wlug

wlug@list.waikato.ac.nz

4 participants
7572 discussions

by Lawrence D'Oliveiro

Moxion is an NZ-based company that manages digital “dailies” (raw footage from movie production) for remote working. It is now being acquired by content-creation behemoth Autodesk, known for its CG apps Maya and 3DS Max, among other products <https://www.hollywoodreporter.com/business/digital/autodesk-moxion-digital-…>. Here <https://www.stuff.co.nz/entertainment/film/104976105/moxion-the-kiwi-compan…> is an older backgrounder on the company’s business model. Dating from 2018, it gives some interesting examples of where the logistics of location shooting make their approach superior to traditional methods of managing footage. I’m not sure what the value of the acquitision is. I think I saw a figure of “tens of millions”, which makes Moxion a minnow in typical US terms.

13 hours, 6 minutes

Is Altering The Appearance Of A Website A Copyright Violation?

by Lawrence D'Oliveiro

A German court has just decided that a browser extension which strips ads from websites does not violate copyright <https://www.theregister.com/2022/01/19/ad_blockers_copyright_germany/>. One may have concerns with the business model of this particular company, but the general principle of a user being able (perhaps with the help of a third party) to modify a website’s content before displaying it on their own machine seems sacrosanct. However, a similar issue is being re-raised in the US, with a website owner filing a lawsuit against Google for the way its Android search app superimposes its own ads on top of the website display. It has long been decided that this does not violate copyright, but now the plaintiff is trying to argue that a website’s HTML code is not merely “intellectual property”, but actual physical property, so the principle of “trespass to chattels” can be applied to it.

14 hours, 26 minutes

Are We Getting Closer to the Year of the Linux Desktop?

by Peter Reutemann

'Earlier this year TechRepublic argued that while 2021 wasn't the year of the Linux desktop, "there was no denying the continued dominance of Linux in the enterprise space and the very slow (and subtle) growth of Linux on the desktop. And in just about every space (minus the smartphone arena), Linux made some serious gains." So would 2022 be the year of the Linux desktop? "Probably not." But developer Tim Wells honestly believes we're getting closer: The idea of the year of the Linux desktop is that there would come a year that the free and open source operating system would reach a stage that the average user could install and use it on their pc without running into problems. Linus Sebastian from Linus Tech Tips recently did an experiment where he installed Linux on his home PC for one month to see if he could use it not only for everyday tasks, but for gaming and also streaming. Ultimately he concluded (in a video just released) that this year will not be the year of the Linux desktop and that while doing everyday stuff was reasonably okay, the state of gaming on Linux (despite Valves lofty goals) is to put it simply, a shit-show. (That's my word, not his)... The experiment done by Linus seems to show that while some games do indeed run well using [Valve's Windows compatibility layer] Proton, there are just as many that run with issues. Some of those issues can be game breaking. Such as the game running, but its multiplayer functionality not working at all. Some games just plain don't work at all due to dependencies on services such as Easy Anti Cheat... In his video Linus mentions that the main problem preventing the "year of the Linux desktop" is the fragmentation. By fragmentation, he means the range of available distributions and the fact that each distribution has (potentially) different versions of libraries and drivers and software that makes the behind the scenes operate.... Flatpak and Snap as well as AppImage are making progress towards fixing this fragmentation issue, but those are not yet perfect either. Flatpak works by ensuring that the expected versions of libraries required for that software are installed along side it and independent of the existing library the distro may provide... Valve have said that the Steamdeck will also use an immutable core operating system for the same reasons. So while Linus is sure that 2022 isn't yet the year of the Linux desktop and that fragmentation is the biggest problem. I think maybe, just maybe, we're closer to solving those problems and closer perhaps to the year of the Linux desktop that some might realise.' -- source: https://linux.slashdot.org/story/22/01/15/0224235 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 day, 10 hours

Safari and iOS users: Your browsing activity is being leaked in real time

by Peter Reutemann

'For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time. The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab. Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.' -- source: https://arstechnica.com/information-technology/2022/01/safari-and-ios-bug-r… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 day, 15 hours

Linux Malware Sees 35% Growth During 2021

by Peter Reutemann

'The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. BleepingComputer reports: A Crowdstrike report looking into the attack data from 2021 summarizes the following: - In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020. - XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021. - Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one. - XorDDoS also had a notable year-over-year increase of 123%. [...] The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated. ' -- source: https://linux.slashdot.org/story/22/01/17/2239204 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 days, 10 hours

Why is Android 12 So Buggy?

by Peter Reutemann

'Android 12 is one of the platform's most ambitious updates in recent history, bringing a major design overhaul to every corner of the operating system. It has also been one of the rockiest Android OS launches in the past few years. From a report: Both Samsung and OnePlus paused the rollout of their stable Android 12-based updates amid reports of serious bugs. Google itself has addressed a laundry list of bug reports from Pixel 6 owners, just as it's trying to convince them it's finally figured out how to build a truly premium phone. What in the heck is going on? The short answer is that there are some unique complicating factors at play this year but also that Android is inherently a little bit messy -- that just comes with the territory when you're designing a delightful public park compared to Apple's walled garden. Despite a refreshed look and some appealing new high-end handsets, Android is still Android -- the good and the bad. To try and figure out what the heck is going on, we talked to Mishaal Rahman, former editor-in-chief of XDA Developers, who's well known for digging into Android codebases and discovering Google's secrets. Speaking to the Pixel 6 bugs in particular, Rahman guesses that it has a lot to do with the unusually large size of the update. "Many people have called it, myself included, the biggest OS update to Android since Android 5.0 Lollipop, and that was many years ago. There are just so many massive changes to the interface and to the feature set." He also suggests that Google's commitment to issue a new Android update every year can make things worse when it's trying to do so much, and the self-imposed one-year development cycle doesn't leave much wiggle room in the timeline. "They started immediately after Android 11 was released to the public -- and they have a hard cutoff date... After that, they just focus on fixing bugs." Delay any longer, and they'd risk bumping into next year's development cycle. It's also possible that the attempt to bring timely Android updates to non-Google devices wound up backfiring. Android phone owners have been asking for faster updates for a long time -- outside of Google's Pixel phones and pricey flagships, many devices face long waits for OS updates. Sure enough, the updates have come faster this year. Case in point: Samsung users are accustomed to waiting about three months after an Android stable release to get their finished One UI update with the new version of the OS, but this year, One UI 4.0 arrived just one and a half months after Android 12. But the way things have gone this year, many users would likely have opted for a slower, stable update rather than a fast one riddled with bugs.' -- source: https://mobile.slashdot.org/story/22/01/17/2026239 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 days, 15 hours

AGM next week

by Peter Reutemann

Hi everyone We have our AGM coming up on Monday next week, with the following agenda: - President's Report - Treasurer's Report - Election of 2022 Committee - General business - Consumption of pizza (if applicable) However, I'm not sure whether we have a meeting room, as I'm still waiting on the confirmation whether we get our room sponsored or not for the year (head of CMS was on holiday till today). And if we should get it sponsored, then I need to sort out the room booking (which will take time, too). Worst case scenario: it will be an online only one via BigBlueButton. Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 days, 11 hours

EFF praises Android’s new 2G kill switch, wants Apple to follow suit

by Peter Reutemann

'The Electronic Frontier Foundation is celebrating Google's addition of a 2G kill switch to Android 12. The digital rights group has been campaigning against the dated, insecure 2G cellular standard since 2020, and Android is the first mobile OS to take the group's advice and let users completely disable 2G. In the US, carriers shut down 2G years ago, and the 3G shutdown is already underway. Phones have not really gotten the message, though, and modems still try to connect to any nearby 2G signals automatically. The problem is that 2G is very old, and it's a lot like connecting to a WEP-secured Wi-Fi hotspot—the security is obsolete, so it's easy to crack. If you're in a country where legitimate uses of 2G are long dead, the standard only serves as an attack vector via fake cell phone towers, so why not just shut it off?' -- source: https://arstechnica.com/gadgets/2022/01/eff-praises-androids-new-2g-kill-sw… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 days, 15 hours

Russia says it has neutralized the cutthroat REvil ransomware gang

by Peter Reutemann

'Russian law enforcement authorities said on Friday that they have arrested 14 people associated with REvil, a top ransomware group that has disrupted critical operations of wealthy targets and held their data hostage. The action, carried out by Russia’s FSB, the successor agency to the KGB, is a rare example of the country’s government cracking down on cybercrime by its citizens. The US and Russia have no extradition treaty in place, and critics have said the Kremlin routinely harbors cybercriminals as long as they don’t target organizations located in the former Soviet Union. The arrests come as tensions between Russia and the US escalate over a standoff involving Ukraine.' -- source: https://arstechnica.com/information-technology/2022/01/russia-says-it-has-n… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 days, 15 hours

Backdoor RAT for Windows, macOS, and Linux went undetected until now

by Peter Reutemann

'Researchers have uncovered a never-before-seen backdoor malware written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines. Researchers from security firm Intezer said they discovered SysJoker—the name they gave the backdoor malware—on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform RAT—short for remote access trojan—was unleashed in the second half of last year. The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for one specific operating system. The RAT was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.' -- source: https://arstechnica.com/information-technology/2022/01/backdoor-for-windows… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 days, 15 hours

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug