Language Selection

English French German Italian Portuguese Spanish

Security: Studying With GNU/Linux, DNS Scam, SELinux Isn’t Scary and Microsoft Windows Updates Are Very Scary

Filed under
Security
  • First step to becoming a hacker: Linux!

    If you're contemplating a career in cybersecurity and haven't come up to speed on Linux, now's the time to get ramped up and here's one easy way to do it. This new book from no starch press was written with people like you in mind. Authored by OccupyTheWeb, the force behind Hackers-Arise, Linux Basics for Hackers provides everything from basic Linux command line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.

  • A Worldwide [Cracking] Spree Uses DNS Trickery to Nab Data

    Iranian [crackers] have been busy lately, ramping up an array of targeted attacks across the Middle East and abroad. And a report this week from the threat intelligence firm FireEye details a massive global data-snatching campaign, carried out over the last two years, that the firm has preliminarily linked to Iran.

  • SELinux Isn’t Scary

    Back in the before times, during the era of RHEL/CentOS 4, SELinux was barely worth the security it offered. It was unwieldy, caused access problems even in Permissive mode, and the command line tools and documentation were esoteric at best when they even existed.

    It’s been a few years since that time, however, and significant development has been done to get SELinux into a much more usable and user-friendly state. At this point, most of the fears surrounding SELinux are based on old experiences, and it behooves everyone to re-examine those fears to see if they’re still realistic.

    Usability often has to trump security. As an example, we now have the ability to just tap a credit card on a machine and have the purchase approved. There are significant security risks involved, but as long as those risks are known and minimized (for example, by limiting the amount that can be purchased in this way), usability can win.

  • Access 97 Database Error Was Caused By Windows January 2019 Update, Microsoft Confirms

    Microsoft’s issues with the recent Windows 10 Updates never seem to end. From deleting user files to granting admin privileges to any user, the bugs have been plenty. Access 97 had a bug discovered recently which breaks access to its databases. Guenni from Borncity discovered the bug yesterday and highlighted it on his blog post.

    The Windows January 2019 Update was the cause behind the bug, Microsoft confirmed today. Microsoft added the Access 97 bug to the “known issue” section. The January update aimed to fix a vulnerability in Jet Database Engine shipped with Windows. “As a result of this patch, open databases in Access 97 MDB format fail with a database error “unknown database format” – if the database contains field names with a length greater than 32 characters”, as Borncity reports. While this bug only affects Microsoft.Jet.OLEDB.4.0 providers, there were only a few workarounds. Microsoft added the following paragraph to the known issue section, highlighting the bug.

More in Tux Machines

Games: Zombie Panic! Source, Dicey Dungeon, NVIDIA RTX, Steam Play, Battle Motion, Ravva and the Cyclops Curse, Feudal Alloy

  • The Beta of Zombie Panic! Source was updated recently, should work better on Linux
    Zombie Panic! Source is currently going through an overhaul, as part of this it's coming to Linux with a version now in beta and the latest update should make it a better experience. [...] I personally haven't been able to make any of the events yet, so I have no real thoughts on the game. Once it's out of beta and all servers are updated, I will be taking a proper look as it looks fun. No idea when this version will leave beta, might be a while yet.
  • Dicey Dungeons, the new unique roguelike from Terry Cavanagh and co introduces quests
    We have a lot of roguelikes available on Linux (seriously, we do) yet Dicey Dungeons from Terry Cavanagh, Marlowe Dobbe, and Chipzel still remains fresh due to the rather unique game mechanics. I still can't get over how fun the dice mechanic is, as you slot dice into cards to perform actions. It's different, clever and works really well.
  • Quake 2 now has real-time path tracing with Vulkan
    If you have one of the more recent NVIDIA RTX graphics cards, here's an interesting project for you to try. Q2VKPT from developer Christoph Schied implements some really quite advanced techniques.
  • Steam Play versus Linux Version, a little performance comparison and more thoughts
    Now that Steam has the ability officially to override a Linux game and run it through Steam Play instead, let's take a quick look at some differences in performance. Before I begin, let's make something clear. I absolutely value the effort developers put into Linux games, I do think cross-platform development is incredibly important so we don't end up with more lock-in. However, let's be realistic for a moment. Technology moves on and it's not financially worth it to keep updating old games, they just don't sell as well as newer games (with exceptions of course). As the years go on, there will be more ways to run older games better and better, of that I've no doubt.
  • Battle Motion, a really silly massive fantasy battle game will have Linux support
    Sometimes when looking around for new games I come across something that really catches my eye, Battle Motion is one such game as it looks completely silly.
  • Ravva and the Cyclops Curse looks like a rather nice NES-inspired platformer
    Another lovely looking retro-inspired platformer! Ravva and the Cyclops Curse from developer Galope just released this week with Linux support.
  • Become a fish inside a robot in Feudal Alloy, out now with Linux support
    We've seen plenty of robots and we've seen a fair amount of fish, but have you seen a fish controlling a robot with a sword? Say hello to Feudal Alloy.

Addressing Icons Themes (Again)

I wrote some time ago on how platforms have a responsibility to respect the identity of applications, but now there’s some rumblings that Ubuntu’s community-built Yaru icon set (which is a derivative of the Suru icon set I maintain) intends to ignore this and infringe upon applications’ brands by modifying their icons... [...] For instance, the entire point of the GNOME icon refresh initiative is to address visual mismatches between third-party app icons and GNOME icons and we been have reaching out to developers to see about updating their icons to new design—this is the appropriate approach for a platform visual overhaul, by the way—which could always use more help on. Now I don’t see this ever happening, but I have hopes that someday Ubuntu will fully embrace GNOME and promote it as its desktop solution—especially given the desktop is out of the scope of the Ubuntu business these days. Read more

Wine 4.0 RC7

  • Wine Announcement
    The Wine development release 4.0-rc7 is now available.The Wine development release 4.0-rc7 is now available.
  • Juicy like the good stuff, Wine 4.0 RC7 is out with a delightful aroma
    No need to worry about a sour aftertaste here, we're of course talking about the wonderful software and not the tasty liquid. As usual, they're in bug-fix mode while they attempt to make the best version of Wine they can and so no super huge features made it in.
  • Wine 4.0-RC7 Released With Fixes For Video Player Crashes, Game Performance Issues
    Wine 4.0 should be officially out soon, but this weekend the latest test release of it is Release Candidate 7 that brings more than one dozen fixes. Wine 4.0 remains in a feature freeze until its release, which will likely be within the next two weeks or so. Since last Friday's Wine 4.0-RC6, the RC7 release has 13 known bug fixes. Catching our interest are some game performance regressions being resolved, including for Hot Pursuit, Project CARS, Gas Guzzlers, and others. There are also video player crash fixes when opening audio or video files.

Wikipedia cofounder: How and why I transitioned to Linux—how you can, too

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn’t until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line. (Let me explain. “Bash” means “Bourne-again shell,” a rewrite of the class Unix shell “sh.” A “shell” is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like “move this file there” and “download that file from this web address” and “inject this virus into that database”. The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal–which runs Bash, the standard Linux shell.) Even then (and in the following years when I got into programming again), I didn’t learn much beyond things like cd (switch directory) and ls (list directory contents). It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest “distro” (flavor of Linux) was Red Hat Linux, so that’s what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn’t use it much. Read more