Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 03 Dec 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Android Leftovers

Filed under
Android

Leftovers: OSS and Sharing

Filed under
OSS
  • Even secretive hedge funds can open source their software

    Obviously data-driven investment managers are not going to divulge the secret signals that form the basis of their alpha strategies. But when something is not part of your main business it can help to open source the code, which can then be improved.

    These days open sourcing software is a trend that even large hedge funds such as AHL and AQR in the US taking part in.

  • Guest View: How to play by the eight (unwritten) rules of open source

    When it comes to formal-but-not-formal rules, baseball is king. Don’t talk about a no-hitter in progress, don’t steal a base in a blowout and so on, all getting into the minutiae of the game. But baseball isn’t alone in the world of invisible manuals; the technology industry has their own set of these hidden guidelines. Open source in particular—the transparent world of collaborative code that has birthed such IT miracles as Linux and GNU—follows a strong set of unwritten rules that allow communities to coexist, projects to evolve, and innovation to flourish.

  • OGP Action Plan in Spain: Civil society asks for more openness

    Fifteen civil society representatives in Spain have sent a letter to the Spanish government requesting more transparency and communication during the creation process of the country’s third National Action Plan.

    Earlier this month, the OGP Steering Committee sent a letter to the Spanish government, saying it had failed to meet its commitments to the OGP. “At this moment, the government is preparing the third Action Plan of Spain and we are concerned about the delay in the elaboration, as well as the lack of communication and information about it,” they wrote.

  • Corruption: European governments are still failing [Ed: Microsoft too fails them]
  • Dec. 13: Sacramento State Alumni Chapter to Host Event on Open Source Governance

    Sacramento State University’s Hornets Policy and Politics Alumni (HPPA) Chapter is hosting its "What's Possible: Open-Source Governance" event Dec. 13 to showcase how data and technology can improve government services and facilitate “new kinds” of civic engagement.

Development News

Filed under
Development
  • PyCon India 2016

    During the Dev Sprint, Farhaan and Vivek were sprinting on Fedora Infrastructure projects primarily helping people contribute to Pagure.

    Other projects/orgs like SciPy, Red Hat team, FOSSAsia, Junction etc were also sprinting.

    The Dev Sprint turned out to have a good participation and couple of PRs were sent out by the participations. More than that, it’s more about participants getting to know about on how to contribute.

  • 12 Signs You’re Working in a Feature Factory

    I’ve used the term Feature Factory at a couple conference talks over the past two years. I started using the term when a software developer friend complained that he was “just sitting in the factory, cranking out features, and sending them down the line.”

  • GitLab Survey Answers Key Questions on Open Source Dev Practices

    If you're a developer, it's a great idea to keep up with news out of GitLab. For example, GitLab recently published a survey results illustrating how developers work, with a focus on development tools, and the results show that open source is making a huge impact.

    "Modern developers prefer open source for work and for personal projects," notes the new 2016 Global Development Report -- How Developers Work. "Ninety-eight percent of developers say they use open source tools, and 75 percent say at least half of their tools are open source."

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Reproducible Builds: week 83 in Stretch cycle
  • Neutralizing Intel’s Management Engine

    Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

  • Muni system hacker hit others by scanning for year-old Java vulnerability

    The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

    In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."

  • Researchers’ Attack Code Circumvents Defense Mechanisms on Linux, Leaving Machines Susceptible

    Researchers develop such attack codes for aiding Linux security's onward movement. A demonstration of the way an attack code is possible to write towards effectively exploiting just any flaw, the above kinds emphasize that Linux vendors require vigorously enhancing the safety mechanism on Linux instead of just reacting when attacks occur.

MuckRock goes open source

Filed under
OSS
  • MuckRock goes open source

    Since MuckRock’s founding, one of our goals has been to help as many people as possible take advantage of their right to public records. Today, we’re pleased to announce that MuckRock is going open source so that others can join us in that mission in new ways.

  • FOIA Machine joins MuckRock to make government more open for everyone

    With fake news seemingly everywhere and government secrecy becoming the norm, public records are more important than ever. To help, I’m pleased to share that FOIA Machine is joining MuckRock. The two sites will continue to operate independently to offer easy, accessible tools to help reporters, researchers, and the general public file, track, and share their public records requests.

  • FOIA Machine is joining MuckRock

    MuckRock, the nonprofit dedicated to transparency and open government, announced Tuesday that it's adding FOIA Machine to its organization. MuckRock, which helps reporters file freedom of information requests and other services for a fee, will maintain a FOIA Machine site separately and keep it free.

Games for GNU/Linux

Filed under
Gaming

Linux Graphics

Filed under
Graphics/Benchmarks
Linux

What is the difference between Linux and UNIX operating systems?

Filed under
Linux

You may have often heard abut both Unix and Linux operating systems. In today’s world Linux is more famous than Unix but Unix has its own users. While Linux is an open source, free to use operating system widely used for computer hardware and software, game development, tablet PCS, mainframes, Unix is a proprietary operating system commonly used in internet servers, workstations and PCs by Solaris, Intel, HP etc. Unix is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, developed in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.

Read more

Docker Benchmarks: Ubuntu, Clear Linux, CentOS, Debian & Alpine

Filed under
Graphics/Benchmarks

The latest target of our Linux benchmarking at Phoronix are running various performance benchmarks under different Docker operating system images. The images used for benchmarking were the latest of Ubuntu, Clear Linux, CentOS, Debian, and Alpine while comparing the benchmark results to running on the bare metal host.

These Docker images were all tested on the same system: Core i7 6800K, MSI X99A WORKSTATION motherboard, 16GB of DDR4 system memory, 120GB Samsung 850 EVO SSD, and NVIDIA GeForce GTX TITAN X graphics.

Read more

What is the Raspberry Pi Foundation? 10 million computers sold

Filed under
Linux

With more than 10 million units sold, the Raspberry Pi is a massive success. At this year's All Things Open, community manager Ben Nuttall gave a five-minute lightning talk introducing the educational charity behind the popular mini computer.

Read more

4 OpenStack guides to help you build your open source cloud

Filed under
OSS

In a fast-moving project like OpenStack, it seems like there's more to learn with every day that passed. There are plenty of tools out there to help you keep up, including hands-on training courses, books, and of course the official documentation. And to add to the mix, every month, Opensource.com takes a look back at recent OpenStack tips, tricks, guides, and tutorials created by the open source community that might help you in your journey.

Read more

Security News

Filed under
Security
  • ‘You Hacked,’ Cyber Attackers Crash Muni Computer System Across SF [Ed: Microsoft Windows]

    That was the message on San Francisco Muni station computer screens across the city, giving passengers free rides all day on Saturday.

  • SF’s Transit Hack Could’ve Been Way Worse—And Cities Must Prepare

    This weekend, San Francisco’s public transit riders got what seemed like a Black Friday surprise: The system wouldn’t take their money. Not that Muni’s bosses didn’t want to, or suddenly forgot about their agency’s budget shortfalls.

    Nope—someone had attacked and locked the computer system through which riders pay their fares. Payment machines told riders, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded a 100 Bitcoin ransom (about $73,000).

    The agency acknowledged the attack, which also disrupted its email system, and a representative said the agency refused to pay off the attacker. Unable to collect fares, Muni opened the gates and kept trains running, so people could at least get where they were going. By Monday morning, everything was back to normal.

  • Newly discovered router flaw being hammered by in-the-wild attacks

    Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.

  • Locking Down Your Linux Server

    No matter what your Linux, you need to protect it with an iptable-based firewall.

    Yes! You’ve just set up your first Linux server and you’re ready to rock and roll! Right? Uh, no.

    By default, your Linux box is not secure against attackers. Oh sure, it’s more secure than Windows XP, but that’s not saying much.

openSUSE 42.2 Leap

Filed under
SUSE

openSUSE is a community distribution which shares code and infrastructure with SUSE Linux Enterprise. The openSUSE distribution is available in two editions. The first is a stable, point release edition with a conservative base called Leap. The second edition is an experimental rolling release called Tumbleweed. The openSUSE project recently released a new update to the Leap edition, launching openSUSE 42.2 Leap in mid-November. Leap editions receive approximately three years of security updates and minor point releases are published about once per year. The new 42.2 release includes a long term support kernel (Linux 4.4) and KDE's Plasma 5.8 desktop which is also supposed to receive long term support from its upstream project.

openSUSE 42.2 is available primarily for 64-bit x86 computers. There are ARM ports available, but they need to be tracked down through the project's wiki and are not available through the main Download page. The new release is available in two builds, a 4.1GB DVD and a 95MB net-install disc. I opted to download the larger of the two ISO files for my trial.

Read more

Jolla’s Sailfish OS now certified as Russian government’s first ‘Android alternative’

Filed under
OS

The future for one of the few remaining alternative mobile OS platforms, Jolla’s Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use.

In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple’s iOS — flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point.

Read more

DistroWatch Rankings and openSUSE Happiness, Devuan is Two

Filed under
-s

Today in Linux news the Devuan project is two years old while the world waits for its inaugural release. Jesse Smith was happy with openSUSE 42.2 saying, "openSUSE succeeded in providing a stable, responsive environment." Elsewhere, KDE and NTP are fundraising and OMG!Ubuntu! looked at the difference 10 years can make in a distribution's ranking. Canonical said today that Mir isn't only for Unity and a newly funded sci-fi game looks promising indeed.

systemd-less Devuan may have turned two recently, but the project has yet to release 1.0. As Phoronix.com's Michael Larabel noted a beta was released in April but the project has been a bit quiet since. Larabel also said that systemd "hate" has calmed down this year, implying interest has probably waned in a systemd-free alternative. I think folks might still be interested in testing a release if and when a stable version is announced.

Read more

Android Leftovers

Filed under
Android

ArchBang Linux Review: Easy, Minimal, Arch-Based OS

Filed under
Linux

There are so many distros popping out of everywhere. But for most distros out there, they use Debian or Fedora as Base. And In Recent times, we see Arch being the new alternative to those two ages old distros.

Read<br />
more

Syndicate content

More in Tux Machines

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.

Security Leftovers

  • Security updates for Friday
  • Understanding SELinux Roles
    I received a container bugzilla today for someone who was attempting to assign a container process to the object_r role. Hopefully this blog will help explain how roles work with SELinux. When we describe SELinux we often concentrate on Type Enforcement, which is the most important and most used feature of SELinux. This is what describe in the SELinux Coloring book as Dogs and Cats. We also describe MLS/MCS Separation in the coloring book.
  • The Internet Society is unhappy about security – pretty much all of it
    The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”. Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the Internet (by Ipsos on behalf of the Centre for International Governance Innovation). Report author, economist and ISOC fellow Michael Kende, reckons companies aren't doing enough to control breaches. “According to the Online Trust Alliance, 93 per cent of breaches are preventable” he said, but “steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted.”
  • UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
    Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.
  • EU budget creates bug bounty programme to improve cybersecurity
    Today the European Parliament approved the EU Budget for 2017. The budget sets aside 1.9 million euros in order to improve the EU's IT infrastructure by extending the free software audit programme (FOSSA) that MEPs Max Anderson and Julia Reda initiated two years ago, and by including a bug bounty approach in the programme that was proposed by MEP Marietje Schaake.
  • Qubes OS Begins Commercialization and Community Funding Efforts
    Since the initial launch of Qubes OS back in April 2010, work on Qubes has been funded in several different ways. Originally a pet project, it was first supported by Invisible Things Lab (ITL) out of the money we earned on various R&D and consulting contracts. Later, we decided that we should try to commercialize it. Our idea, back then, was to commercialize Windows AppVM support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought we would offer Windows AppVM support under a proprietary license. Even though we made a lot of progress on both the business and technical sides of this endeavor, it ultimately failed. Luckily, we got a helping hand from the Open Technology Fund (OTF), which has supported the project for the past two years. While not a large sum of money in itself, it did help us a lot, especially with all the work necessary to improve Qubes’ user interface, documentation, and outreach to new communities. Indeed, the (estimated) Qubes user base has grown significantly over that period. Thank you, OTF!
  • Linux Security Basics: What System Administrators Need to Know
    Every new Linux system administrator needs to learn a few core concepts before delving into the operating system and its applications. This short guide gives a summary of some of the essential security measures that every root user must know. All advice given follows the best security practices that are mandated by the community and the industry.
  • BitUnmap: Attacking Android Ashmem
    The law of leaky abstractions states that “all non-trivial abstractions, to some degree, are leaky”. In this blog post we’ll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.

GNU/FSF

  • The Three Software Freedoms
    The government can help us by making software companies distribute the source code. They can say it's "in the interest of national security". And they can sort out the patent system (there are various problems with how the patent system handles software which are out of the scope of this article). So when you chat to your MP please mention this.
  • Leapfrog Honoring the GPL
  • A discussion on GPL compliance
    Among its many activities, the Software Freedom Conservancy (SFC) is one of the few organizations that does any work on enforcing the GPL when other compliance efforts have failed. A suggestion by SFC executive director Karen Sandler to have a Q&A session about compliance and enforcement at this year's Kernel Summit led to a prolonged discussion, but not to such a session being added to the agenda. However, the co-located Linux Plumbers Conference set up a "birds of a feather" (BoF) session so that interested developers could hear more about the SFC's efforts, get their questions answered, and provide feedback. Sandler and SFC director of strategic initiatives Brett Smith hosted the discussion, which was quite well-attended—roughly 70 people were there at a 6pm BoF on November 3.
  • Join us as a member to give back for the free software you use
    At the FSF, we run our own infrastructure using only free software, which makes us stand out from nearly every other nonprofit organization. Virtually all others rely on outside providers and use a significant amount of nonfree software. With your support, we set an example proving that a nonprofit can follow best practices while running only free software.
  • The Free Software Foundation is in need of members

today's howtos