Language Selection

English French German Italian Portuguese Spanish

FreshMeat

Syndicate content
Updated: 2 years 36 weeks ago

CorneliOS 4.6r2

Monday 2nd of June 2014 07:38:33 PM
CorneliOS is an easy-to-use and cross-browser "Web Desktop Environment", "Web Operating System", or "Web Office" that comes with a set of cool applications. It includes a Content Management System (CMS) so that you can easily set up and manage your own website as well as a Database Management System that allows you to rapidly build any kind of database application.

Release Notes: This version offers a large number of CIOS ILS API enhancements, a CIOS Community Layer now supporting the CIOS ILS API (the old library code has been removed), a completely new CIOS Community Homepage API, CIOS Publisher API security enhancements, CIOS Edu API cowriter UI enhancements (featuring textarea auto-resize), a CIOS Edu API work manager now allowing to edit multiple users per item, as well as a CIOS Edu API cowriter trash file display bugfix.

Tags: Internet, Information Management

Licenses: GPL

Son of Grid Engine 8.1.7

Monday 2nd of June 2014 07:35:48 PM
Son of Grid Engine is a highly-scalable and versatile distributed resource manager for scheduling batch or interactive jobs on clusters or desktop farms. It is a community project to continue Sun's Grid Engine. It is competitive against proprietary systems and provides better scheduling features and scalability than other free DRMs like Torque, SLURM, Condor, and Lava.

Release Notes: Bugfixes and minor enhancements.

Release Tags: Stable, Minor

Tags: Scientific/Engineering, Clustering/Distributed Networks, High Performance Computing, Parallel Computing

Licenses: SISSL

Thinknowlogy 2014r1 (Deeper Thought)

Monday 2nd of June 2014 06:51:57 PM
Thinknowlogy is grammar-based software, designed to utilize the Natural Laws of Intelligence in grammar, in order to create intelligence through natural language in software. This is demonstrated by programming in natural language, reasoning in natural language and drawing conclusions (more advanced than scientific solutions), making assumptions (with self-adjusting level of uncertainty), asking questions (about gaps in the knowledge), and detecting conflicts in the knowledge. It builds semantics autonomously (with no vocabularies or words lists), detecting some cases of semantic ambiguity. It is multi-grammar, proving that Natural Laws of Intelligence are universal.

Release Notes: This release has improved reasoning and adds Spanish in early beta.

Release Tags: Major

Tags: Artificial Intelligence, Computional Linguistics, Natural Language Processing, Scientific/Engineering, Knowledge Representation, Scientific Computing, Science, Scientific software, language learning, language modeling, ambient intelligence, Machine Translation, machine learning, Language Detection, Linguistics

Licenses: GPLv2

GCompris / I Got IT 14.05

Monday 2nd of June 2014 06:06:01 PM
GCompris is an educational software suite with numerous activities for children aged 2 to 10. Some of the activities are game-orientated, but nonetheless still educational. These include computer discovery (keyboard, mouse, different mouse gestures), algebra (table memory, enumeration, double entry table, mirror image), science (the canal lock, the water cycle, the submarine, electric simulation), geography (place the country on the map), games (chess, memory, connect 4, oware, sudoku), reading practice, and others (learn to tell time, puzzles of famous paintings, vector drawing, cartoon making, etc.). It currently offers in excess of 100 activities, and more are being developed.

Release Notes: Known symbol fonts are now excluded from the font selector. The Python path separator is now ';' on Windows, which has made it possible to install GCompris on disk drives other than C:. Missing timer images (the balloon) were added in the multiplication table activity. The Russian, Greek, French, and Norwegian Bokmål translations were updated.

Release Tags: Stable

Tags: education, Games/Entertainment, Desktop Environment, GNOME, Puzzle Games

Licenses: GPL

Stendhal 1.14

Monday 2nd of June 2014 05:41:24 PM
Stendhal is a multiplayer online adventure game (MMORPG) developed using the Arianne game development system. It features a rich and expanding world in which you can explore towns, buildings, plains, caves, and dungeons. You will meet NPCs and acquire tasks and quests for valuable experience and cold hard cash. Your character will develop and grow, and with each new level up become stronger and better. With the money you acquire, you can buy new items and improve your armour and weapons. You can also roam the world in search of evil monsters (and kill them).

Release Notes: This release improves access to information about the game world, most notably: quests, achievements, items, creatures, regions, and dungeons. Guides about the world and for new players are included, too. Further, this release encourages players to seek out into the huge world instead of spending all day training their fighting skills at home. Last but not least a new park was built in Fado city. It's a nice place to relax after a busy day.

Tags: Communications, Chat, Games/Entertainment, Role-Playing

Licenses: GPL

check raid 0.68

Monday 2nd of June 2014 03:21:11 PM
check raid is a script that uses OEM tools to check the status of RAID arrays. It can be used standalone or with snmpd. It currently works with Adaptec (arcconf), 3ware (tw_cli), zfs (zpool), and md (mdadm).

Release Notes: This release adds S.M.A.R.T. and failed stripe checks for Adaptec controllers. It has color-highlighted critical and warning states in verbose mode, and returns a more verbose status to Nagios/Icinga.

Tags: Monitoring, System Administration, Utilities, Hardware

Licenses: LGPL

OpenMW 0.30.0

Monday 2nd of June 2014 03:13:56 PM
OpenMW is an attempt to reimplement the popular role playing game Morrowind. It aims to be a fully playable implementation of the game that will run on Linux, Windows, and Mac OS X. No game data is distributed with the code; the user must already own a copy of Morrowind to use the software.

Release Notes: This release includes ranged combat and crime & punishment. Other new features include terrain threading, many fixes and improvements to save/load, and a large list of bugfixes.

Tags: Games/Entertainment, Role-Playing

Licenses: GPLv3

Embedthis Appweb 4.6.0

Monday 2nd of June 2014 02:17:53 PM
Embedthis Appweb is a fast, little embedded Web server. It is unmatched in efficiency and serves pages at native speed, using an event-driven, non-blocking core to serve multiple requests using minimal resources. It has integrated caching and the ESP "C" Web framework. Without compromising performance, it has extensive security controls and a rigorous security sandbox that helps protect the server and mitigate denial-of-service attacks. It is one of the most widely deployed embedded Web servers and is used in networking equipment, telephony, mobile devices, industrial control, and consumer and office equipment, and in high-performance Web services.

Release Notes: This is a major release, switching to use MakeMe for building and Pak for extensions. The package.json format has been enhanced to support the ESP C Web framework.

Tags: Software Development, Embedded Systems, Internet, Web, Libraries, HTTP Servers

Licenses: GPL

JAXX 2.8.6

Monday 2nd of June 2014 01:23:54 PM
JAXX is a system that allows you to describe Swing user interfaces in XML and then generate them. It includes support for common user interface elements such as navigation trees.

Release Notes: This version allows the component resizer to resize only horizontally or vertically, fixes a bug on option call back, and throws an exception when it can't read a SwingSession.

Release Tags: Minor feature enhancements, Bugfixes

Tags: Software Development, User Interfaces, Code Generators

Licenses: LGPL

ocserv 0.8.0

Monday 2nd of June 2014 01:21:32 PM
OpenConnect server (ocserv) is an SSL VPN GNU/Linux server. Its purpose is to be a secure, small, fast, and configurable VPN server which depends on standard protocols like TLS 1.2 and Datagram TLS. It implements the AnyConnect SSL VPN protocol and is compatible with the OpenConnect VPN client (compatibility with other Anyconnect SSL VPN clients is experimental).

Release Notes: Several new features, such as support for multiple groups per user, and new configuration options. The server was refactored to contain the complete authentication process in the security module.

Tags: VPN, SSL, TLS

Licenses: GPL v3 or later

webon 2.80_jp

Monday 2nd of June 2014 12:51:04 PM
webon is a Web content management system. It provides an access log to check who has visited your site. It has a counter that lets anybody know the number of people who have visited your site.

Release Notes: This release adds a regex validator to InputFilter.

Licenses: GPL, BSD Revised

SmartGit/Hg 6.0.1

Monday 2nd of June 2014 12:02:32 PM
SmartGit/Hg is a graphical user interface for Git and Mercurial which can work with SVN repositories. It supports cloning from common repository providers (e.g., GitHub, Assembla), assists Git newbies, and also offers the advanced, powerful Git features. It provides several tools to help create clean commits, for example by allowing the user to commit just parts of changes files and reordering and squashing unpushed commits. If you are using GitHub or GitHub Enterprise, SmartGit/Hg can work easily with pull requests (creation, resolving) and commit comments. SmartGit/Hg ships with a built-in SSH client, file comparer, and merge tool which are capable of syntax coloring for many languages.

Release Notes: This build fixes a couple of smaller bugs.

Tags: Software Development, Version Control, git client, hg client, mercurial client, svn client, subversion client

Licenses: Proprietary, Free for non-commercial use

Hashrat 1.0

Monday 2nd of June 2014 09:32:45 AM
Hashrat is a hash-generation utility that supports the MD5, SHA1, SHA256, SHA512, Whirlpool, JH-224, JH-256, JH-384, and JH-512 hash functions, and also the HMAC versions of those functions. It can output in 'traditional' format (same as md5sum and shasum and the like), or its own format. Hashes can be output in octal, decimal, hexadecimal, uppercase hexadecimal, or base64. It supports directory recursion, hashing entire devices, and generating a hash for an entire directory. It has a 'CGI' mode that can be used as a Web page to lookup hashes.

Release Notes: This is the initial release.

Licenses: GPLv3

Check_MK 1.2.4p3

Monday 2nd of June 2014 08:24:17 AM
Check_MK is a complex addon for Nagios/Icinga and consists of three subprojects. The check and inventory system Check_MK is a general purpose Nagios plugin for retrieving data. It adopts a new approach for collecting data and obsoletes NRPE, check_by_ssh, NSClient, and check_snmp. It features a significant reduction of CPU use on the Nagios host and automatic inventory of items to be checked, and is especially useful with larger Nagios installations. "MK Livestatus" gives immediate and fast access to live and historic Nagios status data. It's a supported backend for many addons including NagVis, NagiosBP, and Thruk. "Check_MK Multisite" is a feature complete replacement for the Nagios GUI, and uses MK Livestatus as a backend. It is very fast, and supports efficient distributed monitoring.

Release Notes: This patch release fixes several minor bugs and encoding related problems in Multisite and the reporting module. It comes with a bunch of minor fixes for different Check_MK checks.

Release Tags: Stable Release, Bug fixes, Stability

Tags: Nagios, Monitoring, Linux, nsclient, nrpe, snmp

Licenses: GPLv2

MyJgui 0.7.4.7

Monday 2nd of June 2014 07:57:29 AM
MyJgui is a GUI (graphical user interface) for MySQL. It aims to be easy to use for new users as well as experts. You can store multiple connections that can be used simultaneously. Stored passwords are encrypted using symmetric encryption. Underlying databases and tables are displayed in a tree structure with the connections being the first level nodes. MyJgui is capable of easy data manipulation through a grid. It has a unique feature of bookmarking parametrical queries (sqlmarks). The documentation (user guide) is quite comprehensive and kept up-to-date.

Release Notes: An initial version of intelligent SQL query completion was added. A popup is shown when pressing CTRL+SPACE. For now, possible values contains a list of standard SQL keywords, which are stored in configs/is/sqlkeywords. Bugs in the dialogs for managing SQLmarks and in checking connection alias duplicates were fixed. The password storing feature was temporary disabled and will be reworked soon.

Release Tags: Major feature enhancements, Minor bugfixes

Tags: Database, Front-Ends

EUGene 2.9

Monday 2nd of June 2014 07:53:27 AM
EUGene allows you to manipulate and generate models. It can read UML class models in XMI independent from modeling, generate templates, transform models, and integrate in project building. It features independence in developer code and generated code. EUGene is independent from development tools. EUGene is easy to use and to put into place.

Release Notes: This version adds a failIfUnsafe flag on generate mojo, changes the stereotypes collection to set, allows you to load multiple stereotypes from the model properties file, improves the Stereotype and TagValue API, and reviews the outputProperties state in Transformer. It also fixes a bug with template properties not being available in Generator. With this version, files that are not generated are only shown in verbose mode.

Release Tags: Feature Enhancement, Bug Fix

Tags: Software Development, Code Generators, Adaptive Technologies

Licenses: LGPL

ToPIA 3.0-beta-4

Monday 2nd of June 2014 07:49:30 AM
ToPIA (short for Tools for Portable and Independent Architecture) is a technical platform abstraction framework. It consists of a persistence module and services for migration, replication, and security.

Release Notes: This version adds method with index when using stereotype <<indexed>> on entity collection, improves tagValue useEnumerationName, improves tagValue to change hibernate mapping type for attributes, reviews topia services management and configuration, introduces services to integrate with flyway and liquibase database migration frameworks, generates more methods on ordered (but not unique) entity attributes, adds a containsXXX method for entities, and adds methods on HqlAndParametersBuilder (addLowerThan, addLowerOrEquals, addGreater, addGreaterOrEquals). It also fixes bugs.

Release Tags: feature improvements, Bugfixes

Tags: Software Development, Persistence, Security, migration, replication

Licenses: LGPL

XOWA 1.6.1

Monday 2nd of June 2014 04:41:36 AM
XOWA is a desktop application that can read and edit English Wikipedia offline. It displays articles in an HTML browser, and can download images on demand. It can also be used for Wiktionary, Wikisource, Wikiquote, and the non-English counterparts.

Release Notes: This release includes JTidy as the default tidy engine, customizable keyboard shortcuts, support for Special:PrefixIndex, digit translation for Arabic languages, images for German (update) and Persian (new) wikis, as well as other minor changes.

Release Tags: Major

Tags: Wikipedia, Java

Licenses: AGPLv3

OfficeFloor 2.15.0

Monday 2nd of June 2014 02:17:02 AM
OfficeFloor provides true inversion of control for building simple static to complex real-time Web applications that are "build once, run anywhere" - even with cloud computing. It allows you to wire together a working prototype in minutes, extend the prototype to a working Web site in hours, and deploy and run anywhere. The code is self documenting to make support easier. It aims to be "The Java Web Answer" for rapid application development for Web applications.

Release Notes: This release provides tools and the agent (OfficeBuilding) necessary for deploying WoOF applications to remote servers (such as a Cloud Compute Server).

Release Tags: OfficeBuilding, deploy, Server

Tags: inversion of control, dependency injection, thread injection, function orchestration, graphical configuration, cloud, cloud computing, Context, Java, Prototyping, rad, Rapid Application Development, real-time, Web, continuation injection

Licenses: GPLv3

GNU libmicrohttpd 0.9.37

Sunday 1st of June 2014 10:15:44 PM
GNU libmicrohttpd is a small C library for embedding HTTP server functionality into other applications. It is reentrant, fast, supports HTTP 1.1, and permits listening on multiple ports. The API is simple and still powerful enough to allow programmers to use the entire HTTP feature set. SSL/TLS support is available as an option.

Release Notes: This release fixes a minor regression in terms of API compatibility with respect to URI escaping (reverting the behavior to pre-0.9.35 except for correcing the escaping of '+'). The patch for #3392 (HTTPS connection reset handling) is now applied correctly.

Release Tags: Minor bugfixes, Stable

Tags: Internet, Web, HTTP Servers, Software Development, Libraries

Licenses: LGPL

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers