Language Selection

English French German Italian Portuguese Spanish

Free Software, Proprietary Stuff and Openwashing

Filed under
Misc
  • BSD Now 351: Heaven: OpenBSD 6.7

    Backup and Restore on NetBSD, OpenBSD 6.7 available, Building a WireGuard Jail with FreeBSD's standard tools, who gets to chown things and quotas, influence TrueNAS CORE roadmap, and more.

  • The Open Source Catch-22 | Self-Hosted 19

    We react to recently proposed Home Assistant changes, Alex attempts an extreme remote install, and we take a look at HomelabOS.

    Plus why Chris continues to collect Raspberry Pi's at an alarming rate.

  • April the month of Linux releases and open source updates

    Linux releases and software updates, as every year, April almost never passes without a new event in Linux and open source world. This year, The month "overlooked us" with interesting events about Linux and open-source.

    So what is this events and news? This is what you will know in the following lines. Have a pleasant reading.

  • MauiKit and Maui apps 1.1.1

    Today, we are pleased to announce the release of MauiKit and Maui Apps 1.1.1!.

    Are you a developer and want to start developing cross-platform and convergent apps, targeting, among other things, the upcoming Linux mobile devices? Then join us on Telegram: https://t.me/mauiproject. If you are interested in testing this project and helping out with translations or documentation, you are also more than welcome.

    The Maui Project is free and open-source software incubated by the KDE Community and developed by Nitrux Latinoamericana.

  • Installation images renamed from .fs to .img

    In a commit touching quite a few files, Theo recently renamed the installation images from installXX.fs to installXX.img: [...]

  • Innovating and scaling efficiently with Kubernetes and MicroK8s

    With the benefits of Kubernetes now well established in the containerisation space, its adoption continues to exponentially increase. However, as developers and enterprises alike turn to Kubernetes for more and more types of use cases, available Kubernetes solutions often fail to meet their exact needs.

    Canonical’s extensive Kubernetes portfolio is centered around Charmed Kubernetes and MicroK8s, designed to provide full flexibility from cloud to edge in order to facilitate efficient innovation and scaling.

  • Open Source Artificial Intelligence: Leading Projects

    Open source artificial intelligence projects don't always get a lot of publicity, but they play a vital role in the development of artificial intelligence. Because these open source projects are often pursued as passion projects by developers (sometimes in colleges and universities), the advances are creative and particularly forward looking.

    Typically freed from the constraints of a corporate setting (though some are supported by companies), these open source AI projects can dream big - and often deliver ground breaking machine learning and AI advances.

    Also important: the advances from these leading open source AI projects fuel the larger AI sector. That is, a new idea from this month's AI project ends up next year (or even next month) in a high end AI solution sold by a company.

    Remember, if you know of additional top open source AI tools that should be on this list, please include them in the comments section below.

  • CrowdStrike Falcon Expands Linux Protection with Enhanced Prevention Capabilities
  • BlueMail Launches Support for Debian and Red Hat Linux in Major Expansion

    Blix Inc., a leading provider of messaging solutions to consumers and businesses, today announces its popular BlueMail client is now compatible with Debian and Red Hat Linux. With this expansion, BlueMail is now available on a dozen Linux distributions, including Arch Linux, CentOS, elementaryOS, Fedora, KDE Neon, Kubuntu, Manjaro, Linux Mint, openSUSE and Ubuntu. As the world faces an increasingly remote workforce, this expansion brings BlueMail's cross-platform productivity and safety features to a global network of consumers, companies, and IT business leaders.

  • Zooming Past Equity in Higher Education: Technocratic Pedagogy Fails Social Justice Test - Censored Notebook

    The response to COVID-19 by governing institutions has altered the lives and practices of people across the nation, including the students, faculty, and staff in higher education. One of the biggest changes in educational institutions has been the increased reliance on Zoom conferences in-place of traditional face-to-face classroom meetings. For example, in May 2020, the website for Ohlone College, a community college in Fremont, CA, had an announcement that read, “IMPORTANT: All classes will be held online during the 2020 Summer Term. Classes that have scheduled meeting days and times will meet via ConferZoom online.”

  • Zoom fatigue is real and it’s costly

    I think a good rule of thumb is to keep Zoom calls restricted to four people or fewer and 30 minutes or shorter. And even with four people, do email if you can, phone calls if you must and Zoom only if there's some really good reason for it.

  • GitHub Reinstates Popcorn Time Code Despite MPA 'Threat'

    Earlier this month, an MPA takedown notice pulled Popcorn Time's GitHub repository offline. The Hollywood group, which also represents Netflix, argued that the code facilitates mass copyright infringement. While that may be the case, Popcorn Time filed a counternotice arguing that they own the code. Faced with contradicting requests, Github has now reinstated the repository.

  • Chrome 83 adds DNS-over-HTTPS support and privacy tweaks

    After delays to Chrome version 81 in March, and the scrapping of version 82 a month later, this week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned.

    As browser updates go, it’s a lot to take in although some of them are more tweaks to existing features than anything radically new.

    It’s hard to pick out a single big feature, although for some it will be upgraded support for DNS-over-HTTPS (DoH), a privacy technology that makes it much harder for third parties (ISPs, the Government, malevolent parties) to see which web domains someone is visiting.

    See our previous coverage for more explanation of the benefits of DoH (and forthcoming support for it in Windows 10) but be aware that Google still doesn’t make using this as easy as it should be.

  • Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT

    Google released Chrome 83 on Tuesday after skipping version 82 entirely due to coronavirus-related challenges, bringing with it security for DNS queries, a revised extension interface that developers dislike, and a few other features.

    The latest iteration of Google's browser implements DNS-over-HTTPS (DoH), a way to prevent domain-name queries from being observed on the network, between the browser and the DNS server, at least. Traditionally, DNS queries and replies sent using TCP or UDP are not encrypted, even when internet users are interacting with websites over an encrypted HTTPS connection.

    DoH was proposed to improve privacy and security by wrapping TLS encryption around the DNS queries that convert human-friendly domain names, like theregister.co.uk, into network addresses computers can connect to, such as 104.18.5.22.

    Google has been testing DoH since Chrome 78 last year, and is now rolling it out proper. Mozilla has been doing the same in its Firefox browser, and in February made DoH available to US Firefox users by default.

  • Mozilla VR Blog: Firefox Reality for HoloLens 2

    Mozilla's Mixed Reality team is excited to announce the first public release of Firefox Reality in the Microsoft store. We announced at Mobile World Congress 2019 that we were working with Microsoft to bring a mixed reality browser to the HoloLens 2 platform, and we're proud to share the result of that collaboration.

    Firefox Reality is an experimental browser for a promising new platform, and this initial release focuses on exposing the powerful AR capabilities of HoloLens 2 devices to web developers through the new WebXR standard.

More in Tux Machines

Security and Proprietary Issues

  • Surprise Capital One court decision spells trouble for incident response

    Break in case of emergency: Language is everything. Delineate clearly in all written comms between a ‘potential incident’ - and an actual one. Don’t start turning one of the hundreds of security events you see into a ‘security incident’ before the most essential facts are understood. Halpert’s threshold for incidents that need to be covered by legal privilege are: a) An incident that gives rise to an obligation to notify a regulator, or a contractual obligation to notify a business partner; or b) An incident that exposed trade secrets or otherwise would affect the share price of a company; or c) An incident that would cause significant reputational hit to the company; or d) An incident in which a crime is committed.

  • Judge rules Capital One must hand over Mandiant's forensic data breach report

    It’s a significant ruling that effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. It’s common for Fortune 500 companies to keep incident response firms like Mandiant on retainer, though it’s rare for those firms’ insights on high profile breaches to be made public. Similar rulings in the future could provide aggrieved customers with ammunition to seek higher pay-outs in court.

  • Retrotech: The Novell NetWare Experience

    In the simplest terms possible, NetWare was a dedicated network operating system. It was designed around fast and reliable network operations at the expense of almost everything else. Novell had invested massive amounts of research in figuring out how to do fast I/O and minimizing any delays from hardware related sources. The end result was a very lean system that remained stable and performant with a large number of clients attached. As networking was Novell's bread and butter, NetWare had excellent support for everything: clients were available for DOS, Windows, UNIX, Macintosh, OS/2 and probably other platforms I've never even heard of.

    The early history of NetWare is very muddled, and pre-2.0 versions have been lost to time. This compounded with poor documentation has made it very difficult to trace the early history of the product. However, while NetWare was not the first (or only) network product for IBM PCs, it quickly became the largest, displacing IBM's PC Network, and laughed at Microsoft's LAN Manager, and IBM OS/2 LAN Server.

    While NetWare did compete on UNIX, Sun had already gotten their foot in the door by porting NFS and making it the de-facto solution for all UNIXs of the era, as well as Linux. Meanwhile, Apple held onto AppleTalk which itself survived well into the early 2000s when NetWare had already disappeared into the aether. The explosion of Wintel PCs throughout the 90s had given NetWare a market position that should have been very difficult to dislodge.

    The full story of NetWare's fall from grace is a story for another time, but I do want to go into the more technical aspects that were both the boon and bane of NetWare. Much of NetWare's success can be attributed to its own IPX protocol which made networking plug and play and drastically lowered latencies compared to NetBIOS or even TCP/IP.

  • Polish malspam pushes ZLoader malware

    When enabling macros on the malicious Excel spreadsheet, the victim host retrieved the ZLoader DLL as shown in the previous section, saved the DLL to the victim's Documents folder, and ran it using rundll32.exe.

  • Microsoft Defender SmartScreen is hurting independent developers

    But what is SmartScreen?

    SmartScreen collects installation data from all Windows users in order to establish “reputation”. If the program does not have an established good reputation, you get this big warning message. By this time most users have deleted the .exe already thinking it is a malware, but SmartScreen can be bypassed by clicking on “More info” then “Run anyway”.

    The digital signature racket

    But let’s say you bite the bullet, you buy yourself an overpriced piece of prime numbers generated by a computer, sign your code and re-publish your application. You can now start getting users to install your app right? Wrong.

    But how do you build reputation? First of all, Microsoft needs to be able to gather information on who has published the app, and this is done by a code signing certificate. The most obvious implication is that unsigned apps will always trigger SmartScreen. The more insidious implication is that acquiring a code signing certificate is a big expense for an individual developer. There is currently no “Let’s Encrypt” equivalent to code signing certificates; so you have to purchase it from trusted authorities. The price range is wide but a certificate only valid for a year will typically go for about $100.

  • #Privacy: Michigan State University struck by ransomware attack

    It remains unclear as to how and when the attack happened, and what the ransom demand is.

    NetWalker is one of twelve ransomware gangs who threaten to publish data in revenge if organisations refuse to pay the ransom demand.

    MSU have not official disclosed the incident, however, an MSU spokesperson, Dan Olsen shared the following statement to EdScoop: “We are aware of a possible intrusion and we are actively looking into it.”

  • MSU: We won't pay [attacker] demanding ransom, threatening university over records

    University officials believe the latest breach occurred on Memorial Day and took relevant computer systems offline within hours of the intrusion, according to a news release. It compromised data associated with the Department of Physics and Astronomy, and information technology teams are coordinating with law enforcement to understand the scope of the breach. Investigators are notifying and providing support to affected MSU affiliates as they are identified.

    The cybersecurity breach, known as a ransomware attack, first became public May 27 when a [cr]acker-affiliated blog posted screenshots of files allegedly belonging to MSU affiliates. Images circulating on social media include a redacted passport and a list of transactions related to physics and astronomy projects. They also show a countdown clock that warns of “secret data publication” less than one week from when the screenshots were taken.

  • Michigan State target of ransomware attack threatening to release university data

    The ransom demanded was not specified, but the ransomware gang is prepared to release the university's documents.

    The NetWalker, a newer form of ransomeware sometimes labeled as Mailto, blog post threatened publication of 'secret' documents dated with a countdown clock with close to a week remaining.

  • Malware Team NetWalker Launches Ransomware Attack Against Weiz

    The Malware team NetWalker launched a new ransomware attack against the Austrian village of Weiz which affected the public service system and leaked a lot of the stolen data from building applications as we are about to read more in the following latest cryptocurrency news.

    According to the cybersecurity firm Panda Security, the Malware team managed to enter the town’s public network through phishing emails related to the Coronavirus pandemic. The subject of the emails which was ‘’information about the coronavirus’’ was used to bait the employees of the public infrastructure of the city into clicking on malicious links which triggered the ransomware.

    Panda Security claims that the ransomware attack belongs to a new version of a ransomware family that spreads by using VBScripts. If the infection is successful, it will spread through the entire windows network to which the infected machine is related. The report details that the ransomware terminates and services under Windows which encrypts files on all available disks thus eliminating the backups.

  • Inside a ransomware gang’s attack toolbox

    The crooks deployed a pirated copy of the Virtual Box virtual machine (VM) software to every computer on the victim’s network, plus a VM file containing a pirated copy of Windows XP, just to have a “walled garden” for their ransomware to sit inside while it did its cryptographic scrambling.

    But that’s far from everything that today’s crooks bring along for a typical attack, as SophosLabs was able to document recently when it stumbled upon a cache of tools belonging to a ransomware gang known as Netwalker.

  • Researchers Dive Into Evolution of Malicious Excel 4.0 Macros

    For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 (XL4) macros, observing the fast pace at which malware authors change them to stay ahead of security tools.

    A central part of many organizations’ productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.

    During their five-month research, Lastline observed thousands of malicious samples, clustered into waves that provide a comprehensive picture of how the threat has evolved in both sophistication and evasiveness.

  • MSU won't pay ransom to [cr]acker who stole financial documents, personal information

    EdScoop reported the ransomware attack on May 27 and provided screenshots from a blog on the dark web, showing what appear to be a student's passport, MSU financial documents and files from the MSU network, as well as a countdown that had about one week remaining as of May 27.

  • Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

    Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

    The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress file directories and contains websites’ database credentials and connection information, in addition to authentication unique keys and salts. By downloading the sites’ configuration files, an attacker would gain access to the site’s database, where site content and credentials are stored, said researchers with Wordfence who spotted the attack.

    Between May 29 and May 31, researchers observed (and were able to block) over 130 million attacks targeting 1.3 million sites.

  • Denial of service attacks against advocacy groups skyrocket

    Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S.

    In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically.

Reading about open source in French

English speakers have so many wonderful open source resources that it's easy to forget that communications in English aren't accessible to everyone everywhere. Therefore, I've been looking for great open source resources in Spanish and French, so I can recommend them when the need arises. One I've been looking at recently is LinuxFr.org, which seems to be a fine "agora" for all sorts of interesting conversations in French about open source specifically and open everything else as well. Read more

Open Source Password Manager Bitwarden Introduces Two New Useful Features: Trash Bin & Vault Timeout

Bitwarden is unquestionably one of the best password managers available for Linux. It’s also a cross-platform solution — so you can use it almost anywhere you like. You can also read our review of Bitwarden if you want to explore more about it. Now, coming back to the news. Recently, Bitwarden introduced two new major features that makes it even better. Read more

6 Kubernetes Security Best Practices Every Linux Administrator Should Know

Kubernetes is a popular container orchestration platform used by many professionals around the world. It’s an open-source platform that enables you to manage containerization, providing you with feature-rich controls. However, Kubernetes is not easy to learn and maintain. To properly secure Kubernetes operations, you need to adopt certain best practices. Read more