Tag Archives: linux

Wine 4.11 Brings Ability To Enumerate Display Devices, Updated Mono


WINE --

Wine 4.11 is out tonight as the latest bi-weekly development release for running Windows games/applications on Linux and other platforms.

With Wine 4.11 is initial support for enumerating display devices. In particular, a Xinerama display device handler is added to the Wine X11 driver and the ability to handle display device changes.

Wine 4.11 also ships with an updated version of the Mono engine, more DLLs are now built as PE files by default (continuing a recent trend), there is a faster implementation of slim reader/write locks on Linux, and various bug fixes.

Just 17 bug fixes made it into Wine 4.11, which is rather low compared to some bi-weekly development snapshots carrying dozens. Among these 17 fixes are fixes for software like SWAT4, Max Payne 3, Catzilla, Fallout 4, applications using Chromium Embedded Framework, and Nero CoverDesigner.

More details on Wine 4.11 at WineHQ.org.


In Zuck We Trust: Facebook to Launch Own Cryptocurrency | Privacy


Facebook’s plans
to mint its own digital coin next year will test the company’s consumer credibility. After being savaged for months for its cavalier attitude toward users’ privacy, the social network will be asking those same users to trust its new cryptocurrency.

The currency, called “Libra,” will be stashed in a digital wallet, the first product of new Facebook financial services subsidiary Calibra, announced Tuesday. The wallet will be available in Messenger and WhatsApp, as well as in a standalone program.

Facebook's Calibra

Calibra will let users send Libra to almost anyone with a smartphone as easily as sending a text message, and with low to no cost, Facebook has pledged. That could give some consumers amnesia about Facebook’s sordid past, at their peril.

“If Facebook has this financial information about me, will they target me in different ways?” asked Josh Crandall, CEO of NetPop Research, a market research and strategy consulting firm in San Francisco.

“That’s something that consumers will have to evaluate on their own because I don’t think they can trust Facebook with the information that they give it today,” he told TechNewsWorld.

Don’t Believe the Hype

Facebook promised to take steps to protect the privacy of Calibra users.

Aside from limited cases, Calibra will not share account information or financial data with Facebook or any third party without customer consent, the company said. This suggests Calibra customers’ account information and financial data will not be used to improve ad targeting on the Facebook family of products.

The limited cases in which data may be shared align with Facebook’s need to keep people safe, comply with the law, and provide basic functionality to the people who use Calibra, the company explained. Calibra will use Facebook data to comply with the law, secure customers’ accounts, mitigate risk and prevent criminal activity.

“No one should ever believe anything that Facebook says, especially after reading
Sam Biddle’s article in The Intercept,” said
Jeffrey Carr, managing director of Reel Holdings, a cryptocurrency and entertainment company in Jackson, Wyoming.

Biddle’s piece, published last week, is about a class action lawsuit against Facebook over the sharing of user data with Cambridge Analytica, and later with advisers to Donald Trump’s presidential campaign, without user permission.

Only months after Facebook CEO Mark Zuckerberg first outlined his “privacy-focused vision for social networking” in a 3,000-word post on the social network he founded, his lawyers were explaining to a California judge that privacy on Facebook is nonexistent, Biddle pointed out.

“I fear that consumers will believe Facebook instead of being cautious of the marketing hype,” Carr told TechNewsWorld.

“This cryptocurrency should be avoided at all costs,” he said of Libra.

‘An iPhone Moment’

It will be a battle for Facebook to change it’s culture to operate in financial services, Crandall said.

“The world has come to understand that Facebook has not upheld our trust to manage our privacy. It’s eviscerated privacy for its own gains,” he maintained. “The question is, will Facebook’s culture change to support an infrastructure that is trustworthy of our financial information?”

Privacy will be a legitimate concern for Calibra, noted Steven Eliscu, executive vice president of corporate development at
DMG Blockchain, a blockchain and cryptocurrency company based in Vancouver, Canada.

“Just as Alipay and WeChat Pay are vehicles to potentially allow the Chinese government to monitor the transactions of its citizens, in a similar way Facebook could allow transaction data to be used in a way that invades user privacy,” he told TechNewsWorld.

“Given ongoing news about Facebook in this regard, we expect privacy concerns to remain at the forefront,” Eliscu said.

Nevertheless, Libra is a significant development for digital money, he added.

“While the Facebook payment system is an in-network permissioned blockchain that does not fulfill the ‘Satoshi vision’ of an open, un-censorable, public blockchain free from government control,” Eliscu pointed out, “the launch of Libra may nonetheless be looked upon as an ‘iPhone moment’ similar to Steve Jobs showing us in early 2007 a prototype of the smartphone as we know it today — an event which transformed the technology industry.”

Secure Wallet

The Calibra wallet uses strong protections to keep a user’s money and information safe, according to Facebook.

“We’ll be using all the same verification and anti-fraud processes that banks and credit cards use, and we’ll have automated systems that will proactively monitor activity to detect and prevent fraudulent behavior,” it said. “We’ll also offer dedicated live support to help if you lose your phone or your password, and if someone fraudulently gains access to your account and you lose some Libra as a result, we’ll offer you a refund.”

However, unlike the digital wallets of companies like Apple and Google, which contain specialized hardware to secure the wallet, Facebook’s wallet is software-based.

“Hardware wallets are the only secure digital wallets,” Reel Holdings’ Carr said. “Software wallets are just a waiting game for the inevitable compromise.”

Regulatory Challenges

Libra can give the cryptocurrency sector a boost by giving it something other digital money schemes can’t: an exchange medium.

“While bitcoin remains an excellent store of value, bitcoin — as well as most other cryptocurrencies used on public blockchains — are not ideal to be used as a medium of exchange,” DMG’s Eliscu remarked.

The key attributes of a medium of exchange are that it is widely accepted and relatively stable in value, he noted.

“As Facebook has 2.4 billion monthly average users and Libra is reported to be tied to the U.S. dollar, it has the immediate opportunity to fulfill this use case,” Eliscu added.

There will be some regulatory challenges facing Libra, observed Aurelie L’Hostis, a senior analyst with Forrester Research, a market research company headquartered in Cambridge, Massachusetts.

“The Cambridge Analytica scandal has exposed the social network’s lapses of data privacy and security, and the news comes at a time when Facebook is under intense pressure from regulators, shareholders and users to address privacy shortcomings,” she told TechNewsWorld.

“Now that Facebook is reaching out to financial firms and payments service providers to join the Libra consortium to help them launch their cryptocurrency-based payments system,” L’Hostis said, “we can expect regulators and governments to raise questions regarding Facebook’s financial data collection and management process, and whether that system meets all legal and regulatory requirements.”


John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.





Source link

Firefox Users Warned to Patch Critical Flaw | Cybersecurity


Mozilla is urging users of its Firefox browsers to update them immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk.

The vulnerability, CVE-2019011707, is a type confusion in Array.pop. It has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1.

Mozilla announced the patch Tuesday, but the vulnerability was discovered by Samuel Gro of Google Project Zero on April 15.

Mozilla implemented the fix after digital currency exchange Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.

“On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign,” Selena Deckelmann, senior director, Firefox Browser Engineering, told TechNewsWorld. “In less than 24 hours, we released a fix for the exploit.”

The Significance of the Coinbase Hack

Hackers have been going after cryptocurrency with a vengeance. There have been as many
attacks in the first half of this year as there were through the whole of last year, according to Cointelegraph.

So far this year, tens of millions of dollars’ worth of cryptocurrencies been stolen have from exchanges, Cointelegraph said.

Cybercriminals
00000stole nearly one billion dollars’ worth of cryptocurrency by Q3 last year, Ciphertrace reported.

The attack on Coinbase is in keeping with the trend.

The exchange has been targeted repeatedly. In 2018, a
string of hacks cost it more than 40 bitcoins.

In January, Coinbase temporarily
froze all trading on Ethereum Classic after it detected an attack on the cryptocurrency’s network.

The spearphishing attacks could be an attempt to gain control of the majority of a blockchain network’s power, in what’s called a ”
51 percent attack.”

David Vorick, cofounder of blockchain-based file storaeg platform SIA declared 2019 the
year of the 51 percent attack.

Technical Details of the Flaw

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, Mozilla said.

An array in JavaScript is a single variable used to store multiple elements. It often is used when devs want to store a list of elements and access them with a single variable.

A type, or data type, is an attribute of data that tells the compiler or interpreter how the programmer intends to use the data. It constrains the values that an expression such as a variable or a function might take, defining the operations that can be carried out on the data, the meaning of the data, and the way values of that type can be stored.

Type confusion occurs when a program uses one type to allocate or initialize a resource, such as an object, pointer or variable, but later uses another type that is incompatible with the first to access that resource. That can trigger logical errors because the resource does not have the expected properties. In some cases, it can lead to code execution.

The pop() method removes the last element from an array, returns that element, and changes the array’s length.

“Array.pop is usually used with Array.push to delete and add new values to the array by developers,” remarked Usman Rahim, digital security and operations manager at The Media Trust.

“This technique is also used by many malicious actors to shuffle obfuscated malicious code during execution,” he told TechNewsWorld.

The Threat Level

Gro said the flaw can be exploited for remote code execution (RCE) and for universal cross-site scripting (UXSS).

Both methods have been used widely in past hack attacks.

RCE “will have the user at an attacker’s mercy by thoroughly compromising the application and the Web server,” Rahim said. Sophisticated attackers who know what they are looking for “can deal a severe blow.”

UXSS is just as dangerous because it opens gates for attackers to inject malicious code and bypass or disable the browser’s security features, he noted. It “can also be used as a first step to disable security in conjunction with other attacks.”

Most exploits reported “are theoretical without evidence of active use,” said Rob Enderle, principal analyst at the Enderle Group.

“This one has evidence of active use, meaning it’s known and already people are taking advantage of it,” he told TechNewsWorld.

“Given it was used in an attack, it’s very dangerous, but it has been fixed,” Enderle said. “This showcases that keeping your software products, particularly browsers, patched and up to date is incredibly important. Patching remains your best defense.”


Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology.
Email Richard.





Source link

Bzip2 Is About To See Its First Real Update In Close To A Decade


FREE SOFTWARE --

The Bzip2 open-source compression program is about to see its first real release since September 2010. This new version brings new build systems, security fixes, and much more.

Earlier this month we wrote about Bzip2 seeing a revival under new maintainership. With Federico Mena-Quintero having taken the reigns from Bzip2 creator Julian Seward, he’s busy working on this imminent 1.0.7 release as well as longer-term plans like potentially porting parts of the program to Rust.

With the Bzip2 1.0.7 release coming soon, there is now Meson build system support given all the popularity of this cross-platform and speedy build system that’s exploded in popularity recently. Additionally, there is also a CMake build system for other use-cases.

As there’s been no official Bzip2 release in nine years, various Linux distributions have been carrying their own patches to address compile-time issues, security problems. bugs, etc. Many of those distribution patches are also now in the upstream Bzip2 code-base for the v1.0.7 milestone. Also included in this release is a brand new fix for a CVE security issue in Bzip2 around a possible out-of-bounds write.

More details on the upcoming Bzip2 1.0.7 release via this blog post by Federico.


With Regolith, i3 Tiling Window Management Is Awesome, Strange and Easy | Reviews


By Jack M. Germain

Jun 20, 2019 10:33 AM PT

With Regolith, i3 Tiling Window Management Is Awesome, Strange and Easy

Regolith Linux brings together three unusual computing components that make traipsing into the i3 tiling window manager world out-of-the-box easy.

Much of the focus and attraction — as well as confusion — for newcomers to the Linux OS is the variety of desktop environments available. Some Linux distributions offer a range of desktop types. Others come only with a choice of one desktop.

i3 provides yet another option, but it is a much different choice that offers an entirely new approach to how you interact with the operating system.

Window managers usually are integrated into a full-fledged desktop system. Window managers control the appearance and placement of windows within the operating system’s screen display. A tiling window manager goes one step further. It organizes the screen display into non-overlapping frames rather than stacking overlapping windows.

The i3 tiling window manager in Regolith Linux serves as what essentially becomes a standalone pseudo desktop. It automatically arranges windows so they occupy the whole screen without overlapping.


Regolith Linux desktop

An otherwise barren desktop quickly gets crowded with equal-sized tiled windows. Here we see the Firefox Web browser on the left, Control Panel in the center, and a LibreOffice document on the right.

– click image to enlarge –


Regolith Linux brings together three computing elements not found anywhere else. It is part Ubuntu’s ubiquity, part i3-wm’s efficient and productive interface, and part GNOME’s system configuration features.

Different Strokes

Regolith Linux is designed for people who prefer a spartan interface with polished and consistent system management. You will not find many distros using the i3 tiling window manager.

The few distros that offer i3 as a sort of desktop option are built into Arch-based distros. The i3 wm components usually need elaborate installation and detailed configuration steps. That becomes a deterrent to trying the tiling window manager.

Regolith Linux changes all that. Developer Ken Gilmore stuffed the i3 tiling window manager into Ubuntu for stability and easy access. If you download the live CD version, you get a ready-to-go Regolith distro with all the Ubuntu software infrastructure.

Another option is to add the Regolith Ubuntu PPA to an existing Ubuntu 18.04 (Bionic) or 19.04 (Disco) system and swap out the Ubuntu desktop with Regolith’s tweaked i3 tiling window manager replacement.

Release 1.0 is based on Ubuntu 18.04; release 1.1 is based on Ubuntu 19.04. Either version will update to the latest files.

“All Regolith packages work fine on Ubuntu 18.04 and 19.04. Essentially the goal is to create something simple, polished and productive,” Gilmore told LinuxInsider.

New Approach

Regolith Linux is very new. Gilmore released the first edition of the Ubuntu installer with the Regolith distro on April 19. The PPA installation on an existing Ubuntu instance is about one year older, first appearing around March 2018.

“There are still many rough edges to be addressed, of course, but overall I feel the interface is particularly compelling to those that would like to work efficiently,” said Gilmore.

Almost all of the developmental work goes into little things that most people do not notice, he added. He sees that work as 90 percent polish.

His plans for continued development include keeping the 1.x development focused on the strategy of using existing open source projects and customizing them as needed to provide the best possible user experience with i3. However, he does not plan to get into actually changing any upstream code.

“I plan on releasing a 2.x development track which is more ambitious in that I plan to modify several UI (user interface) components that Regolith relies on (i3bar, Rofi, gnome-flashback) to further simplify and polish the user workflow. This is a longer-term goal, and I don’t really have specifics yet,” he explained, apart from lots of ideas.

Those UI improvements involve reducing the bar to only a few pixels deep and pushing a lot of the ambient information such as date/time and workspace map to a full-screen modal similar to the way Rofi (a window switcher) is rendered for program launching (Super-space).

More Work Ahead

Since the i3 window manager is largely a keyboard-driven interface, very little in the way of a graphical user display exists in Regolith Linux. The control panel is accessed with the keyboard shortcut Super key + c, for example. Once the control panel launches, you can arrow down a list of settings or use the mouse.

The default key bindings are kept in a .config file that is edited using the gEdit text editor. Gilmore plans to make UI changes more aggressively in the 2.x development. He passes along all developmental changes directly as rolling release updates.


Regolith Linux File Manager

The left window shows the File Manager in the .config folder. The right window displays the Regolith.config file in a text editor.

– click image to enlarge –


The developer issues updates to two PPAs: regolith-unstable for testing and regolith-stable. Once package updates have been pushed to regolith-stable, both PPA users, as well as distro users, get the updates via Ubuntu’s package update mechanism.

“I will add more ISO versions if needed but do not have a specific schedule or plan for global versioning. In fact, that Regolith is a distribution at all is simply because that is the best way for a lot of users to get the software,” noted Gilmore. “Users are familiar with the ISO approach, whereas PPA installations may be too technical.”

Keen on User Focus

Ultimately, Gilmore said it is not his goal to “capture” users or empire-build. In fact, he has documentation on
regolith-linux.org for users who wish to build their own thing or revert back to stock Ubuntu.

Regolith makes no attempt to hide the fact that it’s just Ubuntu with a different desktop environment, according to the developer. From my view, he would be perfectly justified in establishing Regolith Linux as a distro in its own right.

Familiarity with GNOME and Ubuntu help more experienced users settle into using the i3 window manager as a desktop environment, although the tweaking and integration Gilmore devised brings a whole new look and feel. If you are new to Linux or do not know Ubuntu, Regolith Linux *IS* a unique distro experience.

Gilmore plans to utilize configuration strategies that make it easier for neophytes to play around and share bits of configuration. He wants to make it easy to roll back changes when something goes wrong.

“And I would like to incorporate some of the subtle transitional animation elements we have come to expect with mobile UIs.,” Gilmore said. “Additionally, a lot of work remains for documentation. I want to provide a much more inclusive first-time user experience which gives a new user the ‘big picture’ and walks them through the UI, how to do things, etc., rather than just dropping them to a desktop with a cheat-sheet window.”

On the website, Gilmore wants to provide a full how-to section for people to build their own Regolith-like projects. Debian packaging was really hard for him to learn relative to the complexity of what the process involves. His goal is to help others if he can.

Common Ground Draws Users to Linux

Computer users do not have to be spoon fed what the megacorps want customers to use, according to Gilmore. Regular people often produce far more beautiful and creative environments than those from large software companies, regardless of how talented their designers are.

“How we interact with our computers is our choice to make,” said Gilmore.

When asked to describe the typical person interested in his new distro, his response underscored what makes Linux so inviting: “I think of myself around 2017 when I came to the realization that the Mac platform was a dead-end for professional developers. I had no idea what I should use next, as long as it wasn’t any of the ‘stock’ desktops (windows/mac/ubuntu).”

Not that anything is wrong with Ubuntu by default, Gilmore clarified, noting that it is designed for people who prefer the traditional Windows/Mac UI metaphors.

“For me, Windows was out by default and so that left Ubuntu, as my employer only allows that version of Linux due to IT management and security concerns,” he said.

Taking a Test Drive

Regolith is visually spartan by design so it is not a distraction. It has no icons, docks, panels, menus or widgets taking up screen space.

A small bar at the bottom of the screen shows information such as workspaces on the left end and system status indicators on the right end.

That is the extent of any similarity to an Ubuntu desktop of any variety — or any other Linux distro interface for that matter. The window header does display the expected icons to minimize/maximize, resize, or open window menus. However, they are just a throwback to their GNOME Ubuntu roots. The only window icon that actually works is the X to close the window.

If you are comfortable with terminal boxes and their commands, you can do absolutely anything you want without the missing GUI, right-click on the mouse, icons on the desktop or cascading menus. All it takes to open a terminal window is to use the default keyboard shortcut Super Key+Enter key.

Otherwise, press the Super Key+Space bar to get a scrollable list of installed applications. Just use the up/down arrows on the keyboard. You can point to a title on the center of the screen.


Regolith Linux Super+space keys

The Super+space keys launch the applications list in the center of the screen, leaving the keyboard shortcut list shaded but visible on the right.

– click image to enlarge –


Just do not click on it. Nothing happens. Instead, press the enter key to launch the program. You can close the menu list with the escape key.

Navigating the Desktop

One of the most glaring interface hurdles for me was adjusting to the workspace landscape. i3 has no workplace switcher applet on the bottom panel.

Key mappings are already configured. Press the Super key and a number to jump to that workspace instantly. By default, Regolith has 19 workspaces waiting for you.

Each new workspace you open has its own small colored box that sits with its number in the left end of the bottom of the screen. You rotate among the workspaces with the Super key+number keyboard shortcut.

In any workspace, you can open as many applications as you want or need. The first one opens full screen. The second one changes the screen display to two equal shares. The third one automatically divides the screen into three windows of equal size.

Everything stays in view so there is no need for the Alt-Tab window switching feature. You have no scale or expo animation displays either

Bottom Line

Overall, i3’s minimal visual design does not prevent you from using a modern system with file management features. They are all available, but you must access them differently.

Every workplace screen shows a vertical Konky-style panel with a list of the most commonly used keyboard shortcuts. You can change the default keyboard bindings or add new ones by going into the File Manager, selecting the Show Hidden Files option, and opening the Regolith.config file in the text editor.


Regolith Linux Activated workspaces

Each workspace screen shows the keyboard binding Konky display, a vacant desktop, and bare minimum details on the bottom bar. Activated workspaces are shown as different-colored squares on the left end of the bar.

– click image to enlarge –


Study the syntax pattern from what is already there. Then add your own comment line and the new mapping or edit an existing one. Remember to save the file.

If you decide to tackle this awesome but strange i3 tiling window manager environment, be sure to read through the developer’s
Getting Started guide.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please
email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link