Eddie Harari reported that the OpenSSH SSH daemon allows user
enumeration through timing differences when trying to authenticate
users. When sshd tries to authenticate a non-existing user, it will pick
up a fixed fake password structure with a hash based on the Blowfish
algorithm. If real users passwords are hashed using SHA256/SHA512, then
a remote attacker can take advantage of this flaw by sending large
passwords, receiving shorter response times from the server for
Steve Kondik, founder of CyanogenMod (the community ROM) and Cyanogen Inc. (the company):
CyanogenMod is something that works. Perhaps it doesn't need to "go big" to work. I'm still wildly inspired by the idea of a platform which forces participation. Whether it's the choice to hack your phone to bits and figure out how to install the damn thing to begin with, learning what's possible afterwards, or just having the confidence of being in control, it still serves an important role which hasn't been filled outside of the custom ROM community. Cyanogen Inc (including myself) will still be sponsoring the project and will continue to have an active role in it's development. Contrary to popular belief, we are not "pivoting to apps" nor are we shelving CM. We'll have additional information on the Inc site soon.
Good news for CyanogenMod (the ROM), but communications in the vein of "the company is not going down, honest!" usually precede the company going down.
The final build of the Windows 10 Anniversary Update is build 14393. The update, which provides a range of new features and improvements, represents Microsoft's last big push to get Windows 7 and 8.1 users to upgrade to Windows 10.
The update is available right now to those who have opted in to the Windows Insider program, and it will be pushed out to Windows 10 users on the current branch on August 2. The free upgrade offer from Windows 7 and 8.1 to Windows 10, however, ends on July 29, leaving Microsoft hoping that the promise of the new update will be enough to get people to make the switch.
Correct me if I'm wrong, but I doubt many Windows 7/8 users here who haven't upgraded yet will be wooed by this new update.
If you're still running Windows XP, you're irresponsible and you should update to 7/8/10 or Linux immediately.
As another installment in a somewhat ongoing series on obscure console history, let's talk about the expansion port on the Nintendo Entertainment System or NES. In case you've never turned over your NES: there's a little door underneath your NES, which covers up a small raised piece of plastic that's (relatively) easily removable. Underneath the raised piece of plastic sits an expansion port on the NES' motherboard. That's my NES, and since I've already taken it apart to look at what's under the raised cover, I had no need to remove it.
Common wisdom is that the NES expansion port was never actually used for anything, but that's not actually true. Modeled after the Family Computer Network System for the Japanese version of the NES (the Famicom), through which the NES could display weather, stock information, partake in gambling, and so on, the Minnesota State Lottery and Nintendo tried to bring a similar device to the United States:
The three parties planned to sign up 10,000 homes for the trial, and while Nintendo handed out free modems, in an even sweeter deal, Minnesota also handed out free NES consoles to those involved who didn't already have one.
For a monthly subscription fee of $10 (remember, that's 1991 money), users would also get a special cartridge for the NES that let them access the lottery, after which they could play every game that month, right up to and including the big jackpots.
The program ultimately flopped and never made it to the official production or availability stages, and since Nintendo never tried to do anything with the expansion port after this initial test, it would remain unused for the entirety of the NES' lifespan. Today, though, you can buy a homebrew expansion board that taps into the port.
I've been reading up a lot on these kinds of stories, so if you have anything interesting - feel free to submit it. Since I grew up with Nintendo (and PC), that's where the focus has been so far, so I'd be quite interested in stories about competing companies such as Sega or Atari.
Chris Buechler has announced the release of pfSense 2.3.2, a new stable version in the 2.3 branch of the project's FreeBSD-based operating system for firewalls and routers: "We are happy to announce the release of pfSense software version 2.3.2. This is a maintenance release in the 2.3.x series,....
The development of the upcoming major version of FreeBSD, whose final release is scheduled for early September, continues at a fast pace. Although delayed by a week, the 11.0-BETA2 build was finally announced yesterday: "The second BETA build of the 11.0-RELEASE release cycle is now available. A summary....
This week in DistroWatch Weekly: Review: The saga continues with Slackware 14.2 News: OpenBSD disables usermount, KaOS releases significant updates, Fedora 22 reaches end of life Distribution Review: Point Linux 3.2 Torrent corner: Bluestar Linux, Korora Released last week: Ubuntu 16.04.1, Korora 24 Opinion poll: What was your....