Language Selection

English French German Italian Portuguese Spanish

Microsoft

Microsoft Openwashing and Spin

Filed under
Microsoft

Microsoft Dirty Tricks and Entryism

Filed under
Microsoft

Security: Brutal Kangaroo Targets Windows, Linux Updates Available, Reproducible Builds, and Patching Stack Clash

Filed under
Linux
Microsoft
Security
  • Brutal Kangaroo

    Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

    The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

    The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

  • Security updates for Wednesday
  • Reproducible Builds: week 112 in Stretch cycle
  • 5 things you need to know about Stack Clash to secure your shared Linux environment

    The vulnerability is present in Unix-based systems on i386 and amd64 architectures. Affected Linux distributions include Red Hat, Debian, Ubuntu, SUSE, CentOS and Gentoo. Solaris is owned by Oracle. FreeBSD, OpenBSD and NetBSD are also impacted. Qualys has been working with distributions and vendors since May to get the vulnerabilities fixed, and the updates are just beginning to be released. Administrators need to act promptly to update affected machines with the security updates.

Linux vs. Windows Server OS Comparison

Filed under
OS
Linux
Microsoft

A comparison between Linux and Windows while selecting the server operating system is like being in stalemate while playing the chess game where the outcome is unpredictable. Various versions of the Microsoft—from Windows—and the Linux-based operating systems are available in plenty today. But deciding the best option is a tougher task, rather, finding the right solution that fits the organizational requirements is easier.

Read more

Microsoft Openwashing by the Linux Foundation, Lockin Model, and More Openwashing With the Linux Foundation

Filed under
Microsoft
OSS

Openwashing and Parasites

Filed under
Microsoft
OSS

You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

Filed under
Microsoft
  • You Can’t Open the Microsoft Surface Laptop Without Literally Destroying It

    The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage."

  • 2017 Surface Pro least repairable ever; Surface Laptop is made of glue

    iFixit's pictures, as ever, give a great look at the insides of the two machines. The Laptop has no external screws at all; to get into the system, iFixit had to peel off the glued-down fabric keyboard surround, an operation that obviously can't be undone, producing a machine that offers essentially no serviceability whatsoever.

Microsoft in the Details

Filed under
Microsoft

Openwashing and Attacks on FOSS, OSS Leftovers

Filed under
Microsoft
OSS
  • Microsoft is Bringing Native Linux Container Support and Bash to Windows Server [Ed: Microsoft wants to swallow GNU/Linux in a platform with NSA back doors and keyloggers, not to mention patent tax]
  • ​Microsoft joins Java-oriented Cloud Foundry [Ed: for influence and steering from the inside]
  • FreeNAS 11.0 is Now Here
  • OW2 Consortium: Building Beyond Europe

    This year marks the 10th anniversary of OW2, and the organization is celebrating during its annual conference, on June 26-27, in Paris, France. OSI GM Patrick Masson sat down with Cedric Thomas, CEO of OW2 to learn more about the foundation, it’s accomplishments over the past 10 years, and what’s in store for the anniversary celebration.

    The Open Source Initiative (OSI) Affiliate Membership Program is an international who’s who of open source projects, advocates, and communities: Creative Commons, Drupal Association, Linux Foundation, Mozilla Foundation, Open Source Matters (the foundation supporting Joomla), Python Software Foundation, Wikimedia Foundation, Wordpress Foundation and many more. Open source enthusiasts outside Europe may not be as familiar with another OSI Affiliate Member, OW2, however its impact on open source development and adoption across the EU has been significant.

  • FSFE Newsletter - June 2017

FOSS FUD and Microsoft Entryism

Filed under
Microsoft
OSS
Syndicate content

More in Tux Machines

GNOME: WebKit, Fleet Commander, Introducing deviced

  • On Compiling WebKit (now twice as fast!)
    Are you tired of waiting for ages to build large C++ projects like WebKit? Slow headers are generally the problem. Your C++ source code file #includes a few headers, all those headers #include more, and those headers #include more, and more, and more, and since it’s C++ a bunch of these headers contain lots of complex templates to slow down things even more. Not fun.
  • Fleet Commander is looking for a GSoC student to help us take over the world
    Fleet Commander has seen quite a lot of progress recently, of which I should blog about soon. For those unaware, Fleet Commander is an effort to make GNOME great for IT administrators in large deployments, allowing them to deploy desktop and application configuration profiles across hundreds of machines with ease through a web administration UI based on Cockpit. It is mostly implemented in Python.
  • Introducing deviced
    Over the past couple of weeks I’ve been heads down working on a new tool along with Patrick Griffis. The purpose of this tool is to make it easier to integrate IDEs and other tooling with GNU-based gadgets like phones, tablets, infotainment, and IoT devices. Years ago I was working on a GNOME-based home router with davidz which sadly we never finished. One thing that was obvious to me in that moment of time was that I’m not doing another large scale project until I had better tooling. That is Builder’s genesis, and device integration is what will make it truly useful to myself and others who love playing with GNU-friendly gadgets.

KDE: Usability & Productivity, AtCore , Krita

  • This week in Usability & Productivity, part 6
  • AtCore takes to the pi
    The Raspberry Pi3 is a small single board computer that costs around $35 (USD). It comes with a network port, wifi , bt , 4 usb ports , gpio pins , camera port , a display out, hdmi, a TRRS for analog A/V out. 1GB of ran and 4 ~1GHz armv8 cores Inside small SOC. Its storage is a microSd card they are a low cost and low power device. The Touchscreen kit is an 800×480 display that hooks to the Gpio for touch and dsi port for video. To hold our hardware is the standard touch screen enclosure that often comes with the screen if you buy it in a kit.
  • Look, new presets! Another Krita 4 development build!
    We’ve been focusing like crazy on the Krita 4 release. We managed to close some 150 bugs in the past month, and Krita 4 is getting stable enough for many people to use day in, day out. There’s still more to be done, of course! So we’ll continue fixing issues and applying polish for at least another four weeks. One of the things we’re doing as well is redesigning the set of default brush presets and brush tips that come with Krita. Brush tips are the little images one can paint with, and brush presets are the brushes you can select in the brush palette or brush popup. The combination of a tip, some settings and a smart bit of coding! Our old set was fine, but it was based on David Revoy‘s earliest Krita brush bundles, and for Krita 4 we are revamping the entire set. We’ve added many new options to the brushes since then! So, many artists are working together to create a good-looking, useful and interesting brushes for Krita 4.

Software: GIMP, Spyder, SMPlayer

  • Five free photo and video editing tools that could save burning a hole in your pocket and take your creativity to the next level
    GIMP stands for the Gnu Image Manipulation Program and is the first word that people usually think about when it comes to free image editors. It’s a raster graphics editor, available on multiple platforms on PC. It has a similar interface to Photoshop: you have your tools on one side, there’s an option for your tool window and then you have your layers window on another side. Perhaps one of the most useful features of GIMP is the option of plugins. There is a wide database for them and there’s a plugin for almost any task you might need to carry out. GIMP is extremely extensive, and it’s the choice of the FOSS community, thanks to the fact that it’s also open source. However, there are also some disadvantages. For example, GIMP has no direct RAW support yet (you have to install a plugin to enable it, which means a split workflow). It also has quite a bit of a learning curve as compared to Photoshop or Lightroom.
  • Introducing Spyder, the Scientific PYthon Development EnviRonment
    If you want to use Anaconda for science projects, one of the first things to consider is the spyder package, which is included in the basic Anaconda installation. Spyder is short for Scientific PYthon Development EnviRonment. Think of it as an IDE for scientific programming within Python.
  • SMPlayer 18.2.2 Released, Install In Ubuntu/Linux Mint Via PPA
    SMPlayer is a free media player created for Linux and Windows, it was released under GNU General Public License. Unlike other players it doesn't require you to install codecs to play something because it carries its own all required codecs with itself. This is the first release which now support MPV and some other features such as MPRIS v2 Support, new theme, 3D stereo filter and more. It uses the award-winning MPlayer as playback engine which is capable of playing almost all known video and audio formats (avi, mkv, wmv, mp4, mpeg... see list).

Funding: Ethereum and Outreachy

  • How Will a $100 Mln Grant Help Ethereum Scale?
    On Feb. 16, six large-scale Blockchain projects OmiseGo, Cosmos, Golem, Maker and Raiden, that have completed successful multi-million dollar initial coin offerings (ICOs) last year, along with Japanese venture capital firm Global Brain have created the Ethereum Community Fund (ECF), to fund projects and businesses within the Ethereum ecosystem.
  • Outreachy Is Now Accepting Applications For Their Summer 2018 Internships
    This week Google announced the participating organizations for GSoC 2018 for students wishing to get involved with open-source/Linux development. Also happening this week is the application period opened for those wishing to participate in the summer 2018 paid internship program.