Wednesday, January 30th, 2013

Time	Event
2:21p	China, GitHub and the man-in-the-middle (Greatfire) The Greatfire.org site has a detailed analysis of a man-in-the-middle attack apparently directed against Chinese Github users. "It’s clear that a lot of software developers in China rely on GitHub for their code sharing. Completely cutting access affects big business. GitHub may just be too important to block. That leaves the authorities in a real pickle. They can’t selectively block content on GitHub nor monitor what users are doing there. They also cannot block the website altogether lest they hurt important Chinese companies. This is where man-in-the-middle attacks make their entrance. By faking SSL certificates, the authorities can indeed intercept and track traffic to encrypted websites." (Comment on this)
2:44p	Booting Linux using UEFI can brick Samsung laptops (The H) The H reports that booting with UEFI can brick some Samsung laptop models; this can happen regardless of whether secure boot is enabled. "The Ubuntu development team has held talks with Samsung staff, who have identified the kernel's samsung-laptop driver as the prime suspect. This driver has previously had issues – it had caused problems for other Samsung laptop owners when booting Linux using UEFI. Also involved in analysing the problem is Intel developer Matt Fleming, who posted two kernel changes for discussion a week ago." (Comment on this)
2:53p	Kdenlive 0.9.4 released Version 0.9.4 of the Kdenlive video editor is out with a number of new features. "Kdenlive can now parse your clips to find the different scenes and add markers or cut the clip accordingly. The process is currently very slow but it's a start... Kdenlive can also now analyse an object's motion, and the result of this can be used as keyframes for a transition or an effect. For example, you can now have a title clip that follows an object." (Comment on this)
4:02p	[$] Glibc and the kernel user-space API We are accustomed to thinking of a system call as being a direct service request to the kernel. However, in reality, most system call invocations are mediated by wrapper functions in the GNU C library (glibc). These wrapper functions eliminate work that the programmer would otherwise need to do in order to employ a system call. But it turns out that glibc does not provide wrapper functions for all system calls, including a few that see somewhat frequent use. The question of what (if anything) to do about this situation has arisen a few times in the last few months on the libc-alpha mailing list, and has recently surfaced once more. (Comment on this)
6:39p	Wednesday's security updates Debian has updated rails (multiple vulnerabilities). Fedora has updated proftpd (F18; F17; F16: privilege escalation), asterisk (F18; F17; F16: denial of service), corosync (F18; F17: denial of service), and perl (F18: code execution). openSUSE has updated libqt4 (11.4: confusing SSL error messages). Ubuntu has updated nova (access controls bypass), glance (information leak), and inkscape (multiple vulnerabilities). (Comment on this)
10:28p	[$] LCA: Serval at the mobile miniconf Linux on mobile devices is a perpetually hot topic, but the discussion typically centers around Android, webOS, MeeGo, and other commercially backed operating system projects. The Mobile FOSS miniconf at linux.conf.au 2013 offered a decidedly different program, highlighting projects that pushed mobile computing in directions of little interest to phone carriers, such as the Serval project, which focuses on freeing mobile phones from the cellular infrastructure altogether. Click below (subscribers only) for the full report from LCA 2013. (Comment on this)

<< Previous Day

2013/01/30 [Calendar]

Next Day >>