Language Selection

English French German Italian Portuguese Spanish


Syndicate content
LinuxInsight - aggregated feeds
Updated: 1 hour 27 min ago

TuxMachines: Security News

Wednesday 28th of September 2016 08:04:38 AM
  • Sloppy programming leads to OpenSSL woes
  • OpenSSL Fixes Critical Bug Introduced by Latest Update

    OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library.

  • The Internet Of Poorly Secured Things Is Fueling Unprecedented, Massive New DDoS Attacks

    Last week, an absolutely mammoth distributed denial of service (DDoS) attack brought down the website of security researcher Brian Krebs. His website, hosted by Akamai pro bono, was pulled offline after it was inundated with 620Gbps of malicious traffic, nearly double the size of the biggest attack Akamai (which tracks such things via their quarterly state of the internet report) has ever recorded. Krebs was ultimately able to get his website back online after Google stepped in to provide DDoS mitigation through its Project Shield service.

  • Trump Offers More Insight On His Cybersecurity Plans: 10-Year-Old Relatives Vs. 400-lb Bedroom Dwellers

    Look, anyone who refers to cybersecurity or cyberwarfare as "the cyber" is probably better off not discussing this. But Donald Trump, in last night's debate, felt compelled to further prove why he's in no position to be offering guidance on technological issues. And anyone who feels compelled to portray hackers as 400-lb bedroom dwellers probably shouldn't be opening their mouth in public at all.

    With this mindset, discussions about what "the Google" and "the Facebook" are doing about trimming back ISIS's social media presence can't be far behind. Trump did note that ISIS is "beating us at our game" when it comes to utilizing social media. Fair enough.

read more

TuxMachines: Servers/Networks

Wednesday 28th of September 2016 08:03:34 AM
  • Docker Doubles Down on Microsoft Windows Server [Ed: recall "DockerCon 2015 Infiltrated by Microsoft"]

    Docker for Windows debuts alongside a new commercial support relationship with Microsoft.
    For the most part, the Docker container phenomenon has been about Linux, with the majority of all deployments on Linux servers. But that could soon be changing as Docker Inc. today is announcing the general availability of Docker Engine on Windows Server 2016, alongside a new commercial support and distribution agreement with Microsoft.

    Docker containers rely on the host operating system for certain isolation and process elements in order to run. On Linux, those elements have always been present as part of the operating system, but the same was not true for Windows, which has required several years of joint engineering effort between Docker Inc. and Microsoft.

  • Hadoop Sandboxes and Trials Spread Out

    We all know that there is a skills gap when it comes to Hadoop in the Big Data market. In fact, Gartner Inc.'s 2015 Hadoop Adoption Study, involving 284 Gartner Research Circle members, found that only 125 respondents who completed the whole survey had already invested in Hadoop or had plans to do so within the next two years. The study found that there are difficulties in implementing Hadoop, including hardship in finding skilled Hadoop professionals.

  • Use models to measure cloud performance

    When I was young, I made three plastic models. One was of a car—a '57 Chevy. Another was of a plane—a Spitfire. And a third was of the Darth Vader TIE Fighter. I was so proud of them. Each one was just like the real thing. The wheels turned on the car, and the plane’s propeller moved when you blew on it. And of course, the TIE Fighter had Darth Vader inside.

    When I went to work on the internet, I had to measure things. As I discussed in my last post, Measure cloud performance like a customer, when you measure on the internet you need to measure in ways that are representative of your customers’ experiences. This affects how you measure in two ways. The first is the perspective you take when measuring, which I talked about last time. The second way is the techniques you use to perform those measurements. And those techniques are, in effect, how you make a model of what you want to know. Those childhood plastic models turn out to offer some solid guidance after all.

  • ODPi Adds Apache Hive to Runtime Specification 2.0

    Today, ODPi announced that the ODPi Runtime Specification 2.0 will add Apache Hive and Hadoop Compatible File System support (HCFS). These components join YARN, MapReduce and HDFS from ODPi Runtime Specification 1.0

    With the addition of Apache Hive to the Runtime specification, I thought it would be a good time to share why we added Apache Hive and how we are strategically expanding the Runtime specification.

  • Ubuntu’s OpenStack on IBM’s Big Iron

    If I were Red Hat I would be looking over my shoulder right now; it appears that Ubuntu might be gaining. In just a few years the Linux distribution has gone from being non-existent in the enterprise to being a powerhouse. This is especially true in the cloud, where it's a dominant force on both sides of the aisle. Not only is it the most deployed operating system on public clouds, its version of OpenStack accounts for over half of OpenStack cloud deployments, used by the likes of Deutsche Telekom, Bloomberg and Time Warner Cable.

read more

TuxMachines: Kubernetes News

Wednesday 28th of September 2016 08:02:31 AM

read more

TuxMachines: Ubuntu 16.10 Final Beta Officially Released with Linux Kernel 4.8, Download Now

Wednesday 28th of September 2016 07:54:26 AM

Delayed six days, the Final Beta release of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system launched today, September 28, 2016, as the final development snapshot in the series.

Today's Final Beta is in fact the first Beta pre-release version of Ubuntu 16.10, and the only development milestone that you'll be able to test if you want to see what's coming to the next major release of Ubuntu Linux. However, we can tell you that it is powered by Linux kernel 4.8, contains up-to-date applications, and still uses the Unity 7 UI.

"The Ubuntu team is pleased to announce the final beta release of Ubuntu 16.10 Desktop, Server, and Cloud products. Codenamed "Yakkety Yak", 16.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," reads the announcement.

read more

LXer: KDE's Kirigami UI Framework for Mobile and Convergent Apps Hits 1.1 Milestone

Wednesday 28th of September 2016 07:50:03 AM
The KDE developers proudly announced the availability of the first point release for their recently introduced Kirigami UI framework to create mobile and convergent applications.

TuxMachines: Parsix GNU/Linux 8.5 "Atticus" to Reach End of Life on September 30, 2016

Wednesday 28th of September 2016 07:47:02 AM

The Parsix GNU/Linux developers announced that the end-of-life status is approaching fast for the Parsix GNU/Linux 8.5 "Atticus" operating system, urging users to upgrade to the latest release immediately.

Dubbed Atticus and based on the Debian GNU/Linux 8.5 "Jessie" operating system, Parsix GNU/Linux 8.5 was unveiled seven months ago, on February 14, 2016. Running the long-term supported Linux 4.1.17 kernel injected with TuxOnIce 3.3 and BFS patches, it was built around the GNOME 3.18 desktop environment with the GNOME Shell 3.18.3 user interface.

The end of life (EOL) will be officially reached on September 30, 2016, which means that users of the Parsix GNU/Linux 8.5 "Atticus" operating system will no longer receive security and software updates. Therefore, they are urged today to upgrade to the latest, most recent version of the Debian-based distribution, Parsix GNU/Linux 8.10 "Erik."

read more

TuxMachines: SteamOS 2.93 Brewmaster Beta Adds New Security Fixes from Debian GNU/Linux 8.6

Wednesday 28th of September 2016 07:41:29 AM

Valve's SteamOS 2 gaming operating system is still getting goodies, and it looks like a new Beta update has been pushed on September 26, 2016, to the brewmaster_beta channel for public beta testers.

That's right, SteamOS 2.93 Brewmaster Beta is here to replace the previous build announced earlier this month, SteamOS 2.91 Brewmaster Beta, and add the latest security fixes and updates from upstream. This means that SteamOS is now officially based on the recently released Debian GNU/Linux 8.6 "Jessie" operating system.

"SteamOS brewmaster update 2.93 pushed to brewmaster_beta. Corrects a build issue where the last kernel updates were not actually included. Also updates from the Debian 8.6 release[] and the usual security fixes," says John Vert, Valve engineer, in the release announcement.

read more

LXer: Free Today: September Issue of Linux Journal

Wednesday 28th of September 2016 05:55:41 AM
For a limited time, the September issue of Linux Journal is free of charge, no strings attached, just click thru to start your download.

Reddit: Adobe Flash Player will live on in Linux

Wednesday 28th of September 2016 05:54:15 AM

Reddit: LuaTeX 1.0.0 release announcement

Wednesday 28th of September 2016 05:13:26 AM

LXer: GNOME 3.22 Supports Flatpak Cross-Linux Distribution Framework

Wednesday 28th of September 2016 04:58:30 AM
GNOME 3.22, the second major update this year to the GNOME desktop environment, debuted Sept. 21—and since then, has made its way into the repositories of Linux distributions

LXer: Latest Firefox Expands Multi-Process Support and Delivers New Features for Desktop and Android

Wednesday 28th of September 2016 04:01:19 AM
With the change of the season, we’ve worked hard to release a new version of Firefox that delivers the best possible experience across desktop and Android.

Reddit: Wanting to switch over to Linux for everyday use. What setup should i use

Wednesday 28th of September 2016 03:42:24 AM

I have a laptop with a 2.14 GHz Pentium x86_64 (2012ish model) Quad Core processor with 4 GB RAM and a Desktop AMD Atholon 64 2.2 GHz Quad Core with 3 GB RAM (Got it for $7 at a thrift shop). The laptop has windows 10 and Ubuntu (which freezer randomly) and the Desktop has Fedora, Mint, Win 7 and Win Vista. I want a version of Linux that's easy to use and customizable. Is mint with Xfde my best bet? Or maybe arch

submitted by /u/weswes887
[link] [comments]

LXer: An Introduction to GNOME Boxes (virtualization) on Linux

Wednesday 28th of September 2016 03:04:08 AM
GNOME Boxes is a system virtualization application that is a core part of the GNOME desktop environment. Based on the QEMU machine emulator, it offers a simplified and user-friendly approach to the whole OS virtualization idea. This post is just an introduction to its capabilities and a statement that it finally works in other distributions besides Fedora.

Reddit: What's New in Elementary OS 0.4 Loki

Wednesday 28th of September 2016 02:50:36 AM

Reddit: Linux laptop suggestions?

Wednesday 28th of September 2016 02:38:10 AM

I am looking for a laptop with the following specs: - i7 6560U or 6700HQ - 16 gb RAM - 256 pcie ssd - Intel Iris Graphics (540?)

I'd love to get one for < 1000, but that is probably not doable. So feel free to give any suggestions!

submitted by /u/bionerd2
[link] [comments]

LXer: Fusion 3, the next generation game engine and editor from Clickteam will support Linux

Wednesday 28th of September 2016 02:06:57 AM
Clickteam are the company behind some really cool tools like Fusion, previously called Multimedia Fusion. They did an AMA today where a developer noted their Fusion 3 editor is running on Linux and other platforms.

Reddit: When making a bootable USB stick why do you have to select "persistence"? Why can't it just use the whole drive?

Wednesday 28th of September 2016 02:02:43 AM

Over the years I've used Linux off of a thumb drive many times. Whenever I make on I get asked how much memory to devote to "persistence". Why can't I just install Linux onto the thumb drive like it was an SSD and have the entire drive available to use instead of just 4 GB?

submitted by /u/SeriousGoofball
[link] [comments]

More in Tux Machines

Linux 4.8.4

I'm announcing the release of the 4.8.4 kernel. And yeah, sorry about the quicker releases, I'll be away tomorrow and as they seem to have passed all of the normal testing, I figured it would be better to get them out earlier instead of later. And I like releasing stuff on this date every year... All users of the 4.8 kernel series must upgrade. The updated 4.8.y git tree can be found at: git:// linux-4.8.y and can be browsed at the normal git web browser: Read more Also: Linux 4.7.10 Linux 4.4.27

New Releases: Budgie, Solus, SalentOS, and Slackel

  • Open-Source Budgie Desktop Sees New Release
    The pet parakeet of the Linux world, Budgie has a new release available for download. in this post we lookout what's new and tell you how you can get it.
  • Solus Linux Making Performance Gains With Its BLAS Configuration
    - Those making use of the promising Solus Linux distribution will soon find their BLAS-based workloads are faster. Solus developer Peter O'Connor tweeted this week that he's found some issues with the BLAS linking on the distribution and he's made fixes for Solus. He also mentioned that he uncovered these BLAS issues by using our Phoronix Test Suite benchmarking software.
  • SalentOS “Luppìu” 1.0 released!
    With great pleasure the team announces the release of SalentOS “Luppìu” 1.0.
  • Slackel "Live kde" 4.14.21
    This release is available in both 32-bit and 64-bit architectures, while the 64-bit iso supports booting on UEFI systems. The 64-bit iso images support booting on UEFI systems. The 32-bit iso images support both i686 PAE SMP and i486, non-PAE capable systems. Iso images are isohybrid.

Security News

  • Free tool protects PCs from master boot record attacks [Ed: UEFI has repeatedly been found to be both a detriment to security and enabler of Microsoft lock-in]
    Cisco's Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub. The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems. Since the MBR code is executed before the OS itself, it can be abused by malware programs to increase their persistence and gain a head start before antivirus programs. Malware programs that infect the MBR to hide from antivirus programs have historically been known as bootkits -- boot-level rootkits. Microsoft attempted to solve the bootkit problem by implementing cryptographic verification of the bootloader in Windows 8 and later. This feature is known as Secure Boot and is based on the Unified Extensible Firmware Interface (UEFI) -- the modern BIOS.
  • DDOS Attack On Internet Infrastructure
    I hope somebody's paying attention. There's been another big DDOS attack, this time against the infrastructure of the Internet. It began at 7:10 a.m. EDT today against Dyn, a major DNS host, and was brought under control at 9:36 a.m. According to Gizmodo, which was the first to report the story, at least 40 sites were made unreachable to users on the US East Coast. Many of the sites affected are among the most trafficed on the web, and included CNN, Twitter, PayPal, Pinterest and Reddit to name a few. The developer community was also touched, as GitHub was also made unreachable. This event comes on the heels of a record breaking 620 Gbps DDOS attack about a month ago that brought down security expert Brian Krebs' website, KrebsonSecurity. In that attack, Krebs determined the attack had been launched by botnets that primarily utilized compromised IoT devices, and was seen by some as ushering in a new era of Internet security woes.
  • This Is Why Half the Internet Shut Down Today [Update: It’s Getting Worse]
    Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.
  • Major DNS provider Dyn hit with DDoS attack
    Attacks against DNS provider Dyn continued into Friday afternoon. Shortly before noon, the company said it began "monitoring and mitigating a DDoS attack" against its Dyn Managed DNS infrastructure. The attack may also have impacted Managed DNS advanced service "with possible delays in monitoring."
  • What We Know About Friday’s Massive East Coast Internet Outage
    Friday morning is prime time for some casual news reading, tweeting, and general Internet browsing, but you may have had some trouble accessing your usual sites and services this morning and throughout the day, from Spotify and Reddit to the New York Times and even good ol’ For that, you can thank a distributed denial of service attack (DDoS) that took down a big chunk of the Internet for most of the Eastern seaboard. This morning’s attack started around 7 am ET and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. Dyn reported a third wave of attacks a little after 4 pm ET. In all cases, traffic to Dyn’s Internet directory servers throughout the US—primarily on the East Coast but later on the opposite end of the country as well—was stopped by a flood of malicious requests from tens of millions of IP addresses disrupting the system. Late in the day, Dyn described the events as a “very sophisticated and complex attack.” Still ongoing, the situation is a definite reminder of the fragility of the web, and the power of the forces that aim to disrupt it.
  • Either IoT will be secure or the internet will be crippled forever
    First things first a disclaimer. I neither like nor trust the National Security Agency (NSA). I believe them to be mainly engaged in economic spying for the corporate American empire. Glenn Greenwald has clearly proven that in his book No Place to Hide. At the NSA, profit and power come first and I have no fucking clue as to how high they prioritize national security. Having said that, the NSA should hack the Internet of (insecure) Things (IoT) to death. I know Homeland Security and the FBI are investigating where the DDoS of doomsday proportions is coming from and the commentariat is already screaming RUSSIA! But it is really no secret what is enabling this clusterfuck. It’s the Mirai botnet. If you buy a “smart camera” from the Chinese company Hangzhou XiongMai Technologies and do not change the default password, it will be part of a botnet five minutes after you connect it to the internet. We were promised a future where we would have flying cars but we’re living in a future where camera’s, light-bulbs, doorbells and fridges can get you in serious trouble because your home appliances are breaking the law.
  • IoT at the Network Edge
    Fog computing, also known as fog networking, is a decentralized computing infrastructure. Computing resources and application services are distributed in logical, efficient places at any points along the connection from the data source (endpoint) to the cloud. The concept is to process data locally and then use the network for communicating with other resources for further processing and analysis. Data could be sent to a data center or a cloud service. A worthwhile reference published by Cisco is the white paper, "Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are."
  • Canonical now offers live kernel patching for Ubuntu 16.04 LTS users
    Canonical has announced its ‘Livepatch Service’ which any user can enable on their current installations to eliminate the need for rebooting their machine after installing an update for the Linux kernel. With the release of Linux 4.0, users have been able to update their kernel packages without rebooting, however, Ubuntu will be the first distribution to offer this feature for free.
  • ​The Dirty Cow Linux bug: A silly name for a serious problem
    Dirty Cow is a silly name, but it's a serious Linux kernel problem. According to the Red Hat bug report, "a race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
  • Ancient Privilege Escalation Bug Haunts Linux
  • October 21, 2016 Is Dirty COW a serious concern for Linux?
  • There is a Dirty Cow in Linux
  • Red Hat Discovers Dirty COW Archaic Linux Kernel Flaw Exploited In The Wild
  • Linux kernel bug being exploited in the wild
  • Update Linux now: Critical privilege escalation security flaw gives hackers full root access
  • Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know
  • 'Most serious' Linux privilege-escalation bug ever discovered
  • New 'Dirty Cow' vulnerability threatens Linux systems
  • Serious Dirty Cow Linux Vulnerability Under Attack
  • Easy-to-exploit rooting flaw puts Linux PCs at risk
  • Linux just patched a vulnerability it's had for 9 years
  • Dirty COW Linux vulnerability has existed for nine years
  • 'Dirty Cow' Linux Vulnerability Found
  • 'Dirty Cow' Linux Vulnerability Found After Nine Years
  • FakeFile Trojan Opens Backdoors on Linux Computers, Except openSUSE
    Malware authors are taking aim at Linux computers, more precisely desktops and not servers, with a new trojan named FakeFile, currently distributed in live attacks. Russian antivirus vendor Dr.Web discovered this new trojan in October. The company's malware analysts say the trojan is spread in the form of an archived PDF, Microsoft Office, or OpenOffice file.

today's howtos