Windows 10 Is About to Get More Secure, Easier to Use

windows-10

Microsoft is poised to roll out its Windows 10 Anniversary Update on Tuesday.

The free update includes two security innovations for individual customers: Windows Hello for apps and websites; and Windows Defender.

Enterprises will get Windows Defender Advanced Threat Protection, which detects, investigates and responds to advanced malicious attacks on networks; and Windows Information Protection, or WIP, previously known as “enterprise data protection.”

Smooth Operator

Microsoft “has done a very creditable and admirable job of paying attention to security — secure by design, secure by default, secure in implementation, and secure in storage,” remarked Laura DiDio, a research director at Strategy Analytics.

“Now, they’re making it much more usable,” she told TechNewsWorld.

The Anniversary Update extends the Windows Hello biometric authentication feature in the browser using FIDO, and enables password-free access to apps such as Dropbox.

The Anniversary Update offers smartphone syncing using the Cortana apps on iOS, Android and Windows 10 Mobile.

Something for Everyone

Windows Ink, which lets users perform a number of tasks with a digital pen, is included in the update. Key apps have Ink-specific features.

With the update, the Cortana personal digital assistant appears above the lockscreen, so it can be used without having to unlock the device.

The Microsoft Edge browser includes more power-saving improvements; various Edge Extensions such as Pinterest’s “Pin It” button and AdBlock; and improved visual presentation of Web pages in high contrast mode. The update also streamlines completion of online forms.

Gamers will be able to stay connected with friends on Xbox Live and enjoy more games across their devices with the Anniversary Update. They’ll be able to use Cortana commands on Xbox One, and be able to select any supported language regardless of their location.

Finally, the Anniversary Update will simplify PC deployment, so teachers can set up devices without requiring dedicated IT support. Schools with IT support can set up shared devices in bulk, rapidly using the updated Windows Imaging and Configuration Designer tool.

 
[source :-technewsworld]

Linux Botnets on a Rampage

linux-botnets-ddos-attacks-kaspersky-lab

Linux-operated botnet Distributed Denial of Service attacks surged in this year’s second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week.

South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.

DDoS attacks affected resources in 70 countries, with targets in China absorbing 77 percent of all attacks. Germany and Canada dropped out of the top 10 most-targeted countries, replaced by France and the Netherlands.

The Linux server is the go-to platform for orchestrating DDoS attacks because of its latent vulnerabilities, said Charles King, principal analyst at Pund-IT. A common problem is that they are not protected by reliable security solutions.

“That makes them prime targets for hackers, especially those that leverage C&C servers to centrally manage and carry out DDoS attacks,” he told LinuxInsider. “Deploying leading security solutions, as well as utilizing and updating established Linux distros, can go a long way to protecting against these issues.”

Hardware to Protect

All devices are vulnerable — servers and desktops running any flavor of Linux, along with switches, routers, ADSL modems, wireless devices and cars.

Internet of Things devices running embedded Linux also are vulnerable, said Oleg Kupreev, lead malware analyst at Kaspersky Lab.

“The main reason is in most cases it is hard to update or reconfigure vulnerable software ASAP — especially on highly loaded, critical servers — or to update outdated software that is not supported by manufacturer devices,” he told LinuxInsider.

Companies that rely on Linux servers must protect them against this growing threat. For Linux servers, it is very important to harden, or tweak, the security of the system, Kupreev said.

It’s important to understand and implement SELinux, keep the software and the kernel up to date, and adopt a strong password policy, he explained.

Attack Vectors

It appears that nothing much is new about the methods hackers used in their recently stepped-up activities.

“We don’t see any changes in tactics. Brute-forcing passwords, exploiting common vulnerabilities in Web applications, hijacking or sniffing wireless communications — these are old and well-known threats, said Kupreev. “Of course, each year we see some new threats, like remote-controlled cars — but it’s not a trend, it’s just a reality.”

SYN DDoS, TCP DDoS and HTTP DDoS remained the most common attack scenarios in the second quarter, according to Kasperky’s report.

The share of attacks from Linux botnets almost doubled, to 70 percent.

The proportion of attacks using the SYN DDoS method increased 1.4 times, compared with the previous quarter, accounting for 76 percent.

For the first time, there was an imbalance between the activities of Linux-based and Windows-based DDoS bots, based on the report’s findings. Linux bots are the most effective tool for SYN-DDoS.

“Linux is becoming more commonplace and is used in most embedded systems,” noted John McCarty, CISSP and senior security consultant at AsTech Consulting.

“These implementations often are not hardened or patched and upgraded regularly, which has led to these systems being compromised and becoming a part of a botnet,” he told LinuxInsider.

Time Matters Too

The duration of the DDoS attacks has increased, Kaspersky’s report shows. For instance, the proportion of attacks that lasted for up to four hours fell from 68 percent in the first quarter of this year to 60 percent in the second quarter.

The proportion of longer attacks grew considerably. Those lasting 20-49 hours accounted for 9 percent (4 percent in Q1) and those lasting 50-99 hours accounted for 4 percent (1 percent in Q1).

The longest DDoS attack in Q2 2016 lasted 291 hours (12 days), a significant increase from Q1’s longest attack, which was eight days.

Contributing Factors

Linux can be an extremely secure operating system, according to AsTech’s McCarty. When it is properly configured and locked down, Linux can be hardened to withstand many of the current exploits and attacks.

“However, this reputation can lead to some administrators feeling that these systems are inherently secure and do not need the level of configuration and attention necessary to protect the systems from attack,” he said.

Another factor that encourages hackers to exploit Linux loopholes is the lack of security professionals and security software to maintain systems properly, said Dodi Glenn, vice president of cybersecurity at PC Pitstop.

“These systems usually host services, which can be used to reflect malicious activities,” he told LinuxInsider.

Linux is not inherently insecure, and it has become ubiquitous, observed Weston Henry, website security research analyst at SiteLock.

“The number of cloud servers and devices running Linux/BusyBox online with security as an afterthought may lead to insecure devices and services,” he told LinuxInsider.

Treating the Cause

Companies must ensure they are hiring the right people to maintain the Linux systems, said PC Pitstop’s Glenn, and proactive security is key.

“When securing these systems, create a baseline of the system or a profile of the system, noting its usage of resources in normal operation modes,” he advised.

Organizations using Linux should ensure the systems are patched, securely configured and hardened, so that unnecessary services and applications are not running or even installed on them. It would help to toss in an intrusion prevention system and next-generation firewall as well.

“This will help minimize the overall attack surface of these systems, limiting the ability of a hacker to take over the system and use it within a botnet or for any other purpose,” said McCarty.

DDoS attacks still seem to be about quashing competition — from online gaming and gold farming sites in the past to bitcoin sites now, noted SiteLock’s Henry. The uptick in Linux botnets stems partly from the stated router and set-top box compromises.

“A decreased barrier to entry into cloud servers and services may also add to the vulnerable pool,” he said. “Consider security during system design. That is, design security into the system instead of adding it on after deployment.”

Other steps to take prior to launch, according to Henry, include assessing network and hosting services for DDoS robustness; beginning a relationship with a DDoS mitigation service; having a DDoS mitigation plan in place; and using a robust content delivery network to take any initial brunt.

 
[source :-technewsworld]

Linux Mint 18: Fresher Than Ever

 

 

The Linux Mint 18 Sarah will please long-time users and impress new adopters for its growth in features and overall consistent performance.

Linux Mint 18, released at the end of June, is a long-term edition supported through 2021. The in-house built Cinnamon desktop and the GNOME 2 fork MATE desktop were available at its introduction. The Xfce edition became available earlier this month, and the KDE edition is coming soon.

Linux Mint 18 Sarah is based on Ubuntu 16.04 and comes loaded with numerous significant new features. I am pleased to find the development team has maintained its philosophy of making key improvements to an already solid distro without overwhelming its user base with outlandish directional changes.

I have used Linux Mint Cinnamon on my primary work machines since developer Clement Lefebvre created his distro. The Linux Mint 17 series began in June 2014. It has become an apt alternative to Canonical’s Ubuntu, which radically changed its development path. The growth evident in Linux Mint 18 is a logical and pleasing upgrade from version 17.3.

Linux Mint 18

Linux Mint 18 has a well-polished look and feel along with a new collection of pleasing background images.

Linux Mint 18 will go a long way to help maintain this distro’s consistent ranking on DistroWatch.com as one of the most popular general-purpose Linux offerings.

What’s New

Many of the improvements bundled into this release consist of system and user software upgrades. For example, Linux Mint now runs Linux kernel 4.4 and Cinnamon 3.0 or MATE 1.14. Mint 18 supports the exFAT file system out of the box. Also now supported by default is the Btrfs file system.

Linux Mint 18 includes an enhanced update manager that supports installation of different versions of the Linux kernel. The changes to the update manager should be well received by users. It offers easier configuration to balance safety, security and stability in handling system updates.

New commands support Debian syntax for apt. The terminal command “apt” still supports all previous features. Linux Mint 18 also supports a new syntax of Debian “apt” with some changes and improvements.

For example, you can run the new apt full-upgrade command to get results equivalent to running apt dist-upgrade.

You now can use a terminal command, add-apt-repository remove argument to remove the junk repository. The software services graphic mode did not allow that function.

Another really nice touch is the progress bar. The completion process displays when you run the terminal commands “apt install,” “apt remove” and “sudo apt autoremove.”

Linux Mint 18 comes with Steam, Spotify, Dropbox and Minecraft added to the software manager, which makes it easier and more automated to install and update these applications.

X-Apps Revealed

One of the highlights is the introduction of X-Apps to the installed base of default applications. Linux Mint 18 brings several updated apps that replace stock standards for viewing photos and PDF files, editing text, and playing media files.

X-Apps produce generic applications for traditional GTK+ desktop environments. They replace applications that no longer integrate properly outside of a particular environment, such as GNOME applications.

Linux Mint 18
X-Apps

Linux Mint 18 introduces the first set of X-Apps to unify the way apps look and function across desktops.

These new applications unify appearance and functionality across desktops. The idea behind this project is to make available the same applications used in all traditional desktop environments. They have the same interface and capabilities of all desktop environments similar to Linux Mint 18.

More are planned. So far there are five cross-desktop xapps:

  • Xplayer is a Multimedia player based on Totem.
  • Xed is a text editor based on Pluma, which resembles gEdit.
  • Xviewer is an image viewer based on the Eye of GNOME or Eog.
  • Xreader is an app for reading documents based on Atril, a multipage document viewer for postscript (ps), encapsulated postscript (eps), djvu, dvi and portable document format (pdf) files.
  • Pix is a photo-organizing app based on gThumb.

Codecs Covert

Sometimes progress breeds some inconvenience. Previous versions of Linux Mint shipped with multimedia codecs preinstalled. Many distros do not provide that out-of-the-box functionality.

Now Linux Mint 18 does not include multimedia codecs either. The fault lies with the growing concerns over copyright restrictions in some countries.

The missing codecs present just a one-time inconvenience. You have two options to install them.

The simplest fix is the menu-assisted option found in the sound and video category of the Mint main menu. Just click on “Install Multimedia Codecs”.

The other option is to issue the installation commands manually in a terminal window. Here they are:

  • $ sudo apt-get update
  • & sudo apt-get install mint-meta-codecs

This process will get you the most commonly needed and used proprietary codecs.

User Interface Tweaks

The Linux Mint 18 release includes nothing earthshaking, and this is good. It has no radical changes to rattle established users. This is also good.

The Mint 18 upgrade comes with lots of little fixes and updates that in combination produce one of the best Linux Mint releases in memory. This is very good.

It was fun to discover many of these niceties as I worked with the upgrade to prepare this review. It is the little things that make such a big difference.

For instance, Linux Mint 18 provides better scrolling support. Touchpad now supports scrolling with two fingers. It also has the added option of reverse scrolling.

The icons of apps added to the panel display a new context menu when you right-click on them. That provides more options than the previous Launch, Add, Edit and Remove. Another change is the new dialog sound settings.

Linux Mint 18 keeps the Mint-X theme as a default setting, but it also has new theme application icons and Mint-Y. The themes and icons Mint-Y provides give you a choice of either light or dark.

Bottom Line

There is no urgency in updating to Linux Mint 18 — the changes it brings are subtle. However, the collection of tweaks and additions and UI improvements will give you a more pleasant computing experience.

Linux Mint 18 is a solid improvement. This distro continues to get better with age. You have nothing to lose with installing the upgrade sooner rather than later.

You have everything to gain by taking Linux mint 18 for a spin if you are not already a committed user. A few other distros offer the Cinnamon desktop, but Linux Mint has much more in its favor than Cinnamon.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

 
[source :-technewsworld]

900 Million Androids Could Be Easy Prey for QuadRooter Exploits

Four newly identified vulnerabilities could affect 900 million Android devices,Check Point researchers told attendees at the DEF CON 24 security conference in Las Vegas this past weekend.

900 Million Androids Could Be Easy Prey for QuadRooter Exploits

The vulnerabilities, which the researchers dubbed “QuadRooter,” affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers.

The drivers, which control communications between chipset components, are incorporated into Android builds manufacturers develop for their devices, so they’re preinstalled on devices and can be fixed only through installation of a patch from the distributor or carrier.

Exploiting any of the four vulnerabilities will let attackers trigger privilege escalations and get root access to the targeted device, Check Point said.

Attackers can exploit the vulnerabilities using a malicious app. Such an app would not require special permissions, and thus would not be easily detected.

The Qualcomm Fix

Qualcomm already has issued fixes for the vulnerabilities, said company spokesperson Catherine Baker.

The company has posted its patches on CodeAurora.

Qualcomm “continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities,” Baker told TechNewsWorld.

The July Android Security Bulletin included all but one update that is scheduled to be issued September.

That doesn’t mean Android devices are safe, however.

“What I don’t know is how fast smartphone manufacturers and carriers distributed the driver updates,” said Kevin Krewell, a principal analyst at Tirias Research.

“That’s a challenge for the Android ecosystem,” he told TechNewsWorld.

Some of the Affected Devices

Qualcomm has 65 percent of the LTE modem baseband market, Check Point said, and some of the latest and most popular Android devices use its chipsets.

Among the Android devices susceptible to the malware are the following:

  • Samsung Galaxy S7 and S7 Edge
  • Google Nexus 5X, 6 and 6P
  • HTC One, M9 and 10
  • LG G4, G5 and V10
  • Motorola X
  • BlackBerry Priv
  • OnePlus One, 2 and 3
  • Sony Xperia Z Ultra

Qualcomm’s Security Issues

Several vulnerabilities have been reported in Qualcomm’s chipsets over the past few months.

Trend Micro in March reported a vulnerability affecting Snapdragon-powered Android devices, which could be exploited to gain root access on the target device by running a malicious app.

Security researcher Gal Beniamini in May reported a vulnerability that would let hackers gain code execution within Qualcomm’s Secure Execution Environment.

Beniamini in June reported another Qualcomm QSEE flaw that was found its KeyMaster trustlet.

However, the frequency with which security weaknesses in Qualcomm chipsets are discovered is to be expected, suggested Krewell. “Qualcomm’s modems and Snapdragon processors are widely used, so they are under constant scrutiny.”

Affected vs. Infected

Android devices infected with the QuadRooter malware have not yet been discovered, said Jeff Zacuto, mobile security evangelist at Check Point.

“While 900 million devices are affected, that doesn’t necessarily mean they’ve been infected with malicious apps that can be used to exploit these vulnerabilities,” he told TechNewsWorld. “But there’s a risk that there are infectious apps out in the wild that haven’t yet been detected.”

QuadRooter vulnerabilities could give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on the devices, Check Point warned. Attackers also could get capabilities such as keylogging, GPS tracking, and the ability to record video and audio on the devices.

How to Stay Safe

Installing antivirus software on Android devices won’t help, because they “can only detect malicious apps they know about,” Zacuto pointed out. “That means previously unknown malware can evade traditional [antivirus software].”

Check Point recommended that enterprises and consumers take the following measures to stay safe:

  • Install an advanced mobile threat detection and mitigation solution on Android devices;
  • Download and install the latest Android updates as soon as they become available;
  • Examine any app installation request to ensure it’s legitimate before accepting it;
  • Download apps only from Google Play;
  • Read permission requests carefully when installing any apps; and
  • Use a security solution that monitors devices for malicious behavior.

“As we all know, software is not perfect,” observed Krewell, “and swift updates are the best defense.”

 
[source :-technewsworld]

TCP Flaw Opens Linux Systems to Hijackers

A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. [*Correction – Aug. 12, 2016]

TCP Flaw Opens Linux Systems to Hijackers

The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday. The researchers are affiliated with the University of California at Riverside and the United States Army Research Laboratory.

The vulnerability, CVE-2016-5696, lets attackers hijack plaintext communications between two devices communicating over TCP on the Internet.

The RFC 5961 spec is implemented in Linux kernel v 3.6 and later. [*Correction – Aug. 12, 2016]

“This attack could be used to target long-lived back-end connections like database sessions or management and monitoring channels,” said Craig Young, a computer security researcher for Tripwire’s Vulnerability and Exposures Research Team.

“Since only one host in the connection needs to be vulnerable, it’s also possible that websites which provide interactive sessions over a persistent HTTP tunnel would be targeted,” he told LinuxInsider.

Other targets are update servers used to replace firmware on embedded devices, and security cameras and smart appliances that maintain constant communications with a vendor’s infrastructure.

Exploiting the Vulnerability

RFC 5961 was designed to make it more difficult to carry out TCP spoofing attacks against long-lived connections. [*Correction – Aug. 12, 2016] The specification ensures that an incoming packet’s sequence number exactly matches the sequence number expected to be next. Further, the attacker also would have to guess a proper ACK value within a scoped range.

Up to now, it was widely accepted that there was no easy way for attackers to know whether two arbitrary hosts on the Internet were communicating over TCP, or to tamper with or terminate such a connection, without being on the communication path themselves.

However, the researchers have found that it is possible to do so without running malicious code on either communicating party’s system.

The ACK throttling feature, as implemented under RFC 5961, has a default limit of 100 challenge ACKS generated per second. [*Correction – Aug. 12, 2016] That limit is shared across all channels, which lets the shared state be exploited as a side channel.

Attackers only have to send spoofed packets to a targeted connection, hit the 100 ACK per second limit, and count the actual number of challenge ACKs received on that connection. If the number is less than 100, some challenge ACKS must have been sent over the connection as responses to the spoofed packets.

Two likely scenarios are of greatest concern, said Josh Bressers, a security strategist at Red Hat.

One is through a plaintext connection and the second is a denial-of-service attack, he told LinuxInsider.

threat models

“The danger with potential vulnerabilities like this one is that many mobile devices and other embedded systems won’t or can’t be easily updated due to both design and connectivity issues,” said Bill Weinberg, a senior director at The Linux Foundation.

“Of particular worry should be the installed base of Android devices,” he told LinuxInsider.

Patching and Protection

Enterprise users will look to vendors like Red Hat for a patch, said Weinberg. Organizations and developers who build their own kernels “will obtain patches from kernel.org or major distribution supplier provides like Fedora.”

Red Hat “is working on releasing a patch for this issue in our products, and are working with the relevant upstream communities to address this issue in their respective codebases,” Bressers said.

In the meantime, the company’s customers can use its kpatch dynamic kernel patching code to patch running systems.

The best defense is to eliminate the global challenge ACK count altogether, the researchers suggested, although it’s possible the count could skyrocket.

Concerned users should think about possible ramifications before disrupting businesses to roll out patches, warned Adrian Sanabria, a senior security analyst at 451 Research.

“I’ve seen many cases where the attempt to mitigate a largely academic vulnerability results in more damage than simply accepting the narrow risk would,” he told LinuxInsider. “I’m not saying that’s the case here, but … we need to study it more.”

 
[source :-technewsworld]

Google May Paint IoT Fuchsia

google-fuchsia-operating-system

A team at Google is working on a new operating system called “Fuchsia,” according to information that recently turned up on Github, but details are sparse.

Fuchsia “is a new open source project that is not at all related to Android or Chrome OS,” Google spokesperson Joshua Cruz told LinuxInsider.

He declined to provide further details about Fuchsia, saying only that “we have many revolving open source projects at Google.”

Fuchsia already has undergone some testing, and it is booting “reasonably well” on NUCs based on Intel’s Skylake and Broadwell processors, according to a discussion thread on Y Combinator’s Hacker News. It also is booting on the Acer Switch Alpha 12, and soon will support the Raspberry Pi 3. Work on drivers is in progress.

The Fuchsia team reportedly includes Travis Geiselbrecht, who worked on NewOS, the Danger Hiptop smartphone, iOS, WebOS, Jawbone and BeOS; and Brian Swetland, who worked on BeOS and Danger. Both also were involved with Android.

Hints and Speculation

Fuchsia reportedly is built on the Magenta kernel, which is based on Google’s LittleKernel project.

However, Google draws distinctions between Magenta and LK.

Magenta targets modern phones and PCs with fast processors and nontrivial amounts of RAM with arbitrary peripherals doing open ended computation. LK is a kernel designed for small systems typically used in embedded applications.

Magenta’s inner constructs are based on LK, but the layers above are new. That said, a Magenta process is based on LK-level constructs such as threads and memory.

Fuchsia reportedly uses Flutter, a new project to help devs build high-performance, high-fidelity mobile apps for iOS and Android from a single code base, consistent with Java’s “write once, fit many” concept. It also uses the Dart application programming language, which Google employs to make very large apps.

Magenta has a capability-based security model, while all code is trusted in LK.

Security apparently was a concern for mtgx, who asked in the Hacker News discussion whether Fuchsia could be written in Rust while it’s in the early stages of development.

That “could avoid a whole lot of security issues down the road, which I think even Dart’s VM won’t be immune against (at least from what we’ve seen with Android — like the dozen+ stagefright vulnerabilities),” mtgx reasoned.

Fuchsia may be used as the OS for the Internet of Things, in embedded systems, and possibly even in mobile devices and PCs.

Where Fuchsia May Fit

Fuchsia “appears to be a new OS focused on IoT and embedded devices,” said Al Hilwa, a research program director at IDC.

It’s not likely to be aimed at replacing Android, because “there is simply too much developer commitment APIs to mess around with Android, and at this relatively mature stage of the mobile market, it will be much harder to get traction around a new phone or tablet OS,” he told LinuxInsider.

“The births of these types of platforms for general public use are likely once-in-a-generation events from a developer-critical mass perspective,” Hilwa noted. “Having said that, the IoT market is a bit of an open canvas. There are a lot of problems that can be solved around security and device variation, and so a new OS may achieve traction.”

 
[source :-technewsworld]

Latest Slackware Version Doesn’t Cut Newbies any Slack

Latest Slackware Version Doesn't Cut Newbies any Slack

Slackware is one of those Linux distros often described as being difficult to use. The Slackware Project version 14.2 released on July 1 does little to change that view — at least, as far as installing it is concerned.

Its KDE desktop is probably the most contemporary trait. Other than an update under the hood, the latest Slackware release offers little that’s new in terms of usability and few new features. If you are comfortable with Debian-style Linux distros, prepare to be uncomfortable.

The Slackware distro is the world’s oldest surviving maintained Linux distribution. Patrick Volkerding created the Slackware Linux distribution in 1993, based on Softlanding Linux System. Slackware is the basis for many other Linux distributions, including the first versions of Suse Linux distributions.

Slackware’s goal is to offer design stability and simplicity as the most Unix-like Linux distribution. It does that by avoiding as much as possible any modifications to upstream software packages. Unlike more modern Linux offerings, Slackware has no graphical installation procedure and no automatic dependency resolution of software packages.

Slackware installer

Slackware uses a simple text-based installer rather than a graphical approach to automating the installation process.

It uses plain text files and only a small set of shell scripts for configuration and administration. It boots into a command-line interface environment. Thus, Slackware is best used by advanced and technically inclined Linux users.

Under the Hood

Slackware is difficult to install and set up for lesser-experienced Linux users, but the new version otherwise seems as spry as the more popular distros. Newer-style desktop environments, such as Cinnamon, and old favorites like LXLE are missing.

Slackware ships with Linux kernel version 4.4, along with rather current desktop updates such as KDE 4.14 and Xfce 4.12.1, and it fancies older style desktops such as Fluxbox 1.3.7 and Blackbox 0.70.1. These supported desktops use many of the specifications from Freedesktop.org . Thus, system administrators can grant use of various hardware add-ons to users’ group membership.

Slackware KDE desktop

The KDE desktop provides a heavy-duty user experience on Slackware 14.2. Other choices are Sfcw, Fluxbox and Blackbox.

The 64-bit build of Slackware supports booting on UEFI-enabled hardware. This release has many updates and enhancements.

Slackware is available for the IA-32 and x86-64 architectures, with a port to the ARM architecture. Slackware does not have a formal bug-tracking facility or public code repository, however. The developer issues releases periodically.

Slackware provides users with its own software repositories. Slackware is a very fast, stable and reliable Linux distribution.

Slow Updates

Since the initial stable release of Slackware 1.0 on July 16, 1993, the developer has issued infrequent major updates. The last major upgrade was version 14.0 on Sept. 26, 2012.

Version 14.1 appeared on Nov. 4, 2014. Slackware 14.2 is an incremental update. It includes a switch to PulseAudio.

The most predominant change with Slackware 14.2 is the replacement of ConsoleKit (user and session tracking) and udev (device manager) with new forks as ConsoleKit2 and eudev. It eschews the Linux distro trend of changing to the systemd initialization process.

Slackware looks and behaves just like any other comparable Linux distribution. That is a testament to its staying power. An installation makeover would go a long way toward making the granddaddy of Linux more inviting to typical users.

One workaround of sorts is to install the live session ISO to a USB stick. You then can boot into the live session and use the USB drive as the installation source. That works on machines running both regular BIOS as well as UEFI.

System Drawbacks

Slackware does not offer automatic dependency resolution. Still, a full Slackware install leaves no unmet dependencies.

You still must find and install additional dependencies manually for anything else you add. The developer provides build scripts for a variety of additional software currently not available from the official Slackware repository.

Installing Slackware can be an exercise in futility, especially for users who just want a Linux distro that works without an IT staff to make it work. If you are going to sample Slackware beyond the live session showcase ISO, spend considerable time getting familiar with the installation guide from theSlackware Documentation Project.

Slackware uses an ncurses-based installer. This is a simple text-based installer. As a result of this approach, the automated installation routine now typical for mainstream Linux distros is sorely missing with Slackware.

Ncurse is an updated library of functions for managing an application’s display on character-cell terminals. The library creates a wrapper over terminal capabilities and provides a framework to create a pleasant-looking user interface in text mode. It provides functions to create windows and other visual elements during the installation process.

One drawback for newcomers to Slackware methodology is its lack of a built-in partitioning tool. The most difficult part of the process for new users is the manual disk partitioning if they want to set up a dual boot on the hard drive. To handle that chore, do the partitioning with Gparted or similar tools before attempting the installation.

Two Different Worlds

You can try out Slackware 14.2 without modifying your disk drive — but do not expect your actual experience with the installation to be out-of-the-box hassle free. The Slackware Live Edition has no provision for clicking an icon to start an automated graphical installation.

The live session, like a typical non-Slackware live session, boots your computer into a complete Slackware installation that can run from a CD, DVD or USB. You can expect standard components to work because the configuration is preinstalled. That does not happen with an actual Slackware installation.

You can not run the Slackware live session ISO in a virtual machine environment. I had no trouble getting it to load in a VM session — but loading was all it did. Once the desktop filled the VM window, the session seem to freeze. I could not open the Slackware menu or even log out of the session.

Limited package management is handled by the Pkgtool. This is a menu-driven package maintenance tool provided with the Slackware Linux distribution. It lets you add, remove or view software packages through an interactive system.

This tool makes it easier to install or upgrade packages via downloads. With slackpkg, you can have a minimal installation of Slackware Linux and install/upgrade only those packages you need the most.

Bottom Line

Slackware is a throwback to the early days of the Linux OS, and it may not have much relevance to anyone but diehard Slackware fans. Still, experienced Linux users looking for a change of pace might enjoy setting up a Slackware system.

The documentation and user guides are fairly detailed, but they are heavy reads that will frustrate the typical new user. Those without a strong technical background will see a big disconnect in going from the live session “Slackware demo” to a functioning Slackware installation.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

 
[source :-technewsworld]

Google Fills Nexus Devices With Rich Nougat Features

android-nougat

Google on Monday began rolling out its long-awaited Android 7.0 Nougat release to Nexus smartphones and tablets.

The new operating system became available as a beta release, known only as “Android N,” earlier this year. The experiences of developers and other users led to more than 250 new features, including improved multitasking, stronger battery life and tighter security features, noted Sameer Samat, vice president of product development.

The new OS provides quick access to settings, so important features like Bluetooth, WiFi and the phone’s flashlight are readily available when needed.

The system also provides multi-locale support, so that languages can be localized and other apps can be adjusted to reflect the user’s location.

Among the more sought-after features are multitasking, which lets users run two apps alongside each other in adjustable windows. Users can access notifications without having to open individual apps. Switching between apps is a snap — all it requires is double-tapping the overview button.

android nugget split screen

Emoji Explosion

Android Nougat’s expanded list of emojis lets users be more creative with their messages. There are now 72 different characters and a total of more than 1,500 expressions.

android nugget emojis

Nougat’s battery life improves on that of its predecessor, Marshmallow. Users can take advantage of the doze feature, which lets the device drop into lower power use during travel.

The OS allows experiences that are more immersive, likely with an eye to enhanced uses. Support for VulcanTM is included. VulcanTM is an advanced 3D rendering API for enhanced gaming, as well as for Daydream, the company’s virtual reality platform for new phones, headsets and controllers.

The new system is designed to be more secure, with file-based encryption, direct boot capability and a seamless process that allows users of new Android devices to run software updates in the background, while allowing users of existing Nexus gadgets to install updates much faster.

Driving Adoption

Some of the new features in Nougat — including the more powerful graphics and the ability to conserve battery power — might prove to be compelling, suggested Rob Enderle, principal analyst at the Enderle Group.

Whether they’re compelling enough to draw new users into the Android fold may prove to be a more difficult question to answer, however, as the cost and time required to make a mobile OS switch remain significant barriers.

The slow rollout of devices in the pipeline is another challenge for driving adoption.

Nexus 6, 5X, 6P, 9, Nexus Player, Pixel C and General Mobile 4G will get over-the-air upgrades to Nougat, according to Google.

The LG v20, scheduled for release on Sept. 6, will be the first new phone to debut with Nougat preinstalled, Google spokesperson Joshua Cruz confirmed.

The Instant App function is a potential game changer, as it will allow users to sample new apps in the Google Play Store prior to downloading, said Charles King, principal analyst at Pund-IT.

It’s also possible Nougat will drive new hardware sales, he suggested.

“The company seems to be taking a harder line with handset makers and wireless providers in regards to system updates — a reasonable course given growing security problems and threats related to smartphones,” King told TechNewsWorld. “If Google puts some muscle behind Nexus as the market’s most quickly updated and fully secured Android-based smartphone, it could help drive significant sales increases.”

 
[source :-technewsworld]

25 Years of Linux: What a Long, Strange Trip It’s Been

linux-25-years

Happy Birthday Linux! You’re 25!

When Linux was born on Aug. 25, 1991, it was little more than a hobby for then 21-year old Linus Torvald. Today the Linux community is estimated to be upwards of 86 million users strong. It has become the backbone of large enterprises, and it is installed in government systems and embedded in devices worldwide.

The Linux operating system started out as an alternative to other platform architectures in use on mainframes and enterprise back-ends. It has grown into a major mainstream computing platform for small through large companies’ server operations, and has made inroads into consumer computing.

Linux has been ported to more hardware platforms than any other operating system, thanks to the popularity of the Linux-based Android operating system, noted Meike Chabowski, documentation strategist at Suse.

“Today, Linux has the largest installed base of all general-purpose operating systems worldwide. Linux is also the leading operating system on servers of any sort, and of 99.4 percent of the top 500 supercomputers,” he told LinuxInsider. “Also, you find embedded Linux in a huge quantity of devices and machines — built into cars, network routers, facility automation controls, entertainment equipment, and medical equipment such as X-rays.”

Some people do not even know they are using it. Linux is everywhere, Chabowski said.

Full of Surprises

Early Linux was a revolutionary idea. It provided some conveniences not available to the Minix and Unix operating systems used at the university where Suse President of Engineering Ralf Flaxa studied.

One big plus was that he could run it himself on his PC at home, he told LinuxInsider.

What also surprised Flaxa was how quickly Linux evolved and improved, and how much it was able to do after such a short period of time.

“For example, at the very beginning you were able to multiplex your screen — meaning with a key combination, you could switch to a second or third terminal,” he noted.

“This was a brilliant idea and feature, especially at the time. There was no graphical environment with multiple windows yet,” Flaxa said.

The surprises did not stop there.

“I started out with Linux as a pure hobby and because I wanted and needed it for my computer science studies,” Flaxa recalled. “The moment I realized that I could actually turn my hobby into my job was for me personally the biggest Linux milestone.”

The ease of swapping out hardware was a major Linux benefit for Gerald Pfeifer, senior director products and technology programs at Suse, as that was not the case with other operating systems.

“You can exchange any piece of hardware and an existing Linux installation will still work just fine,” he told LinuxInsider.

Linux’s open philosophy was the biggest surprise with the new computing technology, said SUSE’s Chabowski. The philosophy of open and free source code impressed him from the start, “but what surprised me most and still does fascinate me today about Linux is that its model of joint and worldwide development worked and still works.”

Linux at the Floodgates

Linux was a “good enough” operating system with the right price for a startup — free — recalled Cloud Foundry CEO Sam Ramji, who worked with Linux for the first time in 2000, when his company built the online digital photo developing service Ofoto.

“We used our knowledge instead of paying for Solaris licenses,” he told LinuxInsider. “The leap from copycat to innovator was not something I had imagined, but by the mid-2000s, new features were coming to Linux that did not exist anywhere else — things like filesystems and cgroups.”

Awareness of Linux in the enterprise was nonexistent 25 years ago, when Ramji was an undergrad at the University California, San Diego. Solaris, MacOS and Windows dominated.

Even by the late 1990s, Linux could not provide the support and predictability needed in an enterprise setting. Companies using Linux had to build their own skill sets based on a free distribution or build their own in-house version. Adoption risk was high.

All that changed in the early 2000s, when Wall Street banks demanded Linux support for their enterprise application servers.

“That was a moment that broke down resistance to Linux in the big IT vendors like BEA, IBM and Oracle. That hole in the dam was the start of a flood,” said Ramji. “Today Linux is the home of operating system innovation.”

Changing World

Installing Linux was far from easy in the early days, according to AporetoVirtualization Expert Stefano Stabellini, who has been a Linux user and open source advocate since the 1990s.

“It was very difficult to explain open source to people and companies back when I started with Linux in the ’90s. They did not understand it. They thought that open source was unsustainable, and Linux was niche and hobbyist,” he told LinuxInsider.

Now everything has changed. Every company has an open source strategy now.

“Microsoft was the biggest foe and now is a strong ally. Linux is the most widely adopted operating system of all times. It is known as the kernel that powers smartphones and light bulbs as well as supercomputers — that is the opposite of niche,” Stabellini said.

Secret Glue

The Linux kernel community deserves a large measure of credit for Linux being everywhere, according to Stabellini. The Linux kernel is a vast community of very different people. Many work for competing companies.They have expertise in different areas, different world views, and different modus operandi.

“It is surprising how remarkably dissimilar they can be, but their first and foremost goal is to progress Linux. It’s the glue that holds it all together,” Stabellini said.

As for the industry as a whole, two milestone achievements thrust Linux toward universal adoption, he said. One was the introduction of cgroups, which paved the way for the Linux containers of today. Another was development of the device tree for the ARM architecture, which made the growth of ARM boards in Linux sustainable.

Risk Factor

Using Linux in the early days was a major risk for early enterprise adopters. Too many unknowns clouded its sustainability potential.

“In the early days, I think the biggest challenge for enterprises using Linux was risk. Enterprises were not sure the project would continue. They did not know if it would support their hardware. They were not clear on the best way to maintain updates, and the expertise was hard to find,” said Matt Hicks, vice president software engineering at Red Hat.

“However, the desire for a more open standard beyond the Unix distributions was strong, and it drove many to undertake those risks,” he told LinuxInsider.

Today’s Linux landscape looks much different. Linux is at the core of almost all technology innovation. The ecosystem surrounding it is massive, and talent abounds. In a very real sense, Linux has become the safe bet for those who are using technology as a core part of their business, Hicks pointed out.

The release of the Linux 2.6 kernel on Dec. 17, 2003, along with the publication of Linux Kernel Development by Robert Love are two milestones that changed Linux forever, Hicks said. “Despite having worked with Linux for years prior, that was the point at which I realized that Linux had a momentum that could change the industry.”

Transiting Transition

Perhaps the biggest challenge for Linux was aligning the open source movement with the openness of a new operating system that broke all the rules, suggested Fedora Project Leader Matthew Miller. The open culture and wider free and open source movement grew up with Linux.

“Obviously, the Free Software Foundation was working for years before Linux came around, but Linux was really the catalyst for something big — a whole movement,” Miller told LinuxInsider.

In the beginning, Linux distributions were largely hobbyist projects. Even the business-oriented ones with greater aspirations were basically that way, he noted.

“Don’t get me wrong. They were impressive work, but they were far from meeting enterprise or large-installation needs. Security in particular was horrible, with no real preemptive lockdown. System accounts with no password were the norm, and every possible service was usually enabled out-of-the-box. And there was not even a good model for updates — even for security issues,” Miller recalled.

Regardless, the Linux movement fascinated people. Linux installs grew from the inside as individual groups kept installing them. Eventually, it became a sort of “If you can’t beat ’em, join ’em,” he said.

“I think Red Hat Enterprise Linux came along just at the right time, focusing on solving these problems — and perhaps more importantly, offering certifications and guarantees that open source was safe to use, Miller observed.

New Default

In the early 1990s, Linux in the enterprise typically was geared toward Web servers, FTP and smaller-scale applications. Linux was much less about workloads. Most enterprises in the ’90s had mixes of hardware with a lot of Sun and SGI, as well as applications that were very particular about the hardware they ran on, such as Oracle, noted Dave Rosenberg, senior vice president for strategy and ops at The Linux Foundation.

Linux in the enterprise is much different today. As the ’90s progressed into the 2000s, commodity servers became the norm, and Linux had the best stability and largest ecosystem of developers. That was and still is very appealing for enterprises.

“What has changed is that Linux has over the last 10 years become the default. There is no more ‘should I use Solaris or should I buy an SGI?’ Linux is already assumed to be the de facto OS standard,” Rosenberg told LinuxInsider.

It is hard to point to another technology that has changed the technical and business landscape the way Linux has.

“It is important to note that even with the disruption that was felt by many companies, such as Sun and Microsoft, that Linux is a massive, massive net positive for everyone.,” Rosenberg said.

New Possibilities

Linux proved its resilience after 25 years of being free and open. Today’s new approaches and innovations are possible because of Linux, and not in spite of it, according to Gunnar Hellekson, director of product management for Red Hat Enterprise Virtualization and Red Hat Enterprise Linux.

“The central challenge of Linux and its strength have always been its relatively fragmented ecosystem when compared with proprietary alternatives,” he told LinuxInsider. “Choice and options are wonderful for innovation but do not make things easier operationally.”

For example, consolidating packaging systems like RPM and DEB was a monumental and messy effort. Hopefully, containers will offer the tools to begin harmonizing the packaging mechanisms for the sake of Linux developers, Hellekson said.

“If we take a step back, the success of Linux has inspired an entire generation of software developers to work in open source communities, while simultaneously making that work possible on open source platforms,” he added.

Without Linux, today’s computer users would still be hobbyists distributing shareware for Windows PCs. Instead, there is a completely different IT ecosystem, Hellekson noted — one that “is much more inclusive, much more expansive and much more effective.”

 
[source :-technewsworld]

Apple Speeds iOS Patch to Bring Down Pegasus

apple-ios-pegasus-zero-day-vulnerabilities

Apple on Thursday issued a patch that addresses three recently discovered critical iOS zero-day vulnerabilities, and advised users to update their systems immediately.

State-sponsored actors exploited the flaws to target United Arab Emirates human rights defender Ahmed Mansoor, and a Mexican journalist who reported on government corruption.

Researchers at the University of Toronto’s Citizen Lab and security firm Lookoutdiscovered the vulnerabilities, which they dubbed “Trident,” after investigating suspicious text messages sent to Mansoor.

The messages included links to an exploit infrastructure connected with NSO Group, an Israel-based cyberwar company that sells the spyware product Pegasus exclusively to governments, according to Citizen Lab.

The NSO Group, which developed Pegasus, is owned by private investment firm Francisco Partners, Citizen Lab said. It reportedly has offered to sell the NSO Group, which it has valued at US$1 billion. The firm previously invested in Blue Coat Systems, which sold products to repressive regimes to aid their mass surveillance and Internet censorship efforts.

“Apple’s response cements in my mind that it takes security seriously,” said Bobby Kuzma, systems engineer at Core Security.

“These are very complex exploits … and Apple has a patch out fixing them 10 days after it was notified,” he told TechNewsWorld. “That’s nothing short of miraculous.”

‘Grade A Scary’

The Trident vulnerabilities consist of the following:

  • CVE-2016-4657 — an exploit targeting a previously undocumented corruption vulnerability in WebKit that allows execution of the initial shellcode;
  • CVE-2016-4655 — a Kernel Address Space Layout Randomization bypass exploit to find the kernel’s base address; and
  • CVE-2016-4656 — 32- and 64-bit iOS kernel exploits targeting a memory corruption vulnerability that allows execution of code in the kernel. They are used to jailbreak an iPhone and allow software installation.

“The jailbreak is the key here,” Core Security’s Kuzma noted. “Once you’ve broken out of the tightly compartmented application space in iOS, you can effectively and easily bypass all the security controls built into the device and the operating system. This is grade A scary stuff.”

Pegasus on the Loose

The spyware Trident implanted appears to be NSO’s Pegasus product, a highly advanced tool that makes use of zero-day flaws, obfuscation, encryption and kernel-level exploitation, Lookout noted.

Pegasus can use an iPhone’s camera and microphone to eavesdrop on activity. It can record the user’s calls over WhatsApp and Viber, logging messages sent in mobile chat apps, and track the user’s movements.

It includes a renamed copy of Cydia Substrate, a third-party app developer framework that facilitates recording of messages and phone calls from targeted apps, Citizen Lab said.

“Pegasus clearly shows the dangers of mobile devices [that] can be transformed into ideal tracking devices,” said Yair Amit, CTO of Skycure.

“While Pegasus is a sophisticated tool that’s likely to be used against specific victims, there are tools that allow attackers with minimal technical background to easily penetrate iOS and Android,” he told TechNewsWorld.

News of the zero-day exploits led Rep. Ted Lieu, D-Calif., who has a degree in computer science, to call for a congressional hearing on the issue of mobile security.

 
[source :-technewsworld]