal Liberman wrote: "Our research team has uncovered a new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection."

  • British parliament members urge Obama to halt hacking suspect’s US extradition

    This week, culture minister Matt Hancock and more than 100 fellow MPs (Members of Parliament) have signed a letter calling on president Barack Obama to block Lauri Love's extradition to the US to face trial over the alleged hacking of the US missile defence agency, the FBI, and America's central bank.

    Love—an Asperger's syndrome sufferer from Stradishall, Suffolk—was told in September at a Westminster Magistrates' Court hearing that he was fit to be extradited to the US to face trial in that country. The 31-year-old faces up to 99 years in prison in the US if convicted. According to his lawyers, Love has said he fears for his life.

Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Bug Bounty Hunter Launches Accidental DDoS Attack on 911 Systems via iOS Bug

    The Maricopa County Sheriff's Office Cyber Crimes Unit arrested Meetkumar Hiteshbhai Desai, an 18-year-old teenager from the Phoenix area, for flooding the 911 emergency system with hang-up calls.

    According to a press release from the Maricopa County Sheriff's Office, Desai created a JavaScript exploit, which he shared on Twitter and other websites with his friends.

    People accessing Desai's link from their iPhones saw their phone automatically dial and redial 911.

  • Dyn DDoS attack exposes soft underbelly of the cloud

    It's apparently possible that a DDoS attack can be big enough to break the internet -- or, as shown in the attack against ISP Dyn, at least break large parts of it.

    The DDoS attack against Dyn that began Friday went far past taking down Dyn's servers. Beyond the big-name outages, organizations could not access important corporate applications or perform critical business operations.

  • [Older] ​The Dyn report: What we know so far about the world's biggest DDoS attack

    First, there was nothing -- nothing -- surprising about this attack. As Paul Mockapetris, creator of the Domain Name System (DNS), said, "The successful DDoS attack on DYN is merely a new twist on age-old warfare. ... Classic warfare can be anticipated and defended against. But warfare on the internet, just like in history, has changed. So let's take a look at the asymmetrical battle in terms of the good guys (DYN) and the bad guys (Mirai botnets), and realize and plan for more of these sorts of attacks."

  • Incident Report: Inadvertent Private Repository Disclosure

    On Thursday, October 20th, a bug in GitHub’s system exposed a small amount of user data via Git pulls and clones. In total, 156 private repositories of GitHub.com users were affected (including one of GitHub's). We have notified everyone affected by this private repository disclosure, so if you have not heard from us, your repositories were not impacted and there is no ongoing risk to your information.

    This was not an attack, and no one was able to retrieve vulnerable data intentionally. There was no outsider involved in exposing this data; this was a programming error that resulted in a small number of Git requests retrieving data from the wrong repositories.

    Regardless of whether or not this incident impacted you specifically, we want to sincerely apologize. It’s our responsibility not only to keep your information safe but also to protect the trust you have placed in us. GitHub would not exist without your trust, and we are deeply sorry that this incident occurred.

Syndicate content

More in Tux Machines

Hardware With Linux

  • Raspberry Pi's new computer for industrial applications goes on sale
    The new Raspberry Pi single-board computer is smaller and cheaper than the last, but its makers aren’t expecting the same rush of buyers that previous models have seen. The Raspberry Pi Compute Module 3 will be more of a “slow burn,” than last year’s Raspberry Pi 3, its creator Eben Upton predicted. That’s because it’s designed not for school and home use but for industrial applications. To make use of it, buyers will first need to design a product with a slot on the circuit board to accommodate it and that, he said, will take time.
  • ZeroPhone — An Open Source, Dirt Cheap, Linux-powered Smartphone Is Here
    ZeroPhone is an open source smartphone that’s powered by Raspberry Pi Zero. It runs on Linux and you can make one for yourself using parts worth $50. One can use it to make calls and SMS, run apps, and pentesting. Soon, phone’s crowdfunding is also expected to go live.
  • MSI X99A RAIDER Plays Fine With Linux
    This shouldn't be a big surprise though given the Intel X99 chipset is now rather mature and in the past I've successfully tested the MSI X99A WORKSTATION and X99S SLI PLUS motherboards on Linux. The X99A RAIDER is lower cost than these other MSI X99 motherboards I've tested, which led me in its direction, and then sticking with MSI due to the success with these other boards and MSI being a supporter of Phoronix and encouraging our Linux hardware testing compared to some other vendors.
  • First 3.5-inch Kaby Lake SBC reaches market
    Axiomtek’s 3.5-inch CAPA500 SBC taps LGA1151-ready CPUs from Intel’s 7th and 6th Generations, and offers PCIe, dual GbE, and optional “ZIO” expansion. Axiomtek’s CAPA500 is the first 3.5-inch form-factor SBC that we’ve seen that supports Intel’s latest 7th Generation “Kaby Lake” processors. Kaby Lake is similar enough to the 6th Gen “Skylake” family, sharing 14nm fabrication, Intel Gen 9 Graphics, and other features, to enable the CAPA500 to support both 7th and 6th Gen Core i7/i5/i3 CPUs as long as they use an LGA1151 socket. Advantech’s Kaby Lake based AIMB-205 Mini-ITX board supports the same socket. The CAPA500 ships with an Intel H110 chipset, and a Q170 is optional.

Leftovers: Ubuntu and Debian

  • Debian Project launches updated Debian GNU/Linux 8.7 with bug fixes
    An updated version of Debian, a popular Linux distribution is now available for users to download and install. According to the post on the Debian website by Debian Project, the new version is 8.7. This is the seventh update to the Debian eight distribution, and the update primarily focuses on fixing bugs and security problems. This update also includes some adjustments to fix serious problems present in the previous version.
  • Freexian’s report about Debian Long Term Support, December 2016
    The number of sponsored hours did not increase but a new silver sponsor is in the process of joining. We are only missing another silver sponsor (or two to four bronze sponsors) to reach our objective of funding the equivalent of a full time position.
  • APK, images and other stuff.
    Also, I was pleased to see F-droid Verification Server as a sign of F-droid progress on reproducible builds effort - I hope these changes to diffoscope will help them!
  • Linux Mint 18.1 "Serena" KDE Gets a Beta Release, Ships with KDE Plasma 5.8 LTS
    After landing on the official download channels a few days ago, the Beta version of the upcoming Linux Mint 18.1 "Serena" KDE Edition operating system got today, January 16, 2017, an official announcement. The KDE Edition is the last in the new Linux Mint 18.1 "Serena" stable series to be published, and it was delayed a little bit because Clement Lefebvre and his team wanted it to ship with latest KDE Plasma 5.8 LTS desktop environment from the Kubuntu Backports PPA repository.
  • Linux AIO Ubuntu 16.10 — Ubuntu GNOME, Kubuntu, Lubuntu, Ubuntu MATE, and Xubuntu In One ISO
    Linux AIO is a multiboot ISO carrying different flavors of a single Linux distribution and eases you from the pain of keeping different bootable USBs. The latest Linux AIO Ubuntu 16.10 is now available for download in both 64-bit and 32-bit versions. It features various Ubuntu flavors including Ubuntu GNOME, Kubuntu, Lubuntu, Ubuntu MATE, and Xubuntu.

Top Ubuntu Editing Apps: Image, Audio, Video

It's been my experience that most people aren't aware of the scope of creative software available for Ubuntu. The reason for this is complicated, but I suspect it mostly comes down to the functional availability provided by each application title for the Linux desktop. In this article, I'm going to give you an introduction to some of the best creative software applications for Ubuntu (and other Linux distros). Read more

Leftovers: OSS and Sharing

  • Google's open-source Draco promises to squeeze richer 3D worlds into the web, gaming, and VR
    Google has published a set of open source libraries that should improve the storage and transmission of 3D graphics, which could help deliver more detailed 3D apps.
  • Why every business should consider an open source point of sale system
    Point of sale (POS) systems have come a long way from the days of simple cash registers that rang up purchases. Today, POS systems can be all-in-one solutions that include payment processing, inventory management, marketing tools, and more. Retailers can receive daily reports on their cash flow and labor costs, often from a mobile device. The POS is the lifeblood of a business, and that means you need to choose one carefully. There are a ton of options out there, but if you want to save money, adapt to changing business needs, and keep up with technological advances, you would be wise to consider an open source system. An open source POS, where the source code is exposed for your use, offers significant advantages over a proprietary system that keeps its code rigidly under wraps.
  • Can academic faculty members teach with Wikipedia?
    Since 2010, 29,000 students have completed the Wiki Ed program. They have added 25 million words to Wikipedia, or the equivalent of 85,000 printed pages of content. This is 66% of the total words in the last print edition of Encyclopedia Britannica. When Wiki Ed students are most active, they are contributing 10% of all the content being added to underdeveloped, academic content areas on Wikipedia.
  • AMD HSA IL / BRIG Front-End Still Hoping To Get Into GCC 7
    For many months now there's been work on an AMD HSA IL front-end for GCC with supporting the BRIG binary form of the Heterogeneous System Architecture Intermediate Language (HSA IL). It's getting late into GCC 7 development and onwards to its final development stage while this new front-end has yet to be merged. Developer Pekka Jääskeläinen has been trying to get in the finishing reviews and changes for getting approval to land this BRIG front-end into the GNU Compiler Collection. It's a big addition and with GCC 7 soon just focusing on wrong-code fixes, bug fixes, and documentation fixes starting on 19 January, there would be just a few days left to land this new front-end for GCC 7 to avoid having to wait until next year for it to debut in stable with GCC 8.
  • Rcpp 0.12.9: Next round
    Yesterday afternoon, the nineth update in the 0.12.* series of Rcpp made it to the CRAN network for GNU R. Windows binaries have by now been generated; and the package was updated in Debian too. This 0.12.9 release follows the 0.12.0 release from late July, the 0.12.1 release in September, the 0.12.2 release in November, the 0.12.3 release in January, the 0.12.4 release in March, the 0.12.5 release in May, the 0.12.6 release in July, the 0.12.7 release in September, and the 0.12.8 release in November --- making it the thirteenth release at the steady bi-montly release frequency. Rcpp has become the most popular way of enhancing GNU R with C or C++ code. As of today, 906 packages on CRAN depend on Rcpp for making analytical code go faster and further. That is up by sixthythree packages over the two months since the last release -- or about a package a day!