Language Selection

English French German Italian Portuguese Spanish

Google

Proprietary Software and Security Issues

Filed under
Google
Microsoft
Security
  • Google Blames Gmail, YouTube Outage on Error in User ID System

    Google diagnosed a widespread outage that knocked out major services earlier this week, such as Gmail and YouTube, as a mistake with its system for identifying people online.

    Alphabet Inc.’s Google has several tools that enable it to verify and track logged-in users. In October, the company began moving those tools to a new file storage system, and in the process misreported portions of the data, according to a Friday post. That caused several of its services to go down for 47 minutes Monday morning, a rare technical misstep.

  • Windows 10 updates cause CorsairVBusDriver BSOD crash loop
  • Microsoft has delivered a partial fix for this nagging Windows 10 bug

    Microsoft has released a partial fix for a known issue affecting Windows 10 devices with certain audio drivers for Conexant and Synaptics devices. The issue has been under investigation since May this year.

  • Attackers in compromised US system at least since mid-2019: report

    Malicious attackers, who were exposed as having hit a number of government and private sector entities through software made by Texas firm SolarWinds, appear to have gained access to that firm's network as early as mid-2019, Yahoo! News claims.

  • Suspected Russian [attack]: Was it an epic cyber attack or spy operation?

    But for many current and former American officials, that’s not the right way to look at it. By [cracking] into dozens of corporations and government agencies, they say, the [crackers] have pulled off a stunning and distressing feat of espionage. But they note that it’s just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries.

    It might constitute an attack if the intruders destroyed data, for example, or used their access to do damage in the physical world, say, by shutting down power grids. But breaking into unclassified government and corporate networks? Reading other people’s emails? That’s spying.

  • Exploiting a stack-based buffer overflow in practice

    In my previous post, I detailed a fun method of obtaining root access on the Zyxel VMG8825-T50 router, which required physical access to the device and authenticated access to the web interface.

    In this post, I will detail the exploitation of a vulnerability that could potentially result in unauthenticated RCE as root, given LAN access only. This vulnerability was also found on the VMG8825-T50 router, but it turns out to be present in multiple other Zyxel devices.

Expanding Fuchsia's open source model

Filed under
Google
OSS

Fuchsia is a long-term project to create a general-purpose, open source operating system, and today we are expanding Fuchsia’s open source model to welcome contributions from the public.

Fuchsia is designed to prioritize security, updatability, and performance, and is currently under active development by the Fuchsia team. We have been developing Fuchsia in the open, in our git repository for the last four years. You can browse the repository history at https://fuchsia.googlesource.com to see how Fuchsia has evolved over time. We are laying this foundation from the kernel up to make it easier to create long-lasting, secure products and experiences.

Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what’s being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access.

Read more

Also: Google's Fuchsia Open-Source OS To Begin Accepting Community Contributions

WWW: WordPress, Chrome, Mozilla

Filed under
Server
Google
Moz/FF
Web
  • Half of Websites Will Be WordPress-Driven by 2025 / Digital Information World

    Based on CMS usage trends, now available for 2019 and most of the current year, several outlets have projected that WordPress will be the driving force behind half of all websites by 2025. According to the newest numbers by W3Techs, its usage is growing by 2.47% per year on average. If it continues at this rate, WordPress will surpass 50% market share, potentially within the next five years.

    [...]

    The pandemic has hastened the shift from brick-and-mortar to e-commerce by roughly five years. Today's 'online first' strategy is commonplace for many new and established businesses. However, as of 2019, less than two-thirds of small businesses had a website. For many business thought-leaders, the idea that a brand is too small or unsuitable for online trade ceases to exist. In the post-millennial marketplace, stores without an online presence give the impression that you're no longer in business.

    The trajectory of WordPress has historically depended on the demands of its users. It's continuously unfolded to cater to millions of bloggers and webmasters around the globe. Improvements such as REST API and the Gutenberg editor means WordPress is now better placed to contend with closed-source competitors Shopify, Wix, and Squarespace. Furthermore, you can anticipate developers will see WordPress as a simple solution to power the expansion of all varieties of mobile and web apps.

  • Chrome to remove HTTP/2 Push

    Chromium developers have announced that they plan to remove support for HTTP/2 server push from the market-leading browser engine. Server push lets web servers preemptively send clients resources it expects them to request later. The technique can reduce the number of network round-trips required before the client has all the resources it needs to display a page. The announcement cited high implementation complexity, low adoption among websites, and questionable performance gains as the reason for the removal.

    Server push is an optional feature introduced in the HTTP/2 standard. Chrome can remove it and remain compatible with the HTTP/2 standard. When used correctly, server push can greatly improve page-load times. It also enables use-cases like instant redirects.

  • celery-batches 0.4 released!

    Earlier today I released a version 0.4 of celery-batches with support for Celery 5.0. As part of this release support for Python < 3.6 was dropped and support for Celery < 4.4 was dropped.

  • This Week in Glean: Glean is Frictionless Data Collection

    So you want to collect data in your project? Okay, it’s pretty straightforward.

Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core

Filed under
Linux
Google

Google engineer Joel Fernandes sent out the ninth version of their "core scheduling" patches for the Linux kernel that allows for allowing only trusted tasks to run concurrently on the same CPU core -- in cases where Hyper Threading is involved to safeguard the system against the possible security exploits.

Core Scheduling has been a popular topic since vulnerabilities like MDS and L1TF have come to light. Core Scheduling aims to make Hyper Threading safer and by only letting trusted tasks share a CPU core is a reasonable safeguard for still leaving Hyper Threading active on servers rather than disabling it in the name of security. DigitalOcean, Oracle, Google, and other major x86_64 players have all been interested in core scheduling and working on different solutions in order to keep HT/SMT active. Particularly for the major cloud server providers having to disable HT/SMT would be a big blow to their models.

Read more

FydeOS beta brings Chromium OS to the PineBook Pro (Android app support too)

Filed under
GNU
Linux
Google

The PineBook Pro is a $200 laptop with a 14 inch full HD display, a Rockchip RK3399 processor, 4GB of RAM, 64GB of storage, and support for a bunch of different operating systems… most of which are GNU/Linux distributions.

But you can also turn the laptop into a Chromebook-like device by installing a new beta release of FydeOS 11.2 for the PineBook Pro.

Read more

Noscript cures font vulnerabilities

Filed under
Google
Moz/FF
Security
Web

In the past month, I've read about a dozen security bulletins involving remote execution exploits due to font parsing vulnerabilities in a range of operating systems, from desktop to mobile. In all these cases, there was a detailed mention of problems, but very little if any mention of possible solutions, other than vendor updates, that is.

Which is rather intriguing, because there is a tool that can help you with fonts. It's called Noscript, it's a supreme browser extension available in Firefox and more recently in Chrome, and it allows you to govern the loading of fonts in your webpages. A simple and elegant tool that can save - or at the very least, significantly minimize, headache with fonts. But does it get the spotlight it deserves? Of course not, drama and fear are far more interesting. Let's see what gives.

Read more

Uncovering the Best Open Source Google Analytics Alternatives

Filed under
Google
OSS
Web

Web analytics is the measurement, collection, analysis and reporting of internet data. In a nutshell, it is the study of website visitor behavior. It is the process of using online data to transform a organization from faith-based to data driven.

This type of software helps you generate a holistic view of your business by turning customer interactions into actionable insights. Using reports and dashboards, web analytics software lets you sort, sift and share real-time information to help identify opportunities and issues. Keeping track of web visitors, analyzing traffic sources, measuring sales and conversions are just some of the possibilities.

Google Analytics is an excellent well known free service that lets webmasters and site owners access web analytics data. The web service generates detailed statistics about a website’s traffic and sources. It helps marketers and is the most widely used website statistics service. But the biggest downside with Google Analytics is that your data is controlled and used for Google’s own purposes, not just by you. It is also not an open source solution, with a webmaster or site owner being denied access to the raw data.

There are also many other remote-hosted web analytics services that are well-designed and comprehensive. However, if you want an open source solution where the software is hosted on your own server, there are some good alternatives. Having the software installed on your server means that you retain full control over your data, with the possibility of integrating that data into your own system. This solution might, for example, be important to people who do not want to give Google (or another organization) the invitation to control a large portion of their online activity, or who want to be fully in control of visitor privacy.

To provide an insight into the quality of software that is available, we have compiled the following list of open source web analytics software.

Read more

Also: ITFirms Lists Top Free, Open-Source Statistical Analysis Software

USDOJ Takes on Google, Mozilla Responds

Filed under
Google
Moz/FF
Web
Legal
  • Justice Department Sues Monopolist Google For Violating Antitrust Laws

    oday, the Department of Justice — along with eleven state Attorneys General — filed a civil antitrust lawsuit in the U.S. District Court for the District of Columbia to stop Google from unlawfully maintaining monopolies through anticompetitive and exclusionary practices in the search and search advertising markets and to remedy the competitive harms. The participating state Attorneys General offices represent Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina, and Texas.

    “Today, millions of Americans rely on the Internet and online platforms for their daily lives. Competition in this industry is vitally important, which is why today’s challenge against Google — the gatekeeper of the Internet — for violating antitrust laws is a monumental case both for the Department of Justice and for the American people,” said Attorney General William Barr. “Since my confirmation, I have prioritized the Department’s review of online market-leading platforms to ensure that our technology industries remain competitive. This lawsuit strikes at the heart of Google’s grip over the internet for millions of American consumers, advertisers, small businesses and entrepreneurs beholden to an unlawful monopolist.”

  • Mozilla Reaction to U.S. v. Google

    Like millions of everyday internet users, we share concerns about how Big Tech’s growing power can deter innovation and reduce consumer choice. We believe that scrutiny of these issues is healthy, and critical if we’re going to build a better internet. We also know from firsthand experience there is no overnight solution to these complex issues. Mozilla’s origins are closely tied to the last major antitrust case against Microsoft in the nineties.

    In this new lawsuit, the DOJ referenced Google’s search agreement with Mozilla as one example of Google’s monopolization of the search engine market in the United States. Small and independent companies such as Mozilla thrive by innovating, disrupting and providing users with industry leading features and services in areas like search. The ultimate outcomes of an antitrust lawsuit should not cause collateral damage to the very organizations – like Mozilla – best positioned to drive competition and protect the interests of consumers on the web.

  • DOJ May Force Google To Sell Chrome To Settle Antitrust Case: Report

    he U.S. Department of Justice may force Google to sell its Chrome browser. The development came after the US Congress’ antitrust report on big tech companies.

    It is also told that the DOJ is targeting Google’s advertising business as well. The prosecutors aim at breaking Google’s monopoly on the $162 billion digital advertising market. Politico reported the development via anonymous sources.

Will Google Stadia Boost Linux Gaming?

Filed under
GNU
Linux
Google
Gaming

Following my recent article on Steam Machines, quite a few comments appeared on the interwebs. Among them, someone remarked that my final point about Linux Gaming being too reliant on Valve was missing the fact that Google Stadia exists. And therefore this would be akin to having several companies for which Linux gaming matters.

This is a valid point. I had to address it.

What is Stadia? Stadia is a solution designed by Google to stream games to any device with little latency, as long as such devices have a Google Stadia client, the Chrome web browser or a Chromecast. There is a free tier where you can use Stadia and purchase games as you go, and a Pro version which costs about 10 bucks per month after you buy the Premiere Edition with the controller (129 USD).

Read more

Google Coral Dev Board mini SBC is now available for $100

Filed under
Linux
Google
Hardware
Debian

Google Coral SBC was the first development board with Google Edge TPU. The AI accelerator was combined with an NXP i.MX 8M quad-core Arm Cortex-A53 processor and 1GB RAM to provide an all-in-all AI edge computing platform. It launched for $175, and now still retails for $160 which may not be affordable to students and hobbyists.

[...]

The board runs Debian based Mendel Linux distribution developed by Google for Coral boards and supports TensorFlow Lite and AutoML Vision Edge with the latter enabling “fast, high-accuracy custom image classification models”.

Read more

Syndicate content

More in Tux Machines

today's leftovers

  • Parler Tricks: Making Software Disappear

    Much has been written and broadcast about the recent actions from Google and Apple to remove the Parler app from their app stores. Apps get removed from these app stores all the time, but more than almost any past move by these companies, this one has brought the power Big Tech companies wield over everyone’s lives to the minds of every day people. Journalists have done a good job overall in presenting the challenges and concerns with this move, as well as addressing the censorship and anti-trust issues at play. If you want a good summary of the issues, I found Cory Doctorow’s post on the subject a great primer. [...] This is part of the article where Android users feel smug. After all, while much more of their data gets captured and sold than on iOS, in exchange they still (sometimes) have the option of rooting their phones and (sometimes) “sideloading” applications (installing applications outside of Google’s App Store). If Google bans an app, all a user has to do is follow a list of complicated (and often sketchy) procedures, sometimes involving disabling protections or installing sketchy software on another computer, and they can wrench back a bit of control over their phones. Of course in doing so they are disabling security features that are the foundation for the rest of Android security, at which point many Android security experts will throw up their hands and say “you’re on your own.” [...] The Librem 5 phone runs the same PureOS operating system as Librem laptops, and it features the PureOS Store which provides a curated list of applications known to work well on the phone’s screen. Even so, you can use the search function to find the full list of all available software in PureOS. After all, you might want that software to be available when you dock your Librem 5 to a larger screen. We aim to provide software in the PureOS store that respects people’s freedom, security, and privacy and will audit software that’s included in the store with that in mind. That way people have a convenient way to discover software that not only works well on the phone but also respects them. Yet you are still free to install any third-party software outside of the PureOS Store that works on the phone, even if it’s proprietary software we don’t approve of.

  • Apple Mulls Podcast Subscription Push Amid Spotify's Land Grab

    The talks, first reported by The Information, have been ongoing since at least last fall, sources tell to The Hollywood Reporter, and ultimately could end up taking several different forms. Regardless, it’s clear that Tim Cook-led Apple — after spending the last two years watching rival-in-music-streaming Spotify invest hundreds of millions of dollars to align itself with some of the most prolific producers and most popular personalities in podcasting — is no longer content sitting on the sideline. “There’s a huge opportunity sitting under their nose with 1.4 million iOS devices globally,” says Wedbush Securities analyst Daniel Ives, “and they don’t want to lose out.” Apple declined to comment about its podcasting plans.

    Much of the growth of the podcasting industry over the last decade can be traced back to Apple and its former CEO Steve Jobs, who in 2005 declared that he was “bringing podcasting mainstream” by adding support for the medium to iTunes. A few years later, the company introduced a separate Podcasts app that quickly became the leading distribution platform for the medium. But Apple, which netted $275 billion in sales in fiscal 2020, has refrained from turning podcasting — still a relatively small industry that the Interactive Advertising Bureau estimated would bring in nearly $1 billion in U.S. advertising revenue last year — into a moneymaking venture.

  • Blacks In Technology and The Linux Foundation Partner to Offer up to $100,000 in Training & Certification to Deserving Individuals [Ed: Linux Foundation exploits blacks for PR, even though it does just about nothing for blacks [1, 2]]

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and The Blacks In Technology Foundation, the largest community of Black technologists globally, today announced the launch of a new scholarship program to help more Black individuals get started with an IT career. Blacks in Technology will award 50 scholarships per quarter to promising individuals. The Linux Foundation will provide each of these recipients with a voucher to register for any Linux Foundation administered certification exam at no charge, such as the Linux Foundation Certified IT Associate, Certified Kubernetes Administrator, Linux Foundation Certified System Administrator and more. Associated online training courses will also be provided at no cost when available for the exam selected. Each recipient will additionally receive one-on-one coaching with a Blacks In Technology mentor each month to help them stay on track in preparing for their exam.

  • the tragedy of gemini

    While everything I have seen served via Gemini is friendly and sociable, the technical barriers of what-is-a-command-line and how-do-I-use-one are a fence put up that keep out the riffraff. Certainly, you can walk around the corner and go through the gate, but ultimately the geminiverse is lovely because it is underpopulated, slower-paced, and literate. It is difficult enough to access that those who can use it can be welcoming without worrying its smallness will be compromised.

    The tragedy is that I don’t think many of its denizens would claim that they only want to hear from technical, educated people, but in order to use a small [Internet], an August [Internet], they have let the fence keep out anyone else.

Devices: GigaIPC, Raspberry Pi, and Arduino Projects

  • Rugged systems provide IP67 waterproofing

    GigaIPC unveiled two compact, IP67-protected “QBix-WP” computers with Linux support and rugged M12 ports for 2x LAN, 3x COM, GPIO, and 9-36V input: one with 8th Gen Whiskey Lake and the other with Apollo Lake. Taiwan-based GigaIPC has announced a “QBiX-WP Series” of rugged embedded systems with IP67 protections: an 8th Gen Whiskey Lake based QBiX-WP-WHLA8265H-A1 and an Apollo Lake powered QBiX-WP-APLA3940H-A1. IP67 provides level 6 “dust-tight” protection against dust ingression and level 7 waterproofing against liquid ingress including immersion at up to 1 meter for 30 minutes.

  • Deter burglars with a Raspberry Pi chatbot
  • Arduino Blog » 3D-printed mobile robot platform based on the Arduino Due

    Although an Arduino can be a great way to provide computing power for a mobile robot platform, you’ll need a variety of other electronics and mechanical components to get it going. In his write-up, computer science student Niels Post outlines how he constructed a robot that travels via two stepper motors, along with casters to keep it upright. The round chassis is 3D-printed and runs on three rechargeable 18650 batteries.

  • Arduino Blog » Making your own Segway, the Arduino way

    After obtaining motors from a broken wheelchair, this father-son duo went to work turning them into a new “Segway.” The device is controlled by an Arduino Uno, along with a pair of motor drivers implemented handle the device’s high current needs. An MPU-6050 allows it to react as the rider leans forward and backwards, moving with the help of a PID loop. Steering is accomplished via a potentiometer, linked to a bent-pipe control stick using a bottle cap and glue.

Programming: PureScript, C++, Lua, and Raku

  • Excellent Free Tutorials to Learn PureScript - LinuxLinks

    PureScript is a small strongly, statically typed programming language with expressive types, written in and inspired by Haskell, and compiling to Javascript. It can be used to develop web applications, server side apps, and also desktop applications with use of Electron.

  • C++ Operator Overloading – Linux Hint

    This article provides a guide to operator overloading in C++. Operator overloading is a useful and powerful feature of the C++ programming language. C++ allows overloading of most built-in operators. In this tutorial, we will use several examples to demonstrate the operator overloading mechanism. [...] The C++ language allows programmers to give special meanings to operators. This means that you can redefine the operator for user-defined data types in C++. For example, “+” is used to add built-in data types, such as int, float, etc. To add two types of user-defined data, it is necessary to overload the “+” operator.

  • Lua, a misunderstood language

    Lua is one of my favourite programming languages. I’ve used it to build a CMS for my old educational website, for creating cool IoT hardware projects, for building little games, and experimenting with network decentralisation. Still, I don’t consider myself an expert on it at all, I am at most a somewhat competent user. This is to say that I have had exposure to it in various contexts and through many years but I am not deep into its implementation or ecosystem. Because of that, it kinda pains me when I read blog posts and articles about Lua that appear to completely miss the objective and context of the language. Usually these posts read like a rant or a list of demands. Most recently, I saw a post about Lua’s Lack of Batteries on LWN and a discussion about that post on Hacker News that made me want to write back. In this post I’ll address some of the comments I’ve seen on that original article and on Hacker News.

  • A Complete Course of the Raku programming language

    This course covers all the main aspects of the language that you need to use in your daily practice. The course consists of five parts that explain the theory and offer many practical assignments. It is assumed that you try solving the tasks yourself before looking to the solution.

    If you’re only starting to learn Raku, you are advised to go through all the parts in the order they are listed in the table of contents. If you have some practice and you want to have some specific training, you are welcome to start with the desired section.

Software: Trakt Scrobbler, GIMP, and More

  • Sync mpv, VLC, Plex And MPC-BE/MPC-HC With Trakt.tv Using Trakt Scrobbler

    Trakt Scrobbler is a Trakt.tv scrobbler for Linux, macOS and Windows, which supports VLC, MPV, MPC-BE/MPC-HC and Plex (doesn't require a Plex Pass). The tool is controlled from the command line. After the initial setup, Trakt Scrobbler runs in the background, monitoring what's playing (movies / TV show episodes) in the media players you configure, and sending this information to Trakt.tv. It also displays optional desktop notifications when scrobbling begins and ends

  • [PPA Update] GIMP 2.10.22 with Python Script Support in Ubuntu 18.04

    For Ubuntu 18.04 users sticking to the PPA build of GIMP image editor 2.10.22, now the Python Script support is back. Since old GTK2 and Python 2 libraries being removed from Ubuntu universe repositories, the Python script support was excluded due to lack of dependencies when I was uploading the GIMP packages into PPA. Ubuntu 18.04 was neglected, though. It meets all the dependencies to build the requested feature. So I added it back. Hope it’s not too late for you :). And the package was totally built via the rules from otto-kesselgulasch’s PPA.

  • Linux Release Roundup: Kdenlive 20.12.1, BleachBit 4.2.0 & LibreOffice 7.1 RC - OMG! Ubuntu!

    I’m keen to get back into the habit of posting Linux release roundups. The last one I wrote was way back in 2019 — so it’s been a while! [...] Well, open source and Linux-focused development never stops. App, tool, kernel, driver, distro, and framework updates pop out each and every week. Not all of these updates are what you’d call ‘substantial’ or ‘must-read’ news. Point releases, for instance, are difficult to “pad out” into a full length article (much less sound like one you’d want to read about). I’m loathe to start firing out 8 short posts a day on thin topics. It clogs up your feed reader and pushes genuinely interesting content off the main page. Hence the roundups. I get the satisfaction of being able to cover the “lite” news items I normally skip (and mention distro releases I might not normally be able to), and you get the satisfaction of knowing you’re missing out on even less stuff. Keen to see what meaty chunks are threaded on this week’s skewer? Read on…