Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All) (Two Column)




  • RedHat: RHSA-2017-3248:01 Low: .NET Core security update
    LinuxSecurity.com: A security update for .NET Core on RHEL is now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from




  • Fedora 27: roundcubemail Security Update
    LinuxSecurity.com: Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive



  • Fedora 26: roundcubemail Security Update
    LinuxSecurity.com: Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive





  • [$] Replacing x86 firmware with Linux and Go
    The IntelManagement Engine (ME), which is a separate processor and operatingsystem running outside of user control on most x86 systems, has long beenof concern to users who are security and privacy conscious. Google andothers have been working on ways to eliminate as much of that functionality as possible(while still being able to boot and run the system). Ronald Minnich fromGoogle came to Prague to talk about those efforts at the 2017 EmbeddedLinux Conference Europe.


  • Security updates for Monday
    Security updates have been issued by Arch Linux (icu and lib32-icu), CentOS (firefox), Debian (imagemagick, konversation, libspring-ldap-java, libxml-libxml-perl, lynx-cur, ming, opensaml2, poppler, procmail, shibboleth-sp2, and xen), Fedora (firefox, java-9-openjdk, jbig2dec, kernel, knot, knot-resolver, qt5-qtwebengine, and roundcubemail), Gentoo (adobe-flash, couchdb, icedtea-bin, and phpunit), Mageia (apr, bluez, firefox, jq, konversation, libextractor, and quagga), Oracle (firefox), Red Hat (firefox), and Scientific Linux (firefox).



  • [$] 4.15 Merge window part 1
    When he released 4.14, Linus Torvaldswarned that the 4.15 merge window might be shorter than usual due to the USThanksgiving holiday. Subsystem maintainers would appear to have heardhim; as of this writing, over 8,800 non-merge changesets have been pulledinto the mainline since the opening of the 4.15 merge window. Read on fora summary of the most interesting changes found in that first set ofpatches.


  • Security updates for Friday
    Security updates have been issued by Arch Linux (couchdb), Debian (opensaml2 and shibboleth-sp2), Fedora (knot and knot-resolver), openSUSE (firefox), Slackware (libplist and mozilla), and Ubuntu (firefox and ipsec-tools).


  • Introducing container-diff, a tool for quickly comparing container images (Google Open Source Blog)
    Google has announced that it has released its container-diff tool under the Apache v2 license. "container-diff helps users investigate image changes by computing semantic diffs between images. What this means is that container-diff figures out on a low-level what data changed, and then combines this with an understanding of package manager information to output this information in a format that’s actually readable to users. The tool can find differences in system packages, language-level packages, and files in a container image.Users can specify images in several formats - from local Docker daemon (using the prefix `daemon://` on the image path), a remote registry (using the prefix `remote://`), or a file in the .tar in the format exported by "docker save" command. You can also combine these formats to compute the diff between a local version of an image and a remote version."


  • [$] SPDX identifiers in the kernel
    Observers of the kernel's commit stream or mailing lists will have seen acertain amount of traffic referring to the addition of SPDX licenseidentifiers to kernel source files. For many, this may be their first encounter with SPDX. Butthe SPDX effort has been going on for some years; this article describesSPDX, along with why and how the kernel community intends to use it.


  • Security updates for Thursday
    Security updates have been issued by Arch Linux (firefox, flashplugin, lib32-flashplugin, and mediawiki), CentOS (kernel and php), Debian (firefox-esr, jackson-databind, and mediawiki), Fedora (apr, apr-util, chromium, compat-openssl10, firefox, ghostscript, hostapd, icu, ImageMagick, jackson-databind, krb5, lame, liblouis, nagios, nodejs, perl-Catalyst-Plugin-Static-Simple, php, php-PHPMailer, poppler, poppler-data, rubygem-ox, systemd, webkitgtk4, wget, wordpress, and xen), Mageia (flash-player-plugin, icu, jackson-databind, php, and roundcubemail), Oracle (kernel and php), Red Hat (openstack-aodh), SUSE (wget and xen), and Ubuntu (apport and webkit2gtk).



  • NumPy will drop Python 2 support
    The NumPy project is phasingout support for Python 2. "The Python core team plans to stopsupporting Python 2 in 2020. The NumPy project has supported both Python 2and Python 3 in parallel since 2010, and has found that supporting Python 2is an increasing burden on our limited resources; thus, we plan toeventually drop Python 2 support as well. Now that we're entering the finalyears of community-supported Python 2, the NumPy project wants to clarifyour plans, with the goal of to helping our downstream ecosystem make plansand accomplish the transition with as little disruption aspossible." NumPy releases will fully support both Python 2 andPython 3 until December 31, 2018. New feature releases will support onlyPython 3 as of January 1, 2019. (Thanks to Nathaniel Smith)


  • [$] SciPy reaches 1.0
    After 16 years of evolution, the SciPy project has reached version 1.0. SciPy, a free-software project, has become one of the most popular computational toolkits for scientists from a wide range of disciplines, and is largely responsible for the ascendancy of Python in many areas of scientific research. While the 1.0 release is significant, much of the underlying software has been stable for some time; the "1.0" version number reflects that the project as a whole is on solid footing.


  • Stable kernel updates
    Stable kernels 4.13.13, 4.9.62, 4.4.98, and 3.18.81 have been released. They all containimportant fixes and users should upgrade.


  • Security updates for Wednesday
    Security updates have been issued by Debian (libxml-libxml-perl and varnish), openSUSE (GraphicsMagick, mongodb, shadowsocks-libev, and snack), Red Hat (flash-plugin, kernel, php, and redis), Scientific Linux (kernel and php), and Ubuntu (shadow).


  • [$] KAISER: hiding the kernel from user space
    Since the beginning, Linux has mapped the kernel's memory into the addressspace of every running process. There are solid performance reasons fordoing this, and the processor's memory-management unit can ordinarily betrusted to prevent user space from accessing that memory. More recently,though, some more subtle security issues related to this mapping have cometo light, leading to the rapid development of a new patch set that ends thislongstanding practice for the x86 architecture.


  • Firefox 57
    Firefox 57 has been released. From the releasenotes: "Brace yourself for an all-new Firefox. It’s fast. Reallyfast. It’s over twice as fast as Firefox from 6 months ago, built on acompletely overhauled core engine with brand new technology from ouradvanced research group, and graced with a clean, modern interface. Todayis the first of several releases we’re calling Firefox Quantum, alldesigned to get to the things you love and the stuff you need faster thanever before. Experience the difference on desktops running Windows, macOS,and Linux; on Android, speed improvements are landing as well, and bothAndroid and iOS have a new look and feel. To learn more about FirefoxQuantum, visit the Mozilla Blog."



  • An introduction to machine-learned ranking in Apache Solr
    This tutorial describes how to implement a modern learning to rank (LTR, also called machine-learned ranking) system in Apache Solr. It's intended for people who have zero Solr experience, but who are comfortable with machine learning and information retrieval concepts. I was one of those people only a couple of months ago, and I found it extremely challenging to get up and running with the Solr materials I found online.read more



  • Linux gizmo indexes photos and videos for visual recognition search
    Pimloc’s “Pholio” runs Linux on an Nvidia Tegra, and provides offline storage and search of images and video using visual and face recognition. Digital imaging has lived up to its promise of making it easier to take more images more quickly, but the promise that it would make it easier to find those images has […]


  • Font licensing and use: What you need to know
    Most of us have dozens of fonts installed on our computers, and countless others are available for download, but I suspect that most people, like me,use fonts unconsciously. I just open up LibreOffice or Scribusand use the defaults. Sometimes, however, we need a font for a specific purpose, and we need to decide which one is right for our project.read more


  • How to organize your passwords using pass password manager
    If you have the good habit to never use the same password for more than one purpose, you have probably already felt the need for a password manager. There are many alternatives to choose from on linux, both proprietary (if you dare) and open source. If you, like me, think that simplicity it's the way to go, you may be interested in knowing however to use the pass utility.


  • LVFS makes Linux firmware updates easier
    Traditionally, updating a BIOS or a network card[he]#039[/he]s firmware in Linux meant booting into Microsoft Windows or preparing a MS-DOS floppy disk and hoping everything would work correctly after the update. Periodically searching a vendor website for updates is a manual and error-prone task and not something we should ask users to do. A firmware update service makes it simpler for end users to implement hardware updates.






  • Linux/Android hacker SBC with hexa-core Rockchip SoC debuts at $75
    The Vamrs “RK3399 Sapphire” SBC is on sale for $75, or $349 for a full kit. Vamrs is also prepping an RK3399-based “Rock960” 96Boards SBC.Rockchip’s RK3399 is one of the most powerful ARM-based system-on-chips available on hacker boards, featuring two server-class Cortex-A72 cores clocked to up to 2.0GHz, as well as four Cortex-A53 at up to 1.42GHz and a quad-core Mali-T864 GPU.


  • Red Hat partners with AWS with OpenShift Container Platform 3.7
    Red Hat wants to be your AWS hybrid cloud and container company as well your Linux provider. Kubernetes has become the cloud container orchestration program. Red Hat jumped on the Kubernetes bandwagon early in 2015. Today, Red Hat is all in, with the release of the Red Hat OpenShift Container Platform 3.7.



  • DragonBoard gains a camera kit
    Arrow’s DragonBoard 410c Camera Kit combines the 96Boards SBC with D3’s DesignCore Camera Mezzanine Board OV5640 and a 5-megapixel camera module. D3 Engineering’s DesignCore Camera Mezzanine Board OV5640 is a 96Boards mezzanine add-on designed to work only with the Arrow Electronics/Qualcomm DragonBoard 410c. Arrow and D3 have now launched a kit that provides a DragonBoard […]


  • Mark McIntyre: How Do You Fedora?
    We recently interviewed Mark McIntyre on how he uses Fedora. This is part of a series on the Fedora Magazine. The series profiles Fedora users and how they use Fedora to get things done.




  • Reveal.js presentation hacks
    Ryan Jarvinen, a Red Hat open source advocate focusing on improving developer experience in the container community, has been using the Reveal.js presentation framework for more than five years. In his Lightning Talk at All Things Open 2017, he shares what he's learned about Reveal.js and some ways to make better use of it.read more


  • How to use special permissions: the setuid, setgid and sticky bits
    Normally, on a unix-like operating system, the ownership of files and directories is based on the default uid (user-id) and gid (group-id) of the user who created them. The same thing happens when a process is launched: it runs with the effective user-id and group-id of the user who started it, and with the corresponding privileges. This behavior can be modified by using special permissions.


  • Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions
    Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.
            

    Read more of this story at Slashdot.


  • Flat Earther Plans To Launch Homemade Manned Rocket
    walterbyrd shares an Associated Press report: Self-taught rocket scientist "Mad" Mike Hughes is a 61-year-old limo driver who's spent the last few years building a steam-powered rocket out of salvage parts in his garage. His project has cost him $20,000, which includes Rust-Oleum paint to fancy it up and a motor home he bought on Craigslist that he converted into a ramp. His first test of the rocket will also be the launch date -- Saturday, when he straps into his homemade contraption and attempts to hurtle over the ghost town of Amboy, California. He will travel about a mile at a speed of roughly 500 mph. "I don't believe in science," said Hughes, whose main sponsor for the rocket is Research Flat Earth. "I know about aerodynamics and fluid dynamics and how things move through the air, about the certain size of rocket nozzles, and thrust. But that's not science, that's just a formula. There's no difference between science and science fiction."
            

    Read more of this story at Slashdot.


  • Google Collects Android Users' Locations Even When Location Services Are Disabled
    Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.
            

    Read more of this story at Slashdot.


  • Trump Administration Tightens Scrutiny of Skilled Worker Visa Applicants
    wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":   - "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.  - The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.  - In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.  - State Department officials have been told to consider that Mr. Trump's 'Buy American, Hire American' executive order directs visa programs must 'protect the interests of United States workers.' And the Foreign Affairs Manual now instructs officers to scrutinize applications of students to ensure they plan to return to their home countries. A State Department official said the official rules haven't changed but said a 'comprehensive' review is under way."
            

    Read more of this story at Slashdot.


  • Google Cloud Platform Cuts the Price of GPUs By Up To 36 Percent
    In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.
            

    Read more of this story at Slashdot.


  • Study of Recent Interstellar Asteroid Reveals Bizarre Shape
    JoeRobe writes: A few weeks ago an interstellar asteroid, now named "Oumuamua," was discovered passing through our solar system. Being the first interstellar asteroid to ever be observed, a flurry of observations soon followed. This week, an accelerated article in Nature reveals that Oumuamua is more bizarre than originally thought: it is elongated, with a 10:1 aspect ratio, and rapidly rotating. This conclusion is based upon comparisons of its time-dependent light curve to those from 20,000 known asteroids.
            

    Read more of this story at Slashdot.


  • Over 400 of the World's Most Popular Websites Record Your Every Keystroke
    An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.
            

    Read more of this story at Slashdot.


  • UCLA Researchers Use Solar To Create and Store Hydrogen
    UCLA researchers have designed a device that can use solar energy to inexpensively and efficiently create and store energy, which could be used to power electronic devices, and to create hydrogen fuel for eco-friendly cars. Phys.Org reports: The device could make hydrogen cars affordable for many more consumers because it produces hydrogen using nickel, iron and cobalt -- elements that are much more abundant and less expensive than the platinum and other precious metals that are currently used to produce hydrogen fuel. Traditional hydrogen fuel cells and supercapacitors have two electrodes: one positive and one negative. The device developed at UCLA has a third electrode that acts as both a supercapacitor, which stores energy, and as a device for splitting water into hydrogen and oxygen, a process called water electrolysis. All three electrodes connect to a single solar cell that serves as the device's power source, and the electrical energy harvested by the solar cell can be stored in one of two ways: electrochemically in the supercapacitor or chemically as hydrogen. The device also is a step forward because it produces hydrogen fuel in an environmentally friendly way. Currently, about 95 percent of hydrogen production worldwide comes from converting fossil fuels such as natural gas into hydrogen -- a process that releases large quantities of carbon dioxide into the air, said Maher El-Kady, a UCLA postdoctoral researcher and a co-author of the research. The technology is described in the journal Energy Storage Materials.
            

    Read more of this story at Slashdot.


  • Uber Expands Driverless-Car Push With Deal For 24,000 Volvos
    Uber agreed to buy 24,000 sport utility vehicles from Volvo to form a fleet of driverless autos. According to Bloomberg, "The XC90s, priced from $46,900 at U.S. dealers, will be delivered from 2019 to 2021 in the first commercial purchase by a ride-hailing provider." Uber will add its own sensors and software to permit pilot-less driving. From the report: Uber's order steps up efforts to replace human drivers, the biggest cost in its on-demand taxi service. The autonomous fleet is small compared with the more than 2 million people who drive for Uber but reflects dedication to the company's strategy of developing self-driving cars. "This new agreement puts us on a path toward mass-produced, self-driving vehicles at scale," Jeff Miller, Uber's head of auto alliances, told Bloomberg News. "The more people working on the problem, we'll get there faster and with better, safer, more reliable systems."
            

    Read more of this story at Slashdot.


  • iMac Pro Will Have An A10 Fusion Coprocessor For 'Hey, Siri' Support and More Secure Booting, Says Report
    According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.
            

    Read more of this story at Slashdot.


  • Google Is Working On Fuchsia OS Support For Apple's Swift Programming Language
    An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.
            

    Read more of this story at Slashdot.


  • Why Hackers Reuse Malware
    Orome1 shares a report from Help Net Security: Software developers love to reuse code wherever possible, and hackers are no exception. While we often think of different malware strains as separate entities, the reality is that most new malware recycles large chunks of source code from existing malware with some changes and additions (possibly taken from other publicly released vulnerabilities and tools). This approach makes sense. Why reinvent the wheel when another author already created a working solution? While code reuse in malware can make signature-based detection methods more effective in certain cases, more often than not it frees up time for attackers to do additional work on detection avoidance and attack efficacy -- which can create a more dangerous final product.   There are multiple reasons why hackers reuse code when developing their own malware. First, it saves time. By copying code wherever possible, malware authors have more time to focus on other areas, like detection avoidance and attribution masking. In some cases, there may be only one way to successfully accomplish a task, such as exploiting a vulnerability. In these instances, code reuse is a no-brainer. Hacker also tend to reuse effective tactics such as social engineering, malicious macros and spear phishing whenever possible simply because they have a high rate of success.
            

    Read more of this story at Slashdot.


  • US Sues To Block AT&T Purchase of Time Warner
    The U.S. Department of Justice is suing AT&T to block its $85.4 billion acquisition of Time Warner. "The legal challenge was expected after AT&T rejected a demand by the Justice Department earlier this month to divest its DirecTV unit or Time Warner's Turner Broadcasting -- which contains news network CNN -- in order to win antitrust approval," reports Reuters. From the report: AT&T's chief executive said then that he would defend the deal in court to win approval, and the company criticized the Justice Department's case on Monday. The lawsuit is "a radical and inexplicable departure from decades of antitrust precedent," said AT&T lawyer David McAtee, arguing that so-called vertical mergers, between companies that are not direct competitors, are routinely approved. "We see no legitimate reason for our merger to be treated differently," he said, adding that AT&T is confident a judge will reject the Justice Department's case.
            

    Read more of this story at Slashdot.


  • An Ethereum Startup Just Vanished After People Invested $374K
    An anonymous reader quotes a report from Motherboard: A startup on the Ethereum platform vanished from the internet on Sunday after raising $374,000 USD from investors in an Initial Coin Offering (ICO) fundraiser. Confido is a startup that pitched itself as a blockchain-based app for making payments and tracking shipments. It sold digital tokens to investors over the Ethereum blockchain in an ICO that ran from November 6 to 8. During the token sale, Confido sold people bespoke digital tokens that represent their investment in exchange for ether, Ethereum's digital currency. But on Sunday, the company unceremoniously deleted its Twitter account and took down its website. A company representative posted a brief comment to the company's now-private subforum on Reddit, citing legal problems that prevent the Confido team from continuing their work. The same message was also posted to Medium but quickly deleted.   "Right now, we are in a tight spot, as we are having legal trouble caused by a contract we signed," the message stated (a cached version of the Medium post is viewable). "It is likely that we will be able to find a solution to rectify the situation. However, we cannot assure you with 100% certainty that we will get through this." The message was apparently written by Confido's founder, one Joost van Doorn, who seems to have no internet presence besides a now-removed LinkedIn profile. Even the Confido representative on Reddit doesn't seem to know what's going on, though, posting hours after the initial message, "Look I have absolutely no idea what has happened here. The removal of all of our social media platforms and website has come as a complete surprise to me." Confido tokens had a market cap of $10 million last week, before the company disappeared, but now the tokens are worthless. And investors are crying foul.
            

    Read more of this story at Slashdot.


  • Amazon Launches a Cloud Service For US Intelligence Agencies
    Amazon Web Services on Monday introduced cloud service for the CIA and other members of the U.S. intelligence community. From a report: The launch of the so-called AWS Secret Region comes six years after AWS introduced GovCloud, its first data center region for public sector customers. AWS has since announced plans to expand GovCloud. The new Secret Region signals interest in using AWS from specific parts of the U.S. government. In 2013 news outlets reported on a $600 million contract between AWS and the CIA. That event singlehandledly helped Amazon in its effort to sign up large companies to use its cloud, whose core services have been available since 2006.
            

    Read more of this story at Slashdot.


  • Level 5 driverless cars by 2021 can be done, say Brit industry folk
    Others reckon Chancellor's taking it a bit too far...
    Over the weekend, chancellor Philip Hammond boasted that “fully driverless cars” would be on Britain’s roads in four years’ time. Some in the driverless car industry think this is a dangerous fantasy, while more high-profile driverless car software companies are all in favour of it.…









  • Iran the numbers – and Persian internet is the cheapest in the world
    Burkina Faso the most expensive, UK in top third cheapest
    Tired of continual price hikes on your broadband deal? Then why not move to Iran? According to a study released today, it has the cheapest broadband in the world (if you're willing to ignore political and social problems...)…



  • Twitter's blue tick rule changes may lower the sueball barrier
    Got a few quid and want to launch a lawsuit? Now is a good time
    Comment Infamous online cesspit Twitter may have unintentionally made itself easier to sue for the things users write on its site, following recently announced changes to its "blue tick" verification system.…






  • Patch on way 'this week' for HP printer vulns
    RCE? Check. Clear passwords? Check. Interfere with print jobs? Check
    Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers.…




  • Marvell and Cavium do the deed, vow to breed infra-monster
    Six billion bucks does the trick, now let's see what kind of kit they build together
    The rumours were right: Marvell has formally announced it will buy Cavium, for around six billion US dollars, and plans to emerge as an “Infrastructure Solutions Powerhouse”.…


  • More than half of GitHub is duplicate code, researchers find
    Boffins beware: random samples are therefore useless for research
    Given that code sharing is a big part of the GitHub mission, it should come at no surprise that the platform stores a lot of duplicated code: 70 per cent, a study has found.…


  • Windows 8 broke Microsoft's memory randomisation
    The problem's still there in Windows 10, so prepare for code re-use attacks
    A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR), designed to block code-reuse attacks.…













  • Nathan Barley blamed for global GDP slump
    Clueless freelancers and the productivity puzzle
    Nathan Barley, the insufferable "self-facilitating media node" of Charlie Brooker's TV series, may be a prime culprit for Britain's lack of productivity growth.…




  • OnePlus 5T is like the little sister you always feared was the favourite
    This time, the flagship challenger gets it right
    Review OnePlus has settled into the groove of releasing two flagships a year, and this Christmas-time 5T reiteration may well piss off the fans who bought the OnePlus 5 released in the summer. It's better all round, sports the 6-inch 18:9 OLED that's a genuine flagship display... and it's the same price as before. So 499 buys you some absurd specs: 8GB of RAM and 128GB of storage, and 449 6GB/64GB.…












  • It's 2017, and command injection is still the top threat to web apps
    Open Web Application Security Project updated 'top-ten risks' lands on Monday, but we found a late, late draft
    The Open Web Application Security Project will on Monday, US time, reveal its annual analysis of web application risks, but The Register has sniffed out the final draft of the report and can report that it has found familiar attacks top its charts, but exotic exploits are on the rise.…




  • F5 DROWNing, not waving, in crypto fail
    Bleichenbacher, the name that always chills cryptographers' blood
    If you're an F5 BIG-IP sysadmin, get patching: there's a bug in the company's RSA implementation that can give an attacker access to encrypted messages.…


  • The Impact Of HDD/SSD Performance On Linux Gaming
    Last week we presented our initial benchmarks of the Intel Optane SSD 900P on Linux and it offers mighty performance potential for those using I/O heavy workloads thanks to the use of 3D XPoint memory. But is a solid-state drive like this really worth the price if you are just a Linux gamer? Here are some tests comparing load times and boot times between a HDD, SATA 3.0 SSD, NVMe SSD, and this 3D XPoint NVMe U.2 SSD.


  • Ubuntu Boot Times From Linux 4.6 To 4.15 Kernels
    It's been a while since last doing any Linux boot speed comparisons while this morning I have some numbers to share when looking at the boot performance from the Linux 4.6 kernel through Linux 4.15 Git to see how it's changed over time,..







  • AMD EPYC Is Running Well On Linux 4.15
    Of the many changes coming for Linux 4.15, as detailed this weekend Radeon GPU and AMD CPU customers have a lot to be thankful for with this new kernel update currently in development. Here are some initial benchmarks of the Linux 4.15 development kernel using an AMD EPYC 7601 32-core / 64-thread setup...






  • LWJGL 3.1.4 Adds Zstd & LZ4 Bindings
    A new release is available of the Lightweight Java Game Library 3 (LWJGL) that is popular among game developers using the Java programming language...





  • Intel Ironlake Receives Patches For RC6 Power Savings
    Intel Ironlake "Gen 5" graphics have been around for seven years now since being found in Clarkdale and Arrandale processors while finally now the patches are all worked out for enabling RC6 power-savings support under Linux...













  • Funtin SFF-8639: U.2 NVMe SSD To PCI-E Card Adapter
    With our review this week of the Intel Optane SSD 900P 280GB U.2 SSD there was a discussion in the forums about using U.2 SSDs in desktop systems, etc. If your system doesn't have a U.2 slot, an adapter like the Funtin SFF-8639 makes it easy to pop the SSD into a PCI-E x4 slot...





  • Things Linux OS Can Do That Other OS Can’t
    What Is Linux OS?  Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [&]


  • Packagekit Interview
    Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [&]


  • What’s New in Ubuntu?
    What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [&]


  • Ext3 Reiserfs Xfs In Windows With Regards To Colinux
    The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the  official site or from the  sourceforge site. Edit the connection to “TAP Win32 Adapter [&]


  • Getting It To Better Stability And Performance
    Every computer user wants their computers to run as smoothly as possible. Here are few tips to ensure that: Clear out all junk files from time to time. Do not overload your computer’s C: drive. Uninstall all unnecessary applications. Remember to use the task manager to check out unnecessary service. Disable the service if you [&]


  • Possible Manipulation Around OOXML Process In Poland
    This is the case of reaching consensus on the ISO/IEC DIS 29500 (OOXML), which was recommended by the Polish. It was found that the consensus had not been reached. When the meeting was held, twelve votes supporting the new standard protocol, abstained votes were two and ten votes rejected it. When the consensus was not [&]


  • Discussing Visual Changelog
    Visual Changelog, is a function of the computer which protects the computer and the PC from various different things. The updates are usually rolled out by the owner or the manufacturing brand of the PC, such as Windows. Changelogs are required to maintain and extend the stability of the computer being used. These visual changelogs [&]


  • Exploring The Visual Changelog
    The visual Changelog is an fantastic new distro. The features of the visual Changelog revision 777000 are as follows: It lets you select a different kind of alphabets. The version features new exciting games. The Lancelot menu can be used again. The Luna applet has been enhanced. The picture frame KDE 4 can now be placed [&]


  • Looking At the Preview
    Many websites have now enabled the “preview” feature. Through this feature, you can view the content of the video; these are usually clips from the video, or you can view an image on the website. You can see this by simply hovering over the image or the thumbnail of the video to see the preview [&]


  • How To Use Truecrypt?
    What Is Truecrypt? Truecrypt, now discontinued, was a free software which was used to encrypt files and create an encryption with the files. How To Use Truecrypt? After opening the application follow the steps given below: Create volume. Then select the first option for the encrypted file. After that choose the first option. Select file, [&]


  • Google adds Fuchsia support to Apple's Swift
    Google's in-development operating system, named 'Fuchsia,' first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time 'Magenta' kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language.  There's a tiny error in this summary form AndroidPolice - Fuchsia's kernel has been renamed to Zircon.  All this has been playing out late last week and over the weekend - Google is now working on Swift, and some took this to mean Google forked Apple's programming language, while in reality, it just created a staging ground for Google to work on Swift, pushing changes upstream to the official Swift project when necessary - as confirmed by Chris Lattner, creator of Swift, who used to work at Apple, but now works at Google.  Zac Bowling, a Google engineer working on Fuchsia, then highlighted a pull request that Google pushed to the main Swift repository: Swift support for Fuchsia. He also mentioned a few upcoming pull requests:  FYI, in the pipeline after this we will have some PRs related to:  adding ARM64 support for the Fuchsia SDK fixing cross-compiling issues for targeting BSD, Linux and Fuchsia targets from a Darwin toolchain adding support for using lld for linking specific SDK stdlibs (part of getting a Darwin toolchain capable of cross compiling to other targets) supporting unit tests on Fuchsia  Regarding Fuchsia's purpose, this is yet another little puff of smoke. Sadly, we still haven't found the fire.


  • Intel plans to end legacy BIOS support by 2020
    Computer users of a certain age will remember BIOS as ubiquitous firmware that came loaded on PCs. It was the thing you saw briefly before your operating system loaded, and you could dig into the settings to change your computer's boot order, enable or disable some features, and more.  Most modern PCs ship with UEFI instead. But most also still have a "legacy BIOS" mode that allows you to use software or hardware that might not be fully compatible with UEFI.  In a few years that might not be an option anymore: Intel has announced plans to end support for legacy BIOS compatibility by 2020.  This most certainly affects many older operating systems - especially older hobby and alternative operating systems that were never updated with UEFI support.


  • IBM Blue Lightning: world's fastest 386?
    The Blue Lightning CPU is an interesting beast. There is not a whole lot of information about what the processor really is, but it can be pieced together from various scraps of information. Around 1990, IBM needed low-power 32-bit processors with good performance for its portable systems, but no one offered such CPUs yet. IBM licensed the 386SX core from Intel and turned it into the IBM 386SLC processor (SLC reportedly stood for "Super Little Chip").  Fascinating footnote in processor history.


  • Sun's Project Looking Glass debuted 14 years ago
    Almost 14 years ago, way back in 2003, Sun Microsystems unveiled Project Looking Glass, a 3D desktop environment written in Java and making extensive use of Java 3D. The demo, by Jonathan Schwartz, always stuck with me over the years, and since YouTube recommended the demo to me today, I figured it'd be interesting to you remind you all of simpler times, when flipping windows around and 3D rendering in Java actually managed to get us excited (something no other project would ever manage to... Wait.).  Project Looking Glass was developed for about three years, and it actually saw a 1.0 release in late 2006. It's one of those random projects exploring what we then thought could be the future of computing, right before the iPhone came onto the scene and changed everything. While nothing came out of Project Looking Glass, Schwartz' demo did teach me the phrase "arbitrarily clever", which I'm unusually attached to.


  • Did Microsoft manually patch their Equation Editor executable?
    Really, quite literally, some pretty skilled Microsoft employee or contractor reverse engineered our friend EQNEDT32.EXE, located the flawed code, and corrected it by manually overwriting existing instructions with better ones (making sure to only use the space previously occupied by original instructions).  This... This is one hell of a story. The unanswered question is why, exactly, Microsoft felt the need to do this - do they no longer have access to the source code? Has it simply become impossible to set up the correct build environment?  Amazing.


  • How to set up a Pixelbook for programming
    Well, I've really done it. I've taken a pure and unsullied Google Pixelbook, which at one time was fast and secure in all ways, and made it into a crashy mess. My crime? The desire to code.  I'm going to walk you through my process for converting this machine into something that's marginally desirable for programming, but I just wanted to warn you before I begin: this isn't easy, clean, intuitive, or practical. There are rumors that Google is working on better ways to make Chrome OS a host for other flavors of Linux or Linux apps, but right now we're basically working with hacks, and hacks hurt.  Because these hacks hurt, I'd implore you to read this entire guide before attempting any of the steps so you know what you're getting yourself into, and if you, in fact, desire the results.  I think the PixelBook is a stunningly beautiful and fast machine, and while Chrome OS isn't nearly as useless as people often think it is, it clearly isn't the kind of operating system many OSNews readers would prefer. This is a guide to getting a traditional Linux setup up and running.


  • RISC-V port merged to Linux
    The RISC-V port was just merged to Linux a few minutes ago. This means we will be in the 4.15 release, which should be out about 10 weeks from last Sunday. As soon as the tarballs are created, the RISC-V Linux ABI will be stable, and  since we'll ideally be in a glibc release that comes out soon after that we'll be fully ABI stable by early in February.  RISC-V is a completely free and open ISA that hasn't seen much adoption just yet.


  • Scripting the Haiku GUI with 'hey'
    Haiku's GUI is in principle entirely scriptable. You can change a window's position and size and manipulate pretty much every widget in it. The tool to do this is hey. It sends BMessages to an application, thus emulating what happens if the user clicks on a menu, checkbox, or other widgets.


  • The Xerox Alto struts its stuff on its 40th birthday
    The Xerox Alto, widely recognized as the first modern personal computer, pioneered just about every basic concept we are familiar with in computers today. These include windows, bit-mapped computer displays, the whole idea of WYSIWIG interfaces, the cut/paste/copy tools in word processing programs, and pop-up menus. Most of this vision of the "office of the future" was first unveiled at a meeting of Xerox executives held on 10 Nov 1977, which was 40 years ago last week.  To celebrate that birthday, the Computer History Museum in Mountain View, Calif., brought together some of Parc researchers who worked on the Alto on Friday. They put it through its paces in a series of live demos. These demos used an Alto that had been restored to working order over the past eight months.  One of the most important computers ever made.


  • * More than 1 billion Android devices run outdated software *
    This is horrifying:  But even with the data we have, we can take a guess at how many outdated devices are in use. In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android's update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android.  Whenever I bring up just how humongous of an issue this is, and just how dangerously irresponsible it is to let average consumers use this platform, apologists come out of the woodwork with two arguments as to why I'm an Apple shill or anti-Google: Google Play Services and Project Treble.  Google Play Services indeed ensures that a number of parts of your entire Android operating system and stack are updated through Google Play. This is a good move, and in fact, Android is ahead of iOS in this respect, where things like Safari and the browser engine are updated through operating system updates instead of through the App Store - and operating systems updates present a far bigger barrier to updating than mere app updates do. However, vast parts of Android are not updated through the Play Store at all, and pose a serious security threat to users of the platform. Google Play Services are anything but a silver bullet for Android's appalling update situation.  Project Treble is the second term people throw around whenever we talk about Android's lack of updates, but I don't think people really understand what Project Treble is, and what problems it does and does not solve. As Ron Amadeo explains in his excellent Android 8.0 review:  Project Treble introduces a "Vendor Interface" - a standardized interface that sits between the OS and the hardware. As long as the SoC vendor plugs into the Vendor Interface and the OS plugs into the Vendor Interface, an upgrade to a new version of Android should "just work." OEMs and carriers will still need to be involved in customizing the OS and rolling it out to users, but now the parties involved in an update can "parallelize" the work needed to get an update running. SoC code is no longer the "first" step that everyone else needs to wait on.  Treble addresses an important technical aspect of the Android update process by ensuring OEMs have to spend less time tailoring each Android update to every specific SoC and every specific smartphone. However, it doesn't mean OEMs can now just push a button and have the next Google Android code drop ready to go for all of their phones; they still have to port their modifications and other parts of Android, test everything, have it approved by carriers, and push them out to devices worldwide.  Project Treble addresses part of the technical aspect of Android updates, but not nearly all of it. While Treble is a huge improvement and clearly repays a huge technical debt of the Android platform, it doesn't actually address the real reason why OEMs are so lax at updating their phones: the political reason. Even in the entirely unrealistic, unlikely, and honestly impossible event Treble solves all technical barriers to updating Android phones, OEMs still have to, you know, actually choose to do so.  Even the most expensive and brand-defining Android flagships - the Note, Galaxy S, LG V, and so on - are updated at best only six months after the release of a new version of Android, and even then, the rollout usually takes months, with some countries, regions, carriers, or phones not getting the update until much, much later.  This isn't because it really is that hard to update Android phones - it's because OEMs don't care. Samsung doesn't care. LG doesn't care. HTC doesn't care. They'd much rather spend time and resources on selling you the next flagship than updating the one you already paid for.  Treble will do nothing to address that.  But let's assume that not only will Treble address all technical barriers, but also all political barriers. Entirely unlikely and impossible, I know, but for the sake of argument, let's assume that it does. Even then, it will be at best four to five years before we experience these benefits from Treble, because while Treble is a requirement for new devices shipping with Android 8.0 out of the box, it's entirely optional for existing devices being updated to 8.0. With the current pace of Android updates, that means it will be no earlier than four to five years from now before we truly start enjoying the fruits of the Treble team's labour.  At that point, it will have been twelve to thirteen years of accumulating unupdateable, insecure Android devices.  The cold and harsh truth is that as a platform, Android is a mess. It was quickly cobbled together in a rushed response to the original iPhone, and ever since, Google has been trying to repay the technical debt resulting from that rushed response, sucking time and resources away from advancing the state of the art in mobile operating systems.  As an aside, I have the suspicion Google has already set an internal timeline to move away from Android as we know it today, and move towards a new operating system altogether. I have the suspicion that Treble isn't so much about Android updates as it is about further containerising the Android runtime to make it as easy as possible to run Android applications as-is on a new platform that avoids and learns from the mistakes made by Android.  Each and every one of you knows I'm an Android user. I prefer Android over the competition because it allows me to use my phone the way I want to better than the competition. Up until recently, I would choose Android on Apple hardware over iOS on Android hardware - to use that macOS-vs-Windows meme - any day of the week.  These days - I'm not so sure I would. Your options as an Android user today? A Pixel phone you probably can't buy anyway because it's only available in three countries, and even if you can buy it, it falls apart at the seams. You can buy a Samsung or HTC or whatever and perpetually run outdated, insecure software. Or you can buy something from a smaller OEM, and suffer through shady nonsense.  You have to be deeply enveloped in the Android bubble to not see the dire situation this platform is in. Read more on this exclusive OSNews article...


  • OnePlus left a backdoor in its devices with root access
    Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.  People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones. Recent events, however, have made it very clear that you should really steer clear of phones like this, unless you know very well what you're doing.


  • Google to remove Accessibility Services apps from the Play Store
    Some of the most innovative applications on the Play Store are built on using APIs in ways that Google never intended. There are apps that can remap your volume keys to skip music tracks, record and play back touch inputs on webpages or games, and even provide alternative navigation keys so you can use your device€™s entire screen. All of these examples that I€™ve just mention rely on Android€™s Accessibility APIs. But that may soon change, as the Google Play Store team is sending out emails to developers telling them that they can no longer implement Accessibility Services unless they follow Google€™s guidelines.  Accessibility Services is an attack vector for malicious software, so in that light it makes sense. Of course, that doesn't make it any less frustrating that good, innovative software gets smothered like this. Luckily, this is Android, so the developers can always just distribute their applications outside of the Play Store through sideloading, but that's not exactly a secure solution for most people - and let's be honest, not being in the Play Store will be the death knell for most developers.  The real solution would be to provide APIs for things like this, but I doubt Google is going to invest any time, effort, and money into creating such APIs, since they seem more concerned with shoving useless digital assistants down our throats.


  • How Firefox got fast again
    People have noticed that Firefox is fast again.  Over the past seven months, we€™ve been rapidly replacing major parts of the engine, introducing Rust and parts of Servo to Firefox. Plus, we€™ve had a browser performance strike force scouring the codebase for performance issues, both obvious and non-obvious.  We call this Project Quantum, and the first general release of the reborn Firefox Quantum comes out tomorrow.  orthographic drawing of jet engine  But this doesn€™t mean that our work is done. It doesn€™t mean that today€™s Firefox is as fast and responsive as it€™s going to be.  So, let€™s look at how Firefox got fast again and where it€™s going to get faster.  I should definitely give Firefox another try - I've tried it over the years but it always felt a little sluggish compared to the competition. Chrome's gotten way too fat over the years, so I've resorted to using Edge on my main computer lately - it isn't perfect, but it it sure is fast, and places very little strain on my machine. I want my browser to get out of my way, and gobbling up processor cycles is exactly not that.


  • A history of the Amiga, part 11: between an Escom and a Gateway
    Ars Technica has released another excellent article in their series on the Amiga. This article covers the beginning of the post-Commodore world, starting with Escom and ending with the beginning of Amiga Inc.  Commodore International declared itself insolvent on April 29, 1994 under Chapter 7 of US bankruptcy law. Ordinarily, this would have been followed immediately by an auction of all the company€™s assets. However, Commodore€™s Byzantine organizational structure - designed to serve as a tax shelter for financier Irving Gould - made this process far more lengthy and complicated than it should have been.


  • Sailfish 2.1.3 released
    Another point release of one of the few - maybe even only - alternative mobile operating systems still being actively updated.  This update, 2.1.3 alias Kymijoki€brings Sailfish X for Sony Xperia X. All Sailfish devices get fixes for some recent well-known security vulnerabilities, including WPA issues and Bluetooth Blueborne. Kymijoki contains connectivity improvements made for Qt and Android apps and fixes dozens of other issues, too.  It's a relatively minor update, but still - it's good to see Sailfish progressing.




  • Sysadmin 101: Patch Management

    A few articles ago, I started a Sysadmin 101 series to pass down some fundamental knowledge about systems administration that the current generation of junior sysadmins, DevOps engineers or "full stack" developers might not learn otherwise. I had thought that I was done with the series, but then the WannaCry malware came out and exposed some of the poor patch management practices still
       


  • pfSense: Not Linux, Not Bad

    Through the years, I've used all sorts of router and firewall solutions at home and at work. For home networks, I usually recommend something like DD-WRT, OpenWRT or Tomato on an off-the-shelf router. For business, my recommendations typically are something like a Ubiquiti router or a router/firewall solution like Untangled or ClearOS.
       


  • NETGEAR 48-Port Gigabit Smart Managed Plus Switch (GS750E)

    More than ever, small to mid-sized businesses demand and rely on their networks to carry out mission-critical business activities. As always, however, budgets and expertise constrain these companies from using complex managed switches to run their networks.
       


  • New Hope for Digital Identity

    Identity is personal. You need to start there.

    In the natural world where we live and breathe, personal identity can get complicated, but it's not broken. If an Inuit family from Qikiqtaaluk wants to name their kid Anuun or Issorartuyok, they do, and the world copes. If the same kid later wants to call himself Steve, he does. Again, the world copes. So does Steve. 
       



  • Slicing Scientific Data

    I've covered scientific software in previous articles that either analyzes image information or actually generates image data for further analysis. In this article, I introduce a tool that you can use to analyze images generated as part of medical diagnostic work. 
       


  • Linux Journal November 2017
    Arrogance, the Biggest Linux Security Problem
    Linux is no longer an obscure platform avoided by those with malicious intent.
       


  • PoE, PoE+ and Passive POE

    I've been installing a lot of POE devices recently, and the different methods for providing power over Ethernet cables can be very confusing. There are a few standards in place, and then there's a method that isn't a standard, but is widely used.

    802.3af or Active PoE: 
       



  • Analyzing Song Lyrics

    I was reading about the history of The Beatles a few days ago and bumped into an interesting fact. According to the author, The Beatles used the word "love" in their songs more than 160 times. At first I thought, "cool", but the more I thought about it, the more I became skeptical about the figure. In fact, I suspect that the word "love" shows up considerably more than 160 times. 
       


  • Testing the Waters: How to Perform Internal Phishing Campaigns

    Phishing is one of the most dangerous threats to modern computing. Phishing attacks have evolved from sloppily written mass email blasts to targeted attacks designed to fool even the most cautious users. No defense is bulletproof, and most experts agree education and common sense are the best tools to combat the problem.
       


  • The Wire

    In the US, there has been recent concern over ISPs turning over logs to the government. During the past few years, the idea of people snooping on our private data (by governments and others) really has made encryption more popular than ever before. One of the problems with encryption, however, is that it's generally not user-friendly to add its protection to your conversations.
       


  • InfluxData

    What is ephemeral data, you ask? InfluxData can supply the answer, because handling it is the business of the company's InfluxData open-source platform that is custom-built for metrics and events.
       




  • Extended File Attributes Rock!
    Worldwide, data is growing at a tremendous rate. However, one recent study has pointed out that the size of files is not necessarily growing at the same rate; meaning the number of files is growing rapidly. How do we manage all of this data and files? While the answer to that question is complex, one place we can start is with Extended File Attributes. Continue reading


  • Checksumming Files to Find Bit-Rot
    In a previous article extended file attributes were presented. These are additional bits of metadata that are tied to the file and can be used in a variety of ways. One of these ways is to add checksums to the file so that corrupted data can be detected. Let's take a look at how we can do this including some simple Python examples. Continue reading



  • What’s an inode?
    As you might have noticed, we love talking about file systems. In these discussions the term "inode" is often thrown about. But what is an inode and how does it relate to a file system? Glad you asked. Continue reading




  • Emailing HPC
    Email is not unlike MPI. The similarities may help non-geeks understand parallel computers a little better. Continue reading



  • iotop: Per Process I/O Usage
    Based on a reader comment, we take iotop for a spin to see if it can be used for monitoring the IO usage of individual processes on a system. The result? It has some interesting capability that we haven't found in other tools. Continue reading





  • SandForce 1222 SSD Testing, Part 3: Detailed Throughput Analysis
    Our last two articles have presented an initial performance examination of a consumer SandForce based SSD from a throughput and IOPS perspective. In this article we dive deeper into the throughput performance of the drive, along with a comparison to an Intel X-25E SSD. I think you will be surprised at what is discovered. Continue reading


  • Putting Drupal to Work
    Drupal is a simple but powerful CMS. However, you'll probably want to configure it. Learn how to tweak Drupal's settings to your liking. Continue reading


  • SandForce 1222 SSD Testing – Part 2: Initial IOPS Results
    SandForce has developed a very interesting and unique SSD controller that uses real-time data compression. This affects data throughput and SSD longevity. In this article, we perform an initial examination of the IOPS performance of a SandForce 1222-based SSD. The results can be pretty amazing. Continue reading


  • Drupal at Warp Speed
    Need to setup Drupal CMS but don't have the time to learn how? Try this 30 minute quick start guide. Continue reading


  • Chasing The Number
    The Top500 list is a valuable measure of HPC progress, but the race it has spawned maybe over for many organizations Continue reading


  • Stick a Fork in Flock: Why it Failed
    This probably won't come as a surprise to many, but the "social Web browser" has thrown in the towel. Don't cry for the Flock team - they're flying the coop for Zynga to go make Facebook games or something. But Flock's loyal fans are out in the cold. Why'd Flock fail? There's a few lessons to be learned. Continue reading


Page last modified on November 02, 2011, at 05:01 PM