Network

Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer? 184

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Open Source

Opus 1.2 Released 22

jmv writes: The Opus audio codec, used in WebRTC and now included in all major web browsers, gets another major upgrade with the release of version 1.2. This release brings quality improvements to both speech and music, while remaining fully compatible with RFC 6716. There are also optimizations, new options, as well as many bug fixes. This Opus 1.2 demo describes a few of the upgrades that users and implementers will care about the most. It includes audio samples comparing to previous versions of the codec, as well as speed comparisons for x86 and ARM.
Linux

Linux Kernel 4.14 Will Be An LTS Release (softpedia.com) 45

prisoninmate writes: Development of the Linux 4.14 kernel series did not even start, as the version that's being developed these days is Linux 4.12, which should be promoted to stable early next month, but Softpedia reports that renowned Linux kernel maintainer Greg Kroah-Hartman announced earlier this morning that the upcoming Linux 4.14 kernel series will be an LTS (Long Term Support) branch. The developer promises to support the Linux 4.14 kernel series for at least two years after its release in November 2017, probably until November 2019.
Debian

Debian 9 (Stretch) Will Be Released Today (twitter.com) 192

The Debian Project has been liveblogging today's release of Debian 9 (Stretch) using the Twitter hashtag #releasingstretch. Some of the announcements:
  • The oldstable suite (wheezy) has now been renamed to oldoldstable
  • Debian jessie now been renamed to oldstable!
  • The Debian stretch suites have now been renamed to stable!
  • The draft debian-devel-announce post is ready, archive docs are being cleaned up

This release is named after that purple octopus in Toy Story 3, and more tantalizing tidbits of information keep appearing on Debian's micronews site:

  • At least 1436 people and 18 teams contributed to Debian in 2017
  • Stretch has 25,357 source packages with 9,808,465 source files
  • There were 13 different themes proposed to be the official Debian stretch theme
  • Debian Stretch ships with the free mathematical software SageMath, you can install it with apt
  • During the stretch development, 101 contributors became Debian Developers, and 94 more become Debian Maintainers
  • Debian Stretch will ship with the first release of the Debian Astro Pure Blend [for astronomers]
  • Debian Popularity Contest gathers anonymous statistics about Debian packages usage from about 195,000 reports

Microsoft

Green Party Leaders Don't Want Windows In Munich (techrepublic.com) 137

Reader sqorbit writes: Munich spent a lot of time (9 years) and a lot of money in shifting some 15,000 staff to a Linux-based OS. The plan now is to move to Windows 10 by 2021. Munich's Green Party is citing the WannaCry virus as a valid reason not to switch to Windows. "As with many of the biggest attacks, the computers that were mainly hit were running the Windows operating system," the Green Party said in a statement.
Security

Linux Malware Infects Raspberry Pi Devices And Makes Them Mine Cryptocurrency (hothardware.com) 84

An anonymous reader quotes Hot Hardware: If you're a Raspberry Pi user who's never changed the default password of the "pi" user, then heed this warning: change it. A brand new piece of malware has hit the web, called "Linux.MulDrop.14", and it preys on those who haven't secured their devices properly... After scanning for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself. The ultimate goal of Linux.MulDrop.14 is to make digital money for someone else, namely the author of the malware, using your Raspberry Pi.
Encryption

Docker's LinuxKit Launches Kernel Security Efforts, Including Next-Generation VPN (eweek.com) 44

darthcamaro writes: Back in April, when Docker announced its LinuxKit effort, the primary focus appeared to just be [tools for] building a container-optimized Linux distribution. As it turns out, security is also a core focus -- with LinuxKit now incubating multiple efforts to help boost Linux kernel security. Among those efforts is the Wireguard next generation VPN that could one day replace IPsec. "Wireguard is a new VPN for Linux using the cryptography that is behind some of the really good secure messaging apps like Signal," said Nathan McCauley, Director of Security at Docker Inc.
According to the article, Docker also has several full-time employees looking at ways to reduce the risk of memory corruption in the kernel, and is also developing a new Linux Security Module with more flexible access control policies for processes.
Operating Systems

Ubuntu Works With GNOME To Improve HiDPI Support On Linux Desktop (omgubuntu.co.uk) 85

An anonymous reader shares an article: Canonical is playing host to a 'fractional scaling hackfest' in its Taipei offices this week. Both GNOME developers and Ubuntu developers are in attendance, ready to wrestle with the aim: improve GNOME HiDPI support. Ubuntu's Unity desktop (I'm told, anyhow) plays fairly nice with high DPI monitors because the shell supports fractional scaling (though most apps, I believe, do not). Furthermore, users can tweak some high DPI settings to better suit their display(s). GNOME Shell also supports HiDPI monitors, but has, until now, been a little less flexible about it. "Currently, we only allow to scale windows by integral factors (typically 2). This proves somewhat limiting as there are many systems that are just in between the dpi ranges that are good for scale factor 2, or unscaled," the hackfest page explains.
Chrome

Google Releases Chrome 59 (venturebeat.com) 72

An anonymous reader writes: Google has launched Chrome 59 for Windows, Mac, and Linux. Among the additions are native notifications on macOS, settings being revamped to follow Material Design, the Image Capture API, Headless Chrome, and more service worker improvements. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome.
Media

OpenELEC 8.0.4 Kodi-Focused Linux Distro Now Available (openelec.tv) 43

BrianFagioli writes: Unfortunately, Kodi is not its own operating system, meaning it has to be run on top of an OS. Sure, you could use Windows 10, but that is overkill if you only want to run Kodi. Instead, a lightweight Linux distribution that only serves to run the media center is preferable. One of the most popular such distros is OpenELEC. It can run on traditional PC hardware, but also Raspberry Pi, and, my favorite — WeTek boxes. Today, version 8.0.4 achieves stable release. It is a fairly ho-hum update, focusing mostly on fixes and stability.

The team shares the following changes in the release.

- fix crash in WeTek DVB driver on WeTek Play (1st gen).
- enable Kernel NEON mode for RPi2 builds.
- enable some more SOC sound drivers for RPi/RPi2 builds.
- enable Regulator support on all builds.
- enable Extcon support on all builds.
- fix loading for some I2C sound modules on RPI/RPi2 builds.
- fix loading splash screen on systems with Nvidia GPUs.
- fix speed problems on Nvidia ION systems.
- fix problems loading dvbhdhomerun addons.
- fix using user created sleep scripts.
- build PNG support with SSE support for x86_64 builds.
- update to linux-4.9.30, mesa-17.0.7, alsa-lib-1.1.4.1, alsa-utils-1.1.4, kodi-17,3, mariadb-10.1.23, samba-4.6.4.

Ubuntu

Ubuntu Touch Mobile OS Now Maintained By UBports (phoronix.com) 22

An anonymous reader quotes Phoronix: UBports continues to be the leading community project for trying to let Ubuntu Touch live on and evolve under their direction... Among their recent achievements were acquiring more sponsors, all devices that were sold with Ubuntu Touch can now run with UBports' builds, they are working on their own version of Mozilla's AGPS Location Service to replace Canonical's GPS system, the Halium OS platform continues evolving, the Dekko email client is back under development, installation improvements are being worked on, they are still striving for Wayland support, and more.
The UBports Patreon page has even raised enough to allow UBports founder Marius Gripsgard to work full-time on what they're calling "a beautiful, free and open-source mobile OS." Their recent community update announced that "we are seeing more activity on Ubuntu Touch than for a very long time, and that is really encouraging."
Books

Technology Is Making the World More Unequal; Only Technology Can Fix This (theguardian.com) 145

mspohr shares an excerpt from an article written by Cory Doctorow via The Guardian: The inequality of badly-run or corrupt states is boosted by the power of technology -- but it's also easier than ever to destabilize these states, thanks to technology. The question is: which future will prevail?" [The article discusses two sides to the issue:] Here's the bad news: technology -- specifically, surveillance technology -- makes it easier to police disaffected populations, and that gives badly run, corrupt states enough stability to get themselves into real trouble. Here's the good news: technology -- specifically, networked technology -- makes it easier for opposition movements to form and mobilize, even under conditions of surveillance, and to topple badly run, corrupt states. Long before the internet radically transformed the way we organize ourselves, theorists were predicting we'd use computers to achieve ambitious goals without traditional hierarchies -- but it was a rare pundit who predicted that the first really successful example of this would be an operating system (GNU/Linux), and then an encyclopedia (Wikipedia). [Cory also has a new novel, Walkaway , which explores these ideas further.] The future will see a monotonic increase in the ambitions that loose-knit groups can achieve. My new novel, Walkaway, tries to signpost a territory in our future in which the catastrophes of the super-rich are transformed into something like triumphs by bohemian, anti-authoritarian "walkaways" who build housing and space programs the way we make encyclopedias today: substituting (sometimes acrimonious) discussion and (sometimes vulnerable) networks for submission to the authority of the ruling elites.
Open Source

Alpine Linux 3.6.0 Released (alpinelinux.org) 59

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 83

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."
Debian

Devuan Jessie 1.0 Officially Released (softpedia.com) 237

prisoninmate quotes a report from Softpedia: Announced for the first time back in November 2014, Devuan is a Debian fork that doesn't use systemd as init system. It took more than two and a half years for it to reach 1.0 milestone, but the wait is now over and Devuan 1.0.0 stable release is here. Based on the packages and software repositories of the Debian GNU/Linux 8 "Jessie" operating system, Devuan 1.0.0 "Jessie" is now considered the first stable version of the GNU/Linux distribution, which stays true to its vision of developing a free Debian OS without systemd. This release is recommended for production use. As Devuan 1.0.0 doesn't ship with systemd, several adjustments needed to be made. For example, the distro uses a systemd-free version of the NetworkManager network connection manager and includes several extra libsystemd0-free packages in its repository.

Slashdot Top Deals