Show Notes: linuxactionnews.com/191

The post Linux Action News 191 first appeared on Jupiter Broadcasting.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database

In V2 of Pwned Passwords, launched last week, Hunt updated his password data set from 320 million passwords to 501 million new passwords, pulled from almost 3,000 breaches over the past year.

• AgileBits Blog | Finding Pwned Passwords with 1Password

First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

• Troy Hunt: I’ve Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

tl;dr – a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven’t been seen in HIBP before. Those 80M records are now searchable

Apple’s China data migration includes iCloud keys, making data requests easier for authorities

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

• Microsoft’s Big Email Privacy Case Heads to the Supreme Court Tomorrow

Researchers Propose Improved Private Web Browsing System

In a paper (PDF) describing Veil, Frank Wang – MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), Nickolai Zeldovich – MIT CSAIL, and James Mickens – Harvard, explain that the system is meant to prevent information leaks “through the file system, the browser cache, the DNS cache, and on-disk reflections of RAM such as the swap file.”

• Your private browsing isn’t as incognito as you want it to be

Nearly 8,000 Security Flaws Did Not Receive a CVE ID in 2017

A record-breaking number of 20,832 vulnerabilities have been discovered in 2017 but only 12,932 of these received an official CVE identifier last year, a Risk Based Security (RBS) report reveals.

What is Serverless Architecture? What are its criticisms and drawbacks?

Serverless architectures refer to applications that significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”), the best known vendor host of which currently is AWS Lambda.

The big promise:

• NO SERVER MANAGEMENT

There is no need to provision or maintain any servers. There is no software or runtime to install, maintain, or administer.
FLEXIBLE SCALING

Your application can be scaled automatically or by adjusting its capacity through toggling the units of consumption (e.g. throughput, memory) rather than units of individual servers.

• HIGH AVAILABILITY

Serverless applications have built-in availability and fault tolerance. You don’t need to architect for these capabilities since the services running the application provide them by default.

• NO IDLE CAPACITY

You don’t have to pay for idle capacity. There is no need to pre- or over-provision capacity for things like compute and storage. For example, there is no charge when your code is not running.

Develop, test and deploy in a single environment, to any cloud provider. You don’t have to provision infrastructure or worry about scale. Serverless teams cut time to market in half.

• Maybe the ultimate layer of abstraction.
• Your not paying for un-utilized hardware/server time
• The vendor, like Amazon, is patching/maintaining the server base for you. Removing the developer from the process.
• Traditional server management roles may start to transition to service management, configuration, and manage all the abstractions AWS gives you. IE the admins role goes from one wrangeling the operating system, to wrangling layers of abstraction and independent services.

The big constraint:

• No local disk, you send data in, and data comes out.
• Not ideal for ongoing workloads.

The big secure:

• Serverless Security: What’s Left to Protect?

Open Source FaaS:

• OpenFaaS – Serverless Functions Made Simple

Serverless Functions Made Simple for Docker and Kubernetes

• open-lambda/open-lambda
• Iron.io – DevOps Solutions from Startups to Enterprise
• Apache OpenWhisk is a serverless, open source cloud platform

Feedback

• David’s Drive Tips

• Alex has BIG cloud storage requirements….

The post A Future Without Servers | TechSNAP 358 first appeared on Jupiter Broadcasting.

Episode Links

• Red Hat at Mobile World Congress 2018 — Connect with Red Hat onsite at Mobile World Congress 2018 to see why 100% of telecommunications organizations in the global Fortune 500 rely on Red Hat technology.

• Mobile World Congress 2018 | Ubuntu Insights — Today Canonical operates telco networks worldwide in partnership with leading hardware and NFV vendors . We’re also collaborating with institutions worldwide to build tomorrow’s applications on Ubuntu: blockchain, machine learning, robotics or autonomous vehicles… To make sure that your infrastructure will be future proof.* FCC Will Auction 5G-ready 3.7–4.2GHz and mmWave Spectrum — Speaking at the Mobile World Congress today in Barcelona, Spain, U.S. FCC chairman Ajit Pai today announced that the commission is prepared to quickly make 5G-ready wireless spectrum available in two critically important ranges: Mid-frequency, including both 3.5GHz and 3.7–4.2GHz ranges, and high-frequency, including 24GHz and 28GHz millimeter wave (mmWave) ranges. Pai suggested that the FCC is ready to auction the spectrum in the near future, but requires Congressional cooperation by May 13 to make the 24GHz and 28GHz allocations happen.

• Samsung Galaxy S9, Nokia 8110: All smartphones unveiled at MWC 2018 — With 5G technology taking an increasing share of the spotlight, as top executives stress the importance of the next generation of mobile networks, smartphones are still very much center stage.

• How to find out if an old password has been stolen — The Pwned Passwords tool, integrated into the popular password manager 1Password, lets customers type in an old password and find out if it’s been leaked in a data breach.

• Pwned Passwords — With Half a Billion Passwords for Download* Apple confirms it now uses Google Cloud for iCloud services – The Verge — Apple has confirmed that it uses Google’s public cloud to store data for its iCloud services in its latest version of the iOS Security Guide last month, as spotted by CNBC.

• Apple confirms it uses Google cloud for some of iCloud | Hacker News — From Apple’s actual iCloud security document:

Each file is broken into chunks and encrypted by iCloud using AES–128 and a key derived from each chunk’s contents that utilizes SHA–256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.

• Vulkan is coming to macOS and iOS, but no thanks to Apple | Ars Technica — The open source, royalty-free release of MoltenVK—a runtime for macOS and iOS that offers an almost complete subset of the Vulkan API implemented using Metal. Released under the Apache 2 license

• Israel-Based Vendor Cellebrite Can Unlock Every iPhone, including the Current-Gen iPhone X, That’s On the Market: Forbes – Slashdot — The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.”

The post Can We Get This Right? | T3 262 first appeared on Jupiter Broadcasting.