Linux Blimp

DevOps and cloud computing have become two of the ways companies can achieve this needed transformation, though the relationship between the two is not easily reconciled—DevOps is about the process and process improvement, while cloud computing is about technology and services. It’s important to understand how the cloud and DevOps work together to help businesses achieve their transformation goals.

Different organizations outline DevOps in different ways. This article does not debate which definition is correct, but rather presents them both to focus on the cloud’s benefit to DevOps. That said, DevOps definitions generally fall into two terms:

1. In organizations it is defined as developer-friendly operations—IT operations are run separately yet in a way that is much more friendly to developers (e.g., self-service catalogs are provided to developers for stipulating infrastructure or providing technology-enabled pipelines for deploying new code).
2. DevOps as a single consolidated team is habituated in organizations—developers take on operations responsibilities and vice versa.

Companies that focus on developers for operations often use cloud computing to speed developer productivity and efficiency. Cloud computing permits developers more control over their own components, resulting in smaller wait times. This application-specific architecture makes it easy for developers to own more components. By using cloud tools and services to automate the process of building, managing and provisioning through the code, service teams speed up the development process, eliminate possible human error and establish repeatability.

Source

Linux News
The world is talking about GNU/Linux and Free/Open Source Software

The PCLinuxOS Magazine staff is pleased to announce the release of the November 2018 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community. The magazine is lead by Paul Arnote, Chief Editor, and Assistant Editor Meemaw. The PCLinuxOS Magazine is released under the Creative Commons Attribution- NonCommercial-Share-Alike 3.0 Unported license, and some rights are reserved. All articles may be freely reproduced via any and all means following first publication by The PCLinuxOS Magazine, provided that attribution to both The PCLinuxOS Magazine and the original author are maintained, and a link is provided to the originally published article. In the November 2018 issue: * Microsoft Open Sources Over 60,000 Patents To Help Linux * GIMP Tutorial: How To Apply A Sepia Tone * PCLinuxOS Family Member Spotlight: Lifeless_User * Short Topix: Linux Is Changing The Face Of End-User Computing * ms_meme’s Nook: Booting From Both Sides * The Death Bell Tolls For G+ * Firejail, Easy Sandbox On PCLinuxOS * PCLinuxOS Recipe Corner * ANGRYsearch * And much more inside! This month’s cover was designed by parnote. Download the PDF (5.6 MB) https://pclosmag.com/download.php?f=2018-11.pdf Download the EPUB Version (4.3 MB) https://pclosmag.com/download.php?f=201811epub.epub Download the MOBI Version (4.4 MB) https://pclosmag.com/download.php?f=201811mobi.mobi Visit the HTML Version https://pclosmag.com/html/enter.html

Source

We rely on our phones to process and store reams of personal digital data. Our digital activities — from checking bank balances to paying for a product with a tap of the screen, to sending friends and family messages over social media, to accessing work emails remotely — have turned our phones into a goldmine of personal information.

It’s likely that by 2020, there will be
more than 6 billion smartphone users in the world.

How secure is your mobile device? It’s easy to forget that your mobile phone is essentially a pocket-sized computer and that, just as with any device that can connect to the Internet, mobile phones are at risk of a cyberattack.

The good news is that mobile malware is still relatively uncommon, with the total rate of infections standing at 8 percent. Mobile malware is outnumbered by PC attacks 40-1, as mobiles operate on far more customized systems, and malware must be tailored to a specific system.

However, mobile malware has been increasing at an alarming rate. There was a
27 percent increase in new mobile malware in the last quarter of 2017, according to McAfee.

Securing your mobile phone should be a top priority, both for personal and business use.

Types of Mobile Malware

The types of mobile malware users may be exposed to are many and varying. Following are some examples:

• Mobile spyware: This form of malicious software can infiltrate seemingly benign programs and secretly monitor your activity, record your location, and steal sensitive passwords. You may even have inadvertently granted an app access to harvest this information when you downloaded it.
• Rooting malware: A particularly unsavory form of malware, these bugs gain root access to a compromised device in order to provide hackers with administrative privileges and access to users’ files. Some rooting malware, such as Ztorg, are able to embed themselves into the system folders, so that even a factory reset won’t be able to remove them.
• Mobile banking Trojans: As mobile banking grows in popularity, an increasingly grave problem in the cybersecurity world is mobile banking viruses. In 2017, mobile banking Trojans
  attacked close to 260,000 users across 164 countries. Attackers masquerade as a legitimate banking app to lure users into installing it, only to steal their credentials.
• SMS malware: This form of malware will manipulate a mobile phone to send premium-rate text messages, often without the user noticing until they receive a shocking bill at the end of the month.

How Your Mobile Phone Can Get Infected

By far the most common way that your device may become infected is if you download a malicious app. Cybercriminals may pirate an existing app and list it on a third-party app store with hidden malware attached, so that users who download the app invite malicious software onto their devices.

Hackers also exploit known vulnerabilities in an operating system, which is why it is paramount that you keep your device up-to-date with the latest software.

The old-school method of sending a virus via fake emails can pose a threat to mobile phones as well, and this extends to suspicious texts. If you click a link on a fraudulent email or text, it probably will send you to a dummy site and automatically download malware onto your device.

Another way you might expose yourself to an attack is by connecting to a public WiFi hotspot. As public WiFi is usually unencrypted, attackers can intercept the data stream between the user and the access point. Known as a “man-in-the-middle attack,” this can enable intruders to eavesdrop on any conversations carried out over the compromised network.

Android vs. iOS

Google’s Android is the main target for malware, with a reported
19 million malware programs developed especially for Android. The reason for this is three-fold: Android’s dominance of the global smartphone market; the inconsistency of updates to the Android operating system; and its relatively open system for the distribution of apps.

1. More Android phones to attackAlthough the Apple logo may have become ubiquitous over the years, 85 percent of smartphone users worldwide have an Android phone. Big name brands such as Samsung, Huawei and HTC all run on Google’s Android OS.
2. Frequency of OS updatesAndroid’s updates are more fragmented. When Google releases an update to Android, it takes some time for consumers to receive it, unless they have a Google branded device, such as a Pixel.

   Non-Google Android devices, however, are customized with different apps and services, depending on the device manufacturer and network carrier behind the phone. Each customized version rolls out Android updates at a different rate.

3. Openness of platformAndroid has a more open and adaptable platform that renders it more vulnerable to cyberattacks than the Apple iOS. Users can download apps from third-party sources, which are not regulated by Google Play.

   This is how the majority of the 10 million Android devices became infected by the Adware Hummingbad in 2016, although a variant of the malware subsequently was discovered on 20 apps in Google’s official Play Store.

   The so-called “walled garden” of Apple’s App Store, on the other hand, means that all iPhone apps are heavily vetted by Apple before they can be listed in this centralized point of distribution.

iOS Weaknesses

Nevertheless, Apple’s iOS is not entirely failsafe. The large-scale XCodeGhost attack that occurred in China in 2015 compromised more than 39 apps, including older versions of the popular WeChat app.

The hackers had infiltrated the App Store by offering a counterfeit version of Apple’s XCode software to developers. They then were able to steal data and send fake alerts to compromised devices to trick users into revealing their information.

Jailbroken iPhones, in particular, are at risk of a malware attack, because they circumvent the security restrictions imposed by the App store. Users may wish to jailbreak their phones in order to gain access to free apps or those that are not available on the App Store. However, this opens them up to significant risks, and users may find they have accidentally downloaded a dangerous app.

The KeyRaider hack of 2015, for instance, compromised more than 225,000 Apple accounts by targeting jailbroken iPhones and iPads.

What Are the Signs of a Malware Attack on Your Phone?

If you contract a virus on your computer, it can be quite straightforward to spot that something has gone wrong. You’ll probably see hundreds of irritating pop-ups or find that your computer starts to randomly and sporadically crash.

The signs of an infection on your mobile phone, however, may be harder to spot. You may have some malware lurking in the background and corrupting your phone without even realizing it.

Key signs to look for are if your device suddenly begins to operate more slowly, or your battery drains more rapidly than usual. Far more than an indication that you need a phone upgrade, a noticeable and sudden drop in performance could be a sign of an infection.

Another tell-tale sign to assess whether you may have a virus on your phone is if you see sudden spikes in your data usage. This could be a result of a virus running background tasks that you aren’t aware of, or trying to access the Internet in order to transmit data from your phone.

Strange charges on your monthly bill also could be symptomatic of a virus, as some malware can make money from sending premium texts from your phone without you noticing. Be sure to review your bill routinely so you can catch any dangerous viruses early.

How to Remove Mobile Malware

If you suspect that your phone may have been compromised, what steps can you take to remove malicious software?

Let’s first consider how to remove mobile malware from an Android phone.

You need to start by putting your phone into Safe Mode. You can do this by holding down the power off button until you’re prompted to reboot your device to Safe Mode. The Safe Mode will disable all third-party apps, so if you find that your device then works smoothly, you can be confident that a virus is at the root of your problem.

Then go into your settings and to the apps folder. Scan for the app that you think might be the culprit, or for anything that you don’t recall downloading. You can remove it manually by clicking the uninstall button.

Top Tip: Sometimes the uninstall button will be gray and won’t respond when you tap on it, because the malicious app has granted itself administrator status. In that case, you need to go into the security settings and deactivate administrator rights for the malicious app in question. You then should be able to remove the app from the app list.

If you are still unable to remove the malicious software from your device, you will need to do a full factory reset. This can be achieved by going into your phone settings and erasing all data.

Be sure that you have backed up any important files before you do this, as you will not be able to retrieve your beloved photos and important contact list afterward.

How do you remove a virus from an iPhone?

As explained above, iOS malware is far rarer than Android malware, but attacks are still possible. Respectable apps may have had malicious code inserted in them by a hacker. Users who have jailbroken their phones may have inadvertently downloaded a malicious app.

The good news is that iOS’ sandboxing structure, which restricts every app’s access, prevents any malware from spreading to and corrupting other apps or the underlying operating system.

This means that it is quite simple to see which is the compromised app causing your phone to malfunction. You’ll only have problems when the app in question is open.

First, see if there is a newer version of the app in the App Store, as the problem may have been identified and resolved in a new update. If not, you will need to outright remove the app from your device by uninstalling it.

If the virus is manifesting itself as a redirect to a spammy Web page, you’ll also want to clear your Safari history and data.

Tips for Securing Your Mobile Phone

Of course, the most effective way to protect your phone from malware is to take preventative steps to reduce the likelihood of contracting an infection in the first place.

Following are our top tips for securing your mobile phone:

1. Be wary of public WiFi hotspotsDo not access any sensitive information through public WiFi, such as logging into your bank or checking sensitive work emails, as a hacker may be able to intercept your communication through a “man-in-the-middle” attack. It is far more secure to use a 3G or 4G instead, or to use a VPN.
2. Do not jailbreak or root your deviceIt may sound appealing to be able to download paid apps for free by jailbreaking your iPhone or rooting your Android, but this removes the protection from Apple and Google respectively. Proceed with caution if you do go down this route, or you may find yourself vulnerable to malicious apps.
3. Only download apps from the official app storesSavvy hackers have been known to slip past the walled garden of the App Store and the security measures of Google Play Protect, but your chances of downloading a malicious app are far lower if you stick to the official app stores.
4. Update your operating systemCybercriminals exploit vulnerabilities in operating systems to gain access to outdated smartphones. Be sure to install updates to your software as soon as a new version is released, to minimize this risk.
5. Encrypt your deviceEncrypting your phone will scramble all files so that only you have access to them. You’ll need to enter a PIN or password to decrypt your phone every time you want to use it.
6. Review your access permissionsOften when consumers download new apps they don’t take the time to read the Terms & Conditions, or consider what data they are allowing the app to access.

   In some cases, it may be useful to allow an app to access your location, such as a transport or weather app. But does the app need to know your location even when you’re not using it? Review your app permissions in your privacy settings, and disable any consents that don’t seem essential.

I hope that you found this article on mobile phone security useful — and that you now know that protecting your device involves far more than just sticking a screen protector and case on it!

Source

Share with friends and colleagues on social media

Many service providers face the challenge of competing with the pace of innovation and investments made by hypercloud vendors. You constantly need to enable new services (e.g., containers, platform as a service, IoT, etc.) while remaining cost competitive. The proprietary cloud platforms used in the past are expensive and struggle to keep up with emerging technologies. It’s time to start planning your future with an open source solution that enables a software defined infrastructure for rapid innovation.

A growing number of service providers have selected OpenStack due to its low cost and its rapid pace of innovation. Many new technologies are introduced early in their development in OpenStack prior to making their way to proprietary and hyper-cloud platforms. Well known examples include containers, platform as a service and network function virtualization. Why not leverage the work of a growing community of thousands of open source developers to gain a competitive edge?

For those service providers unfamiliar with OpenStack, SUSE recently published a paper entitled, “Service Providers: Future-Proof Your Cloud Infrastructure,” to highlight some of the architectural choices you will need to make when implementing an OpenStack environment. While the concepts are not new, several decisions will need to be made up-front based on the data center footprint you wish to address.

While OpenStack may seem a bit complex at first, the installation and operations of vendor supplied distributions have greatly improved over the years. Support is available from the vendors themselves as well as from a large community of developers. Most service providers start with a relatively small cloud and build from there. Since OpenStack is widely supported by most hardware and software vendors, you can even repurpose your existing investments. The upfront cost to begin your OpenStack journey is low. When you’re ready to get started, SUSE offers a free 60-day evaluation trial of our solution (www.suse.com/cloud).

Now is the time to map out the future of your software-defined infrastructure. Take advantage of the most rapidly evolving cloud platform with no vendor lock-in. Build your offering on some of the best operations automation available today. OpenStack is the best way to control your own destiny. For more information, please visit our site dedicated to cloud service providers at www.suse.com/csp .

 

Share with friends and colleagues on social media

Source

By default, Apple’s custom Mac silicon, the T2 Security Chip, prevents it from booting into unrecognized OS environments. But, Apple’s not stopping power-users from changing that in settings.

Apple’s T2 Security Chip provides a lot of great features for the vast majority of people, including secure boot, real-time AES 256-bit data encryption, and even Touch ID authentication for MacBook Air and MacBook Pro. For them, it’s on by default and should just be left on by default.

Because of that security, it’s led some power-users to believe that Apple is locking down T2 machines, including those MacBooks as well as the iMac Pro and new Mac mini, so completely you will no longer be able to do things like boot into Linux.

My understanding is that you can, in fact, boot into Linux if you really want to. You just need to disable secure boot on your Mac first.

Here’s what the default, “Full Securit”y does:

Full Security is the default Secure Boot setting, offering the highest level of security. This is a level of security previously available only on iOS devices.
During startup, your Mac verifies the integrity of the operating system (OS) on your startup disk to make sure that it’s legitimate. If the OS is unknown or can’t be verified as legitimate, your Mac connects to Apple to download the updated integrity information it needs to verify the OS. This information is unique to your Mac, and it ensures that your Mac starts up from an OS that is trusted by Apple.

To change it:

1. Turn on your Mac, then press and hold Command (⌘)-R immediately after you see the Apple logo to start up from macOS Recovery.
2. When you see the macOS Utilities window, choose Utilities > Startup Security Utility from the menu bar.
3. When you’re asked to authenticate, click Enter macOS Password, then choose an administrator account and enter its password.

From there, if you want to boot into Linux, you want t choose the “No Security” option.

Here’s how Apple describes it:

The No Security setting doesn’t enforce any of the above security requirements for your startup disk.

Because the T2 Security Chip is no longer verifying the system integrity, you will lose Touch ID authentication for Apple Pay. That’s because it can no longer guarantee the security of the connection between Touch ID and the purchase either. If you have an iPhone or iPad, though, you can still use those to authenticate Apple Pay on your Mac, just like you would on a Mac with no built-in Touch ID.

I haven’t had time to test booting into Linux on the new Mac mini yet, so it’s possible there are other levers that need pulling to make it all work, but there’s nothing Apple’s doing to actively prevent people who really want to boot into Linux to do it. And I’m looking forward to trying it out myself in the very near future.

Source

Vendetta Online is a popular online video game built by Guild Software Inc. It’s a very addictive game where thousands of players meet, interact, fight, and make alliances. Players take the role of spaceship pilots, flying to missions, planets, and stations all over the galaxy. All the combat is done in real time, against other people or NPCs (Non-player characters).

Participate in large scale battles

Gamers can even participate in large scale battles between nations or with the aliens. Vendetta Online has a complete economic system, making use of trading, mining, and smuggling. In this game you will be able to pilot your own ship in a single, persistent virtual universe. New gameplay content, such as missions, equipment, ships or trade items can be unlocked during the normal evolution of your character.

Ships are highly customizable

The ships are highly customizable, allowing the player to change its design and add new, powerful functionality. In addition, you can transform it into a trading ship or a combat one. Players can choose to be a military pilot, despicable pirate, guard for hire, peaceful trader, or whatever they desire. In addition, the difficulty of missions will increase as the player becomes more popular.

Play in lawless places

Another interesting feature is the ability to choose to play in lawless places or locations that are governed by the law. No matter in which one of them you decide to play, they all have their dangers. The game is actively developed by a group of talented developers who listen to their community and integrates new functionality or repairs flaws with every new release.

Runs on Linux, Mac and Windows

The software has been crafted to support the Linux, Microsoft Windows and Mac OS X operating systems. It is a true MMORPG (Massively Multiplayer Online Role-Playing Game) that can be played by players of all ages. If you like MMORPG games, then we suggests to give Vendetta Online a try. It is the best of its kind for Linux operating systems, and we promise that you won’t regret it a bit!

Source

Maybe you’ve heard of Go. It was first introduced in 2009, but like any new programming language, it took a while for it to mature and stabilize to the point where it became useful for production applications. Nowadays, Go is a well-established language that is used for network and database programming, web development, and writing DevOps tools. It was used to write Docker, Kubernetes, Terraform and Ethereum. Go is accelerating in popularity, with adoption increasing by 76% in 2017, and now there are Go user groups and Go conferences. Whether you want to add to your professional skills, or are just interested in learning a new programming language, you may want to check it out.

Why Go?

Go was created at Google by a team of three programmers: Robert Griesemer, Rob Pike, and Ken Thompson. The team decided to create Go because they were frustrated with C++ and Java, which over the years had become cumbersome and clumsy to work with. They wanted to bring enjoyment and productivity back to programming.

…The idea of Go’s design is to have the best parts of many languages. At first, Go looks a lot like a hybrid of C and Pascal (both of which are successors to Algol 60), but looking closer, you will find ideas taken from many other languages as well.

Go is designed to be a simple compiled language that is easy to use, while allowing concisely-written programs that run efficiently. Go lacks extraneous features, so it’s easy to program fluently, without needing to refer to language documentation while programming. Programming in Go is fast, fun, and productive.

Read more at Jayts.com

Source

On Raspberry Pi devices, the widely used and officially recommended operating system is Raspbian. Raspbian is based on Debian GNU/Linux. On Raspbian, the default web browser is Chromium. Chromium is the open source version of Google Chrome. It’s great. But many people like Firefox. If you’re one of these people, then this article is for you. In this article, I will show you how to install Firefox on Raspberry Pi devices with Raspbian operating system installed. So, let’s get started.

Firefox is not installed by default on Raspbian operating system. But it is available in the official package repository of Raspbian. So, it is very easy to install.

First, update the APT package repository cache with the following command:

$sudo apt  update

The APT package repository cache should be updated.

Now, run the following command to install Firefox on Raspbian:

$ sudo apt install firefox-esr

Now press y and then press <Enter> to continue.

Firefox should be installed.

Running Firefox on Raspbian:

Firefox on Raspbian is labeled as Firefox ESR. You can find Firefox ESR in the application menu of Raspbian. To start Firefox, click on the Firefox ESR icon as marked in the screenshot below.

As you’re running Firefox for the first time, Firefox should ask you whether you want to import bookmarks from other browsers or not. As you can see, Chromium is listed here. If you want to import bookmarks from Chromium (the default browser on Raspbian), select it and click on Next as marked in the screenshot below.

If you don’t want to import bookmarks from other browsers, just select Don’t import anything and then click on Next. I will go ahead and import the bookmarks from Chromium. It will be very helpful.

As you can see, I am running Firefox ESR 52.9.0 32-bit version.

Setting Firefox as the Default Browser on Raspbian:

Chromium is set as the default browser on Raspbian. So, when you click on the web browser icon as marked in the screenshot below, Chromium browser opens up.

If you want to set Firefox as the default browser on Raspbian, run the following command:

$ sudo update-alternatives –config x-www-browser

Firefox is in the list and the selection number of Firefox is 4 as you can see in the marked section of the screenshot below. Yours may be different depending on what browsers you have installed. Now, type in the selection number (in my case 4) and press <Enter>.

Firefox should be set as the default browser on Raspbian.

My Thoughts on Firefox in Raspberry Pi:

I am using Raspberry Pi 3 Model B single board computer for quite a while. It’s good. It has good hardware specification. But Firefox is a bit laggy on Raspberry Pi 3 Model B. If you’re using older version of Raspberry Pi, then it may not be useable at all. I prefer the default Chromium browser for Raspberry Pi 3 Model B. It also lags a bit, but not as much as Firefox.

So, that’s how you install Firefox on Raspberry Pi with Raspbian installed. Thanks for reading this article.

Source

Do you take your online privacy seriously?

Most people don’t. They have an ideal scenario of just how private their online activities should be, but they rarely do anything to actually achieve it.

The problem is that bad actors know and rely on this fact, and that’s why there’s been a
steady rise in identity theft cases from 2013 to 2017. The victims of these cases often suffer a loss of reputation or financial woes.

If you take your online privacy seriously, follow this 10-step guide to protect it.

1. Beware of Internet Service Providers

You may not be aware of it, but your ISP already might know
all about your online searches.

Each time you search for something online, your browser sends a query to a DNS server. Before the query reaches a DNS server, however, it first has to go through your ISP. Needless to say, your ISP easily can read and monitor these queries, which gives it a window into your online activity.

Not all ISPs monitor your browser queries but the ones that don’t are the exception and not the rule. Most ISPs will keep records of your Web browsing for a period of a few months to a year. Most ISPs don’t record your texts, but they do keep records of who texted you.

There are two ways to protect your privacy if you don’t want your ISP monitoring your browser queries: 1) Switch to an ISP that doesn’t monitor your online data, if practicable; or 2) Get a VPN to protect your data (more on this later).

2. Strengthen and Protect Your Login Credentials

One thing most people take for granted is the login credentials they use to access their many online accounts. Your username and password are the only things keeping your information and privileges from getting into the wrong hands. This is why it’s important to make them as strong as possible.

Choose a strong username that is simple and easy to remember but can’t easily be linked to your identity. This is to prevent hackers from correctly guessing your username based on your name, age, or date of birth. You’d be surprised just how cunningly hackers can find this information. Also, never use your Social Security Number as your username.

Next, pick a strong password. There are many ways to do this, but we can narrow them down to two options: 1) Learn how to make strong passwords; or 2) Use a password manager app.

Learning how to make a strong password requires time and imagination. Do you want to know what the most common passwords are? They are “1234,” “12345,” “0000,” “password” and “qwerty” — no imagination at all. A password combining your name and date of birth won’t cut it. Nor will a password that uses any word found in the dictionary.

You need to use a combination of upper and lower case letters, numbers, and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to figure out. In fact, you can
try your password if you want to see just how long it will take to crack.

If you don’t have the time and imagination to formulate a strong and complex password, you can use one of the
six best password managers. These apps not only save you the hassle of memorizing your complex passwords but also auto-fill online login forms and formulate strong passwords for you.

Whether you want to learn how to make strong passwords or choose to install a password manager app is up to you. What you should never neglect, though, is 2FA (2-factor authentication). 2FA adds an extra layer of protection for your passwords in case someone ever does learn what they are. In fact, you may already have tried it when logging into an account on a new device.

The app or service requires you to key in the access code sent to another one of your devices (usually your phone) before you are given access to your account. Failing to provide this access code locks you out of your account. This means that even if hackers obtain your login credentials in some way, they still can’t log into your account without the access code.

Never use the same usernames or passwords for different accounts. This prevents hackers from accessing multiple accounts with just one or more of your login credentials. Also, never share your login credentials with anybody —
not even your significant other.

3. Check the WiFi You’re Using

Have you ever heard of a
KRACK attack? It’s a proof-of-concept cyberattack carried out by infiltrating your WiFi connection. The hacker then can steal information like browsing data, personal information, and even text message contents.

The problem is that not even WPA2 encryption can stop it. This is actually why The WiFi Alliance started development of WPA3, which it officially introduced this summer.

Do you need WPA3 to defend against KRACK attacks? No. You just need to install security updates when they become available. This is because security updates ensure that a key is installed only once, thereby, preventing KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and by using a VPN.

You also can use a VPN to protect your device whenever you connect to a public network. It prevents hackers from stealing your information via a MitM (Man in the Middle) attack, or if the network you’ve connected to is actually a rogue network.

4. Watch Your Browser

If you read through your browser company’s Terms of Use and Privacy Policy, you might find that they actually track your online activities. They then sell this information to ad companies that use methods like analytics to create a profile for each user. This information then is used to create those annoying targeted ads.

How do they do this?

Answer: Web cookies.

For the most part, Web cookies are harmless. They’re used to remember your online preferences like Web form entries and shopping cart contents. However, some cookies (third-party cookies) are made specifically to remain active even on websites they didn’t originate from. They also track your online behavior through the sites you visit and monitor what you click on.

This is why it’s a good idea to clear Web cookies every once in a while. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an overall inconvenient browsing experience.

Another way to address the monitoring issue is to use your browser’s Incognito mode. Your browser won’t save any visited sites, cookies, or online forms while in this mode, but your activities may be visible to the websites you visit, your employer or school, and your ISP.

The best way I’ve found so far is to replace your browser with an anonymous browser.

One example is TOR (The Onion Browser). TOR is a browser made specifically to protect user privacy. It does this by wrapping your online data in several layers of encryption and then “bouncing” it for the same number of times before finally arriving at the right DNS server.

Another example is Epic Browser. While this browser doesn’t run on an onion network like TOR, it does do away with the usual privacy threats, including browsing history, DNS pre-fetching, third-party cookies, Web or DNS caches, and auto-fill features. It automatically deletes all session data once you close the browser.

SRWare Iron will be familiar to Google Chrome users, since it’s based on the open source Chromium project. Unlike Chrome, however, it gets rid of data privacy concerns like usage of a unique user ID and personalized search suggestions.

These three are the best ones I’ve found, but there are other alternatives out there. Whatever privacy browser you choose, make sure it’s compatible with your VPN, as not all privacy browsers are VPN-compatible — and vice-versa.

5. Use a Private Search Engine

Presenting risks similar to popular browsers are the search engines many people use. Most browser companies also produce their own search engine, which — like the browser — also tracks your online searches. These searches then can be traced to your personal identity by linking them to your computer, account, or IP address.

Aside from that, search engines keep information on your location and usage for up to several days. What most people don’t know is that persons in the legal field actually are allowed to use the information collected by search engines.

If this concerns you at all, you may want to switch to a private search engine. These private search engines often work in the same way: They obtain search results from various sources, and they don’t use personalized search results.

Some of the more popular private search engines include DuckDuckGo, Fireball, and Search Encrypt.

6. Install a VPN

What is a VPN, and why do I strongly recommend it?

A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your online data and hiding your true IP address.

Since you already know how online searches are carried out, you already know that browser queries are easily readable by your ISP — or anyone else, for that matter. This is because your online data is, by default, unencrypted. It’s made up of plain text contained in data packets.

You also already know that not even built-in WPA2 encryption is good enough to protect against certain attacks.

This is where a VPN comes in. The VPN courses your online data through secure tunnels until it gets to its intended DNS server. Anyone intercepting your browsing data will find unreadable jargon instead.

You may hear advice against trusting VPNs with your security. I’m actually inclined to partially agree — not all VPNs are secure. However, that doesn’t mean all VPNs are not secure.

The unsecured VPNs I’m referring to are the “free lunch” types that promise to be free forever but actually use or sell your data to ad companies. Use only the safest VPN services you can find.

A VPN is primarily a security tool. While you may enjoy some privacy from its functions, you will want to pair it with a privacy browser and search engine to get the full privacy experience.

A VPN can’t secure your computer or device from malware that’s already present. This is why I always recommend using a VPN together with a good antivirus and firewall program.

Some popular browsers run WebRTC protocols by default. You have to turn off this protocol. This protocol compromises a VPN’s security by allowing your true IP address to be read.

7. Watch Out for Phishing

You may have the best VPN, anonymous browser, and private search engine on the market, but they won’t do you much good if you’re hooked by a phishing scam.

Phishing employs psychological analysis and social engineering to trick users into clicking a malicious link. This malicious link can contain anything from viruses to cryptojackers.

While phishing attacks usually are sent to many individuals, there’s a more personalized form called “spearphishing.” In that case, the hackers attempt to scam a specific person (usually a high-ranking officer at a company) by using information that’s available only to a select few people that the target knows.

So, how do you avoid being reeled in by phishing attacks?

The first option is to learn how to identify phishing attempts. Beware of messages from people you don’t know. Hover over a link before clicking it to make sure it navigates to the site it portrays. Most importantly, remember that if it’s too good to be true, it most likely is.

The second option is to install an antiphishing toolbar. This software prevents phishing by checking the links you click against a list of sites known to host malware or those that trick you into disclosing financial or personal information.

It then will prompt you, once it determines the link to be connected to one of those sites, and provide you with a path back to safety.

The best examples I’ve found are OpenDNS, Windows Defender Browser Protection, and Avira Browser Safety.

8. Encrypt Your Communications

If you’ve been following tech news in the recent months, you may have found an item about the FBI wanting
to break Facebook Messenger’s encryption. Say what you will about the social network giant, but this news reveals one thing: Even the FBI can’t crack encrypted messages without help.

This is why you should always use “encryption mode” in your messaging apps. Apps like Signal, Telegram, and Threema all come with end-to-end encryption and support for text, calls, and even video calls.

If you require constant use of emails, ProtonMail, Tutanota, Mailinator, and MailFence are great alternatives to popular email services that actually monitor your email content.

9. Watch What You Share on Social Media

Social media has become one of the best ways to keep in touch with important people in our lives. Catching up to everyone we care about is just a few clicks away. That said, we’re not the only ones looking at their profiles.

Hackers actually frequent social media sites as they hunt for any personal information they can steal. They even can circumvent your “friends only” information by adding you as a friend using a fake account. I don’t think I need to mention the problems hackers can cause once they’ve stolen your identity.

This is why you should exercise caution about what you share on social media. You never know if hackers are using the photos you share to target you for their next attack. You may want to skip out on filling out your profile completely. Avoid giving your phone or home number, and perhaps use a private email to sign up.

10. Update Early and Often

You may have heard this before but it’s worth repeating now: Don’t ignore system updates. You may not be aware of it, but updates fix many vulnerabilities that could jeopardize your online privacy.

Most people put off installing updates since they always seem to come at inopportune times. Sometimes we just can’t put up with the dip in performance or Internet speed while updates are being installed.

It’s usually best to suffer what minor inconvenience they cause early rather than risk getting caught in the whirlwind of problems hackers can cause if you should get targeted. Most software and apps now come with an auto-update feature, so you won’t have to manually search and download them.

In Conclusion

Privacy is a human right, and our online privacy should be taken seriously. Don’t neglect to take the necessary steps to protect yours.

Beware of your Internet service provider, and always protect your login credentials no matter how strong they are. Remember to check the network you’re connecting to before you log in.

Watch what your browser and search engine are doing, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an antiphishing toolbar.

Always use encrypted messaging, and watch what you share on social media. Finally, never ignore system updates when they become available.

Follow these steps and you’ll soon be on your way to a more private browsing experience.

Source

November 7, 2018

Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that Adobe, Alibaba, Amadeus, Ant Financial, Atlassian, Atos, AT&T, Bandwidth, Etsy, GitHub, Hitachi, NVIDIA, Oath, Renesas, Tencent, and Twitter have joined an ongoing industry effort to combat harsh tactics in open source license enforcement by adopting the GPL Cooperation Commitment. By making this commitment, these 16 corporate leaders are strengthening long-standing community norms of fairness, pragmatism, and predictability in open source license compliance.

We are thrilled to see the continued success of the GPL Cooperation Commitment. Compliance in the open source community is a forgiving process and rightly aimed at maximizing use of open source software.

Today’s announcement follows an earlier wave of adoption of the commitment within the technology industry. Red Hat, Facebook, Google and IBM made the initial commitment in November 2017. They were joined in March 2018 by CA Technologies, Cisco, Hewlett Packard Enterprise, Microsoft, SAP and SUSE. In July 2018, 14 additional companies signed on to the commitment: Amazon, Arm, Canonical, GitLab, Intel Corporation, Liferay, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAS, Toyota and VMware. One month later, in August 2018, the eight funding members of the Open Invention Network (OIN) — Google, IBM, Red Hat, SUSE, Sony, NEC, Philips, Toyota — announced that they had unanimously adopted the GPL Cooperation Commitment. With today’s announcement, more than 40 organizations have adopted the GPL Cooperation Commitment.

The 16 new companies in today’s announcement are a diverse set of technology firms whose participation makes evident the worldwide reach of the GPL Cooperation Commitment. They comprise globally-operating companies based on four continents and mark a significant expansion of the initiative into the Asia-Pacific region. They represent various industries and areas of commercial focus, including IT services, software development tools and platforms, social networking, fintech, semiconductors, e-commerce, multimedia software and more.

The GPL Cooperation Commitment is a means for companies, individual developers and open source projects to provide opportunities for licensees to correct errors in compliance with software licensed under the GPLv2 family of licenses before taking action to terminate the licenses. Version 2 of the GNU General Public License (GPLv2), version 2 of the GNU Library General Public License (LGPLv2), and version 2.1 of the GNU Lesser General Public License (LGPLv2.1) do not contain express “cure” periods to fix noncompliance prior to license termination. Version 3 of the GNU GPL (GPLv3) addressed this by adding an opportunity to correct mistakes in compliance. Those who adopt the GPL Cooperation Commitment extend the cure provisions of GPLv3 to their existing and future GPLv2 and LGPLv2.x-licensed code.

Specifically, the commitment language adopted by each company is:

Before filing or continuing to prosecute any legal proceeding or claim (other than a Defensive Action) arising from termination of a Covered License, [Company] commits to extend to the person or entity (“you”) accused of violating the Covered License the following provisions regarding cure and reinstatement, taken from GPL version 3. As used here, the term ‘this License’ refers to the specific Covered License being enforced.

However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.

[Company] intends this Commitment to be irrevocable, and binding and enforceable against [Company] and assignees of or successors to [Company]’s copyrights.

[Company] may modify this Commitment by publishing a new edition on this page or a successor location.

Definitions

‘Covered License’ means the GNU General Public License, version 2 (GPLv2), the GNU Lesser General Public License, version 2.1 (LGPLv2.1), or the GNU Library General Public License, version 2 (LGPLv2), all as published by the Free Software Foundation.

Defensive Action’ means a legal proceeding or claim that [Company] brings against you in response to a prior proceeding or claim initiated by you or your affiliate.

‘[Company]’ means [Company] and its subsidiaries.

Read the individual commitments:

Supporting Quotes

Michael Cunningham, executive vice president and general counsel, Red Hat
“We are thrilled to see the continued success of the GPL Cooperation Commitment. Compliance in the open source community is a forgiving process and rightly aimed at maximizing use of open source software. Adoption of the commitment by these 16 prominent technology companies strengthens this message and will enhance predictability in the use of open source software.”

Jiangwei Jiang, general manager of Technology R&D, Alibaba Cloud
“Alibaba is an active advocate, contributor and leader in the open source movement, and resorts to openness and inclusiveness to address controversy within the community.”

Benjamin Bai, vice president of Intellectual Property, Ant Financial
“Ant Financial is pleased to join the GPL Cooperation Commitment. Open source software has thrived on the basis of collaboration. Litigation should be used only as a last resort and in a responsible manner.”

Sri Viswanath, chief technology officer, Atlassian
“Atlassian embraces the open source movement and wants to help in responsibly shaping its future. The GPL Cooperation Commitment is a common-sense solution that makes it easier for users to adopt and innovate with open source, which is why we are pleased to join the Commitment.”

Mazin Gilbert, vice president of Advanced Technology and Systems, AT&T Labs
“AT&T is delighted to join the already successful GPL Cooperation Commitment. As a long-time contributor to the open source community, we’re excited to continue on this journey and encourage the spirit of collaboration.”

Mike Linksvayer, director of Policy, GitHub
“We’re thrilled to encourage and join in broad software industry cooperation to improve the legal and policy underpinnings of open source, which ultimately protects and empowers the people–and the community–behind the technology.”

Gil Yehuda, senior director of Open Source, Oath
“Oath is committed to promoting open source success and we support the GPL Cooperation Commitment. Open source collaboration is about working together to make better software for the entire industry.”

Hisao Munakata, senior director of Automotive Technical Customer Engagement Division, Automotive Solution Business Unit, Renesas
“Renesas is committed to being a first-class citizen in an OSS community which is why we contributed to the development of the Linux kernel, especially for the development of device drivers. We strongly believe by supporting the GPL Cooperation Commitment, we will be able to drive the worldwide adoption of the OSS license and bring great advantages to the whole automotive industry.”

Takahiro Yasui, director of OSS Solution Center, Systems & Services Business Division, Hitachi, Ltd.
“It is our pleasure to declare our participation to this Cooperation Commitment. Hitachi has been participating in the open source ecosystem through being a member of wide varieties of open source communities and working with open source organizations. Hitachi believes this activity helps the open source community grow healthy, and accelerate the speed of further open innovation in the open source ecosystem.”

Sam Xu, head of Intellectual Property, Tencent
“Open source is a key part of Tencent’s technology strategy. We look forward to working more closely with the international open source community to create new and cutting edge open source solutions. The GPL Cooperation Commitment will provide more reasonable and predictable protection for developers and contributors, which will foster a thriving and healthy open source ecosystem.”

Remy DeCausemaker, Open Source Program Manager, Twitter
“Twitter is proud to join the GPL Cooperation Commitment. Efforts like these encourage adoption, reduce uncertainty, and build trust. #GPLCC

About Red Hat

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Forward-looking statements

Certain statements contained in this press release may constitute “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; risks related to errors or defects in our offerings and third-party products upon which our offerings depend; risks related to the security of our offerings and other data security vulnerabilities; fluctuations in exchange rates; changes in and a dependence on key personnel; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to meet financial and operational challenges encountered in our international operations; and ineffective management of, and control over, the Company’s growth and international operations, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission’s website at http://www.sec.gov), including those found therein under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations”. In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company’s views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company’s views as of any date subsequent to the date of this press release.

Source