quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

Trailrunner7 writes "On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks. The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader."

andydread writes "It seems Microsoft's campaign to scare manufacturers away from open source and Linux in particular is proceeding at full force. The latest news is from Digitimes out of Taiwan. Apparently Microsoft is threatening Acer and Asustek with having to pay Microsoft a license fee for the privilege of deploying Linux on their devices. This time, it's in the form of Android and Chorme OS. So basically, this campaign is spreading to PC vendors now. What are the implications of this? Does this mean that if I build PCs with Linux (Ubuntu/ChromeOS/Fedora) and sell them I am at risk of getting sued by Microsoft? "

An anonymous reader writes "It's official: Ubuntu has, with its ironically named 'Unity' interface, chosen to move away from GNOME for Ubuntu Natty Narwhal. Or at least move away from GNOME Shell. Mark Shuttleworth says that Ubuntu will still be 'GNOME,' even if it's not using GNOME Shell. Do you agree?"

LingNoi writes with this excerpt from ComputerWorld UK: "The London Stock Exchange has said its new Linux-based system is delivering world record networking speed, with 126 microsecond trading times. The news comes ahead a major Linux-based switchover in twelve days, during which the open source system will replace Microsoft .Net technology on the group's main stock exchange. The LSE had long been criticised on speed and reliability, grappling with trading speeds of several hundred microseconds. The 126 microsecond speed is 'twice as fast' as its main international competitors, the London Stock Exchange said. BATS Europe and Chi-X, two dedicated electronic rivals to the LSE, are reported to have an average latency of 250 and 175 microseconds respectively. Neither company immediately provided details. But many of the LSE's older and more traditional rivals offer speeds of around 300 to 400 microseconds. Nevertheless, Linux is now standard in many exchanges, including the New York Stock Exchange."

GMGruman writes "In September, Symbian 3 was Nokia's latest great hope for becoming relevant in the modern smartphone market. Now comes word that the Symbian Foundation is shutting down, ending the Symbian 3 and Symbian 4 efforts. Nokia is now banking on MeeGo, a collaboration with Intel whose release date — and fit to smartphones — is highly uncertain. InfoWorld's Ted Samson thinks that it's time for Nokia to swallow its pride and stop pretending it will ship MeeGo in time to matter, and instead consider adopting Android — or even Windows Phone 7, which after all might finally support copy and paste by the time Nokia decides to hitch its mobile wagon to a new horse."

pinkeen writes "I've used Linux as my work & play OS for 5+ years. The one thing that constantly drives me mad is its IO scheduling. When I'm copying a large amount of data in the background, everything else slows down to a crawl while the CPU utilization stays at 1-2%. The process which does the actual copying is highly prioritized in terms of I/O. This is completely unacceptable for a desktop OS. I've heard about the efforts of Con Kolivas and his Brainfuck Scheduler, but it's unsupported now and probably incompatible with latest kernels. Is there any way to fix this? How do you deal with this? I have a feeling that if this issue was to be fixed, the whole desktop would become way more snappier, even if you're not doing any heavy IO in the background." Update: 10/23 22:06 GMT by T : As reader ehntoo points out in the discussion below, contrary to the submitter's impression, "Con Kolivas is still actively working on BFS, it's not unsupported. He's even got a patch for 2.6.36, which was only released on the 20th. He's also got a patchset out that I use on all my desktops which includes a bunch of tweaks for desktop use." Thanks to ehntoo, and hat tip to Bill Huey.

mtaht writes "I've just had the interesting experience of being deposed to talk about one of the first embedded, Linux-based, wireless routers. Our (free!) 1998 publication of how to make one predates patent #7035281, filed September 13, 2000, by someone else. Their patent was recently granted and is now being disputed in court, in part using our how-to as an example of prior art. The lawsuit continues; the case goes before a judge shortly, and a jury trial if necessary is scheduled for the spring. I find myself plagued with the question: So... who invented the embedded Linux based wireless router? What relevance does 'who' have, when there is such an enormous confluence of ideas from thousands of people? What constitutes invention, anyway?"

Thunderstruck writes "I work in a small office with just two computers. Both machines run long-term-service releases of Ubuntu, with Gnome, and Evolution for scheduling, contact management and electronic mail. We plan to stick with Linux long-term. For telephone service, we're using smartphones. In order to keep everything straight, we need phones that can synchronize easily with the calendars and contact data on each owner's desktop machine. We cannot use cloud based services for this function due to ethics rules, and for security reasons. Right now, we do all of this with older Palm phones, but these are a dying breed. What options are out there right now for phones that will sync with Evolution (or another good Linux PIM suite) which do not require data to go through the cloud first?"

Trailrunner7 writes "The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included." The article goes on to say, though, that "Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions," and that Linus Torvalds has committed a fix.