Lubuntu 16.10 is the last official flavor announced as part of yesterday's Ubuntu 16.10 (Yakkety Yak) final release, and we'd love to tell you a little bit about what's new and what's coming next for the distribution.
Trends in the open source database industry show positive growth as NoSQL is used for web, mobile, and the Internet of Things (IoT).
20 years ago today Matthias Ettrich sent an email that would mark the start of KDE as we know it today - a world-wide community of amazing people creating Free Software for you. In his email he announced the new Kool Desktop Environment and said “Programmers wanted!” In the 20 years since then so much has happened. We released great software, fought for software freedom and empowered people all over the world to take charge of their digital life. In many ways we have achieved what we set out to do 20 years ago - “a consistant, nice looking free desktop-environment” and more. Millions of people use KDE’s software every single day to do their work, have fun and connect to the most important people in their life. And yet we still have a long way ahead of us. Our job is far from done.
It’s well known that the Internet of Things is woefully insecure, but the most shameful and frustrating part is that some of the vulnerabilities that are currently being exploited could have been eradicated years ago. Now evidence of how these bugs are being used in attacks is calling attention to security holes that are long overdue to be plugged.
New research released this week from the content delivery network Akamai takes a closer look at how hackers are abusing weaknesses in a cryptographic protocol to commandeer millions of ordinary connected devices—routers, cable modems, satellite TV equipment, and DVRs—and then coordinate them to mount attacks. After analyzing IP address data from its Cloud Security Intelligence platform, Akamai estimates that more than 2 million devices have been compromised by this type of hack, which it calls SSHowDowN. The company also says that at least 11 of its customers—in industries like financial services, retail, hospitality, and gaming—have been targets of this attack.
The exploited protocol, called Secure Shell (SSH), is commonly used to facilitate remote system access and can be implemented robustly. But many IoT manufacturers either don’t incorporate it or are oblivious to the best practices for SSH when setting up default configurations on their devices. As makers scramble to bring their products to market, these oversights sow widespread insecurity in the foundation of the Internet of Things.
However, WPS also may expose routers to easy compromise. Read more about this vulnerability here. If your router is among those listed as vulnerable, see if you can disable WPS from the router’s administration page. If you’re not sure whether it can be, or if you’d like to see whether your router maker has shipped an update to fix the WPS problem on their hardware, check this spreadsheet.
Finally, the hardware inside consumer routers is controlled by software known as “firmware,” and occasionally the companies that make these products ship updates for their firmware to correct security and stability issues. When you’re logged in to the administrative panel, if your router prompts you to update the firmware, it’s a good idea to take care of that at some point. If and when you decide to take this step, please be sure to follow the manufacturer’s instructions to the letter: Failing to do so could leave you with an oversized and expensive paperweight.
Personally, I never run the stock firmware that ships with these devices. Over the years, I’ve replaced the firmware in various routers I purchased with an open source alternative, such as DD-WRT (my favorite) or Tomato. These flavors generally are more secure and offer a much broader array of options and configurations. Again, though, before you embark on swapping out your router’s stock firmware with an open source alternative, take the time to research whether your router model is compatible, and that you understand and carefully observe all of the instructions involved in updating the firmware.
Since October is officially National Cybersecurity Awareness Month, it probably makes sense to note that the above tips on router security come directly from a piece I wrote a while back called Tools for a Safer PC, which includes a number of other suggestions to help beef up your personal and network security.
Microsoft's October Patch Tuesday fixes dozens of critical flaws, among them five affecting Internet Explorer, Edge, and Office that have already been under attack.
Tuesday's update addresses 49 vulnerabilities within 10 security bulletins. Five bulletins are rated as critical and concern remote code execution vulnerabilities affecting Edge, Internet Explorer, Adobe Flash Player, Office, Windows, and Skype for Business.
According to Microsoft, there were four so-called zero-day flaws, or previously unknown bugs that were being exploited in the wild. However, none has been publicly disclosed before now.
All these bugs serve as a reminder for users to be cautious when clicking on links or opening attachments from unknown sources.
Redmond kicks off the era of the force-fed security update
Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.
The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.
A backdoor in Android firmware provided by manufacturer Foxconn allows attackers to root devices to which they have physical access, according to a security researcher and barbecue enthusiast who dubbed the vulnerability Pork Explosion.
Jon Sawyer (who also goes by jcase online) discovered the vulnerability at the end of August, and publicized it on his blog on Wednesday, a day after smartphone vendor Nextbit, which was one of the most heavily affected OEMs, released a fix for the problem.
Bad news: Nokia is not releasing an Android phone called D1C sometime this year. Good News: The Finnish company is launching an Android-running tablet using the D1C name. As it turns out, the former mobile phone giant is in the process of building its second Android tablet.
Early this week, we reported about a Nokia Android phone that made an appearance on AnTuTu. The emergence of the device on the famous benchmark app may have even brought smiles to loyal fans who are just waiting for the Finnish company to get back on track as a big player in the smartphone industry.
We need to quash the previous report, however, before it could lead to confusion among consumers because, apparently, Nokia is not making a comeback in the smartphone scene with its D1C device. Instead, the Finnish tech company is returning to the tablet arena with its D1C Android tablet.
Yandex NV, the search engine from Russia that won a domestic antitrust case against Google, has agreed with handset manufacturers including China’s ZTE Corp. and Brazil’s Multilaser Industrial SA to have its browser pre-installed on Android phones in 15 other countries.
The browser has a built-in content recommendation feed from Yandex based on artificial intelligence, the Russian company said in a statement Wednesday. In addition, a so-called launcher lets vendors tailor their phones to users’ needs, while Yandex gets a share of revenue from ads and content.
Red Hat (NYSE: RHT) is set to host its annual symposium on Nov. 2 in Arlington, Virginia that aims to focus on the significance of open source technology on the digital modernization efforts of the government, ExecutiveBiz reported Wednesday.
The 2016 Red Hat Government Symposium will feature breakout sessions, demonstrations and panel discussions on topics such as open source development, security, automation and integration, hybrid cloud and mobility, the company said Wednesday.
Three years ago, Fedora embarked on a new initiative that we collectively refer to as Fedora.next. As part of this initiative, we decided to start curating deliverable artifacts around specific use-cases rather than the one-size-fits-all approach of Fedora 20 and earlier. One of those specific use-cases was to meet the needs of “server administrators”. And thus, the Fedora Server Edition was born.
Infinote is a collaborative text server. You can connect to it with the ‘gobby-0.5’ client located in the gobby05 package in Fedora. Once connected you can create documents and multiple people can work on them at the same time. The server takes a git snapshot of all documents every few minutes so you can see history. There’s even a cgit instance at https://infinote.fedoraproject.org/cgit/
Today, Thursday, 2016-10-13, is the Wayland by Default Test Day! As part of this planned Change for Fedora 25, we need your help to test Wayland by Default! Using Wayland instead of X gives a better basis for isolating applications from each other and the rest of the system.
FUDCon is the Fedora Users and Developers Conference. The Fedora community holds this event annually in the APAC and LATAM regions since 2005. They became exclusive to APAC and LATAM in 2013 when the EMEA and NA regions began organizing the annual Flock conference.
Red Hat on Wednesday released the beta version of Fedora 25, an open source Linux operating system maintained by the Fedora Project community. The beta release sharpens cloud and developer features, making this Linux distro more attractive to enterprise users. Fedora Linux is the community version of Red Hat Enterprise Linux, or RHEL. Fedora 25 is comprised of a set of base packages that form the foundation of three distinct editions -- Cloud, Server and Workstation -- that target different user bases.
FreedomPenguin: Buying a new PC on a budget can be tricky
Right now i use digitalocean but they are a bit pricey. My harddrive is running out and i either need to move my mysql database to a different server or just switch provider alltogether.
I need resonable with ram (2gb atleast), a decent CPU and the kicker: At least 60GB harddrive space. This however doesnt need to be an SSD disk, a normal harddrive is OK. Low-ping internet connection is a must because i have users from the whole world.
Preffered location: the EU.
My budget is about 20 - 25 USD per month.submitted by /u/squeezy_bob
FOSSforce: In this story, "Roblimo" takes us back to 2002, to an open source conference in a country where the common belief was that "nobody knew anything about Linux." Boy, were they in for a surprise.