Feed aggregator

Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered

OSDir.com - Tue, 08/16/2016 - 14:35
From the Electric Boogaloo dept.:
On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. The non-profit foundation, whose encryption is used by the majority of the Web’s SSL servers, issued a patch and advised sites that use its software to upgrade immediately.

The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.

The Next Circle of Hell: Unpatchable Systems

OSDir.com - Tue, 08/16/2016 - 14:35
From the This Should be Interesting dept.:
Microsoft's decision to end support for Windows XP in April was met with a collective gulp by the IT community. For good reason: Approximately 30 percent of all desktop systems continue to run XP despite Microsoft's decision to stop offering security updates. Furthermore, a critical security flaw in Internet Explorer 8 disclosed recently by HP's TippingPoint Division opens the door to remote attacks on XP systems that use IE8.

But Windows XP is just the tip of an ever-widening iceberg: software and hardware that is unpatchable and unsupportable -- by policy or design. In fact, the trend toward systems and devices that, once deployed, stubbornly "keep on ticking" regardless of the wishes of those who deploy them is fast becoming an IT security nightmare made real, affecting everything from mom-and-pop shops to power stations.

Git 2.0.0 Released

OSDir.com - Tue, 08/16/2016 - 14:35
From the Git 'er. dept.:
The latest feature release Git v2.0.0 is now available at the usual places.

We had to delay the final release by a week or so because we found a few problems in earlier release candidates (request-pull had a regression that stopped it from showing the "tags/" prefix in "Please pull tags/frotz" when the user asked to compose a request for 'frotz' to be pulled; a code path in git-gui to support ancient versions of Git incorrectly triggered for Git 2.0), which we had to fix in an extra unplanned release candidate.

The Linux Foundation Announces Core Infrastructure Initiative

OSDir.com - Tue, 08/16/2016 - 14:35
From the Hindsight dept.:
The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced five new backers, the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.

CII provides funding for fellowships for key developers to work fulltime on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The Steering Committee, comprised of members of the Initiative, and the Advisory Board of industry stakeholders and esteemed developers, are tasked with identifying underfunded open source projects that support critical infrastructure, and administering the funds through The Linux Foundation.

PHK: HTTP 2.0 Should Be Scrapped

OSDir.com - Tue, 08/16/2016 - 14:35
From the Just Stop dept.:
Via the HTTP working group list comes a post from Poul-Henning Kamp proposing that HTTP 2.0 (as it exists now) never be released after the plan of adopting Google's SPDY protocol with minor changes revealed flaws that SPDY/HTTP 2.0 will not address. Quoting:

"The WG took the prototype SPDY was, before even completing its previous assignment, and wasted a lot of time and effort trying to goldplate over the warts and mistakes in it. And rather than 'ohh, we get HTTP/2.0 almost for free', we found out that there are numerous hard problems that SPDY doesn't even get close to solving, and that we will need to make some simplifications in the evolved HTTP concept if we ever want to solve them. ... Wouldn't we get a better result from taking a much deeper look at the current cryptographic and privacy situation, rather than publish a protocol with a cryptographic band-aid which doesn't solve the problems and gets in the way in many applications ? ... Isn't publishing HTTP/2.0 as a 'place-holder' is just a waste of everybody's time, and a needless code churn, leading to increased risk of security exposures and failure for no significant gains ?"

Apple, Google Settle Smartphone Patent Litigation

OSDir.com - Tue, 08/16/2016 - 14:35
From the Back to Work dept.:
Apple Inc and Google Inc's Motorola Mobility unit have agreed to settle all patent litigation between them over smartphone technology, ending one of the highest profile lawsuits in technology.

Valve Sponsors Work To Greatly Speed-Up Linux OpenGL Game Load Times

OSDir.com - Tue, 08/16/2016 - 14:35
From the Loading... dept.:
Valve Software has sponsored some interesting improvements developed by LunarG for the Mesa OpenGL library on Linux for deferred and threaded GLSL shader compilation. What these changes mean for users of the open-source Linux graphics drivers when running their favorite games is that OpenGL games now load a lot faster. As an example, the time from starting Dota 2 until the time actually being within the game is reduced by about 20 seconds on an Intel system. While Direct3D has offered similar functionality for a while, OpenGL has not, which has given it a bad reputation with regard to game load times until all shaders are compiled and cached — fortunately it's now addressed for OpenGL if using the Mesa Linux graphics drivers on a supported game.

F-Secure Report Notes Over 99 Percent Of Mobile Threats Target Android

OSDir.com - Tue, 08/16/2016 - 14:35
From the App Stores???? dept.:
Google's open source Android platform has the distinction of being the most popular mobile operating system in the world. That's great in terms of dominating the market and reaping the rewards that come with it, but it's also for that very reason that Android finds itself the target of virtually every new mobile malware threat that emerges.

According to data published in F-Secure's latest Mobile Threat Report, over 99 percent of the new mobile threats it discovered in the first quarter of 2014 targeted Android users. To be fair, we're not taking about hundreds of thousands, tens of thousands, or thousands of malware threats -- F-Secure detected 277 new threat families, of which 275 honed in on Android. Of the remaining two, one targeted iPhone and the other set Symbian in its sights.

Firefox 29 Launches With Major Redesign

OSDir.com - Tue, 08/16/2016 - 14:35
From the Please be good. Please be good... dept.:
Mozilla is launching its most important release of Firefox in a very long time today. After almost two years of working on its Australis redesign, the company is now finally ready to bring it to its stable release channel.

After loading it for the first time, chances are you’ll be slightly confused. This is Firefox’s most radical redesign since it moved to its rapid release schedule a few years ago. The new version looks significantly more like Chrome than the old Firefox. It features the same three-bar menu on the right and rounded tabs, for example. At the same time, though, it keeps the separate search form — something most other browsers have now done away with.

Testing the Digital Ocean $5 Cloud Servers with an MMORPG

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by Ray)

Gluster 3.4.2 on Two Node Controller+Compute Neutron GRE+OVS Fedora 20 Cluster

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by Boris Derzhavets)

Running ownCloud 5.0 On Nginx (LEMP) On Debian Wheezy

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by falko)

Running SilverStripe On Nginx (LEMP) On Debian Wheezy/Ubuntu 13.04

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by falko)

SteamBox: Sabayons version of the Steam Machine

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by finid)

Install Virtualbox 4.3 on Ubuntu/Debian/Fedora

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 13 May 2014 by Silver Moon)

10 basic examples of linux netstat command

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 28 Apr 2014 by Silver Moon)

USB Redirection hack on Two Node Controller+Compute Neutron GRE+OVS Fedora 20 Cluster

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 28 Apr 2014 by Boris Derzhavets)

Installing Debian testing On GPT HDDs From A Grml Live Linux

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 28 Apr 2014 by falko)

Step By Step Ubuntu 13.04 (Raring Ringtail) LAMP Server Setup

Librenix.com - Thu, 11/20/2014 - 01:35
(Posted 28 Apr 2014 by gg234)
Comment