Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 28 Sep 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Security News Roy Schestowitz 28/09/2016 - 8:04am
Story Servers/Networks Roy Schestowitz 28/09/2016 - 8:03am
Story Kubernetes News Roy Schestowitz 28/09/2016 - 8:02am
Story Ubuntu 16.10 Final Beta Officially Released with Linux Kernel 4.8, Download Now Roy Schestowitz 28/09/2016 - 7:54am
Story Parsix GNU/Linux 8.5 "Atticus" to Reach End of Life on September 30, 2016 Roy Schestowitz 28/09/2016 - 7:47am
Story SteamOS 2.93 Brewmaster Beta Adds New Security Fixes from Debian GNU/Linux 8.6 Roy Schestowitz 28/09/2016 - 7:41am
Story GNOME 3.22 Supports Flatpak Cross-Linux Distribution Framework Rianne Schestowitz 27/09/2016 - 11:28pm
Story 96Boards.org goes Cortex-M4 with IoT Edition and Carbon SBC Rianne Schestowitz 27/09/2016 - 11:25pm
Story Fedora 25 Goes Into Beta Freeze Today, New Features Need To Be Completed Roy Schestowitz 27/09/2016 - 7:10pm
Story Proxmox VE 4.3 released Roy Schestowitz 27/09/2016 - 6:41pm

Security News

Filed under
Security
  • Sloppy programming leads to OpenSSL woes
  • OpenSSL Fixes Critical Bug Introduced by Latest Update

    OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library.

  • The Internet Of Poorly Secured Things Is Fueling Unprecedented, Massive New DDoS Attacks

    Last week, an absolutely mammoth distributed denial of service (DDoS) attack brought down the website of security researcher Brian Krebs. His website, hosted by Akamai pro bono, was pulled offline after it was inundated with 620Gbps of malicious traffic, nearly double the size of the biggest attack Akamai (which tracks such things via their quarterly state of the internet report) has ever recorded. Krebs was ultimately able to get his website back online after Google stepped in to provide DDoS mitigation through its Project Shield service.

  • Trump Offers More Insight On His Cybersecurity Plans: 10-Year-Old Relatives Vs. 400-lb Bedroom Dwellers

    Look, anyone who refers to cybersecurity or cyberwarfare as "the cyber" is probably better off not discussing this. But Donald Trump, in last night's debate, felt compelled to further prove why he's in no position to be offering guidance on technological issues. And anyone who feels compelled to portray hackers as 400-lb bedroom dwellers probably shouldn't be opening their mouth in public at all.

    With this mindset, discussions about what "the Google" and "the Facebook" are doing about trimming back ISIS's social media presence can't be far behind. Trump did note that ISIS is "beating us at our game" when it comes to utilizing social media. Fair enough.

Servers/Networks

Filed under
Server
  • Docker Doubles Down on Microsoft Windows Server [Ed: recall "DockerCon 2015 Infiltrated by Microsoft"]

    Docker for Windows debuts alongside a new commercial support relationship with Microsoft.
    For the most part, the Docker container phenomenon has been about Linux, with the majority of all deployments on Linux servers. But that could soon be changing as Docker Inc. today is announcing the general availability of Docker Engine on Windows Server 2016, alongside a new commercial support and distribution agreement with Microsoft.

    Docker containers rely on the host operating system for certain isolation and process elements in order to run. On Linux, those elements have always been present as part of the operating system, but the same was not true for Windows, which has required several years of joint engineering effort between Docker Inc. and Microsoft.

  • Hadoop Sandboxes and Trials Spread Out

    We all know that there is a skills gap when it comes to Hadoop in the Big Data market. In fact, Gartner Inc.'s 2015 Hadoop Adoption Study, involving 284 Gartner Research Circle members, found that only 125 respondents who completed the whole survey had already invested in Hadoop or had plans to do so within the next two years. The study found that there are difficulties in implementing Hadoop, including hardship in finding skilled Hadoop professionals.

  • Use models to measure cloud performance

    When I was young, I made three plastic models. One was of a car—a '57 Chevy. Another was of a plane—a Spitfire. And a third was of the Darth Vader TIE Fighter. I was so proud of them. Each one was just like the real thing. The wheels turned on the car, and the plane’s propeller moved when you blew on it. And of course, the TIE Fighter had Darth Vader inside.

    When I went to work on the internet, I had to measure things. As I discussed in my last post, Measure cloud performance like a customer, when you measure on the internet you need to measure in ways that are representative of your customers’ experiences. This affects how you measure in two ways. The first is the perspective you take when measuring, which I talked about last time. The second way is the techniques you use to perform those measurements. And those techniques are, in effect, how you make a model of what you want to know. Those childhood plastic models turn out to offer some solid guidance after all.

  • ODPi Adds Apache Hive to Runtime Specification 2.0

    Today, ODPi announced that the ODPi Runtime Specification 2.0 will add Apache Hive and Hadoop Compatible File System support (HCFS). These components join YARN, MapReduce and HDFS from ODPi Runtime Specification 1.0

    With the addition of Apache Hive to the Runtime specification, I thought it would be a good time to share why we added Apache Hive and how we are strategically expanding the Runtime specification.

  • Ubuntu’s OpenStack on IBM’s Big Iron

    If I were Red Hat I would be looking over my shoulder right now; it appears that Ubuntu might be gaining. In just a few years the Linux distribution has gone from being non-existent in the enterprise to being a powerhouse. This is especially true in the cloud, where it's a dominant force on both sides of the aisle. Not only is it the most deployed operating system on public clouds, its version of OpenStack accounts for over half of OpenStack cloud deployments, used by the likes of Deutsche Telekom, Bloomberg and Time Warner Cable.

Kubernetes News

Filed under
Server
OSS

Ubuntu 16.10 Final Beta Officially Released with Linux Kernel 4.8, Download Now

Filed under
Ubuntu

Delayed six days, the Final Beta release of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system launched today, September 28, 2016, as the final development snapshot in the series.

Today's Final Beta is in fact the first Beta pre-release version of Ubuntu 16.10, and the only development milestone that you'll be able to test if you want to see what's coming to the next major release of Ubuntu Linux. However, we can tell you that it is powered by Linux kernel 4.8, contains up-to-date applications, and still uses the Unity 7 UI.

"The Ubuntu team is pleased to announce the final beta release of Ubuntu 16.10 Desktop, Server, and Cloud products. Codenamed "Yakkety Yak", 16.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," reads the announcement.

Read more

Parsix GNU/Linux 8.5 "Atticus" to Reach End of Life on September 30, 2016

Filed under
GNU
Linux
Debian

The Parsix GNU/Linux developers announced that the end-of-life status is approaching fast for the Parsix GNU/Linux 8.5 "Atticus" operating system, urging users to upgrade to the latest release immediately.

Dubbed Atticus and based on the Debian GNU/Linux 8.5 "Jessie" operating system, Parsix GNU/Linux 8.5 was unveiled seven months ago, on February 14, 2016. Running the long-term supported Linux 4.1.17 kernel injected with TuxOnIce 3.3 and BFS patches, it was built around the GNOME 3.18 desktop environment with the GNOME Shell 3.18.3 user interface.

The end of life (EOL) will be officially reached on September 30, 2016, which means that users of the Parsix GNU/Linux 8.5 "Atticus" operating system will no longer receive security and software updates. Therefore, they are urged today to upgrade to the latest, most recent version of the Debian-based distribution, Parsix GNU/Linux 8.10 "Erik."

Read more

SteamOS 2.93 Brewmaster Beta Adds New Security Fixes from Debian GNU/Linux 8.6

Filed under
GNU
Linux
Gaming

Valve's SteamOS 2 gaming operating system is still getting goodies, and it looks like a new Beta update has been pushed on September 26, 2016, to the brewmaster_beta channel for public beta testers.

That's right, SteamOS 2.93 Brewmaster Beta is here to replace the previous build announced earlier this month, SteamOS 2.91 Brewmaster Beta, and add the latest security fixes and updates from upstream. This means that SteamOS is now officially based on the recently released Debian GNU/Linux 8.6 "Jessie" operating system.

"SteamOS brewmaster update 2.93 pushed to brewmaster_beta. Corrects a build issue where the last kernel updates were not actually included. Also updates from the Debian 8.6 release[www.debian.org] and the usual security fixes," says John Vert, Valve engineer, in the release announcement.

Read more

GNOME 3.22 Supports Flatpak Cross-Linux Distribution Framework

Filed under
GNOME

GNOME 3.22, the second major update this year to the GNOME desktop environment, debuted Sept. 21—and since then, has made its way into the repositories of Linux distributions, including Fedora and openSUSE. Much as was the case with the GNOME 3.20 update earlier this year, many of the changes in the latest iteration of the popular open-source desktop environment are incremental. Among the most significant capabilities in GNOME 3.22 is support for the Flatpak framework, which is designed to allow an application to be installed on various Linux distributions. The GNOME Builder integrated development environment (IDE) can now also be used by developers to build Flatpak-compatible applications. Flatpak is an alternative approach to Snappy, which provides similar capabilities and was originally developed by Ubuntu. The GNOME Files application continues to evolve and, in this release, adds new capabilities that enable users to open compressed files automatically. Files also enables users to compress files easily in common compression formats. Additionally, Files gained the ability to batch rename files and folders on a user's system. Here's a look at the key features of the GNOME 3.20 desktop update.

Read more

96Boards.org goes Cortex-M4 with IoT Edition and Carbon SBC

Filed under
Linux

Linaro, 96Boards.org, and SeeedStudio have launched the first 96Boards IoT Edition SBC — a $28 BLE-ready “BLE Carbon” that runs Zephyr on an ST Cortex-M4.

Linaro Ltd and its 96Boards.org open hardware standardization group announced the first non-Linux and MCU based 96Boards single board computer, and the first to comply with a new 96Boards IoT Edition (IE) spec. Built by SeeedStudio, and designed with the help of Linaro, the flagship IE board is called “Carbon” by Linaro and 96Boards, and is called “BLE Carbon” by SeeedStudio. This suggests there might be other Carbon variants in the offing that could feature other radios in addition to, or in place of, the Carbon BLE’s Bluetooth Low Energy function.

Read more

Fedora 25 Goes Into Beta Freeze Today, New Features Need To Be Completed

Filed under
Red Hat

Today is a big day along the Fedora 25 schedule and stepping towards its official debut in November.

The Fedora 25 Beta freeze is today ahead of the planned beta release on 11 October. Also very important is today's the 100% code complete deadline for Fedora 25 changes.

Read more

Also: Fedora 25 Beta Freeze

Proxmox VE 4.3 released

Filed under
GNU
Linux

Proxmox Server Solutions GmbH today announced the general availability of Proxmox Virtual Environment 4.3. The hyper-converged open source server virtualization solution enables users to create and manage LXC containers and KVM virtual machines on the same host, and makes it easy to set up highly available clusters as well as to manage network and storage via an integrated web-based management interface.

The new version of Proxmox VE 4.3 comes with a completely new comprehensive reference documentation. The new docu framework allows a global as well as contextual help function. Proxmox users can access and download the technical documentation via the central help-button (available in various formats like html, pdf and epub). A main asset of the new documentation is that it is always version specific to the current user’s software version. Opposed to the global help, the contextual help-button shows the user the documentation part he currently needs.

Read more

Games for GNU/Linux

Filed under
Gaming

Security News

Filed under
Security
  • Tuesday's security updates
  • New Open Source Linux Ransomware Divides Infosec Community

    Following our investigation into this matter, and seeing the vitriol-filled reaction from some people in the infosec community, Zaitsev has told Softpedia that he decided to remove the project from GitHub, shortly after this article's publication. The original, unedited article is below.

  • Fax machines' custom Linux allows dial-up hack

    Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection.

    The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line.

    The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected.

    Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.

  • Google just saved the journalist who was hit by a 'record' cyberattack

    Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs.

    Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks.

    Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists' websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.

  • Krebs DDoS aftermath: industry in shock at size, depth and complexity of attack

    “This attack didn’t stop, it came in wave after wave, hundreds of millions of packets per second,” says Josh Shaul, Akamai’s vice president of product management, when Techworld spoke to him.

    “This was different from anything we’ve ever seen before in our history of DDoS attacks. They hit our systems pretty hard.”

    Clearly still a bit stunned, Shaul describes the Krebs DDoS as unprecedented. Unlike previous large DDoS attacks such as the infamous one carried out on cyber-campaign group Spamhaus in 2013, this one did not use fancy amplification or reflection to muster its traffic. It was straight packet assault from the old school.

  • iOS 10 makes it easier to crack iPhone back-ups, says security firm

    INSECURITY FIRM Elcomsoft has measured the security of iOS 10 and found that the software is easier to hack than ever before.

    Elcomsoft is not doing Apple any favours here. The fruity firm has just launched the iPhone 7, which has as many problems as it has good things. Of course, there are no circumstances when vulnerable software is a good thing, but when you have just launched that version of the software, it is really bad timing.

    Don't hate the player, though, as this is what Elcomsoft, and what Apple, are supposed to be doing right.

    "We discovered a major security flaw in the iOS 10 back-up protection mechanism. This security flaw allowed us to develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) back-ups made by iOS 10 devices," said Elcomsoft's Oleg Afonin in a blog post.

  • After Tesla: why cybersecurity is central to the car industry's future

    The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security.

    This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production.

    This leads to a ‘fire brigade approach’ to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.

Ofcom blesses Linux-powered, open source DIY radio ‘revolution’

Filed under
OSS

Small scale DAB radio was (quite literally) conceived in an Ofcom engineer’s garden shed in Brighton, on a Raspberry Pi, running a full open source stack, in his spare time. Four years later, Ofcom has given the thumbs up to small scale DAB after concluding that trials in 10 UK cities were judged to be a hit.

We gave you an exclusive glimpse into the trials last year, where you could compare the specialised proprietary encoders with the Raspberry Pi-powered encoders.

“We believe that there is a significant level of demand from smaller radio stations for small scale DAB, and that a wider roll-out of additional small scale services into more geographic areas would be both technically possible and commercially sustainable,” notes Ofcom.

Read more

nginx

Filed under
OSS
HowTos

Case in point: I've been using the Apache HTTP server for many years now. Indeed, you could say that I've been using Apache since before it was even called "Apache"—what started as the original NCSA HTTP server, and then the patched server that some enterprising open-source developers distributed, and finally the Apache Foundation-backed open-source colossus that everyone recognizes, and even relies on, today—doing much more than just producing HTTP servers.

Apache's genius was its modularity. You could, with minimal effort, configure Apache to use a custom configuration of modules. If you wanted to have a full-featured server with tons of debugging and diagnostics, you could do that. If you wanted to have high-level languages, such as Perl and Tcl, embedded inside your server for high-speed Web applications, you could do that. If you needed the ability to match, analyze and rewrite every part of an HTTP transaction, you could do that, with mod_rewrite. And of course, there were third-party modules as well.

Read more

Linux and Open Source Hardware for IoT

Filed under
Linux
OSS

Most of the new 21 open source software projects for IoT that we examined last week listed Linux hacker boards as their prime development platforms. This week, we’ll look at open source and developer-friendly Linux hardware for building Internet of Things devices, from simple microcontroller-based technology to Linux-based boards.

In recent years, it’s become hard to find an embedded board that isn’t marketing with the IoT label. Yet, the overused term is best suited for boards with low prices, small footprints, low power consumption, and support for wireless communications and industrial interfaces. Camera support is useful for some IoT applications, but high-end multimedia is usually counterproductive to attributes like low cost and power consumption.

Read more

Fedora 24 -- The Best Distro for DevOps?

Filed under
Red Hat

If you have been to any DevOps-focused conferences -- whether it’s OpenStack Summit or DockerCon -- you will see a sea of MacBooks. Thanks to its UNIX base, availability of Terminal app and Homebrew, Apple hardware is extremely popular among DevOps professionals.

What about Linux? Can it be used as a platform by developers, operations, and DevOps pros? Absolutely, says Major Hayden, Principal Architect at Rackspace, who used to be a Mac OS user and has switched to Fedora. Hayden used Mac OS for everything: software development and operations. Mac OS has all the bells and whistles that you need on a consumer operating system; it also allows software professionals to get the job done. But developers are not the target audience of Mac OS. They have to make compromises. “It seemed like I had to have one app that would do one little thing and this other app would do another little thing,” said Hayden.

Read more

GitHub open-sources internal load-balancing software

Filed under
OSS

GitHub will release as open source the GitHub Load Balancer (GLB), its internally developed load balancer.

GLB was originally built to accommodate GitHub’s need to serve billions of HTTP, Git, and SSH connections daily. Now the company will release components of GLB via open source, and it will share design details.

Read more

More Android Leftovers

Filed under
Android

Red Hat and Fedora

Filed under
Red Hat
Syndicate content

More in Tux Machines

Ubuntu 16.10 Final Beta Officially Released with Linux Kernel 4.8, Download Now

Delayed six days, the Final Beta release of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system launched today, September 28, 2016, as the final development snapshot in the series. Today's Final Beta is in fact the first Beta pre-release version of Ubuntu 16.10, and the only development milestone that you'll be able to test if you want to see what's coming to the next major release of Ubuntu Linux. However, we can tell you that it is powered by Linux kernel 4.8, contains up-to-date applications, and still uses the Unity 7 UI. "The Ubuntu team is pleased to announce the final beta release of Ubuntu 16.10 Desktop, Server, and Cloud products. Codenamed "Yakkety Yak", 16.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," reads the announcement. Read more

Parsix GNU/Linux 8.5 "Atticus" to Reach End of Life on September 30, 2016

The Parsix GNU/Linux developers announced that the end-of-life status is approaching fast for the Parsix GNU/Linux 8.5 "Atticus" operating system, urging users to upgrade to the latest release immediately. Dubbed Atticus and based on the Debian GNU/Linux 8.5 "Jessie" operating system, Parsix GNU/Linux 8.5 was unveiled seven months ago, on February 14, 2016. Running the long-term supported Linux 4.1.17 kernel injected with TuxOnIce 3.3 and BFS patches, it was built around the GNOME 3.18 desktop environment with the GNOME Shell 3.18.3 user interface. The end of life (EOL) will be officially reached on September 30, 2016, which means that users of the Parsix GNU/Linux 8.5 "Atticus" operating system will no longer receive security and software updates. Therefore, they are urged today to upgrade to the latest, most recent version of the Debian-based distribution, Parsix GNU/Linux 8.10 "Erik." Read more

SteamOS 2.93 Brewmaster Beta Adds New Security Fixes from Debian GNU/Linux 8.6

Valve's SteamOS 2 gaming operating system is still getting goodies, and it looks like a new Beta update has been pushed on September 26, 2016, to the brewmaster_beta channel for public beta testers. That's right, SteamOS 2.93 Brewmaster Beta is here to replace the previous build announced earlier this month, SteamOS 2.91 Brewmaster Beta, and add the latest security fixes and updates from upstream. This means that SteamOS is now officially based on the recently released Debian GNU/Linux 8.6 "Jessie" operating system. "SteamOS brewmaster update 2.93 pushed to brewmaster_beta. Corrects a build issue where the last kernel updates were not actually included. Also updates from the Debian 8.6 release[www.debian.org] and the usual security fixes," says John Vert, Valve engineer, in the release announcement. Read more