recentpopularlog in

charlesarthur : linux   18

The Asus Eee: how close did the world come to a Linux desktop? • Linux Journal
Jeff Siegel:
<p>How did Asus get the price so low? Cutting the weight helped. Using cheaper materials for the body, keyboard and screen made a difference too, as did the less expensive processor and memory. But one of the most important factors was substituting Linux for Windows.

An Asus spokesman did not respond to several requests for information for this story, but those with knowledge of the company's thinking said choice of operating system was crucial in lowering the Eee's price. A Microsoft license, depending on who you talk to, could have cost almost as much as the netbook's suggested retail price. Even if Asus had absorbed some of the license fee, it would have been almost impossible to hit $199, then considered the sweet spot for pricing.

Enter Xandros, the operating system that Asus used on the Linux-powered versions of the Eee. It was perhaps the machine's greatest asset and its biggest weakness. Since it was Linux, there was no Microsoft licensing fee, making it easier for Asus to hit $199. But Xandros was not quite open-source Linux—it was a commercial product from the same-named British company whose revenue came from "partnering" with OEMs. Which, of course, is what Microsoft did.

And, as anyone who knows anything about the Linux community will tell you, any open-source company with a Microsoft-like business plan can't really be open-source or true to the spirit of Linux. In this, Asus alienated the people who should have been the Eee's biggest supporters. Look on bulletin board and Reddit posts, and you'll still see some of the resentment at the choice of Xandros.

Xandros' other problem? It was just a little too Linux for the millions of people who bought it and who were used to Windows…

…It's almost impossible to believe, a decade later, how popular netbooks were in the wake of the Eee. Way past popular, actually: the netbook was the best-selling computer in the world in 2009, with seven-fold growth from 2008 and some 20 million sold. That accounted for almost 10% of the entire computer market at a time when the recession saw desktop computer sales fall 12%, the worst decline in its history.</p>

Arguably the Eee and netbooks propped up the PC market for a while. <a href="">Then they didn't</a>.
linux  eee  netbook 
november 2018 by charlesarthur
IBM to acquire Red Hat for about $33bn • WSJ
Robert McMillan:
<p>IBM rivals and Microsoft have jumped ahead of it in recent years in the business of providing computing power and software for rent. But Ms. Rometty said in an interview that the market is moving into a second chapter in which customers will want to work with multiple cloud providers. That should boost interest in so-called hybrid services in which companies run programs that use computing resources from their own servers and web services from IBM and others at the same time, she said.

“This is an inflection point,” Ms. Rometty said.

Red Hat will help IBM with that effort because it is a leading provider of open-source software and services that help companies bridge different platforms, she said.

The deal comes nearly seven years into Ms. Rometty’s struggle to revamp the 107-year-old company by shrinking older, slower-growth lines of business and focusing heavily on cutting-edge technologies like artificial intelligence and cloud computing. That effort led to nearly six years of falling revenue, which IBM finally reversed in January with three straight quarters of growth.

But in the latest quarter IBM’s revenue dipped 2.1%, despite the booming corporate tech-buying market. IBM’s stock price is down 19% over the past year. For this year, analysts expect IBM to record $79.75bn in revenue and adjusted profits of $13.80 a share, according to S&P Global Market Intelligence. In 2011, the year before Ms. Rometty became CEO, IBM posted $106.92bn in revenue and adjusted profits of $13.44 a share.

IBM plans to pay $190 a share for Red Hat in what IBM said would be its largest acquisition ever. IBM plans to use cash and debt to make the acquisition. At the end of the third quarter, it held $14.7bn in cash.</p>

Putting the acquisition into debt won't hurt too much (debt is cheap at present; as long as you make *some* profit you can service it). IBM's hope seems to be that it can be a provider to the properly big cloud companies, or else persuade corporations it is their real friend.

I don't think it will work. The IBM era is really dead; this is its last gasp, a final twitch. IBM got into open source early on, so the acquisition made sense there. But it doesn't have the lock on enterprise it used to. Younger rivals (Google! Amazon! Microsoft, 75 years younger!) have disrupted it thoroughly, and it's not coming back from that.

Ben Thompson has what I think is the <a href="">same viewpoint over at Stratechery</a>.
Ibm  redhat  linux  cloud 
october 2018 by charlesarthur
What Dropbox dropping Linux support says • TechRepublic
Puzzled 20-year Linux-on-the-desktop user Jack Wallen, on Dropbox's decision to drop Linux support except unencrypted ext4 (or ext4 with LUKS encryption):
<p>For a company to support Linux, they have to consider supporting:

• Multiple file systems<br />• Multiple distributions<br />• Multiple desktops<br />• Multiple init systems<br />• Multiple kernels<br />If you're an open source developer, focusing on a single distribution, that's not a problem. If you're a company that produces a product (and you stake your living on that product), those multiple points of entry do become a problem. Let's consider Adobe (and Photoshop). If Adobe wanted to port their industry-leading product to Linux, how do they do that? Do they spend the time developing support for ext4, btrfs, Ubuntu, Fedora, GNOME, Mate, KDE, systemd? You see how that might look from the eyes of any given company?

It becomes even more complicated when companies consider how accustomed to the idea of "free" (as in beer) Linux users are. Although I am very willing to pay for software on Linux, it's a rare occasion that I do (mostly because I haven't found a piece of must-have software that has an associated cost). Few companies will support the Linux desktop when the act of supporting means putting that much time and effort into a product that a large cross-section of users might wind up unwilling to pay the price of admission.</p>

Gee, it's as if he's catching on. Not mentioned: that Linux has less than 5% of the desktop market. <a href="">About 0.8% of the desktop, according to Wikipedia's statistics</a>, which we can probably take as a proxy for the web.
linux  dropbox 
august 2018 by charlesarthur
'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature • The Register
Thomas Claburn and Kat Hall:
<p>Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it.

Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software.

Intel explained its approach in its technical note about Spectre mitigation, titled Speculative Execution Side Channel Mitigations. Instead of treating Spectre as a bug, the chip maker is offering Spectre protection as a feature.

The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic.

Known for incendiary tirades, Torvalds does not disappoint. In a <a href="">message posted to the Linux kernel mailing list on Sunday</a>, he wrote, "As it is, the patches are COMPLETE AND UTTER GARBAGE."

"All of this is pure garbage. Is Intel really planning on making this shit architectural?" he asked. "Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here – talk to your managers."</p>

The full Torvalds rant is worth reading. Never one to hold back, ol' Linus.
linux  torvalds  intel  spectre  hacking 
january 2018 by charlesarthur
Web hosting provider pays $1 million to ransomware attackers • SecurityWeek.Com
Ionut Arghire:
<p>South Korean web hosting company Nayana agreed to pay $1 million in Bitcoin after a ransomware attack hit 153 Linux servers.

The attack took place June 10 and resulted in over 3,400 business websites the company hosts being encrypted. According to the Nayana’s initial announcement, the attacker demanded 550 Bitcoins (over $1.6 million) to decrypt the infected files. Following negotiations, they lowered the ransom demand to 397.6 Bitcoins (around $1.01 million).  

The payments, the company announced, will be made in three batches, and the attackers will decrypt the affected servers accordingly. Two payments were already made, and the company is currently in the process of recovering the data from the first two server batches.

The ransomware used in this attack, Trend Micro reveals, was Erebus, a piece of malware that was initially spotted in September 2016 and which was already seen in attacks earlier this year, when it packed Windows User Account Control bypass capabilities.

Apparently, someone ported the ransomware to Linux and is using it to target vulnerable servers. Running on Linux kernel, which was compiled back in 2008, Nayana’s website is vulnerable to a great deal of exploits that could provide attackers with root access to the server, such as DIRTY COW, Trend Micro notes.</p>

"Dear customer, a review of our ongoing costs means that regrettably we are having to raise hosting prices…"
ransomware  linux 
june 2017 by charlesarthur
Advanced CIA firmware has been infecting Wi-Fi routers for years • Ars Technica
Dan Goodin:
<p>Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks.

CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect. In all, documents say CherryBlossom runs on 25 router models, although it's likely modifications would allow the implant to run on at least 100 more.</p>

Not surprising in some ways: most routers run a stripped-down version of Linux and don't get updated (especially against security hacks), so find a vulnerability and you're pretty much guaranteed it will work for ages.
router  linux  cia  hack 
june 2017 by charlesarthur
Ubuntu Unity is dead: Desktop will switch back to GNOME next year • Ars Technica
Jon Brodkin:
<p>Six years after making Unity the default user interface on Ubuntu desktops, Canonical is giving up on the project and will switch the default Ubuntu desktop back to GNOME next year. Canonical is also ending development of Ubuntu software for phones and tablets, spelling doom for the goal of creating a converged experience with phones acting as desktops when docked with the right equipment.

Canonical founder Mark Shuttleworth explained the move in a blog post today. "I’m writing to let you know that we will end our investment in Unity8, the phone and convergence shell," he wrote. "We will shift our default Ubuntu desktop back to GNOME for Ubuntu 18.04 LTS," which will ship in April 2018.

This is a return to the early years of Ubuntu, when the desktop shipped with GNOME instead of a Canonical-developed user interface. Shuttleworth's blog post didn't specifically say that phone and tablet development is ending. But Canonical Community Manager Michael Hall confirmed to Ars that the Ubuntu phone and tablet project is over.</p>

Ah yes, the Ubuntu Edge - the phone that would become a PC! The Kickstarter that fell shorter of a giant target than any other! I <a href="">said at the time it was a quixotic idea</a>:
<p>Yes, you can put the notes into the cloud via Evernote or Dropbox - but in that case, why mess about with 128GB of storage? Why, in fact, not just sit down in front of a personal computer of whatever hue (Windows, Mac, Linux distro, Chromebook) and connect to your cloud services? What problem does having a dual-boot phone actually solve?

To my mind the category error that Shuttleworth and the Canonical team have fallen into here is to gaze upon the smartphone landscape, look upwards at the PC, and say "there's a gap there". There is. But it's already filled.</p>

Holds up OK; the case for the smartphone-PC still doesn't work, despite Samsung's latest efforts.
ubuntu  linux  canonical 
april 2017 by charlesarthur
2038: only 21 years away []
Jonathan Corbet:
<p>Sometimes it seems that things have gone relatively quiet on the year-2038 front. But time keeps moving forward, and the point in early 2038 when 32-bit time_t values can no longer represent times correctly is now less than 21 years away. That may seem like a long time, but the relatively long life cycle of many embedded systems means that some systems deployed today will still be in service when that deadline hits. One of the developers leading the effort to address this problem is Arnd Bergmann; at Linaro Connect 2017 he gave an update on where that work stands.</p>

And it's going to be cars that we'll probably have to worry about. And all the embedded systems put together a while back.
linux  2038 
march 2017 by charlesarthur
Linux's Munich crisis: Crunch vote locks city on course for Windows return • ZDNet
David Meyer:
<p>Munich's city council has resolved to draw up a plan for abandoning LiMux, a Linux distribution created especially for its use, which the mayor wants ditched in favor of Microsoft's Windows 10 by the end of 2020…

…At a Wednesday morning council meeting the coalition agreed to produce a draft plan for the migration, including cost estimates, before the council takes a final vote on the subject.

"The city council has not fully approved to change to Windows," confirmed Petra Leimer Kastan, a spokeswoman for the office of mayor Dieter Reiter.

However, Matthias Kirschner, president of the Free Software Foundation Europe said: "They have now stepped back a little bit because so many people were watching, but on the other hand it's very clear what they want."

Little over a decade ago, Munich completed a migration from Windows to LiMux that involved some 15,000 computers, reportedly cost over €30m. Today, most of the local authority's computers run LiMux, although some use Windows to run certain applications.

According to Munich's current administration, council staff members dislike the software they have to use each day, and the city needs to stick to one operating system: Windows.</p>

However it's not clear whether they're dissatisfied with LiMux, or the entire IT system they have to navigate. One suspects it's the combination, but that they might be able to fumble their way through on Windows.
windows  linux  munich 
february 2017 by charlesarthur
Security bug lifetime « codeblog
Kees Cook:
<p>In several of my <a href="">recent presentations</a>, I’ve discussed the lifetime of security flaws in the Linux kernel. Jon Corbet did an analysis in 2010, and found that security bugs appeared to have roughly a 5 year lifetime. As in, the flaw gets introduced in a Linux release, and then goes unnoticed by upstream developers until another release 5 years later, on average. I updated this research for 2011 through 2016, and used the Ubuntu Security Team’s CVE Tracker to assist in the process. The Ubuntu kernel team already does the hard work of trying to identify when flaws were introduced in the kernel, so I didn’t have to re-do this for the 557 kernel CVEs since 2011.</p>

Spoiler: it's still five years. Many eyes don't do much to bugs. Given how many IoT things rely on Linux, this is concerning.
bug  security  iot  linux 
october 2016 by charlesarthur
iPad-only is the new desktop Linux — Medium
Watts Martin on the differences between using a desktop OS and a mobile OS, such as the iPad Pro:
<p>Downloading an image from a web site, resizing and editing it in an image editor, and uploading it to WordPress — these are things that people do all the time and require coordination between multiple apps, yet don’t demand specific apps.

If you’re going to tell me “normal people” don’t do those tasks, please don’t. Quilters run blogs. Salespeople create presentations. And non-techie writers send revisions to editors. It’s us nerds who insist that iOS solves the “problem” of normal people who don’t understand the file system putting all their files on the desktop. But the desktop acts as shared document storage, which is something it turns out normal people sometimes need, and iOS does not solve that problem. Lecture me about the virtues of containers all you want, but there is no world in which having to use Dropbox as a temporary storage medium is a step forward.

“But <a href="">Workflow</a> — ”


Conceptually, I like Workflow. You can do some fantastic stuff with it. It’s kind of like Keyboard Maestro on the Mac. But you can do so much with KM that you can’t with Workflow, and while I know some people think Workflow is much easier to understand than KM or Automator, I can barely make heads or tails of Workflow’s UI. Workflow has an added ball and chain: switching between apps under iOS is, compared to the Mac, positively glacial.

But Workflow is an essential tool for being an iOS Power User, for that thrill of figuring out how to get relatively complex tasks done, right? Realizing that led me to a comparison that’s going to raise hackles, but here it is:

<em>Using iOS as your primary OS is like using desktop Linux</em>.</p>

It's definitely true that without Workflow, you can't get done a lot of tasks that require content editing and twiddling which usually straddle multiple apps done. It can take some time to figure out Workflow; you have to rethink what you consider "objects" in the normal scripting sense. (After some experimentation, I've figured out how to do my essential workflow for this post in Workflow.)
workflow  ipad  linux 
july 2016 by charlesarthur
Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads » ZDNet
Zack Whittaker:
<p>The surprise announcement of the hack was made Saturday by project leader Clement Lefebvre, who confirmed the news.

Lefebvre said <a href="">in a blog post</a> that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads.

The hacker responsible, who goes by the name "Peace," told me in an encrypted chat on Sunday that a "few hundred" Linux Mint installs were under their control [for a botnet] - a significant portion of the thousand-plus downloads during the day.

But that's only half of the story.

Peace also claimed to have stolen an entire copy of the site's forum twice -- one from January 28, and most recently February 18, two days before the hack was confirmed.

The hacker shared a portion of the forum dump, which we verified contains some personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords.

Those passwords might not stay that way for much longer. The hacker said that some passwords have already been cracked, with more on the way. (It's understood that the site used PHPass to hash the passwords, which can be cracked.)</p>

These days I operate on the default assumption that any site into which I put personal information will get hacked eventually. On that basis I'm parsimonious with such information.

Backdoors in Linux, though - not good. (Mint is reckoned to be the third most popular distro.)
linux  hacking 
february 2016 by charlesarthur
A skeleton key of unknown strength » Dan Kaminsky's Blog
Kaminsky is a security researcher of some renown; here is his take on the bug in glibc, a very widely used C library:
<p>Patch this bug.  You’ll have to reboot your servers.  It will be somewhat disruptive.  Patch this bug now, before the cache traversing attacks are discovered, because even the on-path attacks are concerning enough.  Patch.  And if patching is not a thing you know how to do, automatic patching needs to be something you demand from the infrastructure you deploy on your network.  If it might not be safe in six months, why are you paying for it today?

It’s important to realize that while this bug was just discovered, it’s not actually new.  CVE-2015-7547 has been around for eight years.  Literally, six weeks before I <a href="">unveiled my own grand fix to DNS</a> (July 2008), this catastrophic code was committed.

Nobody noticed.

The timing is a bit troublesome, but let’s be realistic:  there’s only so many months to go around.  The real issue is it took almost a decade to fix this new issue, right after it took a decade to fix my old one (DJB didn’t quite identify the bug, but he absolutely called the fix).  The Internet is not less important to global commerce than it was in 2008. Hacker latency continues to be a real problem.

What maybe has changed over the years is the strangely increasing amount of talk about how the Internet is perhaps too secure.  I don’t believe that, and I don’t believe anyone in business (or even with a credit card) does either. </p>

Wonder whose commit it was.
dns  linux  security 
february 2016 by charlesarthur
A Linux-powered microwave oven []
Neil Brown:
<p>Adding a smartphone-like touchscreen and a network connection and encouraging a community to build innovative apps such as recipe sharing are fairly obvious ideas once you think to put “Linux” and “microwave oven” together, but Tulloh's vision and prototype lead well beyond there. Two novel features that have been fitted are a thermal camera and a scale for measuring weight.</p>

The thermal camera provides an eight-by-eight-pixel image of the contents of the oven with a precision of about two degrees. This is enough to detect if a glass of milk is about to boil over, or if the steak being thawed is in danger of getting cooked. In either case, the power can be reduced or removed. If appropriate, an alert can be sounded. This would not be the first microwave to be temperature sensitive — GE sold microwave ovens with temperature probes decades ago — but an always-present sensor is much more useful than a manually inserted probe, especially when there is an accessible API behind it.

Just wait until you get onto the bit about making sure the door is shut (which is what stops you blasting the room with microwaves that would cook you).
linux  microwave  hack 
february 2016 by charlesarthur
Issue 3434 - android - Add APIs for low-latency audio - Android Open Source Project - Issue Tracker
On Tuesday, Apple released its <a href="">"Music Memos" app</a>, which is intended to let musicians (of any standard) record little musical thoughts that come to them on the guitar or piano directly to their iPhone or iPad, and add musical accompaniment.

Android doesn't have that, because as has been noted here before its audio latency is too long - over 10 milliseconds, which is the longest pro musicians can bear. So how long have developers been prodding Google to improve Android's audio latency?
<p>I am developer of real-time audio signal processing applications. I am interested in creating
applications for sale in the android marketplace, but found that android has no method for real-
time low latency audio.</p>

This is the first entry in a bug/feature request which continues to the present (latest entry is June 2015). The date of the entry? July 31, 2009 - slightly over nine months after the first Android phone. Is six and a half years a long time for a feature request to lie open? (And here's <a href="">Google's official list of device latencies</a>. Look for any at 10ms or below.)

Apple effectively gets 100% of the professional audience through this feature.
android  audio  linux 
january 2016 by charlesarthur
Detect and disconnect WiFi cameras in that AirBnB you’re staying in » Julian Oliver
<p>There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.

Thanks to Adam Harvey for giving me the push, not to mention for naming it.</p>

May be illegal to use this script in the US (not that that will stop people). Note how the sharing, trusting economy has its limits.
airbnb  camera  linux  privacy  security 
december 2015 by charlesarthur
Bypass Linux passwords by pressing backspace 28 times » Apextribune
Daniel Austin:
<p>if certain conditions are met (mostly the proper version of the OS), pressing the backspace key 28 time in a row will cause the computer to reboot, or it will put Grub in rescue mode, Linux’s version of Safe Mode.

This will provide the would-be hacker with unauthorized access to a shell, which he can then use to rewrite the code in the Grub2 in order to gain full unauthorized access to the machine.

From this point, anything is possible, since the hacker would be able to do anything he wanted to the computer.</p>

Vulnerable versions: Linux 1.98 (from 2009) through to the current 2.02 version.
linux  hack 
december 2015 by charlesarthur
​How to easily defeat Linux Encoder ransomware » ZDNet
Neat, from Steven Vaughan-Nichols:
<p>just crack open your files yourself.

You see the would-be cyber-criminals made a fundamental mistake. Their encryption method uses a faulty implementation of Advanced Encryption Standard (AES) to generate the encryption key. Specifically, as the anti-virus company Bitdefender reported, the "AES key is generated locally on the victim's computer. ... rather than generating secure random keys and IVs [initialization vector], the sample would derive these two pieces of information from the libc rand() function seeded with the current system time-stamp at the moment of encryption. This information can be easily retrieved by looking at the file's time-stamp."

Armed with this, it's trivial - well, for encryption experts - to find the key you need to restore your files. Since most of you don't know your AES from your Playfair, Bitdefender is <a href="">offering a free Python 2.7 script to obtain the Linux.Encoder key and IV for your containinated server</a>.</p>

They probably won't make the same mistake next time, though.
malware  security  linux 
november 2015 by charlesarthur

Copy this bookmark:

to read