2013年5月24日 星期五

Open Source Workshop #14 (2013/6/1)

開源工作坊 #14 (2013年6月)
日期: 2013 年 6 月 1 日 (六)
時間: 下午 2:30-5:45 (最早可在 2pm 到場)
地點: 香港城市大學一號教學樓 5/F Y5-303 課室
請到 http://registrano.com/events/01332d 登記

議程:
* Open Source News & Updates by sammyfung and haggen.
* Introduction of Mozilla Webmaker and Firefox OS by sammyfung.
* Kernel-based Virtual Machine (KVM) talk by wanleung.
* Open discussion and hacking session.

語言: 廣東話
(除了英語講者以英語演講外)

人數: 40.

主辦:
* Hong Kong Linux User Group.
* Mozilla Hong Kong Community.
* Open Source Hong Kong.

(English)
Next workshop will be hosted on June 1st at CityU.
Open Source Workshop #14 (June 2013)
Date: 1 June 2013 (Saturday)
Time: 2:30-5:45pm (door open at 2pm)
Venue: Classroom Y5-303, 5/F Academic 1, City University of Hong Kong, Tat Chee Road, Kowloon Tong.
Please RSVP at http://registrano.com/events/01332d

Agenda:
* Open Source News & Updates by sammyfung and haggen.
* Introduction of Mozilla Webmaker and Firefox OS by sammyfung.
* Kernel-based Virtual Machine (KVM) talk by wanleung.
* Open discussion and hacking session.

Language: Cantonese
(except English for English speakers if any)

Capacity: 40.

Organizers:
* Hong Kong Linux User Group.
* Mozilla Hong Kong Community.
* Open Source Hong Kong.





--
Yours Sincerely,
Sammy Fung
Community Manager
Open Source Hong Kong
http://opensource.hk

2013年5月17日 星期五

Skype with care – Microsoft is reading everything you write

www.h-online.com

Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:
65.52.100.214 - - [30/Apr/2013:19:28:32 +0200]
"HEAD /.../login.html?user=tbtest&password=geheim HTTP/1.1"
 
They too had received visits to each of the HTTPS URLs transmitted
over Skype from an IP address registered to Microsoft in Redmond. URLs
pointing to encrypted web pages frequently contain unique session data
or other confidential information. HTTP URLs, by contrast, were not
accessed. In visiting these pages, Microsoft made use of both the login
information and the specially created URL for a private cloud-based
file-sharing service.
In response to an enquiry from heise Security, Skype referred them to a passage from its data protection policy:
"Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links."
A spokesman for the company confirmed that it scans messages to filter out spam and phishing websites. This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.
Back in January, civil rights groups sent an open letter to Microsoft questioning the security of Skype communication since the takeover. The groups behind the letter, which included the Electronic Frontier Foundation and Reporters without Borders expressed concern that the restructuring resulting from the takeover meant that Skype would have to comply with US laws on eavesdropping and would therefore have to permit government agencies and secret services to access Skype communications.
In summary, The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.
 

2013年5月12日 星期日

International Space Station to boldly go with Linux over Windows

www.telegraph.co.uk

Computers aboard the International Space Station are to be switched from Windows XP to the Linux operating system in an attempt to improve stability and reliability. 

Dozens of laptops on the ISS's 'opsLAN' network - which provides the ship's crew with vital capabilities for day-to-day operations, from telling the astronauts where they are to interfacing with onboard cameras - will be switched, removing Windows entirely from the ISS.
“We migrated key functions from Windows to Linux because we needed an operating system that was stable and reliable – one that would give us in-house control. So if we needed to patch, adjust or adapt, we could," said Keith Chuvala of the United Space Alliance, which runs opsLAN for NASA.
Astronauts using the system were trained on specific courses tailored by the non-profit Linux Foundation.
Linux is already used to run various systems aboard the ISS, including the world's first 'Robonaut', sent to the Space Station in 2011. 'R2' can be manipulated by astronauts as well as ground controllers and is designed to carry out tasks "too dangerous or mundane" for astronauts in microgravity, according to the Linux Foundation.
Tailored versions of Linux are widely used in scientific projects, including CERN’s Large Hadron Collider.

“Linux Foundation had it all, and provided the trainer on-site at our headquarters, which was a huge plus,” said Chuvala. “On top of that, the cost was very good, so it was overall a great value.”
The ISS computers were previously infected by a virus while running Windows. In 2008 the W32.Gammima.AG worm was found aboard, having reportedly been carried on a Russian astronaut's laptop. The Windows-based worm was classed as low risk by anti-virus software manufacturer Symantec.
Reports from Russian officials today reveal that the ISS is suffering a "very serious" ammonia leak that may require astronauts to perform an emergency spacewalk