Cluster-f*ck! Etcd DBs spaff passwords, cloud keys to world by default

Found on The Register on Wednesday, 21 March 2018
Browse Software

Software called etcd, used for storing data across clusters of containers, has a problem – it does not implement authentication by default and so poses a security risk if deployed without further fiddling.

Troy Mursch, a security researcher with Bad Packets Report, said in an email to The Register, said, "I've independently verified [this issue] and confirmed it's a serious concern for anyone running etcd open to the internet."

You would think that after the issues with open Memcached and MongoDB servers, developers and admins would know better.

Future Windows updates will take longer to install, but it’ll feel quicker

Found on Ars Technica on Tuesday, 20 March 2018
Browse Software

Thanks to a new upgrade process, the next update—expected to be released in April—should result in substantially less downtime. The install process is split into two portions: the "online" portion, during which your PC is still usable, and the "offline" portion after the reboot, during which your PC is a spinning percentage counter.

Microsoft estimates that the Creators Update, released almost a year ago, would take about 82 minutes on average during the offline phase. Improvements made in the Fall Creators Update cut that to about 51 minutes, and the next update (which still hasn't actually been blessed with an official name) will cut this further still, to just 30 minutes.

At the same time, you can do a major update in Linux within 5-10 minutes at most, including an optional reboot (what is not a bad idea after a kernel or glibc update). You could even invest another 5 seconds to create a LVM snapshot of your root volume to roll back in case anything goes wrong. It's just baffling how much MS has screwed up here and annoyed its userbase. Forced updates and reboots are simply not an option.

Slack Is Shutting Down Its IRC Gateway

Found on Slashdot on Saturday, 10 March 2018
Browse Software

Slack, a team collaboration communication service, has updated its IRC support page to note that it is ending support for IRC on its platform.

"As Slack has evolved over the years, we've built features and capabilities -- like Shared Channels, Threads, and emoji reactions (to name a few) -- that the IRC and XMPP gateways aren't able to handle. Our priority is to provide a secure and high-quality experience across all platforms, and so the time has come to close the gateways."

It sure is an essential and crucial feature to have skillfully designed emoji in a chat that's also aimed at business users. The good thing about this is that IRC will still be there when Slack has been long forgotten.

Windows File Explorer gets a multi-tab look like Apple's Finder

Found on CNet News on Friday, 09 March 2018
Browse Software

When it's time to copy files, dragging and dropping them from one Explorer window to another is a common approach. But a tabbed interface can neatly accommodate several file system locations in one window, potentially simplifying drag-and-drop operations.

A new test build released Thursday makes the tabbed File Explorer a part of the Windows' "Sets" redesign that should let you group related tasks from different programs into multi-tab bundles.

Mircrosoft should fix Explorer first (which is basically the only "made by MS" tool that's useful on their OS). Make it easy to remove "Favorites", "Libraries", "Homegroup" and "Network" if you never ever use them instead of having them mess up your list. Make the folder list stop jumping around when exanding folders; and quit it with the assumption that if you select more than 15 files it means you don't want to see the filesize anymore, but instead have to click "Show more details" (someone once tried to sell that as a performance argument because Windows won't have to calculate that number anymore. Really).

Mozilla removes individual cookie management in Firefox 60

Found on GHacks on Monday, 26 February 2018
Browse Software

While the new interface looks great, you may notice that it is no longer possible to list or remove individual cookies from Firefox using it.

This is bad for users who want full control over cookies. While it is possible that Mozilla will implement the removed functionality before Firefox 60 hits the stable channel, Firefox users may use extensions to restore the functionality.

Mozilla is working hard to turn Firefox into the most useless browser. As per their "UI concept"? Seriously?

Developer gets prison after admitting backdoor was made for malice

Found on Ars Technica on Sunday, 25 February 2018
Browse Software

Huddleston's case gained national attention last March when Daily Beast reporter Kevin Poulsen argued that the case against Huddleston was novel because it prosecuted the developer of "dual-use software" who had "hacked no one."

In addition to receiving 33 months in prison, Huddleston was sentenced to two years of supervised release following his prison sentence.

Yet still the politicians too want mandatory backdoors. It would be safer to have them in jail too.

Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

Found on Bleeping Computer on Thursday, 22 February 2018
Browse Software

A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot.

"This destroyed 3 production server after a single deploy!," one affected user said in a GitHub bug report today. Many others users have taken to Twitter to describe similar issues with dev and production servers, and warn other users not to update.

The bug was first reported a week ago but was left without an answer from npm developers.

Another massive failure coming from npm. This is your reminder that you should never install such a badly designed product that comes with aweful maintenance.

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail

Found on The Register on Wednesday, 21 February 2018
Browse Software

As an e-waste warrior, Eric Lundgren wished to see discarded computers fixed up and reused rather than crammed into holes in the ground. To encourage people to refurbish and continue using unwanted Dell PCs, he burned and distributed 28,000 copies of the IT giant's Windows XP and 7 restore discs.

Arguing that a copy of Windows is essentially useless without a product key, and that all of the recycled machines had their own valid keys, Lundgren's lawyers suggested what he did was merely make it easier for the owners to get something they were already entitled to for free.

Going to jail is tough, but it's twice as bad if you go to jail because of Microsoft.

Microsoft Finally Documents the Limitations of Windows 10 on ARM

Found on Thurrott on Tuesday, 20 February 2018
Browse Software

Microsoft finally published a more complete list of the limitations of Windows 10 on ARM. And that word—limitations—is interesting. This isn’t how Windows 10 on ARM differs from Windows 10 on x86-based systems. It’s how it’s more limited.

64-bit apps will not work.
Certain classes of apps will not run.
It cannot use x86 drivers.
No Hyper-V.
Older games and graphics apps may not work.

Microsoft lists what it cannot do, Linux lists what it can do.

Oracle open-sources DTrace under the GPL

Found on RThe Register on Monday, 19 February 2018
Browse Software

Big Red recently listed DTrace as one of the open source projects it hosts and has also created a new mailing list for discussion of what it's called a "Linux port of the Solaris Dynamic Tracing Framework."

As DTrace afficianado Brendan Gregg told us in 2016, Linux has only recently added tracing tools to compare with Sun's progeny. The prospect of bringing all of DTrace to Linux is therefore rather tantalising.

The only reason can be that greedy Oracle has done its best to try and squeeze every single penny it could out of it before it considered the project useless.