- wlug - University of Waikato Mail Lists

Chrome 88 Released, Removing Adobe Flash -- and FTP

by Peter Reutemann

'Google released Chrome 88 this week — and besides improving its dark mode support, they removed support for both Adobe Flash and FTP. PC World calls it "the end of two eras." The most noteworthy change in this update is what's not included. Chrome 88 lays Adobe Flash and the FTP protocol to rest. RIP circa-2000 Internet. Neither comes as a surprise, though it's poetic that they're being buried together. Adobe halted Flash Player downloads at the end of 2020, making good on a promise made years before, and began blocking Flash content altogether a couple weeks later. Removing Flash from Chrome 88 is just Google's way of flushing the toilet. On the other hand, FTP isn't dead, but it is now for Chrome users. The File Transport Protocol has helped users send files across the Internet for decades, but in an era of prolific cloud storage services and other sharing methods, its use has waned. Google started slowly disabling FTP support in Chrome 86, per ZDNet, and now you'll no longer be able to access FTP links in the browser. Look for standalone FTP software instead if you need it, such as FileZilla. That's not all. Mac users should be aware that Chrome 88 drops support for OS X 10.10 (OS X Yosemite). Yosemite released in 2014 and received its last update in 2017... But Google killing Flash and FTP might be the footnotes that hit old-school web users in the feels. Chrome 88 will also block non-encrypted downloads originating from an encrypted page, the article reports. And the Verge notes Chrome also offers less intrusive website permission requests (as an experimental feature enabled from chrome://flags/#permission-chip ), while Bleeping Computer describes Chrome 88's new experimental feature for searching through all your open tabs. And Chrome's blog points out some additional features under the hood: Chrome 88 will heavily throttle chained JavaScript timers for hidden pages in particular conditions. This will reduce CPU usage, which will also reduce battery usage. There are some edge cases where this will change behavior, but timers are often used where a different API would be more efficient, and more reliable.' -- source: https://slashdot.org/story/21/01/23/2018224 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 hours, 58 minutes

1
0
0 0

Why AWS Is Forking Elasticsearch and Kibana

by Peter Reutemann

'Steven J. Vaughan-Nichols writes at ZDNet: When Elastic, makers of the open-source search and analytic engine Elasticsearch, went after Amazon Web Services (AWS) by changing its license from the open-source Apache 2.0-license ALv2) to the non-open-source friendly Server Side Public License, I predicted "we'd soon see AWS-sponsored Elasticsearch and Kibana forks." The next day, AWS tweeted it "will launch new forks of both Elasticsearch and Kibana based on the latest Apache 2.0 licensed codebases." Well, that didn't take long! In a blog post, AWS explained that since Elastic is no longer making its search and analytic engine Elasticsearch and its companion data visualization dashboard Kibana available as open source, AWS is taking action. "In order to ensure open source versions of both packages remain available and well supported, including in our own offerings, we are announcing today that AWS will step up to create and maintain an ALv2-licensed fork of open-source Elasticsearch and Kibana.... AWS brings years of experience working with these codebases, as well as making upstream code contributions to both Elasticsearch and Apache Lucene, the core search library that Elasticsearch is built on — with more than 230 Lucene contributions in 2020 alone... We're in this for the long haul, and will work in a way that fosters healthy and sustainable open source practices — including implementing shared project governance with a community of contributors..." Yet another company, Logz.io, a cloud-monitoring company, and some partners have announced that it will launch a "true" open source distribution for Elasticsearch and Kibana.' -- source: https://news.slashdot.org/story/21/01/23/0245229 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 hours, 59 minutes

1
0
0 0

Brad Cox, Creator of Objective-C Programming Language, Dies At 76

by Peter Reutemann

'We have learned that Brad Cox, computer scientist known mostly for creating the Objective-C programming language with his business partner Tom Love, died on January 2, 2021 at his residence. He was 76. From a Legacy.com post: Brad was born on May 2, 1944 in Fort Benning, Georgia, to the late Nancy Hinson Cox and Dewey McBride Cox of Lake City, South Carolina. Brad grew up on the family's dairy farm in South Carolina but found himself most interested in science. After graduating from Lake City High School, he received his Bachelor of Science Degree in Organic Chemistry and Mathematics from Furman University, and his Ph.D. from the Department of Mathematical Biology at the University of Chicago, and worked on an early form of neural networks. He soon found himself more interested in computers and got a job at International Telephone and Telegraph (ITT) and later joined Schlumbeger -- Doll Research Labs, and ultimately formed his own Connecticut startup, Productivity Products International (PPI) later named Stepstone. Among his first known software projects, he wrote a PDP-8 program for simulating clusters of neurons. He worked at the National Institutes of Health and Woods Hole Oceanographic Institute before moving into the software profession. Dr. Cox was an entrepreneur, having founded the Stepstone Company together with Tom Love for releasing the first Objective-C implementation. Stepstone hoped to sell "ICPaks" and Dr. Cox focused on building his ICPak libraries and hired a team to continue work on Objective-C, including Steve Naroff. The late Steve Jobs', NeXT, licensed the Objective-C language for it's new operating system, NEXTSTEP. NeXT eventually acquired Objective- C from Stepstone. Objective-C continued to be the primary programming language for writing software for Apple's OS X and iOS. ' -- source: https://developers.slashdot.org/story/21/01/23/0446216 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

12 hours, 14 minutes

2
1
0 0

DDoSers are abusing Microsoft RDP to make attacks more powerful

by Peter Reutemann

'DDoS-for-hire services are abusing the Microsoft Remote Desktop Protocol to increase the firepower of distributed denial-of-service attacks that paralyze websites and other online services, a security firm said this week. Typically abbreviated as RDP, Remote Desktop Protocol is the underpinning for a Microsoft Windows feature that allows one device to log into another device over the Internet. RDP is mostly used by businesses to save employees the cost or hassle of having to be physically present when accessing a computer. As is typical with many authenticated systems, RDP responds to login requests with a much longer sequence of bits that establish a connection between the two parties. So-called booter/stresser services, which for a fee will bombard Internet addresses with enough data to take them offline, have recently embraced RDP as a means to amplify their attacks, security firm Netscout said. The amplification allows attackers with only modest resources to strengthen the size of the data they direct at targets. The technique works by bouncing a relatively small amount of data at the amplifying service, which in turn reflects a much larger amount of data at the final target. With an amplification factor of 85.9 to 1, 10 gigabytes-per-second of requests directed at an RDP server will deliver roughly 860Gbps to the target. “Observed attack sizes range from ~20 Gbps – ~750 Gbps,” Netscout researchers wrote. “As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, RDP reflection/amplification has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population.”' -- source: https://arstechnica.com/information-technology/2021/01/ddosers-are-abusing-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

15 hours, 19 minutes

1
0
0 0

How DNSpooq Attacks Could Poison DNS Cache Records

by Peter Reutemann

'Earlier this week security experts disclosed details on seven vulnerabilities impacting Dnsmasq, "a popular DNS software package that is commonly deployed in networking equipment, such as routers and access points," reports ZDNet. "The vulnerabilities tracked as DNSpooq, impact Dnsmasq, a DNS forwarding client for *NIX-based operating systems." Slashdot reader Joe2020 shared Help Net Security's quote from Shlomi Oberman, CEO and researcher at JSOF. "Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it is used a lot, Red Hat use it as part of their virtualization platforms, Google uses it for Android hotspots (and maybe other things), while, for example Ubuntu just has it as an optional package." More from ZDNet: Dnsmasq is usually included inside the firmware of various networking devices to provide DNS forwarding capabilities by taking DNS requests made by local users, forwarding the request to an upstream DNS server, and then caching the results once they arrive, making the same results readily available for other clients without needing to make a new DNS query upstream. While their role seems banal and insignificant, they play a crucial role in accelerating internet speeds by avoiding recursive traffic... Today, the DNSpooq software has made its way in millions of devices sold worldwide [including] all sorts of networking gear like routers, access points, firewalls, and VPNs from companies like ZTE, Aruba, Redhat, Belden, Ubiquiti, D-Link, Huawei, Linksys, Zyxel, Juniper, Netgear, HPE, IBM, Siemens, Xiaomi, and others. The DNSpooq vulnerabilities, disclosed today by security experts from JSOF, are dangerous because they can be combined to poison DNS cache entries recorded by Dnsmasq servers. Poisoning DNS cache records is a big problem for network administrators because it allows attackers to redirect users to clones of legitimate websites... In total, seven DNSpooq vulnerabilities have been disclosed today. Four are buffer overflows in the Dnsmasq code that can lead to remote code execution scenarios, while the other three bugs allow DNS cache poisoning. On their own, the danger from each is limited, but researchers argue they can be combined to attack any device with older versions of the Dnsmasq software... The JSOF exec told ZDNet that his company has worked with both the Dnsmasq project author and multiple industry partners to make sure patches were made available to device vendors by Tuesday's public disclosure.' -- source: https://it.slashdot.org/story/21/01/23/0412253 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

15 hours, 25 minutes

1
0
0 0

Raspberry Pi Foundation Launches $4 Microcontroller With Custom Chip

by Peter Reutemann

'Meet the Raspberry Pi Pico, a tiny little microcontroller that lets you build hardware projects with some code running on the microcontroller. Even more interesting, the Raspberry Pi Foundation is using its own RP2040 chip, which means that the foundation is now making its own silicon. From a report: If you're not familiar with microcontrollers, those devices let you control other parts or other devices. You might think that you can already do this kind of stuff with a regular Raspberry Pi. But microcontrollers are specifically designed to interact with other things. They're cheap, they're small and they draw very little power. You can start developing your project with a breadboard to avoid soldering. You can pair it with a small battery and it can run for weeks or even months. Unlike computers, microcontrollers don't run traditional operating systems. Your code runs directly on the chip. Like other microcontrollers, the Raspberry Pi Pico has dozens of input and output pins on the sides of the device. Those pins are important as they act as the interface with other components. For instance, you can make your microcontroller interact with an LED light, get data from various sensors, show some information on a display, etc. The Raspberry Pi Pico uses the RP2040 chip. It has a dual-core Arm processor (running at 133MHz), 264KB of RAM, 26 GPIO pins including 3 analog inputs, a micro-USB port and a temperature sensor. It doesn't come with Wi-Fi or Bluetooth. And it costs $4.' -- source: https://hardware.slashdot.org/story/21/01/21/1258214 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 day, 11 hours

2
2
0 0

Google Threatens To Remove Search in Australia as Spat Escalates

by Peter Reutemann

'Google has threatened to disable its search engine in Australia if it's forced to pay local publishers for news, a dramatic escalation of a months-long standoff with the government. From a report: The proposed law, intended to compensate publishers for the value their stories generate for the company, is "unworkable," Mel Silva, managing director for Australia and New Zealand, told a parliamentary hearing Friday. She specifically opposed the requirement that Google pay media companies for displaying snippets of articles in search results. The threat is Google's most potent yet as the digital giant tries to stem a flow of regulatory action worldwide. At least 94% of online searches in Australia go through the Alphabet unit, according to the local competition regulator. "We don't respond to threats," Australia Prime Minister Scott Morrison said Friday. "Australia makes our rules for things you can do in Australia. That's done in our parliament. It's done by our government. And that's how things work here in Australia."' -- source: https://tech.slashdot.org/story/21/01/22/0339236 However, in related news: "Google Agrees To Pay French News Sites To Send Them Traffic" -- source: https://tech.slashdot.org/story/21/01/21/2316209 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 day, 16 hours

1
0
0 0

Alphabet Shuts Down Loon Internet Balloon Company

by Peter Reutemann

'Google's parent firm, Alphabet, is done exploring the idea of using a fleet of balloons to beam high-speed internet in remote parts of the world. From a report: The firm said on Thursday evening that it was winding down Loon, a nine-year-old project and a two-and-a-half-year-old spin off firm, after failing to find a sustainable business model and partners for one of its most prominent moonshot projects. The demise of Loon, which assumed spotlight after the project helped restore cell services knocked out by a hurricane in Puerto Rico, comes a year after the Android-maker ended Google Station, its other major connectivity effort to bring internet to the next billion users.' -- source: https://tech.slashdot.org/story/21/01/22/1418212 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 day, 16 hours

1
0
0 0

Intel Talks With TSMC, Samsung To Outsource Some Chip Production

by Peter Reutemann

'Intel has talked with TSMC and Samsung about the Asian companies making some of its best chips, but the Silicon Valley pioneer is still holding out hope for last-minute improvements in its own production capabilities. Bloomberg reports: After successive delays in its chip fabrication processes, Santa Clara, California-based Intel has yet to make a final decision less than two weeks ahead of a scheduled announcement of its plans, according to people familiar with the deliberations. Any components that Intel might source from Taiwan wouldn't come to market until 2023 at the earliest and would be based on established manufacturing processes already in use by other TSMC customers, said the people, asking not to be identified because the plans are private. Talks with Samsung, whose foundry capabilities trail TSMC's, are at a more preliminary stage, the people said. An Intel spokesperson referred to previous comments by Bob Swan, the company's chief executive officer. Swan has promised investors he'll set out his plans for outsourcing and get Intel's production technology back on track when the company reports earnings Jan. 21. [...] TSMC, the largest maker of semiconductors for other companies, is preparing to offer Intel chips manufactured using a 4-nanometer process, with initial testing using an older 5-nanometer process, according to the people. The company has said it will make test production of 4-nanometer chips available in the fourth quarter of 2021 and volume shipments the following year. The Taiwanese company expects to have a new facility in Baoshan operational by the end of this year, which can be converted to production for Intel if required, one of the people said. TSMC executives previously said the new Baoshan unit would house a research center with 8,000 engineers. While Intel has outsourced production of lower-end chips before, it has kept the manufacturing of its best semiconductors in-house, considering it a competitive strength. Its engineers have historically tailored their designs to the company's manufacturing processes, making a shift to outsourcing of flagship products unthinkable in the past. As the provider of 80% of personal computer and server processors globally, Intel produces hundreds of millions of chips each year. That scale dictates that any potential supplier must create new capacity to accommodate Intel.' -- source: https://hardware.slashdot.org/story/21/01/08/2215226 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 days, 3 hours

2
2
0 0

TinyPilot KVM Over IP

by Lawrence D'Oliveiro

Just been watching this review <https://www.youtube.com/watch?v=CyEpshm16HY> of the TinyPilot KVM-over-IP box. It’s purchasable from the maker’s website for US$300-plus, which is a fraction of the price of most other KVM-over-IP products. It’s built around a Raspberry π 4, using the camera adapter for HDMI in (no use made of the GPIO connector at all). Of course this means it can only support a connection to a single server machine. The source code is on GitHub if you want to build that yourself. The base product offers insecure HTTP-only access; if you want HTTPS, you have to pay extra for the TinyPilot Pro software licence. For comparison, some reader comments mention an alternative “PiKVM” product -- has anyone heard of this?

2 days, 3 hours

2
1
0 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug