By timothy from Slashdot's or-is-that-have-been-released department
Burz writes: Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS are Salt management, the Odyssey abstraction layer, and UEFI boot support. The 3.x series also lays the groundwork for distributed verifiable builds, Whonix VMs for Tor isolation, split-GPG key management, USB sandboxing, and a host of others.
Qubes has recently gained a following among privacy advocates, notable among them journalist J.M. Porup, Micah Lee at The Intercept and Edward Snowden.
Embodying a shift away from complex kernel-based security and towards bare metal hypervisors and IOMMUs for strict isolation of hardware components, Qubes seals off the usual channels for 'VM breakout' and DMA attacks. It isolates NICs and USB hardware within unprivileged VMs which are themselves are a re-working of the usual concept, each booting from read-only OS 'templates' which can be shared. Graphics are also virtualized behind a simple, hardened interface. Some of the more interesting attacks mitigated by Qubes are Evil Maid, BadBIOS, BadUSB and Mousejack.Read Replies (0)
By BeauHD from Slashdot's gelatinous-binge-watching-humans department
mmoorebz writes: Netflix is known as a place to binge watch television, but behind the scenes, there's a lot that goes on before everyone's favorite show can be streamed. The first step to deploying an application or service is building. Netflix created Nebula, a set of plugins for the Gradle build system, that "help with the heavy-lifting around building applications," said the engineers. Once the code has been built and tested locally using Nebula, the team pushes the updated source code to a Git repository. Every deployment at Neflix begins with the creation of an Amazon Machine Image, and to generate them from source, Netflix created what it calls "the Bakery." It exposes an API that facilitates the creation of AMIs globally, according to the blog. When it comes time to deploy and after the "baking" is complete, teams will use Spinnaker to manage multi-region deployments, canary releases, and red/black deployments. Netflix is continuing to look at the developer experience and determine how it can improve.Read Replies (0)
By BeauHD from Slashdot's not-to-be-taken-literally department
JoeyRox writes: President Obama said Friday that smartphones -- like the iPhone the FBI is trying to force Apple to help it hack -- can't be allowed to be "black boxes," inaccessible to the government. He believes technology companies should work with the government on encryption rather than leaving the issue for Congress to decide. He went on to say, "If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it's fetishizing our phones above every other value." Obama's appearance on Friday at the event known as SXSW, the first by a sitting president, comes as the FBI tries to force Apple to help investigators access an iPhone used by one of the assailants in December's deadly San Bernardino, California, terror attack. "The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there's no key, there's no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?" Obama said. "If in fact you can't crack that at all, government can't get in, then everybody's walking around with a Swiss bank account in their pocket." He said compromise is possible and the technology industry must help design it.Read Replies (0)
By BeauHD from Slashdot's private-conversations department
An anonymous reader writes: A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video. Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple. Wire, which is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world, relays communications through its network of cloud computers where user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously. For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. Rivals such as Facebook's Messenger and WhatsApp or Telegram offer encryption on only parts of a message's journey or for a specific set of services, the company said. "Everything is end-to-end encrypted: That means voice and video calls, texts, pictures, graphics -- all the content you can send," Wire Executive Chairman Janus Friis told Reuters.Read Replies (0)
By BeauHD from Slashdot's machine-learning-as-a-service department
An anonymous reader writes: Hewlett Packard Enterprise has announced its HPE Haven OnDemand machine learning service to bring Big Data analytics to mainstream developers. "HPE Haven OnDemand democratizes Big Data by bringing the power of machine learning, traditionally reserved for high-end, highly trained data scientists, to the mainstream developer community," said exec Colin Mahony. "Now, anyone can leverage our easy to use cloud-based service to harness the rich variety of data available today to build applications that produce new insights, differentiate businesses, delight customers and deliver competitive advantage." The platform, which is hosted on Microsoft's Azure platform, features more than 60 advanced ML APIs and services to help developers build data-driven applications including mobile, enterprise, consumer, desktop and Internet of Things projects. The APIs provide capabilities such as "prediction, face-detection, speech-to-text, and knowledge graph analysis for a wide range of data formats, including text, audio, image, social, web and video," the company said.Read Replies (0)
By timothy from Slashdot's teachers-take-note department
jones_supa writes: id Software is well known for publicly releasing the source code of its old first-person-shooter games. Now Croteam is joining the club by releasing the source code of the engine of the very first Serious Sam game. It's the very same engine that the company used for Serious Sam Classic: The First Encounter and The Second Encounter. Croteam's Vyacheslav Nikitenko, who worked on the source code and prepared Serious Engine v.1.10 for this release, had this to say: "Historically, this version of Serious Engine is very important for Croteam and for me personally. I created several mods for Serious Sam back in the day, before even starting the work on the source code, and it was a great tool for learning. And it's even better today! Obviously, Serious Engine v1.10 won't produce top-notch graphics, but the source code is very well commented, easy to modify, and there are lots of user generated mods out there. This version has everything you need to build your own game – or just experiment. If you're looking to get started, just download the files from GitHub and head over to SeriousZone, it has a great community and lots of tutorials." Happy hacking! (And here's a video with some game play that shows what this engine can do.)Read Replies (0)
By manishs from Slashdot's the-plan-b department
Bruce66423 writes: In its latest filing, the FBI implies that, if the burden on Apple programmers of their alternative approach is too great, then Apple should release the whole source code to the FBI to allow them to do the work, quoting the precedent of the Lavabit confrontation. Clearly it is time for Apple to move offshore!? To recall, Lavabit abruptly shut down in 2013 when the FBI attempted to get the company to hand over the encryption keys for its secure email service. While the current situation seems to put Apple in the same ballpark as Lavabit, what gives the Cupertino-giant company an advantage is the immense support it is receiving from other Silicon Valley companies and personnel.
Many believe that the FBI doesn't really need Apple's help in unlocking the iPhone. Reports claim that the iPhone in question already has a "backdoor" which could allow the government-backed institution to access the data on the smartphone. Other widely reported theories include cracking the iPhone and manipulating the innards to trick the system into spilling out all the information. One proposed method, which requires the phone's NAND flash chip to be taken out, may not work, though. Daniel Kahn Gillmor, a technology fellow with the ACLU's Speech, Privacy and Technology Project, pointed out the risks in playing with flash memory. He said that an error in removing the memory could make the data unreadable forever.Read Replies (0)
By manishs from Slashdot's bad-guys-winning department
An anonymous reader writes: Hackers have breached DDoS protection firm Staminus, a US-based company that offers protection against a range of network security attacks including, well, DDoS. The fraudsters have also reportedly stolen sensitive data from Staminus' database and dumped it online. Apparently the company was using the same root password for all its servers, and had stored credit card details in plain text. The alleged security nightmare doesn't end there, unfortunately. Hackers managed to expose crucial services via external Telnet, and reset all of Staminus' routers to factory settings, causing a network and services downtime. Staminus acknowledged network and services issues, which apparently last for more than 20 hours, on Thursday, and later assured that its global services have been restored.Read Replies (0)