Language Selection

English French German Italian Portuguese Spanish

January 2020

Audiocasts/Shows: GNU/Linux Predictions, Nathan Wolf's Noodlings and Happy New Year From Marcel Gagne & Evan Leibovitch

Filed under
GNU
Linux
  • Linux Predictions for 2020 - Will Linus retire?
  • Particularly Poor Predictions | LINUX Unplugged 334

    We review our predictions and own up to what we got wrong, and what we got right in 2019.

    Special Guests: Alex Kretzschmar and Brent Gervais.

  • Nathan Wolf: Noodlings | Christmastime, xLights, Exploring Media Servers and Computer History

    Post Christmas Day shopping yielded me a really nice find, specifically something pretty fantastic from Lowe’s that allows me to fix my AC light strands. A Holiday Living Light Tester. The directions could have been a bit more clear… maybe worth a video… but I was able to recover three of my LED bush nets. Since they retail for about $10 each, that has made the purchase worth it already. This device is supposed to work with LED as well as incandescent lights. I’ve only tested it on LED thus far and it works well.

    This is a device that I wish I had discovered long ago.

    [...]

    As we wrapped up the year in BDLL challenges, our task for this week was to make some predictions about the year 2020. They didn’t have to be Linux related so, exactly but since Linux and tech is the focus of the show, it would only make sense to keep it as such.

    What I am wishing for, in 2020, is commercial grade CAD / CAM, manufacturing technology software to come to Linux, not necessarily for home use but for use in business.

    Specifically, what I would like to see is Fusion 360 by Autodesk supported in some level on Linux. It already runs well in Linux through Lutris but having actual support for it would be fantastic. I would also like to see PTC’s Creo running on Linux. PTC once supported Linux with earlier offerings of their mechanical design package but no longer do so today. It would be great to see.

  • Happy New Year maybe, VR games, Jumanji, RISCV, The Witcher, the Overnet, and the Future!

    TIK TEK TOE, episode 009. In this final episode of the decade, or at least, this year, Marcel and Evan riff on Christmas gifts, VR games, Jumanji, Open Hardware vs closed borders, The Witcher, and several other diversions. Somewhere in there, they reminisce over the last decade of free software, a free and open Internet (the Overnet), and lots of other things you really don't want to miss. Oh, and Marcel learns about Gwen Stacy, or is it Gaven and Stacey?

    Once you're done listening, or right now for that matter, please (pretty please, even) make sure you share this podcast with your friends, family, neighbours, enemies . . . just share and recommend. Also, if you can spare a few extra keystrokes, be sure to leave us a comment and tell us how we're doing.

Monthly/Annual Debian Reports: Sparky, Jonathan McDowell and Chris Lamb

Filed under
Debian
  • Sparky news 2019/12

    Linux kernel updated up to version 5.4.6 & 5.5-rc4

  • Jonathan McDowell: Free Software Activities for 2019

    As a reader of Planet Debian I see a bunch of updates at the start of each month about what people are up to in terms of their Free Software activities. I’m not generally active enough in the Free Software world to justify a monthly report, and this year in particular I’ve had a bunch of other life stuff going on, but I figured it might be interesting to produce a list of stuff I did over the course of 2019. I’m pleased to note it’s longer than I expected.

  • Chris Lamb: Free software activities in December 2019

    Software Freedom Conservancy (the fiscal sponsor for the Reproducible Builds project) have announced their fundraising season with a huge pledge to match donations from a number of illustrious individuals. If you have ever considered joining as a supporter, now would be the time to do so.

    [...]

    Whilst anyone can inspect the source code of free software for malicious flaws almost all software is distributed pre-compiled to end users. The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

Why we need a free desktop

Filed under
GNU
Linux

I am frequently asked if there’s any point in the desktop anymore. With the rise of cloud services, it’s easy to wonder whether there is a need. I believe that a free software desktop system is more important than ever.

GNOME creates an entire desktop environment that is beautifully designed and simple to use. We do this to ensure user freedoms. It is this empowerment of end users – acknowledging their right to control their own computing – that drives me forward.

The intention behind making free software is important, but irrelevant if the reality is that users cannot make use of those freedoms. When fewer than 0.5% of the world’s population can code, the chance of someone being able to modify their own desktop, or pay someone to do so, is vanishingly small. It is our responsibility, as technologists, a community, and a foundation, to provide to put the user first. Software must be built for everyone, and that’s what we are doing.

Read more

4 of the Best Operating Systems for Raspberry Pi to Develop IoT Projects

Filed under
GNU
Linux
Hardware

If you just got the latest Raspberry Pi 4, you might be wondering which operating system to run it from. You will need a reliable and versatile desktop environment where you can change themes, install programs, and multitask without any hassles.

Raspberry Pi lets you experiment with thousands of different DIY projects in IoT which can range from intelligent cameras, drones, smart garage doors, magic mirrors, and many more. To work on them, you need to download the NOOBS installer and use that to install the OS on your Raspberry Pi.

Before you do that, there are certain criteria you need to keep in mind. The latest Raspberry Pi 4 is having compatibility issues with many operating systems.

Therefore, the search for a reliable operating system is ongoing and is absolutely the first thing to keep in mind. The following list has been designed keeping in mind current compatibility and the needs of tomorrow.

Read more

Kali Default Non-Root User

Filed under
GNU
Linux
Security

For years now, Kali has inherited the default root user policy from BackTrack. As part of our evaluation of Kali tools and policies we have decided to change this and move Kali to a “traditional default non-root user” model. This change will be part of the 2020.1 release, currently scheduled for late January. However, you will notice this change in the weekly images starting now.

The History of Default Root User

In the beginning, there was BackTrack. In its original form, BackTrack (v1-4) was a Slackware live based distro intended to be ran from a CDROM. Yes, we do go back a ways (2006!).

In this model, there was no real update mechanism, just a bunch of pentesting tools living in the /pentest/ directory, that you could use as part of assessments. It was the early days, so things were not very sophisticated, we were just all happy things worked. A lot of those tools back then either required root access to run or ran better when ran as root. With this operating system that would be ran from a CD, never be updated, and had a lot of tools that needed root access to run it was a simple decision to have a “everything as root” security model. It made complete sense for the time.

As time went by however, there were a number of changes. All of us that were around back then sort of remember things a little differently but on the broad strokes we saw people were installing BackTrack on bare metal so we felt like there should be an update mechanism. Especially after walking around Defcon and noticing how many people were using a version of BackTrack that was vulnerable to a certain exploit which came out a few weeks prior. That moved us to basing BackTrack 5 off of Ubuntu instead of Slackware live (February 2011). Then as more time went by we were so busy fighting with Ubuntu that we felt like we needed to move onto something else.

That brought us to Kali, and being an official Debian derivative.

Modern Kali

Our move to be a Debian derivative brought with a whole host of advantages. So many in fact its not worth reviewing them here, just look at the early Kali blog posts shortly after the launch and you will see a ton of examples. But one advantage that we never really talked to much about is the fact that we are based on Debian-Testing.

Debian has a well earned reputation for being one of the most stable Linux distros out there. Debian-Testing is the development branch of the next version of Debian, and realistically is still more stable than many mainstream Linux distros.

While we don’t encourage people to run Kali as their day to day operating system over the last few years more and more users have started to do so (even if they are not using it todo penetration testing full time), including some members of the Kali development team. When people do so, they obviously don’t run as default root user. With this usage over time, there is the obvious conclusion that default root user is no longer necessary and Kali will be better off moving to a more traditional security model.

Read more

More in Tux Machines

You Can Use Raspberry Pi 400 As a PC Keyboard and Mouse Combo

If you’re a fan of Pimoroni, you’re probably familiar with its software lead Phil Howard (aka Gadgetoid) and his developments in the Raspberry Pi community. Today we’re sharing an awesome project he put together using our favorite keyboard PC, the Raspberry Pi 400. Using the right cable and a bit of code, the Raspberry Pi 400 can function as a regular, USB HID keyboard. The best Raspberry Pi projects are easy to recreate and the only accessory you need to pull this project off is a USB Type-C to USB Type-A cable. Read more

today's leftovers

  • DearPyGui 1.0.0 user interface Toolkit Released - itsfoss.net

    Published edition Dear PyGui 1.0.0 (the DPG), a cross-platform toolkit for GUI development in Python. The most important feature of the project is the use of multithreading and outsourcing of operations to the GPU to speed up rendering. The key goal of shaping the 1.0.0 release is to stabilize the API. Compatibility-breaking changes will now be proposed in a separate “experimental” module. To ensure high performance, the bulk of the DearPyGui code is written in C ++ using the Dear ImGui library , designed for creating graphical applications in C ++ and offering a fundamentally different operating model. The Dear PyGui source code is licensed under the MIT license. Declared support for Linux, Windows 10 and macOS platforms.

  • Software testing - a 32-year-old message

    And then, after having tested hundreds of Linux distributions, thousands of applications, every release of Windows since 3.11, and then some, I can definitely say that the slow, steady erosion of professional testing in the software world is noticeable. And by that mean, in those scenarios it actually existed, because in some domains, it's never been there, and it shows. If anything, the longer I keep my hands on this or that application or program, the more I'm convinced that the new, casual approach to quality is simply not working. There will be a moment of reckoning.

  • Issue #373 - Robotic tickles

    We thought we’d lead with the weirdest Raspberry Pi-powered thing, purely because we couldn’t resist the bizarre visual. These robotic hands move according to actions taken on social media. And they’re creepy. We like creepy. Another robot from the blog this week can solve your Sudoku in seconds, and a hackathon-winning student project can photograph any object and automatically turn it into an NFT.

  • ODROID-H2+ SBC discontinued due to supply shortage - CNX Software

    Hardkernel has just discontinued ODROID-H2+ single board computer based on the Intel Celeron J4115 Gemini Lake Refresh processor, which followed ODROID-H2 SBC itself being discontinued shortly after Intel decided to phase out Intel J4105 and other Gemini Lake processors. The reason given is the “uncertain situation of main component supply”, which could mean Celeron J4115 processor is hard to get (or expensive), or the Realtek RTL8125B chipset provides 2.5GbE networking. That means Hardkernel does not offer any x86 SBC at this time. That’s a shame before ODROID-H2+ was a well-supported SBC running Linux or Windows, and great value for money at $119, especially for people interested in the two 2.5 Gbps Ethernet ports found on the board (and upgradeable to six), not to mention support for SO-DIMM memory and M.2 NVMe SSD.

  • Debian blocks VPN and Tor users from reading its Wiki. – BaronHK's Rants

    I understand that they don’t want VPN and Tor users messing up their Wiki anonymously, where it would be difficult to ban any one vandal, but to block people from even _reading it_ unless they unmask themselves is a bit heavy-handed. On Wikipedia, they block Tor and VPN users from editing, but you can read it all you want, and you can view the page’s source code if you are on a VPN. This is the right thing to do. I’m not sure why Debian is requiring us to de-anonymize ourselves just to read their Wiki. I wish that they would stop doing this.

  • Red Hat Announces Updates To Red Hat OpenShift And Red Hat Advanced Cluster Management For Kubernetes
  • How bare metal cloud is powering the telecommunications industry

    Bare metal clouds are gaining a lot of momentum in the telecommunications industry—but why? What is a bare metal cloud, and what are the benefits of using it? In this post, we answer these questions and more.

  • digiKam - digiKam Recipes 21.10.15 released

    It has been a while since the last update of digiKam Recipes. But that doesn’t mean I neglected the book. In the past few months, I’ve been doing a complete language review and adding new material. The new revision of digiKam Recipes features detailed information on how to move digiKam library and databases from one machine to another, how to access digiKam remotely from any machine, and how to import photos from an iOS device. The book now uses the Barlow font for better legibility along with a slightly improved layout.

  • October 2021 Web Server Survey [Ed: Microsoft became so irrelevant in Web servers that it is not even mentioned anymore and most tables don't even list Microsoft (it's miniscule, outside view)]

    In the October 2021 survey we received responses from 1,179,448,021 sites across 265,426,928 unique domains and 11,388,826 web-facing computers. This reflects a loss of 8.59 million sites, but a gain of 1.07 million domains and 20,800 computers. The number of unique domains powered by the nginx web server grew by 789,000 this month, which has increased its total to 79.5 million domains and its leading market share to 29.9%. Conversely, Apache lost 753,000 domains and saw its second-place share fall to 24.7%. Meanwhile, Cloudflare gained 746,000 domains – almost as many as nginx – but it stays in fourth place with an 8.15% share while OpenResty's shrank slightly to 14.5%. Cloudflare also made strong progress amongst the top million websites, where it increased its share by 0.24 percentage points to 18.2%. nginx is in second place with a 22.5% (+0.12pp) share but has closed the gap on Apache which still leads with 24.0% after losing 0.21pp. Apache also continues to lead in terms of active sites, where it has a total of 48.0 million. However, it was the only major vendor to suffer a drop in this metric, with a loss of 277,000 active sites reducing its share down to 23.9% (-0.29pp). In terms of all sites, nginx lost the most (-9.99 million) but remains far in the lead with a total of 412 million.

  • Chrome OS 94 Released - itsfoss.net

    The release of the operating system Chrome OS 94 has been published , based on the Linux kernel, the upstart system manager, the ebuild / portage build toolkit, open components and the Chrome 94 web browser . The user environment of Chrome OS is limited to a web browser, and instead of standard programs, web applications are used, however, Chrome OS includes a full-fledged multi-window interface, desktop and taskbar. Chrome OS 94 is available for most current Chromebooks. Enthusiasts have formed unofficial assemblies for ordinary computers with x86, x86_64 and ARM processors. Source texts are distributed under the free Apache 2.0 license.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

  • Apache Releases Security Advisory for Tomcat   | CISA

    The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

  • Security Risks of Client-Side Scanning

    Even before Apple made their announcement, law enforcement shifted their battle for back doors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic back door, but it still a back door — and brings with it all the insecurities of a back door. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it’s a really bad idea.

  • The Open Source Security Foundation receives $ 10 million in funding - itsfoss.net

    The Linux Foundation has announced a $ 10 million commitment to the OpenSSF (Open Source Security Foundation), an effort to improve the security of open source software. Funds raised through royalties from parent companies of OpenSSF, including Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware …

Videos/Shows: Ubuntu 21.10, LHS, and Chris Titus

  • Ubuntu 21.10 - Full Review - Invidious

    Ubuntu 21.10 finally features the GNOME 40 desktop, better Wayland support, and more. In this video, I'll give you my thoughts on "Impish Idri" and we'll go over some of the new features. I'll talk about the installation process, Wayland changes,

  • LHS Episode #435: The Weekender LXXX

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Time to Rice and Make the Best Looking Desktop - Invidious

    We have our script that sets up the system... now we make our script to automatically make our desktop the best looking one out there!