Language Selection

English French German Italian Portuguese Spanish

Original Articles from 2007

  1. Why Dolphin should have tabs* - Dec 30, 2007
  2. Turkey's Pardus distro is easy to use - Dec 12, 2007
  3. How to use the nvidia driver with the KDE Four Live CD* - Dec 12, 2007
  4. Paldo melds source-based and binary in one distro - Dec 11, 2007
  5. First look at Geubuntu 7.10 - Dec 10, 2007
  6. First look at Linux Mint 4.0 - Nov 26, 2007
  7. Gosh, gOS is good - Nov 16, 2007
  8. DSL 4.0: Damn small improvement - Nov 13, 2007
  9. ubuntu vs opensuse - Nov 12, 2007
  10. First look at Ubuntu Studio 7.10 - Nov 05, 2007
  11. From a PCLOS user: Kubuntu Gutsy doesn't totally reek* - Nov 3, 2007
  12. Hans Reiser: Did He or Didn't He? - Nov 03, 2007
  13. Vixta: Nice concept, incomplete execution - Oct 26, 2007
  14. "Why Ubuntu (Still) Sucks"...Why care?* - Oct 24, 2007
  15. Linux Projects' Best Kept Secret - Oct 20, 2007
  16. Battle of the Titans: Mandriva 2008 vs openSUSE 10.3 - Oct 19, 2007
  17. Wine is Getting Good* - Oct 16, 2007
  18. diff Power_Pack Free - Oct 16, 2007
  19. Mandriva 2008.0 Rocks - Oct 12, 2007
  20. openSUSE 10.3 in review: A solid Linux desktop* - Oct 12, 2007
  21. Quick Look at Ubuntu 7.10 Release Candidate - Oct 12, 2007
  22. First look at Puppy Linux 3.00 - Oct 08, 2007
  23. First look at PC-BSD 1.4 - Oct 01, 2007
  24. openSUSE 10.3 RC 1 Report - Sep 26, 2007
  25. Kind of fond of FaunOS - Sep 25, 2007
  26. KateOS - Getting Better with Age - Sep 19, 2007
  27. ALT: Linux from Russia - Sep 17, 2007
  28. openSUSE 10.3 Beta 3 Report - Sep 10, 2007
  29. Beta Review: Kanotix 2007 "Thorhammer" RC5B* Sep 7, 2007
  30. openSUSE 10.3 Beta (1 &) 2 Report - Aug 26, 2007
  31. Sidux 2007-03.1 "Gaia": A closer look* - Aug 23, 2007
  32. Sidux 2007-03 'Gaia' -- a quick look* - Aug 22, 2007
  33. Freespire aspires, but fails to inspire - Aug 20, 2007
  34. Sabayon Linux: Something for everyone - Aug 14, 2007
  35. Mandriva 2008 Beta 1, "Cassini" -- A few thoughts* -- Aug 11, 2007
  36. Absolute Linux is an absolute winner - Aug 07, 2007
  37. Wolvix 1.1.0 Mini-Review & Screenshots - Aug 06, 2007
  38. openSUSE 10.3 Alpha 7 report - Aug 04, 2007
  39. Mini-Review: Puppy Linux 2.17 - July 23, 2007
  40. openSUSE 10.3 Alpha 6 Report - July 20, 2007
  41. With new code base, Supergamer is fun again - July 18, 2007
  42. Mini-Reviews: CentOS 5.0 LiveCD, Berry 0.82, and AntiX "Spartacus" - July 16, 2007
  43. Venerable Slackware 12 gets a sporty new wardrobe - July 10, 2007
  44. First look at Elive 1.0 - July 09, 2007
  45. Slackware 12: The anti-'buntu* - July 08, 2007
  46. A sysadmin toolbox for Web site maintenance - July 5, 2007
  47. Mini Review of a Tiny PCLOS - July 2, 2007
  48. Yoper 3.0 requires some tinkering - June 28, 2007
  49. New AntiX distro makes older hardware usable - June 26, 2007
  50. OpenSUSE 10.3 Alpha 5 report - June 20, 2007
  51. Alternative GUIs: GoblinX* - June 16, 2007
  52. Granular Linux - What Am I Missing? - June 11, 2007
  53. Alternative GUIs: SymphonyOS* - Jun 9, 2007
  54. Sidux vs. Mint: Can You Live the Pure Open Source Life? - June 4, 2007
  55. Fedora 7 "Moonshine": Freedom vs. Ease-of-Use* - Jun 1, 2007
  56. How-to Edit Grub - May 26, 2007
  57. New PCLinuxOS 2007 looks great, works well - May 23, 2007
  58. VectorLinux SOHO: A better Slackware than Slackware - May 21, 2007
  59. DeLi Linux 0.7.2, a distribution for very old computers - May 21, 2007
  60. openSUSE 10.3 alpha 4 report - May 18, 2007
  61. Ubuntu Studio 7.04 - The Crowning Jewel of the Ubuntu Family - May 12, 2007
  62. Mandriva Spring - Beautiful Change of Season - Apr 30, 2007
  63. Blue Belle: Running PCLinuxOS Test 4* - Apr 28, 2007
  64. Linux Minty Fresh - Apr 24, 2007
  65. Fallen Under the Spell of Arch Voodoo - Apr 20, 2007
  66. openSUSE 10.3 alpha 3 Report - Apr 13, 2007
  67. Quick Little Tour of Opera's New Speed Dial - Apr 11, 2007
  68. GoblinX Premium 2007.1 - Apr 10, 2007
  69. Review of Kubuntu 7.04 Beta* - Apr 07, 2007
  70. Linux Mint "Bianca" KDE Edition Beta 020: A Small Review* - Apr 06, 2007
  71. SimplyMepis 6.5 - Simply Wonderful - Apr 05, 2007
  72. PCLinuxOS becomes PCUbuntuOS - Apr 1, 2007
  73. The Lazy Guide to Installing Knoppix on a USB Key* - Mar 28, 2007
  74. SabayonLinux 3.3 Mini on that HP Laptop - Mar 27, 2007
  75. Sam Linux 2007 - For the XFCE Lover - Mar 23, 2007
  76. A New Year, A New Kwort - Mar 21, 2007
  77. A New Open Source Model? - Mar 19, 2007
  78. openSUSE 10.3 alpha 2 report - Mar 17, 2007
  79. Peeking in the Windows of ReactOS 0.3.1 - Mar 14, 2007
  80. Kicking the tires of Mandriva 2007.1 beta 2 - Mar 04, 2007
  81. Quick Cruise Around Fedora 7 Test 2 - Mar 02, 2007
  82. Testdriving Sidux 2007 - Feb 28, 2007
  83. First look at VectorLinux 5.8 SOHO - Feb 27, 2007
  84. Script KATE to Automagically Compile/Execute Programs* - Feb 25, 2007
  85. openSUSE 10.3 alpha 1 Report - Feb 19, 2007
  86. SaxenOS and SimplyMEPIS - bumps in the middle of the road - Feb 19, 2007
  87. Year of the Linux desktop? Who cares!* - Feb 4, 2007
  88. SaxenOS 1.1 rc2 - Feb 4, 2007
  89. 10 reasons to try PCLinuxOS* - Jan 25, 2007
  90. PCLinuxOS 2007 Beta 2 (Test 1) - Jan 20, 2007
  91. NimbleX 2007 - As the Name Implies... - Jan 16, 2007
  92. SabayonLinux 3.26 on my HP Pavilion Laptop - Jan 11, 2007
  93. TestDriving SimplyMepis 6.0-4 Beta 2 - Jan 7, 2007

* : By others.









More in Tux Machines

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.

US Sanctions Against Chinese Android Phones, LWN Report on Eelo

  • A new bill would ban the US government from using Huawei and ZTE phones
    US lawmakers have long worried about the security risks posed the alleged ties between Chinese companies Huawei and ZTE and the country’s government. To that end, Texas Representative Mike Conaway introduced a bill last week called Defending U.S. Government Communications Act, which aims to ban US government agencies from using phones and equipment from the companies. Conaway’s bill would prohibit the US government from purchasing and using “telecommunications equipment and/or services,” from Huawei and ZTE. In a statement on his site, he says that technology coming from the country poses a threat to national security, and that use of this equipment “would be inviting Chinese surveillance into all aspects of our lives,” and cites US Intelligence and counterintelligence officials who say that Huawei has shared information with state leaders, and that the its business in the US is growing, representing a further security risk.
  • U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
    U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said. The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei [HWT.UL] handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
  • Eelo seeks to make a privacy-focused phone
    A focus on privacy is a key feature being touted by a number of different projects these days—from KDE to Tails to Nextcloud. One of the biggest privacy leaks for most people is their phone, so it is no surprise that there are projects looking to address that as well. A new entrant in that category is eelo, which is a non-profit project aimed at producing not only a phone, but also a suite of web services. All of that could potentially replace the Google or Apple mothership, which tend to collect as much personal data as possible.

today's howtos

Mozilla: Resource Hogs, Privacy Month, Firefox Census, These Weeks in Firefox

  • Firefox Quantum Eats RAM Like Chrome
    For a long time, Mozilla’s Firefox has been my web browser of choice. I have always preferred it to using Google’s Chrome, because of its simplicity and reasonable system resource (especially RAM) usage. On many Linux distributions such as Ubuntu, Linux Mint and many others, Firefox even comes installed by default. Recently, Mozilla released a new, powerful and faster version of Firefox called Quantum. And according to the developers, it’s new with a “powerful engine that’s built for rapid-fire performance, better, faster page loading that uses less computer memory.”
  • Mozilla Communities Speaker Series #PrivacyMonth
    As a part of the Privacy Month initiative, Mozilla volunteers are hosting a couple of speaker series webinars on Privacy, Security and related topics. The webinars will see renowned speakers talking to us about their work around privacy, how to take control of your digital self, some privacy-security tips and much more.
  • “Ewoks or Porgs?” and Other Important Questions
    You ever go to a party where you decide to ask people REAL questions about themselves, rather than just boring chit chat? Us, too! That’s why we’ve included questions that really hone in on the important stuff in our 2nd Annual Firefox Census.
  • These Weeks in Firefox: Issue 30