Language Selection

English French German Italian Portuguese Spanish

Security: Updates, MDS, WhatsApp and 'The Cloud'

Filed under
Security
  • Security updates for Tuesday
  • Understanding the MDS vulnerability: What it is, why it works and how to mitigate it

    MDS vulnerabilities explained in ~three minutes

  • A deeper look at the MDS vulnerability

    In our last post, Jon Masters offered an overview of the MDS vulnerability. In this video, Jon provides a ddeper technical explanation of the vulnerability.

  • SUSE addresses Microarchitectural Data Sampling Vulnerabilities

    Researchers have identified new CPU side channel information leak attacks against various microarchitectural buffers used in Intel CPUs. These attacks allows local attackers to execute code to read out portions of recently read or written data by using speculative execution. Local attackers can be on the same OS or running code on the same thread of a CPU core, which could happen for other VMs on the same physical host.
    Intel, together with hardware and operating system vendors, have worked over recent months to prepare mitigations for these vulnerabilities, also known as RIDL, Fallout and ZombieLoadAttack.

  • MDS: The Newest Speculative Execution Side-Channel Vulnerability [Ed: Faked performance means no security and since there are no rules associated with this, there will be no multi-billion-dollar fines, no mass recalls etc. What an awful industry.]

    Intel just disclosed a new speculative execution side-channel vulnerability in its processors similar to the existing Spectre/L1TF vulnerabilities. This new disclosure is called the Microarchitectural Data Sampling (MDS).

    The Microarchitectural Data Sampling vulnerability was discovered by Intel researchers and independently reported as well by external researchers and is said to be similar to existing speculative execution side channel vulnerabilities. Fortunately, some current-generation CPUs are not vulnerable and Intel says all new processors moving forward will be mitigated. For those processors affected, microcode/software updates are said to be coming.

  • Update WhatsApp now to avoid spyware installation from a single missed call
  • Update WhatsApp Now, Adobe Warning Creative Cloud Users with Older Apps, Kernels Older than 5.0.8 Are Vulnerable to Remote Code Execution, Schools in Kerala Choose Linux and MakeOpenStuff Is Launching the HestiaPi Touch Smart Thermostat

    A vulnerability in WhatsApp allows spyware to be installed from a single unanswered phone call. The Verge reports that the "spyware, developed by Israel's secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. Once installed, the spyware can turn on a phone's camera and mic, scan emails and messages, and collect the user's location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole."

  • How WhatsApp exposed its users to a spyware attack

    Facebook-owned firm confirms that a vulnerability in WhatsApp opened doors for a spyware attack that installs a malicious code on victim's smartphone...

  • Modern IT security: Sometimes caring is NOT sharing

    The last decade of technological advances has seen a race to reduce costs. Migration to virtualized systems quickly eclipsed traditional bare-metal deployments. At some point, virtualization will be out-paced by containerization. While the physical footprint of an organization’s compute resources may have been reduced, the complexity of managing those environments certainly has not.

    Back in the Stone Age of IT operations and information security, everyone’s attention was focused on the corporate datacenter and the physical machines that lived there. It was simpler to understand where security controls needed to be applied. You had one giant cable coming into the building from "the internet," so you’d throw firewalls, Information Data Leak Prevention/Detection (IDP/IDS), proxies, load balancers and other tools in-line before that channel was split to the larger corporate network. This Castle-and-Moat model of protection worked fairly well (ignoring the insider threat) for decades.

    [...]

    Virtualization evolved into "the cloud". TL/DR for everyone out there: the cloud is just someone else’s computer. You used to run it on your server in your datacenter. Move it "to the cloud" and it now runs on Frank’s Discount Cloud and actually sits in his basement in Peoria, Illinois. Cloud-enabled individuals and businesses to have a low-cost means to quickly deploy systems and applications. It offered benefits around high availability and other features you’d typically see deployed in Enterprise-class organizations. Instead of ordering physical boxes from your favourite retailer or OEM and having that take weeks to be delivered and weeks more to be configured and deployed, now you call up Frank (say "Hi!" to his mom while she’s down in the server room doing Frank’s laundry) and Frank can have you up and running with computing and storage resources in minutes. Cloud lets you "outsource" a lot of technology and skills you might not have in-house (or have any interest in managing yourself).

Latest on MDS

  • "ZombieLoad": a new set of speculative-execution attacks

    The curtain has finally been lifted on the latest set of speculative-execution vulnerabilities. This one has the delightful name of ZombieLoad; it is also known as "microarchitetural data sampling", but what's the fun in that? Various x86 processors stash data into hidden buffers that can, in some cases, be revealed via speculative execution. Exploits appear to be relatively hard.

  • Ubuntu updates to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities

    Microarchitectural Data Sampling (MDS) describes a group of vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in various Intel microprocessors, which allow a malicious process to read various information from another process which is executing on the same CPU core. This occurs due to the use of various microarchitectural elements (buffers) within the CPU core. If one process is able to speculatively sample data from these buffers, it can infer their contents and read data belonging to another process since these buffers are not cleared when switching between processes. This includes switching between two different userspace processes, switching between kernel and userspace and switching between the host and a guest when using virtualisation.

    In the case of a single process being scheduled to a single CPU thread, it is relatively simple to mitigate this vulnerability by clearing these buffers when scheduling a new process onto the CPU thread. To achieve this, Intel have released an updated microcode which combined with changes to the Linux kernel ensure these buffers are appropriately cleared.

    Updated versions of the intel-microcode, qemu and linux kernel packages are being published as part of the standard Ubuntu security maintenance of Ubuntu releases 16.04 LTS, 18.04 LTS, 18.10, 19.04 and as part of the extended security maintenance for Ubuntu 14.04 ESM users. As these vulnerabilities affect such a large range of Intel processors (across laptop, desktop and server machines), a large percentage of Ubuntu users are expected to be impacted – users are encouraged to install these updated packages as soon as they become available.

  • A Slew Of Stable Kernel Updates Issued For Addressing MBS / Zombieload Vulnerabilities

    Following today's disclosure of the new MDS vulnerabilities affecting Intel CPUs, a slew of new Linux kernel stable releases have been issued.

    Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities.

Insecurity firms spread fear over MDS to sell products/services

  • Linux Kernel Flaw Allows Remote Code-Execution

    The bug is remotely exploitable without authentication or user interaction.

    Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel.

    Kernel versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815), which exists in the rds_tcp_kill_sock in net/rds/tcp.c. “There is a race condition leading to a use-after-free [UAF],” according to the CVE description.

The 'insecurity publishers' use scary buzzwords now ("Meltdown")

  • The second Meltdown: New Intel CPU attacks leak secrets

    Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches.

    Since then, the research community found additional "side channel" techniques that could allow attackers to reconstruct secrets without having direct access to them, by analyzing how data passes through the CPU's microarchitectural components during speculative execution.

More on WhatsApp's Flaw

  • On WhatsApp, it may be hackers calling
  • Why it might be time to ditch WhatsApp for Signal or Telegram

    By now you’ve heard the news: WhatsApp is currently rolling out an urgent update to all app users to close a major vulnerability that leaves unpatched phones at risk of being targeted by hackers. WhatsApp is owned by Facebook, and if you plan to stick with the platform, don’t wait for an update notification: access your phone’s app store now to force install the update.

    Except maybe now is the time to go one step further: perhaps it’s the perfect opportunity to switch to a different messaging platform. One that’s not owned by one of the major tech companies, is equally -- if not more -- secure, and which works on more than just your phone. Enter stage left, Telegram, and stage right, Signal.

Linux vs. Zombieload

  • Linux vs. Zombieload

    The researchers have shown a Zombieload exploit that can look over your virtual shoulder to see the websites you're visiting in real-time. Their example showed someone spying on another someone using the privacy-protecting Tor Browser running inside a virtual machine (VM).

    Zombieload's more formal name is "Microarchitectural Data Sampling (MDS)." It's more common name comes from the concept of a "zombie load." This is a quantity of data that a processor can't handle on its own. The chip then asks for help from its microcode to prevent a crash. Normally, applications, virtual machines (VMs), and containers can only see their own data. But the Zombieload vulnerabilities enable an attacker to spy on data across the normal boundaries on all modern Intel processors.

    Unlike the earlier Meltdown and Spectre problems, Intel was given time to ready itself for this problem. Intel has released microcode patches. These help clear the processor's buffers, thus preventing data from being read.

    To defend yourself, your processor must be updated, your operating system must be patched, and for the most protection, Hyper-Threading disabled. When Meltdown and Spectre showed up, the Linux developers were left in the dark and scrambled to patch Linux. This time, they've been kept in the loop.

Canonical Releases Ubuntu Updates to Mitigate New MDS Security

  • Canonical Releases Ubuntu Updates to Mitigate New MDS Security Vulnerabilities

    Four new security vulnerabilities affecting Intel microprocessor have been publicly disclosed earlier, and Intel already released updated microcode firmware to mitigate them, but in the case of Linux-based operating system these flaws cannot be addressed only by updating the CPU firmware, but also by installing new Linux kernel versions and QEMU patches.

    The vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) affect various Intel processors and could allow a local attacker to expose sensitive information. They have an impact on all supported Ubuntu Linux releases, including Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr).

Intel and MDS

  • Intel CPUs impacted by new Zombieload side-channel attack

    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.

    The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow.

How Hackers Broke WhatsApp With Just a Phone Call

Cameron Kaiser: ZombieLoad doesn't affect Power Macs

  • Cameron Kaiser: ZombieLoad doesn't affect Power Macs

    The latest in the continued death march of speculative execution attacks is ZombieLoad (see our previous analysis of Spectre and Meltdown on Power Macs). ZombieLoad uses the same types of observable speculation flaws to exfiltrate data but bases it on a new class of Intel-specific side-channel attacks utilizing a technique the investigators termed MDS, or microarchitectural data sampling. While Spectre and Meltdown attack at the cache level, ZombieLoad targets Intel HyperThreading (HT), the company's implementation of symmetric multithreading, by trying to snoop on the processor's line fill buffers (LFBs) used to load the L1 cache itself. In this case, side-channel leakages of data are possible if the malicious process triggers certain specific and ultimately invalid loads from memory -- hence the nickname -- that require microcode assistance from the CPU; these have side-effects on the LFBs which can be observed by methods similar to Spectre by other processes sharing the same CPU core. (Related attacks against other microarchitectural structures are analogously implemented.)

WhatsApp is not end-to-end because Facebook keeps copy of keys

  • The Ultimate Bad Take: Bloomberg's Leonid Bershidsky Thinks A WhatsApp Vulnerability Proves End To End Encryption Is Useless

    Bloomberg has really been on a roll lately with getting security stories hellishly wrong. Last fall it was its big story claiming that there was a supply chain hack that resulted in hacked SupermMicro chips being used by Amazon and Apple. That story has been almost entirely debunked, though Bloomberg still has not retracted the original. Then, just a few weeks ago, it flubbed another story, claiming that the presence (years ago) of telnet in some Huawei equipment was a nefarious backdoor, rather than a now obsolete but previously fairly common setup for lots of equipment for remote diagnostics and access.

    The latest is an opinion piece, rather than reporting, but it's still really bad. Following yesterday's big revelation that a big security vulnerability was discovered in WhatsApp, opinion columnist Leonid Bersidsky declared it as evidence that end-to-end encryption is pointless.

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets

  • Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

    More than a year has passed since security researchers revealed Meltdown and Spectre, a pair of flaws in the deep-seated, arcane features of millions of chip sold by Intel and AMD, putting practically every computer in the world at risk. But even as chipmakers scrambled to fix those flaws, researchers warned that they weren't the end of the story, but the beginning—that they represented a new class of security vulnerability that would no doubt surface again and again. Now, some of those same researchers have uncovered yet another flaw in the deepest guts of Intel's microscopic hardware. This time, it can allow attackers to eavesdrop on virtually every bit of raw data that a victim's processor touches.

    Today Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel's chips. It's four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.

    [...]

    AMD and ARM chips don't appear to be vulnerable to the attacks, [...]

Microarchitectural Data Sampling (MDS) focus now on Intel

  • Intel reveals four more Spectre-like bugs in its processors

    Intel has revealed four more vulnerabilities in all its modern processors, all of which could lead to side channel attacks that use speculative execution to leak data.

  • Intel CPU Exploit Zombieload Uses Hyperthreading To Steal Data

    he latest Intel CPU exploit termed Zombieload is a speculative execution side-channel attack. It uses Intel Hyperthreading to execute a Microarchitectural Data Sampling (MDS) attack which targets buffers in CPU microarchitecture.

    According to a report, Intel CPUs made since 2008 are all susceptible to this attack. The latest 8th and 9th gen Intel CPUs are safe from this issue. Intel has released a security patch for this security flaw.

Steinar H. Gunderson: Bug fest

RIP Hyper-Threading?

  • RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub

    In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.

    Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.

    The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary microcode updates to mitigate the data-leaking vulnerabilities and list of affected products. Installing these fixes and disabling Intel's Hyper-Threading feature is a sure fire way to kill off the bugs, though there may be a performance hit as a result.

Debian Patches New Intel MDS Security Vulnerabilities in Debian

  • Debian Patches New Intel MDS Security Vulnerabilities in Debian Linux Stretch

    On May 14th, Intel disclosed four new security vulnerabilities affecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the Debian GNU/Linux 9 "Stretch" operating system series.

    "Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory," reads the security advisory.

Now the BSD World

  • The BSDs Get Promptly Mitigated For The MDS Side-Channel Vulnerabilities

    When Spectre and Meltdown came to light, there was some frustrations in the BSD community that it took time for them to be briefed and ultimately handling the mitigations for these CPU security vulnerabilities. Fortunately, with the new Microarchitectural Data Sampling (MDS, also dubbed "Zombieload") vulnerabilities, the key BSDs have seen punctual patches.

    FreeBSD on Tuesday issued a security advisory that does include patches and additional guidance. FreeBSD's guidance is also recommending the disabling of Hyper Threading for systems with users/processors in different trust domains. FreeBSD also provides instructions on setting up the loading of the latest Intel CPU microcode files and applying patches for FreeBSD 12 and 11 series.

Zombieload Intel Vulnerability Explained

  • Zombieload Intel Vulnerability Explained: Nasty Flaw In Millions Of CPUs

    Zombieload is the latest Intel CPU vulnerability to plague everything from desktop computers to enterprise level servers. However, due to the increasingly complex nature of online attacks, it is becoming harder for companies to detect and fix them.

    These fixes are usually half measured at best and cause the processors of enterprises as well as the average user to lose their performance value in the long run or so we’re told. Online attacks like Spectre and Meltdown affect almost everyone that uses a computer. It is a problem which is forcing companies to cut corners, more often than not, in areas concerning performance.

More MDS Media Coverage

СloudLinux, LWN and Red Hat on MDS

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

OSS Leftovers

  • The Power Of Open Source AI
    he open source software movement produced iconic innovations like the Firefox web browser, Apache server software and the Linux operating system—the genesis of the Android OS that currently powers 86% of the world’s smartphones. It also fostered a mindset around continuous improvement of tools that can be collaboratively shared, improved upon and distributed.
  • Apache Dubbo, the Java-based open source RPC framework becomes a Top-Level Project
    The Apache Software Foundation announced that the Java-based open source RPC framework used by giants like Alibaba, Apache Dubbo, is now a Top-Level Project. Let’s have a look at what this framework is all about. Apache Dubbo is a high-performance, Java-based Remote Procedure Call framework that has been in use at more than 150 companies, including giants like Alibaba Group or the Industrial and Commercial Bank of China. The Dubbo project was originally developed at Alibaba and open-sourced in 2011. It entered the Apache Incubator in February 2018 and the Apache Software Foundation announced that Dubbo is now a Top-Level Project!
  • Bridging divides with open source
    Application delivery is changing. At the risk of using buzzwords, it is being transformed – digitally. Continuous delivery has become the norm for DevOps (71 per cent plan on implementing, according to a study conducted by F5 and RedHat – NetOps Meets DevOps: The State of Network Automation), and continuous deployment must follow if business is to succeed in the era of Application Capital. While 73 per cent of organisations plan on pursuing continuous deployment, nearly half of them have yet to begin. A staggering 42 per cent have yet to automate a single component of the continuous deployment pipeline (according to a study conducted by F5 and RedHat – NetOps Meets DevOps: The State of Network Automation). [...] Applications themselves are mainly developed today from third-party components, a majority of them open source. Application infrastructure is increasingly built from open source components. From web servers to app servers, databases to ingress control, messaging to container runtimes and orchestration. IT operations are driven by open source tools like Puppet, Chef, Terraform, Helm, Kubernetes, and Ansible. These technologies are adopted because they answer multiple challenges: fast, frequent delivery and deployment along with a frictionless business model. They also encourage collaboration and innovation when entire organisations move to standardise on open source-based operations. None of that is possible without the passionate communities of developers who work tirelessly to improve their open source solutions. At F5, we appreciate the value of such communities. In a comparable example, our DevCentral community is based on collaborative innovation, guided by many of the same principles that drive open source projects. Code sharing and knowledge transfers across the community help the hundreds of thousands of members innovate and create new capabilities for our BIG-IP platform. With those solutions come new extensions, plug-ins, and libraries for open source projects like Puppet and Chef and node.js.
  • Open Source Analytics Platform Grafana Gets Update
    This week Grafana Labs announced the 6.2 release of its Grafana open source analytics platform...
  • Mozilla Revamps WebThings, its Open Source IoT
    Mozilla recently released its open source IoT platform, formerly called Project Things, as WebThings. Mozilla WebThings brings a series of logging, alarm, and networking features. Mozilla WebThings is an open source implementation of emerging Web of Things standards at the W3C. W3C Web of Things is an initiative that aims to reduce the IoT fragmentation, through the recently launched Web of Things Working Group. W3C started to develop the initial standards for the Web of Things, aiming to reduce the costs of development, lessen the risks to both investors and customers, and encourage exponential growth in the market for IoT devices and services.
  • WELL Health Acquires Ontario Open Source EMR OSCARprn for $876k
    WELL Health Technologies Corp. (“WELL”), a Vancouver, Canada-based company focused on consolidating and modernizing clinical and digital assets within the primary healthcare sector has acquired Ontario-based EMR provider OSCARprn – Treatments Solutions Ltd. OSCARprn is a trusted provider of EMR software, support and other services that work with OSCAR, an open source EMR platform developed by McMaster University in Hamilton, Ontario.
  • Carnegie Mellon’s Massive Open Source Initiative – Interview With the Leader Behind It
    In March, Carnegie Mellon University (CMU) announced an unprecedented initiative. Over the course of the year, they plan to release dozens of digital learning tools they have developed over the past decade on an open-source license. These include the learning analytics platform LearnSphere and their pioneering adaptive learning project the Open Learning Initiative (OLI). In all, CMU estimates $100 million in grants and university funding went into these efforts. The effort was spearheaded by the Simon Initiative, which continues the legacy of Nobel Laureate, Turing Award recipient, and CMU professor Herbert Simon.
  • iXsystems TrueNAS brings Open Source Economics to VMware vSphere [Ed: A BSD company is hooking up with a majot GPL violator]
  • André Laperrière: Executive Director at Global Open Data for Agriculture and Nutrition
    Andre Laperrière is executive director at the Global Open Data for Agriculture and Nutrition (GODAN) an initiative aiming to exchange ideas and knowledge to solve the world's looming food crisis
  • Open-source gene expression platform could yield more efficient food, biofuel crops
    An open-source RNA analysis platform has been successfully used on plant cells for the first time — a breakthrough that could herald a new era of fundamental research and bolster efforts to engineer more efficient food and biofuel crop plants. The technology, called Drop-seq, is a method for measuring the RNA present in individual cells, allowing scientists to see what genes are being expressed and how this relates to the specific functions of different cell types …. [T]he freely shared protocol had previously only been used in animal cells.

Open Hardware: Adafruit Feather and Stanford Doggo

  • Feather Plus Blackberry Equals Open Source Fauxberry
    The keyboard is a superior means of input, but to date no one has really figured out how to make a keyboard for small, handheld electronics. You could use tact switches, but that’s annoying, or you could use a touch screen. The best option we’ve seen is actually a Blackberry keyboard, and [arturo182] has the best example yet. It’s a small handheld device with a screen, keyboard, and WiFi that’s ready to do anything imaginable. Think of it as an Open Source Fauxberry. In any case, we want it. This project is actually a breakout board of sorts for the Adafruit Feather system, and therefore has support for WiFi, cellular, or pretty much any other networking of connectivity. To this blank canvas, [arturo] added an accelerator/magnetometer sensor, a single Neopixel, and of course the beautiful Blackberry keyboard. This keyboard is attached to an ATSAMD20G, a microcontroller with a whole bunch of I/O that translates key presses into I2C for the Feather.
  • Students from Stanford's Robotics Club Releases Open-Source Robo-Dog Online
    Robotics isn't cheap by any means, and no one knows this better than the students of the Extreme Mobility Team of Standford University's Robotics Club (SEMT). The materials used by university robotics clubs can cost upwards of tens of thousands of dollars, making it that much harder for many high schools and less well-funded colleges and universities to invest heavily in this important field of research.
  • Watch this open-source dog robot do backflips [Ed: This is more likely to be used in military rather than in aeronautics and astronautics (luxury of the rich)]
    “We’re hoping to provide a baseline system that anyone could build,” says Patrick Slade, graduate student in aeronautics and astronautics and mentor for Extreme Mobility.
  • Meet Doggo: Stanford’s cute open-source four-legged robot
    Doggo follows similar designs to other small quadrupedal robots, but what makes it unique is its low cost and accessibility. While comparable bots can cost tens of thousands of dollars, the creators of Doggo — Stanford’s Extreme Mobility lab — estimate its total cost to be less than $3,000. What’s more, the design is completely open source, meaning anyone can print off the plans and assemble a Doggo of their very own.
  • Stanford Students Built This Adorable, Bouncy, Open-Source Robot Dog
    Nearly all of the parts used to create Doggo were bought intact through the internet, while the rest can be easily 3D-printed. The total costs involved in building Doggo—including shipping and handling—amounted to less than $3,000, Kau and his team claim. Via the website Github, the team has also released all of the relevant information you would need to create your Doggo, including software coding, supply list, and manual instructions. From there, any enterprising roboticist could tweak the design to create an even more capable Doggo.

Programming: JavaScript, Perl, Python and C++

  • SD Times Open-Source Project of the Week: Knockout
    This week’s open-source project is Knockout (KO) and it works purely on JavaScript. KO is a JavaScript MVVM (a modern variant of MVC) library that enables developers to create rich, desktop-like user interfaces with JavaScript and HTML. KO uses “observers” that help the UI stay in sync with an underlying data model and declarative bindings to enable productive development, according to Knockout’s page on GitHub.
  • Why I love Perl 6

    love Perl 6 because, if that solution seems too scary to you (too infinite, too lazy, too concurrent, too pipelined, too Unicoded, too declarative, too functional, too much like something that an Erlang guru would code), then Perl 6 will equally allow you to write a plain and simple version: one that's imperative, iterative, block structured, variable-driven, pure ASCII, and more-or-less exactly what you'd write in Perl 5, or even in C: [...]

  • Python's creator thinks it has a diversity problem [Ed: Python has Microsoft entryism problems (far more urgent than this)]
  • Evennia: Creating Evscaperoom, part 1
  • Evennia: Creating Evscaperoom, part 2
  • Dissecting boost::astar_search
    Right now, I am having a hard time understanding BGL’s (the Boost Graph Library) template spaghetti, so decided to write a blogpost while I decipher it, one at a time, documenting the whole thing along the way.
  • KTextEditor/Kate Bugs – Scratch Your Own Itch