• chevron_right

      One engineer’s curiosity may have saved us from a devastating cyber-attack | John Naughton

      news.movim.eu / TheGuardian · Saturday, 6 April - 15:00 · 1 minute

    In discovering malicious code that endangered global networks in open-source software, Andres Freund exposed our reliance on insecure, volunteer-maintained tech

    On Good Friday, a Microsoft engineer named Andres Freund noticed something peculiar. He was using a software tool called SSH for securely logging into remote computers on the internet, but the interactions with the distant machines were significantly slower than usual. So he did some digging and found malicious code embedded in a software package called XZ Utils that was running on his machine. This is a critical utility for compressing (and decompressing) data running on the Linux operating system, the OS that powers the vast majority of publicly accessible internet servers across the world. Which means that every such machine is running XZ Utils.

    Freund’s digging revealed that the malicious code had arrived in his machine via two recent updates to XZ Utils, and he alerted the Open Source Security list to reveal that those updates were the result of someone intentionally planting a backdoor in the compression software. It was what is called a “supply-chain attack” (like the catastrophic SolarWinds one of 2020 ) – where malicious software is not directly injected into targeted machines, but distributed by infecting the regular software updates to which all computer users are wearily accustomed. If you want to get malware out there, infecting the supply chain is the smart way to do it.

    Continue reading...
    • chevron_right

      German state gov. ditching Windows for Linux, 30K workers migrating

      news.movim.eu / ArsTechnica · Friday, 5 April - 19:03

    many penguins

    Enlarge (credit: Getty )

    Schleswig-Holstein, one of Germany’s 16 states, on Wednesday confirmed plans to move tens of thousands of systems from Microsoft Windows to Linux. The announcement follows previously established plans to migrate the state government off Microsoft Office in favor of open source LibreOffice.

    As spotted by The Document Foundation , the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings.

    In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years.

    Read 19 remaining paragraphs | Comments

    • chevron_right

      Bank of England investigating claim Metro Bank put customers’ data at risk

      news.movim.eu / TheGuardian · Sunday, 31 March - 14:40

    Exclusive: Whistleblower raised concerns about security of in-branch coin-counter software

    The Bank of England is examining claims that the high street lender Metro Bank allegedly put customers’ data at risk by misusing software at the centre of a long-running legal dispute.

    Last month, the central bank’s whistleblowing team was contacted by a person raising concerns about the integrity and security of software used to connect Metro Bank’s in-branch coin-counters – known as Magic Money Machines – to customer accounts.

    Continue reading...
    • chevron_right

      Police in England and Wales fail to catch any car thieves in 100 neighbourhoods

      news.movim.eu / TheGuardian · Sunday, 31 March - 04:00

    An investigation has revealed soaring numbers of unsolved vehicle crimes, with some inquiries into car thefts closed within 24 hours

    Police failed to catch any criminals who stole a car in more than 100 neighbourhoods across England and Wales last year, analysis by the Observer has revealed.

    A further 558 neighbourhoods with an average of at least one vehicle crime a week saw less than 2% solved, with a suspect caught and charged, according to figures published on data.police.uk , a site for open data on crime and policing.

    Continue reading...
    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Friday, 29 March - 10:23 edit · 1 minute

    Lyle Smith reports via StorageReview.com: Proxmox has introduced a new import wizard for Proxmox Virtual Environment (VE), aiming to simplify the migration process for importing VMware ESXi VMs. This new feature comes at an important time in the industry, as it aims to ease the transition for these organizations looking to move away from VMware's vSphere due to high renewal costs. The new import wizard is integrated into Proxmox VE's existing storage plugin system, allowing for direct integration into the platform's API and web-based user interface. It offers users the ability to import VMware ESXi VMs in their entirety, translating most of the original VM's configuration settings to Proxmox VE's configuration model (all while minimizing downtime). Currently, the import wizard is in a technical preview state, having been added during the Proxmox VE 8.2 development cycle. Although it is still under active development, early reports suggest the wizard is stable and holds considerable promise for future enhancements, including the planned addition of support for other import sources like OVF/OVA files. [...] This tool represents Proxmox's commitment to providing accessible, open-source virtualization solutions. By leveraging the official ESXi API and implementing a user space filesystem with optimized read-ahead caching in Rust (a safe, fast, and modern programming language ideal for system-level tasks), Proxmox aims to ensure that this new feature can be integrated smoothly into its broader ecosystem.

    Read more of this story at Slashdot.

    Proxmox Import Wizard Makes for Easy VMware VM Migrations
    • wifi_tethering open_in_new

      This post is public

      tech.slashdot.org /story/24/03/29/009228/proxmox-import-wizard-makes-for-easy-vmware-vm-migrations

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Thursday, 28 March - 22:43 edit · 1 minute

    Steven J. Vaughan-Nichols, writing for ComputerWorld: Essentially, all software is built using open source. By Synopsys' count, 96% of all codebases contain open-source software. Lately, though, there's been a very disturbing trend. A company will make its program using open source, make millions from it, and then -- and only then -- switch licenses, leaving their contributors, customers, and partners in the lurch as they try to grab billions. I'm sick of it. The latest IT melodrama baddie is Redis. Its program, which goes by the same name, is an extremely popular in-memory database. (Unless you're a developer, chances are you've never heard of it.) One recent valuation shows Redis to be worth about $2 billion -- even without an AI play! That, anyone can understand. What did it do? To quote Redis: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD)." For those of you who aren't open-source licensing experts, this means developers can no longer use Redis' code. Sure, they can look at it, but they can't export, borrow from, or touch it. Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it's done so with the company's crown jewels. Redis is far from the only company to make such a move. Last year, HashiCorp dumped its main program Terraform's Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform. Would it surprise you to learn that not long after this, HashiCorp started shopping itself around for a buyer? Before this latest round of license changes, MongoDB and Elastic made similar shifts. Again, you might never have heard of these companies or their programs, but each is worth, at a minimum, hundreds of millions of dollars. And, while you might not know it, if your company uses cloud services behind the scenes, chances are you're using one or more of their programs,

    Read more of this story at Slashdot.

    'Software Vendors Dump Open Source, Go For the Cash Grab'
    • wifi_tethering open_in_new

      This post is public

      tech.slashdot.org /story/24/03/28/1639238/software-vendors-dump-open-source-go-for-the-cash-grab

    • chevron_right

      Canva’s Affinity acquisition is a subscription-based weapon against Adobe

      news.movim.eu / ArsTechnica · Wednesday, 27 March - 19:27

    Affinity's photo editor.

    Enlarge / Affinity's photo editor. (credit: Canva )

    Online graphic design platform provider Canva announced its acquisition of Affinity on Tuesday. The purchase adds tools for creative professionals to the Australian startup's repertoire, presenting competition for today's digital design stronghold, Adobe.

    The companies didn't provide specifics about the deal, but Cliff Obrecht, Canva's co-founder and COO, told Bloomberg that it consists of cash and stock and is worth "several hundred million pounds."

    Canva, which debuted in 2013, has made numerous acquisitions to date, including Flourish, Kaleido, and Pixabay, but its purchase of Affinity is its biggest yet—by both price and headcount (90). Affinity CEO Ashley Hewson said via a YouTube video that Canva approached Affinity about a potential deal two months ago.

    Read 14 remaining paragraphs | Comments

    • chevron_right

      From riches to ankle bracelet: UK tech tycoon Mike Lynch’s stunning fall

      news.movim.eu / TheGuardian · Saturday, 16 March - 06:00

    ‘Britain’s Bill Gates’ could spend up to 25 years in jail if convicted of fraud in the 2011 sale of Autonomy to Hewlett-Packard

    Mike Lynch, the technology tycoon, once dubbed Britain’s Bill Gates, has spent the past 10 months in San Francisco, with a GPS bracelet strapped to his ankle and two armed guards monitoring him around the clock. This week he heads to court to face a long, hard fight for his freedom.

    It’s been 13 years since one of Silicon Valley’s most storied companies bought Lynch’s business in a blockbuster takeover that seemed to confirm his image as one of the UK’s most brilliant technologists. Now that deal is at the center of a criminal fraud trial. If convicted, Lynch could spend up to 25 years in jail.

    Continue reading...
    • chevron_right

      Linux continues growing market share, reaches 4% of desktops

      news.movim.eu / ArsTechnica · Tuesday, 5 March - 18:44

    Gentoo Penguins (Pygoscelis papua) climbing snowy hill

    Enlarge (credit: Getty )

    Linux reached 4.03 percent of global market share in February, according to data from research firm Statcounter . That takes Linux past the 3 percent milestone it reached in June 2023. While we’re still far from the Year of the Linux Desktop, interest in Linux has somewhat grown lately.

    Statcounter says it gets its desktop operating system (OS) usage stats from tracking code installed on over 1.5 million global websites generating over 5 billion monthly page views. The only adjustments the firm says it makes to this data are around removing bot activity and adjusting for Google Chrome prerendering. Note that when Statcounter analyzes desktop OSes, it also includes laptop computers, and Statcounter says it may revise its data within 45 days of publication.

    As spotted by Linuxiac , Linux’s reported desktop market share was higher than ever in February. If you count ChromeOS as a Linux OS, then market share totaled 6.34 percent in February, although, that number is actually smaller than what Statcounter reported in June: 2 percent.

    Read 10 remaining paragraphs | Comments