Feed aggregator

OSS: Coreboot, Chromium, Firefox, LibreOffice, GRUB, GNU Compiler Collection

TuxMachines - Sun, 2018-02-04 22:25
  • A Cloud/Hosting Provider Is Using Coreboot On Thousands Of Servers

    A European cloud and dedicated server provider that designs their own servers is now designing their own BIOS using Coreboot and using this in production on thousands of servers.

    The Online.net dedicated server provider and their Scaleway cloud division have taken to using Coreboot paired with the Intel FSP and TianoCore and using it on their thousands of servers. Online.net/Scaleway is owned by France's Iliad Group and the company is big enough that they design their own x86/ARM server hardware and have now taken to designing their own BIOS by building off Coreboot.

  • Igalia's Battle Getting Chromium Running Nicely On Wayland

    Igalia has been one of the companies working on improving Chromium's support for Wayland and they shared their story about it at this weekend's FOSDEM 2018 event in Brussels.

    The Igalia consulting firm has been spending a lot of time and resources on improving Chromium's support for Wayland and getting it to parity with the X11 code paths. With their work they have upstream in mind and work to get as much code as possible back upstream in the Google sources.

  • February’s Featured Extensions
  • Firefox users urged to update their browsers immediately due to critical security flaw

    If left unpatched, the critical vulnerability (CVE-2018-5124) could allow remote attackers to execute malicious code on computers which are infected, Cisco's threat team said in its security advisory.

  • Microsoft confirms Office 2019 will be for Windows 10 only


    But with online offerings like those from Google and Box and open source alternatives like LibreOffice, which has just released its latest version, Microsoft could be about to learn another lesson in the "you're not the only game in town, lads" department. All these offerings give options at least equal to Microsoft Office and will work across everything from Linux and Mac and even Chrome OS via the web.

  • GRUB 2.04 Should Be Released Later This Year

    It's been nine months since the release of GRUB 2.02 while the GRUB 2.04 stable release should be out by year's end.

    GRUB developer and one of the upstream maintainers Daniel Kiper who works for Oracle provided an update on GRUB2 development at this weekend's FOSDEM event in Brussels.

  • Intel Icelake Support Lands In GCC 8

    Back in November I wrote about a GCC patch for the Intel Icelake CPU target and now that code has finally been merged for the GNU Compiler Collection ahead of the upcoming GCC 8.1 release.

read more

Open Hardware: Raspberry Pi, Arduino, and RISC-V

TuxMachines - Sun, 2018-02-04 22:22
  • Raspberry-Pi DVB transmitter: The benefits of open-source hardware

    I was first alerted to the benefits of open-source some years ago while talking to a couple of very experienced engineers. These guys, who worked for a multi-billion-dollar company with a global footprint, had been asked by their manager to complete a project in a ridiculously short time frame.

    They concluded that their only hope was to use open-source, which was an unusual decision for a company of that size and a bit of a culture shock. Open-source software has a long pedigree, of course, but most companies do not open up their hardware designs.

  • AFRL, NextFlex leverage open-source community to create flexible circuit system

    An Air Force Research Laboratory-led project in conjunction with NextFlex, America’s Flexible Hybrid Electronics Institute, has resulted in the first ever, functional samples of flexible Arduino circuit board systems made by using a flexible hybrid electronics manufacturing process, setting the stage for smart technologies for the internet of things (IoT) and sensor applications like wearable devices.

  • Pics from the FOSDEM SiFive talk
  • SiFive unleashed board
  • SiFive Introduces RISC-V Linux-Capable Multicore Processor

    Slowly but surely, RISC-V, the Open Source architecture for everything from microcontrollers to server CPUs is making inroads in the community. Now SiFive, the major company behind putting RISC-V chips into actual silicon, is releasing a chip that’s even more powerful. At FOSDEM this weekend, SiFive announced the release of a Linux-capable Single Board Computer built around the RISC-V ISA. It’s called the HiFive Unleashed, and it’s the first piece of silicon capable or running Linux on a RISC-V core.

read more

Security: The Internet of Connected Sex Toys, Gas Stations, Hospitals With Windows and More

TuxMachines - Sun, 2018-02-04 22:20
  • The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

    The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk.

    The sex tech industry has been a top-to-bottom series of farces and catastrophes. [...]

  • These app-controlled sex toys can be 'remotely taken over by hackers'

    In an advisory published Thursday (1 January), researchers said bugs in a customer database meant that attackers could have easily accessed user details, including "names, cleartext passwords and explicit image galleries" being stored by the company.

  • Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

    Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

    But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

    The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store's network. An attacker could also simply alter fuel prices and steal petrol.

  • Healthcare IT Systems: Tempting Targets for Ransomware

    Well, there’s no use in waiting, I suppose. Two Thursdays ago, Chicago-based electronic health records provider Allscripts Healthcare Solutions suffered a ransomware attack that paralyzed some of its services. This past Friday, the company announced it had completely recovered from the cyberattack. But not before a class action lawsuit [pdf] was filed against it by an orthopedic non-surgery practice for failing to secure its systems and data from a well-known cybersecurity threat, i.e., a strain of SamSam.

    The ransomware attack impaired Allscripts’ data centers in Raleigh and Charlotte, North Carolina, affecting a number of applications, such as its Professional EHR and Electronic Prescriptions for Controlled Substances (EPCS) hosted services, which were mostly restored within five days, according to the company. Other services, like clinical decision support, analytics, data extraction, and regulatory reporting, took the longest to make operational again.

  • Pwn2Own 2018 Expands Targets and Raises Prize Pool to $2M

    The annual Pwn2own hacking competition run by Trend Micro's Zero Day Initiative (ZDI) is set to return for 2018, along with a longer list of targets and more money for security researchers, than ever before.

    Pwn2own is a security researcher contest that typically has two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies. The first event of 2018 is set for March 14-16 and will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category.

  • Disable Flash Player!! Critical Vulnerability Gives Away Your System Controls

read more

GNU Hurd Hardware Support Remains In Very Rough Shape For 2018

Phoronix - Sun, 2018-02-04 22:12
Yesterday at FOSDEM 2018 Hurd developer Samuel Thibault talked about the work done on this GNU kernel for a PCI arbiter to allow different user-land drivers to access PCI devices concurrently. During this PCI arbiter talk he also went over the current state of the hardware support and recent achievements for GNU Hurd...

Worth Saving?

LXer - Sun, 2018-02-04 21:56
Doc outlines his plans for Linux Journal 2.0. A friend the other day casually called Linux Journal "the journal of record for the Open Source community". I think that's a good description of what we were for 23 years—because one sign of our "of record" status is how many people have told us that they have a collection of LJ issues going back many years.

Linux 4.17, Linux 4.16, Linux Kernel Runtime Guard (LKRG),

TuxMachines - Sun, 2018-02-04 21:52
  • i.MX8 SoC Support Might Be Introduced In Linux 4.17

    With this week's ARM SoC/platform updates for Linux 4.16 it was revealed the next kernel cycle might introduce i.MX8 SoC support.

    ARM SoC/platform maintainer Arnd Bergmann wrote in this week's pull request, "the 64-bit i.MX8 has finally seen the light of day and will likely get added in the next merge window." In other words, potentially seeing the initial NXP i.MX8 SoC support in the mainline Linux 4.17 kernel.

  • Spectre V1 Mitigation, IBPB Support Sent In For Linux 4.16

    Last week Meltdown/Spectre patch wrangler Thomas Gleixner sent in various code clean-ups for Retpolines and KPTI with Linux 4.16 while today more feature work has been submitted. This includes initial mitigation work for Spectre v1 as well as IBPB support.

    First up with this latest round of "melted spectrum" patches as Gleixner is now calling them are Spectre v1 mitigations. Spectre Variant One is the "Bounds Check Bypass" (2017-5753) and the initial mitigation work going mainline is user pointer sanitization.

  • LKRG: Linux to Get a Loadable Kernel Module for Runtime Integrity Checking

    Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel.

    Its purpose is to detect exploitation attempts for known security vulnerabilities against the Linux kernel and attempt to block attacks.

    LKRG will also detect privilege escalation for running processes, and kill the running process before the exploit code runs.

read more

Spectre V1 Mitigation, IBPB Support Sent In For Linux 4.16

Phoronix - Sun, 2018-02-04 19:09
Last week Meltdown/Spectre patch wrangler Thomas Gleixner sent in various code clean-ups for Retpolines and KPTI with Linux 4.16 while today more feature work has been submitted. This initial initial mitigation work for Spectre v1 as well as IBPB support...

Tips for success when getting started with Ansible

LinuxToday - Sun, 2018-02-04 19:00

Key information for automating your data center with Ansible.

Endless Computers -

Reddit - Sun, 2018-02-04 18:52


Subscribe to LinuxInsight aggregator