News and announcements

CHICKEN 4.8.0.6 released

Written for chicken by Peter Bex on 2014-04-24

Chicken 4.8.0.6 is now available for download:

http://code.call-cc.org/releases/4.8.0/chicken-4.8.0.6.tar.gz

This release fixes several bugs, including one which could result in
a runtime panic.

Read more

Ah Cacao Real Chocolate

Written for ahcacao by Abraham Alejandro Izquierdo on 2014-04-23

Ah Cacao

Release of v1.9.2 "Xenophon"

Written for KaliVeda by John Frankland on 2014-04-23

updates & bugfixes

Read more

B-icons

Written for b-icons by Burhani Linux on 2014-04-21

Latest Icons from Burhani Linux

Security alert: Dmedia vulnerable to Heartbleed

Written for Dmedia by Jason Gerard DeRose on 2014-04-19

Dmedia (and therefor Novacut) are affected by the Heartbleed[1] bug in the
OpenSSL[2] library. This bug is very serious as it allows an attacker to
capture the private keys Dmedia uses, which then allows an attacker to steal
both your Dmedia library metadata and the files it contains.

Please see USN-2165-1 for details about the OpenSSL fix in Ubuntu:

    http://www.ubuntu.com/usn/usn-2165-1/

What you need to do
===================

To correct this problem, first make sure your packages are up-to-date:

    sudo apt-get update
    sudo apt-get dist-upgrade

Then you'll need to force Dmedia to generate new user and machine certificates:

    rm ~/.local/share/dmedia/user-1.json
    rm ~/.local/share/dmedia/machine-1.json
    restart dmedia

You should do this on all your computers running Dmedia before peering them
again.

The next time you open Dmedia or Novacut, you'll be presented with the Dmedia
new-account screen[3].

On your first computer, click "New Account". On any additional computers, click
"Connect to Devices" and then accept the peering offer on the first computer.

More details
============

It's easy for an attacker on the local network to use the Heartbleed bug to
attack Dmedia on systems running a vulnerable version of OpenSSL. This includes
when you're using, for example, a public WiFi network at a coffee shop. This is
true even when you only have a single Dmedia device on a given network.

In practice it's probably very difficult for a remote attacker to exploit
Heartbleed in Dmedia from across the Internet. Most home routers use NAT to
prevent direct access to your computers from across Internet. Also, each time
Dmedia starts, it runs on a different, random port. Dmedia uses Avahi[4] to
advertise this random port to other Dmedia devices on the local network. Dmedia
does *not* advertise this random port to any outside servers. That said, remote
attacks could sill be possible if, for example, your router was compromised.

As Dmedia is not yet widely used, it's probably not yet a common attack target.
However, to play it safe, please follow the above procedure to generate new
Dmedia SSL certificates.

[1] Heartbleed: http://heartbleed.com/
[2] OpenSSL: https://www.openssl.org/
[3] Peering screen: http://cdn.novacut.com/Dmedia-12.10-1.png
[4] Avahi: http://avahi.org/

15 of 11686 results