Short Topix: Is Your Router At Risk?

by Paul Arnote (parnote)

Thirty-Five Organizations From Tech, Finance, Energy, and Biotech Join The Linux Foundation and Invest in Open Source Technology

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 32 Silver members and 3 Associate members. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world's largest open collaboration communities.

"Without the support and resources of organizations such as these new members, we would not be able to help open source communities accelerate innovation on such a huge scale," said Jim Zemlin, executive director, The Linux Foundation. "We welcome all our new members and look forward to collaborating with them further."

In addition to joining the Foundation, many of the new members have joined Linux Foundation projects like Automotive Grade Linux, Cloud Native Computing Foundation, LF Deep Learning, EdgeX Foundry, Hyperledger, LF Networking, OpenHPC and Open Mainframe Project. For a full list of members, visit https://www.linuxfoundation.org/membership/members/.

Linux Foundation Silver members are organizations that contribute to or otherwise support open source communities and projects. The new Linux Foundation Silver members who joined in the month of May are:

• Abalta Technologies is a leading provider of technology and infotainment solutions for the global connected car market.
• Airbiquity is a leader in vehicle telematics, geofencing, and connected car systems, with more than 7 million connected vehicles on the road.
• Beike Finance is the leading residential property financial services provider in China.
• BGI Shenzhen Co., known as Beijing Genomics Institute prior to 2008, is one of the world's genome sequencing centers, headquartered in Shenzhen.
• BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.
• Blockdaemon is a Nodes as a Service platform that empowers businesses to simply and efficiently manage blockchain applications.
• CircleCI is a continuous integration and continuous delivery platform that helps teams work smarter, faster.
• DiDi is the world's leading one-stop mobile transportation platform, offering a full range of app-based mobility options for over 450 million users.
• eBaoTech International's mission is "make insurance easy" -- pioneering the 3G insurance tech, or Java based core insurance system, eBaoTech is moving to the 4G insurance technology which is cloud native and microservices based.
• Edgewise Networks is the industry's first Zero Trust platform for hybrid cloud security -- stopping attackers' lateral movements and protecting workloads by allowing only verified applications, users, containers, and hosts to communicate.
• Elastisys provides products and services in the realm of Kubernetes and automation -- enabling intelligent autopiloting for IT operations, increased performance, and availability of applications, all based on world renowned cloud research.
• EPAM Systems provider of digital platform engineering and software development services.
• Evernym, Inc. develops software solutions that leverage distributed ledger technology to provide every individual, organization and connected device with secure and irrevocable identity.
• Experian is a consumer credit reporting agency.
• Integrated Computer Solutions, Inc is a full-service information technology and IT security consulting and professional services firm.
• IOWNIT is a technology-driven investment platform built for investors, entrepreneurs, and their trusted advisors to invest, trade and raise capital in private markets.
• Kakaopay is a mobile payment and digital wallet service by Kakao based in South Korea that allows users make mobile payments and online transactions.
• Kyra Solutions Inc has emerged as one of the leading information technology service providers in the State of Florida.
• Neusoft Corporation provides innovative information technology -- enabled solutions and services to meet the demands arising from social transformation, to shape new life styles for individuals and to create values for the society.
• NuCypher enables seamless and secure sharing of sensitive data between organizations as well as allows enterprises to securely use cloud service providers.
• Octarine delivers total visibility, easy policy management, and strong app security with seamless integration with systems such as Kubernetes, Istio, and Kafka to reduce security threats, obtain compliance, and achieve simple, secure multi/hybrid-cloud.
• Omnitude is a project to revolutionise connectivity between blockchain technologies and enterprise systems.
• Optherium Labs is a global research and development organization building a new standard and synergy of blockchain solutions using an open source, collaborative software development approach.
• Ping An Technology (Shenzhen) Co. Ltd is the technology incubator for Ping An Group, with strong research and development capabilities in cloud, artificial intelligence, and big data technologies -- is headquartered in Shenzhen and has branches in Beijing, Shanghai, Chengdu, and Nanjing.
• Pokitdok is a healthcare API platform that makes it faster and easier for you to bring new healthcare applications and services to market.
• Rocket Software helps companies around the world solve their most challenging business problems by helping them run their critical infrastructure, business processes, and data.
• RTE (Reseau D Transport d'Electricite) is the French electricity transmission system operator responsible for operating, maintaining and developing the high and extra high voltage network.
• Safewrd Ventures OU aims to enable and train companies to use open source and cloud technologies to release new software faster.
• Shenzhen Ultrachain Technologies is a leading blockchain technology solutions provider.
• Sitech Electric Automobile Industrial Co., Ltd. is a supplier of electric mobility products and services.
• Sprint Corporation is a communications company offering a comprehensive range of wireless and wireline communications products and services that are designed to meet the needs of consumers, businesses, government subscribers and resellers.
• Thinkarchitecture AG supports software architects and developers in the critical phases of their projects.

Associate members of The Linux Foundation include of government agencies and not-for-profit organizations that have demonstrated a commitment to building, sustaining, and using open source technologies. The following organizations are new Linux Foundation Associate members:

• Budapest University of Technology & Economics is the most significant University of Technology in Hungary and is considered the world's oldest Institute of Technology which has university rank and structure.
• MIT Connection Science is working to unlock the trapped potential of the digital networks that surround us -- from social media, to civic infrastructure systems, to enterprise databases that house and protect personal information.
• The New Mexico Consortium (NMC) is a non-profit corporation that was created in 2006 by the University of New Mexico (UNM), New Mexico State University (NMSU), and New Mexico Institute of Mining and Technology (NM Tech) in partnership with Los Alamos National Laboratory (LANL) to advance statewide collaboration in science research and promote collaboration.

With the support of its members, The Linux Foundation hosts open source projects across technologies including networking, security, cloud, blockchain, and more. This collaborative development model is helping technology advance at a rapid pace in a way that benefits individuals and organizations around the world. (Source)

Google Becomes Latest Platinum Member of Linux Foundation

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announces Google has become a Platinum member of the foundation. Google's mission from its founding has been to organize the world's information and make it universally accessible and useful. Google was previously a Silver member of The Linux Foundation. Sarah Novotny, the head of open source strategy for Google Cloud Platform, will join The Linux Foundation Board of Directors as Google's representative.

"Google is one of the biggest contributors to and supporters of open source in the world, and we are thrilled that they have decided to increase their involvement in The Linux Foundation," said Jim Zemlin, executive director, The Linux Foundation. "We are honored that Sarah Novotny, one of the leading figures in the open source community, will join our board -- she will be a tremendous asset."

"Open source is an essential part of Google's culture, and we've long recognized the potential of open ecosystems to grow quickly, be more resilient and adaptable in the face of change, and create better software" said Sarah Novotny, head of open source strategy, Google Cloud. "The Linux Foundation is a fixture in the open source community. By working closely with the organization, we can better engage with the community-at-large and continue to build a more inclusive ecosystem where everyone can benefit."

Google has been an active and committed contributor to the open source community for many years, releasing and contributing to more than 10,000 open source projects to date. Some of The Linux Foundation open source communities Google supports include Cloud Foundry, Node.js and the Open API Initiative.

Google was also a founding member of the Cloud Native Computing Foundation (CNCF), having created and open sourced CNCF's popular Kubernetes container orchestration platform. Hundreds of Google employees remain heavily involved in the project today. Additionally, the company is a founding member of the Core Infrastructure Initiative, which takes a proactive approach to securing some of the more important software technologies in the world, and the TODO Group, which collaborates on practices, tools, and other ways to run successful and effective open source projects and programs. Moreover, Google has been a leader in Software Defined Networking and other open source networking projects.

Becoming a Platinum member -- the highest level of membership -- of The Linux Foundation gives Google access to the foundation's extensive knowledge and experience in open source governance, legal and technical topics. As a Platinum member, Google will also receive a seat on The Linux Foundation Board of Directors.

Sarah Novotny, who will represent Google on The Linux Foundation Board of Directors, also participates on the Node.js Foundation board. Novotny leads the open source strategy team for Google Cloud. She has long been an open source community champion in communities such as NGINX and MySQL.

More than 800 organizations are members of The Linux Foundation and the open source projects it hosts. AT&T, Cisco, Fujitsu, Hitachi, Huawei, IBM, Intel, Microsoft, NEC, Oracle, Qualcomm, Tencent, Samsung and VMware are also Platinum members. To learn more about Linux Foundation membership or to join the organization, visit https://www.linuxfoundation.org/membership/. (Source)

Is Your Router At Risk?

Over 500,000 SOHO and home routers are at risk from a sophisticated malware attack by Russian state-sponsored hackers. The malware, which Cisco Talos labs has dubbed "VPNFilter," can steal personal information, redirect web traffic, infect other devices, and even "brick" infected devices to render them useless, as reported on a Tom's Guide article on May 29, 2018.

Most of the affected routers are from ASUS, Netgear, Linksys, D-Link, TP-Link and MicroTik, among others. Netgear and MicroTik routers were affected/attacked especially hard. Minimally, users/owners of affected routers should reboot their routers. But, that isn't a guarantee that the malware is gone. To be sure, users/owners of affected routers should do a hard reset of their routers, back to factory settings, and then set their networks up again from scratch. A list of affected routers can be found on the follow-up article on Tom's Guide, on July 2, 2018.

So, how do you know if your router is among those unlucky enough to be infected with the VPNFilter malware? Fortunately, Symantec (the same people who make Norton Anti-Virus) has come up with a check, of sorts. While not a complete or perfect check for the VPNFilter malware, it checks for the presence of the SSLer plugin, which knocks a HTTPS website down to a less secure HTTP website. Just log into http://www.symantec.com/filtercheck/, click on the "Agree To Terms" checkbox, and click on the green button on the page. The test is quick, and the results are displayed immediately.

I was fortunate -- and relieved -- that my AMPED router was not infected.

I've said it here many times before: your personal data and private information ARE the currency of the 21st Century. It is up to you to do your due diligence to protect it, at all costs. The ramifications are huge for those who don't.

Is Your "Smart TV" Spying On You?

Most "Smart TV's" on the market today use Samba TV, technology that allows marketers to track what you're viewing, so that they may target you with ads that coincide with your interests, and so that they may make content suggestions, according to a recent New York Times article. This technology, along with competing technologies, is known collectively as ACR (automatic content recognition).

There's hardly a TV vendor that doesn't use Samba TV on their smart TVs. The list includes Sony, TCL, Sharp, Magnavox, Toshiba, Sanyo, AOC, and Philips, to name a few. But it doesn't stop there. The software can also tell what other devices are connected to your home wifi network. The collected data is then used to target "more relevant advertising" to you, based on your viewing choices.

When customers setup a new TV, they are prompted to enable Samba Interactive TV, without being informed on exactly how much data is being collected, nor the nature of the information that is being collected. As a result, more than 90% of people blindly opted into the service.

Once enabled, it can track virtually everything that appears on your TV screen, second by second. It reads pixels to identify what shows and ads you are watching, including those on pay services like HBO, and even video games. Samba TV has even offered advertisers the ability to tailor ads based on political leanings (liberal or conservative) based on the information collected about viewing habits.

The details of what people are opting into, of course, are hidden in obscurity. Unless someone takes the time to research the terms and conditions, as well as read the privacy policy, by going online before deciding to enable the feature, users basically have no idea of what they are opting into. Most users, in their zeal to get their fancy, new TV setup and running, most likely just enable the feature and move on.

Do you want to read even more scary information on Samba TV? Well, the folks behind Samba TV have made it extremely easy. Just go here. You should be able to get a fairly good sense of what kinds of information they are tracking -- and just how vulnerable you are.

If you're concerned about your privacy (and who shouldn't/wouldn't be in today's world?), you may be wondering how to turn off ACR. Fortunately, Consumer Reports has an article on how to turn off ACR on several of the "big brand" smart TVs on the market. Even if the manufacturer of your smart TV isn't on this list, it may give you some ideas on where you need to look to be able to turn this feature off. The manufacturers don't necessarily make it easy to disable this feature.

So what if you have a smart TV and can't find the menu to disable ACR? Well, Lifehacker has an article that suggests that you reset your TV settings to the factory settings. When you do that, you will have to setup your TV all over again. But this time through, pay attention to each menu, and skip over anything that might seem suspicious or shady. Others, commenting on the Lifehacker article, recommend that you just turn off your smart TV's network connection. One commenter even had an awesome suggestion to use a Raspberry Pi with Pi Hole to block all ads from your home network.

I do wonder how this situation will play out under the GDPR, since users have to jump through some extraordinary hoops just to find out exactly what they are opting into. In the U.S., the smart TV companies are "regulated" (a loose term, for sure) by the FTC (Federal Trade Commission). The FTC seems to be okay with the obscurity -- both in users being informed about what they are opting into, and in how difficult some manufacturers make it to turn off once enabled. Smart TV companies operate under a whole separate set of rules than broadcasters and cable TV companies, both of whom are regulated by the FCC (Federal Communications Commission). Broadcasters and cable TV companies have much stricter rules about data collection from viewers/users of their services.

Gartner Says Worldwide PC Shipments Grew For the First Time in Six Years During the Second Quarter of 2018

Steady Business Market Demand Drives PC Sales

Worldwide PC shipments totaled 62.1 million units in the second quarter of 2018, a 1.4 percent increase from the second quarter of 2017, according to preliminary results by Gartner, Inc. This is the first quarter of year-over-year global PC shipment growth since the first quarter of 2012.

All regions experienced some growth compared with a year ago. While the results are a positive result for the PC industry, Gartner analysts said this sign of market stability is not enough to declare a PC industry recovery just yet.

"PC shipment growth in the second quarter of 2018 was driven by demand in the business market, which was offset by declining shipments in the consumer segment," said Mikako Kitagawa, principal analyst at Gartner. "In the consumer space, the fundamental market structure, due to changes on PC user behavior, still remains, and continues to impact market growth. Consumers are using their smartphones for even more daily tasks, such as checking social media, calendaring, banking and shopping, which is reducing the need for a consumer PC.

"In the business segment, PC momentum will weaken in two years when the replacement peak for Windows 10 passes. PC vendors should look for ways to maintain growth in the business market as the Windows 10 upgrade cycle tails off."

With the completion of Lenovo's joint venture with Fujitsu, three out of four PCs were shipped by the top five PC vendors in the second quarter of 2018. With the inclusion of Fujitsu's PC shipments due to the joint venture (a formation of Joint Venture with Fujitsu), Lenovo was in a virtual tie with HP Inc. for the top spot in the second quarter of 2018 based on global PC shipments (see Table 1). All of the top five PC vendors experienced an increase in worldwide PC shipments in the quarter.

Table 1

Preliminary Worldwide PC Vendor Unit Shipment Estimates for 2Q18 (Thousands of Units)

Notes: Data includes desk-based PCs, notebook PCs and ultramobile premiums (such as Microsoft Surface), but not Chromebooks or iPads. All data is estimated based on a preliminary study. Final estimates will be subject to change. The statistics are based on shipments selling into channels. Numbers may not add up to totals shown due to rounding.

*Lenovo's results include Fujitsu's units starting in 2Q18 to reflect the joint venture that closed in May 2018.

Source: Gartner (July 2018)

HP Inc. had its third consecutive quarter of year-over-year PC shipment growth. HP Inc. maintained steady growth across all regions, except the U.S. In the other regions, its shipment growth well exceeded the regional averages. Lenovo experienced its highest growth rate since the first quarter of 2015.

While Dell's competitors have shown PC shipment declines periodically in the past two years, Dell's shipments did not decline during this time because of its strong focus on growth areas, especially in the commercial segment, as well as cutting off unprofitable businesses.

In the U.S. PC market, the industry returned to growth after six consecutive quarters of shipment declines. In the second quarter of 2018, U.S. PC shipments totaled 14.5 million units, a 1.7 percent increase from the same period last year (see Table 2). HP Inc. continued to be the market leader in the U.S., but Dell closed the gap, as Dell's U.S. PC shipments increased 7.2 percent.

"In the U.S., business PC demand was particularly strong among the public sector as the second quarter is typically PC buying season among government and education buyers," Ms. Kitagawa said. "Desk-based PC growth was attributed to continued high usage of desk-based PCs in the U.S. public sectors. Mobile PCs grew in the U.S., but strong Chromebook demand in the education market adversely affected PC growth. Overall, Chromebooks grew 8 percent in the U.S., but Chromebooks are not included in the PC market statistics."

You can read the entire press release here.

GitHub Exodus Exaggerated?

When Microsoft bought GitHub, the open source community sounded a bit like Chicken Little proclaiming that the sky was falling. And, you could hardly blame anyone for sounding the alarm, after all the hatred open source projects endured at the hands of Microsoft for years and years and years. The open source community's wary eye towards Microsoft has been well earned by the software giant over the years.

So, it's no wonder that Microsoft's purchase of GitHub sounded off the alarm bells. When the sale of GitHub to Microsoft was announced, many GitHub repository owners started looking for a new "home" to host their endeavors. Most went to GitHub competitor GitLab (which has just moved to Google's cloud, so you decide which is worse).

Granted, the migration from GitHub peaked shortly after the announcement when 20,000 projects per hour were being moved, mostly to GitLab, during a two week period. But after that, things seemed to go back to normal. Currently, there are over 85,000,000 code repositories on GitHub, and only a miniscule number of repositories "jumped ship."

It would appear that most repository owners have decided to take a "wait and see" approach to Microsoft's purchase of GitHub. Plus, moving a repository to another location might confuse users.