Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Malware and More

Filed under
Security
  • Security updates for Monday
  • Security updates for Tuesday
  • Low-Priced Android Phones Shipped with Pre-installed ‘Cosiloon’ Malware, Says Avast

    Are you thinking about settling for a cheaper Android phone? You might want to reconsider this decision. A study conducted by Avast Threat Labs reports that several Android devices are shipped with malware pre-installed on them.

    The report says that more than 100 countries, including the US, Russia, and the UK have been affected by the adware and malware which is carried by hundreds of such low-cost Android devices, which includes manufacturers like ZTE, myPhone, and Archos.

  • The Benefits of HTTPS for DNS

    DNS over HTTPS (DoH) is entering the last call (right now Working Group, soon IETF wide) stage of IETF standardization. A common discussion I have about it basically boils down to "why not DNS over TLS (DoT)?" (i.e. work that has already been done by the DPRIVE WG). That does seem simpler, after all.

    DoH builds on the great foundation of DoT. The most important part of each protocol is that they provide encrypted and authenticated communication between clients and arbitrary DNS resolvers. DNS transport does get regularly attacked and using either one of these protocols allows clients to protect against such shenanigans. What DoH and DoT have in common is far more important than their differences and for some use cases they will work equally well.

  • Python May Let Security Tools See What Operations the Runtime Is Performing

    In its current form, Python does not allow security tools to see what operations the runtime is performing. Unless one of those operations generates particular errors that may raise a sign of alarm, security and auditing tools are blind that an attacker may be using Python to carry out malicious operations on a system.

  • If Avast Broke Your Windows 10 April Update, Here Is The Fix

    One of the many problems associated with the Windows 10 April Update is because of the Avast antivirus software. A few days ago, some Windows 10 users saw a blank desktop with no icons after upgrading, and Microsoft had to block April Update.

    Later, it was known that the Avast Behavior Shield was incompatible with the April 2018 Update and causing the issue which even left some people with unusable PCs.

  • Avast fixes issues with Windows 10 version 1803 and their antivirus
  • Reproducible Builds: Weekly report #161

Security: Open Source Security Podcast, Windows, USB, SHB and FBI

Filed under
Security
  • Open Source Security Podcast: Episode 98 - When IT decisions kill people

    Josh and Kurt talk about the NTSB report from the fatal Uber crash and what happened with Amazon's Alexa recording then emailing a private conversation. IT decisions now have real world consequences like never before.

  • There are cyber threats to veterans' medical records [iophk: "Windows TCO; infection misattributed to a thumbdrive rather than the managers that signed off on using Microsoft instead of real software"]

    Veterans have also fallen victim of non-targeted cyber intrusions. Cyber criminals routinely attempt to steal personal health records to sell on the dark web, given how valuable such records are. As an example of a non-targeted cyber attack, the Conficker worm infected 104 medical devices at a U.S. Department of Veterans Affairs (VA) hospital in Florida in 2012 simply because a vender [sic] updated the devices with a thumb drive that had unknowingly been infected.

  • USB Reverse Engineering: Down the rabbit hole

    It seems the deeper I went, the more interesting I found the content, and this post grew and grew. Hopefully it will help to shortcut your own journey down this path, and enlighten you to a whole new area of interesting things to hack!

  • Security and Human Behavior (SHB 2018)

    SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It's not just an interdisciplinary event; most of the people here are individually interdisciplinary.

  • The FBI tells everybody to reboot their router

Security: The Microsoft Cyber Attack, VPNFilter, Compliance, Docker

Filed under
Security
  • « The Microsoft Cyber Attack » : a German Documentary from the ARD on Relations Between Microsoft and Public Administration Now Available in English

    On February 19th, 2018, the German public broadcaster (ARD) aired a documentary on Microsoft relations with public administrations. Part of the inquiry is about the Open Bar agreement between Microsoft and the French ministry of Defense, including interviews of French Senator Joëlle Garriaud-Maylam, Leïla Miñano, a journalist, and Étienne Gonnu of April.

    The documentary is now available in English thanks to Deutsche Welle (DW), the German public international broadcaster, on its Youtube channel dedicated to documentaries : The Microsoft Cyber Attack. It should be noted that April considers itself as a Free software advocate, rather than open source, as the voice-over suggests.

  • VPNFilter UNIX Trojan – How to Remove It and Protect Your Network

    This article has been created to explain what exactly is the VPNFilter malware and how to secure your network against this massive infection by protecting your router as well as protecting your computers.

    A new malware, going by the name of VPNFilter has reportedly infected over 500 thousand router devices across most widely used brands such as Linksys, MikroTik, NETGEAR as well as TP-Link, mostly used in homes and offices. The cyber-sec researchers at Cisco Talos have reported that the threat is real and it is live, even thought the infected devices are under investigation at the moment. The malware reportedly has something to do with the BlackEnergy malware, which targeted multiple devices in Ukraine and Industrial Control Systems in the U.S.. If you want to learn more about the VPNFilter malware and learn how you can remove it from your network plus protect your network, we advise that you read this article.

  • FBI: Reboot Your Router Now To Fight Malware That Affected 500,000 Routers
  • Compliance is Not Synonymous With Security

    While the upcoming GDPR compliance deadline will mark an unprecedented milestone in security, it should also serve as a crucial reminder that compliance does not equal security. Along with the clear benefits to be gained from upholding the standards enforced by GDPR, PCI DSS, HIPAA, and other regulatory bodies often comes a shift toward a more compliance-centric security approach. But regardless of industry or regulatory body, achieving and maintaining compliance should never be the end goal of any security program. Here’s why:

  • Dialing up security for Docker containers

    Docker containers are a convenient way to run almost any service, but admins need to be aware of the need to address some important security issues.

    Container systems like Docker are a powerful tool for system administrators, but Docker poses some security issues you won't face with a conventional virtual machine (VM) environment. For example, containers have direct access to directories such as /proc, /dev, or /sys, which increases the risk of intrusion. This article offers some tips on how you can enhance the security of your Docker environment.

OpenStack News/Leftovers

Filed under
OSS
Security
  • Canonical founder calls out OpenStack suppliers for ‘lack of focus’ on datacentre cost savings

    The OpenStack supplier community’s reluctance to prioritise the delivery of datacentre cost savings to their users could prove “fatal”, says Canonical co-founder Mark Shuttleworth.

  • OpenStack in transition

    OpenStack is one of the most important and complex open-source projects you’ve never heard of. It’s a set of tools that allows large enterprises ranging from Comcast and PayPal to stock exchanges and telecom providers to run their own AWS-like cloud services inside their data centers. Only a few years ago, there was a lot of hype around OpenStack as the project went through the usual hype cycle. Now, we’re talking about a stable project that many of the most valuable companies on earth rely on. But this also means the ecosystem around it — and the foundation that shepherds it — is now trying to transition to this next phase.

  • Free OpenStack Training Resources
  • How the OpenStack Foundation Is Evolving Beyond Its Roots

    The OpenStack Foundation is in a period of transition as it seeks to enable a broader set of open infrastructure efforts than just the OpenStack cloud project itself.

    In a video interview at the OpenStack Summit here, OpenStack Foundation Executive Director Jonathan Bryce and Chief Operating Officer Mark Collier discussed how the open-source organization is still thriving, even as corporate sponsorship changes and attendance at events declines.

    At the event, Collier said there were approximately 2,600 registered attendees, which is nearly half the number that came to the OpenStack Boston 2017 event. OpenStack's corporate sponsorship has also changed, with both IBM and Canonical dropping from the Platinum tier of membership.

Security: Updates, Browsers, Red Hat and Routers

Filed under
Security
  • Security updates for Friday
  • Ryzom falling: Remote code execution via the in-game browser

    Ryzom’s in-game browser is there so that you can open links sent to you without leaving the game. It is also used to display the game’s forum as well as various other web apps. The game even allows installing web apps that are created by third parties. This web browser is very rudimentary, it supports only a bunch of HTML tags and nothing fancy like JavaScript. But it compensates for that lack of functionality by running Lua code.

    You have to consider that the Lua programming language is what powers the game’s user interface. So letting the browser download and run Lua code allows for perfect integration between websites and the user interface, in many cases users won’t even be able to tell the difference. The game even uses this functionality to hot-patch the user interface and add missing features to older clients.

  • For Red Hat, security is a lifestyle, not a product

    Red Hat has a sterling reputation in Linux security circles. That means the company has a workable process for preventing problems and responding to them. Even if you don't use Linux, the Red Hat security approach has a lot going for it, and some of its practices might be worth adopting in your own shop.

  • How insecure is your router?

    Your router is your first point of contact with the internet. How much is it increasing your risk?

    [...]

    I'd love to pretend that once you've improved the security of your router, all's well and good on your home network, but it's not. What about IoT devices in your home (Alexa, Nest, Ring doorbells, smart lightbulbs, etc.?) What about VPNs to other networks? Malicious hosts via WiFi, malicious apps on your children's phones…?

    No, you won't be safe. But, as we've discussed before, although there is no such thing as "secure," it doesn't mean we shouldn't raise the bar and make it harder for the Bad Folks.™

Security: VPNFilter, Encryption in GNU/Linux, Intel CPU Bug Affecting rr Watchpoints

Filed under
Security
  • [Crackers] infect 500,000 consumer routers all over the world with malware

    VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday’s report before the research is completed.

  • Do Not Use sha256crypt / sha512crypt - They're Dangerous

    I'd like to demonstrate why I think using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why I think the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2.

  • Intel CPU Bug Affecting rr Watchpoints

    I investigated an rr bug report and discovered an annoying Intel CPU bug that affects rr replay using data watchpoints. It doesn't seem to be hit very often in practice, which is good because I don't know any way to work around it. It turns out that the bug is probably covered by an existing Intel erratum for Skylake and Kaby Lake (and probably later generations, but I'm not sure), which I even blogged about previously! However, the erratum does not mention watchpoints and the bug I've found definitely depends on data watchpoints being set.

    I was able to write a stand-alone testcase to characterize the bug. The issue seems to be that if a rep stos (and probably rep movs) instruction writes between 1 and 64 bytes (inclusive), and you have a read or write watchpoint in the range [64, 128) bytes from the start of the writes (i.e., not triggered by the instruction), then one spurious retired conditional branch is (usually) counted. The alignment of the writes does not matter, and it's not related to speculative execution.

Security: Firefox Accounts, 'DevSecOps', VPNFilter, PassProtect, Reproducible Builds

Filed under
Security
  • Two-step authentication in Firefox Accounts
  • Firefox Finally Offers Two Factor Auth to Protect Your Passwords

    Mozilla is rolling out two factor authentication for Firefox accounts and if you sync passwords using Firefox Sync you should enable it immediately.

    The option for two factor authentication should show up in your Firefox account settings in a few weeks, but you can skip the wait by clicking this link. Do that and you should see the option for two-factor authentication, as shown above.

  • Now Make Your Firefox Account Safer With New Two Factor Authentication

    It seems that tech giants, finally, are gearing up to make portals more secure. In an announcement made yesterday, Mozilla has announced two-factor authentication for Firefox accounts. It is an optional security feature that will require inserting authentication code after signing in your Firefox account with your credentials.

    The newly introduced two-step verification feature is based on the commonly used Time-based One-Time Password (TOTP)-based standard. Currently, the feature is available with Duo, Google Authenticator, and Authy. Users will need to install these apps to receive the authentication code.

  • Navigating the container security ecosystem

    SJ Technologies partnered with Sonatype for the DevSecOps Community 2018 Survey. The survey was wildly popular, receiving answers from more than 2,000 respondents representing a wide range of industries, development practices, and responsibilities. One-third of respondents (33%) came from the technology industry, and banking and financial services was the second most represented group (15%). 70% of all respondents were using a container registry. With so many respondents utilizing containers, a deeper dive into container security is in order.

  • New VPNFilter malware targets at least 500K networking devices worldwide
  • 500,000 Routers Are Infected With Malware and Potentially Spying On Users
  • 500,000 Routers In 54 Countries Hacked To Create Massive Botnet Army
  • PassProtect Tells You If Your Password Is Compromised

    A compromised password can’t protect you. PassProtect is a Chrome extension that notifies you whenever a password you enter is exposed, giving you the chance to change it.

    Data breaches happen all the time, and the result is usually a bunch of usernames and password floating around the web. Attackers use these lists to access accounts, so it’s important to change your passwords after a breach. Most users can’t keep track of it all, however.

    Which is where PassProtect come in. Using data from Have I Been Pwned, Troy Hunt’s database of compromised passwords, PassProtect lets you know when a password you use was part of a recent breach.

  • PassProtect warns Chrome users when their username or passwords get pwned

    Data breaches happen all the time. When they do, it’s invariably bad, with countless people ensnared. The MySpace breach, for example, impacted nearly 360 million. LinkedIn impacted 165 million more. One tool helping to mitigate the aftermath is Okta’s new Chrome plugin, PassProtect.

  • Reproducible Builds: Weekly report #160

    This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Levente Polyak and Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Security: Updates, Kernel Mitigation (CPU Flaws) and FBI

Filed under
Security
  • Security updates for Wednesday
  • ARM64 Mitigation Posted For Spectre 4 / SSBD

    Following the Intel/AMD Spectre Variant 4 mitigation landing yesterday with "Speculative Store Bypass Disable" (SSBD) and then the POWER CPU mitigation landing today, ARM developers have posted their set of patches for 64-bit ARM CPUs to mitigate against this latest Spectre vulnerability around speculative execution.

  • Linux 4.9, 4.14, 4.16 Point Releases Bring SSBD For Spectre V4

    Greg Kroah-Hartman has today released the Linux 4.9.102, 4.14.43, and 4.16.11 kernels. Most notable about these stable release updates is Spectre Variant Four mitigation.

    Today's 4.9/4.14/4.16 point releases carry the Intel/AMD mitigation for Spectre V4 albeit the Intel support is dependent upon to-be-released microcode updates and is vulnerable by default while for AMD processors there is SSB disabled via prctl and seccomp.

  • An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

    Yesterday the latest Spectre vulnerability was disclosed as Spectre Variant 4 also known as "Speculative Store Bypass" as well as the less talked about Spectre Variant 3A "Rogue System Register Read". Here are my initial tests of a patched Linux kernel on AMD hardware for Spectre V4.

    Landing yesterday into Linux 4.17 Git was Speculative Store Bypass Disable (SSBD) as the Linux-based mitigation on Intel/AMD x86 CPUs. Since then has also been the POWER CPU SSBD implementation and pending patches for ARM64 CPUs.

  • Exclusive: FBI Seizes Control of Russian Botnet

    FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets.

    The FBI counter-operation goes after “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

Security Leftovers, Mostly 'Spectre' and 'Meltdown' Related

Filed under
Security
  • More Meltdown/Spectre Variants
  • Spectre V2 & Meltdown Linux Fixes Might Get Disabled For Atom N270 & Other In-Order CPUs

    There's a suggestion/proposal to disable the Spectre Variant Two and Meltdown mitigation by default with the Linux kernel for in-order CPUs.

    If you have an old netbook still in use or the other once popular devices powered by the Intel Atom N270 or other in-order processors, there may be some reprieve when upgrading kernels in the future to get the Spectre/Meltdown mitigation disabled by default since these CPUs aren't vulnerable to attack but having the mitigation in place can be costly performance-wise.

  • Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs

    Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed.

  • New Variant Of Spectre And Meltdown CPU Flaw Found; Fix Affects Performance
  • Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw

    Canonical released the first kernel security update for its Ubuntu 18.04 LTS (Bionic Beaver) operating system to fix a security issue that affects this release of Ubuntu and its derivatives.

    As you can imagine, the kernel security update patches the Ubuntu 18.04 LTS (Bionic Beaver) operating system against the recently disclosed Speculative Store Buffer Bypass (SSBB) side-channel vulnerability, also known as Spectre Variant 4 or CVE-2018-3639, which could let a local attacker expose sensitive information in vulnerable systems.

  • RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability

    As promised earlier this week, Red Hat released software mitigations for all of its affected products against the recently disclosed Spectre Variant 4 security vulnerability that also affects its derivatives, including CentOS Linux.

    On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat's products and its derivatives, such as CentOS Linux.

Openwashing and FOSS FUD

Filed under
OSS
Security
  • Release: The Winemakers Co-Op to Debut Collaborative Wine: Open-Source Chardonnay June 3
  • Facebook open sources Katran networking tool, outlines automation system called Vending Machine [Ed: When surveillance giants are engaging in openwashing campaigns (all the core code is secret and abuses people)...]
  • Facebook Open Sources Katran Load Balancer; Details Network Provisioning Tool
  • Security and Open Source: Open Source Components Save Time but Need to be Closely Monitored [Ed: After Black Duck, Snyk and White Source another anti-FOSS firm spreads its FUD to sell services; ads disguised as 'articles'. Many of them this month, flooding FOSS news.]

    Chris Wysopal, CTO of Veracode, said that “the universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications – making many of them breachable with a single exploit.”.

  • Linux Redis Automated Mining For Worm Analysis and Safety Advice [Ed: Rather old an issue]

    Since Redis has not authorized the disclosure of the attack method of root authority of Linux system, because of its ease-of-use, the hacking behaviors of mining and scanning of Linux services by using this issue have been endless. Among the many cases that handle this problem to invade the server for black production, there is a class of mining that USES this problem and can automatically scan the infected machine with pnscan. The attack has always been there, but it has shown a recent trend of increasing numbers, which has been captured many times, and we've been able to do a specific analysis of it.

  • Turla cyberespionage group switched to open-source malware [Ed: Crackers share code, so let's badmouth FOSS?]

    The Turla cyberespionage group has implemented some new tactics over the last few months incorporating some open-source exploitation tools instead of relying solely on their own creations to run campaigns.

    ESET researchers found that starting in March the Turla has been leveraging the open-source framework Metasploit to drop the group's proprietary Mosquito backdoor. The group has periodically used open-source hacking tools for other tasks, but ESET believes the group has never before used Metasploit as a first stage backdoor.

  • A Complete Beginner’s Guide to Not Getting Hacked

    Crackers are so to speak the evil hackers. Although these very often also do not offer the possibilities in order to do justice to the descriptions of the media. Then there are the would-be hackers, also called ScriptKiddies who use themTrojan2 and pre-programmed programs to get into computers and do damage.

    The “Kiddie” leads is a departure from the English “kid” (child), since young people are often behind such attacks. Due to their young age and lack of experience, ScriptKiddies often do not even know what they are doing. Let me give you an example. I have seen ScriptKiddies that use methods to intrude into Windows NT Calculator tried to break into a Linux machine. ScriptKiddies are often bored teenagers who try to have fun with the first tool. These tools are usually so simply knitted that actually, each normal, somewhat educated user can serve them.

    [...]

    According to Blendrit, co-founder at Tactica “One thing is clear: this language culture is constantly evolving, and many words find their way into the media, where they have a completely different meaning. Just as our most famous word, “hacker”, has fared.”

Syndicate content

More in Tux Machines

Canonical/Ubuntu Watching You

  • Two-thirds of Ubuntu users are happy to give up data on their PC
    As announced back at the start of the year, Canonical made the decision that Ubuntu would collect data on its user base – and now the initial results of those statistics have been published by the firm, including the headline fact that 67% of users were happy to provide details of their PC (and other bits and pieces). So, this scheme that has been unfavorably compared to Microsoft’s collection of telemetry data in Windows 10, which has long been a point of controversy. However, it appears that the majority of folks are happy to give up their data to the company providing their Linux distribution, and don’t seem perturbed by this prospect.
  • Ubuntu reports 67% of users opt in to on-by-default PC specs slurp [Ed: 33% of Ubuntu users say to Canonical "don't spy on me" and Canonical then counts them, which means that Canonical collects data on them, too]
    However just 33 per cent of the undisclosed number of users Canonical’s analysed didn’t opt in to the slurpage. Which is where things get a little bit weird, because Canonical’s post reports an “Opt In rate”. Yet the data slurpage is selected by default: there’s an active opt out but a passive opt in.
  • The Average Ubuntu Install Takes 18 Minutes (And Other Stats)
    Did you know that the average Ubuntu install takes just 18 minutes? That’s one of several nuggets of information Canonical has collected (and now revealed) thanks to the new “Ubuntu Report” tool included in Ubuntu 18.04 LTS. This tool, when given permission to, collects non-identifiable system data about new Ubuntu installs and upgrades and ferries it back to Canonical for analysis.

Linux Foundation's TODO and New Chinese Ties

  • The Linux Foundation and TODO Group Release Chinese Versions of Open Source Guides for the Enterprise
    -The Linux Foundation, the nonprofit organization enabling mass innovation through open source, has released Chinese translations of 10 Open Source Guides for the Enterprise, created to help executives, open source program managers, developers, attorneys and decision makers learn how to best leverage open source.
  • Tencent joins the Linux Foundation as a platinum member
    Chinese tech giant Tencent has announced it’s joined the Linux Foundation as a platinum member. Tencent is one of a few companies to offer the highest level of support to the Linux Foundation. Other tech companies in this stable include IBM, Microsoft, and Intel, as well as fellow Chinese titan Huawei. As part of the deal, Tencent will take a chair on the Foundation’s board of directors. It has also promised to offer “further support and resources” to the Foundation’s efforts. So far, this has taken the form of Tencent donating several pieces of its software.
  • Tencent becomes a Linux Foundation platinum member to increase its focus on open source
    Tencent, the $500-billion Chinese internet giant, is increasing its focus on open source after it became a platinum member of the Linux Foundation. The company has long been associated with the foundation and Linux generally, it is a founding member of the Linux Foundation’s deep learning program that launched earlier this year, and now as a platinum member (the highest tier) it will take a board of directors seat and work more closely with the organization. That works two ways, with Tencent pledging to offer “further support and resources” to foundation projects and communities, while the Chinese firm itself will also tap into the foundation’s expertise and experience.
  • Tencent Supports Open Source Community With Linux Foundation Platinum Membership
    LinuxCon China -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announces Tencent has become the latest Platinum member of the foundation. Tencent is a leading provider of Internet value added services in China, offering some of China's most popular websites, apps and services including QQ, Qzone, Tencent Cloud and Weixin/WeChat.
  • TARS and TSeer Form Open Source Project Communities Under The Linux Foundation to Expand Adoption and Pace of Development
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced at LinuxCon + ContainerCon + CloudOpen China in Beijing that TARS, a remote procedure call (RPC) framework, and TSeer, a high availability service discovery, registration and fault tolerance framework, have become Linux Foundation projects. Both projects were initially developed by leading Chinese technology company, Tencent, which open sourced the projects last year. This follows the announcement of Tencent becoming a Platinum member of The Linux Foundation, and reflects the foundation’s growing collaboration with the Chinese open source community.
  • Tencent Becomes Latest Platinum Member of Linux Foundation
    Chinese behemoth looking to cultivate open source ties The Linux Foundation has announced that Tencent has become the latest member to obtain platinum membership. The non-profit American tech company, which is funded by membership payments, uses the funding for sustainable open source projects. Within the foundation, there are three membership tiers, starting from silver to gold, all the way up to platinum where members have to pay $500,000 a year (approx. £377,643) for that category.
  • Tencent Joins The Linux Foundation, Open-Sources Projects
    China's Tencent holding conglomerate that backs a variety of Internet services/products is the latest platinum member of the Linux Foundation.

Events: DebCamp, openSUSE Conference, OSSummit Japan 2018

  • Yes! I am going to...
    Of course, DebCamp is not a vacation, so we expect people that take part of DebCamp to have at least a rough sketch of activities. There are many, many things I want to tackle, and experience shows there's only time for a fraction of what's planned.
  • Dates, Location set for openSUSE Conference 2019
    The openSUSE Project is pleased to announce the location and dates for the 2019 openSUSE Conference. The openSUSE Conference 2019 will return to the Z-Bau in Nuremberg, Germany, and be Friday, May 24, through Sunday, May 26. Planning for the 2019 conference will begin this summer and community members are encouraged to take part in the planning of the conference through the organizing team. The openSUSE Board proposed the idea of having organizing team for openSUSE Conferences last month at oSC18. An email about the organizing team was sent out to the openSUSE-Project mailing list.
  • OSSummit Japan 2018
    Some Debian developers (Jose from Microsoft and Michael from credativ) gave a talk during this event.

Games: Warhammer, Steam, OpenSAGE and Wine