Un bon article d’Ars Technica, avec des détails techniques ▻https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone
Et, en français, un article de Next Inpact ▻https://www.nextinpact.com/news/105638-quad9-resolveur-dns-ouvert-qui-veut-vous-proteger-en-respectant-v
Et un autre article en anglais, très technique ▻https://medium.com/@alexander_band/privacy-using-dns-over-tls-with-the-new-quad9-dns-service-1ff2d2b687c5
A surge of sites and apps are exhausting your CPU to mine cryptocurrency | Ars Technica
▻https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and-apps-are-exhausting-your-cpu-to-mine-cryptocurrenc
The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.
The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App.
Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms—including Magento, Joomla, and Drupal—are also being hacked in large numbers to run the Coinhive programming interface.
Earlier this month, political fact-checking site Politifact.com was found hosting Coinhive scripts in a way that exhausted 100 percent of visitors computing resources. A PolitiFact official told Ars the incident occurred when “an unidentified hacker attached a crypto mining script to the PolitiFact code base being stored on a cloud-based server.” The code has since been removed and was active only when people had a politifact.com window open in their browser.
Don’t look, don’t tell
Coinhive presents its service as a way end users can support sites without viewing online ads, which are often criticized for containing malware that surreptitiously infects visitors with ransomware, password stealers, and other malicious wares. And in fairness, the service only consumes 100 percent of a visitor’s computing resources when the Coinhive’s interfaces are being abused. Still, Coinhive doesn’t require third-party sites to tell visitors their computers and electricity are being consumed in exchange for visiting the site. Coinhive has also done nothing to prevent sites from abusing its programming interface in a way that completely drains visitors’ resources.
Ad blocker AdGuard recently reported that 220 sites on the Alexa top 100,000 list serve crypto mining scripts to more than 500 million people. In three weeks, AdGuard estimated, the sites generated a collective $43,000. Both AdGuard, antimalware provider Malwarebytes, and a variety of their peers have recently started blocking or restricting access to Coinhive crypto mining. Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script.
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping | Ars Technica
▻https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping
Grave failles de sécurité dans le protocole WPA2 utilisé jusqu’ici pour sécuriser les connexions #wifi... Site dédié : ►https://www.krackattacks.com — Permalink
Google admits citing 4chan to spread fake Vegas shooter news | Ars Technica
▻https://arstechnica.com/information-technology/2017/10/google-admits-citing-4chan-to-spread-fake-vegas-shooter-news
4chan was, for some reason, counted among Google News’ “authoritative” sources.
Google News took the unusual step of confirming its use of the imageboard site 4chan as a news source on Monday. The admission followed Google News’ propagation of an incorrect name as a potential shooter in the tragic Las Vegas shooting on Sunday night.
Ubuntu 18.04 To Ship with GNOME Desktop, Not Unity
▻http://www.omgubuntu.co.uk/2017/04/ubuntu-18-04-ship-gnome-desktop-not-unity
Ubuntu 18.04 LTS will use GNOME as its default desktop environment, not Unity. In an extraordinary blog post that I have yet to fully digest, Mark Shuttleworth has announced that Canonical is to end its investment in Unity 8, Ubuntu for Phones and tablets, and end its ambition to seek “convergence”. “I’m writing to let […] This post, Ubuntu 18.04 To Ship with GNOME Desktop, Not Unity, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Le post original qui ne « serait » pas un poisson :
This is a post by Mark Shuttleworth, Founder of Ubuntu and Canonical
We are wrapping up an excellent quarter and an excellent year for the company, with performance in many teams and products that we can be proud of. As we head into the new fiscal year, it’s appropriate to reassess each of our initiatives. I’m writing to let you know that we will end our investment in Unity8, the phone and convergence shell. We will shift our default Ubuntu desktop back to GNOME for Ubuntu 18.04 LTS.
I’d like to emphasise our ongoing passion for, investment in, and commitment to, the Ubuntu desktop that millions rely on. We will continue to produce the most usable open source desktop in the world, to maintain the existing LTS releases, to work with our commercial partners to distribute that desktop, to support our corporate customers who rely on it, and to delight the millions of IoT and cloud developers who innovate on top of it.
We care that Ubuntu is widely useful to people who use Linux every day, for personal or commercial projects. That’s why we maintain a wide range of Ubuntu flavours from both Canonical and the Ubuntu community, and why we have invested in the Ubuntu Phone.
I took the view that, if convergence was the future and we could deliver it as free software, that would be widely appreciated both in the free software community and in the technology industry, where there is substantial frustration with the existing, closed, alternatives available to manufacturers. I was wrong on both counts.
In the community, our efforts were seen fragmentation not innovation. And industry has not rallied to the possibility, instead taking a ‘better the devil you know’ approach to those form factors, or investing in home-grown platforms. What the Unity8 team has delivered so far is beautiful, usable and solid, but I respect that markets, and community, ultimately decide which products grow and which disappear.
The cloud and IoT story for Ubuntu is excellent and continues to improve. You all probably know that most public cloud workloads, and most private Linux cloud infrastructures, depend on Ubuntu. You might also know that most of the IoT work in auto, robotics, networking, and machine learning is also on Ubuntu, with Canonical providing commercial services on many of those initiatives. The number and size of commercial engagements around Ubuntu on cloud and IoT has grown materially and consistently.
This has been, personally, a very difficult decision, because of the force of my conviction in the convergence future, and my personal engagement with the people and the product, both of which are amazing. We feel like a family, but this choice is shaped by commercial constraints, and those two are hard to reconcile.
The choice, ultimately, is to invest in the areas which are contributing to the growth of the company. Those are Ubuntu itself, for desktops, servers and VMs, our cloud infrastructure products (OpenStack and Kubernetes) our cloud operations capabilities (MAAS, LXD, Juju, BootStack), and our IoT story in snaps and Ubuntu Core. All of those have communities, customers, revenue and growth, the ingredients for a great and independent company, with scale and momentum. This is the time for us to ensure, across the board, that we have the fitness and rigour for that path.
▻https://insights.ubuntu.com/2017/04/05/growing-ubuntu-for-cloud-and-iot-rather-than-phone-and-convergence
Ubuntu Unity is dead : Desktop will switch back to GNOME next year
▻https://arstechnica.com/information-technology/2017/04/ubuntu-unity-is-dead-desktop-will-switch-back-to-gnome-next-year
C’est vrai, ce n’est pas un poisson d’avril. Il y a eu depuis d’autres nouvelles qui se sont accumulées sur celle-ci : licenciements suite à la fermetures de ces projets, relance de la comm’ d’Ubuntu pour redonner confiance dans cette distrib…
Donc c’est fini Unity, Mir, Mobile…
Remarquez, vu la force brute que va être #Vulkan ces prochaines années sur le panorama du libre, c’est peut être bien d’arrêter ce projet institutionnel qu’était Ubuntu pour laisser mûrir le reste autour de nouvelles dynamiques.
Par contre dommage de choisir Gnome (3 Shell) qui bafoue certains paradigmes ancestraux des interfaces H/M (comme la continuité des actions utilisateurs).
Vieil article sur le sujet, mais y’en a eu tellement d’autres : ▻http://www.thelinuxrain.com/articles/over-a-month-on-conclusion-to-the-gnome-shell-challenge
#futurologie
at last...
We should respect the GNOME design leadership by delivering GNOME the way GNOME wants it delivered
►http://www.omgubuntu.co.uk/2017/04/whats-next-ubuntu-desktop-mark-shuttleworth
Handful of “highly toxic” Wikipedia editors cause 9% of abuse on the site, by Annalee Newitz | Ars Technica
▻https://arstechnica.com/information-technology/2017/02/one-third-of-personal-attacks-on-wikipedia-come-from-active-editors
“Perhaps surprisingly, approximately 30% of attacks come from registered users with over a 100 contributions.” In other words, a third of all personal attacks come from regular Wikipedia editors who contribute several edits per month. Personal attacks seem to be baked into Wikipedia culture.
The researchers also found that a large percentage of attacks come from a very small number of “highly toxic” Wikipedia contributors. Eighty percent of personal attacks on Wikipedia come from people who rarely make personal attacks. But a whopping 9% of attacks in 2015 came from 34 users who had made 20 or more personal attacks during the year. “Significant progress could be made by moderating a relatively small number of frequent attackers,” the researchers note. This finding bolsters the idea that problems in online communities often come from a small minority of highly vocal users.
les #trolls #agressions_verbale #wikipédia détectés par du #machine_learning