October 2019 - wlug - University of Waikato Mail Lists

System76 Will Begin Shipping 2 Linux Laptops With Coreboot-Based Open Source Firmware

by Peter Reutemann

'System76, the Denver-based Linux PC manufacturer and developer of Pop OS, has some stellar news for those who prefer their laptops a little more open. Later this month the company will begin shipping two of their laptop models with its Coreboot-powered open source firmware. From a report: Beginning today, System76 will start taking pre-orders for both the Galago Pro and Darter Pro laptops. The systems will ship out later in October, and include the company's Coreboot-based open source firmware which was previously teased at the 2019 Open Source Firmware Conference. (Coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.) What's so great about ripping out the proprietary firmware included in machines like this and replacing it with an open alternative? To begin with, it's leaner. System76 claims that users can boot from power off to the desktop 29% faster with its Coreboot-based firmware. [...] Both of these laptops can be kitted out with 10th-Generation Intel CPUs (specifically the i5-10210U and the i7-10510U), and both have glare-resistant matte 1080p IPS displays. Beginning at $949, the Galago Pro features an all-aluminum chassis, a wealth of connectivity options including HDMI, DisplayPort to USB-C and Thunderbolt, and can be configured with up to 32GB of RAM and up to 6TB of storage space. The Darter Pro, meanwhile, can be built out with 32GB of RAM and up to 2TB of storage, and features up to 10 hours of battery life.' -- source: https://hardware.slashdot.org/story/19/10/10/1847228 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Forum cracks the vintage passwords of Ken Thompson and other Unix pioneers

by Peter Reutemann

'As one of the original versions of Unix, BSD is an ancient operating system. So it shouldn’t come as a surprise that it used what are, by today’s standards, strange, even ridiculous security. For one, the hashing function protecting passwords, though state of the art 40 years ago, is now trivial to crack. Stranger still, the password hashes of some BSD creators were included in publicly available source code. And then, there are the passwords people chose. Last week, technologist Leah Neukirchen reported finding a source tree for BSD version 3, circa 1980, and successfully cracking passwords of many of computing’s early pioneers. In most of the cases the success was the result of the users choosing easy-to-guess passwords. BSD co-inventor Dennis Ritchie, for instance, used “dmac” (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose “bourne”; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on “wendy!!!” (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used “axolotl” (the name of a Mexican salamander). Weakest of all was the password for Unix contributor Brian W. Kernighan: “/.,/.,”—representing a three-character string repeated twice using adjacent keys on a QWERTY keyboard. (None of the passwords included the quotation marks.) But there were at least five plaintext passwords that remained out of reach. They included those belonging to Turkish computer scientist Özalp Babaoğlu, Unix software developer Howard Katseff, and crucial Unix contributors Tom London and Bob Fabry. But the uncracked hash that seemed to occupy Neukirchen the longest was the password used by Ken Thompson, another Unix co-inventor. “I never managed to crack ken's password with the hash ZghOT0eRm4U9s, and I think I enumerated the whole 8 letter lowercase + special symbols key space,” Neukirchen reported in the above-linked thread, posted to the Unix Heritage Society mailing list. “Any help is welcome.' -- source: https://arstechnica.com/information-technology/2019/10/forum-cracks-the-vin… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

A detailed look at Ubuntu’s new experimental ZFS installer

by Peter Reutemann

'Yesterday brought exciting news on the ZFS and Ubuntu fronts—experimental ZFS root support in the installer for Ubuntu's upcoming interim release, Eoan Ermine. The feature appeared in the 2019-10-09 daily build of Eoan—it's not in the regular beta release and, in fact, wasn't even in the "current daily" when we first went to download it. It's that new! (Readers wanting to play with the new functionality can find it in today's daily build, available here.)' -- source: https://arstechnica.com/information-technology/2019/10/a-detailed-look-at-u… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Schneier Slams Australia's Encryption Laws and CyberCon Speaker Bans

by Peter Reutemann

'Governments breaking encryption is bad, and "will get worse once breaking encryption means people can die," says one of the world's leading security experts. From a report: "Australia has some pretty draconian laws about forcing tech companies to break security," says cryptographer and computer security professional Bruce Schneier. He's referring to the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which came into force in December. "I actually don't like that, because stuff that you do flows downhill to the US. So stop doing that," he told the Australian Cybersecurity Conference, or CyberCon, in Melbourne on Wednesday. Schneier's argument against breaking encrypted communications is simple. "You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works," he said. "As this tech becomes more critical to life, we simply have to believe, accept, that securing it is more important than leaving it insecure so you can eavesdrop on the bad guys."' -- source: https://it.slashdot.org/story/19/10/09/1855255 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Tor Project Removes 13.5% of Current Servers For Running EOL Versions

by Peter Reutemann

'The Tor Project has removed from its network this week more than 800 servers that were running outdated and end-of-life (EOL) versions of the Tor software. The removed servers represent roughly 13.5% of the 6,000+ servers that currently comprise the Tor network and help anonymize traffic for users across the world. Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit relays -- where users exit the Tor network onto the world wide web after having their true location hidden through the Tor network. The organization said it plans to release a Tor software update in November that will natively reject connections with EOL Tor server versions by default, without any intervention from the Tor Project staff. "Until then, we will reject around 800 obsolete relays using their fingerprints," the Tor Project said in a statement this week.' -- source: https://tech.slashdot.org/story/19/10/09/1853238 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Critical Remote Code Execution Flaw Fixed In Popular Terminal App For MacOS

by Peter Reutemann

'iTerm2 users: It's time to upgrade. A security audit sponsored by the Mozilla Open Source Support Program uncovered a critical remote code execution (RCE) vulnerability in the popular open-source terminal app for macOS. ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations. The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn't, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies. The flaw, which is now tracked as CVE-2019-9535, has existed in iTerm2 for the past seven years and is located in the tmux integration. Tmux is a terminal multiplexer that allows running multiple sessions in the same terminal window by splitting the terminal screen. The flaw was fixed in iTerm2 version 3.3.6, which was released today.' -- source: https://apple.slashdot.org/story/19/10/09/2048214 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Essential Reveals Project Gem Smartphone With Very Long, Unusual Design

by Peter Reutemann

'Andy Rubin, the controversial mobile industry executive who co-founded Android, left Google amid allegations of sexual misconduct while retaining a huge severance package, and went on to create the Essential Phone, has tweeted photos teasing an upcoming device with an elongated design and very tall UI composed of card-like apps. The Verge reports: It look extremely small in his hands, too. The device has a large button and volume rocker on the right edge and a fingerprint divot around back, below what appears to be a single main camera. And as you can see, these devices have some decidedly flashy finishes that change color when you view them at different angles -- a sea green that shifts to yellow and blue, for example. An Essential spokesperson confirmed to the The Verge that this is the company's new phone, adding: "We've been working on a new device that's now in early testing with our team outside the lab. We look forward to sharing more in the near future." A couple hours later, Essential tweeted some slightly more official images of the new phone, which it's calling Project Gem. XDA-Developers also spotted some leaked code that mentions the divot on the rear of the device may activate its voice assistant when you tap your finger to it. They also suggest it runs Android and packs a Qualcomm Snapdragon 730 processor. ' -- source: https://mobile.slashdot.org/story/19/10/09/0519214 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Intel Kills Kaby Lake G, Vows To Offer Drivers For Five Years

by Peter Reutemann

'When Kaby Lake G debuted at CES 2018, it made a big bang. No one expected sworn rivals Intel and AMD to collaborate on a CPU package, marrying a 7th-gen Kaby Lake CPU with a unique AMD Radeon RX Vega GPU. But what began with a bang ended Monday with an unceremonious memo. From a report: The Product Change Notification published by Intel on Monday confirmed that pretty much every single Kaby Lake G, including the Core i7-8706G, the Core i7-8705G, and the Core i5-8305G, would be discontinued. Last call for orders will be on January 17, 2020, and the final shipments are scheduled for July 31, 2020. While the end of life of a processor isn't typically a big deal to consumers who own them, one sticking point could have been driver support. Specifically, Kaby Lake G drivers for the custom AMD Radeon RX Vega M graphics come only from Intel. With a normal discrete GPU, the consumer would download drivers from the original company, such as Nvidia or AMD. With Kaby Lake G kaput, where does that leave Kaby Lake G-owners? Intel said the company will follow its standard policy and provide driver support for Kaby Lake G for five years from the launch of the product. All told, that probably means another 3.5 years of driver updates.' -- source: https://slashdot.org/story/19/10/09/142229 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Fedora Drops 32-Bit Linux

by Peter Reutemann

'Brian Fagioli, writing for BetaNews: Beginning with the upcoming version 31 of the operating system, i686 32-bit processor support is being dropped by the Fedora Project. "The i686 architecture essentially entered community support with the Fedora 27 release. Unfortunately, there are not enough members of the community willing to do the work to maintain the architecture. Don't worry, though -- Fedora is not dropping all 32-bit packages. Many i686 packages are still being built to ensure things like multilib, wine, and Steam will continue to work," says Justin Forbes of Fedora Project. Forbes further explains, "While the repositories are no longer being composed and mirrored out, there is a koji i686 repository which works with mock for building 32-bit packages, and in a pinch to install 32-bit versions which are not part of the x86_64 multilib repository. Of course, maintainers expect this will see limited use. Users who simply need to run a 32-bit application should be able to do so with multilib on a 64-bit system."' -- source: https://tech.slashdot.org/story/19/10/09/154256 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

Internal Email Shows GitHub Plans To Renew ICE Contract

by Peter Reutemann

'GitHub CEO Nat Friedman explained why the company plans to renew a contract with U.S. Immigration and Customs Enforcement (ICE), even though he and others at GitHub oppose ICE's policy of separating children from parents at the border, Motherboard reported on Wednesday, citing an internal GitHub email. From a report: The email shows the continuing debate within the tech industry about whether companies should work specifically with ICE, and comes as a host of other companies have dealt with employee protests over corporate involvement with ICE. "In August, the GitHub leadership team learned about a pending renewal of our product by the U.S. Immigration & Customs Enforcement (ICE) agency. Since then, we have been talking with people throughout the company, based on our own personal concerns and those raised by Hubbers," Friedman's email reads, referring to GitHub employees. Evan Greer, deputy director at activism group Fight for the Future tweeted a copy of the email on Tuesday. Motherboard also separately obtained a copy of the email from a source inside GitHub. The product up for renewal is a license of GitHub Enterprise Server, an on-premises deployment of GitHub that customers can run on their own server, according to the email. ICE originally bought a license in April, 2016.' -- source: https://developers.slashdot.org/story/19/10/09/1557245 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 4 months

1
0
0 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug October 2019