Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 21 Oct 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
Story Manjaro Linux - Works For Me! Rianne Schestowitz 11/01/2015 - 12:45am
Story Today in Techrights Roy Schestowitz 10/01/2015 - 5:28pm
Story Leftovers: Software Roy Schestowitz 10/01/2015 - 4:11pm
Story today's howtos Roy Schestowitz 10/01/2015 - 4:11pm
Story Leftovers: Gaming Roy Schestowitz 10/01/2015 - 4:10pm
Story The 7 best games for Android TV (no controller required!) Roy Schestowitz 10/01/2015 - 3:46pm
Story Android Leftovers Roy Schestowitz 10/01/2015 - 3:36pm
Story Linux Mint 17.1 "Rebecca" KDE Release and Screenshots Roy Schestowitz 10/01/2015 - 3:34pm
Story Canonical and Lightworks Enter Partnership, Prizes Available Roy Schestowitz 10/01/2015 - 3:29pm
Story 4MPlayer Is a Live Linux Distro That Transforms Your PC into a Media Player Roy Schestowitz 10/01/2015 - 3:21pm

Ubuntu System Monitoring Tools

Filed under

InformIT: To keep your system in optimum shape, you need to be able to monitor it closely. Ubuntu provides a wealth of utilities designed to give you as little or as much feedback as you want. In this sample chapter, Paul and Andrew Hudson look at some of the basic monitoring tools and cover some tactics designed to keep your system up longer.

Schwartz mum on GPLv3, reveals licensing fantasy

Filed under

linuxworld: SAN FRANCISCO – Sun CEO Jonathan Schwartz showed up Thursday evening at the Burton Group Catalyst Conference and declared he would not answer questions about the GNU general public license version 3, but he did disclose his lifelong fantasy concerning open source licensing.

India's Kerala state goes open source

Filed under

ZDNet: According to a statement, the Kerala government has identified free and open-source software (FOSS) as a major strategic component in its efforts to build an inclusive information society.

Jim Lacey, CEO, Linux Professional Institute

Filed under
Interviews How does an enterprise ensure that its staff has the skills necessary for Linux? One answer is skills certification. That's where the Linux Professional Institute (LPI) comes in. LPI, founded in 1999, is a non-profit entity that runs a core Linux certification program called the LPIC (Linux Professional Institute Certification), which is offered around the globe.

The distro jungle

Filed under

developerworks: People who are new to Linux® are often confused by the large number of distributions to choose from. The good news is that you can safely ignore most of them. This article helps you choose a distribution for getting started with your Linux exploration—and helps you understand just what it is you've just chosen.

SuSE finally patches flaw

Filed under

vnunet: Linux firm SuSE has fixed a flaw in the suite of programs more than two weeks after it was discovered.

Supergamer VL Developmental Release Available

Filed under

A test of Supergamer VL liveDVD has been released and is ready for downloading. This release features Linux, Xorg 6.9, and support for ATI and NVIDIA graphic cards.

Free Software's Anti-Steve

Filed under

Forbes: We now know what happens when big hairy software coders work with big hairy lawyers. The result, understandably, is anything but slick. Meet GPLv3, the free software movement's latest legal tool to keep their code from being fenced in. At least its author, Richard Stallman, has pluck.

Entering A Safe Mirror When Logging In With Unionfs And Chroot

Filed under

When reading a hint on the website of LinuxFromScratch I discovered the special capabilities of unionfs, specially in combination with chroot. Later I read a HowTo on a wikiwebsite of Gentoo, about entering a chrooted home directory when using a special script as shell. Combining these two brings me to using a chrooted environment, which you enter when logging in as a special user. This environment is an exact copy (mirror) of the system you are working on.

Experiences with the Oxygen Style

Filed under

apaku: I do like the working aspects of it, that is the tabbars, the hover-effect on the menubar. The Scrollbars look good, so it is on the right track IMHO. Still I’m a bit worried about its quality on older or not 100% supported hardware, so here’s what I’ve got when trying the oxygen style.

Google Desktop for Linux: Plain ol' desktop search

Filed under
Google Linux users finally have their own edition of Google Desktop. The beta release was announced Wednesday, and I've been putting the application through the wringer since then to see how well it stacks up on Linux. I found that it's a nice offering, but it slows a system down noticeably.

spyGoogle wareDesktop

Filed under
Google I click on preferences and instead of popping up a local preference dialog, I am taken to a web page webpage that looks like for my preferences. And look at that, there is my directory structure listed smack dab at the top.

QuickBooks and Linux: A Server Story

Filed under

linuxplanet: For businesses that use Linux servers for their back-end operations--a category now growing by double-digits quarterly according to IDC--availability of applications is often the most significant bottleneck. As a result, some organizations find themselves in the uncomfortable position of needing to support two back-end platforms.

Test Drive: the new Google Desktop for Linux

Filed under

arstechnia: The first public beta of Google Desktop for Linux is now available for download. Released yesterday, this early beta only supports a limited subset of Google Desktop functionality. The current Google Desktop for Linux beta only offers search and versioning functionality and doesn't support other features like the Google sidebar or widgets, but the work done so far is very good.

Lightning and Sunbird 0.5 released

Filed under
Moz/FF The newest versions of Lightning and Sunbird, released simultaneously by Mozilla yesterday, include 38 new calendars as well as support for Google Calendar, a viable print function, enhanced support for Outlook displays and numerous other upgrades.

No OLPCs for Cuba or enemies of the US

Filed under

tech.blorge: The US and Cuba don’t get along so well, in so far as it is illegal for US citizens to travel to Cuba. The OLPC (One laptop per child) was developed to provide cheap computers to children in developing nations. Cuba among other countries will not be getting them, ever.

Mandriva sponsoring aKademy 2007, handing out free Flashes

Filed under

adamw’s blog: Cool news: we’re sponsoring aKademy 2007 (the KDE developers’ / users’ conference) at the Silver level, and as if that wasn’t enough, we’re also handing out free Mandriva Flashes to the developers attending the conference.

full circle magazine Issue 2 ready

Filed under

Issue 2 of the Ubuntu -centric monthly electronic magazine has been released. This month's highlights include: Flavour of the Month - Kubuntu. How-To - Ubuntu on the Intel Mac Mini, and Ubuntu for your Grandma!

EU support for open source software

Filed under
OSS An EU-funded consortium will address one of the perceived barriers for the adoption of open source software and prove once and for all that software which is free and publishes its source code, is capable of outperforming anything else on the market.

OpenBSD founder: Intel leaves open-source out in the cold

Filed under

ZDNet Blogs: OpenBSD founder Theo de Raadt wants Intel to come clean on the severity of bugs in the Intel Core 2 processors, warning that some of the bugs “will *ASSUREDLY* be exploitable from userland code.”

Syndicate content

More in Tux Machines

Red Hat and Fedora

  • Red Hat – the open source conglomerate
    As successful companies grow, they accumulate products; new ones are developed and additional ones are acquired. Managing diverse portfolios is a challenge, not least when it comes to putting it all together on a single presentation slide to make it appear there is an overall coherent product strategy.
  • Ericsson Embraces Red Hat OpenStack Platform
    Ericsson and Red Hat today announced a broad alliance to work together on network functions virtualization (NFV) products. And the telco infrastructure provider will now support the Red Hat OpenStack Platform. Ericsson already has a longstanding distribution partnership with Red Hat that includes Red Hat Enterprise Linux and Red Hat JBoss Middleware. The existing distribution partnerships define not only commercial terms, but also joint support models, co-engineering and certification testing, and joint go-to-market collaboration.
  • Raleigh's Red Hat teams up with Ericsson
    Open-source software firm Red Hat (NYSE: RHT) has teamed up with Ericsson (Nasdaq: ERIC) on what the companies are calling a “broad alliance” aimed at transforming the information and communications technology market. Red Hat, headquartered at downtown Raleigh’s Red Hat Tower, announced that its new partnership with Ericsson would allow the duo to deliver fully open-source and production-ready cloud infrastructure, spanning OpenStack, software-defined networking and software-defined infrastructure.
  • FCAIC in the House
    The job is like many other roles called “Community Manager” or “Community Lead.” That means there is a focus on metrics and experiences. One role is to try ensure smooth forward movement of the project towards its goals. Another role is to serve as a source of information and motivation. Another role is as a liaison between the project and significant downstream and sponsoring organizations. In Fedora, this means I help the Fedora Project Leader. I try to be the yen to his yang, the zig to his zag, or the right hand to his right elbow. In all seriousness, it means that I work on a lot of the non-engineering focused areas of the Fedora Project. While Matthew has responsibility for the project as a whole I try to think about users and contributors and be mechanics of keeping the project running smoothly.
  • keepalived: Simple HA
    We have been using keepalived in Fedora Infrastructure for a while now. It’s a pretty easy to use and simple way to do some basic HA. Keepalived can keep track of which machine is “master” for a IP address and quickly fail over and back when moving that IP address around. You can also run scripts on state change. Keepalived uses VRRP and handles updating arp tables when IP addresses move around. It also supports weighting so you can prefer one or another server to “normally” have the master IP/scripts.
  • What does Factory 2.0 mean for Modularity?
    This blog now has a drop-down category called Modularity. But, many arteries of Modularity lead into a project called Factory 2.0. These two are, in fact, pretty much inseparable. In this post, we’ll talk about the 5 problems that need to be solved before Modularity can really live. The origins of Factory 2.0 go back a few years, when Matthew Miller started the conversation at Flock. The first suggested names were “Fedora Rings”, “Envs and Stacks”, and Alephs.
  • varnish-5.0, varnish-modules-0.9.2 and hitch-1.4.1, packages for Fedora and EPEL
    The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL. varnish-5.0 has configuration changes, so the updated package has been pushed to rawhide, but will not replace the ones currently in EPEL nor in Fedora stable. Those who need varnish-5.0 for EPEL may use my COPR repos at They include the varnish-5.0 and matching varnish-modules packages, and are compatible with EPEL 5, 6, and 7.
  • Installroot in DNF-2.0

Security News

  • Security advisories for Thursday
  • More information about Dirty COW (aka CVE-2016-5195)
    The security hole fixed in the stable kernels released today has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.
  • CVE-2016-5195
    My prior post showed my research from earlier in the year at the 2016 Linux Security Summit on kernel security flaw lifetimes. Now that CVE-2016-5195 is public, here are updated graphs and statistics. Due to their rarity, the Critical bug average has now jumped from 3.3 years to 5.2 years. There aren’t many, but, as I mentioned, they still exist, whether you know about them or not. CVE-2016-5195 was sitting on everyone’s machine when I gave my LSS talk, and there are still other flaws on all our Linux machines right now. (And, I should note, this problem is not unique to Linux.) Dealing with knowing that there are always going to be bugs present requires proactive kernel self-protection (to minimize the effects of possible flaws) and vendors dedicated to updating their devices regularly and quickly (to keep the exposure window minimized once a flaw is widely known).
  • “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)
    While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.
  • Linux users urged to protect against 'Dirty COW' security flaw
    Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'. This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild. Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used. "The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.
  • Hackers Hit U.S. Senate GOP Committee
    The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC). [...] Dataflow markets itself as an “offshore” hosting provider with presences in Belize and The Seychelles. Dataflow has long been advertised on Russian-language cybercrime forums as an offshore haven that offers so-called “bulletproof hosting,” a phrase used to describe hosting firms that court all manner of sites that most legitimate hosting firms shun, including those that knowingly host spam and phishing sites as well as malicious software. De Groot published a list of the sites currently present at Dataflow. The list speaks for itself as a collection of badness, including quite a number of Russian-language sites selling synthetic drugs and stolen credit card data. According to De Groot, other sites that were retrofitted with the malware included e-commerce sites for the shoe maker Converse as well as the automaker Audi, although he says those sites and the NRSC’s have been scrubbed of the malicious software since his report was published. But De Groot said the hackers behind this scheme are continuing to find new sites to compromise. “Last Monday my scans found about 5,900 hacked sites,” he said. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.”
  • Thoughts on the BTB Paper
    The Branch Target Buffer (BTB) whitepaper presents some interesting information. It details potential side-channel attacks by utilizing timing attacks against the branch prediction hardware present in Intel Haswell processors. The article does not mention Intel processors later than Haswell, such as Broadwell or Skylake. Side-channel attacks are always interesting and fun. Indeed, the authors have stumbled into areas that need more research. Their research can be applicable in certain circumstances. As a side-note, KASLR in general is rather weak and can be considered a waste of time[1]. The discussion why is outside the scope of this article.

Android Leftovers

Debian-Based Parsix GNU/Linux 8.15 "Nev" Gets First Test Build, Ships GNOME 3.22

Today, October 21, 2016, the developers of the Debian-based Parsix GNU/Linux operating system proudly announced the availability for download of the first test build of the upcoming Parsix GNU/Linux 8.15 "Nev" release. Read more