Language Selection

English French German Italian Portuguese Spanish

Microsoft

Your PC is not compatible with Windows 11? Here are your options!

Filed under
GNU
Linux
Microsoft

The second option that you have is to switch to Linux. It requires more work on your part, as you have to find a suitable Linux distribution, alternatives to programs that are not available on Linux, and get to know a new operating system.

Depending on the distribution, Linux may look and feel similar to Windows, or it may be a totally different experience.

Most Linux distributions support Live operating systems, which means that you may run them without installing them. Instructions are provided on the websites, e.g. Linux Mint.

Gamers find that most PC games work on Linux nowadays either directly or through applications such as Wine. Valve and its Steam service have pushed Linux compatibility significantly in recent time, and there are options to play games from other stores as well under Linux.

The advantage of this method is that you will have no trouble finding a suitable distribution, and that most programs and games will either run or have suitable alternatives.

Downside is that no programs or apps can be carried over, that it takes time to find a suitable distribution and get used to it. Some programs and apps are not available on Linux, and won't run using Wine or other methods.

Read more

Microsoft Interests Inside Linux and Upcoming Events

Filed under
Linux
Microsoft

Proprietary Software and Security

Filed under
Microsoft
Security
  • Microsoft warns attack could compromise Windows domain controllers and servers

    Microsoft has acknowledged a newly-discovered version of an attack on a long-vulnerable Windows single sign-on protocol called NTLM — short for New Technology LAN Manager — that is still used in the operating system as a backup to the newer Kerberos authentication protocol.

  • PlugwalkJoe Does the Perp Walk

    One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe” O’Connor appeared to have been involved in the incident. When the U.S. Justice Department last week announced O’Connor’s arrest and indictment, his alleged role in the Twitter compromise was well covered in the media.

  • South Africa Port Operator Declares Force Majeure Over Cyber Attack

    Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company, declared force majeure at the country’s key container terminals after disruptions caused by a cyber attack five days ago.

  • [Cr]ackers spreading malware through Discord: Report

    Leading cybersecurity firm Sophos on Monday warned users that popular chat platform Discord is being used by [cr]ackers for spreading malware.

    The firm said that the findings are based on analysis of more than 1,800 malicious files detected by Sophos telemetry on the Discord Content Management Network (CDN).

  • ‘Holy moly!’: Inside Texas’ fight against a ransomware hack [iophk: Windows TCO]

    Texas communities struggled for days with disruptions to core government services as workers in small cities and towns endured a cascade of frustrations brought on by the sophisticated cyberattack, according to thousands of pages of documents reviewed by The Associated Press and interviews with people involved in the response. The AP also learned new details about the attack’s scope and victims, including an Air Force base where access to a law enforcement database was interrupted, and a city forced to operate its water-supply system manually.

  • Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy [iophk: Windows TCO]

    Egregor has since disappeared, following an international sting in February. Now, though, more than 100 pages of Egregor negotiation transcripts — obtained and analyzed by IBM Security X-Force and its partner company Cylera, and reviewed by CyberScoop — shed light on the oft-opaque structure of a ransomware operation. The discussion records also demonstrate how victims proved most effective at convincing their extortionists to reduce the amount demanded to decrypt their systems, with one medical organization turning a $15 million ransom into a $2 million payment.

  • Paul E. Mc Kenney: Confessions of a Recovering Proprietary Programmer, Part XVIII: Preventing Involuntary Generosity

    I recently learned that all that is required for someone to take out a loan in some random USA citizen's name is that citizen's full name, postal address, email address, date of birth, and social security number. If you are above a certain age, all of these are for all intents and purposes a matter of public record. If you are younger, then your social security number is of course supposed to be secret—and it will be, right up to that data breach that makes it available to all the wrong people.

    This sort of thing can of course be a bit annoying to our involuntarily generous USA citizen. Fortunately, there are quite a few things you can do, although I will not try to reproduce the entirety of the volumes of good advice that are available out there. Especially given that laws, processes, and procedures are all subject to change.

  • OpenBSD full Tor setup

    If for some reasons you want to block all your traffic except traffic going through Tor, here is how to proceed on OpenBSD.

    The setup is simple and consists at installing Tor, running the service and configure the firewall to block every requests that doesn't come from the user _tor used by Tor daemon.

  • Dead Drops and Security Through Obscurity

    There’s massive confusion in the security community around Security Through Obscurity.

    In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy, meaning if you hide anything, it’s Security Through Obscurity.

    This is incorrect, and Dead Drops are a great example.

  • Preventing Data Exfiltration with eBPF

    Consider a service invoking webhooks. It will be running with limited data access but must be able to communicate with the entire Internet. Contrast that to an SSH session that’s been opened for troubleshooting purposes. It will have access to the entire machine but does not egress to an arbitrary IP.

Microsoft, IBM, and Their Proprietary Software Front Groups

Filed under
Red Hat
Microsoft
  • Nathan Willis: Emojent behavior

    For starters, though, begging for a proprietary software vendor to re-license its product under FOSS terms is, at best, a wild misinterpretation of Why Vendors Do What They Do. Microsoft doesn’t re-license products on a whim...

  • Red Hat JBoss Enterprise Application Platform 7.4 brings new developer and operations capabilities | Red Hat Developer

    Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.4 is now in general availability (GA). JBoss EAP is an open source, Jakarta Enterprise Edition (Jakarta EE) 8-compliant application server that enables organizations to deploy and manage enterprise Java applications across hybrid IT environments, including bare-metal, virtualized, private, and public clouds. This release provides enhancements to operations on Red Hat OpenShift as well as several new improvements in security, management, and developer productivity.

    This article covers what's new in the JBoss EAP 7.4 GA. With this release, Red Hat continues its commitment to Jakarta EE support and enabling developers to extend existing application investments as they transition to emerging architectures and programming paradigms that require a lightweight, highly modular, cloud-native platform.

  • Services sessions from Red Hat Summit 2021 to catch on demand

    Red Hat Summit Virtual Experience brought a host of learning and networking opportunities to IT professionals globally in April and June this year. Red Hat experts, partners, and customers presented the latest and greatest on high-performing Linux, cloud, automation, management, containers, and Kubernetes technologies.

    Beyond technology, however, Red Hat Services sessions provided fundamental lessons to help enact widespread change within your organization. From solution implementation to enablement, Red Hat Services helps customers translate their technology investments into measurable and meaningful business outcomes. Services sessions included insights on process and culture, how to tackle digital transformation and valuable lessons learned during residencies with Red Hat Open Innovation Labs. Be sure to watch these informative sessions to gain tools to help evolve your business through enterprise open source.

  • Digital health pass developments worldwide: Canada, Slovenia, Linux Foundation [Ed: Linux Foundation as surveillance powerhouse for IBM and Microsoft. This is harming the Linux brand.]

    A year after its launch, Linux Foundation Public Health (LFPH) has become the neutral forum for public health authorities to seek advice about technology development, the organization says.
    The open-source group has launched five technical projects related to COVID exposure notification and credentials, and its dedication to keeping users’ medical data private has accelerated the response of public health authorities and tech companies alike. LFPH has advised more than 50 states and countries, and its community is now up to 1,600 regular contributors from nearly 30 countries, while formal membership has tripled.

Microsoft's Proprietary Software Ransom

Filed under
Microsoft
Security
  • Don’t Wanna Pay Ransom Gangs? Test Your Backups.

    Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

  • Microsoft Exchange email [cr]ack was caused by China, US says [iophk: Microsoft is getting help from the Biden administration in shifting the blame away from their own shoddy products and onto China.]

    The administration and allied nations also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated [cr]ackers that have targeted companies with demands for millions of dollars. China’s Ministry of State Security has been using criminal contract [cr]ackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official. That official briefed reporters about the investigation on the condition of anonymity.

  • U.S. accuses China of abetting ransomware attack

    The announcement was part of a broader effort by the U.S. and a large group of allies, including the European Union, NATO, the U.K., Australia and Japan, to condemn China’s government for “malicious cyber activity,” a senior White House official told reporters on a call Sunday night. The official asked to not be identified as a condition of participating in the call.

Microsoft Propaganda and FUD

Filed under
Microsoft

Proprietary Software Leftovers

Filed under
Microsoft
Security
  • Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

    At 4:30 p.m. UTC, all within the same second, the compromised servers woke up and ran a command script that disabled a variety of security controls and sent malicious payloads to every system managed by those servers, according to an analysis conducted by Huntress Labs. While security firms are still sifting through the data, reverse engineering has revealed that the attack — from the first packets exploiting dozens of VSA servers, to the deployment of ransomware on the endpoints of hundreds to thousands of MSP customers — took less than two hours.

    The speed of automation gave managed service providers and their customers only a very narrow window in which to detect attacks and block them, says John Hammond, a senior threat researcher for Huntress Labs. Companies would have to run frequent monitoring and alerts to have caught the changes, he says.

    "Unfortunately, this form of hyperactive logging and detection is rare — managed service providers often don't have the resources, let alone the personnel to frequently monitor massive components of their software and stack," Hammond says. "With that said, the efficacy and potential for human-powered threat hunters is never something to be left out of the equation."

    The quick turnaround of the attack underscores the compressed timeline for defenders to respond to automated attacks. The REvil group and its affiliates, who are thought responsible for the attack, scanned for Internet-connected VSA servers and, when found, sent the initial exploit, which chained three vulnerabilities.

  • Ransomware attack hits Swiss consumer outlet Comparis

    Swiss online consumer outlet Comparis has filed a criminal complaint over a ransomware attack on Wednesday that blocked some of its information technology systems, it said on Friday.

  • Microsoft Office Users Warned on New Malware-Protection Bypass

    Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.

  • Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

    Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network. That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them.

    That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs.

  • Hancitor tries XLL as initial malware file

    XLL files are Excel add-in files. They're DLL files specifically designed to be run by Microsoft Excel. Think of an XLL file as an "Excel DLL."

  • DoD ends $10 billion deal with Microsoft for new cloud contract

    The statement did not directly mention that the Pentagon faced extended legal challenges by Amazon to the original $1 million contract awarded to Microsoft. Amazon argued that the Microsoft award was tainted by politics, particularly then-President Donald Trump’s antagonism toward Amazon founder, Jeff Bezos, who stepped down Monday as the company’s chief executive officer. Mr. Bezos owns The Washington Post, a newspaper often criticized by Mr. Trump.

    The Pentagon’s chief information officer, John Sherman, told reporters Tuesday that during the lengthy legal fight with Amazon, “the landscape has evolved” with new possibilities for large-scale cloud computing services. Thus it was decided, he said, to start over and seek multiple vendors.

  • With ransomware attacks multiplying, US moves to bolster defenses

    As the U.S. private sector scrambles to fend off a growing number of ransomware attacks, the federal government is stepping up its efforts as well. Last month, the Senate approved Chris Inglis, a former deputy director of the National Security Agency, as the nation’s first-ever national cyber director, tasked with coordinating the government’s cyber portfolio and digital defense strategy. A second key post, director of the primary domestic cybersecurity agency, is expected to be filled shortly.

    Officials are making clear they will seek not just to hold cybercriminals to account – but also companies whose inadequate cybersecurity measures have put them and their customers at risk.

Microsoft's Latest Attack on Free Software

Filed under
GNU
Microsoft
Legal

Proprietary Software: Microsoft Catastrophes and More

Filed under
Microsoft
  • Pentagon Scraps JEDI in Win for Amazon at Microsoft’s Expense

    Pentagon officials on Tuesday terminated the massive JEDI cloud-computing contract and said they would start fresh with a new project, capping a yearslong initiative that had become mired in litigation from Amazon.com Inc. and a barrage of objections from Congress.

    In terminating the contract with Microsoft Corp. , Department of Defense officials focused largely on technical reasons, saying advances in cloud computing and the Pentagon’s own evolving needs had made the Joint Enterprise Defense Infrastructure scheme obsolete.

  • Microsoft cancels plans to deliver SQL Server on Windows Containers
  • Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack
  • Protecting Your Online Privacy: Three Levels of Security

    Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. Ever seen an ad that is a little too specific? Most major tech companies rely on some form of data harvesting for revenue.

    As consumers, should we do anything? Can we do anything? The answer to both of these questions is resoundingly ‘yes.’ By using services geared towards privacy, we can jointly prevent both sources of danger to our private information – that is, data leaks and data harvesting.

    In this article, I will give a brief synopsis of data exploitation, and I will subsequently describe three different levels of increasing security we can do based on technical expertise.

Security and Proprietary Software

Filed under
Microsoft
Security

  • How Developers Can Protect Linux From Vulnerabilities [Ed: Sometimes it feels like the site "Linux Security" is mostly an amplifier of FUD in pursuit of sales (of products you do not really need and are connected to the site's owner)]

    Many of the kernel bugs present in the Linux system are potential security flaws. Hackers use the vulnerabilities inherent in the Linux kernel to gain privilege escalation or to create denial-of-service attack vectors.

  • REvil's Ransomware Success Formula: Constant Innovation [Ed: Windows TCO]

    On Friday, remote management software provider Kaseya was the latest victim to come to light, as REvil's ransomware disrupted operations for its 36,000 customers worldwide, leading U.S. President Joe Biden to order the launch of a full-scale federal investigation.

  • Microsoft suspends SQL Server on Windows Containers Beta, recommends Linux instead [Ed: This just means Microsoft admits that Windows sucks, it doesn't mean it "loves Linux" as Microsoft propaganda sites like to claim]

    Back in 2017, Microsoft announced the SQL Server on Windows Containers Beta program, enabling developers to connect to SQL Server instances from inside the same container or outside it. The benefits included facilitation of setting up and maximizing density of instances for development and test purposes, and to isolate and govern applications in a multi-tenant environment.

Syndicate content

More in Tux Machines

Hardware/Modding and 3D Printing (RIP, Sanjay Mortimer)

  • Remembering Sanjay Mortimer, Pioneer And Visionary In 3D Printing | Hackaday

    Over the weekend, Sanjay Mortimer passed away. This is a tremendous blow to the many people who he touched directly and indirectly throughout his life. We will remember Sanjay as pioneer, hacker, and beloved spokesperson for the 3D printing community. If you’ve dabbled in 3D printing, you might recall Sanjay as the charismatic director and co-founder of the extrusion company E3D. He was always brimming with enthusiasm to showcase something that he and his company had been developing to push 3D printing further and further. But he was also thoughtful and a friend to many in the community. Let’s talk about some of his footprints.

  • Grafana Weather Dashboard on the reTerminal by Seeed Studio - The DIY Life

    Today we’re going to be taking a look at the reTerminal, by Seeed Studio. We’ll unbox the device to see what is included and we’ll then set up a weather dashboard on it using Grafana. We’re going to use weather data that is being recorded by an ESP32 microcontroller and is being posted to an InfluxDB database. The reTerminal is a compact HMI (human-machine interface) device that is powered by a Raspberry Pi compute module 4 (CM4). It has a 5″ capacitive touch display, along with four physical function buttons, some status LEDs, and a host of IO options.

  • The Medieval History Of Your Favourite Dev Board | Hackaday

    It’s become something of a trope in our community, that the simplest way to bestow a level of automation or smarts to a project is to reach for an Arduino. The genesis of the popular ecosystem of boards and associated bootloader and IDE combination is well known, coming from the work of a team at the Interaction Design Institute Ivrea, in Northern Italy. The name “Arduino” comes from their favourite watering hole, the Bar di Re Arduino, in turn named for Arduin of Ivrea, an early-mediaeval king. As far as we can see the bar no longer exists and has been replaced by a café, which appears on the left in this Google Street View link. The bar named for Arduin of Ivrea is always mentioned as a side note in the Arduino microcontroller story, but for the curious electronics enthusiast it spawns the question: who was Arduin, and why was there a bar named after him in the first place? The short answer is that Arduin was the Margrave of Ivrea, an Italian nobleman who became king of Italy in 1002 and abdicated in 1014. The longer answer requires a bit of background knowledge of European politics around the end of the first millennium, so if you’re ready we’ll take Hackaday into a rare tour of medieval history.

Programming Leftovers

  • Anti-patterns You Should Avoid in Your Code

    Every developer wants to write structured, simply planned, and nicely commented code. There are even a myriad of design patterns that give us clear rules to follow, and a framework to keep in mind. But we can still find anti-patterns in software that was written some time go, or was written too quickly. A harmless basic hack to resolve an issue quickly can set a precedent in your codebase. It can be copied across multiple places and turn into an anti-pattern you need to address.

  • AsmREPL: Wing your way through x86-64 assembly language • The Register

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all. REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages. Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

  • Wasmer 2.1 WebAssembly Implementation Adds Virtual Filesystem, Lisp + Crystal Support - Phoronix

    Wasmer as "the universal WebAssembly runtime" that focuses on being able to run WASM code on any platform is out with its next major release. Released this summer was Wasmer 2.0 as a step forward for this open-source WASM implementation. The project remains focused on trying to compile "everything" to WebAssembly and to then run that on any operating system / platform or embed it in other languages or run it in a web browser. Wasmer 2.1 was released today as the next major iteration of the platform.

  • What's The Big Deal With Linux Capabilities? | Hacker Noon

    The prevalent perception is that Linux users benefit from and exercise privileges, however this is not the case. It's the process or executable that runs in a certain user context and exercises rights (permission to carry out to perform the privileged operations guarded by Linux kernel).

  • Built with the Rust programming language – LinuxBSDos.com

    Not too long ago, the talk in developer circles seemed to be mainly about Go, Go, Go, Go… I’m referring, of course, to the programming language from Google.  

  • Perl Weekly Challenge 141: Number Divisors and Like Numbers
  • Closures

    A casual remark about closures which I made in My Favorite Warnings: redefine touched off a long off-topic exchange with Aristotle that I thought ought to be promoted to a top-level blog entry. The big thing I learned was that any Perl subroutine can be a closure. The rest of this blog will try to make clear why I now believe this. The words are my own, as are any errors or misconceptions. The second sentence of Wikipedia's definition of a closure says "Operationally, a closure is a record storing a function together with an environment." This makes it sound a lot like an object, and therefore of little additional interest in an O-O environment. But I came to closures pragmatically through Perl, and to me they were a magic way to make data available somewhere else. All I had to do was get a code reference where it needed to be, and any external lexical variables got the values at the time the reference was taken. So much I understood up to the fatal blog post, and it sufficed for my simple needs.

Servers: Kubernetes, Uptime/Availability Ranks, and EdgeX Foundry

  • Kubernetes Blog: Contribution, containers and cricket: the Kubernetes 1.22 release interview

    The Kubernetes release train rolls on, and we look ahead to the release of 1.23 next week. As is our tradition, I'm pleased to bring you a look back at the process that brought us the previous version. The release team for 1.22 was led by Savitha Raghunathan, who was, at the time, a Senior Platform Engineer at MathWorks. I spoke to Savitha on the Kubernetes Podcast from Google, the weekly* show covering the Kubernetes and Cloud Native ecosystem. Our release conversations shine a light on the team that puts together each Kubernetes release. Make sure you subscribe, wherever you get your podcasts so you catch the story of 1.23. And in case you're interested in why the show has been on a hiatus the last few weeks, all will be revealed in the next episode!

  • Most Reliable Hosting Company Sites in November 2021

    Rackspace had the most reliable hosting company site in November 2021, with an average connection time of just 8ms across the month and no failed requests. Rackspace has appeared in the top 10 most reliable hosting company sites every month of the past 12 months, and has taken the number one spot in five of those. Rackspace offers a wide variety of cloud hosting solutions from over 40 data centres across the Americas, Europe, Asia and Australia. [...] Nine of the top 10 hosting company sites used Linux in October, continuing the dominance of Linux. In ninth place, New York Internet (NYI) used FreeBSD.

  • EdgeX Foundry Announces Jakarta, the Project’s First Long Term Support Release - Linux Foundation

    EdgeX Foundry, a Linux Foundation project under the LF Edge project umbrella, today announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’ The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS).

Debian: Sparky's Annual Server Donations Drive and Latest Debian Development Reports

  • Sparky: Annual donations for our server 2021

    Until January 31, 2022 we have to collect and pay for the server 1500 PLN / 360 Euros / 430 USD plus min. 2800 PLN / ~ 670 Euros / ~ 800 USD for our monthly living and bills, such as: electricity, gas, water, internet, domains, expenses related to improving the functionality of websites, small computer equipment that wears out constantly (memory, pen drives, mice, batteries, etc. …), fuel, as well as rent, food, drugs and immortal taxes. We are starting the fundraising campaign today to make sure we will pay for the server on time, so we could stay online for you another year. It is our passion and work we do all the times, therefore we believe that with your help we will succeed.

  • Thorsten Alteholz: My Debian Activities in November 2021

    This month I accepted 564 and rejected 93 packages. The overall number of packages that got accepted was 591.

  • Utkarsh Gupta: FOSS Activites in September 2021

    Here’s my (twenty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  • Utkarsh Gupta: FOSS Activites in October 2021

    Here’s my (twenty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.