The worst smart device hack we’ve ever heard of, dreams of the Pi Zero W, the AWS outage that savaged the Internet of Things & more!
Follow Up / Catch Up
In the case of the Raspberry Pi Zero W, the W signifies exactly what is new: wireless connectivity. It boasts exactly the same specifications (1GHz single-core Broadcom BCM2835 CPU, 512MB of RAM, 40-pin header) as its predecessor but the Zero W adds both 802.11n WiFi and Bluetooth 4.0 to the existing Zero design.
To recap, here’s the full feature list for Zero W:
- 1GHz, single-core CPU
- 512MB RAM
- Mini-HDMI port
- Micro-USB On-The-Go port
- Micro-USB power
- HAT-compatible 40-pin header
- Composite video and reset headers
- CSI camera connector
- 802.11n wireless LAN
- Bluetooth 4.0
The nine-year-old company, which makes tools for saving articles and videos to view them later, is Mozilla’s first acquisition. It represents a homecoming of sorts for Pocket, which began life as a Firefox extension before eventually expanding its team and building a suite of apps for every major platform. Pocket has been Firefox’s default read-it-later service since 2015.
So with Linux 4.10 looks to be — and reaffirmed by this trusted confidant — a good point for AMD Ryzen testing and usage. So far in the Linux 4.11 cycle we haven’t seen anything Ryzen-specific appear to come through.
— Chris Fisher (@ChrisLAS) February 27, 2017
Can I run without swap? Is further tuning possible?
Systems without swap can make sense and are supported by Red Hat – just be sure the behaviour of such a system under memory pressure is what you want. In most environments, a bit of swap makes sense.
- /proc/meminfo Committed_AS field shows how much memory processes have requested.
- Using sysctl, we can enable/disable overcommit, and configure how much overcommit should be allowed. The defaults need to be changed only in rare cases, and after properly testing the new settings. The RHEL Performance Tuning Guide has details.
- A solution document with details regarding the likeliness of swapping – for example in changing vm.swappiness. This also requires good testing with your applications.
- Without swap, the system will call the OOM when the memory is exhausted. You can prioritize which processes get killed first in configuring oom_adj_score.
- If you write an application, want to lock pages into RAM and prevent them from getting swapped, mlock() can be used.
- If you design your applications to regularly use swap, make sure to use faster devices, like SSD – starting with Red Hat Enterprise Linux 7.1, ‘swapon –discard’ can be used to send TRIM to SSD devices, to discard the device contents on swapon. *
Andrey Konovalov, a security researcher at Google, found a use-after-free hole within Linux, CSO Online reported. This particular flaw is of interest because it appears to be situational. It only showed up in kernels built with a certain configuration option — CONFIG_IP_DCCP — enabled.
Unfortunately, many popular Linux distributions have enabled this option by default. A new Linux update has since patched the vulnerability, although the exploit has been present in Linux kernels since 2005.
Telegram for Android is now a closed source application. According to the repository and the Telegram website, it is covered by the GPL license which states one must publish changes. However, since early October 2016, there have been many releases but no updates of the source code. Everyone involved is pretending there is no issue because they have their fingers in their ears:
- the original author did not respond to the criticism for months;
- Telegram’s chat support does not respond in over a week;
- Telegram’s Twitter account is active (30 minutes ago) but ignores my tweet of a week ago;
- Markus Ra (the face of Telegram) does not respond in over a week; and
Telegram has no other, official contact method nor a physical mail address.
This utility is the successor of telegram-json-backup, written from the
ground up in Ruby. It can create backups of your Telegram user and (super)group
dialogs using telegram-cli’s remote control feature.
Compared to the old project, telegram-history-dump:
- Has better support for media downloads
- Supports output formats other than JSON and is extensible with custom formats
- Supports incremental backup (only new messages are downloaded)
- Does not depend on unstable Python/Lua bindings within telegram-cli
- Has a separate YAML formatted configuration file
The default configuration will backup all dialogs to a directory named
output in JSON format, without downloading any media.
Now, in the latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts.
- Troy Hunt: Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages
CloudPets has absolutely no password strength rules. When I say “no rules”, I mean you can literally have a password of “a”. That’s right, just a single character. Not only that, check out how the tutorial demonstrates account creation and particular, how to choose a password:
gstreamer 0.10 moved to AUR
yaourt -R gstreamer0.10 gstreamer0.10-ffmpeg gstreamer0.10-bad gstreamer0.10-bad-plugins gstreamer0.10-base gstreamer0.10-base-plugins gstreamer0.10-good gstreamer0.10-good-plugins gstreamer0.10-ugly gstreamer0.10-ugly-plugins
gstreamer0.10 was maintained because of legacy software. Now that most of all audio/video software can be compiled against current gstreamer, gstreamer0.10 has no use.
The packages not updating are the gstreamer0.10, not the gstreamer1.10 ones.