Miscellaneous Tech News
-
-
Forum cracks the vintage passwords of Ken Thompson and other Unix pioneers
Security in the early days of Unix was poor. Then, there were the passwords.
As one of the original versions of Unix, BSD is an ancient operating system. So it shouldn’t come as a surprise that it used what are, by today’s standards, strange, even ridiculous security. For one, the hashing function protecting passwords, though state of the art 40 years ago, is now trivial to crack. Stranger still, the password hashes of some BSD creators were included in publicly available source code. And then, there are the passwords people chose. Last week, technologist Leah Neukirchen reported finding a source tree for BSD version 3, circa 1980, and successfully cracking passwords of many of computing’s early pioneers. In most of the cases the success was the result of the users choosing easy-to-guess passwords. -
A detailed look at Ubuntu’s new experimental ZFS installer
Let's take a sneak ZFS peek under the hood of Ubuntu Eoan Ermine's latest build.
If you're new to the ZFS hype train, you might wonder why a new filesystem option in an OS installer is a big deal. So here's a quick explanation: ZFS is a copy-on-write filesystem, which can take atomic snapshots of entire filesystems. This looks like sheer magic if you're not used to it—a snapshot of a 10TB filesystem can be taken instantly without interrupting any system process in the slightest. Once the snapshot is taken, it's an immutable record of the exact, block-for-block condition of the filesystem at the moment in time the snapshot was taken. When a snapshot is first taken, it consumes no additional disk space. As time goes by and changes are made to the filesystem, the space required to keep the snapshot grows by the amount of data that has been deleted or altered. So let's say you snapshot a 10TB filesystem: the snapshot completes instantly, requiring no additional room. Then you delete a 5MB JPEG file—now the snapshot consumes 5MB of disk space, because it still has the JPEG you deleted. Then you change 5MB of data in a database, and the snapshot takes 10MB—5MB for the JPEG you deleted and another 5MB for the data that you altered in the database. -
Planting tiny spy chips in hardware can cost as little as $200
Proof-of-concept shows how easy it may be to hide malicious chips inside IT equipment.
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The National Security Agency dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise. But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment. -
@mlnews said in Miscellaneous Tech News:
But even as the facts of that story remain unconfirmed
It has been confirmed there are no implanted chips on the Supermicro MB. What the hell kind of confirmation is needed besides that?
-
@Pete-S said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
But even as the facts of that story remain unconfirmed
It has been confirmed there are no implanted chips on the Supermicro MB. What the hell kind of confirmation is needed besides that?
You can't confirm a negative.
-
AT&T charged customers for a corporate tax that it doesn’t have to pay
Portland tax exempts utilities like AT&T—but carrier added it to customer bills.
AT&T charged customers in Portland, Oregon for a corporate tax that AT&T doesn't actually have to pay. AT&T has agreed to provide refunds to customers who were wrongly charged the tax over the past few months, but it's facing a lawsuit that seeks additional payments of at least $200 to each of those customers. AT&T's mistake relates to Portland's new Clean Energy Surcharge, a 1% tax on retail sales in the city. AT&T has been passing this tax along to its mobile customers, even though the city law exempts utilities such as AT&T from the tax. "The city only recently notified us that we are exempt from the tax," AT&T said a statement Friday, according to The Oregonian. "We will be issuing refunds to our customers." -
BBC News - Google Pixel 4: Indians disappointed as 'radar feature' prevents launch
https://www.bbc.co.uk/news/world-asia-india-50065273 -
In 2019, multiple open source companies changed course—is it the right move?
"We have to draw a line between open source and the right to make money with open source."
Free and open source software enables the world as we know it in 2019. From Web servers to kiosks to the big data algorithms mining your Facebook feed, nearly every computer system you interact with runs, at least in part, on free software. And in the larger tech industry, free software has given rise to a galaxy of startups and enabled the largest software acquisition in the history of the world. Free software is a gift, a gift that made the world as we know it possible. And from the start, it seemed like an astounding gift to give. So astounding in fact that it initially made businesses unaccustomed to this kind of generosity uncomfortable. These companies weren't unwilling to use free software, it was simply too radical and by extension too political. It had to be renamed: "open source." Once that happened, open source software took over the world. -
https://www.omgubuntu.co.uk/2019/10/the-ubuntu-20-04-lts-codename-has-been-revealed
Two distros that I constantly anticipate its release is Ubuntu and Fedora. My runners up are elementary os, Deepin and Linux Mint.
-
The latest Google shutdowns: Daydream VR, Google Clips
At the same time Google launches products, it also takes some away.
Google's big hardware event happened yesterday, which saw the announcement of the Pixel 4, Pixelbook Go, Nest Wi-Fi, Nest Home Mini, and new Pixel Buds. While the "Made by Google 2019" event was going on, Google was quietly shutting down enough products that it could have also held a mini "Killed by Google 2019" event that same day. Pour one out for the Google Daydream VR headset and the Google Clips camera. Google Daydream View launched in 2016 and was Google's swing at proper phone-based virtual reality. Like the Samsung and Oculus collaboration Gear VR, the Daydream View was a cheap, light, "dumb" headset that featured VR lenses and little else. You slotted a smartphone into the front, and the phone switched to a VR mode, rendering a stereoscopic image that was blasted into your eyeballs through the lenses. You already have an expensive smartphone, so why not dip your toe in the VR waters with a cheap $100 headset. -
Fedora 31 Release Held Up By Installer + DNF Bugs
https://www.phoronix.com/scan.php?page=news_item&px=Fedora-31-Release-Delayed*Fedora developers had been trying to ship Fedora 31 for their original release target of next Tuesday, 22 October, but that isn't going to happen due to remaining blocker bugs.
At today's meeting they decided F31 is a "No-Go" due to open issues.
Among the blocker bugs at this point are upgrade issues over libgit2.so.28()(64bit) not being found, a DNF exception around armv7hcnl, a dnf-yum upgrade issue from Fedora 30, dnfdragora having complaints about a locked process after updates, and a Fedora 31 KDE Live graphics issue when booting in BIOS mode, among other proposed blockers.*
-
@wrx7m said in Miscellaneous Tech News:
Fedora 31 Release Held Up By Installer + DNF Bugs
https://www.phoronix.com/scan.php?page=news_item&px=Fedora-31-Release-Delayed*Fedora developers had been trying to ship Fedora 31 for their original release target of next Tuesday, 22 October, but that isn't going to happen due to remaining blocker bugs.
At today's meeting they decided F31 is a "No-Go" due to open issues.
Among the blocker bugs at this point are upgrade issues over libgit2.so.28()(64bit) not being found, a DNF exception around armv7hcnl, a dnf-yum upgrade issue from Fedora 30, dnfdragora having complaints about a locked process after updates, and a Fedora 31 KDE Live graphics issue when booting in BIOS mode, among other proposed blockers.*
:crying_face:
-
@black3dynamite said in Miscellaneous Tech News:
@wrx7m said in Miscellaneous Tech News:
Fedora 31 Release Held Up By Installer + DNF Bugs
https://www.phoronix.com/scan.php?page=news_item&px=Fedora-31-Release-Delayed*Fedora developers had been trying to ship Fedora 31 for their original release target of next Tuesday, 22 October, but that isn't going to happen due to remaining blocker bugs.
At today's meeting they decided F31 is a "No-Go" due to open issues.
Among the blocker bugs at this point are upgrade issues over libgit2.so.28()(64bit) not being found, a DNF exception around armv7hcnl, a dnf-yum upgrade issue from Fedora 30, dnfdragora having complaints about a locked process after updates, and a Fedora 31 KDE Live graphics issue when booting in BIOS mode, among other proposed blockers.*
:crying_face:
But also a good thing showing that things are clearly tested before release.
-
@JaredBusch said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
@wrx7m said in Miscellaneous Tech News:
Fedora 31 Release Held Up By Installer + DNF Bugs
https://www.phoronix.com/scan.php?page=news_item&px=Fedora-31-Release-Delayed*Fedora developers had been trying to ship Fedora 31 for their original release target of next Tuesday, 22 October, but that isn't going to happen due to remaining blocker bugs.
At today's meeting they decided F31 is a "No-Go" due to open issues.
Among the blocker bugs at this point are upgrade issues over libgit2.so.28()(64bit) not being found, a DNF exception around armv7hcnl, a dnf-yum upgrade issue from Fedora 30, dnfdragora having complaints about a locked process after updates, and a Fedora 31 KDE Live graphics issue when booting in BIOS mode, among other proposed blockers.*
:crying_face:
But also a good thing showing that things are clearly tested before release.
Exactly - would rather have a delay instead of a pull back of code, like Windows 10 1809...
-
Unpatched Linux bug may open devices to serious attacks over Wi-Fi
Buffer overflow can be triggered in Realtek Wi-Fi chips, no user interaction needed.
A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013. -
-
Alexa and Google Home abused to eavesdrop and phish passwords
Amazon- and Google-approved apps turned both voice-controlled devices into "smart spies."
*By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials. Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. * -
https://mover.io/blog/2019/10/21/mover-acquired-by-microsoft/
Since we launched Mover, we have dedicated ourselves to being one of the fastest and most recognized cloud storage migrators in the world. Today the next chapter in our journey begins, and I am very happy to announce that Microsoft has acquired Mover.
As the world moves to Microsoft 365, it needs an excellent self-serve solution for migrating content. Our technology makes us one of the fastest OneDrive and SharePoint document migrators in the world. My team has proven this time and time again by setting migration speed records for the industry, always meeting customer needs. Security, file fidelity, and transfer accuracy are core tenets of our company and we take pride in our reputation.
Moving forward, we’ll bring our deep expertise and migration technology to serve Microsoft customers. This acquisition will ensure that customers making the move to Microsoft 365 have a seamless and cost effective experience.
It has been a fantastic journey these last eight years. We have met thousands of wonderful customers and moved more data than I ever imagined. It has been an honor to be trusted by you and your fellow customers.
On behalf of everyone at Mover, thank you to all our family, friends, customers, partners, investors, and allies who helped us get to where we are today. We couldn’t have done it without you.
-Best, Eric Warnke
Also:
https://blogs.microsoft.com/blog/2019/10/21/microsoft-acquires-mover-to-simplify-and-speed-file-migration-to-microsoft-365/
Microsoft acquires Mover to simplify and speed file migration to Microsoft 365 -
Hackers steal secret crypto keys for NordVPN. Here’s what we know so far
Breach happened 19 months ago. Popular VPN service is only disclosing it now.
Hackers breached a server used by popular virtual network provider NordVPN and stole encryption keys that could be used to mount decryption attacks on segments of its customer base. A log of the commands used in the attack suggests that the hackers had root access, meaning they had almost unfettered control over the server and could read or modify just about any data stored on it. One of three private keys leaked was used to secure a digital certificate that provided HTTPS encryption for nordvpn.com. The key wasn't set to expire until October 2018, some seven months after the March 2018 breach. Attackers could have used the compromised certificate to impersonate the nordvpn.com website or mount man-in-the-middle attacks on people visiting the real one. Details of the breach have been circulating online since at least May 2018.