Since the first of the month, I’ve heard colleagues and others report each of the 10 security variants to Murphy’s Law listed below. Murphy is not only alive but has been reincarnated.
The usage of open source technologies has grown significantly in the public sector. In fact, according to a published memo, open source technologies allow the Department of Defense to “develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements”. Cybersecurity threats are on the rise and organizations need to ensure that the software they use in their environments is safe. IT teams need the ability to quickly identify and mitigate breaches. They also need to deploy preventative measures and ensure that all stakeholders are protected.
Red Hat, Inc. (NYSE:RHT), the world’s leading provider of open source solutions, today announced that UKCloud, the foremost public cloud provider for UK government, has standardized on Red Hat OpenStack Platform with Red Hat Ceph Storage to lead its public sector customers through their digital transformation journey. The Infrastructure-as-a-Service cloud platform is designed to enable UKCloud’s customers to deliver digital services directly to citizens by providing the required levels of scalability, performance and assurance.
Rackspace (NYSE: RAX) today announced support for Red Hat CloudForms, an enterprise management platform. With this new capability, enterprise customers can now use the power of Red Hat CloudForms in conjunction with Rackspace Private Cloud powered by Red Hat, which is managed and supported by two leading OpenStack vendors in the industry.
This is an important milestone for Rackspace customers who want to deliver a complete private cloud solution to their users across multiple cloud platforms. For Rackspace and Red Hat, it is a continuation of the companies' commitment to empowering customers by enhancing capabilities in the core OpenStack project, while also integrating value-added software when appropriate.
As for today, latest version of systemd is v231, released in July 2016. This is the version that will be in Fedora 25 (to be GA in three weeks). That's quite a long time between releases for systemd – we used to have a new version every two weeks.
During the hackfest at systemd.conf 2016, I've tried to tackle three issues biting me with Fedora 24 (v229, released in February this year) and F25. The outcome was… unexpected.
Recently I've been working on improving hybrid graphics support for the upcoming Fedora 25 release. Although Fedora 25 Workstation will use Wayland by default for its GNOME 3 desktop, my work has been on hybrid gfx support under X11 (Xorg) as GNOME 3 on Wayland does not yet support hybrid gfx,
Google has taken itself down a very promising road with its new Pixel phone line, offering a level of polish and power that makes it very competitive with the market’s top phones.
I admit that I was a bit underwhelmed by the Pixel’s first appearance, which came at a Google launch event earlier this month. Google’s Nexus line of phones had always appealed well to the niche Android superfan audience, and on paper it did not seem that the $750 Pixel would really offer that much more.
Yet my mind changed after the company sent me a Pixel XL to review. Both this 5.5-inch phone and its smaller sibling run pure Android and feature Google's voice-controlled Assistant. The Pixel XL proved to be an elegant, capable and — best of all — useful phone.
It is evident that Samsung has been having a hard time to gain back customers’ trust after the Note 7 disaster. However, not everything’s going wrong for the South Korean Electronics giant. The company’s Tizen Based Quantum DOT SUHD (2016) TV was named as the “2016 TV of the year” by some of the top IT magazines in the UK. Samsung’s Quantum DOT SUHD TVs bagged 5 out 5 points from “WHAT HI-FI” internet tech magazine which also obviously had to be the top score.
Last week lots of games were added to the Tizen store. Zombie Derby 2 is one of them by Herocraft Ltd. Today they added another game in the Tizen Store named FootLOL – Crazy Football.
As the Internet of Things gets more popular new questions arise: which protocol will become the open standard for supporting IoT networks across a huge array of devices around the world? Today we start hearing some answers from Russia.
Igor Shchyogolev, former Minister of Telecommunications between 2008 and 2012, is thinking about a service that involves both an Internet card and a City card for citizen to use the Internet, hence named “Internet + City card” or just “Internet + City”. Long story short, Russia is contemplating the hypothesis of domestic regulation, rather than an intergovernmental agreement between major countries involved. Testament to this intent are Russian focus towards cryptographic protection and the plan of the country to substain such autarchics drives with national production of chips and direct control of both analog and digital TV frequencies.
If tweaks to your Puppet setups are causing breakage across your deployments, GitHub's Octocatalog-diff ensures that new Puppet settings don't wreck old ones
The Linux Foundation's Technical Advisory Board provides the development community (primarily the kernel development community) with a voice in the Foundation's decision-making process. Among other things, the TAB chair holds a seat on the Foundation's board of directors. The next TAB election will be held on November 2 at the Kernel Summit in Santa Fe, NM; five TAB members (½ of the total) will be selected there. The nomination process is open until voting begins; anybody interested in serving on the TAB is encouraged to throw their hat into the ring.
Having remote support for Linux work with one release, then completely stopping Linux support with the next application release is a frustrating experience. Sometime ago, we watched this happen with Splashtop. What's even lazier on their part, is that they can't be bothered to remove the obsolete Linux packages.
Then you had options like Mikogo. They went from supporting remote support for Linux users to acknowledging in a blog post that this is no longer the case. To be fair, the software is still available if you know where to look for it. However it's not a good idea to rely on unsupported software.
Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up on 8 years myself), I’ve watched the changes from the “0day” of the Red Hat Security Response Team to today. In fact, our SRT was the basis for the security team that Mandrakesoft started back in the day.
In 1999, I started working for Mandrakesoft, primarily as a packager/maintainer. The offer came, I suspect, because of the amount of time I spent volunteering to maintain packages in the distribution. I also was writing articles for TechRepublic at the time, so I also ended up being responsible for some areas of documentation, contributing to the manual we shipped with every boxed set we sold (remember when you bought these things off the shelf?).
Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
Not mentioned in my earlier features you won't find in the Linux 4.9 mainline kernel is support for Intel's Cache Allocation Technology (CAT) but at least it was revised this weekend in still working towards mainline integration.
Developers, distributors, and users of Free and Open Source Software (FOSS) often face a host of legal issues which they need to keep in mind. Although areas of law such as copyright, trademark, and patents are frequently discussed, these are not the only legal concerns for FOSS. One area that often escapes notice is export controls. It may come as a surprise that sharing software that performs or uses cryptographic functions on a public website could be a violation of U.S. export control law.
Export controls is a term for the various legal rules which together have the effect of placing restrictions, conditions, or even wholesale prohibitions on certain types of export as a means to promote national security interests and foreign policy objectives. Export control has a long history in the United States that goes back to the Revolutionary War with an embargo of trade with Great Britain by the First Continental Congress. The modern United States export control regime includes the Department of State's regulations covering export of munitions, the Treasury Department's enforcement of United States' foreign embargoes and sanctions regimes, and the Department of Commerce's regulations applying to exports of "dual-use" items, i.e. items which have civil applications as well as terrorism, military, or weapons of mass destruction-related applications.
'Sky Break' [Steam, Official Site] recently released and it's also available for Linux, it looks like a fantastic single-player open-world action & adventure game.
To me, it almost looks like a mix of No Mans Sky in visual style, with Horizon Zero Dawn styled robotic enemies. I think it looks extremely cool and i really want to give it go!
Not only is that an awesome piece of gaming history to have accessible to the world, but it also builds for Linux! Woah!
So Halloween is fast approaching, and you want to play something scary, here’s some good ones to try out.
It’s tough choosing which games, as honestly, we don’t really have all that many good quality horror games. There’s a lot of junk out there!
Discovering Colors - Animals [Steam, Official Site] is a cheap kids game about colouring and it recently gained a Linux version.
There are various things that make up an operating system. In any operating system, one of the most critical parts is powering on the machine. During this process, the computer will execute a small program in read-only memory (ROM) to begin initiating the startup process. This small program is known by many names, but most often called a boot loader. In almost every Linux distribution, including Fedora, GRUB2 (or GRand Unified Bootloader 2) is the default boot loader. Even though it is a critical piece of the operating system, many people aren’t aware of the boot loader, all that goes into it, or how it can be customized.
openSUSE developer Dominique Leuenberger informs the openSUSE Tumbleweed community about the latest GNU/Linux technologies and Open Source software projects that landed in the stable repositories.
KDE Plasma's KDE Applications 16.08 software suite series will receive just one more point release, namely KDE Applications 16.08.3, which lands November 10, so it's time for the next major branch.
It was earlier this month when a report suggested that OnePlus is working on a new variant of its flagship device – the OnePlus 3. Even while earlier reports suggested that the phone might be called the OnePlus 3 Plus or the OnePlus 3s, but a recent post made by a OnePlus designer on Weibo suggests that the phone might be called the OnePlus 3T.
There has been no official information that OnePlus is even working on a new variant of the phone. OnePlus has said in the past that they will be launching just one flagship device in a year, but according to a GizmoChina report, the company is facing a huge backlog of OnePlus 3 orders that they have been unable to fulfill because of a shortage in supply of AMOLED displays. The report had added that the new version of the phone might feature an LCD panel display instead.
Technology experts warned for years that the millions of Internet-connected "smart" devices we use every day are weak, easily hijacked and could be turned against us.
The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.
An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy. How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.
Security experts have been warning for years that the growing number of unsecured Internet of Things devices would bring a wave of unprecedented and catastrophic cyber attacks. Just last month, a hacker publicly released malware code used in a record-breaking attack that hijacked 1.5 million internet-connected security cameras, refrigerators, and other so-called “smart” devices that were using default usernames and passwords.
On Friday, the shit finally hit the fan.
Fingerprints aren’t authentication.
Fingerprints are identity. They are usernames.
Fingerprints are something public, which is why it should really bother nobody with a sense of security that the FBI used them to unlock seized phones. You’re literally leaving your fingerprints on every object you touch. That makes for an abysmally awful authentication token.
Using open source software is a viable and proven method of combatting cyber-crime
It’s encouraging to read that the government understands the seriousness of the loss of $81 million dollars via the hacking of Bangladesh Bank, and that a cyber-security agency is going to be formed to prevent further disasters. Currently, information security in each government department is up to the internal IT staff of that department.
Canonical, the company behind the Ubuntu GNU/Linux distribution, has announced that it will provide a live kernel patching services for version 16.04 which was released in April.
If I asked everyone to tell me what security is, what do you do about it, and why you do it. I wouldn't get two answers that were the same. I probably wouldn't even get two that are similar. Why is this? After recording Episode 9 of the Open Source Security Podcast I co-host, I started thinking about measuring a lot. It came up in the podcast in the context of bug bounties, which get exactly what they measure. But do they measure the right things? I don't know the answer, nor does it really matter. It's just important to keep this in mind as in any system, you will get exactly what you measure.
If you have 2000 employees, 200 systems, 4 million lines of code, and 2 security people, that's clearly a disaster waiting to happen. If you have 20, there may be hope. I have no idea what the proper ratios should be, if you're willing to share ratios with me I'd love to start collecting data. As I said, I don't have scientific proof behind this, it's just something I suspect is true.
Reading Matthew Garret’s exposés of home automation IoT devices makes most engineers think “hell no!” or “over my dead body!”. However, there’s also the siren lure that the ability to program your home, or update its settings from anywhere in the world is phenomenally useful: for instance, the outside lights in my house used to depend on two timers (located about 50m from each other). They were old, loud (to the point the neighbours used to wonder what the buzzing was when they visited) and almost always wrongly set for turning the lights on at sunset. The final precipitating factor for me was the need to replace our thermostat, whose thermistor got so eccentric it started cooling in winter; so away went all the timers and their loud noises and in came a z-wave based home automation system, and the guilty pleasure of having an IoT based home automation system. Now the lights precisely and quietly turn on at sunset and off at 23:00 (adjusting themselves for daylight savings); the thermostat is accessible from my phone, meaning I can adjust it from wherever I happen to be (including Hong Kong airport when I realised I’d forgotten to set it to energy saving mode before we went on holiday). Finally, there’s waking up at 3am to realise your wife has fallen asleep over her book again and being able to turn off her reading light from your alarm clock without having to get out of bed … Automation bliss!