Author: root

Intro

If you’ve been following security news, you’d know that Mac OS High Sierra has a security bug. Most of the articles have done a fine job explaining all the fluff, so I’ll get straight to the point.

If you have no password for the root account (as is the case for most users, since they haven’t explicitly set up a root account and password on their system), then Mac will accept a blank password for logging into root.

A demo is better than a 1000 words, and I’ll show you one real quick-

Demo

Step 1 : Go to a place requiring admin privilege authentication. For example, Users and Groups in System Preferences.

Step 2 : Click on the lock, and you’d be prompted to login.

Step 3 : Change username to root, leave the password field blank (After changing username to root, press tab to move to the password field, then tab again to go back to username field, and then click unlock, otherwise this won’t work).

That’s it. You can get creative regarding what all you can accomplish with this. I haven’t tried it, but I’ve heard that this attack (bug :p) works remotely!

Fix

Seeing as how this bug puts your system at risk, I’m sure you are curious as to how to fix it. One way is to give your root account a password.

However, on 29th Nov apple released a security update for this bug. We’ll simply use that. Here’s the update –

https://support.apple.com/en-us/HT208315

(the section below uses info from the linked page)

Let’s first check if the update is installed.

For that, type this on your terminal and hit enter-

what /usr/libexec/opendirectoryd

If your output is something like this, then you have an old version of the update installed-

If it’s one of these two, or a more recent version (higher numbers), then you’re good

opendirectoryd-483.1.5 on macOS High Sierra 10.13opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
So, if you have and old version like me, let’s head to the app store and install the update.

Sure enough, here’s the update we need. It’ll take a bit to get installed.

Once that’s done, let’s just run the same command again and verify that the version number increased to our liking. Now we’re all good.

Verify-

Bug seems fixed. That’s it for the post.

Source

Share with friends and colleagues on social media

If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.

Henry David Thoreau

When I think about IT or Digital Transformation, I often think of this quote. To survive, your business must meet the needs of the digital economy; that is, it must keep up with the pace of the smartphone-toting, social-media posting empowered customer. And, your job is to provide the foundation for this. So let’s talk a little about what you need to do to start this transformation.

What is Transforming?

Before we can talk about starting to transform, we have to start with what you are transforming. IT transformation is the process of aligning IT services and business applications so they are in lock-step with the new normal of customer expectations – providing business intelligence, business agility, and the promise of customer-centricity. In many cases, this means more than just a technology shift; it means you also need to review your processes, application architectures, and even organization model – not only your platforms, to align them with the new normal of your business. From process to information to platform, transformation only works if it happens across all dimensions of your enterprise.

Transformational IT: The New Normal

In most businesses, IT is typically heavy on the technical side of the business, while LOB end-users are often the nontechnical experts of the business. However, in the businesses that are embracing transformational IT, the lines between the technical and nontechnical sides of the business become blurred. IT metrics become less focused on response time and problem resolution but more on customer success and revenue growth. This is the new normal — the role of IT shifting so it becomes the technology advisor for the entire organization, providing the tools and solutions required to meet the needs of the digital economy.

Where are the Skills?

Because digital businesses are customer focused, IT departments must provide the tools for responsive and agile behavior. These solutions must be open, providing the ability to engage with a broad ecosystem of partners, suppliers and customers. Additionally IT must also be able to take advantage of technologies such as AI, IoT and blockchain. They must provide new platforms that support delivery of modern, cloud native applications that can evolve rapidly to meet ever-changing demands, and at the same time, they must maintain their core legacy systems.

451 Research Group indicates that “cloud platforms and information security emerged as top areas of IT expertise gaps in 2017.” Couple that with “acute skills shortages in cloud native environments for container and microservices technologies” and it quickly becomes apparent that there is a lack of skills to make the transformation your business desperately needs you to make.

SUSE – Your Complete Solution for IT Transformation

So where do you start? Start with SUSE.

SUSE’s software-defined infrastructure and application delivery roadmap provides all the right solutions to help assist in your transformation – from SUSE OpenStack Cloud to SUSE Enterprise Storage and SUSE Cloud Application Platform to SUSE CaaS Platform.

SUSE Global Services provides flexible consulting delivery solutions and premium support services options to maximize your value from your SUSE solution investments. From SUSE Start consulting engagements to Premium Support Services options, our team has the technical expertise to assist in transforming and supporting your infrastructure. We will help your organization plan and implement your new solutions, facilitating all aspects of your IT transformation.

Our services offerings provide direct access to technical and product experts with whom you can build a trusted relationship. As trusted advisors, our services team helps your organization plan and implement new solutions, facilitating all aspects of your IT transformation.

With SUSE as your trusted partner, you not only get the right software for your transformation, you have access to the right people to get you to your end game. Make SUSE Global Services a part of your total solution. After all, your business has built “castles in the air,” it’s your job to put foundations under them.

Share with friends and colleagues on social media

Source

Oct 16, 2018, 15:00 (0 Talkback[s])

(Other stories by Linuxize)

Whether you want to access the Internet safely and securely while connected on an untrusty public Wi-Fi network, bypass Geo-restricted content or allow your coworkers to connect securely to your company network when working remotely, using a VPN is the best solution. VPN allows you to connect to remote VPN servers, making your connection encrypted and secure and surf the web anonymously by keeping your traffic data private. This tutorial will walk you through the process of setting up your own VPN server by installing and configuring OpenVPN. We will also show you how to generate clients certificates and create configuration files.

Complete Story

Related Stories:

• Networking with OpenVPN(Dec 31, 2009)
• OpenVPN Counters Censorship(Aug 18, 2008)
• OSNews: Introduction to OpenVPN(Jan 27, 2004)
• Troubleshooting OpenVPN 2: Configurations(Feb 27, 2011)
• Virtual Private Network and OpenVPN(Feb 27, 2009)
• Install and Configure OpenVPN Server on Linux(Jun 15, 2011)

Source

As traditional multi-tier enterprise software is adapting to new realities of cloud infrastructure, it also needs to make use of the latest advances in computational and hardware capabilities. Red Hat has been working with major ISVs and partners, like SAP, on digital transformation scenarios while simultaneously helping them to extract additional performance from their hardware with Red Hat Enterprise Linux.

As part of the quest for enhanced performance, the focus for database and analytics applications has been shifting to in-memory execution, a deployment model that SAP HANA is offering. In the future, that trend is likely to include even more complex designs that incorporate entire software frameworks for processing information in-memory, and that is where SAP Data Hub comes into play. As a result, last year Red Hat introduced an enhanced offering, Red Hat Enterprise Linux for SAP Solutions, that is designed to assist our customers in simplifying their adoption of Red Hat Enterprise Linux and to cater to various use cases they may have, including running SAP S/4 HANA.

To further aid customers and partners in planning, sizing and configuring their environments, SAP and Red Hat, along with other software and hardware partners, have historically used a suite of performance benchmarks. For traditional multi-tier deployments, the Sales and Distribution (SD) module became a “gold standard” for benchmarking across largest enterprises and small businesses alike. With a long history of collaboration with SAP and our mutual hardware OEM partners, like HPE and Dell EMC, among others, Red Hat is no stranger to delivering leading results on these benchmarks across multiple server sizes.

To demonstrate performance and provide additional scalability and sizing information for SAP HANA applications and workloads, SAP introduced the Business Warehouse (BW) edition of SAP HANA Standard Application Benchmark. Presently on version 2, this benchmark simulates a variety of users with different analytical requirements and measures the key performance indicator (KPI) relevant to each of the three benchmark phases defined as follows:

1. Data load phase, testing data latency and load performance (lower is better)
2. Query throughput phase, testing query throughput with moderately complex queries (higher is better)
3. Query runtime phase, testing the performance of running very complex queries (lower is better)

As a result of close collaboration with our OEM partners, Red Hat Enterprise Linux (RHEL) was used in several recent publications of the above benchmark.

Specifically, processing 1.3 billion initial records (a popular dataset size) using a single Dell EMC PowerEdge R940xa server, demonstrated that running the workload on Red Hat Enterprise Linux could deliver the best performance across all three benchmark KPIs and outperform similarly configured servers (see Table 1).

Table 1. Results in scale-up category running SAP BW Edition for SAP HANA Standard Application Benchmark, Version 2 with 1.3B initial records

	Phase 1 (lower is better)	Phase 2 (higher is better)	Phase 3 (lower is better)	Technology Release	Database Release
Red Hat Enterprise Linux 7.4 [1]	13,421 sec	10,544	99 sec	SAP NetWeaver 7.50	SAP HANA 1.0
SUSE Linux Enterprise Server 12 [2]	14,333 sec	6,901	102 sec	SAP NetWeaver 7.50	SAP HANA 1.0
Red Hat Enterprise Linux advantage	7%	53%	3%	—	—

Additionally, in a much larger dataset size of 5.2 billion initial records, Dell EMC PowerEdge R840 server running Red Hat Enterprise Linux also outscored similarly configured server on two out of three benchmark KPIs demonstrating better dataset load time and query processing throughput (see Table 2).

Table 2. Results in scale-up category running SAP BW Edition for SAP HANA Standard Application Benchmark, Version 2 with 5.2B initial records

	Phase 1 (lower is better)	Phase 2 (higher is better)	Phase 3 (lower is better)	Technology Release	Database Release
Red Hat Enterprise Linux 7.4 [3]	74,827 sec	3,095	175 sec	SAP NetWeaver 7.50	SAP HANA 2.0
SUSE Linux Enterprise Server 12 [4]	84,744 sec	2,916	172 sec	SAP NetWeaver 7.50	SAP HANA 2.0
Red Hat Enterprise Linux advantage	13%	6%	-1.75%	—	—

These results demonstrate Red Hat’s commitment to helping OEM partners and ISVs deliver high-performing solutions to our mutual customers, and showcase close alignment between Red Hat and Dell EMC that, in collaboration with SAP, led to the creation of certified, single-source solutions for SAP HANA. Available in both single-server and larger, scale-out configurations, Dell EMC’s solution is optimized with Red Hat Enterprise Linux for SAP Solutions.

Learn more: https://www.redhat.com/en/partners/dell and https://www.redhat.com/en/resources/red-hat-enterprise-linux-sap-solutions-technology-overview

Results as of July 30, 2018. SAP and SAP HANA are the registered trademarks of SAP AG in Germany and in several other countries. See http://www.sap.com/benchmark for more information.

[1] Dell EMC PowerEdge R940xa (4 processor / 112 cores / 224 threads, Intel Xeon
Platinum 8180M processor, 2.50 GHz, 64 KB L1 cache and 1024 KB L2 cache per core, 38.5 MB L3 cache per processor, 1536 GB main memory). Certification number #2018023

[2] FUJITSU Server PRIMERGY RX4770 M4 (4 processor / 112 cores / 224 threads, Intel Xeon
Platinum 8180 processor, 2.50 GHz, 64 KB L1 cache and 1024 KB L2 cache per core, 38.5 MB L3 cache per processor, 1536 GB main memory). Certification number #2018017

[3] Dell EMC PowerEdge R840 (4 processor / 112 cores / 224 threads, Intel Xeon
Platinum 8180M processor, 2.50 GHz, 64 KB L1 cache and 1024 KB L2 cache per core, 38.5 MB L3 cache per processor, 3072 GB main memory). Certification number #2018028

[4] HPE Superdome Flex (4 processor / 112 cores / 224 threads, Intel Xeon
Platinum 8180 processor, 2.50 GHz, 64 KB L1 cache and 1024 KB L2 cache per core, 38.5 MB L3 cache per processor, 3072 GB main memory). Certification number #2018025

42.579258
-71.437841

Source

Source

Plex for Linux Now Available as a Snap (betanews.com)

Posted by msmash
on Thursday October 11, 2018 @03:05PM
from the small-steps dept.

An anonymous reader shares a report:
Today, a very popular app, Plex Media Server, gets the Snap treatment. In other words, you can install the media server program without any headaches — right from the Snap store. “In adopting the universal Linux app packaging format, Plex will make its multimedia platform available to an ever-growing community of Linux users, including those on KDE Neon, Debian, Fedora, Manjaro, OpenSUSE, Zorin and Ubuntu. Automatic updates and rollback capabilities are staples of Snap software, meaning Plex users will always have the best and latest version running,” says Canonical.

Organic chemistry is the chemistry of carbon compounds. Biochemistry
is the study of carbon compounds that crawl.
— Mike Adams

Working…
Source

The newly formed studio, Planetary Annihilation Inc, has pushed out their first upgrade for the strategy game Planetary Annihilation: TITANS.

For those not clued up, Planetary Annihilation: TITANS is now being run by a dedicated studio that are going to give it a new life with continued support and plenty of updates. The original Planetary Annihilation is no longer available to buy, with a permanent discount to upgrade to TITANS.

This new “PTE” (public test environment) build is available to opt-in on Steam with no password required. Their aim is to focus on “speed and stability” before upgrading the main tech behind the game. With that in mind they’ve fixed some server-side crash issues, adjusted some balance issues along with some interesting AI changes. The AI, for example, will look to engage in more fights it thinks it can win as well as being better at gathering and using intel.

There’s plenty more multi-threading for servers, improved crash reporting for all platforms, a number of adjustments to improve performance and so on. Overall, it might not sound like a big deal, but it’s a good step forward. You can see the full changes here.

I’ve given the beta version a test for a few hours and it does seem to work fine. Really happy to see the game continue to live on, as it really is quite good. I actually forgot just how much I enjoy this game, watching hundreds on units travel across a world destroying everything in their path.

You can pick up Planetary Annihilation: TITANS on Humble Store and Steam.

Source

Let’s delve into what a VPN is and who needs one before exploring if a VPN is really necessary for Linux users.

If you want a short answer telling you if a VPN, such as Surfshark, is a necessity for Linux users – the answer is maybe. This depends on the network you are connecting to, what you will be doing online, and how important privacy is to you. We are going to help you answer these questions for yourself to determine if a VPN is a necessity.

What is a VPN?

In the simplest terms, a VPN (Virtual Private Network) is a private connection to the internet. This privacy is established by routing your internet traffic through another computer with a secure connection. Anyone watching this traffic will simply know that your computer is communicating with one other computer on the network. This keeps them from intercepting information about the websites and services you are using online.

Your system connects to the VPN service which then connects to the other services you are using online. All your internet traffic is passed through the VPN service in order to protect your anonymity on the internet.

You can either buy a VPN service through a provider like Surfshark or you can self-host your own VPN on a cloud server.

Who needs a VPN?

Even if the connection is secure and the information being sent cannot be seen, the router you connect to can see what site you access, when, and for how long. If you are working with confidential information or trade secrets, that can be very valuable information. This metadata is worth protecting and only sharing with a trusted service.

Even if you are not doing anything that needs to be kept secret, most people prefer to have their online activity remain private. For this reason alone, it is a good idea to use a VPN.

Digital Nomads & Road Warriors

The life of a digital nomad, or a road warrior, involves accessing the internet to get work done from different networks every day. Sometimes you may be on multiple different networks in a single day. These are operated by unknown parties which may, or may not, be trustworthy. This is why many digital nomads and road warriors travel with a VPN.

Work From Home Professionals

Just because you work from home, does not mean you always work at home. With the popularity of coworking spaces around the world, and the people we all see working in coffee shops, working from home often does not mean you are working at home. Obviously, you may want a little privacy when you are using the public WiFi at your local coffee shop.

Public WiFi

Not all public internet hotspots are found in coffee shops. There are many businesses which provide free internet access today and some cities. Each of these offers an opportunity to hop online and get some work done. However, without a VPN, it is possible for these services to see where you are going online – and you may not want them to have that information.

Residential ISP

Do you want your internet service provider to know what you do online all day?

Many jobs that can be done online require access to trade secrets and confidential information. Rather than letting your home internet service provider know what you do online, you can route that traffic through a VPN. This way they can only see that you are communicating with your VPN service, but don’t see what you are accessing on the other end.

Isn’t Linux more secure than Windows?

The security we are talking about with a VPN has little to do with the operating system in use. Windows and Linux both send and receive packets of data on the internet in the same way. Part of this communication involves telling other systems where the packet needs to go.

Those devices at the endpoint for this communication, the router, in this case, can collect a lot of data about where you go online, when, and for how long. It does not matter if your device is using Windows, Linux, or Mac OS to navigate the web, the packets are the same.

Do Linux users really need a VPN?

As you can see, it all depends on the network you are connecting to, what you will be doing online, and how important privacy is to you.

If you are connecting to a trusted network then you can probably operate without a VPN. However, if you don’t trust the network or don’t have enough information to know if you can trust the network, then you will want to use a VPN. As an example, do you know who has access to the information collected by the open WiFi service at your local coffee shop? Would you want them to know where you go online, when, and how long you use that service? If not, then a VPN can help secure that information while you’re using their network.

The question of what you will be doing online is just as important as the trust you place in the network. For example, there are business and personal finance tasks which you would not want to be intercepted. However, most people would not be too concerned about someone having information that shows they checked the weather forecast. What you are doing on the network can determine if a VPN is a necessity for Linux users.

Today, there are some people who have given up on the entire concept of privacy. For them, no VPN may be the way to go. However, the rest of us who value privacy should consider using a VPN just to reduce the amount of information about online activities that are being shared. Using a VPN does not allow your internet provider to see what you are doing online and that privacy can be worth the cost of a VPN for everything.

About the Author

This article was submitted to us by a third-party writer. The views and opinions expressed in this article are those of the author and do not reflect the views and opinions of ThisHosting.Rocks. If you want to write for ThisHosting.Rocks, go here.

Source

The best way to save money on software development is to get it right the first time. Pair programming, an agile technique, saves development costs by putting two coders to work on the same code. Visual Studio Code and tmate bring the promise of pair programming to remote workers.

As agile programming spreads into the IT space, development teams are increasingly relying on a concept known as pair programming [1]. Pair programming is an agile technique that involves two programmers working simultaneously on one computer. Both programmers use their own keyboard and mouse. Ideally, each also has a separate monitor.

In pair programming, one programmer acts as the driver (the person who actively programs), and the other is the navigator. Since both programmers have their own keyboards, the navigator can access the code directly at any time. This leads to those “wait a minute, I’ll show you how to do that” moments where the navigator demonstrates something to the driver or simply corrects an error.

Pair programming proponents believe this technique leads to far cleaner code containing fewer errors. However, pair programming does put a strain on both programmers. Experts recommend that companies use pair programming regularly, but not every day for the entire day. The right chemistry between the two programmers is also important.

[…]

Use Express-Checkout link below to read the full article (PDF).

Source

News briefs for October 15, 2018.

KDE e.V. announces it received a $300,000 USD donation from the Handshake
Foundation. According to the KDE
blog post, it plans to use $100,000 USD of the donation specifically toward development
of the Calligra office suite. Also, KDE celebrated its 22nd anniversary yesterday—Happy Birthday KDE!

UBports
announces Ubuntu Touch OTA-5 is out. This
over the air update of version 16.04 includes a more stable experience and new features, such as the
Morph QtWeb Engine browser, Qt automatic scaling, Kirigami 2 and community
art used for wallpapers, notification tones and ringtones.

Geoclue
2.5 is now available, and coder Zeeshan Ali is asking for help. Geoclue uses
the Mozilla Location Service (MLS), which was launched in 2013 in connection with its
Firefox OS project that has since been abandoned. The service is still
running, and users can contribute data, but it isn’t being maintained or
developed any longer. Zeeshan
Ali writes, “If your company relies on MLS
(directly or through Geoclue) and you’d want to secure the future of Open
Source geolocation, please do get in touch and we can discuss how we could
possibly achieve that.”

Red Hat developer Ivan Chavero yesterday submitted a new patch
for the Linux Code of Conduct. Phoronix
reports that the proposal “drops the
mention of ‘a harassment-free experience for everyone, regardless of age,
body-size, disability, ethnicity, sex characteristics, gender identity and
expression, level of experience, education, socio-economic status,
nationality,personal appearance, race, religion, or sexual identity and
orientation.’ In place Ivan proposes, ‘our community an effective and
enriching experience to any sentient being in the Universe.'”

The Internet Freedom Festival—”5 Years Joining Forces to Fight
Censorship and Surveillance”—is being held in Valencia, Spain, April
1–5, 2019. The call for proposals is open until November 9, 2018. See
the IFF website for more
details, as well as news and updates from the community.

Source