Monday February 20, 2017

SC Magazine: FBI conducting three probes into Russian election hacking

(posted on Monday February 20, 2017 at 10:10 AWST)

Five insiders offer up new details.

SC Magazine: Dominello to use his promotion to drive digitisation

(posted on Monday February 20, 2017 at 10:08 AWST)

"If you love paper, do origami".

Slashdot: Linux Kernel 4.10 Officially Released With Virtual GPU Support

(posted on Monday February 20, 2017 at 08:34 AWST)

"Linus Torvalds announced today the general availability of the Linux 4.10 kernel series, which add a great number of improvements, new security features, and support for the newest hardware components," writes Softpedia. prisoninmate quotes their report: Linux kernel 4.10 has been in development for the past seven weeks, during which it received a total of seven Release Candidate snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system... Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5... Ubuntu 17.04 (Zesty Zapus) could be the first stable OS to ship with Linux 4.10. It required 13,000 commits, plus over 1,200 merges, Linus wrote in the announcement, adding "On the whole, 4.10 didn't end up as small as it initially looked."

Read more of this story at Slashdot.

Slashdot: Serious Computer Glitches Can Be Caused By Cosmic Rays

(posted on Monday February 20, 2017 at 07:34 AWST)

The Los Alamos National Lab wrote in 2012 that "For over 20 years the military, the commercial aerospace industry, and the computer industry have known that high-energy neutrons streaming through our atmosphere can cause computer errors." Now an anonymous reader quotes Computerworld: When your computer crashes or phone freezes, don't be so quick to blame the manufacturer. Cosmic rays -- or rather the electrically charged particles they generate -- may be your real foe. While harmless to living organisms, a small number of these particles have enough energy to interfere with the operation of the microelectronic circuitry in our personal devices... particles alter an individual bit of data stored in a chip's memory. Consequences can be as trivial as altering a single pixel in a photograph or as serious as bringing down a passenger jet. A "single-event upset" was also blamed for an electronic voting error in Schaerbeekm, Belgium, back in 2003. A bit flip in the electronic voting machine added 4,096 extra votes to one candidate. The issue was noticed only because the machine gave the candidate more votes than were possible. "This is a really big problem, but it is mostly invisible to the public," said Bharat Bhuva. Bhuva is a member of Vanderbilt University's Radiation Effects Research Group, established in 1987 to study the effects of radiation on electronic systems. Cisco has been researching cosmic radiation since 2001, and in September briefly cited cosmic rays as a possible explanation for partial data losses that customer's were experiencing with their ASR 9000 routers.

Read more of this story at Slashdot.

SC Magazine: Domino's moves online ordering from AWS to Azure

(posted on Monday February 20, 2017 at 07:23 AWST)

Global OneDigital cloud migration kicks off.

GNOME Look: My Home Conky [Conky]

(posted on Monday February 20, 2017 at 07:03 AWST)

ThumbnailMy Home Conky
(Conky)
Basic widget for use with Conky This widget draws the Wired Conky interface to display system information

[read more]

GNOME Look: Papirus [Icon Themes]

(posted on Monday February 20, 2017 at 06:37 AWST)

ThumbnailPapirus
(Icon Themes)
Papirus - it's free and open source SVG-based icon theme for Linux with material and flat style. All elements have clear distinction and outlines. Also main feature - it's warm colors tone Available 4 versions icon set: Papirus - main icon theme Papirus Dark - for dark interfaces Papirus Light - for light interfaces ePapirus - mod for elementaryOS Papirus support hardcode-tray script: https://github.com/bil-elmoussaoui/Hardcode-Tray/ And KDE color scheme: https://techbase.kde.org/Development/Tutorials/Plasma5/ThemeDetails#Colors Recommend use with Arc Dark theme: https://github.com/horst3180/arc-theme And Arc KDE version: https://github.com/PapirusDevelopmentTeam/arc-kde Now available repository for some distros, on GitHub page: - openSUSE - ArchLinux - Ubuntu Papirus Development Team: Alexey Varfolomeev - author Papirus project and main designer (https://github.com/varlesh) Sergei Eremenko - maintainer PPA, code optimization, scripting (https://github.com/SmartFinn) Andreas_K - initially KDE color support (https://github.com/DarkknightAK) Mohammed Aquib Azad - some additional icons (https://github.com/azadaquib) and others... LICENSE: LGPL v3

[read more]

Latest Kernel Versions: 4.10: mainline

(posted on Monday February 20, 2017 at 06:34 AWST)

Version:4.10 (mainline)
Released:2017-02-19
Source:linux-4.10.tar.xz
PGP Signature:linux-4.10.tar.sign
Patch:patch-4.10.xz

Slashdot: Google Discloses An Unpatched Windows Bug (Again)

(posted on Monday February 20, 2017 at 06:34 AWST)

An anonymous reader writes: "For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement," reports BleepingComputer. "The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)..." According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many. "According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable." He later resubmitted the bugs in November 2016. The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15. Microsoft has described Google's announcements of unpatched Windows bugs as "disappointing".

Read more of this story at Slashdot.

GNOME Look: Treepata - High contrast [Icon Themes]

(posted on Monday February 20, 2017 at 06:28 AWST)

ThumbnailTreepata - High contrast
(Icon Themes)
Treepata - High Contrast - is based on the Xfce High Contrast icon theme, and developed for the Xfce environment. -------------------- After having used the standard Xfce/Xubuntu icon themes for quite a while, I needed something cleaner and simpler. Something more fitting with the overall dark theme (Numix) I had chosen for my configuration. Something like the Xfce High Contrast icon set. The Xfce High Contrast icon set is nice, but also slightly unfinished. Some icons are missing, leading to broken links and standard Xfce elementary icon replacements. So I developed my own icon set, a highly updated version of the High Contrast icon set. Besides having added my own designs, I make use of Xfce High Contrast's and elementary Xfce's existing icons, as well as additional icons from the ALLBLACK icon set by Mandarancid and 042 icon set by Heylove. Due credit should go to them. The current version (1.4) includes about 3880 icons. It is tested under Xubuntu 16.04 and should run without issues. I use the Numix theme (part of the Shimmer Project), which looks good with the Treepata Icon set. You can see the theme in action in the screenshots. The next version (1.5) will include more in-application icons, as well as some improved, corrected and updated icons (adding thicker borders) - and Gajim icons. -------------------- DISCLAIMER: Although I managed to add a significant number of new icons, it does not include every icon of every application out there. In particular, if you use another desktop manager besides Xfce (such as Gnome), you might find a few missing icons. Feel free to suggest or ask for additional icons in the comments below. I will create and include these icons in future editions. -------------------- INSTALL INSTRUCTIONS: Unpack the whole folder with your favourite file archiver, and place it in ./usr/share/icons. Do not forget that you need root privileges to paste something in this folder. (Run "sudo thunar" in your Terminal application to start Thunar with root privileges).

[read more]

Slashdot: Some Recyclers Give Up On Recycling Old Monitors And TVs

(posted on Monday February 20, 2017 at 05:12 AWST)

An anonymous reader writes: "In many cases, your old TV isn't recycled at all and is instead abandoned in a warehouse somewhere, left for society to deal with sometime in the future," reports Motherboard, describing the problem of old cathode-ray televisions and computer monitors with "a net negative recycling value" (since their component parts don't cover the cost of dismantling them). An estimated 705 million CRT TVs were sold in the U.S. since 1980, and many now sit in television graveyards, "an environmental and economic disaster with no clear solution." As much as 100,000 tons of potentially hazardous waste are stockpiled in two Ohio warehouses of the now-insolvent recycler Closed Loop, plus "at least 25,000 tons of glass and unprocessed CRTs in Arizona...much of it is sitting in a mountainous pile outside one of the warehouses." One EPA report found 23,000 tons of lead-containing CRT glass abandoned in four different states just in 2013.

Read more of this story at Slashdot.

SC Magazine: Samsung boss spends first night in a cell

(posted on Monday February 20, 2017 at 04:48 AWST)

As prosecutors look to expand charges.

SC Magazine: GM to test 'thousands' of autonomous cars in 2018

(posted on Monday February 20, 2017 at 04:37 AWST)

Vehicles to join Lyft fleet.

Slashdot: Self-Driving Car Speed Race Ends With A Crash

(posted on Monday February 20, 2017 at 03:38 AWST)

An anonymous reader writes:On a professional track in Buenos Aires, fans watched the first Formula E auto race with self-driving electric cars. "Roborace's two test vehicles battled it out on the circuit at a reasonably quick 115MPH," reports Engadget, "but one of the cars crashed after it took a turn too aggressively. The racing league was quick to tout the safety advantages of crashing autonomous cars ('no drivers were harmed'), but it's clear that the tech is still rough around the edges." Electrek is reporting that the cars "still have a cabin for a driver but neither car's cabin was occupied during the event." The ultimate goal is to have several teams racing the exact same self-driving car, while letting each team customize its car's driving software. An Argentinian journalist shared footage of the race cars on Twitter, and apparently at one point a dog wandered out in front of an oncoming race car. But the real question is how the fans are going to feel about watching a speed race between cars with no drivers?

Read more of this story at Slashdot.

Slashdot: Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced'

(posted on Monday February 20, 2017 at 02:34 AWST)

An anonymous reader quotes KrebsOnSecurity: On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation. Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368. Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

Read more of this story at Slashdot.

Slashdot: New Free O'Reilly Ebook: 'Open Source In Brazil'

(posted on Monday February 20, 2017 at 01:34 AWST)

An anonymous reader writes: Andy Oram, who's been an editor at O'Reilly since 1992, has written a new free report about how open source software is everywhere in Brazil. The country's IT industry is booming in Brazil -- still Latin America's most vibrant economy -- with open source software popular in both startups and in cloud infrastructure. Oram attributes this partly to the government's support of open source software, which over the last 15 years has built public awareness about its power and potential. And says the Brazil now has a thriving open source community, and several free software movements. Even small towns have hacker spaces for collaboration and training, and the country has several free software movements.

Read more of this story at Slashdot.

Slashdot: Used Cars Can Still Be Controlled By Their Previous Owners' Apps

(posted on Monday February 20, 2017 at 00:34 AWST)

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN: Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone... "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them. Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app. It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.

Read more of this story at Slashdot.

Sunday February 19, 2017

Slashdot: A Source Code Typo Allowed An Attacker To Steal $592,000 In Cryptocurrency

(posted on Sunday February 19, 2017 at 23:34 AWST)

An anonymous reader writes: "A typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price," reports BleepingComputer. According to the Zcoin team, one extra character left inside Zerocoin's source code was the cause of the bug. The hacker exploited the bugs for weeks, by initiating a transaction and receiving the money many times over. "According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks," reports the site. "They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume... The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000)."

Read more of this story at Slashdot.

Slashdot: Alaska Gets 'Artificial Aurora' As HAARP Antenna Array Listens Again

(posted on Sunday February 19, 2017 at 22:34 AWST)

Freshly Exhumed quotes Hackaday: The famous HAARP antenna array is to be brought back into service for experiments by the University of Alaska. Built in the 1990s for the US Air Force's High Frequency Active Auroral Research Program, the array is a 40-acre site containing a phased array of 180 high-frequency antennas and their associated high-power transmitters. Its purpose is to conduct research on charged particles in the upper atmosphere, but that hasn't stopped an array of bizarre conspiracy theories. A university space physics researcher will actually create an artificial aurora starting Sunday (and continuing through Wednesday) to study how yjr atmosphere affects satellite-to-ground communications, and "observers throughout Alaska will have an opportunity to photograph the phenomenon," according to the University. "Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio."

Read more of this story at Slashdot.

Slashdot: Fans Choose A New Football Team's Plays With Their Smartphones

(posted on Sunday February 19, 2017 at 20:34 AWST)

A new arena-league football team plays on a 50-yard field and uses a mobile app that allows fans to vote on the team's next play. An anonymous reader writes: Slate describes a receiver tackled for a short gain after the audience instructed the quarterback to throw a quick pass -- as "shouts and cheers exploded from the stands, with phones raised triumphantly in the air." The quarterback is informed of the chosen plays through an earphone in his helmet, and after one touchdown, one of the players even thanked a fan in the seats for picking a good play. "Then noses immediately returned to screens...the coach and QB were antsy, peering upward, waiting for the fans' next call as the play clock ticked down again..." The team eventually lost 78-47, but to at least make things more interactive, the players all have their Twitter handles sewn on the backs of their jerseys. Fans can also be "virtual general managers" for a small fee, dialing in to a weekly phone call to give feedback to the team's president, and fans also selected the team's head coach from online resumes and some YouTube videos of interviews. In fact, the article says the fans even picked the team's name, with the name "Screaming Eagles" finally winning out over "Teamy McTeamface" and "Spaghetti Monsters."

Read more of this story at Slashdot.

GNOME Look: BreezeX [Icon Themes]

(posted on Sunday February 19, 2017 at 20:19 AWST)

ThumbnailBreezeX
(Icon Themes)
Fixed menu icons and some listing icons with Mac OSX but, it's for "Breeze" lovers.

[read more]

GNOME Look: DamaDamas Icon Theme [Icon Themes]

(posted on Sunday February 19, 2017 at 19:46 AWST)

ThumbnailDamaDamas Icon Theme
(Icon Themes)
For Pisi GNU/Linux http://www.pisilinux.org/en DamaDamas icons git :: https://github.com/sonakinci41/DamaDamas-icon-theme devian :: http://sonakinci41.deviantart.com/art/DamaDamas-icon-theme-658929584 DamaDamas Desktop https://store.kde.org/p/1171119/ DamaDamas Colors https://store.kde.org/p/1171120/

[read more]

GNOME Look: Flatabulous-numix-dark-new [GTK3 Themes]

(posted on Sunday February 19, 2017 at 19:36 AWST)

ThumbnailFlatabulous-numix-dark-new
(GTK3 Themes)
The theme based on numix and flatabulous themes. To install: Extract the Flatabulous-numix-dark-new.tar.gz file to /usr/share/themes or home/.themes folders.

[read more]

GNOME Look: flatabulous-numix-new [GTK3 Themes]

(posted on Sunday February 19, 2017 at 19:33 AWST)

Thumbnailflatabulous-numix-new
(GTK3 Themes)
The theme based on numix and flatabulous themes. To install: Extract the Flatabulous-numix-new.tar.gz file to /usr/share/themes or /home/.themes folders.

[read more]

GNOME Look: ultra-flat-numix [Icon Themes]

(posted on Sunday February 19, 2017 at 19:30 AWST)

Thumbnailultra-flat-numix
(Icon Themes)
The icon theme based on ultra-flat icons. To install: extract the Ultra-Flat-Numix.tar.gz file to usr/share/icons.

[read more]

EEV Blog: eevBLAB #29 – How To Search For An Enclosure

EEV Blog (posted on Sunday February 19, 2017 at 18:41 AWST)

Dave shows you how to parametric search for a rather obscure handheld 3xAA or 3xAAA plastic enclosure.

Comments

GNOME Look: The bridge to sun [Bridges]

(posted on Sunday February 19, 2017 at 18:11 AWST)

ThumbnailThe bridge to sun
(Bridges)
In Nakskov, Denmark, we have a bridge the sun.

[read more]

GNOME Look: Xfce Classic [Wallpapers XFCE]

(posted on Sunday February 19, 2017 at 17:49 AWST)

ThumbnailXfce Classic
(Wallpapers XFCE)
Mix of MacOS 9 face logo and my favourite desktop environment Xfce

[read more]

Slashdot: Techdirt Asks Judge To Dismiss Another Lawsuit By That Guy Who Didn't Invent Email

(posted on Sunday February 19, 2017 at 16:34 AWST)

Three months ago Shiva Ayyadurai won a $750,000 settlement from Gawker (after they'd already gone bankrupt). He'd argued Gawker defamed him by mocking Ayyadurai's claim he'd invented email, and now he's also suing Techdirt founder Michael Masnick -- who is not bankrupt, and is fighting back. Long-time Slashdot reader walterbyrd quotes Ars Technica: In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame." He continues, "The 14 articles and 84 allegedly defamatory statements catalogued in the complaint all say essentially the same thing: that Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai's 1978 computer program, his claim to be the 'inventor of e-mail' is false"... The motion skims the history of e-mail and points out that the well-known fields of e-mail messages, like "to," "from," "cc," "subject," "message," and "bcc," were used in ARPANET e-mail messages for years before Ayyadurai made his "EMAIL" program. Ayyadurai focuses on statements calling him a "fake," a "liar," or a "fraud" putting forth "bogus" claims. Masnick counters that such phrases are "rhetorical hyperbole" meant to express opinions and reminds the court that "[t]he law provides no redress for harsh name-calling." The motion calls the lawsuit "a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai's grandiose claims." Ray Tomlinson has been dead for less than a year, but in this fascinating 1998 article recalled testing the early email protocols in 1971, remembering that "Most likely the first message was QWERTYIOP."

Read more of this story at Slashdot.

DFES Emergency Alerts: Take action now for Moderate flooding in parts of the the Kimberley within the Fitzroy River catchment districts.

DFES Emergency Alerts (posted on Sunday February 19, 2017 at 16:01 AWST)

Category: Flood
Alert Summary: People in the Fitzroy River catchment need to take action now as Moderate flooding is expected today and over the coming days.
Content:

​People in the Fitzroy River catchment need to take action now as Moderate flooding is expected today and over the coming days. This includes people in Fitzroy Crossing and surrounding areas. 

Water will be fast flowing and levels will rise quickly. 

WHAT TO DO:  

DFES advises you to: 

Watch for changes in water levels so you are ready if you need to evacuate.

Pack a relocation kit together with your emergency kit.

Relocate equipment and livestock so they do not get caught in floodwaters.

Prepare pet food or stockfeed in case you cannot return home for a few days.

Never walk, swim or play in floodwaters as they are dangerous.

Do not go near storm drains and pipes, ditches and ravines, as they are dangerous.

Stay out of rivers, this includes no swimming or kayaking.

If you are a traveller do not park or camp adjacent to rivers.

IF DRIVING:

Floodways and river levels may rise rapidly so be careful at crossings.

Obey road closure signs and do not drive into water of unknown depth and current.

Take care on gravel and unsealed roads as they may be slippery and muddy, and you could get bogged.

If your car stalls in rising water, abandon it immediately and seek shelter above floodwater.

ROAD CLOSURES: 

Roads have been closed including:

Gibb River Road from Blina turn-off (west end) to Great Northern Highway turn-off (east end).

Great Northern Highway has reopened from from Derby Highway intersection to Fitzroy Crossing

Great Northern Highway has reopened from from Fitzroy Crossing to Halls Creek

Exercise extreme caution in flooded areas and take care when driving on gravel roads. Surfaces may be slippery or muddy and vehicles could become bogged.

Road information may also be available by calling Main Roads WA on 138 138 or visiting www.mainroads.wa.gov.au OR by contacting your local Shire.

HEALTH: 

The Department of Health is warning residents and travellers to take precautions against biting insects following the widespread rainfall and recent flooding events across Western Australia, including the Kimberley region. Increased mosquito activity is likely to result in an increased risk of the mosquito-borne diseases Ross River virus (RRV), Barmah Forest virus (BFV), Murray Valley encephalitis virus (MVEV) and Kunjin virus (KUNV).

People are encouraged to take extra precautions to prevent being bitten by avoiding outdoor exposure particularly around dawn and dusk, wearing protective (long, loose-fitting, light coloured) clothing when outdoors and applying a personal repellent containing 20 per cent diethyl toluamide (DEET) or picaridin to exposed skin or clothing.

FLOOD DETAILS:  

As at 19/02/2017 3:23 pm the Bureau of Meteorology advises Moderate flooding is expected to continue in the Fitzroy River catchment overnight Sunday into Monday.  For the 24 hours to 9 am Sunday, no significant rainfall was recorded in the Fitzroy River catchment. For the 24 hours to 9 am Monday, isolated rainfall up to 40 mm are forecast in the northern and eastern parts of the Fitzroy River catchment.. 

Fitzroy River to Fitzroy Crossing:

Moderate flooding is occurring along the Fitzroy River to Fitzroy Crossing.

The Fitzroy River at Fitzroy Crossing peaked at 12.18 metres around 05:30 pm Friday 17 February and is currently at 11.35 metres and falling. The Fitzroy River at Fitzroy Crossing is expected to fall below the moderate flood level (11.00 meters) Sunday evening. The river level is expected to remain above the minor flood level (9.50 meters) during Monday.

Fitzroy River from Fitzroy Crossing to Noonkanbah:

Minor flooding is occurring along the Fitzroy River from Fitzroy Crossing to Noonkanbah.

The Fitzroy River at Noonkanbah is at 11.11 metres and rising. The Fitzroy River at Noonkanbah is expected to peak near 11.70 metres (moderate flood level 12.00 m ) late Sunday. The river level will remain above the minor flood level (9.50 meters) overnight Sunday into Monday.

Fitzroy River from Noonkanbah to Willare:

Minor flooding is expected to continue along the Fitzroy River from Noonkanbah to Willare.

The Fitzroy River at Willare is currently at 8.53 metres and steady. The Fitzroy River at Willare is expected to remain below the moderate flood level (8.80 m) overnight Sunday into Monday.

Current river levels are available from Department of Water at www.water.wa.gov.au 

For the latest flood information visit www.bom.gov.au/wa/flood or call 1300 659 213. 

WHAT EMERGENCY SERVICES ARE DOING: 

DFES is monitoring the situation.


IMPORTANT NUMBERS: 

For SES assistance call 132 500  

In a life threatening situation call 000  

For the latest flood information call 1300 659 213 or visit www.bom.gov.au/wa/flood        


KEEP UP TO DATE: 

Visit www.emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins. 


The next update will be provided by 11am Monday 20 February 2017 unless the situation changes.   

Publication Time: 19/02/2017 3:49 PM
Region: Kimberley

SC Magazine: Google outs unfixed Windows info leak flaw

(posted on Sunday February 19, 2017 at 15:32 AWST)

Microsoft again scolded in public for not patching vulnerability.

DFES Emergency Alerts: Bushfire ADVICE for southern part of Kalbarri National Park in the SHIRE OF NORTHAMPTON

DFES Emergency Alerts (posted on Sunday February 19, 2017 at 15:09 AWST)

Category: Fire
Alert Summary: A bushfire ADVICE has been issued for people within the vicinity south of the Ajana-Kalbarri Road in the southern part of Kalbarri National Park.
Content:

​A bushfire ADVICE has been issued for people within the vicinity south of the Ajana-Kalbarri Road in the southern part of Kalbarri National Park. 

Although there is no immediate danger you need to be aware and keep up to date in case the situation changes.

The fire started near Ajana-Kalbarri Road.

WHAT TO DO: 

If driving

Be extremely careful when driving through the area.

Turn your headlights on and drive slowly.

Watch for emergency services personnel and follow their directions.


BUSHFIRE BEHAVIOUR: 

It is contained.


ROAD CLOSURES AND CONDITIONS: 

Roads have not been closed.

Motorists are asked to avoid the area, reduce speed and drive carefully due to smoke.


Road information may also be available from Main Roads WA by calling 138 138 or visiting www.mainroads.wa.gov.au OR SHIRE OF NORTHAMPTON.


WHAT FIREFIGHTERS ARE DOING: 

Firefighters are strengthening containment lines. 

25 Department of Parks and Wildlife, Bush Fire Brigades firefighters are attending.


EXTRA INFORMATION: 

The fire was reported at 03:00 PM on 18 February 2017 and currently there has been 35 hectares burnt.

The cause of the fire is lightning.

Parks and Wildlife is now managing the fire.


KEEP UP TO DATE: 


Visit www.emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins. 


The next update to be provided by 11am tomorrow unless the situation changes. 


Publication Time: 19/02/2017 3:06 PM
Region: Midwest Gascoyne

DFES Emergency Alerts: Take action now for Minor flooding in parts of the Avon River catchment in the Goldfields Midlands including Beverley districts.

DFES Emergency Alerts (posted on Sunday February 19, 2017 at 12:49 AWST)

Category: Flood
Alert Summary: People in the Avon River catchment including Beverley need to take action now as Minor flooding is expected Sunday into Monday.
Content:

People in the Avon River catchment including Beverley need to take action now as Minor flooding is expected Sunday into Monday. People in Beverley, Northam, York and Toodyay need to continue to take action as minor flooding is expected today and tomorrow..
Water will be fast flowing and levels will rise quickly.

WHAT TO DO: 

DFES advises you to:
• Watch for changes in water levels so you are ready if you need to evacuate.
• Prepare to relocate equipment and livestock early so they are not caught in floodwaters.
• Prepare an emergency kit including enough canned food and water to last for four days, as well as clothing, important documents and medication.
• Fill your vehicle's fuel tank.
• Know where you will go. This may be to family and friends away from the area or to your nearest temporary evacuation centre.
• Tell other people of your plan and where you will go.
• Secure loose objects and outdoor equipment.
• Never walk, swim or play in floodwaters or drains, as they are dangerous.
• Stay out of rivers, this includes no swimming or kayaking.
• Do not park or camp adjacent to rivers.

IF DRIVING:
• Be careful at crossings and floodways as river levels may rise rapidly.
• Obey road closure signs and do not drive into water of unknown depth and current.
• Take care on gravel and unsealed roads as they may be slippery and muddy, and you could get bogged.
• Carry extra food and water when travelling in case of long delays at crossings.
• If your car stalls in rising water, abandon it immediately and seek shelter above floodwater.

ROAD CLOSURES:

Some local roads may be closed.

People should drive with caution due to possible water over roads or livestock on roads.

Road information may also be available by calling Main Roads WA on 138 138 or visiting www.mainroads.wa.gov.au or by contacting your local shire.

PARK CLOSURES:
Burlong Pool in the Shire of Northam is closed to public access for safety reasons until further notice.

FLOOD DETAILS: 
As at 19/02/2017 10:44:00 the Bureau of Meteorology advises recent heavy rainfall has led to flooding throughout the Avon River catchment. Upstream gauges in the Avon River catchment have peaked. Renewed river rises in downstream gauges are possible as flood peaks move downstream in the coming days.

Avon River to Beverley:
The Avon River at Beverley Bridge is currently at 1.46 metres and falling slowly.
The Avon River at Beverley Bridge is expected to remain below the minor flood level (1.50 m) during Sunday into Monday.

Avon River from Beverley to Northam:
The Avon River at Balladong Street York is currently at 1.72 metres and falling.
The Avon River at Balladong Street York will remain below the minor flood level
(2.50 m) during Sunday into Monday.
The Avon River at Northam Weir is currently at 0.65 metres and falling. The Avon River at Northam Weir will remain below the minor flood level (1.50 m) during Sunday into Monday.

Avon River from Northam to Toodyay:
The Avon River at Stirling Terrace Toodyay is currently at 2.41 metres and falling.
The Avon River at Stirling Terrace Toodyay is expected to remain below the minor flood level (2.50 m) during Sunday into Monday.

Latest River Heights:
Mooranoppin Creek at Mooranoppin Rock, 0.08, Steady, 10:00 AM SUN 19/02/17
Yilgarn River at Gairders Crossing, -0.03, Steady, 10:00 AM SUN 19/02/17
Lockhart River at Kwolyn Hill, 1.39, Steady, 08:00 AM SUN 19/02/17
Yenyening Lakes at Qualandary Crossing, 2.50, Steady, 06:15 AM SUN 19/02/17
Avon River at Beverley Bridge, 1.44, Steady, 10:00 AM SUN 19/02/17
Dale River at Waterhatch Bridge, 0.43, Steady, 09:00 AM SUN 19/02/17
Avon River at York, 1.72, Steady, 07:00 AM SUN 19/02/17
Avon River at Northam Weir, 0.65, Steady, 10:00 AM SUN 19/02/17
Mortlock River North at Frenches, 0.39, Steady, 10:00 AM SUN 19/02/17
Mortlock River at Odriscolls Farm, 0.96, Steady, 10:00 AM SUN 19/02/17
Avon River at Toodyay, 2.39, Steady, 10:00 AM SUN 19/02/17

This advice is also available by dialling 1300 659 213. Warning, rainfall and river information are available at www.bom.gov.au/wa/flood. The latest weather forecast is available at www.bom.gov.au/wa/forecasts.
 
Current river levels are available from Department of Water at www.water.wa.gov.au

For the latest flood information visit www.bom.gov.au/wa/flood or call 1300 659 213.

WHAT EMERGENCY SERVICES ARE DOING:
• DFES is monitoring the situation.
• Requests for assistance have been flood and storm related such as water inundation and roof damage.

IMPORTANT NUMBERS:
• For SES assistance call 132 500 
• In a life threatening situation call 000 
• For the latest flood information call 1300 659 213 or visit www.bom.gov.au/wa/flood       

KEEP UP TO DATE:
Visit emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins.

Updates will be provided when the situation changes.  
Publication Time: 19/02/2017 12:44 PM
Region: Goldfields Midlands

Slashdot: Slashdot Asks: Are Remote Software Teams More Productive?

(posted on Sunday February 19, 2017 at 12:34 AWST)

A recruiter with 20 years of experience recently reported on the research into whether remote software teams perform better. One study of 10,000 coding sessions concluded it takes 10-15 minutes for a programmer to resume work after an interruption. Another study actually suggests unsupervised workers are more productive, and the founders of the collaboration tool Basecamp argue the bigger danger is burnout when motivated employees overwork themselves. mikeatTB shares his favorite part of the article: One interesting take on the issues is raised by ThoughtWorks' Martin Fowler: Individuals are more productive in a co-located environment, but remote teams are often more productive than co-located teams. This is because a remote team has the advantage of hiring without geographic boundaries, and that enables employers to assemble world-class groups. The article shares some interesting anecdotes from remote workers, but I'd be interested to hear from Slashdot's readers. Leave your own experiences in the comments, and tell us what you think. Are remote software teams more productive?

Read more of this story at Slashdot.

DFES Emergency Alerts: ​Take action now for minor to moderate flooding in parts of the Blackwood River catchment in the Lower South West districts.

DFES Emergency Alerts (posted on Sunday February 19, 2017 at 12:06 AWST)

Category: Flood
Alert Summary: People in the Blackwood River Catchment need to take action now as minor to moderate flooding is expected Sunday into Monday. This includes people in Blackwood River at Old Nannup Caravan Park, Darradup and Gingilup as flood waters continue to move downstream to Augusta. Water will be fast flowing and levels will rise quickly.
Content:

People in the Blackwood River Catchment need to take action now as minor to moderate flooding is expected Sunday into Monday. This includes people in Blackwood River at Old Nannup Caravan Park, Darradup and Gingilup as flood waters continue to move downstream to Augusta.

Water will be fast flowing and levels will rise quickly.

WHAT TO DO: 

DFES advises you to:
• Watch for changes in water levels so you are ready if you need to evacuate.
• Pack a relocation kit together with your emergency kit.
• Relocate equipment and livestock so they do not get caught in floodwaters.
• Prepare pet food or stockfeed in case you cannot return home for a few days.
• Never walk, swim or play in floodwaters as they are dangerous.
• Do not go near storm drains and pipes, ditches and ravines, as they are dangerous.
• Stay out of rivers, this includes no swimming or kayaking.
• If you are a traveller do not park or camp adjacent to rivers.

IF DRIVING:
• Floodways and river levels may rise rapidly so be careful at crossings.
• Obey road closure signs and do not drive into water of unknown depth and current.
• Take care on gravel and unsealed roads as they may be slippery and muddy, and you could get bogged.
• If your car stalls in rising water, abandon it immediately and seek shelter above floodwater.

ROAD CLOSURES:
Radiata Road in the Shire of Nannup has been closed.

Road information may also be available by calling Main Roads WA on 138 138 or visiting www.mainroads.wa.gov.au or checking with your local shire.

FLOOD DETAILS: 

As at 19/02/2017 10:47:00 the Bureau of Meteorology advises elevated river levels and areas of flooding are likely to continue downstream of the Blackwood River at Old Nannup Caravan Park, Darradup and Gingilup as flood water continues to move downstream to Augusta.Blackwood River at Darradup was 6.29 metres and rising slowly. Blackwood River at Gingilup was 6.94 metres and rising slowly.Extremely rapid rises, unusual currents and fast flowing water may be hazardous to river users..

Blackwood River upstream of Bridgetown:
River levels are easing along the Blackwood River upstream of Bridgetown.

The Blackwood River at Bridgetown peaked at 4.01 metres around 07:00 am Friday.

17 February and is currently at 2.67 metres (minor flood level 3.50 m) and falling.

Blackwood River downstream of Bridgetown:
Minor flooding is occurring along the Blackwood River downstream of Bridgetown.

The Blackwood River at Old Nannup Caravan Park peaked at 6.87 metres (moderate flood level 7.00 m) around 11:45 am Saturday 18 February and is currently at 6.21 metres and falling.

The Blackwood River at Old Nannup Caravan Park is expected to remain above the minor flood level (5.50 m) overnight Sunday into Monday.
 
Current river levels are available from Department of Water at www.water.wa.gov.au

For the latest flood information visit www.bom.gov.au/wa/flood or call 1300 659 213.

WHAT EMERGENCY SERVICES ARE DOING:
• DFES is monitoring the situation.

IMPORTANT NUMBERS:
• For SES assistance call 132 500 
• In a life threatening situation call 000 
• For the latest flood information call 1300 659 213 or visit www.bom.gov.au/wa/flood       

KEEP UP TO DATE:
Visit emergency.wa.gov.au, call 13 DFES (13 3337), follow DFES on Twitter @dfes_wa, or listen to news bulletins.

Updates will be provided when the situation changes.  
Publication Time: 19/02/2017 12:01 PM
Region: Lower South West

Slashdot: Web Comic 'Pokey The Penguin' Celebrates Its 19th Anniversary

(posted on Sunday February 19, 2017 at 10:34 AWST)

It's one of the longest-running comics on the internet. (Slashdot is approaching its 20th anniversary, and in its first year ran two stories about Pokey.) Open source developer Steve Havelka of Portland, Oregon created the truly bizarre strip back in 1998 -- one legend says it was originally a parody of another comic drawn with Microsoft Paint -- and he's since sporadically cranked out 637 strips. Since 2010 he's also been publishing the cartoons in printed books, and this year launched an equally surreal page on Patreon identifying himself as "Steve Havelka, THE AUTHORS of Pokey the Penguin," offering supporters a "mystery item in the mail". Pokey has lots of fans -- he earned a shout-out in the videogame Hitman: Blood Money -- and very-long-time Slashdot reader 198348726583297634 informs us that on this 19th anniversary Pokey "is celebrating on Twitter!" where he's apparently accosting other web cartoonists and touting a new birthday strip. (Not to be confused with that truly horrible Pokey-goes-to-a-party movie created in Adobe Flash.) I'd like to hear from any Slashdot readers who remember Pokey the Penguin -- but I'm also curious to hear from Slashdot readers who have never read the strip. ComixTalk called it "one of those webcomics that really only exist because of the Internet -- it would be hard to see something like this in any other medium... there's just something about Pokey the Penguin that fits online."

Read more of this story at Slashdot.

Slashdot: Should International Travelers Leave Their Phones At Home?

(posted on Sunday February 19, 2017 at 08:34 AWST)

Long-time Slashdot reader Toe, The sums up what he learned from freeCodeCamp's Quincy Larson: "Before you travel internationally, wipe your phone or bring/rent/buy a clean one." Larson's article is titled "I'll never bring my phone on an international flight again. Neither should you." All the security in the world can't save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password... Companies like Elcomsoft make 'forensic software' that can suck down all your photos, contacts -- even passwords for your email and social media accounts -- in a matter of minutes.... If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they're getting their passport swiped... And with this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone -- and fighting for your privacy in court -- will be a completely moot point. The article warns Americans that their constitutional protections don't apply because "the U.S. border isn't technically the U.S.," calling it "a sort of legal no-man's-land. You have very few rights there." Larson points out this also affects Canadians, but argues that "You can't hand over a device that you don't have."

Read more of this story at Slashdot.

pfSense: XSS, GET and POST

(posted on Sunday February 19, 2017 at 07:54 AWST)

There is recent work converting pages in the pfSense software webGUI to use POST rather than GET. This work is scheduled to appear in pfSense software version 2.4.

While this work was spurred by the recent security issue that caused the pending release of pfSense software version 2.3.3, it isn’t specifically about closing XSS bugs. There are situations when you should use POST rather than GET, but just avoiding XSS isn’t one of them.  Even if what we’re talking about is XSRF, requiring POST doesn’t really protect the application. REST advocates would actually say that you shouldn’t just use GET in a web application, but rather that you should use POST, PUT and DELETE for the corresponding “CRUD” operations, operations that change the state of the application.

To specifically avoid XSS, a web app needs to escape and/or scrub content from users as appropriate.  To avoid XSRF, a web app has to require secret tokens on any side-effect causing operation that is potentially dangerous.  Note that is is a good idea to avoid using GET requests when passing secret tokens as this could result in them leaking in referrers.  Still, switching to post does help avoid XSS attacks.  As Wikipedia explains:

In HTTP GET the CSRF exploitation is trivial. For example, a simple hyperlink containing manipulated parameters and automatically loaded by a IMG tag. By the HTTP specification however, GET should be used as a safe method, that is, not significantly changing user’s state in the application. Applications using GET for such operations should be rewritten to use HTTP POST and/or use anti-CSRF protection.

Simplifying the above:

  • Use GET for read-only requests whenever possible. (pretty much whenever the query can fit in a URL)
  • Use POST (or PUT or DELETE, if feasible and appropriate) for write requests.

The process of conversion from using GET to POST has previously required a comprehensive re-write of the page, converting anchors into buttons and adding Javascript to handle the click event.  Jim Pingle recently found some code where someone had attempted to automate this in Javascript. While it was not suitable for what we needed, it sparked an idea, and that idea has now been implemented for pfSense 2.4.

The file pfSenseHelpers.js now contains code that intercepts clicks on anchor tags with the attribute “usepost” set. The target URL and the GET arguments are extracted from the event href attribute, and these are used to compose a new, temporary form with the previous arguments inserted as POST parameters.

Converting a page from GET to POST now only requires four steps:

  1. Replace $_GET with $_POST where appropriate
  2. Add the “usepost” attribute to anchors that have the href attributes set
  3. Fix any “if ($_POST)” instances (or similar)
  4. Test

Not all GET calls need to be replaced, in fact where the action involved is not harmful, such as “edit”, or “view” it is better to leave the GET or REQUEST in place. That way the action can be bookmarked and using the browser “Back” button is less frustrating.

Here is a simple example of a conversion:

Before:

<?php
  if ($_GET['act'] == "delete") {
    deleteGateway($_GET['id']);
  }

  if ($_POST) {
    if ($_POST['apply'] {
      write_nvram();
    } else {
      if (!save_config($id)) {
        $input_errors[] = "Something broke";
      }
    }
  }
?>

<a type="button" class="btn btn-danger" href="system_something.php?act=delete&id=<?=htmlspecialchars($id)?>" >
  <i class="fa fa-trash></i>
  <?=gettext("Delete")?>
</a>

After:

<?php
  if ($_POST['act'] == "delete") {
    deleteGateway($_POST['id']);
  }

  if ($_POST['apply']) {
    write_nvram();
  }

  if ($_POST['save']) { // The generic if ($_POST) is now if ($_POST['save'] to detect when the form is being saved
    if (!save_config($id)) {
      $input_errors[] = "Something broke";
    }
  }
?>

<!-- The "usepost" attribute is added to the anchor -->
  <a type="button" class="btn btn-danger" href="system_something.php?act=delete&id=<?=htmlspecialchars($id)?>" usepost>
  <i class="fa fa-trash></i>
  <?=gettext("Delete")?>
</a>

Most of the main body of pfSense software version 2.4 has been converted to use this scheme.  Now we need the help of the pfSense Community, to test the whole of the pfSense 2.4 web GUI, and file bugs on https://redmine.pfsense.org if inconsistent behavior is observed. Additionally, authors and maintainers of pfSense packages should convert their packages when possible.

We thank you in advance for your assistance and continued participation in the community around pfSense software.

Comments

Saturday February 18, 2017

Latest Kernel Versions: 4.9.11: stable

(posted on Saturday February 18, 2017 at 22:12 AWST)

Version:4.9.11 (stable)
Released:2017-02-18
Source:linux-4.9.11.tar.xz
PGP Signature:linux-4.9.11.tar.sign
Patch:patch-4.9.11.xz (Incremental)
ChangeLog:ChangeLog-4.9.11

Latest Kernel Versions: 4.4.50: longterm

(posted on Saturday February 18, 2017 at 23:39 AWST)

Version:4.4.50 (longterm)
Released:2017-02-18
Source:linux-4.4.50.tar.xz
PGP Signature:linux-4.4.50.tar.sign
Patch:patch-4.4.50.xz (Incremental)
ChangeLog:ChangeLog-4.4.50

Linux Mint: Monthly News – February 2017

(posted on Saturday February 18, 2017 at 20:28 AWST)

We’ve got a lot of news to cover this month and many exciting details to share with you. Before we get started, I’d like to take a minute to thank the people who help our project grow. Many thanks to all our sponsors and all the people who send donations to us, many thanks for funding us. Special thanks also to the administration team for their work on the forums this month, the many artists who joined and participate in the design team and of course to our developers for the fantastic work we do together.

Upcoming releases

The new stable ISOs for LMDE 2 “Betsy” should be released this week.

Cinnamon Spices

Work continues in the design team on revamping the authentication, comments and rating systems to make the website compatible with the Facebook, Google and Github APIs.

The development team continues to review and improve the Cinnamon spices. Obsolete applets/desklets/themes/extensions are being removed and buggy ones are being fixed on a daily basis. Some themes which were extremely popular in the past but which hadn’t been updated for years (some of them since 2012) were updated to work with Cinnamon 3.2.

We’re getting very close to a fully functional collection of spices and thanks to the integration with Github and the automated delivery system we don’t expect spices to lag behind Cinnamon in the future anymore. Any changes required for spices to be compatible with an upcoming Cinnamon release can now be implemented directly by the development team, so spices can and should support future versions of Cinnamon even before they are released.

Bluetooth

Bluetooth is going to be much better in Linux Mint 18.2.

Here is what the new Blueberry user interface looks like:

As you can see, a stack switcher was added in the toolbar and new settings were added to the application:

OBEX file transfers are now supported out of the box, so you can send files very easily over Bluetooth to your computer from any remote device.

An option was added also so you can change the Bluetooth name of your computer. That name usually defaults to your hostname or to “mint-0” and many people don’t know how to change it via the command line.

Last but not least, in addition to its cross-desktop system tray, Blueberry now provides a Cinnamon applet which uses symbolic icons and looks similar to other status applets, such as the power, sound or network applets. When this applet is present, the tray icon is hidden.

Xed

A lot of work went into Xed, the generic text editor.

“Word wrap” was made more accessible and added to the menu, so you can enable/disable that function without going in the Xed preferences.

You can also select a few lines and sort them by pressing F10, or using “Edit -> Sort Lines”.

You can now zoom in and out with the menu, keyboard shortcuts or even the mouse wheel to modify the size of the text.

The search now supports regular expressions.

You can now switch between tabs with the mouse wheel.

Python extensions are now supported and porting Gedit 3 extensions to Xed is very easy.

And as you might have noticed in the screenshot above, Xed features really exciting visual improvements. For instance, it comes with smart side and bottom bars which automatically adjust to the loaded content and which you can hide or show with a click of a button.

The ability to prefer dark themes was added, so if you’re using Mint-Y-Darker for instance, you can select whether your text editor should be light or dark.

Xplayer

The media player, Xplayer, also received improvements to its user interface.

All the controls and the seeker bar were placed on the same line and the statusbar was removed to make the application more compact.

You can now control the playback speed with the same keyboard shortcuts as in MPV, so you can make your own slow motion replays, or watch lengthy matches in about half the time it would take.

Subtitles files are now loaded automatically but subtitles are also now hidden by default. You can switch them ON or OFF, or cycle through subtitles tracks by pressing “S” on the keyboard.

You can also cycle through audio/language tracks by pressing “L” on the keyboard.

The OSD (on-screen display) was fixed and now shows the audio track or subtitle track or playback speed you selected, or your position in the movie when seeking forward or backward.

Many bugs were fixed and just like in Xed, the ability to prefer dark themes was added.

Sponsorships:

Linux Mint is proudly sponsored by:

Platinum Sponsors:
Private Internet Access
Gold Sponsors:
Linux VPS Hosting
Silver Sponsors:

Acunetix
Sucuri
Bronze Sponsors:
Vault Networks *
AYKsolutions Server & Cloud Hosting
7L Networks Toronto Colocation *
Goscomb
BGASoft Inc
David Salvo
Milton Security Group
Sysnova Information Systems
Community Sponsors:

Donations in January:

A total of $9,670 were raised thanks to the generous contributions of 483 donors:

$1337 (2nd donation), Shawn C aka “citypw
$108, Oliver Z.
$108, Paul S. E. aka “Paul”
$100 (13th donation), Anon.
$100 (4th donation), Billy Bob Roach
$100 (2nd donation), Nathalie W.
$100 (2nd donation), Bruce H.
$100, William W.
$100, Philip T.
$100, Harold H.
$100, Don Jr.
$77 (19th donation), Wolfgang P.
$75, Roger R.
$75, Fabiano P.
$65 (2nd donation), Jonas H.
$60, Frank R.
$60, James L.
$59, Thomas Ö.
$54 (5th donation), Claude M.
$54, Josef S.
$54, Arnold D.
$54, Stefan P.
$54, Fernando M. R.
$54, Xtant Logic Ltd aka “Xtant Audio
$53 (2nd donation), Jorge R. R.
$50 (24th donation), Go Live Lively
$50 (8th donation), Andrew M.
$50 (6th donation), Robert H. B.
$50 (5th donation), Christopher D.
$50 (3rd donation), José W. F. J.
$50 (2nd donation), George M.
$50 (2nd donation), Tod D.
$50 (2nd donation), Fred W.
$50 (2nd donation), Robert E. H.
$50, Juei C. C.
$50, Tom D.
$50, Allen G.
$50, George V. R.
$50, Mark F.
$50, Steven Hodder
$50, Charles W.
$50, Craig D.
$50, Roderick W.
$44.8, Systemutvikler R. S.
$40.78 (2nd donation), Steve W.
$40 (4th donation), Tomas S.
$40, Kamil R.
$40, Arvid R.
$38, Ingolf B.
$35 (4th donation), Joe K.
$35 (3rd donation), Jeff S.
$35, Toby L.
$35, Ursula C.
$32 (83th donation), Olli K.
$32 (3rd donation), Lars-gunnar S.
$32 (2nd donation), Ian W.
$32 (2nd donation), Tommaso P.
$32 (2nd donation), Mark W.
$32, Michael H.
$32, Arnd S.
$32, Christian M.
$30 (10th donation), Geoff_P
$30 (3rd donation), Jason H
$30 (3rd donation), Tony V. aka “Troot
$30 (3rd donation), Bruce N.
$30, Mark D.
$28 (2nd donation), Dirk S.
$27 (5th donation), Roger D. P. aka “Linux Users Group Monitor Niel
$27, Andre C.
$27, Matthias H.
$27, Thierry B.
$27, Roman L.
$25 (66th donation), Ronald W.
$25 (11th donation), Jaan S.
$25 (7th donation), Larry I.
$25 (5th donation), Jeffery J.
$25 (4th donation), Michael W.
$25 (3rd donation), John C.
$25 (2nd donation), Michael K. S.
$25 (2nd donation), Ian P.
$25 (2nd donation), Stephen M.
$25, Ricardo G.
$25, Juan D.
$25, Michael C.
$25, Blair N.
$25, Graham D.
$25, Andrei P.
$25, Pacific Autotronic Systems, LLC
$25, David W.
$25, Frank R. J.
$23, Andreas E.
$22 (9th donation), Doriano G. M.
$22 (7th donation), Theo Stauffer aka “Theo”
$22 (7th donation), Alessandro P.
$22 (7th donation), Pentti T.
$22 (4th donation), Michael S.
$22 (3rd donation), Matthew Butler aka “goldberg@mint”
$22 (3rd donation), U. Flad aka “Duc Racer”
$22 (3rd donation), Alan R.
$22 (2nd donation), John A.
$22 (2nd donation), Stephan B.
$22 (2nd donation), Nurettin G.
$22 (2nd donation), Tony L. aka “tone39”
$22 (2nd donation), Zahari D. K.
$22, George P.
$22, Marcel H.
$22, Mark G.
$22, Andreas M.
$22, Carsten K.
$22, Craig M.
$22, Henricus V. L.
$22, Tamas K.
$22, Clemens H.
$22, Wolfgang H.
$22, Nikolaus N.
$22, Bruno C.
$22, Didik S.
$22, Peter L.
$22, Olivier J.
$22, Bruno Z.
$22, Tommi R.
$22, Tor A. N.
$22, Xavier Holzl aka “XavierHolzl”
$22, Monika M.
$22, T. H.
$22, Patrick H.
$22, Alberto M. H.
$22, Richard D.
$22, Carlos L. D. C.
$22, Stefan N.
$22, Erno I.
$22, Juan R.
$22, TOnline LDA
$21, Andrzej O. aka “Mintyman”
$20 (5th donation), James A.
$20 (4th donation), Ray P.
$20 (4th donation), Dave G.
$20 (4th donation), Greg W.
$20 (3rd donation), Larry P.
$20 (3rd donation), Peter R.
$20 (3rd donation), Vaughan B.
$20 (2nd donation), Stratis G.
$20 (2nd donation), Petra T.
$20 (2nd donation), Shakeel A.
$20 (2nd donation), Steven J.
$20 (2nd donation), Edward C.
$20, Barbara B.
$20, Jonathan M.
$20, Daniel O.
$20, Lyle O.
$20, Bill M.
$20, Precision P.
$20, Rodney T.
$20, Heath P.
$20, Zeshan B.
$20, Batuhan B.
$20, Michael K.
$20, Alexander Z.
$20, phaendal
$20, David T. aka “Crimson”
$20, Glenn C.
$20, David C.
$20, Zhichang Y.
$20, Lance B.
$20, Charles G.
$20, Dirk H.
$20, Stephen M.
$20, TJ Nelson
$20, James C.
$20, Michael H.
$20, Ashley S.
$20, Jeffrey J.
$20, Andrew S.
$20, Willows A. S. M. C.
$20, Greta G.
$20, Casey Melcher
$20, Qicai Z.
$19, Alejandro S.
$18.5 (6th donation), Marcin Ziółkowski aka Mario Nesta
$17, Lucian B.
$16 (5th donation), Carsten Wehner
$16 (2nd donation), Klaus K.
$16, Patrick S.
$16, Domenico M.
$16, Rob T.
$16, John H.
$16, Hannah V.
$15 (4th donation), Dental SEO Services
$15 (4th donation), Stephen C.
$15 (3rd donation), Vero Beach Dentist
$15 (3rd donation), Tyler B.
$15 (2nd donation), Kirk W.
$15, Mauricio López aka “damonh”
$15, Benjamin P.
$15, Caroline R.
$15, Delaney C.
$13.37, Smiling Cactus Gifts, LLC
$13 (9th donation), Anonymous
$13, Lucas B.
$13, Theofanis-Emmanouil T.
$13, Sigrid K.
$13, Alexandru D.
$12 (70th donation), Tony C. aka “S. LaRocca”
$12 (16th donation), Jobs Hiring Near Me
$12 (9th donation), Stefan M. H.
$12 (5th donation), Raymond M. (retired)
$11 (8th donation), Hans P.
$11 (7th donation), Queenvictoria
$11 (5th donation), JCSenar – linuxirun.com
$11 (4th donation), Tomi P.
$11 (4th donation), Francois B. aka “Makoto
$11 (4th donation), Marcin Bojko
$11 (3rd donation), Lance M.
$11 (3rd donation), Vladimir I.
$11 (3rd donation), Rajesh Nair aka “Nair”
$11 (2nd donation), Jean C. A.
$11 (2nd donation), Ueli L.
$11 (2nd donation), Sven-uwe U.
$11 (2nd donation), Alessandro L.
$11 (2nd donation), Alexandre W.
$11 (2nd donation), Luc B.
$11 (2nd donation), Jan S.
$11 (2nd donation), Franz W.
$11 (2nd donation), Andreas P.
$11 (2nd donation), Alexander Lang
$11, Günter L.
$11, Rosenberger
$11, M B. R. aka “embien”
$11, Trent R.
$11, Heinz L.
$11, Stamatis G.
$11, Christian F.
$11, Edel H.
$11, Teodar G. K.
$11, Timo R.
$11, Christos T.
$11, Frans S.
$11, Håkan K.
$11, Alejandro S. A.
$11, Karel B.
$11, Sybren S.
$11, Nezamaev D.
$11, Attila V.
$11, Bernd T.
$11, Andre H.
$11, Roland K.
$11, Jozsef T.
$11, Florian B.
$11, Morgane R.
$11, Hermanus V.
$11, Bruno V.
$11, Petri A.
$11, Slavo
$11, Gabor S.
$11, Uwe K.
$11, Sven B.
$11, Carsten S.
$11, Hans-werner B.
$11, Dirk S.
$11, Niko C.
$11, Grégoire H.
$11, Gerhard S.
$11, Csaba N.
$11, Arkadijs K.
$11, Christoph D.
$11, Dimitrios P.
$11, Birger T.
$10 (14th donation), Thomas C.
$10 (10th donation), Larry J.
$10 (8th donation), Antoine T.
$10 (8th donation), Hormis K.
$10 (7th donation), Michel C.
$10 (6th donation), Curtis M.
$10 (6th donation), Frank K.
$10 (5th donation), Car Rentals Near Me
$10 (5th donation), Richard L. S.
$10 (5th donation), Paul O.
$10 (4th donation), Car Rentals Near Me
$10 (4th donation), anonymous aka “victorsk”
$10 (3rd donation), Agenor R.
$10 (3rd donation), Stephen C.
$10 (3rd donation), G&A
$10 (3rd donation), Egil J.
$10 (3rd donation), Gaston B.
$10 (2nd donation), William B. Z.
$10 (2nd donation), Sergio D. M. F.
$10 (2nd donation), Allen G.
$10 (2nd donation), Martín P. D. L. G.
$10 (2nd donation), Lars Händler
$10 (2nd donation), John W.
$10 (2nd donation), Paul K.
$10 (2nd donation), Zbigniew D.
$10 (2nd donation), Terrance G.
$10 (2nd donation), Davor T.
$10 (2nd donation), Norman E.
$10, Roman K.
$10, Errol M.
$10, Lauri L. J.
$10, Dirk D.
$10, Michael G.
$10, Roy D.
$10, Willem V. S.
$10, DomDagen aka “DomDagen”
$10, Kevin K.
$10, Ed L.
$10, Fauz E
$10, Santiago A.
$10, Paul H.
$10, Stephen F.
$10, Kovalev A.
$10, Robert M.
$10, Peter B.
$10, Headphonesrepair.com
$10, Steven J.
$10, Dale G. J.
$10, Michael B.
$10, Massimo I.
$10, Michał S. aka “Ribald
$10, Chuck Carey
$10, Marcio P.
$10, Donald P.
$10, Tolstenko Ilya
$10, Bob W.
$10, Andereh H.
$10, Yoichi N.
$10, Greg K.
$10, Cody T.
$10, Jeff H.
$10, 高山 公一郎
$10, Zhidkov A.
$10, Gary P.
$10, Alastair M.
$10, Kasper W.
$10, Keith H.
$10, Alfred F.
$10, Lowell D.
$10, Steven M.
$10, Brian W.
$8 (2nd donation), Helmut S.
$8, Sergey M.
$7.5 (2nd donation), L L.
$7.25, Andrzej P.
$7 (7th donation), CV Smith
$7 (2nd donation), Conrado G.
$7 (2nd donation), Von L.
$7 (2nd donation), Andre J.
$6 (2nd donation), Oliver Q. aka “oqv”
$6, Mark W.
$6, Monika L.
$5 (29th donation), LM aka “LinuxMint
$5 (10th donation), Eugene T.
$5 (7th donation), Snorri Gylfason
$5 (6th donation), Risikolebensversicherung-Vergleich
$5 (5th donation), Korneliusz M. aka “audiokor
$5 (5th donation), Cathi I.
$5 (4th donation), Dean A. aka “LinuxGeek”
$5 (4th donation), Olaf B.
$5 (3rd donation), Gabriele S.
$5 (3rd donation), Paweł B.
$5 (3rd donation), Dirk M.
$5 (3rd donation), Andre Cardoso
$5 (3rd donation), Arnold
$5 (3rd donation), kuponiarnia.pl
$5 (3rd donation), Vladimir U.
$5 (2nd donation), Bhavinder Jassar
$5 (2nd donation), Dmitry P.
$5 (2nd donation), Pau S. F.
$5 (2nd donation), Rodolfo B.
$5 (2nd donation), Michael C.
$5 (2nd donation), Kārlis M.
$5 (2nd donation), Crossword Solver
$5 (2nd donation), Richard A.
$5, Robert G.
$5, John D. aka “siliconjohn”
$5, Weyman S.
$5, Sourav B. aka “rmad17
$5, Matthew O.
$5, aka “Cachafaz”
$5, Edward S.
$5, Fabian Peter Hammerle
$5, Mattias W.
$5, Voicu R.
$5, Jesus F. E. F.
$5, Richard K.
$5, Julius K.
$5, Christoph C.
$5, Giorgio F. L.
$5, Andre A.
$5, Adrien R.
$5, Hans H.
$5, Gyu H. O. aka “karistuck
$5, Hans-peter P.
$5, John C. M.
$5, Jose A. S. S.
$5, Damian C.
$5, Arturas C.
$5, Juan P.
$5, Samuel aka “LEGOlord208
$5, Mika J.
$5, Emanuele S.
$5, Jozo M.
$5, Yehuda D. aka “uda
$5, Khaled M.
$5, Bartłomiej L.
$5, Otto Skultety aka “ottos”
$5, Simonetta E.
$5, Olivier R.
$5, Jamie P.
$5, Jerzy D.
$5, Robert T.
$5, Reuben R.
$5, Ivan K.
$5, Krzysztof G.
$5, Francisco G. P.
$5, Vadimír P.
$5, Sasha S.
$5, Ivan B.
$4, Agnieszka Z.
$3.78 (6th donation), Matthew B.
$3.75 (7th donation), Matthew B.
$3.5 (2nd donation), Another Canadian happily enjoying Linux
$3 (26th donation), Kouji K. aka “杉林晃治
$3 (9th donation), elogbookloan
$3 (5th donation), Marko Jagodić
$3 (3rd donation), Rajalaptop
$3, Oscar C. G.
$3, https://msfindom.com
$3, Gumersindo M. D.
$3, 1 CUP AWESOME
$3, Zhbanov O.
$3, Michal L.
$3, Clara G. G.
$3, Joywebstudio
$3, Aldonin S.
$2.5, Suhartas
$2.5, Catalin C. aka “Canizares”
$2 (3rd donation), Mansur S.
$2 (2nd donation), Timothy B.
$2 (2nd donation), AlephAlpha
$2, Зайцев П.
$2, GoCamp24
$2, Zakharov M.
$2, Shishio’s Place
$40.2 from 40 smaller donations

If you want to help Linux Mint with a donation, please visit http://www.linuxmint.com/donors.php

Rankings:

  • Distrowatch (popularity ranking): 2785 (1st)
  • Alexa (website ranking): 4134

Comments

Friday February 17, 2017

Ubuntu Security Notices: Snapcraft 2.27 has been released

(posted on Friday February 17, 2017 at 23:39 AWST)

Hello snapcrafters!

We are pleased to announce the release snapcraft 2.27:
https://launchpad.net/snapcraft/+milestone/2.27

Contributions

This release has seen some contributions from outside of the snapcraft core team, so we want to give a shout out to these folks, here’s a team thank you for:

  • Colin Watson
  • John Lenton
  • Kit Randel
  • Loïc Minier
  • Marco Trevisan
  • elespike

New in this release

Faster iteration

This release brings in many features to speed up development and iteration, the biggest under the covers improvement is caching of stage-packages works correctly again succesive pull steps including a repeated set of stage-packages will be a breeze.

The other improvment is that delta uploads are now possible, it is currenly disabled but can be toggled by a feature flag in the environment, just set DELTA_UPLOADS_EXPERIMENTAL=1 and enjoy the benefits. The tentative plan is for this to be the default in snapcraft 2.28

classic confinement

Improvements have been made to the experimental classic confinement build setup to be more robust and reliable. These improvements allow to build classic confined snaps that work across a wider set of OS releases (particularly those with differing glibc versions). An early adopter of this work is conjure-up which now sports Trusty Tahr support. Learn more about conjure-up by visiting http://conjure-up.io/

python plugin

The python plugin has also received some attention with regards to classic confinement. Most importantly it now does not leak any variables specific to the plugin into the environment.

Another improvement that has been made is that the plugin is now capable of detecting already staged interpreter instances and use that instead of providing one itself. This allows one to choose their own interpreter (which is important for classic confined snaps until the core snap implements use of –library-path for ld).
Making use of your own interpreter is really easy as it uses the common language already implemented in snapcraft (the plugin is just now smarter), here’s a snippet:

parts:
my-python-app:
source: ...
plugin: python
after: [python]
python:
source: https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
plugin: autotools
configflags: [--prefix=/usr]
build-packages: [libssl-dev]
prime:
- -usr/include

And with that you get to use python 3.6.0 in your snap!

CI builds

Previous to snapcraft 2.27 it was not possible to build on non snapd enabled environments as the core snap needs to be available on the system where the classic confined snap is to be built. From this version onwards it should be possible to build classic confined snaps either with cleanbuild or Launchpad builders as snapcraft is hinted about the environment and sets up core accordingly.

Building on other lxd remotes

A simple but useful feature is offloading builds to different instances, with that in mind one can now offload cleanbuild executions onto other lxd remotes. It is as simple as

snapcraft cleanbuild --remote my-remote

To create my-remote just follow the setup instructions on https://linuxcontainers.org/lxd/getting-started-cli/#multiple-hosts

Setting up environment

No more wrapper scripts just to setup on environment entry, this is now tied into an app entry in apps. Here’s a quick example:

apps:
vim:
command: bin/vim
environment:
VIMRUNTIME: $SNAP/share/vim/vim80

Releasing to channel tracks

Releasing to tracks worked out of the box, this is a user experience improvement on the result one sees when trying do to so.

If you are wondering what tracks are, here’s a simple explanation, they are like a Long Term Support channel added to your regular stability level channels (i.e.; stable, candidate, beta, edge), this is useful for cases where some users need to stick to a major version number such as the case of etcd where some might want to stick to 2.3 while others are happy with tracking latest (which is an implicit track).

From a snap developer point of view, here’s how to push and release to edge on the 0.2 track,

$ snapcraft push hello_0.3_amd64.snap --release 0.2/edge
Pushing 'hello_0.3_amd64.snap' to the store.
Uploading hello_0.3_amd64.snap [==============================================] 100%
Ready to release!
Revision 3 of 'hello' created.
Arch Track Series Channel Version Revision
amd64 0.2 16 stable - -
candidate - -
beta - -
edge 0.3 3

And here’s how you would release,

$ snapcraft release hello 3 0.2/beta
Arch Track Series Channel Version Revision
amd64 0.2 16 stable - -
candidate - -
beta 0.3 3
edge 0.3 3

The ‘0.2/beta’ channel is now open.

Others

For the full list of things available on 2.27 feel free to check https://launchpad.net/snapcraft/+milestone/2.27

Final Notes

To get the source for this release check it out at https://github.com/snapcore/snapcraft/releases/tag/2.27

A great place to collaborate and discuss features, bugs and ideas on snapcraft is snapcraft@lists.snapcraft.io mailing list or on the snapcraft channel on Rocket Chat https://rocket.ubuntu.com/channel/snapcraft

To file bugs, please go to https://bugs.launchpad.net/snapcraft/+filebug.

Happy snapcrafting!
— Sergio and the team

Comments

Ubuntu Security Notices: MWC17: The Future of Wireless Networks

(posted on Friday February 17, 2017 at 18:00 AWST)

The telecom industry is not as buoyant as it was some years back. Telecom operators ‘ revenues are under pressure due to innovations from over the top players. Costs are spiralling out of control because of 4/5G deployments, fibre to the premise, social networking data explosions, 4K video streaming, IoT and more. Time to market was always measured in months, not days or hours.

What if all of this can be changed for the better? What if costs can be reduced exponentially? What if time to market can be expressed in minutes? What if telecom startups can help create thousands of new ideas and solutions that are generating new revenues? What if we can make telecom innovation the new “sexy” trend for 2017?

Impossible?

In the beginning of 2016 it looked impossible that software defined radio would be something that excited people. The collaboration between Lime Micro and Canonical changed that. The LimeSDR is the first software defined radio that can be programmed via open source apps, called snaps, that anybody can download from an app store. There are now multiple thousands of developers who have or shortly will receive their LimeSDR. They will be able to create all types of protocols and share them among the community. LTE, LoRa, Bluetooth, ZigBee and many more. Even invent their own protocols. Generation Y, the millennials, are discovering that wireless innovation is fun.

To make sure these new diamonds of wireless innovation are not lost upon us, we need to provide them with a market. That market will be created via the launch of open source production-ready base stations with app stores. We really liked how the last crowdfunding campaign created a community of innovators. That is why we will after Mobile World Congress launch the first telecom production-ready hardware crowdfunding campaign, called LimeNet.

Why open source the design for base stations?

As stated before, telecom operators have their costs spiralling out of control. Base stations need to become dramatically cheaper because with future protocols like 5G we will have exponentially more of them. Not only the price of a base station needs to go down, but also the total cost of ownership. Everything from who deploys, maintains and supports base stations, how and where will be put into question.

Why app stores on base stations?

The first reason is to decide what software you want to use. We are open sourcing the hardware but we want to see both open source and commercial software compete. The value is in software defining base stations. Just like on your mobile phone, some apps will be free and others are paid for or have in-app purchases.

If telecom innovators can make money by selling solutions to both telecom operators and their customers then more new revenue generating solutions will be launched. Installing these solutions via apps from an app store, makes it an easy and quick process. In minutes you can go from nothing to a working solution that automatically integrates with other apps and back-end systems.

What about security and manageability?

The number one Cloud operating system in the world is Ubuntu. Canonical has taken the same Ubuntu that is being used by Netflix, Uber, AirBnB, Snapchat and many others and shrunk it down to Ubuntu Core. We introduced lots of changes to make running third-party apps, called Snaps, secure and transactionally upgradeable. This means that if something goes wrong you can roll back to the previous working version. You can implement DevOps for Devices and continuously roll out new updates and functionalities in a controlled way. Any time a security issue arises, it can be easily patched. Snaps are contained, hence bugs or exploits don’t affect the other snaps or the operating system.

What about telecom software?

On MWC we will showcase LTE stacks from companies like Amarisoft and Eurecom/ OpenAirInterface, as well as EPC solutions from Quortus. Telecom solutions will no longer need a lengthy RFP process. You just download the Snap from the Brand Store, test it and you are ready for roll-out. Procurement of software should be based on features, quality and fit for purpose. This process should be measured in days at most. Not months or sometimes years. In a world of integrations in minutes, you will be able to change your mind. To allow everybody to be able to run a complete 4G network,  Eurecom and Canonical have enabled an open software ecosystem for 4G-ready networking powered by OpenAirInterface and Canonical model-driven NFV solution that can be deployed as network apps on any cloud and easily integrated into the new base station with a snap.

Where can I get the LTE-ready open source apps?

Today, OpenAirInterface develops an ecosystem for open source software/hardware development for the core network (EPC) and access-network (EUTRAN) of 3GPP cellular networks. It  offers a 5G Cellular Stack based on commercial off-the-shelf (COTS) hardware that can be used as legacy packages, Juju Charms, and Ubuntu Core Snaps.

Will telecom operators be the only enterprises buying and running base stations?

The answer will be “definitely NOT”! We will be showcasing solutions from Telet Research and Soracom that allow others to run base stations and telecom infrastructure as well.  In a software defined world, we can make deployment of private mobile infrastructure as simple as rolling out WiFi. With the arrival of unlicensed and licensed shared access (LSA) spectrum, small cells can be remotely configured as a managed service, just as you can buy cloud compute and storage. IoT SIM cards and IoT specific value added services, capable of operating on private and existing mobile networks  will be available for purchase in quantities as small as one. Hotels and homes that currently have poor or non-existent mobile coverage  be able to guarantee perfect coverage, even if their telecom operator doesn’t.  Meeting rooms underground should have perfect coverage. Rural communities should be able to deploy their own networks. Industrial consortiums as well. Networks don’t have to be for mobile, they can be for any type of smart device.

Multi Operator Neutral Host (MONeH) solutions offer a highly advantageous business model; they are quicker and less expensive to set up, yet manage to provide coverage for multiple operators in areas where conventional macro network builds simply are not cost effective or are not appropriate (such as in Areas of Outstanding Natural Beauty).   These solutions are not limited to just mobile services – they can also offer Fixed Wireless Broadband and 5G IoT services on the same SDR-based small cells.

IoT-Ready and New Revenue Generating

Soracom will showcase IoT SIMs that can go into low cost NB-IoT or LTE-M type of devices such as the 5-network FiPy from Pycom.

What about using custom protocols for new types of devices. Spur is a great example of how a hotel, bank or any consumer facing business that runs their own base station could install a Spur Snap to also have immediate feedback on service quality.

The traditional innovation killer: OSS integrations

In a telecom world where every service needs to be integrated into billing, call centre support, inventory management, workflow management and lots of other systems, an app store which allows you to launch thousands of new services each year needs a new way of thinking as well.

Supporting devices with lots of different app solutions from many vendors, requires IoT cloud native support platforms. RevTwo will be demoing theirs. The best of cloud, mobile and IoT all into one support platform.

Billing has been traditionally very challenging as well, particularly at the edge of the network. Most billing systems are centralised, expensive and are hard to scale and protect from tampering. IOTA’s next-generation Blockchain solution resolves this and allows for billing systems to be build in a distributed manner in which adding more base stations makes the complete system more scalable, resilient, tamper-proof and above all: free of fees. Each base station will be part of a distributed ledger. Unlike traditional Blockchain, IOTA can do fast transaction handling without fees, endure glitchy connectivity from main net and scale, which they will demo on the booth.  

Sometimes things break in a network or have to be upgraded and you will have to dispatch people or take automatic repair actions. To show you how this works the effortless Salesforce IoT Cloud integration and solutions will be demoed.

What will open source base stations look like?

In a software defined world the answer can be: “Totally Different”! SocialVend will be demoing what the new base stations will look like when you combine them with their vendmini™. Experience Social Telecom Vending on MWC in which a vending machine becomes a base station, provides you with SIMs, allows you to top up your balance and via an app store can do a million things more.

Come and see us at MWC2017 in Hall 3
Come and see the future of wireless networks at the Ubuntu booth in Hall P3 – 3K31. Book a meeting with our executive team.

Comments

Netcraft: Hackers still exploiting eBay’s stored XSS vulnerabilities in 2017

(posted on Friday February 17, 2017 at 17:49 AWST)

Fraudsters are still exploiting eBay's persistent cross-site scripting vulnerabilities to steal account credentials, years after a series of similar attacks took place. Worse still, many of the listings that exploited these vulnerabilities remained on eBay's website for more than a month before they were eventually removed.

All of the attacks stem from the fact that eBay allowed fraudsters to include malicious JavaScript in auction descriptions. Previous attacks exploited this vulnerability to place malicious redirect code on high-value vehicle listings, with the intention of stealing login credentials from other eBay members, whose accounts could then be used to list even more fraudulent vehicle listings.

But fraudsters are now using malicious scripts on a wide variety of lower-value items, including legitimate listings that had already been posted from reputable eBay accounts. Fraudsters have seemingly compromised these accounts and appended additional information to many of the members' existing listings – and this is where the malicious JavaScript is placed.

As can be seen below, the cybercriminals even used listings of dental tools to extract credentials from their victims, bypassing eBay's toothless listing policies in a similar way to the attacks that took place a few years ago.

A compromised listing for a dental tool from a Chinese seller as it appeared in eBay search results.

A compromised listing for a dental tool from a Chinese seller as it appeared in eBay search results.

Clicking on the above listing took the user to the following page, which included malicious JavaScript that had been injected by the fraudster:

The malicious listing is displayed for only a split second

The malicious listing is displayed for only a split second

But the malicious code in this listing executes as soon as the page has loaded, which causes it to be displayed for only a split second. In the blink of an eye — and without any further interaction — the victim is redirected to a spoofed login form:

In the blink of an eye, the victim is redirected to a very-convincing spoof login form.

In the blink of an eye, the victim is redirected to a very-convincing spoof login form.

Victims are unlikely to expect a phishing form to appear as a result of clicking on an eBay search result, and so the efficacy of these attacks is likely to be far greater than the average phishing scam. Allowing listings to include arbitrary JavaScript not only facilitates this type of fraud, but also allows fraudsters to capitalize on the trust instilled by the eBay website.

In this particular example, the malicious code injected by the attacker was obfuscated to make its purpose less apparent – possibly to get around any text-based content filters implemented by eBay. The obfuscated script is used to load a much larger JavaScript payload from an external location at user54631.vs.easily.co.uk/v.js (this script, which was hosted by Easily, has since been removed).

Lightly-obfuscated malicious JavaScript as it appeared in an eBay listing

Lightly-obfuscated malicious JavaScript as it appeared in an eBay listing

The externally-hosted script redirected victims to a data URI, which is another trick sometimes used by cybercriminals: The Base64-encoded address makes it difficult for victims to report such attacks, as by this point, the page is ostensibly not hosted anywhere.

When the victim submits his username and password, the credentials are transmitted to a script at daviddouglas.co.uk/session.php?/ws/eBayISAPI.dll?co_partnerId=2&siteid=3&UsingSSL=1 (which has also since been taken down). This PHP script receives the victim's credentials and then immediately redirects the victim to a page on the genuine eBay website, giving the impression that the listing that the victim originally attempted to visit is no longer available:

The victim is redirected to a non-existent listing after his credentials have been stolen.

The victim is redirected to a non-existent listing after his credentials have been stolen.

The victim may not realise it — as his browser never showed the address of any externally hosted websites — but at this point, his credentials will have already been stolen by the fraudster's PHP script.

The fraudsters behind these attacks can attempt to monetize these stolen credentials by selling them to other fraudsters, or use them to propagate malicious code into even more listings. In the dental tool example, malicious JavaScript was added to the listing on 8 December 2016, and remained there until late January 2017, giving the fraudster more than a month and a half to exploit the vulnerability.

The malicious script (not visible) was added on 8 December 2016, and eBay continued to serve it for a month and a half.

The malicious script (not visible) was added on 8 December 2016, and eBay continued to serve it for a month and a half.

The compromised seller account involved in the above attack had over a thousand of its listings infected with malicious JavaScript, many of which flew under eBay's radar for more than a month, despite having obvious malicious intentions. The only deterrent is eBay's JavaScript policy, which disallows the use of JavaScript redirects – but this is evidently not entirely effective, as it failed to prevent it being exploited for extended periods, and fraudsters will obviously not care about breaking policies that are not proactively enforced.

These latest listings were reported to Netcraft by "Jaco Bustero". Although this pseudonym is very similar to "Buster Jack" — who discovered a series of related scams in 2014 — they are, in fact, different people in the UK. Both hide behind pseudonyms because of valid concerns about their own safety – for instance, Buster Jack's efforts to combat vehicle fraud have earned him several death threats from the perpetrators of these crimes.

But fortunately, the end of script-based attacks may soon be in sight on eBay. In an effort to make its listings mobile-friendly, eBay plans to limit the use of active content (such as JavaScript) at some point in 2017, before eventually blocking it altogether. If this is implemented as a technical control (for example, by using iframes with Content Security Policy and sandbox restrictions), then such attacks should become impossible to carry out against modern browsers.

The most recent attacks have taken place over the past 12 months, after eBay had responded to 'previous reports' of JavaScript-based attacks, when it claimed not to have found any fraudulent activity stemming from these cross-site scripting vulnerabilities.

In some cases, it could be that eBay is simply unaware of the fraud it is facilitating. When one customer phoned eBay Trust & Safety to report these redirect attacks, the eBay handler was unable to see the redirection due to security settings on their internal systems. Consequently, reporting such vulnerabilities to eBay can prove frustrating, as well as fruitless: When Jaco posted a similar warning to the eBay Motors community forum, he claims his message was quickly deleted.

A year ago, we predicted that it would be difficult to prevent this type of fraud when listings are still able to include arbitrary JavaScript. With these recent attacks proving eBay's interim measures are still insufficient to prevent abuse, only technically-enforced controls on the execution of JavaScript will finally put a stop to this fraud.

SC Magazine: RSA cyber chief 'encouraged' by Aussie govt's focus

(posted on Friday February 17, 2017 at 14:50 AWST)

Looks to cyber security strategy for industry opportunities.

SC Magazine: Slick phishing campaign targets NSW govt suppliers

(posted on Friday February 17, 2017 at 13:30 AWST)

Aims to harvest tendering credentials.

SC Magazine: Samsung chief arrested

(posted on Friday February 17, 2017 at 10:01 AWST)

Prosecutors get their warrant in bribery case.

DFES Media Releases: DFES urges caution after widespread flooding

DFES Media Releases (posted on Friday February 17, 2017 at 09:50 AWST)

Content:

In the wake of widespread flooding across Western Australia, the Department of Fire and Emergency Services (DFES) is urging the community to remain cautious of dangerous conditions. 

Fire and Emergency Services Commissioner Wayne Gregson said floodways and river levels may still rise rapidly and move quickly so it is vitally important that members of the community take care.

“People need to obey road closure signs, take care on gravel and unsealed roads, and not drive into water of unknown depth and current,” Commissioner Gregson said.

“Driving through flood water is very dangerous as just a small amount can wash you and your vehicle away - it is simply not worth the risk.

“With rivers moving quickly people should also avoid walking, swimming or playing in floodwater.”

Moderate flooding is expected to continue throughout the Kimberley region and in parts of the Avon River catchment in the coming days, and the Blackwood River catchment in the southern part of the State is also continuing to rise.

Over the past week, DFES has worked tirelessly to manage the impact of the floods, deemed a natural disaster across most of the State.

State Emergency Service (SES) volunteers and DFES have responded to more than 450 requests for assistance from members of the community for flood and storm related damage.

A number of rescues have also been undertaken, including 15 people who were caught in floods outside of Ravensthorpe after the Phillips River Bridge was washed away.

Deliveries of groceries and supplies have been organised for remote Aboriginal communities including Tjuntjuntjara in the Goldfields Midlands, Ngallagunda and Balgo in the Kimberley, and Kiwirrkurra and Purnngurr in the Pilbara.

DFES has been working closely with local governments and other agencies, including the Shire of Boyup Brook in order to minimise the impact on those attending an upcoming music festival.

Commissioner Gregson said he strongly encourages the WA community to stay up to date with flood conditions by visiting the Emergency WA website.

“In the past week, we’ve had a record number of people seeking emergency information, with more than one million views to the new website,” he said.

“Though for some the sun may be shining again, it’s important to keep yourself informed of the situation in your area.”

 END

Media Contact: DFES Media and Corporate Communications 9225 5955. ​

Publication Time: 17/02/2017 9:45 AM

SC Magazine: DoJ claims 'dozens' of cases hit by Microsoft cloud ruling

(posted on Friday February 17, 2017 at 08:47 AWST)

Position adopted by more cloud providers.

SC Magazine: Medibank's troubled IT overhaul is starting to stabilise

(posted on Friday February 17, 2017 at 08:45 AWST)

SAP system 'on track' for full operation.