'The German city of Munich, which received much popularity back in the
day when it first ditched Microsoft's services in favor of open-source
software, has now agreed to stop using Linux and switch back to
Windows. If the decision is ratified by the full council in two weeks,
Windows 10 will start rolling out across the city in 2020. From a
report:
A coalition of Social Democrats and Conservatives on the committee
voted for the Windows migration last week, Social Democrat councillor
Anne Hubner told The Register. Munich rose to fame in the open-source
world for deciding to use Linux and LibreOffice to make the city
independent from the claws of Microsoft. But the plan was never fully
realised -- mail servers, for instance, eventually wound up migrating
to Microsoft Exchange -- and in February the city council formally
voted to end Linux migration and go back to Microsoft. Hubner said the
city has struggled with LiMux adoption. "Users were unhappy and
software essential for the public sector is mostly only available for
Windows," she said. She estimated about half of the 800 or so total
programs needed don't run on Linux and "many others need a lot of
effort and workarounds." Hubner added, "in the past 15 years, much of
our efforts were put into becoming independent from Microsoft,"
including spending "a lot of money looking for workarounds" but "those
efforts eventually failed." A full council vote on Windows 10 2020
migration is set for November 23, Hubner said. However, the Social
Democrats and Conservatives have a majority in the council, and the
outcome is expected to be the same as in committee.'
-- source: https://news.slashdot.org/story/17/11/13/1714220
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Linux rules supercomputing. This day has been coming since 1998, when
Linux first appeared on the TOP500 Supercomputer list. Today, it
finally happened: All 500 of the world's fastest supercomputers are
running Linux. The last two non-Linux systems, a pair of Chinese IBM
POWER computers running AIX, dropped off the November 2017 TOP500
Supercomputer list. When the first TOP500 supercomputer list was
compiled in June 1993, Linux was barely more than a toy. It hadn't
even adopted Tux as its mascot yet. It didn't take long for Linux to
start its march on supercomputing.
>From when it first appeared on the TOP500 in 1998, Linux was on its
way to the top. Before Linux took the lead, Unix was supercomputing's
top operating system. Since 2003, the TOP500 was on its way to Linux
domination. By 2004, Linux had taken the lead for good. This happened
for two reasons: First, since most of the world's top supercomputers
are research machines built for specialized tasks, each machine is a
standalone project with unique characteristics and optimization
requirements. To save costs, no one wants to develop a custom
operating system for each of these systems. With Linux, however,
research teams can easily modify and optimize Linux's open-source code
to their one-off designs.
The semiannual TOP500 Supercomputer List was released yesterday. It
also shows that China now claims 202 systems within the TOP500, while
the United States claims 143 systems.'
-- source: https://linux.slashdot.org/story/17/11/14/2223227
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13,
allows users to gain admin rights, or log in as root, without a
password. The security bug is triggered via the authentication dialog
box in Apple's operating system, which prompts you for an
administrator's username and password when you need to do stuff like
configure privacy and network settings. If you type in "root" as the
username, leave the password box blank, hit "enter" and then click on
unlock a few times, the prompt disappears and, congrats, you now have
admin rights. You can do this from the user login screen. The
vulnerability effectively allows someone with physical access to the
machine to log in, cause extra mischief, install malware, and so on.
You should not leave your vulnerable Mac unattended until you can fix
the problem. And while obviously this situation is not the end of the
world -- it's certainly far from a remote hole or a disk decryption
technique -- it's just really, really sad to see megabucks Apple drop
the ball like this.
Developer Lemi Orhan Ergan was the first to alert the world to the
flaw. The Register notes: "If you have a root account enabled and a
password for it set, the black password trick will not work. So, keep
the account enabled and set a root password right now..."'
-- source: https://it.slashdot.org/story/17/11/28/2135236
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'A pair of security researchers in Russia are claiming to have
compromised the Intel Management Engine just using one of the
computer's USB ports. The researchers gained access to a fully
functional JTAG connection to Intel CSME via USB DCI. The claim is
different from previous USB DCI JTAG examples from earlier this year.
Full JTAG access to the ME would allow making permanent hidden changes
to the machine.
"Getting into and hijacking the Management Engine means you can take
full control of a box," reports the Register, "underneath and out of
sight of whatever OS, hypervisor or antivirus is installed."
They add that "This powerful God-mode technology is barely
documented," while The Next Web points out that USB ports are "a
common attack vector."'
-- source: https://it.slashdot.org/story/17/11/11/237236
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
Some of those who have been following the net neutrality debate may
remember a spoof poster that showed what might happen if ISPs were
allowed to charge you differently, based on which sites you were
allowed to visit.
Well, in Spain, which has no laws against this sort of thing, a
similar situation has actually happened: one ISP is selling you addons
to a basic broadband cap based, not on the amount of extra data you
want, but on what you want to use it for. Their “Vodafone Pass” product
offers tiers like €3/month extra for a “Social Pass”, or €5/month for a
“Music Pass”.
<https://pplware.sapo.pt/informacao/vodafone-portugal-pacotes-smartnet/>,
referenced from
<https://www.techdirt.com/articles/20171030/12364538513/portugal-shows-inter…>
Just came across this item
<https://blog.archive.org/2017/08/11/hypercard-on-the-archive-celebrating-30…>
at archive.org about an online emulator that runs HyperCard stacks.
HyperCard, in case you didn’t know, was an application created by Apple
Macintosh engineer Bill Atkinson for that platform in 1987, and it was
always hard to describe exactly what it was for. But it allowed users
to create their own applications, aka “stacks”, around a card-based
paradigm.
One of the commenters points out that the basic idea is still alive and
well, in the form of LiveCode, which is available as a paid online
service <https://livecode.com/> and also in the form of Free Software
<https://github.com/livecode/>.
Noticed your machine getting slow after visiting certain websites? They
could be running cryptocurrency miners in your browser.
<https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and…>:
Coinhive's massive Web audience isn't lost on other companies.
Collin Mulliner, a security researcher and developer of TelStop,
said he recently received an e-mail from a startup called Medsweb
inviting him to integrate a Monero miner into his creation.
I got one of those e-mails too...
'Mirai, the Internet-of-things malware that turns cameras, routers,
and other household devices into potent distributed denial-of-service
platforms, may be lying low, but it's certainly not dead. Last week,
researchers identified a new outbreak that infected almost 100,000
devices in a matter of days.
In September of last year, Mirai emerged as a force to be reckoned
with when it played a key role in silencing one of the most intrepid
sources of security news in then-record-setting DDoS attacks topping
620 gigabits per second. Within a few weeks, Mirai's developer
published the source code, a feat that allowed relatively
unsophisticated people to wage the same types of extraordinarily big
assaults. The release almost immediately helped touch off a series of
large-scale attacks. The most serious one degraded or completely took
down Twitter, GitHub, the PlayStation network, and hundreds of other
sites by targeting Dyn, a service that provided domain name services
to the affected sites.
Last week, researchers from China-based Netlab 360 say they spotted a
new, publicly available Mirai variant. The changes allowed the malware
to spread to networking devices made by ZyXEL Communications that
could be remotely accessed over telnet using default passwords. One of
the exploits was published on October 31. Over a span of 60 hours
starting on November 22, the new Mirai strain was able to commandeer
almost 100,000 devices. Virtually all of the infected devices used IP
addresses local to Argentina, a possible indication the outbreak
targeted customers of a regional service provider who were assigned
unsecured modems.'
-- source: https://arstechnica.com/information-technology/2017/11/internet-paralyzing-…
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'High-Tech Bridge used its free mobile app analysis software, called
Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps
in the Google Play store at three different popularity levels: apps
with up to 100,000 downloads, up to 500,000 downloads, and apps with
more than 500,000 downloads. So, a total of 90 apps altogether. Of the
most popular apps, 94 percent used outdated encryption, 66 percent
didn't use HTTPS to encrypt user information in transit, 44 percent
used hard-coded default passwords (stored in plain text in the code),
and overall 94 percent of the most popular apps were found to have "at
least three medium-risk vulnerabilities."'
-- source: https://it.slashdot.org/story/17/11/29/1610245
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/