Debian Security   [more] [xml]
 2015-11-26 DSA-3407 dpkg - security update

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.

 2015-11-25 DSA-3406 nspr - security update

It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.

 2015-11-25 DSA-3405 smokeping - security update

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.

Debian Wiki   [more] [xml]
 2015-11-29T06:44:18Z InstallingDebianOn/MSI/GS40/stretch
 2015-11-29T01:43:32Z Mobile
wpinternals is proprietary
 2015-11-28T22:58:48Z Teams/Mirrors   [more] [xml]
 Sat, 28 Nov 2015 14:00:00 -0800 A hitchhikers guide to troubleshooting linux memory usage

 techarena51: This post will hopefully show you how to troubleshoot or at least find out the amount of memory used by Linux and an application running on it

 Sat, 28 Nov 2015 10:00:00 -0800 HowTo: Linux Check Password Strength With Cracklib-check Command

 nixcraft: Using the same password on different servers allows attackers to access your accounts if cracker manage to steal your password from a less secure server.

 Sat, 28 Nov 2015 06:00:00 -0800 Microsoft and Linux: True Romance or Toxic Love?

LinuxJournal: Common sense says that Microsoft and the FOSS movement should be perpetual enemies.

OSNews   [more] [xml]
 Fri, 27 Nov 2015 21:35:44 GMT Superfish 2.0: now Dell is breaking HTTPS
From the good women and men over at the EFF: Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a "man in the middle" attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites. Now it appears that Dell has done the same thing, shipping laptops pre-installed with an HTTPS root certificate issued by Dell, known as eDellRoot. The certificate could allow malicious software or an attacker to impersonate Google, your bank, or any other website. It could also allow an attacker to install malicious code that has a valid signature, bypassing Windows security controls. The security team for the Chrome browser appears to have already revoked the certificate. People can test if their computer is affected by the bogus certificate by following this link. Did you buy a Dell computer during your Black Friday shopping thing over there in the US? Might want to look it over before handing it your loved one. Alternatively, just buy a Mac and don't deal with this nonsense.
 Fri, 27 Nov 2015 21:31:58 GMT How the Atari ST almost had Real Unix
The latest problem I was working out was how to run Unix on the Atari ST. The Tramiels had somehow wrangled a license for AT&T's SVR-something-or-other version of Unix (might have been SVR3, but this was in the bad old days when AT&T was actively fucking up Unix, and it could have been just about any version, including SVR666). The license was for a mind boggling, nay, jaw-dropping ten bucks a seat. The problem was that the ST didn’t have any kind of memory management hardware, just a raw CPU flinging real addresses at naked DRAM, and the machine's cheap-ass vanilla 68000 was incapable of recovering from a fault unless you cheated. On a related note, there's MiNT.
 Wed, 25 Nov 2015 23:14:47 GMT The surprising complexity inside Apple's power adapter
Have you ever wondered what's inside your Macbook's charger? There's a lot more circuitry crammed into the compact power adapter than you'd expect, including a microprocessor. This charger teardown looks at the numerous components in the charger and explains how they work together to power your laptop. Fascinating little bit of technology you don't really pay much attention to.
 Wed, 25 Nov 2015 20:14:25 GMT Open letter to Jolla community: through the tough times
From the Jolla Blog: Many of you have been rightfully asking, where did our tablet money go? Below is an analysis of it in a simple graph. Big part of the tablet project went to Sailfish OS software development (more than 50% of project costs). As I have said in earlier blogs, hardware is the easy part, software is the king (and the beast). [...] Overall, as I also explained in a recent TechCrunch interview, the alternative OS is a really big and challenging agenda. But I still believe it is moving ahead, yet very slowly. The primary challenge for us is that our agenda might be somewhat forward leaning, and we need to wait until the world catches up with this vision that other OSs are heavily needed to create an alternative for Android. The interest for our agenda is just now emerging. I firmly believe that companies and consumers will soon realize that the world really needs options in mobile OSs. We've already had many interesting discussions with potential new partners about using Sailfish OS in their own projects. I'm looking forward to announcing the results of these talks soon. I wonder how the story would have been different if Sailfish OS were free software and had a strong community to aid in software development.
 Tue, 24 Nov 2015 17:57:22 GMT 'Microsoft's software is Malware'
Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) This page explains how Microsoft software is malware. Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa. It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some. Discuss.
 Tue, 24 Nov 2015 00:11:48 GMT Running a mainline kernel on a cellphone
One of the biggest freedoms associated with free software is the ability to replace a program with an updated or modified version. Even so, of the many millions of people using Linux-powered phones, few are able to run a mainline kernel on those phones, even if they have the technical skills to do the replacement. The sad fact is that no mainstream phone available runs mainline kernels. A session at the 2015 Kernel Summit, led by Rob Herring, explored this problem and what might be done to address it. This indeed a big problem, and I'm glad it's finally being picked up.
 Tue, 24 Nov 2015 00:06:58 GMT Android Studio 2.0 preview released
One the most requested features we receive is to make app builds and deployment faster in Android Studio. Today at the Android Developer Summit, we're announcing a preview of Android Studio 2.0 featuring Instant Run that will dramatically improve your development workflow. With Android Studio 2.0, we are also including a preview of a new GPU Profiler. Instant Run allows you to change the code of your program as it's running on your device or emulator, and if it indeed works as advertised, this should be a major boon for developers. TechCrunch claims Google's also improved the emulator in this release, and if there's one thing I know about programming for Android, it's that the emulator was absolutely terrible, so good to know they're working on it.
 Tue, 24 Nov 2015 00:00:40 GMT Breaking the fourth wall with Minecraft
Recently I started playing Minecraft, again. I find vanilla Minecraft somewhat boring, so I always look out for modpacks. After searching for new modpacks, I stumpled upon FTB Horizons: Daybreaker. Looking at the included mods list, OpenComputers caught my eye. As the name suggests, OpenComputers adds computers to Minecraft. Real computers! They are highly modular too. You can add peripherals, from monitors to keyboards and expansion cards that add capabilities such as graphics and network. They can also be programmed in Lua, in-game. Another type of card also exists, the Internet card which, as you can imagine, can communicate with the real-life Internet. Awesome. It never ceases to amaze me what can be done with Minecraft.
 Fri, 20 Nov 2015 23:40:13 GMT Lumia 950 reviews: too little, too late
The first reviews for Microsoft's latest flagship smartphones are coming in, the first device with Windows 10 for phones. This is going to be the big one, right? After several false starts and restarts, this was finally going to be it, everyone told us. The Verge: In the mobile world, Microsoft is way behind Google and Apple, and has what many would say is an insurmountable deficit to make up. It could have pulled out all of the stops and produced a phone that was visually impactful, wildly innovative, and truly riveting compared to anything else to make up lost ground. The Lumia 950 is, unfortunately, none of those things. Sure, Microsoft put some newer guts in it, and Windows 10 has some interesting features, but there's nothing really here that would drive anyone but the most die hard Windows fan to buy it. The WSJ: It feels like the Lumia 950 is a proof of concept that might help Microsoft get momentum for its new strategy. But I can't recommend buying a $600 proof of concept. For now, your phone stays... A phone. And Ars Technica: If the Lumia 950 were more keenly priced then it might be easier to get excited about it. Along with its bigger brother, it fills a glaring gap in the Lumia range and does at last offer an upgrade path. For Windows Phone fans (and I am one), this phone, or its bigger brother, is much needed and very welcome. But this is not a phone that is likely to win over new converts. It does its job, and it keeps the platform ticking over. The struggle to attract new users, however, remains. Way too little, way too late. Windows Phone is done.
 Fri, 20 Nov 2015 15:08:53 GMT Jolla files for debt restructuring
Jolla Ltd, the mobile company from Finland today announced that its latest financing round which aimed to end in November, has been postponed and the company needs to adjust its operations accordingly. At the same time the company has filed for a debt restructuring program in Finland, to ensure the continuity of its business. Jolla will also temporarily lay off a big part of its personnel. To anyone capable of basic pattern recognition, this does not come as a surprise. I doubt I'm getting my tablet, even though I backed it in the first hour of availability, but to be honest, I'm much more concerned about the people being "temporarily" laid off. These are all people who took an incredible risk to follow a dream, and I hope - despite the dire signs - Jolla pulls through and they can keep their jobs, or that they can easily and quickly find new jobs. Almost two years ago, I wrote in my Jolla review: Few devices have a history as complicated as the Jolla and Sailfish. The ten-year journey from the Nokia N770 to the Jolla was long, arduous, filled with focus shifts, mergers, and other complications. Like the nameless protagonist in The Last Resort, in order to step out of the shadows of the old world, Jolla had to leave Providence behind, traverse the Great Divide, cross the Rockies to reach the Malibu, and set sail across the Pacific to end up on the pearly white beaches of Lahaina. However, also just like the nameless protagonist, they found that the natural beauty of Lahaina had already been framed and plasticised by hotel chains and fast food restaurants. It is in that environment that Jolla must make a stand and survive - because there's no more new frontier. It seems like Jolla was unable to survive amidst the hotel chains and fast food restaurants of the mobile technology industry. Only a few days ago, my brother had a gift for me. Something special, something I know he cares about a lot. A square black box, embossed with the outline of a phone with a slide-out keyboard, and, in silver lettering, the timeless "NOKIA Nseries" and "Nokia N900". None of you know my brother - obviously - but I know just how huge of a moment this was. Up until only a few months ago, he still used his Nokia N900 as his one and only smartphone. Not as a curiosity for parlour tricks - no, as his primary, day-to-day smartphone. His attachment and love for his N900 is something you don't see very often in technology. It's not the kind of deluded fandom you see in some other circles, but more of a "I know this device is outdated and slow and that the software isn't very modern, but it works for me". Talk to any current N900 user, and you'll get the same vibe. In fact, the N900 my brother gave to me wasn't his only one, he still has another one as back-up. As a back-up to what? Well, after a short stint with a Nokia N9 - which I bought from him a few years ago - he went back to his N900, until a few months ago, when he finally settled on a new device, a Sony Z3 Compact. After the last few months, he finally felt comfortable enough to donate one of his N900s (but not both!). Unsurprisingly, he was always interested in Jolla and kept an eye on them, and while he certainly played with mine on occasion, it never clicked. When, as Jolla, spiritual successor to the infamous and beloved Nokia Maemo/Harmattan family, you can't even entice someone like my brother, you know you're lost in a world where you're never going to compete with Android or iOS. My limited edition Jolla The First One will always have a special place in my heart, and the tablet, if it ever ships to me, will certainly be one of the more prized curiosities in my collection, but I'm afraid the ship has sailed on Jolla. It's probably in Fiji by now.
 Thu, 19 Nov 2015 21:28:18 GMT The iPad Pro has an App Store problem
Much of the marketing around Apple's new iPad Pro has been centered on its ability to run professional grade software and the variety of creativity apps it supports. But for smaller developers of pro software, the iPad Pro may present more of a quandary than a new computing platform. The reason? Despite the new tablet's processing power and capabilities, it's still running on mobile software - and developers aren't totally convinced the economic incentives exist in the App Store for iOS. In short, they feel they wouldn't be able to charge users the amounts they normally would for a version of their software that runs on a desktop. It's a problem that exists not only around the iPad Pro, but mobile software development in general, and highlights the very real challenges that smaller software companies face when deciding which software platforms to prioritize - especially as mobile tablets and PCs converge. This is a huge problem for closed, mobile-first devices like Apple's iPad Pro. Large companies like Adobe can run comprehensive cloud infrastructures and fund the burden of mobile development with the sales of proper software. Smaller developers, however, cannot. This problem doesn't exist on competitors like the Surface Pro, because they run a traditional, proper desktop. After the starry eyes of the initial gold rush subsided, it became clear centralised application stores wreaked havoc in the software industry, and caused a spiraling race to the bottom. Sadly, it seems like Apple has no answer to this problem for its iPad Pro.
 Wed, 18 Nov 2015 23:52:37 GMT Google starts streaming some Android applications
In addition, you're also going to start seeing an option to "stream" some apps you don't have installed, right from Google Search, provided you're on good Wifi. For example, with one tap on a "Stream" button next to the HotelTonight app result, you'll get a streamed version of the app, so that you can quickly and easily find what you need, and even complete a booking, just as if you were in the app itself. And if you like what you see, installing it is just a click away. This uses a new cloud-based technology that we're currently experimenting with. This seems like a hell of a lot of work and infrastructure for something that could be solved by, uh, I don't know, installing the application? I'm getting old.
 Wed, 18 Nov 2015 23:41:50 GMT Microsoft investigating Win32 support for Continuum
With Continuum, capable Windows 10 Mobile devices will be able to act like PCs, hooking up to keyboards, mice, and monitors for a full Windows desktop experience, and Microsoft is looking into ways of expanding these capabilities. Apparently, that involves investigating the possibility of running Win32 apps from phones, according to Microsoft's Kevin Gallo during the Connect() 2015 conference. I have two things to say about this. First, this is totally cool. The idea of having just one smartphone with me that can hook up to a display, keyboard, and mouse, and then also run proper Win32 applications (instead of crappy Metro applications) is incredibly appealing to me. I like the concept of the Surface and Continuum (the device being smart enough to adapt the UI to the current input method), but a desktop with just Metro (and yes I will keep using that name) applications is pretty much useless. It's going to need big girl applications. Second, while cool, this is also yet another admission from Microsoft that they just can't get developers - either inside or outside - to care much about Metro and all that it entails. Microsoft would love to move everyone - users and developers alike - over to Metro, but it just isn't happening, and there's no signs that it's going to get any better in the near future. I would love for Metro to be adopted enough (and capable enough) so that it can start replacing Win32 - but it's been years now, and it's pretty clear that we're just not getting there.
 Wed, 18 Nov 2015 23:34:51 GMT Oppo starts offering near-stock Android
Oppo has been putting a customized version of Android on its phones for years, but now it's letting you strip most of those customizations away. It released a nearly stock version of Android today that's basically just Android Lollipop with a few pieces of Oppo software, including its camera app, audio tools, and gesture support. The new release, which it's calling Project Spectrum, is able to be installed on its Find 7 and Find 7a phones and will be coming to other Oppo phones in the near future. Sometime early next year, Oppo plans to release an updated version for Android Marshmallow. More and more manufacturers seem to be getting the message: users want stock Android, because stock Android is better than whatever crap OEMs can come up with. A good development, obviously, but it still doesn't address Android'd biggest weakness: updates.
 Wed, 18 Nov 2015 01:01:54 GMT Blogging about Midori
Enough time has passed that I feel safe blogging about my prior project here at Microsoft, "Midori". In the months to come, I'll publish a dozen-or-so articles covering the most interesting aspects of this project, and my key take-aways. Midori was a research/incubation project to explore ways of innovating throughout Microsoft's software stack. This spanned all aspects, including the programming language, compilers, OS, its services, applications, and the overall programming models. We had a heavy bias towards cloud, concurrency, and safety. The project included novel "cultural" approaches too, being 100% developers and very code-focused, looking more like the Microsoft of today and hopefully tomorrow, than it did the Microsoft of 8 years ago when the project began. The first two articles have already been published. This looks like it's going to be an excellent series. News   [more] [xml]
 2015-11-28T19:51:17+00:00 Development Release: Elive 2.6.12 (Beta)
Elive 2.6.12, the latest development build of the project's commercial distribution based on Debian GNU/Linux and featuring a highly customised Enlightenment desktop, is out and ready for testing: "The Elive team is proud to announce the release of the beta version 2.6.12. This version includes bug fixes in....
 2015-11-27T19:54:55+00:00 Distribution Release: Kwort Linux 4.3
David Cortarello has announced the release of Kwort Linux 4.3, the latest stable built from the project developing a lightweight, CRUX-based distribution with Openbox and a custom package manager called kpkg: "A new version of Kwort available, this one is 4.3. Get it while it's hot! As always,....
 2015-11-26T15:57:29+00:00 Distribution Release: Oracle Linux 7.2
Oracle has announced the release of Oracle Linux 7.2. Oracle Linux is built from Red Hat Enterprise Linux source code and is designed to be binary compatible with Red Hat's product. Oracle Linux 7.2 ships with two kernels, a "Red Hat Compatible Kernel" and Oracle's "Unbreakable Enterprise Kernel",....

powered by zFeeder





Translate to Spanish