Sign up for our Technology Newsletter 
nVidia Fixes Linux Bug
Nvidia has fixed an ancient problem in Ubuntu systems which turned the screen into 40 shades of black.
The problem has been around for years and is common for anyone using Nvidia gear on Ubuntu systems.
When opening the window of a new application, the screen would go black or become transparent. As it turns out, this is actually an old problem and there are bug reports dating back from Ubuntu 12.10 times.
However to be fair it was not Nvidia’s fault. The problem was caused by Compiz, which had some leftover code from a port. Nvidia found it and proposed a fix.
“Our interpretation of the specification is that creating two GLX pixmaps pointing at the same drawable is not allowed, because it can lead to poorly defined behavior if the properties of both GLX drawables don’t match. Our driver prevents this, but Compiz appears to try to do this,” wrote NVIDIA’s Arthur Huillet.
Soon after that, a patch has been issued for Compiz and it’s been approved. The patch would be pushed in Ubuntu 15.04 and is likely to be backported to Ubuntu 14.04 LTS.
RHEL Finally Available On IBM’s Power8
Comments Off on RHEL Finally Available On IBM’s Power8
IBM has made the Power8 version of the latest Red Hat Enterprise Linux (RHEL) beta available through its Power Development Platform (PDP) as the firm continues to build support for its Power systems.
IBM and Red Hat announced in December that RHEL 7.1 was adding support for the Power8 processor in little endian instruction format, as the beta release was made available for testers to download.
This version is available for developers and testers to download from today through the IBM PDP and at IBM Innovation Centres and Client Centres worldwide, IBM announced on its Smarter Computing blog.
“IBM and Red Hat’s collaboration to produce open source innovation demonstrates our commitment to developing solutions that efficiently solve IT challenges while empowering our clients to make their data centres as simple as possible so they can focus on core business functions and future opportunities,” said Doug Balog, general manager for Power Systems at IBM’s Systems & Technology Group.
The little endian support is significant because IBM’s Power architecture processors are capable of supporting little endian and big endian instruction formats. These simply reflect the order in which bytes are stored in memory.
The Power platform has long had Linux distributions and applications that operate in big endian mode, but the much larger Linux ecosystem for x86 systems uses little endian mode, and supporting this in Red Hat makes it much easier to port applications from x86 to Power.
Suse Linux Enterprise Server 12 launched last year with little endian support for the Power8 processor, as did Canonical’s Ubuntu 14.04 LTS.
However, Red Hat and Suse are understood to be continuing to support their existing big endian releases on Power for their full product lifecycles.
IBM sold off its x86 server business to Lenovo last year, and has focused instead on the higher value Power Systems and z Systems mainframes.
In particular, the firm has touted the Power Systems as more suitable for mission critical workloads in scale-out environments like the cloud than x86 servers, and has been forging partnerships with firms such as Red Hat through its OpenPower Foundation.
Is China Spying?
Security experts claim that a Chinese manufacturer has been installing malware in its hand-held scanners that steals supply chain data.
TrapX says infected scanners made by an unnamed Chinese manufacturer located in Shandong province have been sold to eight unnamed firms including a large robotics company. The manufacturer denied knowledge that its scanners and website-hosted software were infected.
Sixteen of the 48 scanners deployed at one firm were infected, TrapX found. They all successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data. The report Anatomy of the Attack: Zombie Zero said:
“Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations,”.
TrapX suspected the attacks dubbed Zombie Zero were backed by the Chinese government and were a bid to gain intelligence on either logistics firms or their customers.
Is RedHat Being Open?
Red Hat has responded to claims that its implementation of Openstack isn’t as open as it should be.
A report at the Wall Street Journal this week suggested that Red Hat was blocking customers from using alternatives to the bespoke version of Openstack that it offers.
Red Hat provides Openstack with extended support by the company, however in spirit of open source, users should be entitled to use another vendor’s Openstack software, the generic Openstack, or create their own fork.
In reality though, the Wall Street Journal report suggests that Red Hat customers have been advised that Red Hat will not support mixed vendor software, that it has claimed it would cost the company too much to support multiple Openstack distributions and that Red Hat Linux and Red Hat Openstack are too closely intertwined to be separated.
Openstack’s open character is part of what makes it what it is, it’s embedded in the name, and Red Hat has been quick to distance itself from the report, though it does hedge a bit.
In a blog post, Paul Cormier, president of the company’s Products and Technologies division said, “Red Hat believes the entire cloud should be open with no lock-in to proprietary code. Period. No exceptions. Lock-in is the antithesis of open source, and it goes against everything Red Hat stands for.”
However, he went on to warn, “[Red Hat Enterprise Linux OpenStack Platform] requires tight feature and fix alignment between the kernel, the hypervisor, and Openstack services. We have run into this in actual customer support situations many times.”
In other words, its advice to customers is seemingly ‘of course you can do it, but you’d have to be a bit daft’.
He went on to explain, “Enterprise-class open source requires quality assurance. It requires standards. It requires security. Openstack is no different. To cavalierly ‘compile and ship’ untested Openstack offerings would be reckless. It would not deliver open source products that are ready for mission critical operations and we would never put our customers in that position or at risk.”
Which suggests that Red Hat will let you use your own version, unless it’s not happy with it, in which case it won’t.
In a swipe at HP, Cormier concluded by attacking its rival, saying, “We would celebrate and welcome competitors like HP showing commitment to true open source by open sourcing their entire software portfolio.”
HP, which recently launched its HP Helion brand for Openstack, would probably argue that it has already done this, so the war of words might just be beginning.
Dell RedHat Join Forces
The Dell Red Hat Cloud solution, a co-engineered, enterprise grade private cloud, was unveiled at the Red Hat Summit on Thursday.
The Openstack-based service also includes an extension of the Red Hat partnership into the Dell Openshift Platform as a Service (PaaS) and Linux Container products.
Dell and Redhat said their cloud partnership is intended to “address enterprise customer demand for more flexible, elastic and dynamic IT services to support and host non-business critical applications”.
The integration of Openshift with Redhat Linux is a move towards container enhancements from Redhat’s Docker platform, which the companies said will enable a write-once culture, making programs portable across public, private and hybrid cloud environments.
Paul Cormier, president of Products and Technologies at Red Hat said, “Cloud innovation is happening first in open source, and what we’re seeing from global customers is growing demand for open hybrid cloud solutions that meet a wide variety of requirements.”
Sam Greenblatt, VP of Enterprise Solutions Group Technology Strategy at Dell, added, “Dell is a long-time supporter of Openstack and this important extension of our commitment to the community now will include work for Openshift and Docker. We are building on our long history with open source and will apply that expertise to our new cloud solutions and co-engineering work with Red Hat.”
Dell Red Hat Cloud Solutions are available from today, with support for platform architects available from Dell Cloud Services.
Earlier this week, Red Hat announced Atomic Host, a new fork of Red Hat Enterprise Linux (RHEL) specifically tailored for containers. Last year, the company broke bad with its Fedora Linux distribution, codenamed Heisenbug.
Source
Malware Targets Job-seekers
April 10, 2014 by admin
Filed under Around The Net
Comments Off on Malware Targets Job-seekers
A new version of the Gameover computer Trojan is targeting job hunters and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.
Gameover is one of several Trojan programs that are based on the infamous Zeus banking malware, whose source code was leaked on the Internet in 2011. Like Zeus, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers.
The ability to inject content into browsing sessions in real time has traditionally been used by computer Trojans to steal online banking credentials and financial information. However, cybercriminals are increasingly using this technique to compromise other types of accounts as well.
For example, in February, researchers from security firm Adallom found a Zeus variant that stole Salesforce.com log-in credentials and scraped business data from the compromised accounts.
The latest development involves a new Gameover variant that contains a configuration file to target Monster.com accounts, one of the largest employment websites in the world, security researchers from antivirus firm F-Secure said.
“A computer infected with Gameover ZeuS will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” they said.
After the victims authenticate through the rogue Web form the malware injects a second page that asks them to select and answer three security questions out of 18. The answers to these questions expose additional personal information and potentially enable attackers to bypass the identity verification process.
Targeting Monster.com is a new development, but the Gameover malware had already been targeting CareerBuilder.com, another large employment website, for some time.
Recruiters with accounts on employment websites should be wary of irregularities on log-in pages, especially if those accounts are tied to bank accounts and spending budgets, the F-Secure researchers said. “It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentication beyond mere security questions.”
The authors of the Gameover Trojan program have been particularly active recently. In early February researchers from security firm Malcovery Security reported that a new variant of Gameover was being distributed as an encrypted .enc file in order to bypass network-level defenses. Later that month researchers from Sophos detected a Gameover variant with a kernel-level rootkit component that protected its files and processes, making it harder to remove.
Unlike most other Zeus spinoffs, Gameover is also using peer-to-peer technology for command-and-control instead of traditional hosted servers, which improves its resilience to takedown efforts by security researchers.
Red Hat Releases Fedora 19
Red Hat has released Fedora 19, codenamed Schrödinger’s Cat, which has support for 3D printing and is the first to use MariaDB as its default SQL database instead of Oracle’s MySQL.
Red Hat’s Fedora Linux distribution is the testing ground for the firm’s hugely successful Enterprise Linux (RHEL) distribution, and for that reason it heralds what will appear in future releases of RHEL. The firm’s Fedora 19 release brings support for 3D printing through OpenSCAD, Skeinforge, SFACT, Printrun and Repetierhost, and it is the first release to make MariaDB the default SQL database server implementation in place of Oracle’s MySQL.
The Fedora Project was criticised for delaying its Fedora 18 release, however Fedora 19 appeared on time. Fedora’s latest release includes Gnome 3.8 and the capability to enable Gnome Classic, a Gnome 2 type user interface, along with KDE Plasma 4.10 and Mate 1.6, with other window managers such as Xfce and Lxde available in different spins.
As Red Hat sponsors the Fedora Project it is not surprising to see Fedora include Openshift, the firm’s platform as a service infrastructure. Fedora 19 also includes node.js and Ruby 2.0, but arguably its biggest move is away from Oracle’s MySQL to the community maintained MariaDB fork, which suggests that eventually RHEL will make MariaDB its default SQL database implementation.
The Fedora Project has said that work on Fedora 20 has been in active development for several months and it plans to release that in November.
Fedora 19 is available for download from regional mirrors and users can also use Fed Up to upgrade from previous versions of the distribution.
Microsoft Gives Money To Hackers
Microsoft has given out more than $250,000 in prize money to Black Hat hackers who found ways to protect its software. Redmond’s first Blue Hat prize were unveiled at a hip club at a mobbed party complete with dancers, high-energy DJ, and explosions of shimmering confetti.
The top prize of $200,000 went to doctoral student Vasilis Pappas. Pappas came up with a method to countering “the most popular attack technique” that Redmond is seeing at the moment. This is called Return-Oriented Programming which is a hacker technique that is often used to disable or circumvent a program’s computer security controls. Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running.
Microsoft security response center senior director Mike Reavey said that Redmond posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks.
Red Hat Outs Fedora 17
Red Hat has released its Fedora 17 ‘Beefy Miracle’ distribution just over a month after Canonical released its Ubuntu 12.04 distribution.
The Red Hat sponsored Fedora project serves as the proving ground for new features that eventually end up in the firm’s Red Hat Enterprise Linux (RHEL) operating system. Now Red Hat has announced that it has released Fedora 17 including updates to Gnome, Eclipse, GIMP and Openstack along with numerous patches.
Canonical’s Ubuntu Linux distribution might have shunned Gnome 3 in favour of its Unity desktop interface but Red Hat continues to stick with Gnome in Fedora, shipping Gnome 3.4 as its default window manager. Fedora 17 also includes GIMP 2.8 and Openstack Essex, while developers who like to live on the edge can run Eclipse Juno, the full release of which is expected later this year.
Fedora project leader Robyn Bergeron said, “I am extremely proud of the Fedora 17 release. The addition of projects such as Ovirt [virtual machine management] and JBoss Application Server 7, enhancements in Openstack, and continued support for fresh releases of desktop environments demonstrate the Fedora Project’s commitment to deliver rich features and capabilities. This, combined with our leading-edge innovations at the operating-system level, truly makes Fedora 17 a comprehensive and robust operating system for all types of users.”
Will Linux See Growth Next Year?
Canonical has said it expects Ubuntu to ship on 18 million PCs next year.
Having just launched Ubuntu 12.04, Canonical is bullish about its future, with Chris Kenyon, its VP of sales and business development forecasting that the firm’s operating system will ship on 18 million machines in 2013. According to Phoronix, Kenyon claimed that will amount to five per cent of worldwide PC shipments.
Kenyon’s prediction represents more than double the number of PCs shipped currently with Ubuntu and while that might seem optimistic the firm has been on a roll when it comes to OEM support. Prior to Canonical’s launch of Ubuntu 12.04 it announced certification for HP Proliant servers, and yesterday it revealed that it has been working with Dell on an Ubuntu image for Dell’s headline XPS 13 ultrabook.
Although Kenyon mentioned PC unit sales, it is unlikely to forecast a similar growth in servers pre-installed with Ubuntu despite the firm’s certification for some Proliant servers.
Kenyon believes that most firms buy bare metal servers and load their own tweaked images. He said, “As a point of fact the vast majority of this [Ubuntu on servers] is not sold pre-installed. […] Pre-install in the server market is just irrelevant, it is not how the market works. Even when something gets pre-installed an enterprise will wipe it because they will have their own image. [OS pre-installation] is a distraction [for servers, but] it’s a very applicable question in the client world.”