Language Selection

English French German Italian Portuguese Spanish

Microsoft

Security Leftovers

Submitted by Roy Schestowitz on Thursday 22nd of October 2020 01:18:39 PM Filed under
Microsoft
Security
»

Proprietary Software and DRM/Monopoly

Submitted by Roy Schestowitz on Saturday 17th of October 2020 03:51:53 PM Filed under
Microsoft
Mac

  • FOSS Patents: Fortnite users continue to make in-app purchases on iOS that bypass Apple's payment system: court filing says "Epic is stealing money from Apple"

    In yesterday's filing, Apple says it has the right to sue Epic not only for breach of contract but also for tort, given that Epic would face tort liability "if [t]c had never executed the contracts with Apple and had instead found another way to smuggle Fortnite and its 'hotfix' payment mechanism into the App Store." Apple argues that a company protecting itself against such behavior through contracts must not be in a weaker legal position than one that doesn't. What Apple does clarify is that it won't seek "multiplicative recovery" if the same conduct on Epic's part constituted both a breach of an agreement and fraud. In other words, Apple would then content itself with only the greater of the two alternative amounts.

    It appears that the "hotfix" was just a simple data point on Epic's servers--not program code, but merely a trigger. When the iOS version of Fortnite checked on that data point, it offered an alternative payment mechanism to end users in circumvention of Apple's in-app payment rules.

    After the "hotfix" that Apple says became Epic's hot mess, Fortnite was removed from the App Store. That means it cannot be downloaded to iOS devices right now, and Epic has already failed twice (with a motion for a temporary restraining order as well as a motion for a preliminary injunction) to get a court to force Apple to tolerate an iOS version of Fortnite that bypasses Apple's in-app payment system.

  • Why Apple’s App Store Is Under Siege

    Fueling the fire was a report issued last week by House Democrats summing up an antitrust probe into four Big Tech companies — Apple, Amazon, Facebook and Google — and urging Congress to enact new laws to curb the companies’ power. The 449-page report called on Congress to enact new laws to curb the companies’ power, including prohibiting companies like Apple from operating “adjacent lines of business” (in other words, preventing it from offering its own apps in the App Store that compete with those from third parties).

    “Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits,” the House Judiciary Committee report said.

  • Microsoft Says Long-Time Deals Executive Brown Leaving Company

    Microsoft Corp. said mergers and acquisitions chief Marc Brown is leaving the company after a more than two-decade stint working on deals ranging from LinkedIn to Nokia Oyj’s handset unit.

    Brown, vice president of corporate development, reported to Chief Financial Officer Amy Hood. Microsoft spokesman Frank Shaw on Friday confirmed Brown’s departure and declined to comment on a replacement. The company is still conducting a search for a senior business development executive to replace Peggy Johnson, who left in July to become chief executive officer at Magic Leap Inc.

  • Your brand new Oculus Quest 2 can’t play Oculus Go games, John Carmack confirms [Ed: Digital Restrictions (DRM) in action]

    If you bought a new Oculus Quest 2 with the hopes of experiencing games from the now-discontinued Oculus Go, I have bad news: the company has decided not to include support for Go titles on the Quest 2, Oculus’ consulting CTO John Carmack confirms on Twitter.

    When the Oculus Quest 2 launched three days ago, some people noticed there was no feature on the UI that allowed users to access Go apps and games, something the original Quest headset featured. Carmack did not go into much detail on why support was not added other than “[he] totally lost the internal debate over backwards compatibility.”

    •    

  • Three npm packages found opening shells on Linux, Windows systems [Ed: The writers at ZDNet are apt at blaming “LINUX” for security threats that have nothing to do with Linux. Now that Microsoft is serving malware ZDNet… blames “NPM” (ssshhhhh… don’t mention Microsoft)]

    •     
      

»

No Linux for 10 Days

Submitted by Roy Schestowitz on Saturday 17th of October 2020 07:21:28 AM Filed under
GNU
Linux
Microsoft

In my time away from my normal life, I was in a situation where I was without Linux for almost two weeks. I hear of people that consider time away from tech as being “refreshing”. I wouldn’t consider that the case at all but it was enlightening. Using “analog” methods for recording information is super inefficient but it did force me to work on my hand writing as it is atrocious.

Secondly, having to use Windows 10 to do “digital work” was so frustrating, I will say, the points of frustration were not all the fault of Windows 10 but it did make me greatly despise using tech. It confirmed that if Linux went away and I was forced to use Windows 10, I just wouldn’t.In my time away from my normal life, I was in a situation where I was without Linux for almost two weeks. I hear of people that consider time away from tech as being “refreshing”. I wouldn’t consider that the case at all but it was enlightening. Using “analog” methods for recording information is super inefficient but it did force me to work on my hand writing as it is atrocious.

Secondly, having to use Windows 10 to do “digital work” was so frustrating, I will say, the points of frustration were not all the fault of Windows 10 but it did make me greatly despise using tech. It confirmed that if Linux went away and I was forced to use Windows 10, I just wouldn’t.

Read more

»

Digital Restrictions (DRM) and Proprietary Pushers

Submitted by Roy Schestowitz on Friday 16th of October 2020 05:01:21 PM Filed under
Microsoft
Mac

     
  • Facebook is accidentally locking some users out of their new Oculus headsets

                     

                       

    As UploadVR reported yesterday, users complained that they had been suspended for unclear reasons while they were trying to set up the Quest 2. One poster on the Oculus subreddit, for instance, described getting banned after creating a Facebook page for the first time and merging it with an existing Oculus account. “I logged into Facebook’s website to lock down my profile, as I had no intention of using the social media site more than was needed, and within minutes of merging accounts and changing profile settings my account was banned without any reason given or cause I can think of,” the user told The Verge in an email — rendering the Quest 2 a “new white paperweight.” Other people in the subreddit chimed in with their own experiences getting locked out.

    •                
         

  • Games Piracy Scene Reinvigorated, Four Denuvo-Protected Titles Released in One Day

           

             

    Late August the piracy Scene was thrown into turmoil when law enforcement raids took place all around Europe. With few hopes of a significant recovery any time soon, in the space of a few minutes yesterday veteran cracking group CPY released four games previously protected by Denuvo. For many pirates, this is the positive signal they'd been waiting for.

  • Microsoft ends support for Office 2010, bangs the Office 365 gong
  • Microsoft is foisting Office web apps on Edge users

    Microsoft is no stranger to using Windows and other software to promote more of its own apps and services. The latest way the company is doing this is via Edge.

    Accusations of using its products as an advertising tool or as a means of forcing products onto users are nothing new for the Windows maker, and the company's latest move with Edge does nothing to shake them off. The browser has been found to install Microsoft Office web apps without asking for permission.

  • JACK2 Audio Server Rolls Out Better Windows + macOS Support - Phoronix

    JACK2 1.9.15 released on Thursday as the newest version of this professional-minded sound server focused on real-time, low-latency connections.

    JACK2 1.9.15 brings a number of bug fixes, improvements to various JACK tools, deprecates JACK-Session, and makes other improvements. JACK1 continues to be in a bug-fix mode while JACK2 continues advancing slowly and incorporating all of its functionality.

  • Has Apple abandoned CUPS, the Linux's world's widely used open-source printing system? Seems so

    After only one public Git commit this year, penguinstas think: Fork it, we don't need Cupertino. The official public repository for CUPS, an Apple open-source project widely used for printing on Linux, is all-but dormant since the lead developer left Apple at the end of 2019.

»

Microsoft spyware disguised as calculator (spying on keypresses) celebrated in 'Linux' sites

Submitted by Roy Schestowitz on Thursday 15th of October 2020 07:11:07 PM Filed under
Microsoft
»

Microsoft's Proprietary Software and Security Issues

Submitted by Roy Schestowitz on Sunday 11th of October 2020 04:08:48 PM Filed under
Microsoft
Security
  • Microsoft cloud issues continue with more global outages

    The most recent disruptions seem to be primarily affecting US users, with some individuals noting that they are struggling to access their admin centre dashboards. There were also reports that a number of Microsoft 365 services, as well as Azure Active Directory and Azure Networking services, were experiencing issues.

  • Quickpost: 4 Bytes To Crash Excel

    When you create a text file with content “ID;;”, save it with extension .slk, then open it with Excel, Excel will crash.

  • A CrowdSec Primer: A Modern Replacement for Fail2Ban

    This tells me they’re thinking big and long-term with this thing, and not just as a replacement for a local banning tool.

    So the bottom line—at the very miniumum—is that we seem to have a modern replacement for Fail2Ban, and over time that may turn into something more.

  • Microsoft Took 10 Days to Remove Leaked XP Code From its Own Site

    Last month there was excitement when the source code for Windows XP was leaked online. The big question, however, was how quickly Microsoft would act to have it disappeared from the web. The partial answer is that the company took 10 days to have one public repository taken down. And that was hosted on Github, a platform owned by Microsoft itself.

»

Yet More Severe Microsoft Outages and Security Issues

Submitted by Roy Schestowitz on Thursday 8th of October 2020 08:36:09 AM Filed under
Microsoft
»

Proprietary Software and Security Problems

Submitted by Roy Schestowitz on Tuesday 6th of October 2020 10:38:30 AM Filed under
Microsoft
Security
  • Coronavirus cases 'lost' in test and trace blunder

    More than 15,000 positive Covid cases have become “lost” in Britain’s tracking systems, resulting in long delays being passed on to Test and Trace handlers.

    It means that tens of thousands of people who should have been told to self-isolate after coming into close contact with an infected case are only now being contacted – in some cases 10 days after transmission occurred.

    The Government blamed “computer issues” for a blunder which saw the number of daily cases appear to double overnight, and has been accused of “shambolic” handling by Labour.

  • Shock and despair follow revelations that ‘world-beating’ Test and Trace system is being run on Excel

    News that Britain’s ‘world-beating’ Test and Trace system is being run on Excel has been met with shock and despair today.

    The weekly rate of new Covid-19 cases soared in dozens of areas of England, following the addition of nearly 16,000 cases that went unreported by because of a technical error with the spreadsheet.

  • John McAfee has been arrested in Spain and is facing extradition

    John McAfee, who built a fortune selling cybersecurity software and has in recent years become a cryptocurrency evangelist, has been indicted on charges of tax evasion by the Department of Justice (DOJ). He has been arrested in Spain and is awaiting extradition, the DOJ said.

  • Kaspersky finds UEFI images that could be used for malware transport

    Microsoft used one feature in the UEFI to introduce what it called secure boot in Windows 8 in 2012, in a manner that effectively prevented easy booting of other operating systems on machines which had secure boot enabled.

    Secure boot was designed so that an exchange of cryptographic keys took place at boot-time; a system could verify the operating system attempting to boot was a genuine one, and not malware. There were further key exchanges along the way.

    But four years later, two researchers cracked the technology when they found a so-called golden key that was protecting the feature.

    Lechtik, Kuznetsov and Parshin wrote: "A sophisticated attacker can modify the firmware in order to have it deploy malicious code that will be run after the operating system is loaded. Moreover, since it is typically shipped within SPI flash storage that is soldered to the computer’s motherboard, such implanted malware will be resistant to OS reinstallation or replacement of the hard drive."

  • Microsoft puts lipstick on a pig to avoid scrutiny over security

    In what appears to be a bid to try and pretend that it is making no big contribution to the abysmal security environment in the tech sector, Microsoft has put out one of those reports, titled Microsoft Digital Defence Report, that aims to quell criticism of its role, at the same time trying to insinuate that security is in a bad state because of every single player.

  • Ransomware attack on Philadelphia firm hits COVID clinical trials

    Several companies, including IQVIA, the firm managing AstraZeneca's COVID vaccine trial, and Bristol Myers Squibb, which is leading a group of companies in developing a quick coronavirus test, have been affected by a ransomware attack on Windows systems at Philadelphia firm eResearchTechnology.

  • Four Malicious Packages In The NPM Repository With Names Similar To Popular Packages Were Phoning User Data Home

    Be careful what you npm install. Four packages in the NPM repository, published by a single author, where caught sending device fingerprint information, IP and geo-location data to a public GitHub page upon installation. All of them used package names similar to popular and widely used NPM packages.

    [...]

    The malicious packages where published to NPM between August 17th and August the 24th. The typesquatting trick fooled more than 400 users into downloading and installing these packages before the software analysis company Sonatype detected it using their automated tools.

»

Microsoft 365 outage affects multiple services

Submitted by Rianne Schestowitz on Tuesday 29th of September 2020 08:56:59 AM Filed under
Microsoft

Microsoft Corp MSFT.O said late Monday a recent change it introduced likely caused a major outage, affecting users' access to multiple Microsoft 365 services, including Outlook.com and Microsoft Teams.

The developer of Windows and Office software said it did not “observe an increase in successful connections” even after it rolled back the change to mitigate the impact.

Read more

»

Microsoft kills off Windows 10 update that had been slowing down PCs

Submitted by Rianne Schestowitz on Tuesday 22nd of September 2020 09:35:38 AM Filed under
Microsoft

Goodbye Windows 10 update KB4559309, we hardly knew ye. After less than two months, in which the Windows 10 update managed to annoy many users by seemingly slowing down their devices, Microsoft has now unceremoniously killed off the update.

As Windows Latest reports, the Windows 10 update KB4559309 update was supposed to replace the old Edge web browser with the new and improved Chromium-based Edge web browser. However, many users reported that after installing the update, their PCs began to perform poorly, while Windows 10 also booted slowly.

Windows 10 May 2020 Update problems: how to fix them
How to uninstall a Windows 10 update
These are the best web browsers

To make matters worse, KB4559309 is an automatic update, which meant users didn’t have a say in whether or not Windows 10 should download and install it.

Read more

»
Syndicate content

More in Tux Machines

Devices/Embedded: Arduino and More

       
  • Arduino Blog » Driving a mini RC bumper car with a Nintendo Wii Balance Board

    Taking inspiration from Colin Furze’s 600cc bumper car constructed a few years ago, Henry Forsyth decided to build his own RC miniature version. His device features a 3D-printed and nicely-painted body, along with a laser-cut chassis that holds the electrical components. The vehicle is driven by a single gearmotor and a pair of 3D-printed wheels, with another caster-style wheel that’s turned left and right by a servo steering. An Arduino Uno and Bluetooth shield are used for overall control with a motor driver. The Bluetooth functionality allows for user interface via a PS4 controller, or even (after a bit of programming) a Wii Balance Board. In the end, the PS4 remote seems to be the better control option, but who knows where else this type of balance technique could be employed?

  • Intel Elkhart Lake COM’s offer up to 3x 2.5GbE, SIL2 functional safety
  • E3K all-in-one wireless bio-sensing platform supports EMG, ECG, and EEG sensors (Crowdfunding)

    Over the year, The maker community has designed several platforms to monitor vital signs with boards like Healthy Pi v4 or HeartyPatch both of which are powered by an ESP32 WiFi & Bluetooth wireless SoC. WallySci has designed another all-in-one wireless bio-sensing platform, called E3K, that also happens to be powered by Espressif Systems ESP32 chip, and can be connected to an electromyography (EMG) sensor to capture muscle movements, an electrocardiography (ECG) sensor to measure heart activity, and/or an electroencephalography (EEG) sensor to capture brain activity. The board also has an extra connector to connect a 9-axis IMU to capture motion.

  • Coffee Lake system can expand via M.2, mini-PCIe, PCIe, and Xpansion

    MiTac’s fanless, rugged “MX1-10FEP” embedded computer has an 8th or 9th Gen Coffee Lake Core or Xeon CPU plus 3x SATA bays, 4x USB 3.1 Gen 2, 2x M.2, 2x mini-PCIe, and optional PCIe x16 and x1. MiTac recently introduced a Coffee Lake based MX1-10FEP computer that is also being distributed by ICP Germany. This month, ICP announced that the MX1-10FEP-D model with PCIe x16 and PCIe x1 slots has been tested and classified by Nvidia as “NGC Ready” for Nvidia GPU Cloud graphics boards such as the Nvidia T4 and Tesla P4. [...] The MX1-10FEP has an Intel C246 chipset and defaults to Windows 10 with Linux on request.

Wine 5.20 Released

The Wine development release 5.20 is now available.

What's new in this release (see below for details):
  - More work on the DSS cryptographic provider.
  - A number of fixes for windowless RichEdit.
  - Support for FLS callbacks.
  - Window resizing in the new console host.
  - Various bug fixes.

The source is available from the following locations:

  https://dl.winehq.org/wine/source/5.x/wine-5.20.tar.xz
  http://mirrors.ibiblio.org/wine/source/5.x/wine-5.20.tar.xz

Binary packages for various distributions will be available from:

  https://www.winehq.org/download

You will find documentation on https://www.winehq.org/documentation

You can also get the current source directly from the git
repository. Check https://www.winehq.org/git for details.

Wine is available thanks to the work of many people. See the file
AUTHORS in the distribution for the complete list.
Read more Also: Wine 5.20 Released With Various Improvements For Running Windows Software On Linux

PostmarketOS update brings HDMI support for the PinePhone and PineTab

When the PinePhone postmarketOS Community Edition smartphone began shipping to customers in September it came with a version of the operating system with one important feature missing: HDMI output. So when my phone arrived a few weeks ago I was able to spend some time familiarizing myself with the operating system and I could plug in the included Convergence Dock to use USB accessories including a keyboard, mouse, and storage. But I wasn’t able to connect an external display. Now I can. Read more

today's howtos

  • How To Install Ubuntu 20.10 Groovy Gorilla

    This tutorial explains Ubuntu 20.10 Groovy Gorilla computer installation. You will prepare at least two disk partitions, finishing it all in about twenty minutes, and enjoy! Let's start right now.

  • How to install Ubuntu 20.10 - YouTube

    In this video, I am going to show how to install Ubuntu 20.10.

  • How To Install Webmin on Ubuntu 20.04 LTS - idroot

    In this tutorial we will show you how to install Webmin on Ubuntu 20.04 LTS, as well as some extra required packages by Webmin control panel

  • Running Ironic Standalone on RHEL | Adam Young’s Web Log

    This is only going to work if you have access to the OpenStack code. If you are not an OpenStack customer, you are going to need an evaluation entitlement. That is beyond the scope of this article.

  • Introduction to Ironic

    The sheer number of projects and problem domains covered by OpenStack was overwhelming. I never learned several of the other projects under the big tent. One project that is getting relevant to my day job is Ironic, the bare metal provisioning service. Here are my notes from spelunking the code.

  • Adding Nodes to Ironic

    TheJulia was kind enough to update the docs for Ironic to show me how to include IPMI information when creating nodes.

  • Secure NTP with NTS

    Many computers use the Network Time Protocol (NTP) to synchronize their system clocks over the internet. NTP is one of the few unsecured internet protocols still in common use. An attacker that can observe network traffic between a client and server can feed the client with bogus data and, depending on the client’s implementation and configuration, force it to set its system clock to any time and date. Some programs and services might not work if the client’s system clock is not accurate. For example, a web browser will not work correctly if the web servers’ certificates appear to be expired according to the client’s system clock. Use Network Time Security (NTS) to secure NTP. Fedora 331 is the first Fedora release to support NTS. NTS is a new authentication mechanism for NTP. It enables clients to verify that the packets they receive from the server have not been modified while in transit. The only thing an attacker can do when NTS is enabled is drop or delay packets. See RFC8915 for further details about NTS. NTP can be secured well with symmetric keys. Unfortunately, the server has to have a different key for each client and the keys have to be securely distributed. That might be practical with a private server on a local network, but it does not scale to a public server with millions of clients. NTS includes a Key Establishment (NTS-KE) protocol that automatically creates the encryption keys used between the server and its clients. It uses Transport Layer Security (TLS) on TCP port 4460. It is designed to scale to very large numbers of clients with a minimal impact on accuracy. The server does not need to keep any client-specific state. It provides clients with cookies, which are encrypted and contain the keys needed to authenticate the NTP packets. Privacy is one of the goals of NTS. The client gets a new cookie with each server response, so it doesn’t have to reuse cookies. This prevents passive observers from tracking clients migrating between networks.

  • Comfortable Motion: Absolutely Cursed Vim Scrolling - YouTube

    Have you ever felt like Vim was too useful and thought hey let's change that, well that's what this dev thought and now we have a plugin called comfortable motion that's adds physics based scrolling into vim, what's physics based scrolling you ask. Well it's scrolling that occurs based on how long you hold down the scroll key.

  • Running Cassandra on Fedora 32 | Adam Young’s Web Log

    This is not a tutorial. These are my running notes from getting Cassandra to run on Fedora 32. The debugging steps are interesting in their own right. I’ll provide a summary at the end for any sane enough not to read through the rest.

  • Recovering Audio off an Old Tape Using Audacity | Adam Young’s Web Log

    One of my fiorends wrote a bunch of music back in high school. The only remainig recordings are on a casette tape that he produced. Time has not been kind to the recordings, but they are audible…barely. He has a device that produces MP3s from the tape. My job has been to try and get them so that we can understand them well enough to recover the original songs. I have the combined recording on a single MP3. I’ve gone through and noted the times where each song starts and stops. I am going to go through the steps I’ve been using to go from that single long MP3 to an individual recording.

  • Role of Training and Certification at the Linux Foundation

    Open source allows anyone to dip their toes in the code, read up on the documentation, and learn everything on their own. That’s how most of us did it, but that’s just the first step. Those who want to have successful careers in building, maintaining, and managing IT infrastructures of companies need more structured hands-on learning with real-life experience. That’s where Linux Foundation’s Training and Certification unit enters the picture. It helps not only greenhorn developers but also members of the ecosystem who seek highly trained and certified engineers to manage their infrastructure. Swapnil Bhartiya sat down with Clyde Seepersad, SVP and GM of Training and Certification at the Linux Foundation, to learn more about the Foundation’s efforts to create a generation of qualified professionals.

  • Hetzner build machine

    This is part of a series of posts on compiling a custom version of Qt5 in order to develop for both amd64 and a Raspberry Pi. Building Qt5 takes a long time. The build server I was using had CPUs and RAM, but was very slow on I/O. I was very frustrated by that, and I started evaluating alternatives. I ended up setting up scripts to automatically provision a throwaway cloud server at Hetzner.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6