As of today, Bassel (Safadi) Khartabil has been detained by the Syrian government for 943 days. For those of you who may not be aware…
Posts published in “News”
Now that a working exploit of the USB vulnerability that’s baked-in to the USB standard has been released, it might be a prudent move to no longer employ any USB devices that aren’t already under your control until this situation has been fixed.
The exploit was first made public two months ago at the Black Hat conference in Las Vegas when Karsten Nohl and Jakob Lell of Berlin based Security Research Labs (SRL) demonstrated an attack they called BadUSB to a standing-room-only crowd.
Editor’s note: This article was updated 9/4/2014 at 5:15 p.m. EDT to include latest update from Tux Machines publisher.
The DDOS attack that has rendered the popular Linux site Tux Machines virtually unreachable for nearly two weeks, now seems to be affecting sister site TechRights. Roy Schestowitz, publisher of both sites, told FOSS Force that the attack on TechRights began at about one o’clock Friday afternoon GMT.
“…an hour ago I got some automatic reports and some messages from readers saying that Tech Rights had gone offline,” he said. “I then checked logs, grepped on ‘NT’ (all the zombies are [running different versions of] NT), and saw pretty much the same pattern as on Tux Machines.”
As of eleven o’clock this evening EDT, both site were reachable from FOSS Force’s offices in North Carolina, but we’ve been unable to determine if this is because the attacks have ended or if this is only a temporary reprieve.
Editor’s note: This article was updated on 9/29/14 at approx. 5:30 p.m. to include update from Tux Machines publisher Roy Schestowitz.
Since sometime last week the popular Linux site Tux Machines has been under an apparent distributed denial-of-service (DDOS) attack. For the last several days, those trying to visit the site have been redirected to Tech Rights, another site operated by Roy Schestowitz, the owner of Tux Machines, to a post dated Saturday by Schestowitz which reads:
“Windows botnets have been hammering on Tux Machines for nearly a week. It got a lot of worse yesterday and the site became unaccessible much of the time. We don’t know who the attacker is and what the motivations are, but in the mean time the site can be read via the RSS feed. The RSS feed links to all the latest news and the pages ought to work as usual. We apologise for this issue and we are working hard to find a permanent solution.”
Patches are available to fix the bash vulnerability known as Shellshock, along with three additional security issues recently found in the bash shell. The patches are available for all major Linux distros as well as for Solaris, with the patches being distributed through the various distros.
After the patch is applied, there are a couple of commands that can be run from a terminal to ascertain that a system is no longer vulnerable. For details, see the article Steven J. Vaughan-Nichols has written for ZDNet. As yet, there is no patch available for OS X, although Apple says that one is on the way, while assuring its users that Mac systems aren’t vulnerable except for the most advanced users.
The good news about all this is that it demonstrates how quickly the Linux community can get the word out and then rally to engineer a solution when a security problem is discovered. The bad news is that not all Linux users listen. Too many users believe that the security features that are baked into Linux offer complete protection, no matter what. Unfortunately, that’s not the case. It never was, nor can it ever be.
My friend Andrew Wyatt, who spent time some years back as the founder and lead developer of the Fuduntu Linux distro, attempted to address this fact recently in a comment to an article on FOSS Force:
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
The Hello World Program needs a few bucks to buy some new equipment to enable them to continue to keep on doing what they do. What they do is make videos that teach Linux and other computer tech subjects to kids, using sock puppets, robots and animation — sort of Kukla, Fran and Ollie for the 21st century. Or Shari Lewis and Lamb Chop in color and high def.
They don’t need much. $2,048 by their estimation will do just fine — a mere drop in the bucket in the overall scheme of things. They’ve been on Indiegogo since last Wednesday, where they’re making their case.
They’re already a third of the way there, with $680 raised so far. But crowdfunding campaigns sometimes stall after getting off to a good start. It happens — ask Mark Shuttleworth. It’s not time to relax yet.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Jeff Hoogland, the lead developer of Bodhi Linux, said in a blog post on Friday that “for a variety of reasons,” he is stepping down from the leadership of his “labor of love.”
Bodhi Linux, based on Ubuntu, is a lightweight distro leveraging the Enlightenment Desktop. A note on the Bodhi Linux web page says, “We regret to inform you Bodhi Linux is no longer being maintained,” and has a link to Hoogland’s blog page.
Internet users spoke loudly, firmly, and in no uncertain terms on Wednesday in sending a message of overwhelming support for net neutrality protections during the Internet Slowdown campaign.
Tech companies, websites, public interest organizations and more than a million users joined forces to bring the message of net neutrality forward by posting icons and links on their sites symbolically representing a slow-loading Internet, and by directing those clicking on the links to messages to Congress, the White House and the Federal Communications Commission.
“The numbers tell the story: People everywhere are using the Internet to save the Internet from phone and cable companies,” said Evan Greer, director of Fight for the Future. “We’ve shown that the best way to fight these powerful special interests in Washington is through mass action by people from outside Washington. The FCC and Congress can no longer dismiss the overwhelming consensus of public support for real Net Neutrality protections.”
Wednesday’s Internet Slowdown action generated just over 300,000 calls and nearly 2.2 million emails to Congress by Thursday afternoon. Facebook shares of the spinning “loading” icon topped 1.1 million. In addition, 722,364 filed comments Wednesday at the Federal Communications Commission, bringing the total number of comments since March 1 to 7.7 million.
Now we know he walked and wasn’t pushed.
Back on August 27 when Red Hat announced that CTO Brian Stevens had left the building and was no longer in their employ, rumors began flying as people began to wonder what happened. His resignation came without warning and Red Hat wasn’t forthcoming with anything, other than a terse message wishing him well, so it’s only natural that some people began to suspect that some kind of shakeup was in play. Indeed, I was pretty sure that he hadn’t left voluntarily but had been pushed through the door.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Appearances can be deceiving, and in this particular case, they can make a very poignant statement. To illustrate the point of the “fast lane/slow lane”…