Popular PGP Email add-on Enigmail addresses security gaps

in security on (#2S8K)
story imageYou might be familiar with Enigmail, the popular add-on to the Thunderbird email program that allows public-key encryption of email. If you haven't heard of it, it's worth investigating - Enigmail is an important upgrade to your email experience. And if you're already using it then you should upgrade, because several encryption flaws were found, and have recently been patched.
An Enigmail user who reported one of the encryption failures in version 1.7 on the project’s support forum described the situation as “the biggest imaginable catastrophe.”

“I am currently preparing a crypto class for journalists next week to teach them how to use safe email,” the user wrote. “HOW am I going to explain that? A system tells the user in a separate window as well as in a menu line that everything will be encrypted but then it simply FORGOT to ENCRYPT and, ooops, their report will be intercepted and their source will be tortured?”
That's a bit hyperbolic perhaps. But it's still a good time to keep your encryption up to date. Unless you agree with security researcher Matthew Green, who thinks PGP sucks and it's time for it to die.

Tiobe index shows Java and C++ slip in popularity

in code on (#2S7V)
The Tiobe Index this month shows both C++ and Java languages are less popular than they've ever been, though they're still popular.
"Java and C++ are at an all-time low in the Tiobe index since its start in the year 2001. This doesn't necessarily mean that Java and C++ are on their way out. There is still a huge demand for these programming languages," Tiobe says. Based on a formula that analyzes searches on languages on a number of sites, Java's rating in the September index was 14.14 percent; C++ had a rating of 4.67 percent. Overall, Java ranked second in popularity, while C++ came in fourth.
That doesn't mean they're not still popular languages, and it doesn't mean they're not in demand. But the statistics do show their influence waning as newer and more focused programming languages gain in popularity to address domain-specific programming challenges, like Swift for Apple products, or Ruby [Ed note: for what?]. As usual, C#, PHP, and Python remain in high interest by the programming community. The Tiobe index itself is here.

Paul Venezia asks: what if we split Linux into desktop and server versions?

in linux on (#2S7T)
story imageWell, can't blame the guy for asking. Over at ITWorld, Paul Venezia wonders, "Is it time to split Linux distros in two?"
You can take a Linux installation of nearly any distribution and turn it into a server, then back into a workstation by installing and uninstalling various packages. The OS core remains the same, and the stability and performance will be roughly the same, assuming you tune they system along the way. Those two workloads are very different, however, and as computing power continues to increase, the workloads are diverging even more.

Maybe it's time Linux is split in two. I suggested this possibility last week when discussing systemd (or that FreeBSD could see higher server adoption), but it's more than systemd coming into play here. It's from the bootloader all the way up. The more we see Linux distributions trying to offer chimera-like operating systems that can be a server or a desktop at a whim, the more we tend to see the dilution of both. You can run stock Debian Jessie on your laptop or on a 64-way server. Does it not make sense to concentrate all efforts on one or the other?
There's quite a bit more to his argument than these two paragraphs so read on before pointing out that Linux distros are already mostly divided into server and desktop focuses.

Windows and the utopia of software convergence

in microsoft on (#2S7N)
story imageWindows Phone; Windows 7, 8, 9; Windows RT; Windows CE; and not to mention all the different variations of Windows boxed OSes (Pro, Basic, Home, and so on): there have been a lot of different products that bear the name Windows, and someone has probably decided it's time to simplify.
The idea would be that, in the mind of the consumer, Windows is just Windows, and that all of these different names and flavors are just confusing (“Why is it called Windows Phone if it can’t run my Windows programs?”). Getting rid of all that complexity and returning to the old way — where Windows is synonymous with personal computing — would certainly be a coup for Microsoft. But just as it shot itself in the foot with Windows RT, consolidating on just “Windows” could be fiscal suicide if Microsoft’s various operating systems don’t indeed come together as one harmonious platform.
The folks at ExtremeTech have noticed a shift in nomenclature and marketing focus these days, as several products have simply discussed Windows, with no emphasis on anything other than that single word. The challenge here is that what marketing wants can't be delivered by the technical teams behind all those different versions of Windows operating systems, as they are not just different codebases, but extremely different code bases.

iphone 6 and iwatch expected at today's event

in apple on (#2S6Y)
story imageThe tech press is tripping over itself today in breathless anticipation of the Apple event later today, in which it is largely expected Apple will announce a new, large screen iphone and potentially the famed iwatch. Techradar has a good roundup of the rumors and The Telegraph condenses it into an easy summary if you'd like to study up on the rumors before tuning into the event. From the Telegraph:
Apple's new mobile phone, the iPhone 6, will actually be two products: one with a 4.7in screen and a larger 5.5in model. Read all the latest rumours on the devices here and see our gallery of "leaked" images and artistic impressions here.

We will also see the launch of the "iWatch". The major technology companies (and several small ones) are fighting for a share of the rapidly expanding smartwatch market at the moment, and Apple is expected to stake its own claim today. The wrist-worn device is expected to play music, receive calls and send emails. Read all the latest rumours about the device here.
Or, you could just wait for Apple to do whatever they're going to do, and then come back here to comment on it. In either case, happy reading.

As cryptocurrencies gain in popularity, businesses take note

in legal on (#2S5X)
Last November CheapAir became the first airline to accept Bitcoin and then later, the first to let travelers book hotel rooms and Amtrak train seats with the digital currency. Since then its Bitcoin sales have topped $1.5 million, an amount that exceeded the company’s initial expectations, Jeff Klee, CEO of CheapAir, tells
CheapAir decided to expand its array of digital currencies that it supports after receiving requests from the developers, Klee says. He is less sure of their momentum, given their smaller user base, but Klee is willing to take a flyer.

“In general I am very supportive of alternative currencies and the technology is very promising.” Like many company executive Klee is delighted with the cost savings digital currencies offer companies like CheapAir.

First Android TVs are out

in google on (#2S5V)
story imagePhilips has beaten the competition to market with the first batch of Android-based televisions. Philips and kind are all hoping to sell you a television to which you have no need to attach any other devices, but that's no guarantee.
Previous Philips TVs lagged behind the competition in terms of streaming services, but that won't be an issue with the Android sets. You should be able to download all your favourite on demand and catch up services directly from the Google Play store, including BBC iPlayer, 4OD, Demand 5 and Netflix. 4K streaming content is supported, as the Android TVs all have HEVC codec support.

With access to Google Play, there are other possibilities too. One enterprising journalist installed a torrent downloader, found a 4K film trailer online and downloaded it to the TV, without having to jump on a computer or transfer the file from another device first.
Spotify Connect and OnLive Gaming are also on board the Philips 4K package. How the market reacts to this latest round of "innovation" will determine the future for more than one gadget-maker out there.

"Boycott Systemd" movement takes shape

in linux on (#2S4F)
story imageSome people have had enough, and they've organized a boycott at "" to organize efforts. From the top: "Disclaimer: We are not sysvinit purists by any means. We do recognize the need for a new init system in the 21st century, but systemd is not it." OK, that's enough to keep me reading. They outline twelve well-thought-out reasons systemd is dangerous, and a set of ways you can get involved, including refusing to use systemd distros, moving to slackware, crux, gentoo, BSD, and more. Here's just one of them:
systemd clusters itself into PID 1. Due to it controlling lots of different components, this means that there are tons of scenarios in which it can crash and bring down the whole system. But in addition, this means that plenty of non-kernel system upgrades will now require a reboot. Enjoy your new Windows 9 Linux system! In fairness, systemd does provide a mechanism to reserialize and reexecute systemctl in real time. If this fails, of course, the system goes down. There are several ways that this can occur9. This happens to be another example of SPOF.
Interesting times. When's the last time you heard someone advocate moving immediately to Slackware or Gentoo?

Friday Distro: Kali Linux

in linux on (#2S34)
story imageIn the Hindu pantheon, Kali represents death and change, the dispelling of evil and the devouring of the unwanted. She is forbidden, and even death itself, but therefore also an element of salvation. In the Linux world, she is like opening a can of whoop-ass on your server.

Kali Linux (appropriately named, if I may say so) is a Linux distro focused on penetration and exploit testing, and therefore the element of change that will get you to shore up all those gaping configuration gaps in your systems: it's perhaps your salvation! But enough metaphors. Practically, Kali Linux installs on a DVD or pendrive, and contains dozens and dozens of specialized penetration testing tools to test your system. It's developed by the folks at Offensive Security, and grew out of the well-acclaimed Backtrack Linux, which had the same focus.

It's based on Debian rather than Ubuntu so you get a dated version of the Gnome 2 desktop, but who cares? It's not really a desktop, just a platform for launching tools. Over three hundred of them, from information gathering to vulnerability analysis, password attacks, wireless attacks, spoofing, stress testing, reverse engineering, hardware hacking, forensics, and more. As mentioned, you can run it from a DVD, pendrive, or even remote-boot from PXE or install to Amazon cloud. To make it as useful as possible they support ARM aggressively including ARMEL and ARMHF (and of course Raspberry Pi and cousins), plus as many different wifi devices as humanly possible.

They're innovating, too, producing opensource products like the ISO of Doom (hardware backdoor), custom images, the Evil Wireless Access Point, and more.

Fun stuff if you want to ensure your system is as safe as possible; scary stuff if you don't want to bother. Kali's Distrowatch page has more information including a link to their excellent documentation (the best place to start if you want to know what else Kali does), but ZDNet has a good review and LinuxBSDOS has another cursory review with some decent screenshots.

Broadcom's new 650mbps chip will get wireless gadgets online faster

in hardware on (#2S2Z)
A new generation of routers have emerged that promise unparalleled gigabit wireless speeds using new 802.11ac Wi-Fi technology. The problem is that our mobile devices — even the ones that boast 802.11ac radios — often can’t take full advantage of them. Broadcom aims to change that with a new wireless chipset that will boost theoretical connection speeds from a smartphone or tablet to the Wi-Fi router to 650 Mbps. That may not be gigabit speed, but gigabit speed was always a bit of misnomer anyway — it’s more an indication of overall network capacity rather than how quickly any given device could connect to the network.