Language Selection

English French German Italian Portuguese Spanish

Photos: 15-Year Anniversary Party

Filed under
Site News

More in Tux Machines

Security: Patches, Nostromo, PureBoot and Microsoft's Latest DRM Lock-down (Locking GNU/Linux Out for 'Security')

  • Security updates for Monday

    Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).

  • Nostromo web servers exposed by resurrected RCE vulnerability

    A security researcher has disclosed the existence of a remote code execution (RCE) vulnerability in the open source Nostromo web server software. On Monday, a threat analyst and bounty hunter with the online handle Sudoka published a technical analysis of the bug, tracked as CVE-2019-16278. The vulnerability impacts Nostromo, also known as nhttpd, a niche web server used by some in the Unix and open source community but altogether dwarfed in popularity by Apache. In a blog post, Sudoka said the vulnerability stems from shortcomings in how the path of URLs are verified. Inadequate URL checks mean that an unauthenticated attackers is able to force a server to point to a shell file, resulting in the potential execution of arbitrary code.

  • PureBoot Best Practices

    Recently we started offering the PureBoot Bundle–PureBoot installed and configured on your laptop at the factory and bundled with a pre-configured Librem Key so you can detect tampering from the moment you unbox your laptop. It’s been great to see so many customers select the PureBoot Bundle and now that PureBoot is on so many more customer laptops, we felt it was a good time to write up a post to describe some best practices when using PureBoot. If you are just getting started with PureBoot and want to know the basics, check out our Getting Started Guide for pointers on what to do when you start up your PureBoot Bundle for the first time. In this post I’ll assume you have already gone through the first boot and first reboot of your laptop and have settled into daily use.

  •                
  • Secured-core PCs offer new defense against firmware attacks
                     
                       

    Microsoft, chipmakers, and several PC makers on Monday announced Secured-core PCs, which use hardware-based defense mechanisms to combat firmware-level security attacks.

  •                
  • Microsoft's New Plan to Defend the Code Deep Within PCs
                     
                       

    The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on a system. Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way. Only the chip manufacturers will hold the encryption keys to broker these checks, and they're burned onto the CPUs during manufacturing rather than interacting with the firmware's amorphous, often unreliable code layer.

  •                            

Games: Remote Play Together, OpenRA, The Coma 2, Humble Store and Shiver

  • Steam 'Remote Play Together' is now in Beta, allowing local multiplayer games over the net

    Today, Valve have released an exciting update to the Steam Beta Client which adds in Remote Play Together, allowing you to play local co-op, local multiplayer and shared/split screen games over the net with your friends. From what Valve said, it will allow up to four players "or even more in ideal conditions", meaning if you all have reasonable internet connections you might be able to play with quite a few people. Something that has of course been done elsewhere, although the advantage here is no extra payments or software needed as it runs right from the Steam client. It's very simply done too. Just like you would invite friends to join your online game, you invite them to Remote Play Together from the Steam Friends list and if they accept…away you go. Only the host needs to own the game too, making it easy to get going.

  • Another OpenRA preview build is up needing testing, Tiberian Sun support is coming along

    Work continues on the open source game engine OpenRA which allows you to play Command & Conquer, Red Alert and Dune 2000 on Linux and other modern platforms with support for Tiberian Sun progressing well. [...] One issue they've been dealing with is deployable units in Tiberian Sun, while OpenRA had basic support for the feature due to the Construction Yards in classic C&C it wasn't suitable for Tiberian Sun. Now though? They've overhauled it and expanded it. You can now queue up deploy commands between other orders, deployable units can be ordered to pack up and then move somewhere else as a single action too. Additionally, the code for aircraft and helicopter movement has also been given an overhaul to add in many of the extra features and dynamics needed for Banshees, Orcas, and Carryalls. The transport behaviour for the Carryall was also updated, with unit pick-up behaviour closer to the original game and allowing you to queue up multiple transport runs.

  • Devespresso Games join with Headup for Western release of The Coma 2: Vicious Sisters

    The Korean survival horror-adventure The Coma 2: Vicious Sisters from Devespresso Games is now getting a helping hand from publisher Headup for Western audiences. Also confirmed through the press emails is that The Coma 2 will be entering Steam Early Access on November 5th, with a full release expected in "Q1 2020".

  • Humble Store is doing a Female Protagonist Sale, plus the upcoming Steam sale dates leaked

    The week has only just begun and there's plenty of sales going on, with even more coming up. Let's have a little look. First up, Humble Store is doing a Female Protagonist Sale celebrating various heroines across multiple genres.

  • Kowai Sugoi Studios close up so they've made their point & click horror 'Shiver' free

    Times are tough for indies, with Kowai Sugoi Studios announcing they're closing up shop and so they've set their point and click horror title Shiver free for everyone. Kowai Sugoi Studios said in a blog post on the official site that this month they're shutting down, no reason for it was given but they gave their "sincere appreciation to our friends, family, and fans" for supporting them along the way. Shiver seems to be their only game, released originally back in 2017.

Fedora Community Blog: Where are the team’s newcomers?

I was wondering why, in the QA team, there are various newcomers willing to contribute, but so little interaction in the mailing list. If a person would like to join the QA team, like many other Fedora teams, one of the first things they are supposed to do (at least as a good practice, if not as prescribed by the team SOP) is to send an introductory email to the team’s mailing list. And it is simple to spot that—after the introduction email and eventually being sponsored into the FAS group—in most cases the newcomers don’t send any other mail in the following times. Why? I was wondering: is it ever possible that a newcomer is so skilled that he/she doesn’t need to ask any clarification to other team members? Is it possible that the documentation we have on the wiki or on docs.f.o. is sufficient to teach a newcomer all the tasks he/she is supposed to perform? How things work? No doubts? Any specific curiosity? All the processes, all the tasks, are they so clear? Wow… or… there is something strange. Read more

Android Leftovers