Odprtokodni pogled

Opensource view

tuxmachines.org

Syndicate content
Your source for Linux and Open Source news, reviews, and howtos.
Posodobljeno: 3 min 35 sec nazaj

Games: Remote Play Together, Pathway, Edgar - Bokbok in Boulzac, Insignificant, Stellaris

Čet, 10/10/2019 - 14:27
  • Valve will bring out 'Remote Play Together' to give online support to local multiplayer games

    The Steam pipes are leaking over at Valve again, as an upcoming feature called Remote Play Together is coming during the week of October 21.

    Valve sent word just to game developers, which they never keep quiet on for very long. Multiple game developers (#1, #2 and so on) ended up putting out posts on Twitter to let everyone know about it a bit earlier than Valve seems to have intended.

  • Strategy adventure game 'Pathway' has a huge Adventurers Wanted update, plus a note about Linux

    Get ready for another adventure as Pathway just got bigger and better with a huge free update now available.

    Mixing together node-based travel (think like FTL and Slay the Spire) with random events and turn-based tactical combat, Pathway is a fun game. However, when you've played a lot of hours it can end up perhaps a bit too repetitive. You realise later on the limitations of the game that aren't quite apparent until you really push through it. Now though? Sounds like it's a massive improvement to all areas of the game!

    The Adventurers Wanted update adds in…deep breath, are you ready? 18 new combat abilities with new ways to interact with both enemies and allies, reworked skill trees, a "sizeable" amount of new events have been added including many new combat arenas to give it more variety, you no longer stock up on consumables like medkits and instead have a new resource called Supplies which is used across multiple items, new combat modes to adjust how combat begins for more variation, an improved armour system that makes armour give direct damage reduction and the list goes on.

  • The new trailer for Edgar - Bokbok in Boulzac has me wanting more especially after the great demo

    Edgar - Bokbok in Boulzac from the French team at La Poule Noir is an upcoming comedy point and click adventure coming to Linux, the new trailer is up and continues my excitement for this one.

    It's a story rich whimsical adventure, with a protagonist who is a bit…eccentric. The kind where you can see a bit of yourself in them and you can't help but love their weirdness. He loves his chicken, which is amusingly sweet when he calls it "Precious" during dialogue. A dark comic adventure about saving your beloved squash and you stumble upon a "most terrifying secret" during your journey.

  • Bizarre action-RPG 'Insignificant' where you're three inches tall is out now with Linux support

    Insignificant is an action-RPG that tells the story of the little people and when I say that I really do mean tiny little people, you're only about three inches tall.

  • Stellaris 2.4 is out with the new Paradox Launcher included

    Paradox Interactive and Paradox Development Studio have released the latest update to Stellaris, which includes the new Paradox Launcher to unify the experience.

    The launcher isn't all that's new though. If you're running Stellaris from their own store or GOG they have added in cloud saving to both. Paradox also updated all factions titans "with panning light meshes", updates to the visual effects for "ther drake’s wing attack (muzzle, projectile, hit effect)" and new "/mute " and "/unmute " chat commands were added. Defence Platforms also got a boost for Outposts, providing 2 points of Piracy Suppression for their system.

    A bunch of UI updates also made it in like the ability to Shift+Click on the ship count in the Fleet Manager, adding ships up to the nearest 10. There's more tooltips on the Planet Screen, a new notification when one empire guarantees the in

read more

What does the FSF censor during the Richard Stallman lynching?

Čet, 10/10/2019 - 11:53

Why do the FSF staff censor an email like this supporting the founder of their organization and the founder of the Free Software movement?

Has the FSF become another Fake Community?

Since raising the issue of censorship in FSF, I received a number of emails from people who feel their own communications have been censored.

[...]

Just as MIT Media Lab staff systematically hid donations from convicted sex trafficker Jeffrey Epstein, Free Software organizations are systematically hiding donations from Google. Censorship is one of the tools they use to achieve this deception.

read more

Freedom from censorship on mailing lists

Čet, 10/10/2019 - 11:42

One prominent tool used to construct the fake community is the email discussion list.

When people join a discussion list, they assume and believe that they are being exposed to a wide range of opinions. Therefore, when some opinions or critical information is hidden, ordinary members of the list are deceived. People have not consented to this deception.

In 2018, FSFE used these tactics to make it appear that nobody supported elections any more. In 2019, rogue elements of the Free Software Foundation (FSF) staff used the same tactics to undermine their own founder, Richard Stallman. FSF is the organization that explains their use of the word Free using the phrase Free as in speech, not free as in beer. When they don't even allow Free Speech on their own LibrePlanet-discuss mailing list, the organization loses all credibility.

read more

Opera 64 Released with Privacy Enhancing Features. Download Now

Čet, 10/10/2019 - 10:23

The latest release of Opera web browser 64 is here focusing on privacy, ad blocking and many more.

read more

GNU/Linux Communities at Reddit

Čet, 10/10/2019 - 09:28

Our GNU/Linux community information is naturally centralized at Reddit for news and discussion, it's not a secret. For instance, all big GNU/Linux distros have Reddits. Even often, news from a FLOSS project comes first at Reddit and being discussed a lot there rather than other social networks. See for example news of r/KDE and r/LibreOffice there (notice that unique Reddit IDs?). If you feel unfamiliar with this, you can think Reddit like Facebook or Twitter, but amazingly faster to browse, with greatly less picture and more text. With this list, after registering you can find your first community on Reddit for example r/Ubuntu and r/linux4noobs. Speaking personally, as an active GNU/Linux user I love Reddit and actually I use DNSCrypt just because I want to visit it. Also, if you're tired of other social networks you can give Reddit a try and I believe you will love it! I wish you will find nice people and friends there. Now let's go!

read more

Viewing files and processes as trees on Linux

Čet, 10/10/2019 - 09:22

Linux provides several handy commands for viewing both files and processes in a branching, tree-like format that makes it easy to view how they are related. In this post, we'll look at the ps, pstree and tree commands along with some options they provide to help focus your view on what you want to see.

read more

LibreOffice 6.3.2 for Slackware and Starting The Document Collective

Čet, 10/10/2019 - 08:38
  • LibreOffice 6.3.2 for Slackware-current – and how to deal with “Shared library .so-version bump”

    Let me first elaborate a bit on the strategies that are available to a Slackware user on how to deal with incompatible library updates in -current.

    One of the reasons people are wary of installing and running Slackware-current is the fact that at any given moment, distro updates can break 3rd-party packages (i.e. packages you have installed that are not part of the Slackware distribution itself). Slackware-current is in constant flux, it is our development environment, and software versions can make sudden jumps with unexpected consequences.

    Big tip: before running any update on a slackware-current system, first check the ChangeLog.txt and scan the updates since your previous upgrade for the text “Shared library .so-version bump.” which is another way of saying “incompatible ABI change”.
    If this text accompanies a package update you can be pretty certain that some 3rd-party packages that depend on it will stop working. And if that particular package is boost, icu4c or poppler, expect massive breakage. The safest approach in a case like this, is: wait with upgrading your Slackware-current; check for packages that have a dependency on the package with the ABI breakage: and track the 3rd-party repositories for updates that address the ABI breakage.

    There is another strategy- one which allows you to upgrade to the latest -current while avoiding broken packages. That is to keep the older libraries on your system – the libraries your 3rd-party packages are depending on. You can simply extract these older libraries from the previous version(s) of the upgraded Slackware package. Darren Austen and I worked together to create a package repository containing historical Slackware-current packages (32bit, 64bit official packages and my own multilib archive). See https://slackware.uk/cumulative/ if you are in need of older package versions.

  • Starting The Document Collective

    The Document Foundation (TDF) is the home of the LibreOffice free-software office suite; it provides financial, governance, and other administrative services to LibreOffice. The foundation was established in part to ensure that commercial entities did not have undue influence on the project, which limited the types of activities in which it can engage. In particular, selling branded versions of LibreOffice in the macOS and Windows app stores has not been something that TDF could tackle. The TDF board of directors is looking to change that with the creation of a new entity, The Document Collective (TDC), to engage in commercial activity that is complementary to that of TDF members—hopefully as an income source to help support TDF.

    The TDC proposal [PDF] was adopted by the TDF board on September 9 and unveiled at the LibreOffice conference (slides [PDF]) and in a post to the board-discuss mailing list on September 11. The board has decided to start the creation of TDC by appointing a transitional leadership group. The TDC leadership has been directed to set up an unincorporated association as part of Public Software CIC, which is a European umbrella organization (a "community interest company" or CIC) that provides administrative services to free and open-source software projects. That is meant to be a temporary measure until a full legal entity can be set up. TDC will also have €50,000 in funds available to draw on from TDF; the money is a loan that is meant to be repaid with interest from the proceeds of selling LibreOffice in the app stores. There may be other moneymaking activities that TDC ends up undertaking as well.

    TDC is tasked with getting LibreOffice into the app stores for macOS and Windows. To that end, Public Software CIC will be granted a trademark license for the LibreOffice mark that can be used for app store packages. Initially there will be no separate TDC entity, but that will eventually be set up in some European jurisdiction and all of the TDC work that has been done will be transferred to the new entity. Effectively, the agreement with Public Software CIC will just allow TDC to start working immediately while it initializes its governance and legal entity in parallel.

    There were a few comments on the announcement. Uwe Altmann wondered about the business plan for TDC; given that there is already some experience from two companies selling LibreOffice in the app stores, it would seem reasonable to put together an initial budget, for example. In addition, starting out by setting up an association with Public Software CIC with a fairly large budget seemed unnecessary; there are other organizational structures that could be set up more easily and cheaply, he said.

read more

Kernel: LWN Articles (Paywall Lapse), SchedViz Liberated and Amlogic Video Decode Driver

Čet, 10/10/2019 - 03:46
  • 5.4 Merge window, part 2

    The release of the 5.4-rc1 kernel and the closing of the merge window for this development cycle came one day later than would have normally been expected. By that time, 12,554 non-merge changesets had been pulled into the mainline repository; that's nearly 2,900 since the first-week summary was written. That relatively small number of changes belies the amount of interesting change that arrived late in the merge window, though.

  • Upstreaming multipath TCP

    The multipath TCP (MPTCP) protocol (and the Linux implementation of it) have been under development for a solid decade; MPTCP offers a number of advantages for devices that have more than one network interface available. Despite having been deployed widely, though, MPTCP is still not supported by the upstream Linux kernel. At the 2019 Linux Plumbers Conference, Matthieu Baerts and Mat Martineau discussed the current state of the Linux MPTCP implementation and what will be required to get it into the mainline kernel.
    MPTCP, described by RFC 6824, is built around one fundamental idea: allowing a single network connection to exchange data over multiple physical paths. One obvious use case is a phone handset, which has both WiFi and broadband interfaces. Being able to use both at the same time would give the device greater bandwidth, but also greater redundancy — a connection could continue uninterrupted despite changes to individual paths.

  • Fixing getrandom()

    A report of a boot hang in the 5.3 series has led to an enormous, somewhat contentious thread on the linux-kernel mailing list. The proximate cause was some changes that made the ext4 filesystem do less I/O early in the boot phase, incidentally causing fewer interrupts, but the underlying issue was the getrandom() system call, which was blocking until the /dev/urandom pool was initialized—as designed. Since the system in question was not gathering enough entropy due to the lack of unpredictable interrupt timings, that would hang more or less forever. That has called into question the design and implementation of getrandom().

    Ahmed S. Darwish reported the original problem and tracked it down to the GNOME Display Manager (GDM), which handles graphical logins. It turns out that GDM was calling getrandom() in order to generate the "MIT magic cookie" that is used for authorization by the X Window System. As was pointed out by several in the mega-thread, using cryptographic-strength random numbers for the cookie (or much of anything in terms of X Window security) is well beyond the pale—a much weaker random number generator could have been used with no loss of security. Darwish noted that the call "only" requests a small number of random bytes (five calls requesting 16 bytes each) but, as Theodore Y. Ts'o said, that doesn't matter: by default getrandom() will not return anything until the cryptographic random number generator (CRNG) is initialized—which requires entropy.

    When Darwish originally bisected the problem, he pinpointed an ext4 commit that had the effect of reducing the amount of disk I/O that was being done early in the boot process. That performance enhancement also, unfortunately, turned out to reduce the amount of entropy gathered on Darwish's laptop—to the point it would not boot. That change has been reverted for now.

  • Compiling to BPF with GCC

    The addition of extended BPF to the kernel has opened up a whole range of use cases, but few developers actually write BPF code. It is, like any other assembly-level language, a tedious pain to work with; developers would rather use a higher-level language. For BPF, the language of choice is C, which is compiled to BPF with the LLVM compiler. But, as Jose Marchesi described during the Toolchains microconference at the 2019 Linux Plumbers Conference, LLVM will soon have company, as he has just added support for a BPF back-end to the GCC compiler.
    Marchesi, who described himself as "just a compiler guy" rather than a tracing wizard, said that this work is proceeding in three phases. The first of those is to get basic BPF support into the toolchain; for GCC, that takes the form of a new bpf-unknown-none target triplet. Support for BPF was added to binutils in May; the first GCC support landed in the project's repository just before the conference began.

  • Google Opens Up "SchedViz" To Visualize Linux Kernel Scheduling Behavior

    Google's newest open-source contribution for benefiting the Linux kernel is SchedViz.

    SchedViz is a tool developed at Google for visualizing the Linux kernel scheduling behavior. Google has already used this tool internally to find areas for improvement within the kernel to make better scheduling choices and analyzing memory latency problems.

  • Amlogic Video Decode Driver Nearly Ready With H.264 Support

    The in-kernel staging Amlogic Meson video decode driver could soon handle H.264 support as soon as Linux 5.5.

    After a lengthy journey getting into the kernel with initially just MPEG-1 and MPEG-2 support, this open-source Amlogic video decode driver should soon be in compliance with H.264.

read more

Server: Knative, Puppet, Kubectl and EdgeX Foundry

Čet, 10/10/2019 - 03:40
  • Google's Keeping Knative Development Under Its Thumb 'For the Foreseeable Future'

    In addition to Knative, which is for deploying serverless workloads, Google evidently plans to keep the Kubernetes service mesh, Istio, in-house.

  • Puppet’s New Cloud Native Continuous Delivery Tool Builds on the CDF’s Tekton [Ed: It says: "The Linux Foundation, Puppet, and Red Hat are sponsors of The New Stack." Read as: we're being paid to write this article by the subject of this article.]

    Puppet has released into public beta its Project Nebula, a cloud native tool that connects a DevOps team’s existing toolset into an end-to-end, continuous delivery platform. The company aims to simplify deployment of microservices and serverless-based applications by connecting popular tools for infrastructure provisioning, application deployment, and notifications into a single, automated workflow.

    “There are a few folks in the world who believe in one tool that solves all the problems. And then there are folks who believe in best-of-breed and pulling the right tools for the right job with the right people, and the right culture,” said Matthew Young, senior director of product management at Puppet. “And we’re really going after the latter… We are not trying to replace every other tool.”

  • Kubectl and friends as a snap

    At Canonical, we build solutions to simplify the lives of our users. We want to reduce complexity, costs, and barriers to entry. When we built the Canonical Distribution of Kubernetes (CDK) and MicroK8s, we made sure it aligned with our mission. We built snaps like kubectl for various Kubernetes clients and services to ensure a harmonious ecosystem.

    From user feedback, requests and going over the exciting use cases our users and partners are experimenting with, sometimes you just need to get up and running. Kubernetes on a Raspberry Pi anyone? This is why we provide Kubernetes components such as kubectl, kubefed, kubeadm, etc. as snaps and open to use for your use cases.

  • EdgeX Foundry Organizes Its First Hackathon

    The project organized its first hackathon in Chicago to see how the retail industry leverages EdgeX Foundry to solve some of its pressing problems.

read more

Programming: Rust, RcppArmadillo and Python

Čet, 10/10/2019 - 03:36
  • This Week in Rust 307
  • Nicholas Nethercote: Visualizing Rust compilation

    Speeding up the Rust compiler isn’t the only way to make a Rust project build faster. Changing the crate structure of a project can also make a big difference. The good news here is that Eric Huss has implemented an amazing tool for visualizing Rust compilation, which can be used to identify inefficient crate structures in Rust projects.

  • RcppArmadillo 0.9.800.1.0

    Another month, another Armadillo upstream release! Hence a new RcppArmadillo release arrived on CRAN earlier today, and was just shipped to Debian as well. It brings a faster solve() method and other goodies. We also switched to the (awesome) tinytest unit test frameowrk, and Min Kim made the configure.ac script more portable for the benefit of NetBSD and other non-bash users; see below for more details. One again we ran two full sets of reverse-depends checks, no issues were found, and the packages was auto-admitted similarly at CRAN after less than two hours despite there being 665 reverse depends. Impressive stuff, so a big Thank You! as always to the CRAN team.

  • Anaconda Enters a New Chapter

    Today I am excited to announce that I am stepping into the role of CEO at Anaconda. Although I am a founder of the company and have previously served as president, this marks the first time I am serving in the role of chief executive.

    The entire world is undergoing a revolution in computation and data analytics — a revolution that we helped start almost 10 years ago, at the dawn of modern data science.

    [...]

    I am very appreciative of our previous CEO Scott Collison. Under his leadership, we grew from an open-source consultancy into a true product company, put a world-class leadership team in place, and launched our enterprise machine learning platform. He made a lasting impact on our company’s evolution.

  • Emacs: The Best Python Editor?

    Finding the right code editor for Python development can be tricky. Many developers explore numerous editors as they grow and learn. To choose the right code editor, you have to start by knowing which features are important to you. Then, you can try to find editors that have those features. One of the most feature-rich editors available is Emacs.

    Emacs started in the mid-1970s as a set of macro extensions for a different code editor. It was adopted into the GNU project by Richard Stallman in the early 1980s, and GNU Emacs has been continuously maintained and developed ever since. To this day, GNU Emacs and the XEmacs variant are available on every major platform, and GNU Emacs continues to be a combatant in the Editor Wars.

read more

Graphics Stack: FFmpeg+GPUs, Mesa 19.3

Čet, 10/10/2019 - 03:29
  • Intel Adds GPU-Accelerated Memory Copy Support To FFmpeg

    Intel engineers have contributed GPU-accelerated memory copy support to FFmpeg when making use of their preferred video decode implementation.

    For those making use of Intel Quick Sync Video decode with FFmpeg, the latest development code has added GPU-accelerated memory copy support between the video and system memory.

  • Intel ANV & Radeon RADV Vulkan Drivers Tacking On More Extensions With Mesa 19.3

    There still is another month until the feature freeze for Mesa 19.3 to end out 2019 and it will be a big one.

    In addition to the continued flurry of OpenGL driver activity and bits like Zink potentially being merged, the Intel and AMD Radeon Vulkan drivers have been seeing more extension work for 19.3-devel. Here's the latest.

read more

RK3328-based industrial SBC eases Raspbian porting

Čet, 10/10/2019 - 03:10

Novasom’s new M7+ version of its Pi-like, RK3328 based SBC-M7 board adds RS485, power over USB, an FPC connector for HDMI, and a library that lets Pi users recompile Raspbian apps for use with its industrial RASPMOOD stack.

In February, Novasom Industries launched its Linux-powered, Rockchip RK3328 based SBC-M7 single board computer, which Novasom now calls the Novasom M7, along with an SBC-M8 board based on a Snapdragon 410E. Now, Novasom has followed customer feedback to upgrade the somewhat Raspberry Pi-like Novasom M7 with a Novasom M7+ (or M7Plus) model that provides a variety of hardware and software improvements.

read more

Programming: PyCon, Programming Exercises, Outreachy and Eclipse Foundation on IDEs

Čet, 10/10/2019 - 03:06
  • Financial Aid Launches for PyCon US 2020!

    The financial aid program aims to bring many folks to PyCon by limiting the maximum grant amount per person; in that way, we can offer support to more people based on individual need. The financial aid program reimburses direct travel costs including transportation, hotel, and childcare, as well as offering discounted or waived registration tickets. For complete details, see our FAQ, and contact pycon-aid@python.org with further questions.

  • 7 Reasons to Get Professional Programming Assignment Help

    Programming is one of the most popular disciplines in schools and universities, and many students learn programming languages at this point. If you are one of them, you know how complicated it can be to study programming, especially if you get a lot of other assignments from other classes.

  • Adding stateless support to vicodec

    Prior to joining Collabora, I took part in Round 17 of the Outreachy internships, which ran from December 2018 to March 2019. Outreachy is a paid, remote internship program. Its goal is to support people from groups underrepresented in tech, and help newcomers to free software and open source make their first contributions. Open to applicants around the world, Outreachy internships run twice a year.

    Once your application is approved, you must pick an open source project to make a contribution to, in hopes of being selected as an intern, and teamed with experienced mentors. You can read more about the program here.

    In my case, I was selected as an intern to work on the media subsystem of the Linux kernel, and my mentors were Helen Koike, (who is now my colleague at Collabora!) and Hans Verkuil (who works for Cisco and has been working on the media subsystem for around 15 years).

  • Eclipse Foundation Looks to Create Cloud-Based IDE Standards

    The Eclipse Foundation today announced the formation of a working group to create standards for cloud-based integrated development environments (IDEs) led by Broadcom, EclipseSource, Ericsson, IBM, Intel, Red Hat, SAP, Software AG and Typefox.

read more

Red Hat: EPEL8, vDPA and Apache Kafka on OpenShift

Čet, 10/10/2019 - 02:55
  • EPEL8 packages

    With the opening up of EPEL8, there’s a lot of folks looking and seeing packages they formerly used in EPEL6/7 not being available and wondering why. The reason is simple: EPEL is not a fixed exact list of packages, it’s a framework that allows interested parties to build and provide the packages they are interested in providing to the community.

    This means for a package to be in EPEL8, it requires a maintainer to step forward and explicitly ask “I’d like to maintain this in EPEL8” and then build, test and do all the other things needed to provide that package.

    The reason for this is simple: We want a high quality, maintained collection of packages. Simply building things once and never again doesn’t allow for someone fixing bugs, updating the package or adjusting it for other changes. We need a active maintainer there willing and able to do the work.

  • vDPA hands on: The proof is in the pudding

    In this post, we will set up vDPA using its DPDK framework. Since vDPA compatible HW cards are in the process of being commonly available on the market, we will work around the HW constraint by using a paravirtualized Virtio-net device in a guest as if it was a full Virtio HW offload NIC.

  • Open Banking with Microservices Architectures and Apache Kafka on OpenShift

    Last month, at OpenShift Commons Gathering Milan, Paolo Gigante and Pierluigi Sforza of Poste Italiane, showed the audience how they built a microservices based banking architecture using Apache Kafka and OpenShift. Their slides are available here. For more great in-person events like this, register for the next Commons Gathering near you! San Francisco is coming up before the end of the month, and will focus on AI/ML.

read more

Ubuntu Core: Raspberry Pi 4 and Beyond

Čet, 10/10/2019 - 02:33
  • Attaching a CPU fan to a RPi running Ubuntu Core

    When I purchased my Raspberry Pi4 I kind of expected it to operate under similar conditions as all the former Pi’s I owned …

    So I created an Ubuntu Core image for it (you can find info about this at Support for Raspberry Pi 4 on the snapcraft forum)

    Runnig lxd on this image off a USB3.1 SSD to build snap packages (it is faster than the Ubuntu Launchpad builders that are used for build.snapcraft.io, so a pretty good device for local development), I quickly noticed the device throttles a lot once it gets a little warmer, so I decided I need a fan.

  • A reference architecture for secure IoT device Management

    One of the key benefits of IoT is the ability to monitor and control connected devices remotely. This allows operators to interact with connected devices in a feedback loop, resulting in accelerated decisions. These interactions are mediated by a device management interface, which presents data in a user-friendly UI. The interface also serves as a client to remotely control devices in the field. Device management is, therefore, a key component of IoT solution stacks, with a significant impact on the ROI of such deployments.

    However, there is no one size fits all when it comes to device management solutions. IoT solutions are deployed in various contexts. The purpose, the devices, and the users involved vary from one deployment to another, even within the same industry. It is, therefore, challenging to find a ready-made device management solution perfectly suitable to any given deployment.

    Security is the critical requirement that these deployments invariably share, for it must be implemented in line with the best practices. Secure authentication and communication encryption are indispensable for the management of mission-critical device fleets.

read more

Security: Updates, Ken Thompson's Unix Password, Microsoft Spying on Everything for 'Security', Cross Site Scripting Fix

Čet, 10/10/2019 - 02:24
  • Security updates for Wednesday

    Security updates have been issued by Fedora (chromium), openSUSE (rust and sqlite3), SUSE (dnsmasq, firefox, and kubernetes, patchinfo), and Ubuntu (python2.7, python3.5, python3.6, python3.7).

  • Ken Thompson's Unix password

    Somewhere around 2014 I found an /etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy.

    Since the DES-based crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 characters), I thought it would be an easy target to just crack these passwords for fun.

    Well known tools for this are john and hashcat.

    Quickly, I had cracked a fair deal of these passwords, many of which were very weak. (Curiously, bwk used /.,/.,, which is easy to type on a QWERTY keyboard.)

    However, kens password eluded my cracking endeavor. Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result. Since the algorithm was developed by Ken Thompson and Robert Morris, I wondered what’s up there. I also realized, that, compared to other password hashing schemes (such as NTLM), crypt(3) turns out to be quite a bit slower to crack (and perhaps was also less optimized).

    Did he really use uppercase letters or even special chars? (A 7-bit exhaustive search would still take over 2 years on a modern GPU.)

    The topic came up again earlier this month on The Unix Heritage Society mailing list, and I shared my results and frustration of not being able to break kens password.

  • How my application ran away and called home from Redmond

    I recently found a surprising leak vector in Windows 10 installations. We were porting our Beacon Application to Windows and for easy deployment. The plan was to create just one .exe including everything. However we found out that End Point Protection (EPP) solutions didn’t like that at all and we had to go with the MSI installer option. This is a story what happened during the .exe testing.

    I used my personal malware analysis lab for testing the application. My lab is an isolated network environment which has a whitelist based firewall rules. Whitelist firewall is needed to carefully allow specific updates and downloads. The lab already has Beacon Virtual Machine running and it has found issues in the past. All of them are fixed. So this leak was something new!

    [...]

    I researched a bit more and made educated guesses about why this happened. I managed to narrow it down to Microsoft Defender and the “Automatic sample submission” feature.

    [...]

    Microsoft Windows 10 sends all new unique binaries for further analysis to Microsoft by default. They run the executable in an environment where network connectivity is available. This opens interesting data leak vector for attacker and also includes some privacy concerns. It is quite common that even in isolated environments, many of the Microsoft IP address ranges are whitelisted to make sure systems will stay up to date. This enables adversary to leak data via Microsoft services which is extremely juicy covert channel.

  • Enrico Zini: Fixed XSS issue on debtags.debian.org

    Thanks to Moritz Naumann who found the issues and wrote a very useful report, I fixed a number of Cross Site Scripting vulnerabilities on https://debtags.debian.org.

read more

Games: Nobodies and Steam Play Proton 4.11-7

Čet, 10/10/2019 - 02:07

read more

sfy39587f05