Agregador de canales de noticias

Linux Foundation Announces the OpenWallet Foundation To Develop Interoperable Digital Wallets

Slashdot -

The Linux Foundation has announced plans for a new collaborative initiative designed to support interoperability across digital wallets, built on an open source bedrock. From a report: The OpenWallet Foundation (OWF), as the new effort is called, is the brainchild of Daniel Goldscheider, CEO of open banking startup Yes.com, though today's announcement reveals a broad gamut of buy-ins from multiple industry players including Okta, Ping Identity, Accenture, CVS Health, OpenID Foundation, among several other public and private bodies. With the Linux Foundation serving as the project's host, this gives OWF sizeable clout as it strives to enable what Goldscheider calls a "plurarity of wallets based on a common core," according to a press release. The news also comes as regulatory bodies across the globe are moving to support competition through enforcing interoperability across systems, including Europe which is currently trying to make messaging interoperability a thing.

Read more of this story at Slashdot.

Retbleed Fix Slugs Linux VM Performance By Up To 70 Percent

Slashdot -

VMware engineers have tested the Linux kernel's fix for the Retbleed speculative execution bug, and report it can impact compute performance by a whopping 70 percent. The Register reports: In a post to the Linux Kernel Mailing List titled "Performance Regression in Linux Kernel 5.19", VMware performance engineering staffer Manikandan Jagatheesan reports the virtualization giant's internal testing found that running Linux VMs on the ESXi hypervisor using version 5.19 of the Linux kernel saw compute performance dip by up to 70 percent when using single vCPU, networking fall by 30 percent and storage performance dip by up to 13 percent. Jagatheesan said VMware's testers turned off the Retbleed remediation in version 5.19 of the kernel and ESXi performance returned to levels experienced under version 5.18. Because speculative execution exists to speed processing, it is no surprise that disabling it impacts performance. A 70 percent decrease in computing performance will, however, have a major impact on application performance that could lead to unacceptable delays for some business processes. VMware's tests were run on Intel Skylake CPUs -- silicon released between 2015 and 2017 that will still be present in many server fleets. Subsequent CPUs addressed the underlying issues that allowed Retbleed and other Spectre-like attacks.

Read more of this story at Slashdot.

Exploring GNOME-Based UIs For Mobile Linux Devices

Slashdot -

"The GNOME desktop environment is one of the most popular user interfaces and suites of apps available for desktop Linux distributions," writes Liliputing. "Now a team of developers have been working to bring GNOME to mobile devices running Linux-based operating systems." GNOME Shell for mobile provides a touch-friendly user interface optimized for smartphones and tablets. And while it looks a bit like Android or iOS at first glance, there are a few key differences. The GNOME team have outlined some of them in an article about recent updates to GNOME Shell on mobile. Like other modern mobile user interfaces, you interact with GNOME shell using taps, swipes, and other gesture-based navigation. What's different is that Android has three different views for navigation: a home screen, app drawer, and multitasking view. iOS has two: home screen and multitasking. But GNOME Shell has a single screen that allows you to view and launch apps and switch between running apps using gestures. There's no need to wait for a new screen to load. In a nutshell, you can swipe up from the bottom of the any screen to view a list of installed apps, thumbnail images showing all currently running apps, and a search box. You can tap an app icon to launch a new app, enter a term in the search box to find an app, or swipe between running apps to switch which app runs in the foreground. You can also keep swiping upward to shrink the multitasking thumbnails and provide more room for app icons. And you can flick thumbnail previews upward to remove an app from the multitasking section. Typing in the search box will bring up relevant results including apps and settings. "One interesting new feature here is that notifications can be swiped away horizontally to close, and notification bubbles can be swiped up to hide them..." the developers point out. "While the current version is definitely still work in progress, it's quite usable overall, so we feel it would make sense to start having experimental GNOME OS Nightly images with it." But Liliputing also notes that it's not the only GNOME-based UI for mobile devices. There's also Purism's Phosh UI — the default UI for the PureOS on its Librem 5 smartphone (and available for other mobile Linux distros including Debian). And Purism recently bragged that its smartphone is now also "the first mobile computer with a truly convergent OS" — meaning it can run on multiple hardware platforms, with apps adapting to their hardware. The Librem 5 [smartphone] uses the same convergent PureOS as our Librem 14 laptop and Mini PCs, with the same adaptive applications that make the Librem 5 more than merely a phone, it's a mobile computer in your pocket that can shape shift into a laptop, tablet, desktop, or even a server.... Scale your Librem 5 up to be a full laptop by attaching the Nexdock. Because our core apps are adaptive, they are ready to run on whatever screen you have.... With phosh-mobile-settings installed, you can flip the nexdock around and use the big screen just like a tablet.... Don't have a laptop dock? The Librem 5 can also act like a desktop computer when connected to a screen, keyboard, and mouse using our USB-C dock. Using the beta phom virtual mouse app, you can turn your Librem 5 into a touchpad mouse while it's connected to the big screen. With the Librem 5, you can keep your desktop computer in your pocket and connect to a bigger screen at home or at the office and use the same apps on the bigger screen without restarting.... With the Librem 5 phone, you're getting much more than smartphone to run mobile-only apps; you're getting a laptop, tablet, desktop, all running software that respects your privacy and freedom.

Read more of this story at Slashdot.

Powerful New Linux Malware Shikitega Uses Unusual Multi-Stage Stealth

Slashdot -

Here's a warning from the threat intelligence unit of AT&T Cybersecurity, AT&T Alien Labs: With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. New malwares like BotenaGo and EnemyBot are examples of how malware writers rapidly incorporate recently discovered vulnerabilities to find new victims and increase their reach. But they've discovered a new malware targetting Linux endpoints and IoT devices, stealthily "delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist." The Register summarizes their report: The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that's just 370 bytes... AT&T didn't say how the initial infection occurs, but it did say Shikitega exploits two Linux vulnerabilities disclosed in 2021 to achieve its ultimate objective, which AT&T said appears to be the installation and execution of the XMRig cryptocurrency miner. The final stage also establishes persistence, which Shikitega does by downloading and executing five shell scripts that configure a pair of cron jobs for the current user and a pair for the root user using crontab, which it can also install if not available. Shikitega also uses cloud hosting solutions to store parts of its payload, which it further uses to obfuscate itself by contacting via IP address instead of domain name....> > Bottom line: Shikitega is a nasty piece of code. AT&T recommends Linux endpoint and IoT device managers keep security patches installed, keep EDR software up to date and make regular backups of essential systems. Ars Technica reports: The ultimate objective of the malware isn't clear. It drops the XMRig software for mining the Monero cryptocurrency, so stealthy cryptojacking is one possibility. But Shikitega also downloads and executes a powerful Metasploit package known as Mettle, which bundles capabilities including webcam control, credential stealing, and multiple reverse shells into a package that runs on everything from "the smallest embedded Linux targets to big iron." Mettle's inclusion leaves open the potential that surreptitious Monero mining isn't the sole function.... Given the work the unknown threat actors responsible devoted to the malware's stealth, it wouldn't be surprising if the malware is lurking undetected on some systems.

Read more of this story at Slashdot.

Páginas

Subscribe to EcuaLUG agregador