Below you will find pages that utilize the taxonomy term “Microsoft”
The XZ Utils Backdoor has (finally?) penetrated the non-tech press
Those of us who are deep in the tech world remember about 6 weeks ago when all our social media and news feeds were talking about the XZ Utils backdoor. ( Here’s a great writeup from my favorite tech site, Ars Technica)
Really quick, bulleted recap:
- XZ Utils is a really awesome compression format. (In fact, earlier this month I got some Linux image files to run off an SD card that were compressed in xz
- SSH uses XZ Utils
- Only one guy was effectively maintaining it
- Someone or some group pretending to be one person social engineered the maintainer to giving them commit access
- they used that to put some backdoors
- Because it’s in SSH it would have made every computer on the net vulnerable
- LUCKILY it was found (by accident - see the Ars Technica story) before it made it out of most (all?) Linux distro test repositories
I was incredibly surprised to hear about it today on Planet Money’s episode: The hack that almost broke the Internet. It’s a really great episode to share with your non-techie friends who want to understand what you were stressed about and which it matters to everyone, not just techies. Of all the Linux distros, they start off interviewing someone from Red Hat! (My favorite Linux distro family) The episode then goes back to the 1980s to explain the origins of open source (not FLOSS, there’s no rms here - it’s Bruce Perens they interview) before bringing it back to the present and explaining the how the social engineering attack happened and what it affected. (Also a quick moment that explained how MS went from hating OSS to supporting it) I thought it was an incredibly well-produced episode that brings everything into context for those who aren’t neck-deep in Linux and/or open source. Give it a listen and pass it along!
Skype Text Message are NOT Secure
A little less than a month ago Ars had a story about Skype’s text messages being insecure. This is pretty devastating considering how many political activists are using Skype to stay secure from governments like China and Russia. The article doesn’t mention anything about the voice communications, but I would be a little cautious if your life actually depends on it. It turns out that Microsoft is scanning messages between users to make sure they aren’t spam or other bad messages. The problem is that your system is either 100% secure or it’s insecure. If Microsoft can see the messages then anyone else can by hijacking Microsoft’s servers. (And countries like China and Russia definitely have the skills to do that) This is a good reminder that you should make sure to read EULAs because this information has been there since Microsoft bought Skype. I wonder what technology political activists could use to stay safe in light of this revelation.
Replacing the File/Print Server
[caption id="" align=“aligncenter” width=“333” caption=“The old file/print server”] [/caption]
A few years ago I heard about the Fit-PC. It was a computer that was the size of a stack of two or three CD jewel cases running Ubuntu. This was pretty cool, but, most importantly, it only used 15 watts of electricity when under highest load. At first I entertained using it to replace Danielle’s computer to save space in the crowded office we had in the apartment. But the fact that the computer couldn’t easily be upgraded put the kabosh on that. Eventually I turned my attention to replacing our file and print server with one of these. There was just one problem, they cost somewhere in the $300 range so they don’t really pay themselves off quickly enough in electricity saved.
Microsoft Walks Away from Hostile Takeover of Yahoo!
If this story is accurate, then Micro$oft has withdrawn their offer to buy Yahoo! This is great news because I love the guys at Yahoo and the programs they run, such as Flickr and delicious and I love the fact that they use FreeBSD for their servers. You can bet that Microsoft wouldn’t have been having any of that and would have made them switch to the inferior Microsoft IIS. Plus, they probably would have wrecked my Flickr!