Proprietary Software and Security Issues
Submitted by Roy Schestowitz on Saturday 19th of December 2020 09:08:35 AM Filed under


-
Google Blames Gmail, YouTube Outage on Error in User ID System
Google diagnosed a widespread outage that knocked out major services earlier this week, such as Gmail and YouTube, as a mistake with its system for identifying people online.
Alphabet Inc.’s Google has several tools that enable it to verify and track logged-in users. In October, the company began moving those tools to a new file storage system, and in the process misreported portions of the data, according to a Friday post. That caused several of its services to go down for 47 minutes Monday morning, a rare technical misstep.
-
Windows 10 updates cause CorsairVBusDriver BSOD crash loop
-
Microsoft has delivered a partial fix for this nagging Windows 10 bug
Microsoft has released a partial fix for a known issue affecting Windows 10 devices with certain audio drivers for Conexant and Synaptics devices. The issue has been under investigation since May this year.
-
Attackers in compromised US system at least since mid-2019: report
Malicious attackers, who were exposed as having hit a number of government and private sector entities through software made by Texas firm SolarWinds, appear to have gained access to that firm's network as early as mid-2019, Yahoo! News claims.
-
Suspected Russian [attack]: Was it an epic cyber attack or spy operation?
But for many current and former American officials, that’s not the right way to look at it. By [cracking] into dozens of corporations and government agencies, they say, the [crackers] have pulled off a stunning and distressing feat of espionage. But they note that it’s just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries.
It might constitute an attack if the intruders destroyed data, for example, or used their access to do damage in the physical world, say, by shutting down power grids. But breaking into unclassified government and corporate networks? Reading other people’s emails? That’s spying.
-
Exploiting a stack-based buffer overflow in practice
In my previous post, I detailed a fun method of obtaining root access on the Zyxel VMG8825-T50 router, which required physical access to the device and authenticated access to the web interface.
In this post, I will detail the exploitation of a vulnerability that could potentially result in unauthenticated RCE as root, given LAN access only. This vulnerability was also found on the VMG8825-T50 router, but it turns out to be present in multiple other Zyxel devices.
- Login or register to post comments
Printer-friendly version
- Read more
- 2865 reads
PDF version
Expanding Fuchsia's open source model
Submitted by Rianne Schestowitz on Tuesday 8th of December 2020 08:37:04 PM Filed under

Fuchsia is a long-term project to create a general-purpose, open source operating system, and today we are expanding Fuchsia’s open source model to welcome contributions from the public.
Fuchsia is designed to prioritize security, updatability, and performance, and is currently under active development by the Fuchsia team. We have been developing Fuchsia in the open, in our git repository for the last four years. You can browse the repository history at https://fuchsia.googlesource.com to see how Fuchsia has evolved over time. We are laying this foundation from the kernel up to make it easier to create long-lasting, secure products and experiences.
Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what’s being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access.
Also: Google's Fuchsia Open-Source OS To Begin Accepting Community Contributions
- 7 comments
Printer-friendly version
- Read more
- 3827 reads
PDF version
WWW: WordPress, Chrome, Mozilla
Submitted by Roy Schestowitz on Tuesday 1st of December 2020 07:20:22 AM Filed under



-
Half of Websites Will Be WordPress-Driven by 2025 / Digital Information World
Based on CMS usage trends, now available for 2019 and most of the current year, several outlets have projected that WordPress will be the driving force behind half of all websites by 2025. According to the newest numbers by W3Techs, its usage is growing by 2.47% per year on average. If it continues at this rate, WordPress will surpass 50% market share, potentially within the next five years.
[...]
The pandemic has hastened the shift from brick-and-mortar to e-commerce by roughly five years. Today's 'online first' strategy is commonplace for many new and established businesses. However, as of 2019, less than two-thirds of small businesses had a website. For many business thought-leaders, the idea that a brand is too small or unsuitable for online trade ceases to exist. In the post-millennial marketplace, stores without an online presence give the impression that you're no longer in business.
The trajectory of WordPress has historically depended on the demands of its users. It's continuously unfolded to cater to millions of bloggers and webmasters around the globe. Improvements such as REST API and the Gutenberg editor means WordPress is now better placed to contend with closed-source competitors Shopify, Wix, and Squarespace. Furthermore, you can anticipate developers will see WordPress as a simple solution to power the expansion of all varieties of mobile and web apps.
-
Chrome to remove HTTP/2 Push
Chromium developers have announced that they plan to remove support for HTTP/2 server push from the market-leading browser engine. Server push lets web servers preemptively send clients resources it expects them to request later. The technique can reduce the number of network round-trips required before the client has all the resources it needs to display a page. The announcement cited high implementation complexity, low adoption among websites, and questionable performance gains as the reason for the removal.
Server push is an optional feature introduced in the HTTP/2 standard. Chrome can remove it and remain compatible with the HTTP/2 standard. When used correctly, server push can greatly improve page-load times. It also enables use-cases like instant redirects.
-
celery-batches 0.4 released!
Earlier today I released a version 0.4 of celery-batches with support for Celery 5.0. As part of this release support for Python < 3.6 was dropped and support for Celery < 4.4 was dropped.
-
This Week in Glean: Glean is Frictionless Data Collection
So you want to collect data in your project? Okay, it’s pretty straightforward.
- Login or register to post comments
Printer-friendly version
- Read more
- 1694 reads
PDF version
Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core
Submitted by Roy Schestowitz on Thursday 19th of November 2020 01:33:19 AM Filed under

Google engineer Joel Fernandes sent out the ninth version of their "core scheduling" patches for the Linux kernel that allows for allowing only trusted tasks to run concurrently on the same CPU core -- in cases where Hyper Threading is involved to safeguard the system against the possible security exploits.
Core Scheduling has been a popular topic since vulnerabilities like MDS and L1TF have come to light. Core Scheduling aims to make Hyper Threading safer and by only letting trusted tasks share a CPU core is a reasonable safeguard for still leaving Hyper Threading active on servers rather than disabling it in the name of security. DigitalOcean, Oracle, Google, and other major x86_64 players have all been interested in core scheduling and working on different solutions in order to keep HT/SMT active. Particularly for the major cloud server providers having to disable HT/SMT would be a big blow to their models.
- Login or register to post comments
Printer-friendly version
- Read more
- 2295 reads
PDF version
FydeOS beta brings Chromium OS to the PineBook Pro (Android app support too)
Submitted by Roy Schestowitz on Wednesday 18th of November 2020 09:37:43 PM Filed under


The PineBook Pro is a $200 laptop with a 14 inch full HD display, a Rockchip RK3399 processor, 4GB of RAM, 64GB of storage, and support for a bunch of different operating systems… most of which are GNU/Linux distributions.
But you can also turn the laptop into a Chromebook-like device by installing a new beta release of FydeOS 11.2 for the PineBook Pro.
- Login or register to post comments
Printer-friendly version
- Read more
- 2249 reads
PDF version
Noscript cures font vulnerabilities
Submitted by Roy Schestowitz on Friday 13th of November 2020 08:11:34 PM Filed under



In the past month, I've read about a dozen security bulletins involving remote execution exploits due to font parsing vulnerabilities in a range of operating systems, from desktop to mobile. In all these cases, there was a detailed mention of problems, but very little if any mention of possible solutions, other than vendor updates, that is.
Which is rather intriguing, because there is a tool that can help you with fonts. It's called Noscript, it's a supreme browser extension available in Firefox and more recently in Chrome, and it allows you to govern the loading of fonts in your webpages. A simple and elegant tool that can save - or at the very least, significantly minimize, headache with fonts. But does it get the spotlight it deserves? Of course not, drama and fear are far more interesting. Let's see what gives.
- Login or register to post comments
Printer-friendly version
- Read more
- 5946 reads
PDF version
Uncovering the Best Open Source Google Analytics Alternatives
Submitted by Roy Schestowitz on Friday 23rd of October 2020 10:19:57 AM Filed under


Web analytics is the measurement, collection, analysis and reporting of internet data. In a nutshell, it is the study of website visitor behavior. It is the process of using online data to transform a organization from faith-based to data driven.
This type of software helps you generate a holistic view of your business by turning customer interactions into actionable insights. Using reports and dashboards, web analytics software lets you sort, sift and share real-time information to help identify opportunities and issues. Keeping track of web visitors, analyzing traffic sources, measuring sales and conversions are just some of the possibilities.
Google Analytics is an excellent well known free service that lets webmasters and site owners access web analytics data. The web service generates detailed statistics about a website’s traffic and sources. It helps marketers and is the most widely used website statistics service. But the biggest downside with Google Analytics is that your data is controlled and used for Google’s own purposes, not just by you. It is also not an open source solution, with a webmaster or site owner being denied access to the raw data.
There are also many other remote-hosted web analytics services that are well-designed and comprehensive. However, if you want an open source solution where the software is hosted on your own server, there are some good alternatives. Having the software installed on your server means that you retain full control over your data, with the possibility of integrating that data into your own system. This solution might, for example, be important to people who do not want to give Google (or another organization) the invitation to control a large portion of their online activity, or who want to be fully in control of visitor privacy.
To provide an insight into the quality of software that is available, we have compiled the following list of open source web analytics software.
Also: ITFirms Lists Top Free, Open-Source Statistical Analysis Software
- Login or register to post comments
Printer-friendly version
- Read more
- 2395 reads
PDF version
USDOJ Takes on Google, Mozilla Responds
Submitted by Roy Schestowitz on Wednesday 21st of October 2020 04:05:49 AM Filed under



-
Justice Department Sues Monopolist Google For Violating Antitrust Laws
oday, the Department of Justice — along with eleven state Attorneys General — filed a civil antitrust lawsuit in the U.S. District Court for the District of Columbia to stop Google from unlawfully maintaining monopolies through anticompetitive and exclusionary practices in the search and search advertising markets and to remedy the competitive harms. The participating state Attorneys General offices represent Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina, and Texas.
“Today, millions of Americans rely on the Internet and online platforms for their daily lives. Competition in this industry is vitally important, which is why today’s challenge against Google — the gatekeeper of the Internet — for violating antitrust laws is a monumental case both for the Department of Justice and for the American people,” said Attorney General William Barr. “Since my confirmation, I have prioritized the Department’s review of online market-leading platforms to ensure that our technology industries remain competitive. This lawsuit strikes at the heart of Google’s grip over the internet for millions of American consumers, advertisers, small businesses and entrepreneurs beholden to an unlawful monopolist.”
-
Mozilla Reaction to U.S. v. Google
Like millions of everyday internet users, we share concerns about how Big Tech’s growing power can deter innovation and reduce consumer choice. We believe that scrutiny of these issues is healthy, and critical if we’re going to build a better internet. We also know from firsthand experience there is no overnight solution to these complex issues. Mozilla’s origins are closely tied to the last major antitrust case against Microsoft in the nineties.
In this new lawsuit, the DOJ referenced Google’s search agreement with Mozilla as one example of Google’s monopolization of the search engine market in the United States. Small and independent companies such as Mozilla thrive by innovating, disrupting and providing users with industry leading features and services in areas like search. The ultimate outcomes of an antitrust lawsuit should not cause collateral damage to the very organizations – like Mozilla – best positioned to drive competition and protect the interests of consumers on the web.
-
DOJ May Force Google To Sell Chrome To Settle Antitrust Case: Report
he U.S. Department of Justice may force Google to sell its Chrome browser. The development came after the US Congress’ antitrust report on big tech companies.
It is also told that the DOJ is targeting Google’s advertising business as well. The prosecutors aim at breaking Google’s monopoly on the $162 billion digital advertising market. Politico reported the development via anonymous sources.
- Login or register to post comments
Printer-friendly version
- Read more
- 2328 reads
PDF version
Will Google Stadia Boost Linux Gaming?
Submitted by Roy Schestowitz on Sunday 18th of October 2020 06:16:47 PM Filed under



Following my recent article on Steam Machines, quite a few comments appeared on the interwebs. Among them, someone remarked that my final point about Linux Gaming being too reliant on Valve was missing the fact that Google Stadia exists. And therefore this would be akin to having several companies for which Linux gaming matters.
This is a valid point. I had to address it.
What is Stadia? Stadia is a solution designed by Google to stream games to any device with little latency, as long as such devices have a Google Stadia client, the Chrome web browser or a Chromecast. There is a free tier where you can use Stadia and purchase games as you go, and a Pro version which costs about 10 bucks per month after you buy the Premiere Edition with the controller (129 USD).
- Login or register to post comments
Printer-friendly version
- Read more
- 6464 reads
PDF version
Google Coral Dev Board mini SBC is now available for $100
Submitted by Roy Schestowitz on Saturday 17th of October 2020 07:42:13 AM Filed under



Google Coral SBC was the first development board with Google Edge TPU. The AI accelerator was combined with an NXP i.MX 8M quad-core Arm Cortex-A53 processor and 1GB RAM to provide an all-in-all AI edge computing platform. It launched for $175, and now still retails for $160 which may not be affordable to students and hobbyists.
[...]
The board runs Debian based Mendel Linux distribution developed by Google for Coral boards and supports TensorFlow Lite and AutoML Vision Edge with the latter enabling “fast, high-accuracy custom image classification models”.
- 2 comments
Printer-friendly version
- Read more
- 4885 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's leftovers
| Devices: GigaIPC, Raspberry Pi, and Arduino Projects
|
Programming: PureScript, C++, Lua, and Raku
| Software: Trakt Scrobbler, GIMP, and More
|
Recent comments
3 hours 35 min ago
4 hours 38 min ago
4 hours 58 min ago
6 hours 15 min ago
6 hours 41 min ago
6 hours 45 min ago
6 hours 51 min ago
6 hours 56 min ago
7 hours 1 min ago
7 hours 49 min ago