Oracle agrees to warn Java users of malware risk

Warning Sign Sky Cloud Cloudy

Oracle is about to issue a warning that Java users could be exposed to malware, the media have reported on Tuesday.

The exposure is the result of a flaw that existed in Java’s software update tool. After an investigation conducted by the US Federal Trade Commission, Oracle (Java’s distributor) has agreed to issue a warning over its social media channels and on its website, otherwise it would have been fined.

According to a BBC report, Oracle has admitted no wrongdoing. All of this seems like a bunch of (un)necessary formalities.

According to the FTC’s complaint, Oracle was aware of security issues in the Java SE (standard edition) plug-in when it bought the technology’s creator, Sun, in 2010.

“The security issues allowed hackers to craft malware that could allow access to consumers’ usernames and passwords for financial accounts, and allow hackers to acquire other sensitive information”, the FTC said.

The point is — Oracle promised its users that updating Java would ensure their PCs would remain “safe and secure”, but never mentioned that any risk remained — even though it did remain.

This was because Sun’s original update process did not delete earlier versions of its software, which hackers could exploit to carry out their attacks. The problem was resolved in August 2014.

Oracle could not plead ignorance because the FTC had obtained internal documents dated from 2011 that stated “[the] Java update mechanism is not aggressive enough or simply not working”.

The plug-in is installed on many PCs to let them to run small programs written in the Java programming language.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: bahri altay/Shutterstock


Original URL: http://feeds.betanews.com/~r/bn/~3/3LQC9VQE7nk/

Original article

Super small Docker image based on Alpine Linux


README.md

CircleCI
Docker Stars
Docker Pulls
Slack
Image Size
Image Layers

A super small Docker image based on Alpine Linux. The image is only 5 MB and has access to a package repository that is much more complete than other BusyBox based images.

Why?

Docker images today are big. Usually much larger than they need to be. There are a lot of ways to make them smaller, but the Docker populace still jumps to the ubuntu base image for most projects. The size savings over ubuntu and other bases are huge:

REPOSITORY          TAG           IMAGE ID          VIRTUAL SIZE
gliderlabs/alpine   latest        157314031a17      5.03 MB
debian              latest        4d6ce913b130      84.98 MB
ubuntu              latest        b39b81afc8ca      188.3 MB
centos              latest        8efe422e6104      210 MB

There are images such as progrium/busybox which get us very close to a minimal container and package system. But these particular BusyBox builds piggyback on the OpenWRT package index which is often lacking and not tailored towards generic everyday applications. Alpine Linux has a much more complete and update to date package index:

$ docker run progrium/busybox opkg-install nodejs
Unknown package 'nodejs'.
Collected errors:
* opkg_install_cmd: Cannot install package nodejs.

$ docker run gliderlabs/alpine apk --update add nodejs
fetch http://dl-4.alpinelinux.org/alpine/v3.2/main/x86_64/APKINDEX.tar.gz
(1/5) Installing c-ares (1.10.0-r1)
(2/5) Installing libgcc (4.8.3-r0)
(3/5) Installing libstdc++ (4.8.3-r0)
(4/5) Installing libuv (0.10.29-r0)
(5/5) Installing nodejs (0.10.33-r0)
Executing busybox-1.22.1-r14.trigger
OK: 21 MiB in 20 packages

This makes Alpine Linux a great image base for utilities and even production applications. Read more about Alpine Linux here and you can see how their mantra fits in right at home with Docker images.

Usage

Stop doing this:

FROM ubuntu-debootstrap:14.04
RUN apt-get update -q 
  && DEBIAN_FRONTEND=noninteractive apt-get install -qy mysql-client 
  && apt-get clean 
  && rm -rf /var/lib/apt
ENTRYPOINT ["mysql"]

This took 19 seconds to build and yields a 164 MB image. Eww. Start doing this:

FROM gliderlabs/alpine:3.2
RUN apk --update add mysql-client
ENTRYPOINT ["mysql"]

Only 3 seconds to build and results in a 16 MB image! Hooray!

Documentation

This image is well documented. Check out the documentation at Viewdocs and the docs directory in this repository.

Contacts

We make reasonable efforts to support our work and are always happy to chat. Join us in our Slack community or submit a GitHub issue if you have a security or other general question about this Docker image. Please email security or user mailing lists if you have concerns specific to Alpine Linux.

Inspiration

The motivation for this project and modifications to mkimage.sh are highly inspired by Eivind Uggedal (uggedal) and Luis Lavena (luislavena). They have made great strides in getting Alpine Linux running as a Docker container. Check out their mini-container/base image as well.

Sponsors

Fastly

Fastly provides the CDN for our Alpine Linux package repository. This is allows super speedy package downloads from all over the globe!

License

The code in this repository, unless otherwise noted, is BSD licensed. See the LICENSE file in this repository.


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/HbWttmYohsQ/d751bb2bcacd2a6536280cdc7d313bc6584aa40e

Original article

FreedomBox 0.7 released

December 19, 2015

I’m pleased to announce that FreedomBox 0.7 has been released! This
release comes 7 weeks after the previous release (0.6).

FreedomBox version 0.7 is available here:

http://ftp.skolelinux.org/pub/freedombox/0.7/

Before using, you should verify the image’s signature. See
https://wiki.debian.org/FreedomBox/Download for further instructions.

Thanks to all who helped to put this release together.

More information on this release is available on the wiki:

https://wiki.debian.org/FreedomBox/ReleaseNotes

Major FreedomBox 0.7 Changes:

  • Translations! Full translations of the interface in Danish, Dutch,
    French, German and Norwegian Bokmål, and partial Telugu.
  • Support for OLinuXino A20 MICRO and LIME2
  • New Plinth applications: OpenVPN, reStore (currently disabled in
    Plinth config, until Debian package is uploaded)
  • Improved first-boot experience
  • Many bugfixes and cleanups

Known Bugs:

  • When Transmission page is accessed after install, it will show “403:
    Forbidden”. Here is a workaround for this issue:

  • Log into your FreedomBox using the console or SSH.

  • Edit the Transmission configuration:
    $ sudo vi /etc/transmission-daemon/settings.json
    Change “rpc-whitelist-enabled” to false. Save and quit.

  • Reload the Transmission server.
    $ sudo invoke-rc.d transmission-daemon reload
    Important: Make sure you reload instead of restart* the service.
    Otherwise your changes to the configuration will get overwritten.

  • Access the Transmission page at https://freedombox.local/transmission
    or similar.

Please feel free to join us to discuss this release on the mailing list,
IRC, or on the monthly progress calls:

  • List: http://lists.alioth.debian.org/pipermail/freedombox-discuss/

  • IRC: irc://irc.debian.org/freedombox

  • Calls: https://wiki.debian.org/FreedomBox/ProgressCalls


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/bdcC7RO9QX4/index.en.html

Original article

Google to take on Slack and Facebook with new AI-powered chat, says report

The Wall Street Journal recently reported that Google is building an AI-powered chatbot. If successful, it could help Google regain users lost to other messaging apps.


Original URL: http://techrepublic.com.feedsportal.com/c/35463/f/670841/s/4c704db6/sc/15/l/0L0Stechrepublic0N0Carticle0Cgoogle0Eto0Etake0Eon0Eslack0Eand0Efacebook0Ewith0Enew0Eai0Epowered0Echat0Esays0Ereport0C0Tftag0FRSS56d97e7/story01.htm

Original article

Slack And HipChat Are On The Verge Of Launching Chat Wars

starwars Slack and Atlassian, the two leaders in the enterprise software market, are on a collision course, whether they like it or not.< Slack has been the clear leader in media hype so far, as the company soaked up most of the positive PR throughout 2015. However, Atlassian, owner of Slack’s biggest competitor, HipChat, went public last week, with its valuation soaring to $5.8 billion on… Read More


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/vIuFVdAhMiY/

Original article

GitLab 8.3 released with Auto-merge and GitLab Pages

Dec 22, 2015

We’re closing this fantastic year for GitLab with its 49th consecutive monthly
release, GitLab 8.3.

We’re very grateful for all the people that have contributed to this release.
You can now merge automatically after a build has passed, we’re introducing
GitLab Pages for Enterprise Edition, and issues have new powers in both CE and
EE!

Once again we’ve received some amazing contributions from our volunteers. This
month’s Most Valuable Person (MVP) is Greg
Smethells. Greg made the proposal for and subsequently implemented
the new references in issues and merge requests. He communicated his every move
and worked together closely with many other people from the community.

Thanks, Greg!

Continue reading “GitLab 8.3 released with Auto-merge and GitLab Pages”


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/MTEoqsvzXG8/

Original article

Google Tests Signing Into Accounts Using Your Phone, No Password Required

An anonymous reader writes: Google’s battle against poor passwords continues. The company is now testing a new Google Account option that lets users login using their phone, skipping the part where you have to enter your password. The feature uses your phone to authenticate your identity by bringing up a notification that allows you to grant or deny access to your account. Google confirmed it was testing the feature with a small group of users.


Share on Google+

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4OVVixVUljo/google-tests-signing-into-accounts-using-your-phone-no-password-required

Original article

45K+ Register Their Drones With The FAA In First 2 Days

2015-12-21_1207 The U.S. Federal Aviation Administration’s (FAA) drone registry went online on Monday. As the agency announced this morning, more than 45,000 people have now used the online service to register their drones. If you own a drone (or really any model aircraft) that weighs between 0.55 pounds and 55 pounds (including payloads like cameras), you now have to register with the FAA.… Read More


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/BetHiBoM0lE/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: