wlug November 2016

wlug@list.waikato.ac.nz

13 participants
41 discussions

by Lawrence D'Oliveiro

I helped an elderly friend set up his new PC yesterday. His previous machine, over a decade old, was running Windows XP. I had set up an Ubuntu dual-boot a few years back, and he liked playing the games. But then the Linux boot stopped working--there was a message to the effect “hd0 out of disk”, which sounded like a GRUB problem (“hd0” being a GRUB disk name, not a Linux disk name). I booted up SystemRescueCD, and found that disk space was ample. I did an fsck on the Linux volume, and found no filesystem problems. I ran a badblocks scan, and it reported several bad sectors, though oddly they only seemed to be in the Windows partition (if I interpreted the numbers correctly). Naturally I searched online, but the hits I found for that error message didn’t seem very helpful. Reinstalling GRUB didn’t help, so I concluded there were likely other hardware problems, so time for a new machine. He got an entry-level dual-core AMD box from PBTech--their own house build, in a CoolerMaster case--for well under a grand. Nothing fancy, but good enough for his needs--mainly Web browsing, e-mail, a little bit of word processing, and those games. The PBTech box came without an OS. He could have got Windows 10 for it, but considering he would be facing a learning curve coming from XP regardless, I suggested going 100% Linux for all his daily needs, to see if that would work. He could always spend the $160-odd extra on Windows later if need be. So I set it up with Linux Mint, since that seems to be everybody’s favourite :). He was already using Firefox on Windows, so moving all his Web bookmarks across was easy. The Mint install put an icon for Thunderbird on the desktop by default, so I decided to try that for e-mail. Getting his address book across from Outlook Express was fairly straightforward, once I figured out how to map the exported CSV field names correctly. The mail messages were slightly more fiddly, but I found this extension <https://addons.mozilla.org/en-US/thunderbird/addon/importexporttools/> which directly loads Microsoft’s .dbx files, and that seemed to work OK. Then he wanted to play CDs. When we put in an audio CD, it came up with options to run Banshee (media player) or Brasero (disc burner). The Banshee media player wouldn’t play the CD directly, it insisted on ripping it to the hard drive first. This was not really what he wanted. I had a look round, and found KsCD, which will indeed play audio CDs without trying to rip them to audio files first. As far as I know, this is the only GUI Linux app that can do so. So, day 1 ended on a reasonably successful note. He was already noticing how much faster the new machine was. So we’ll see how it goes from here...

4 years

feature update (formerly known as upgrade)

by Ian Young

The detailed content is a bit beyond my pay grade but I did like the bit about upgrade being displaced by feature update. http://www.theregister.co.uk/2016/12/01/upgrade_shift_f10_pops_win10_system…

4 years, 10 months

Firefox Zero-Day Can Be Used To Unmask Tor Browser Users

by Peter Reutemann

'A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.' -- source: https://yro.slashdot.org/story/16/11/30/2156218 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 10 months

More Than 1 Million Android Devices Rooted By Gooligan Malware

by Peter Reutemann

'A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.' -- source: https://tech.slashdot.org/story/16/11/30/1720202 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 10 months

expanding Europe's Linux Presentation Day to New Zealand

by Hauke Laging

Hello, in May 2015 Berlin's Linux user group (BeLUG) has started a new type of event which has spread quickly all over Europe: the Linux Presentation Day (LPD) 2015.1: Berlin only 2015.2: 72 cities in three countries 2016.1: 110 cities in 10 countries 2016.2: 150+ cities in 14 countries (on October, 22nd) I contact you because we intend to expand the LPD beyond Europe next year. The aim of the LPD towards the general public is to provide biannual and comprehensive information events about Linux for private users who would like to get a first impression of Linux. The aim towards the media is to make the event so big (both nationally and internationally) that the nationwide non-IT media cover it regularly. The aim towards the Linux community is that an LPD event can be so small and easy to organize (even without costs) that really everyone can try to organize an event with good chances of success. The local organizers decide on their own what their event shall be like; we just make suggestions and offer support. You can find a longer description of the concept here: http://www.linux-presentation-day.org/idea/ Are you as an organization interested in participating in the LPD? If not: Are any of your members interested in helping us bring the LPD to New Zealand? This event is very useful for finding new LUG members. Best regards, (Mr.) Hauke Laging -- http://www.linux-presentation-day.org/ International phone contact for the Linux Presentation Day: tel:+49-30-55579620 (13:00–23:00, German and English) XMPP (Chat with OTR): linux-presentation-day(a)jabber.ccc.de OTR: 91626899 1C06F2BD 75EC2441 35C696CE 38F75997

4 years, 10 months

Westpac one and online banking

by Ron Dean

Apparently I was in error that Westpac would be closing its browser based online banking. Its still available through a browser just not the original Online banking. Thanks for all your comments -- Ron Dean

4 years, 10 months

Jolla's Sailfish OS Now Certified as Russian Government's First 'Android Alternative'

by Peter Reutemann

'The future for one of the few remaining alternative mobile OS platforms, Jolla's Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use. TechCrunch adds: In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple's iOS -- flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point. The government has said it wants to radically reduce its reliance on foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of the market garnered by Android and iOS in 2015. Sailfish's local certification in Russia also follows an announcement earlier this year that a new Russian company, Open Mobile Platform (OMP), had licensed the OS with the intention of developing a custom version of the platform for use in the domestic market. So, in other words, a Russian, strategic 'Android alternative' is currently being built on Sailfish.' -- source: https://yro.slashdot.org/story/16/11/29/208245 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 10 months

Westpac insisting that Banking be done with Android or IOS

by Ron Dean

I always do my banking with a Linux Desktop and keep the system up to Date and do it through a web browser. It seems less secure with my android devices as they don't provide frequent updates as Ubuntu does. Should I change Banks? -- Ron Dean

4 years, 11 months

Open Review Toolkit

by Lawrence D'Oliveiro

The Open Review Toolkit is software that turns a book manuscript into a website where users can read and annotate your text, and “you can collect valuable data to help launch your book”. <http://freedom-to-tinker.com/2016/11/27/announcing-the-open-review-toolkit/>

4 years, 11 months

Ex-Debian systemd Haters Celebrate Second Birthday

by Lawrence D'Oliveiro

Two years going, this Linux OS that aims for "Init Freedom" isn't the most vibrant distribution out there. When's the last time you've heard of Devuan or even used it yourself? This year much of the systemd "hate" seems to have calmed down compared to prior years, although new features continue to be tacked onto systemd. <http://phoronix.com/scan.php?page=news_item&px=Devuan-Systemd-Debian-Turns-…>

4 years, 11 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug November 2016