Language Selection

English French German Italian Portuguese Spanish

December 2019

Security Leftovers

Filed under
Security
  • 36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

    With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

    Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

    On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

  • Election security, ransomware dominate cyber concerns for 2020 [iophk: Windows TCO]

    Senate Democrats have repeatedly tried to force Senate Majority Leader Mitch McConnell (R-Ky.) to schedule votes on a raft of various election security bills. The House has passed three major pieces of election security legislation this year that have stalled amid Republican objections in the Senate.

  • There’s Money To Be Made In Taming Open Source Software Code

    “We’re trying to create order out of chaos,” said CEO Wayne Jackson of his company, Sonatype.

    [...]

    “We are building the world’s critical infrastructure on software somebody else wrote, a stranger with unknown skills, motivations and desires, but the desire to innovate is so high, we’re willing to accept the risk of using some random person’s software invention,” Jackson said.

    Sometimes developers understand the practical use of the open source code they’re creating, and sometimes they don’t, according to Jackson. 

  • Medley India Infosolution helps Indian Railways build crew management software system

    The system design is end-to-end UNIX and Linux thereby immunising the systems against malicious threats. The solution has with immense power to control the client locations from central location by way of maintenance tasks, time synchronisation, patch updates and variety of user access requirements thus speeding up the service request handling from a remote location. Service requests can be lodged into the CMS system and are automated through SMS call lodging and reminder mechanisms. At the client side the users are authenticated via a biometric device (thumb impression reader) for logging onto the applications via a kiosk which ensures an audit trail and logging of activities for transparency and accountability.

LibreOffice Writer: Inserting Pictures

Filed under
LibO
HowTos

This tutorial explains the ways to insert pictures into document in LibreOffice Writer. This is a preparation for you to work with multiple photos, graphics, logos, etc. You will learn how to do it manually and automatically, with menubar, copy-paste, and drag-and-drop, including to resize & arrange them within text, and finally to crop them. I also include download links to beautiful pictures like above and I hope with this article you can compose good documents. Happy learning!

Read more

How to install GIMP on Linux Mint 19.3 Tricia

Filed under
GNU
Linux
HowTos

Linux Mint is a great operating system, but with the most recent version (19.3 "Tricia"), there was some shocking news -- GIMP (GNU Image Manipulation Program) was being removed! Crazy, right? I mean, of all of the great software available for Linux, GIMP is one of the best. It is an essential image editing tool that rivals Adobe Photoshop.

So, why did Linux Mint remove it as a pre-installed program? The developers thought the software was too advanced for newer Linux users. While I think that is a bit of nonsense, I can understand why the Mint developers would want to cater to beginners. Thankfully, it is totally easy to install GIMP on a new Linux Mint 19.3 installation.

Read more

Kernel: Microsoft-Controlled File Systems and AMD's Lack of Linux Support

Filed under
Linux
  • Linux's exFAT Driver Looking To Still Be Replaced By A Newer Driver From Samsung

    Introduced with Linux 5.4 was a long-awaited Microsoft exFAT file-system driver albeit within the kernel's staging area and based upon some dated Samsung file-system driver code. That exFAT staging driver was improved upon more with Linux 5.5 but ultimately there is a concurrent effort for replacing it with a driver derived from newer Samsung open-source code and to be merged outside of staging.

  • Controlling AMD Wraith Prism RGB Heatsinks On Linux Is Easy Now With CM-RGB

    With the Wraith Prism heatsink fan included with many modern AMD Ryzen processors there is configurable RGB lighting, which unfortunately AMD hadn't publicly documented or offered a Linux utility for manipulating the RGBs under Linux. Fortunately, there is now a straight-forward solution for dealing with those Wraith Prism RGB LEDs thanks to the open-source and independent CM-RGB project.

    Just like AMD doesn't offer any CPU overclocking client from the Linux desktop, they don't offer any RGB control software for Linux. But CM-RGB is a Python-written independent utility that is command-line based and allows easily controlling the heatsink's lighting under Linux. The program allows setting the lighting mode, color based upon hex code, brightness, and other factors.

Linux on Hardware: Dragino, Marvell, Kospet Prime SE

Filed under
Linux
Hardware

How Nitrux is Changing the Traditional Linux Scenario [Interview]

Filed under
Interviews

Nitrux Linux founder Uri Herrera shares how Nitrux is adding new dimension to Linux scene with innovative tools like ZNX, MAUI and more.
Read more

FSF, Free Software and GNU (PSPP)

Filed under
GNU
  • Building ethical software based on the four freedoms

    Just because a license is not the right place to enforce ethical software usage doesn't mean we don't recognize the problem, or respect the people raising it. We should encourage and participate in conversations about the ethical usage of software. With the ground rules of free software as the baseline, anyone can build systems to specifically promote ethical use.

  • Google’s Monopoly is Stifling Free Software

    If you’d like a regular certificate, you can do so by attaching your public legal name to your software and sending in a copy of your driver’s license. And that is to say nothing of the risks you take these days online by publishing your legal name.

    And even if you do all of this and start signing your executables, I still can’t find any assurance whether Google will begin to treat these executables as safe or not.

  • PSPP now supports .spv files

    I just pushed support for SPV files to the master branch of PSPP.

    [...]

    I would appreciate experience reports, positive or negative. The main known limitation is that graphs are not yet supported (this is actually a huge amount of work due to the way that SPSS implements graphs).

More in Tux Machines

Malicious Proprietary Software From Microsoft and Google

  • Microsoft rolls out a new update for Surface Duo SDK Preview

    The new update is available for Mac, Windows and Ubuntu....

  • Microsoft Brings Its Windows 10 Antivirus Arsenal to Linux [Ed: Wow. Softpedia's "LINUX" section (Popa) is now an arm of Microsoft proprietary software marketing. Sure missing Marius Nester there. Whose arsenal is this? NSA's?]
  • Microsoft: Linux Defender antivirus now in public preview, iOS and Android are next [Ed: Of course Microsoft's sponsored propaganda network also promotes Microsoft proprietary software in the “LINUX” section. It does this all the time. The site has also just put "GitHub: We won't take down any of your content unless we really have to" under the "LINUX" section because proprietary software (GitHub) is somehow "LINUX"?!]
  • Chrome deploys deep-linking tech in latest browser build despite privacy concerns

    Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers. Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it's active, despite privacy issues that have been raised. "Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a 'don't break the web,' never-cross redline," he wrote. "This spec does that." The debate over the feature percolated last year on mailing lists and in GitHub issues posts and picked up in October when the team working on Chrome's Blink engine declared their intent to implement the specification. The feature rollout serves to illustrate that the consensus-based web standards process doesn't do much to constrain the technology Google deploys.

  •      
  • New Mexico Sues Google Over Collection of Children's Data
           
             

    New Mexico’s attorney general sued Google Thursday over allegations the tech company is illegally collecting personal data generated by children in violation of federal and state laws.

Security: Debian LTS Work, Various Patches, Honeypots/Honeynets and FUD (Marketing)

  • Freexian’s report about Debian Long Term Support, January 2020

    January started calm until at the end of the month some LTS contributors met, some for the first time ever, at the Mini-DebCamp preceeding FOSDEM in Brussels. While there were no formal events about LTS at both events, such face2face meetings have proven to be very useful for future collaborations! We currently have 59 LTS sponsors sponsoring 219h each month. Still, as always we are welcoming new LTS sponsors!

  • Security updates for Friday

    Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3). 

  • Honeypots and Honeynets
  • Up close and personal with Linux malware [Ed: ESET trying to sell its useless proprietary software for a platform that does not need it]

    Chances are that the very word ‘Linux’ conjures up images of near-impenetrable security. However, Linux-based computer systems and applications running on them increasingly end up in the crosshairs of bad actors, and recent years have seen discoveries of a number of malicious campaigns that hit Linux systems, including botnets that were made up of thousands of Linux servers. These mounting threats have challenged the conventional thinking that Linux is more or less spared the problems that affect other operating systems, particularly Windows.

Events: ONES, SUSECON and FOSDEM

  • Linux Foundation, LF Networking, and LF Edge Announce Keynote Speakers for Open Networking & Edge Summit North America 2020

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-hosts LF Networking, the umbrella organization fostering collaboration and innovation across the entire open networking stack, and LF Edge, the umbrella organization building an open source framework for the edge, today announced initial keynote speakers for Open Networking & Edge Summit (ONES) North America 2020. The event takes place April 20-21 in Los Angeles, California. Open Networking & Edge Summit (formerly Open Networking Summit) is the industry’s premier open networking event now expanded to comprehensively cover Edge Computing, Edge Cloud and IoT. The event enables collaborative development and innovation across enterprises, service providers/telcos and cloud providers to shape the future of networking and edge computing with a deep focus on technical, architectural and business discussions in the areas of Open Networking & AI/ML-enabled use cases for 5G, IoT, Edge and Enterprise deployment, as well as targeted discussions on Edge/IoT frameworks and blueprints across Manufacturing, Retail, Oil and Gas, Transportation and Telco Edge cloud, among other key areas.

  • SUSE welcomes Dublin City University students at SUSECON 2020

    DCU relies on SUSE to support their IT infrastructure. DCU also utilize our academic program for teaching and training Open Source technologies in the classroom, so when the idea came to invite a university to SUSECON, they were a perfect fit. Nearly 50 master’s students and a handful of teaching staff from the Faculty of Engineering and Computing are looking forward to attending this year’s SUSECON. MSc and M.Eng students from the School of Computing and the School of Electronic Engineering will be in attendance throughout the week. The event will provide numerous opportunities for the students to learn from and engage with industry experts from companies like SUSE, Microsoft and SAP.

  • Follow-up on the train journey to FOSDEM

    Here’s a recap of my train journey based on the Twitter thread I kept posting as I travelled.

Videos/Audiocasts/Shows: Clear Linux, Canonical's Ubuntu Desktop Team, MX Linux 19.1

  • Clear Linux | The Fastest Linux Distro?

    Clear Linux | The Fastest Linux Distro? Let's do a deep dive into Clear Linux and go through the installation, configuration, and overall setup for it on your System.

  • Brunch with Brent: Heather Ellsworth | Jupiter Extras 57

    Brent sits down with Heather Ellsworth, Software Engineer on Canonical's Ubuntu Desktop Team, a GNOME Foundation Member, and former Purism Librem 5 Documentation Engineer. We discuss her deep history in experimental high energy physics at CERN, the similarities and synergies between the sciences and software engineering, her love of documentation, her newly established maintainership of LibreOffice, and how empathy factors into good bug reporting.

  • MX Linux 19.1 overview | simple configuration, high stability, solid performance

    In this video, I am going to show an overview of MX Linux 19.1 and some of the applications pre-installed.