Articles about Linux

Google, photo by lightpoet via Shutterstock

Google reveals its servers all contain custom security silicon

Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so …
Simon Sharwood, 16 Jan 2017
Portal for the Apple II

Putting the 'Port' in Portal: Old-school fan brings game to Apple II

Videos What do you get when you cross a 10-year-old game with a 40-year-old computer? The weekend at El Reg. Vince Weaver, an assistant professor of computer engineering at the University of Maine, used his winter holiday to write a port of the beloved puzzle-driven snarkfest Portal for the Apple II. "My wife got me the original …
Shaun Nichols, 14 Jan 2017
D-Wave chip

D-Wave goes public with open-source quantum-classical hybrid software

Want to fool around with some quantum-ish computing? D-Wave has open sourced a software tool that prepares optimisation problems to run on its hardware. You can think of the software, qbsolv, as a D-Wave-specific compiler: in the white paper it's posted along with the tool at GitHub, the company's Michael Booth, Steven …
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017
GTA V in game at 4K

Train your self-driving car AI in Grand Theft Auto V – what could possibly go wrong?

Developers building self-driving cars can now take their AI agents for a spin in the simulated open world of Grand Theft Auto V – via OpenAI’s machine-learning playground, Universe. The open-source MIT-licensed code gluing GTA V to Universe is maintained by Craig Quiter, who works for Otto – the Uber-owned startup that …
Katyanna Quach, 12 Jan 2017
Runner photo via Shutterstock

Oi, Mint 18.1! KEEP UP! Ubuntu LTS love breeds a laggard

The Linux Mint project dropped a last-minute gift during the Christmas period – Mint 18.1. Mint 18.1 builds on the same Ubuntu LTS release base as Mint 18.0, the result being a smooth upgrade path for 18.0 users and the relative stability of Ubuntu's latest LTS effort, 16.04. In keeping with Ubuntu's LTS releases, Mint isn't …
Gavin Clarke, 12 Jan 2017
Shock

It's now 2017, and your Windows PC can still be pwned by a Word file

Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious …
Shaun Nichols, 10 Jan 2017
Blocks balanced photo via Shutterstock

Rackspace enters tipping-point year with newly minted sales chief

Rackspace support manager Jeff Cotten was Tuesday named company president, halving the workload of the now single-jobbed chief executive Taylor Rhodes. Newly private Rackspace has promised more professional services in support of public clouds and VMware as it enters a tipping point year. Cotten, with Rackspace for eight …
Gavin Clarke, 10 Jan 2017

Fedora 25: You've got that Wayland feelin', oh, that Wayland feelin'

Fedora 25 is the first of the major Linux distros to employ the Wayland graphics stack by default. Wayland is one of the biggest low-level changes to hit Linux distros in recent memory and what's most remarkable at least when it comes to Fedora 25 is the move is almost totally transparent. Provided your graphics card is …
typewriter_wtf_648

Insane blackhats behind world's most expensive ransomware 'forget' to backup crypto keys

Variants of the KillDisk data wiping malware, famous for nuking computers in Ukrainian energy utilities, is now being used in possibly the world's most expensive ransom attacks. Attackers are targeting Windows and Linux desktops and servers and demanding a laughable 222 bitcoins (right now US$247,000) for the data to be …
Darren Pauli, 06 Jan 2017
android_toys_648

Android tops 2016 vuln list, with 523 bugs

Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list. The analysis is limited by the fact that only vulnerabilities passing through Mitre's Common Vulnerabilities and Exposures (CVE) database are counted. That's a statistically worthwhile …
LInux nutella

Ridiculously small Linux build lands with ridiculously few swears

The latest Linux 4.10-rc2 build nearly didn't happen because L-triptophaniac developers were Christmassing, but Linus Torvalds decided to set it free as a New Year treat. Explaining the build, Torvalds wrote that “rc2 is ridiculously and unrealistically small. I almost decided to skip rc2 entirely, but a small little …
Trump with flag photo via Shutterstock

A vintage year for snoopers and big state-ists

Year in Review If 2016 proved anything, it proved the existence of the law of unintended consequences making this a miserable year for lovers of liberty and privacy. A vote by the British electorate to secede from the European Union in June led to former Home Secretary Theresa May becoming Prime Minister — to the fright of many who had …
Robot hand human skull photo via Shutterstock

2016: The Rise of the Intelligent (cloud) Machines

Review of 2016 Blame Mark Zuckerberg. Not for the election of Donald Trump as US president, but for Artificial Intelligence becoming the trend du jour in enterprise tech circles in 2016. Back in those now forgotten days of January, before The Great Inversion of 2016, Zuckerberg was surely kicking his heels when he set himself that “personal …
Gavin Clarke, 25 Dec 2016
Artist's impression of Earth-Like worlds. Pic: NASA, ESA, and G. Bacon (STScI)

2016 just got a tiny bit longer. Gee, thanks, time lords

Most people are over 2016 - although god knows what next year has in store. But unfortunately they'll have to endure it bit longer: one second longer to be precise. This year the National Physical Laboratory (NPL) will insert the leap second before midnight, in order to keep the timescale based on atomic clocks in sync with …
Kat Hall, 23 Dec 2016
router

Peace comes to troubled embedded-Linux-for-routers community

In May 2016, disgruntled developers of the embedded-Linux-for-routers distribution OpenWRT forked the project and headed off to do their own thing. The Linux Embedded Development Environment – LEDE – project felt that OpenWRT was heading in the wrong direction and lacked engagement with the wider developer community. Now, in …
Simon Sharwood, 23 Dec 2016

Who's been naughty and nice in IT storage – over to you, Gartner-claus

Just another sweet week in storage with a blitz of news candy covering archiving, flash arrays, compression and removable disk backup. Mimecast has topped Gartner's enterprise information archiving magic quadrant. It is some way ahead of Microsoft, Proofpoint, Global Relay, Veritas and Smarsh in what looks like a product space …
Chris Mellor, 22 Dec 2016
Google bikes outside Google HQ. Photo by Randy Miramontez/Shutterstock - for editorial use only.

'Twas Brillo but then Android Things, which watched as Google Weaved its Nest

Comment Google has launched the developer preview of Android Things, updating and rebranding the Brillo IoT operating system which was unveiled over a year ago. Designed for medium-complexity devices, like home hubs, thermostats, and security cameras, the stripped-down version of Android has had zero success in the market. The new …
Wireless Watch, 22 Dec 2016
Surpised man mobile phone photo by Shutterstock

Windows 10 nags, Dirty Cow, Microsoft's Linux man love: The Reg's big ones for 2016

Systems got bigger and more removed from ordinary mortals during 2016 as West Coast tech firms centralised more and more computing on server farms. Google, Facebook and Microsoft wanted us to slap on virtual reality goggles and ask artificial intelligences to serve our voice-activated commands. Cars, lorries and taxis minus …
Gavin Clarke, 22 Dec 2016
Firefox logo

Firefox to give all extensions their own process in January

The Mozilla Foundation has outlined plans to add more multi-process features to its Firefox browser. Firefox has had limited multi-process capabilities since version 48, when they were added to enhance security and stability. This is basically a sandboxing play: Firefox's developers feel that if the core browser, each tab and …
Simon Sharwood, 22 Dec 2016

Gluster techie shows off 'MySQL of object storage' Minio projects

Backgrounder Minio and its µServer were first described by El Reg in December a year ago. Now we have had a closer look, courtesy of a press tour to Silicon Valley earlier this month. The basic product comes as three software items: Open source µServer Open Source Client Software development kit The µServer is a lightweight piece of …
Chris Mellor, 21 Dec 2016

Name's BOND, JBOND: Igneous's ARM strap-on is for your drives only

Analysis You wait for a bus for ages, and then two come along at once. Two data-transfer buses. Something like that. Both OpenIO and Igneous have launched plug-on ARM server cards for storage drives: these single-board computers each snap onto a hard drive to form nano-servers that are organized into a grid of object storage nodes. …
Chris Mellor, 21 Dec 2016
Xen project logo

Qualcomm joins Xen Project Advisory Board

Qualcomm has joined the Xen Project's Advisory Board, the group of companies “committed to the market and technical success of the Xen Project” and who “provide financial support, technical contributions, and set high-level policy decisions.” And it's done so “to accelerate ARM-server and hyperscale cloud development, …
Simon Sharwood, 20 Dec 2016
Arcady http://www.shutterstock.com/gallery-450076p1.html

Oi! Linux users! Want some really insecure closed-source software?

Back in August Adobe reversed its decision to stop offering an NPAPI Flash plugin for Linux and promised that version 23 would come Penguinistas' way real soon now. At the time the decision was greeted with surprise, because Adobe had not thought to update Flash for Linux since 2012's version 11.2. But the company decided that …
Simon Sharwood, 20 Dec 2016
iot_internet_of_things

Why don't people secure their IoT gadgets? 'It's not my problem'

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices. Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update …
Thomas Claburn, 20 Dec 2016
Kirk and Spock fight

Startup grind is over: Now Primary Data must compete with storage giants

Analysis Startups arrive with fanfares of new tech and product surprise and then face the long grind to grow their business to newsworthy market status while adding bells and whistles to the basic product. Getting the first product out of the door is a validation of all the technology trend analysis and development struggle involved in …
Chris Mellor, 19 Dec 2016
Chris Morris in Brass Eye. Channel 4

'Upset' Linus Torvalds gets sweary and gets results

Linus Torvalds has unleashed a little ripe language on the Linux Kernel Mailing List, and quickly got results for having done so. “This piece-of-shit branch has obviously never been even compile-tested”, Torvalds wrote after receiving a pull request for some fixes to the KVM hypervisor that it was hoped might make it into …
Simon Sharwood, 19 Dec 2016
The Soyuz blasts off from Baikonur

Check your privilege: CoreOS's container tech rkt gets priv-escalation defense on Intel chips

CoreOS's Linux container manager rkt – pronounced "rock-it" for those willing to pay for a few vowels – can now defend against privilege escalation attacks on virtual machines hosting Intel Clear Containers. Clear Containers, launched last year, represents Intel's effort to combine the isolation provided by virtual machines …
Thomas Claburn, 16 Dec 2016

Macbook seized or stolen? But you've set a FileVault password, right? Ha, it's useless

Until earlier this week, Apple's FileVault 2 disk encryption could be defeated in the time it takes to reboot a Mac, given a few hundred dollars in hardware and physical access to the computer. Apple on its website claims that FileVault 2 uses "XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to …
Thomas Claburn, 16 Dec 2016
Tavis Ormandy's Symantec exploit

Dear hackers, Ubuntu's app crash reporter will happily execute your evil code on a victim's box

Users and administrators of Ubuntu Linux desktops are being advised to patch their systems following the disclosure of serious security flaws. Researcher Donncha O'Cearbhaill, who discovered and privately reported the vulnerabilities to the Ubuntu team, said that a successful exploit of the bugs could allow an attacker to …
Shaun Nichols, 15 Dec 2016
Top Gun

Red Hat feels the need – the need for OpenStack speed

Red Hat’s released its dual-support mode OpenStack Platform 10, for rapid cloud adoption. The branded OpenStack box continues Red Hat’s drive to reduce the headache of installing and running the open-source cloud for those of us who are not rocket scientists. But OpenStack Platform 10 also accompanies a shift in build, …
Gavin Clarke, 15 Dec 2016
Docker CTO Solomon Hykes

Docker opens up crucial container plumbing code cunningly disguised as 'boring infrastructure'

Docker on Wednesday plans offer the open source community a "boring infrastructure" component that nonetheless should excite those focused on software-based containers and benefit the blissfully unaware masses. The container software maker intends to release the source code of containerd, a core container runtime, so that it …
Thomas Claburn, 14 Dec 2016
How the Veeam Linux backup agent does its funky thang

Riddle me this: What's green and freezes cloudy penguins?

Veeam has given the world a Linux Backup Agent. It's a backup tool so you know what it does, namely give you the ability to create copies of files, volumes or whole computers and put them in a safe place where you can get your hands on them should things go awry. The agent integrates with Veeam Backup & Replication, so you …
Simon Sharwood, 14 Dec 2016

Reschedule the holiday party, Patch Tuesday is here and it's a big one

Security patches for Windows, macOS, iOS and other Apple firmware, and a host of Adobe products, were emitted this week. The final scheduled patch dump of the year sees Microsoft deliver fixes for multiple products, while Apple has security updates for iOS, macOS, Safari, and iTunes, and Adobe patches nine products including …
Shaun Nichols, 14 Dec 2016

Is your Windows 10, 8 PC falling off the 'net? Microsoft doesn't care

Updated With more and more Windows 10 users losing internet and network connectivity – thanks to a dodgy software update that broke DHCP – you'd have thought Redmond would be on the ball with a cunning fix. Sadly not: the only official advice is to go away and reboot your PC. “Some customers have reported difficulties connecting to …
Iain Thomson, 13 Dec 2016

Meet Hyper.is – the terminal written in HTML, JS and CSS

Zeit, a San Francisco-based software startup, has released the 1.0 version of Hyper, a terminal emulator written in JavaScript, HTML, and CSS. Why? Well, why not? Hyper is based on Electron, an open source framework for creating cross-platform desktop applications using HTML and JS. Developed by GitHub for its Atom text …
Thomas Claburn, 13 Dec 2016
Image by Danomyte http://www.shutterstock.com/gallery-256714p1.html

P0wnographer finds remote code exec bug in McAfee enterprise

McAfee has taken six months to patch 10 critical vulnerabilities in its VirusScan Enterprise Linux client. And these were nasty bugs as when chained they resulted remote code execution as root. Andrew Fasano, security researcher with MIT Lincoln Laboratory, says attackers can chain the flaws to compromise McAfee Linux clients …
Darren Pauli, 13 Dec 2016
A frustrated woman

US-CERT's top tip: Hack your crap Netgear router before miscreants arrive

Owners of three models of Netgear routers are being advised to exploit a security hole in their broadband boxes to, er, temporarily close said hole. The alternative is to switch off the boxes until a firmware update lands. Netgear says that the R6400, R7000, and R8000 series routers are all vulnerable to CVE-2016-582384, a …
Shaun Nichols, 13 Dec 2016

CoreOS debuts 'self-driving' Kubernetes

CoreOS, maker of a minimalist version of Linux and software for containers, has made Tectonic, its Kubernetes management application, capable of automatically updating K8s clusters. It also made Tectonic free for up to 10 nodes. Previously the software had to be acquired through contact with the company's sales department. Now …
Thomas Claburn, 12 Dec 2016

Linus Torvalds releases 'biggest ever' Linux 4.9, then saves Christmas

Linux overlord Linus Torvalds has released Linux 4.9. “I'm pretty sure this is the biggest release we've ever had, at least in number of commits,” Torvalds writes on the Linux Kernel Mailing List. “If you look at the number of lines changed, we've had bigger releases in the past, but they have tended to be due to specific …
Simon Sharwood, 11 Dec 2016
Image by infografick https://www.shutterstock.com/g/infografick

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on giving

A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated. The vulnerability (CVE-2015-7645) patched in October last year was the first zero day since Adobe implemented more hardened security. It was also the most pervasive among the …
Darren Pauli, 08 Dec 2016
Vulnerability

AMD virty encryption not quite there, claim boffins

Updated A couple of German boffins have taken a good look at AMD's Secure Encrypted Virtualization (SEV), and don't like what they see. As AMD's Brijesh Singh explained to the Linux driver project mailing list in April, SEV extends the AMD-V architecture when multiple VMs are running under a hypervisor: “SEV hardware tags all code and …
A brick tunnel

Santa says you've been nice kids: OpenVPN to get security audit

Johns Hopkins University crypto professor Dr Matthew Green is to lead a security audit of OpenVPN 2.4. The open source VPN project, published at GitHub, has been compiled for everything from Solaris to Windows, passing various Linux and BSD distributions along the way (including OSX); Windows and Android (and jailbroken iOSs …

Sigh... 'Hundreds of thousands' of... sigh, web CCTV cams still at risk of... sigh, hijacking

Vid Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched. So say researchers with Cybereason, who claim a pair of high-profile vulnerabilities they spotted in surveillance cams two years ago have been completely …
Shaun Nichols, 07 Dec 2016

Don't have a Dirty COW, man: Android gets full kernel hijack patch

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability. The December 2016 update covers a total of 74 CVE-listed security vulnerabilities in Android devices. These fixes should be landing on Nexus handsets devices very soon, if not already, and installed as soon as …
Shaun Nichols, 07 Dec 2016

What can we use to hit Intel between the eyes, thinks Qualcomm – a 10nm ARM server chip

Qualcomm says it has started shipping to customers samples of the Centriq 2400, its 10nm 64-bit ARMv8-A general-purpose server-grade system-on-chip. The mobile chip designer, based in San Diego, California, has recruited engineers from AMD, Intel and Broadcom, as well as tapped its internal pool of techies, to work on the …
Chris Williams, 07 Dec 2016

Russia's bid for mobile self-sufficiency may be the saviour of Sailfish

Comment The quest for freedom from US technologies and patent fees has been a persistent theme in China and has helped shape the new mobile landscape, in which Baidu and Alibaba, not Google and Amazon, dominate the user experience. Less is heard about another massive market, Russia, but here too, the push for technology self-sufficiency …
Wireless Watch, 07 Dec 2016

In the three years since IETF said pervasive monitoring is an attack, what's changed?

Feature After three years of work on making the Internet more secure, the Internet Engineering Task Force (IETF) still faces bottlenecks: ordinary peoples' perception of risk, sysadmins worried about how to manage encrypted networks, and – more even than state snooping – an advertising-heavy 'net business model that relies on collecting …
Command line icon

Linus Torvalds finds 163 reasons to wait a week for a new Linux

Linus Torvalds told the world that if it wanted a new Linux he needed a quiet week. But he didn't get it and now the world has an eighth release candidate of Linux 4.9 to consider. The Linux Lord's weekly what's up with Linux post says “things haven't been bad, but it also hasn't been the complete quiet that would have made me …
Simon Sharwood, 05 Dec 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates. The command line interface bypasses BitLocker and permits access to local drives simply by tapping the Shift and F10 keys. BitLocker …
Darren Pauli, 01 Dec 2016