Odprtokodni pogled

Opensource view

tuxmachines.org

Syndicate content
Your source for Linux and Open Source news, reviews, and howtos.
Posodobljeno: 29 min 22 sec nazaj

Security: Oracle, WPA3, Windows XP in ATMs, Network Block Device (NBD) and More Windows Problems

Tor, 06/26/2018 - 20:31
  • Oracle's latest Linux fixes: New Spectre, Lazy FPU patches beef up defenses

    Oracle has released patches for the latest Spectre CPU flaws and a fix for the Lazy floating-point unit (FPU) state restore issue affecting Intel CPUs.

    Oracle's updates address the Spectre CPU flaws revealed in May, including CVE-2018-3640, also known as Spectre variant 3a, and CVE-2018-3639, Spectre variant 4.

  • WPA3: Wi-Fi Receives Its Biggest Security Upgrade After 14 Years

    Last year, when security researchers tore apart WPA2’s security with KRACK exploit, questions were raised regarding its ability to protect billions of WiFi-compatible devices across the world.

  • Indian Banks Running Windows XP Finally Asked To Update: RBI Sends Notice
  • Control measures for ATMs – Timeline for compliance

    Please refer to our confidential Circular DBS.CO/CSITE/BC.8074/31.01.015/2016-17 dated April 17, 2017 (issued to banks) highlighting concerns about the ATMs running on Windows XP and/or other unsupported operating systems. A reference is also invited to our confidential Advisory No. 3/2017 dated March 06, 2017 and No. 13/2017 dated November 1, 2017 wherein the banks were advised to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls.

    2. The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank.

  • NBD with TLS-PSK

    The Network Block Device (NBD) protocol is really useful to us when we deal with virtual machines and disk images. It lets us share disk images between machines and is also the universal protocol we use for communicating disk images between different bits of software. I wrote a pluggable NBD server called nbdkit to make this even easier.

    However there was a problem: The protocol has no concept of logins. If you have an open NBD port, then anyone can connect and read or write your disk image. This is not quite as terrible as it sounds since when two processes are talking NBD to each other, we use a Unix domain socket and we hide the socket in a directory with restrictive permissions. But there are still cases — such as communicating between separate servers — where authentication would be useful.

  • The Biggest Digital Heist in History Isn’t Over Yet

    Someone had sent emails to the bank’s employees with Microsoft Word attachments, purporting to be from suppliers such as ATM manufacturers. It was a classic spear-phishing gambit. When opened, the attachments downloaded a piece of malicious code based on Carberp, a so-called Trojan that unlocked a secret backdoor to the bank’s network. The malware siphoned confidential data from bank employees and relayed the information to a server the hackers controlled. Delving deeper, the Kaspersky team found that intruders were taking control of the cameras on hundreds of PCs inside the organization, capturing screenshots and recording keystrokes. Soon, the researchers learned that other banks in Russia and Ukraine had been hacked the same way.

read more

Red Hat and Fedora Leftovers

Tor, 06/26/2018 - 20:17
  • Red Hat has friends in the clouds. That could help it get a piece of a Pentagon contract.

    A major contract from the U.S. Department of Defense could benefit some workers in the Triangle.

    Red Hat leaders have been talking to defense officials about its JEDI cloud-services contract and think the company is "extremely well-positioned" to supply the project's back-end workings, Red Hat Chief Financial Office Eric Shander said in a recent interview.

  • Cloud-native BPM solution launched by Red Hat

    Open source solutions provider Red Hat has launched what it calls the `next generation' of Red Hat JBoss BPM Suite, now called Red Hat Process Automation Manager.

    It provides a cloud-native platform for developing applications that automate business decisions and processes.

  • Using Red Hat Data Grid to power a multi-cloud real-time game

    The scavenger hunt game developed for the audience to play during the Red Hat Summit 2018 demo used Red Hat Data Grid as storage for everything except the pictures taken by the participants. Data was stored across three different cloud environments using cross-site replication. In this blog post, we will look at how data was flowing through Data Grid and explain the Data Grid features powering different aspects of the game’s functionality.

  • PodCTL #40 – Scaling OpenShift Roadshows

    Summertime is typically a slow news cycle for technology, so some people find time to relax, while others use it as an opportunity to learning something new. One activity that draws lots of people eager to learn are the OpenShift roadshow, where both Application Developers and IT Operations can get hands-on with OpenShift and related technologies.

  • So, you want to do computer science, huh?

    I do mentor/advise startups and if any of them come to me with proposals that involve buying hardware, setting up software as part of the servers etc, I will promptly throw them out. Create your stuff on the cloud – AWS, Google, Rackspace, DigitalOcean etc. Lots of them out there. At some point, when your project/start-up ideas have gained some form/shape, and you have paying customers, you could consider running your own data centers using Red Hat Open Stack and Red Hat OpenShift to make sure that you have a means to run your application in-house or in your own data center or onto the public cloud seamlessly.

  • Red Hat Enterprise Linux builds the foundation for the world’s fastest supercomputer(s)
  • Red Hat Certified Cloud Architect – An OpenStack Perspective – Part Two
  • Caterpillar and Red Hat Are Among 19 Big-Name Stocks Ready to Change Direction
  • Red Hat racks up industry accolades from Barron’s, Forbes, Fortune and Great Place to Work Institute
  • Red Hat CEO Whitehurst lands 22% rise in compensation
  • Fedora 29's User PATH Will Prioritize Local User Binaries

    There have been several controversial Fedora 29 changes this cycle like hiding GRUB by default and catering i686 packages to x86_64 while another one was approved today at the Fedora Engineering and Steering Committee.

    The latest approved feature for Fedora 29 that's been met by some controversy in user/developer discussions is on changing the prioritization of some paths within the user PATH environment variable. Rather than ~/.local/bin and ~/bin currently appearing at the end of the PATH paths, with Fedora 29 they will be set to the front. This gives these local user paths higher priority over the system-wide paths when it comes to looking for commands on the system.

  • Hello from your new Fedora Program Manager

    Hi, Fedora Community! I’d like to take a moment to introduce myself as the newly-hired Fedora Program Manager. I’ve been a Fedora user for over a decade and a contributor in various roles almost that long. I started out on the documentation team as a writer and then led the team for a few releases. I’ve also maintained packages, dabbled a little bit in marketing (I know I’m way behind on that video ticket, sorry!), and helped promote Fedora through social media and articles on Opensource.com. Professionally, my background is largely in systems administration (with a strong focus on high performance computing in public cloud), but I’ve spent the last two years in marketing. I have a bachelors degree in meteorology and a masters degree in IT project management. I’m also an organizer for a local tech meetup and an occasional freelance writer.

  • Fedora 28 : Using the python module sh .
  • [Week 6] GSoC Status Report for Fedora App: Abhishek Sharma
  • Fedora/RISC-V nightly builds

read more

Linux Foundation: Mandarin and Job Skills

Tor, 06/26/2018 - 19:32
  • Open Source Guides for the Enterprise Now Available in Chinese

    The popular Open Source Guides for the Enterprise, developed by The Linux Foundation in collaboration with the TODO Group, are now available in Chinese. This set of guides provides industry-proven best practices to help organizations successfully leverage open source.

    “Making these resources available to Chinese audiences in their native language will encourage even greater adoption of and participation with open source projects,” said Chris Aniszczyk, CTO of Cloud Native Computing Foundation and co-founder of the TODO Group. The guides span various stages of the open source project lifecycle, from initial planning and formation to winding down a project.

  • Jobs Report: Demand for Open Source Skills Climbs, Topped by Linux

    The seventh annual open source jobs report from The Linux Foundation and careers site Dice shows an increasing enterprise demand for open source skills, with Linux regaining the position of most-coveted technology.

    The demand for open source skills is so high that nearly half of hiring manages responding to the survey said their organization are supporting open source projects solely for the purpose of recruiting hard-to-find talent.

    That talent hunt is topped by the search for Linux skills, which is back on top as the No. 1 skill sought by hiring managers following a hiatus that saw cloud technologies ascending in last year's report.

  • Need a Smart IT Hire? Look to Open Source

    Even if your association’s main stack isn’t based on open-source software, you should still know the language. According to a recent report from the Linux Foundation, it could even help you find new talent.

    In my many years writing about the ins and outs of associations—and particularly their technology challenges—one common refrain I’ve heard is this: Open-source software is hard to maintain and comes with a lot of headaches that you won’t run into with a managed vendor.

read more

Programming: Python Object-Oriented Programming (OOP) and Mastering C Pointers

Tor, 06/26/2018 - 18:41
  • 8 great pytest plugins

    We are big fans of pytest and use it as our default Python testing tool for work and open source projects. For this month's Python column, we're sharing why we love pytest and some of the plugins that make testing with pytest so much fun.

  • Python 3: Sometimes Immutable Is Mutable and Everything Is an Object

    Python is a multi-paradigm programming language. Meaning, it supports different programming approach. One of the popular approach to solve a programming problem is by creating objects. This is known as Object-Oriented Programming (OOP).

  • Massacring C Pointers

    I'm taking a break from debugging books to talk about a calamitous shitshow of textbook writing: Mastering C Pointers: Tools for Programming Power, by Robert J. Traister.

    I learned of the book through a talk by Brian Kernighan where he refers to the book as probably “the worst C programming textbook ever written.”[1] He doesn't name it but with some help I was able to track down his obliquely accurate reference.

    This book has become my white whale. Since I started reading debugging books, and especially now that I'm digging through older ones, I find bits of advice that simply don't work today. While some of it could be construed as useless or idiotic, I've always found the authors come from a position of earnestness, attempting to draw the best conclusions based on decent principles and what they knew at the time they wrote it. In some cases they may not have known much, but they're honestly and humbly trying to impart some wisdom.

read more

Checking out the notebookbar and other improvements in LibreOffice 6.0

Tor, 06/26/2018 - 18:39

With any new openSUSE release, I am interested in the improvements that the big applications have made. One of these big applications is LibreOffice. Ever since LibreOffice has forked from OpenOffice.org, there has been a constant delivery of new features and new fixes every 6 months. openSUSE Leap 15 brought us the upgrade from LibreOffice 5.3.3 to LibreOffice 6.0.4. In this post, I will highlight the improvements that I found most newsworthy.

Also: SUSE Linux Enterprise 15 Officially Released

read more

KDE and Qt Leftovers

Tor, 06/26/2018 - 17:40
  • KDE Plasma 5.13.2 Desktop Environment Released with More Than 20 Improvements

    The second maintenance update of the KDE Plasma 5.13 desktop environment has been released today, version 5.13.2, with another layer of stability improvements.

    Coming just one week after the first point release, KDE Plasma 5.13.2 arrives only two weeks after the release of the KDE Plasma 5.13 desktop environment to fix more bugs that the team discovered across various components, such as Plasma Discover, Plasma Desktop, Plasma Workspace, KSysGuard, Plasma Audio Volume Control, and others.

    Highlights of this second point release include simplified Flatpak initialization process and inclusion of a donation URL for KNS in the Plasma Discover package manager, a fix for a leak of pipe FDs in the MD RAID code and support for Qt 5.11 in KSysGuard, as well as more improvements to the Fonts KCM panel. For more details, check out the full changelog.

  • (wanted) Poudriere Workflow Support

    Poudriere will grind away at dependencies and everything, and in the end spits out a nicely colored status line; it looks like this (here, I was rebuilding octave in order to test Qt5 compatibility, and most of the dependencies were already done).

  • GSoC 2018 – Coding Period (June 18th to June 26th): Finishing LVM VG support and starting RAID implementation

    I’ve finished LVM VG complete support to Calamares, including resize, deactivate and remove operations. All my progress is actually related to my PR from the last week (I’ve changed it’s name, because I decided to include the remaining LVM implementations on it). This PR got some dependency issues with kpmcore’s latest versions and the code needs some refactoring, but you can see it here:

  • (Request) 3D Konqui Model

    A long time ago Konqui was a bit different than what it is today, you know – people evolve, and mascotts too.I think everyone here remembers the Huge konqui custume that I did for the brazilian conventions, it was the most amazing konqui costume ever but he’s resting in peace now, retired in a theather school.

  • About Git Reverts and Contributor’s Pride

    This also appply to my new changes to Konsole. I’v did a lot of changes in the source this month, and I was sending experimental stuff to it that I had three accepted-merged-reverted commits. This doesn’t makes me angry at all, one of the features is probably be upstreamed to Breeze and all kde software will enjoy it, and the other two introduced regressions, and if we don’t produce code we can’t evolve, without new code there’s also no new bugs being introduced (as i did).

  • KDAB at Qt Contributors’ Summit

    About 80 committed developers met in Oslo to talk about the latest developments in the Qt framework, enjoying beautiful weather in Oslo, and of course, the coffee.

  • Qt 3D Studio 2.0 Officially Released, Qt Design Studio Announced For UI Designers

    The Qt Company has been on a roll this year with a slew of exciting announcements, the latest of which are Qt 3D Studio 2.0 and a new tool for user-interface designers as Qt Design Studio.

    Qt 3D Studio 2.0 we've known has been coming with editor improvements, a new run-time built on Qt 3D rather than the NVIDIA rendering engine, and much more.

read more

Mozilla: Release of Firefox 61, Retained Display Lists, and a New Security Tool

Tor, 06/26/2018 - 17:35
  • New Firefox Releases Now Available

    Even though summer is here in the northern hemisphere, we’re not taking any breaks. Firefox continues our focus on making a browser that is smarter and faster than any other, so you can get stuff done before you take that much needed outdoor stroll.

  • Firefox 61 – Quantum of Solstice

    Firefox 61 is now available, and with it come new performance improvements that make the fox faster than ever!

  • Firefox 61 Releasing Today With Performance Improvements, Accessibility Inspector

    Mozilla is on schedule with releasing Firefox 61.0 today and can already be found via their FTP mirrors.

    Firefox 61.0 has us excited due to performance improvements: This new web-browser update has furthered Quantum CSS to offer faster page rendering times with the parsing being parallelized, other rendering speed optimizations, and faster tab switching on Linux/Windows are among the performance enhancements.

  • Retained Display Lists for improved page performance

    Continuing Firefox Quantum’s investment in a high-performance engine, the Firefox 61 release will boost responsiveness of modern interfaces with an optimization that we call Retained Display Lists. Similar to Quantum’s Stylo and WebRender features, developers don’t need to change anything on their sites to reap the benefits of these improvements.

  • Scanning for breached accounts with k-Anonymity

    The new Firefox Monitor service will use anonymized range query API endpoints from Have I Been Pwned (HIBP). This new Firefox feature allows users to check for compromised online accounts while preserving their privacy.

  • Testing Firefox Monitor, a New Security Tool

    From shopping to social media, the average online user will have hundreds of accounts requiring passwords. At the same time, the number of user data breaches occurring each year continues to rise dramatically. Understandably, people are now more worried about internet-related crimes involving personal and financial information theft than conventional crimes. In order to help keep personal information and accounts safe, we will be testing user interest in a security tool that lets users check if one of their accounts has been compromised in a data breach.

read more

Sailfish for Gemini Community Edition available now

Tor, 06/26/2018 - 17:08

As the first step in bringing Sailfish to Gemini, our friends at Planet Computers have today made the community edition of Sailfish OS 2.1 available for the Gemini PDA. This version has been tested and verified by both Jolla and Planet.

As it’s a community initiative, the version is still somewhat limited, but essential features are supported. With this version you won’t yet get software updates or support for Android apps. Also the overall support is limited to our community’s efforts.

read more

Microsoft Mischief and GitLab's Escape From Microsoft

Tor, 06/26/2018 - 16:58
  • Microsoft Buys GitHub: Three Weeks Later

    I heard that Microsoft would be buying GitHub just a couple days before it happened when Carlie Fairchild at Linux Journal told me about it. I replied to the news with a solid, “Get! Out!” Needless to say, I had my doubts. As someone who remembers all too well the “Embrace, extend and extinguish" days of Microsoft, the news of this latest embrace did, however briefly, bring back those old memories. When I was asked what I thought, I answered that the optics were bad.A lot of years have passed since, back in 2001, Steve Ballmer declared Linux to be a cancer. These days, Microsoft loves Linux. It says so right on its website. Two years ago, Steve Ballmer also proclaimed his love for Linux. In 2018, Microsoft has its own distribution that it uses in its Azure cloud. Microsoft includes several different flavors of Linux in its app store (the Windows Subsystem for Linux), all of which can be installed on Windows 10. Microsoft develops for Linux. Heck, Microsoft even contributes to the Linux kernel.

    [...]

    But let’s, just for a moment, pretend that Microsoft is in fact up to its old "extend, embrace and extinguish" tricks. Open source can and would survive anything Microsoft could throw at it. Linux withstood SCO (backed at the time by Microsoft) in a long legal battle, and all of Microsoft’s best attempts to frame it as dangerous, not up to the job, unreliable and a cancer. That was back when Linux was the little guy. In 2018, Linux is the Big Man On Campus.

    Linux and open-source software will do just fine, even with Microsoft running the show at GitHub.

  • We’re moving from Azure to Google Cloud Platform

    Improving the performance and reliability of GitLab.com has been a top priority for us. On this front we've made some incremental gains while we've been planning for a large change with the potential to net significant results: moving from Azure to Google Cloud Platform (GCP).

  • EFF Launches STARTTLS Everywhere, GitLab Moving from Azure to Google Cloud, Firefox 61.0 Released, SUSE Linux Enterprise 15 Now Available and More

    The EFF yesterday announced the launch of STARTTLS Everywhere, "EFF's initiative to improve the security of the email ecosystem". The goal with STARTTLS is "to do for email what we've done for web browsing: make it simple and easy for everyone to help ensure their communications aren't vulnerable to mass surveillance." You can find out how secure your current email provider is at https://www.starttls-everywhere.org, and for a more technical deep dive into STARTTLS Everywhere, go here.

    GitLab announced yesterday that it is moving from Azure to Google Cloud. GitLab claims the decision to switch to Google Cloud is "because of our desire to run GitLab on Kubernetes. Google invented Kubernetes, and GKE has the most robust and mature Kubernetes support." The migration is planned for Saturday, July 28, 2018, and GitLab will utilize its Geo product for the migration.

  • Microsoft Pulls Windows 7 Support On Older CPUs After It Couldn’t Fix A Bug

    Windows 7 is already counting its days before Microsoft terminates the extended support cycle for the popular operating system that only receives security updates. Recently, the company pulled official tech support for various product forums including Windows 7.

read more

RK3399 SBC offers dual Type-C with DP and optional PoE

Tor, 06/26/2018 - 15:48

Libre Computer unveiled a “ROC-RK3399 (Renegade Elite)” SBC that runs Android Oreo or mainline Linux 4.19+ and offers GbE with PoE, HDMI 2.0, 2x USB Type-C with DP, 3x USB 2.0, and dual 60-pin headers.

Libre Computer has posted some photos and preliminary specs of a ROC-RK3399 (Renegade Elite) board follow-on to last year’s Indiegogo launched Renegade SBC. The Renegade Elite will launch on Indiegogo in July with general availability due in August. The original Renegade eventually went on to be re-sold by T-Firefly as the Firefly-ROC-RK3328-CC, and a similar future appears to await the Renegade Elite, as the photos show the board imprinted with the Firefly logo.

read more

Security: Updates, Hyperthreading, Oracle

Tor, 06/26/2018 - 15:44
  • Security updates for Monday
  • Security updates for Tuesday
  • Hyperthreading under scrutiny with new TLBleed crypto key leak

    Last week, developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further.

    The situation has since become a little clearer. The Register reported on Friday that researchers at Vrije Universiteit Amsterdam in the Netherlands have found a new side-channel vulnerability on hyperthreaded processors that's been dubbed TLBleed. The vulnerability means that processes that share a physical core—but which are using different logical cores—can inadvertently leak information to each other.

    In a proof of concept, researchers ran a program calculating cryptographic signatures using the Curve 25519 EdDSA algorithm implemented in libgcrypt on one logical core and their attack program on the other logical core. The attack program could determine the 256-bit encryption key used to calculate the signature with a combination of two milliseconds of observation, followed by 17 seconds of machine-learning-driven guessing and a final fraction of a second of brute-force guessing.

  • Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

    Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability.

    The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640.

    As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode.

read more

TrueOS Doesn’t Want to Be ‘BSD for Desktop’ Anymore

Tor, 06/26/2018 - 11:12

Popular BSD distribution TrueOS wants to shed its ‘desktop BSD’ image in order to become a core operating system.

read more

Shotwell 0.29.3 Features Face Recognition Feature

Tor, 06/26/2018 - 10:42

Shotwell 0.29.3 brings a number of improvements to the fore, enhancing the user interface and overall stability of the application.

But it’s the return of Shotwell’s face detection feature to the master branch that excites me most in this release. This (optional) extra might help make it easier to organise and sort through photos based solely on who is in them.

— Not that facial recognition is entirely new to Shotwell, of course.

read more

SUSE at Large Scale

Tor, 06/26/2018 - 10:33
  • ​SUSE Linux Enterprise Server takes a big step forward

    SUSE doesn't get the ink that Red Hat Enterprise Linux (RHEL) or Canonical Ubuntu does, but it's still a darn fine Linux server distribution. Now, SUSE takes another step forward in the server room and data center with the mid-July release of SUSE Linux Enterprise Server (SLES) 15.

    SLES 15 will be available on x86-64, ARM, IBM LinuxONE, POWER, and z Systems in mid-July. So, no matter what your preferred server architecture, SUSE can work with you.

  • SUSE Announces Release of SUSE Linux Enterprise 15, SUSE Manager 3.2 and SUSE Linux Enterprise High Performance Computing 15

    Today, SUSE announced the release of SUSE Linux Enterprise 15, SUSE Manager 3.2 and SUSE Linux Enterprise High Performance Computing 15 with a focus on helping customers innovate in this era of rapid digital transformation while meeting the needs of multimodal IT.

  • SUSE Updates Enterprise Linux for the Multi-Cloud Era

    SUSE announced its Enterprise Linux 15 and SUSE Manager 3.2 updates on June 25, ushering in the next generation of enterprise Linux technologies from the Germany-based Linux vendor.

    SUSE Enterprise Linux 15 is the first time since 2014 that SUSE has changed the major version for its flagship platform. While SUSE Linux Enterprise 12 was announced back in 2014, SUSE never released a version 13 or 14, deciding instead to skip ahead to version 15 for the new update.

    "In various cultures, both 13 and 14 are unlucky numbers," Matthias Eckermann, director of SUSE Linux Enterprise product management, told eWEEK. "We were asked to not use these by partners and customers, so here we are at 15."

read more

sfy39587f05