Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 23 Feb 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Mozilla: Code of Conduct, Kelly Davis, Celebrate Firefox Internet Champions Roy Schestowitz 23/02/2018 - 9:31am
Story Canonical Ubuntu 2017 milestones, a year in the rulebook Roy Schestowitz 23/02/2018 - 9:29am
Story Windows 10 WSL vs. Linux Performance For Early 2018 Rianne Schestowitz 23/02/2018 - 1:43am
Story Endless OS Helps Tear Down Linux Wall Rianne Schestowitz 23/02/2018 - 1:37am
Story Overview Of tcpdump With Examples Mohd Sohail 22/02/2018 - 9:58pm
Story today's leftovers Roy Schestowitz 22/02/2018 - 9:13pm
Story Red Hat and Fedora: David Egts, Radcom, Google Summer of Code 2018, FOSS Wave Roy Schestowitz 22/02/2018 - 9:08pm
Story OSS Leftovers Roy Schestowitz 22/02/2018 - 9:05pm
Story OpenBSD Gets Mitigated For Meltdown CPU Vulnerability Roy Schestowitz 22/02/2018 - 9:03pm
Story France Proposes Software Security Liability For Manufacturers, Open Source As Support Ends Roy Schestowitz 22/02/2018 - 7:07pm

Security: Updates, Word and More

Filed under
Security

Mozilla Development and News

Filed under
Moz/FF
  • Removing Support for Unpacked Extensions

    With the release of Firefox 62 (currently scheduled for August 21, 2018) Mozilla will discontinue support for unpacked sideloaded extensions. You will no longer be able to load an extension via the Windows registry by creating an entry with an extension’s directory (i.e. unpacked) after Firefox 61. Starting with Firefox 62, extensions sideloaded via the Windows registry must be complete XPI files (i.e. packed).

  • Making a Clap-Sensing Web Thing

    The Project Things Gateway exists as a platform to bring all of your IoT devices together under a unified umbrella, using a standardized HTTP-based API. We recently announced the Things Gateway and we’ve started a series of hands-on project posts for people who want to set up a Gateway and start playing around with the Web of Things. Earlier this month we began with a high-level overview of how to build a Gateway add-on.

  • Trying Mozilla's Things Gateway

    I have an old Raspberry Pi 1 Model B with a RaZberry Z-Wave Daughterboard which I had soldered a larger external antenna on to last year. I used to run OpenHAB on it to control some z-wave devices before I moved last year and since then it's just been in a box. Let's fire it up!

    This original Raspberry Pi is a single core 700mhz CPU, so I'm planning on running it headless and doing everything remotely over SSH to save on GUI resources.

  • Lando Demo

    Lando is so close now that I can practically smell the tibanna. Israel put together a quick demo of Phabricator/BMO/Lando/hg running on his local system, which is only a few patches away from being a deployed reality.

  • Snips Uses Rust to Build an Embedded Voice Assistant

    The team at Paris-based Snips has created a voice assistant that can be embedded in a single device or used in a home network to control lights, thermostat, music, and more. You can build a home hub on a Raspberry Pi and ask it for a weather report, to play your favorite song, or to brew up a double espresso. Manufacturers like Keecker are adding Snips’ technology to products like multimedia home robots. And Snips works closely with leaders across the value chain, like NVIDIA, EBV, and Analog Devices, in order to voice-enable an increasingly wider range of device types, from speakers to home automation systems to cars.

  • Mozilla v FCC: Mozilla Re-files Suit Against FCC to Protect Net Neutrality

    This morning, the Federal Communications Commission officially published its order overturning net neutrality rules in the Federal Register. We had originally filed suit early while simultaneously urging the court that the correct date was after this publication. We did this in an abundance of caution because we’re not taking any chances with an issue of this importance. That is why today, immediately after the order was published, Mozilla re-filed our suit challenging the FCC net neutrality order. We won’t waste a minute in our fight to protect net neutrality because it’s our mission to ensure the internet is a global public resource, open and accessible to all. An internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent.

  • The Death Of Net Neutrality Will Be Official In April (Cue The Lawsuits)

    Of course that's really just the beginning of an entirely new chapter in the fight to prevent broadband monopolies from abusing a lack of competition in the broadband space (remember: net neutrality violations are just a symptom of a lack of competition, a problem nobody wants to seriously address for fear of upsetting campaign contributors).

    The publication in the Federal Register opens the door to the myriad lawsuits that will be filed against the agency. Those lawsuits range from suits by Mozilla and consumer groups, to the 22 state attorneys general who say they're also suing the agency for ignoring the public interest. These lawsuits must be filed within the next 60 days. Expect the court battle to quickly begin heating up in March.

Google Summer of Code 2018 for Qt and Qt Roadmap for 2018

Filed under
Development
KDE
Google
  • The Qt Project and Google Summer of Code 2018

    This year, for the first time, the Qt Project will be participating in the Google Summer of Code initiative.

  • Qt Roadmap for 2018

    Qt 5.9 LTS is a solid baseline, which continues to improve still during 2018. Qt 5.10 was released in December, but there is more cooking. We are currently finalizing the Qt 5.11 release for May and looking towards Qt 5.12 LTS in November. In addition to the Qt framework we are actively developing our tooling offering. Tune in for an overview what we have in the works for 2018.

  • Qt Has A Super Busy Year Ahead With A Lot Of Features Planned For 2018

    Tuukka Turunen of The Qt Company has shared some of the company's plans for the Qt toolkit in 2018. There is a lot ahead for this open-source, cross-platform toolkit in 2018 with another long-term support release later this year, new Qt Python bindings, a safety-critical renderer and more.

Calculate Linux 17.12.2 released

Filed under
Gentoo

We are pleased to announce the release of Calculate Linux 17.12.2, based on Gentoo 17.0. Therefore, the whole of the packages were rebuilt and some fixes done.

Read more

The Community Has Brought The Unity 8 Desktop To Ubuntu 18.04

Filed under
Ubuntu

Besides bringing Ubuntu Touch to new mobile devices, the UBports team has also managed to continue their community-driven work on advancing the Unity 8 convergence desktop after Canonical abandoned work on it last year. They now have Unity 8 working on top of Ubuntu 18.04 LTS.

The UBPorts' fork of Unity 8 is now working on Ubuntu 18.04 LTS where as previously they were focused on older versions of Ubuntu. Installation instructions can be found via this GitHub repository with this being work found outside of the official Ubuntu archives. Ubuntu 16.04 LTS and 18.04 LTS users can make use of the project's install scripts where they have assembled an APT archive with their own packages of Unity 8 complete with Mir.

Read more

You Can Now Turn Your Old Moto G2 "Titan" Phone Into an Ubuntu Phone, Here's How

Filed under
Ubuntu
Gadgets

Walid Hammami managed to port UBports' Ubuntu Touch mobile operating system on the Moto G2 2014 smartphone, which features a Qualcomm MSM8226 Snapdragon 400 chip, 1GB RAM, and 8GB internal storage.

As such, Moto G2 has been accepted by the UBports project as the first community supported device, and it's a well-done port with everything working just fine, including Wi-Fi, GSM, 3G, GPS, Bluetooth, SMS, Camera, Ubuntu Store, etc.

Read more

OSS: IBM, Logz.io, Forbes FUD and OpenAI

Filed under
OSS

Graphics: Mesa and More

Filed under
Graphics/Benchmarks

Red Hat Leftovers

Filed under
Red Hat

Kernel: CH341 and LWN Articles (Just Freed)

Filed under
Linux
  • Linux Adds CH341 GPIO

    There was a time when USB to serial hardware meant one company: FTDI. But today there are quite a few to choose from and one of the most common ones is the WCH CH341. There’s been support for these chips in Linux for a while, but only for use as a communication port. The device actually has RS232, I2C, SPI, and 8 general purpose I/O (GPIO) pins. [ZooBaB] took an out-of-tree driver that exposes the GPIO, and got it working with some frightening-looking CH341 boards.

  • Shrinking the kernel with an axe

    This is the third article of a series discussing various methods of reducing the size of the Linux kernel to make it suitable for small environments. The first article provided a short rationale for this topic, and covered link-time garbage collection. The second article covered link-time optimization (LTO) and compared its results to link-time garbage collection. In this article we'll explore ways to make LTO more effective at optimizing kernel code away, as well as more assertive strategies to achieve our goal.

  • The rest of the 4.16 merge window

    At the close of the 4.16 merge window, 11,746 non-merge changesets had been merged; that is 5,000 since last week's summary. This merge window is thus a busy one, though not out of line with its predecessors — 4.14 had 11,500 changesets during its merge window, while 4.15 had 12,599. Quite a bit of that work is of the boring internal variety; over 600 of those changesets were device-tree updates, for example. But there was still a fair amount of interesting work merged in the second half of the 4.16 merge window; read on for the highlights.

Wine-Staging and Games

Filed under
Gaming

Canonical Outs New Ubuntu Kernel Update with Compiler-Based Retpoline Mitigation

Filed under
Ubuntu

New Linux kernel security updates have been released for Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 ESM (Extended Security Maintenance), adding the compiler-based retpoline kernel mitigation for the Spectre Variant 2 vulnerability on amd64 and i386 architectures.

Canonical fixed the Spectre Variant 2 security vulnerability last month on January 22, but only for 64-bit Ubuntu installations. This update apparently mitigates the issue for 32-bit installations too. Spectre is a nasty hardware bug in microprocessors that use branch prediction and speculative execution and it could allow unauthorized memory reads via side-channel attacks.

Read more

Tutanota: Encrypted Open Source Email Service for Privacy Minded People

Filed under
Reviews

If you are a privacy concerned netizen, try Tutanota. It is an open source email service for encrypted email communication. Here are the pros and cons of using Tutanota.
Read more

NuTyX 10.1-rc1 Available

Filed under
GNU
Linux

I'm very please to propose you the first release candidate version of the next version 10.1 stable version of NuTyX

As they have been so many security issues, I took the chance to recompile all the collections (1701 packages) for this coming next stable NuTyX version.

Read more

Events: FOSDEM Samba Talks, USENIX Enigma, LCA (linux.conf.au) and FAST18

Filed under
OSS
  • Authentication and authorization in Samba 4

    Volker Lendecke is one of the first contributors to Samba, having submitted his first patches in 1994. In addition to developing other important file-sharing tools, he's heavily involved in development of the winbind service, which is implemented in winbindd. Although the core Active Directory (AD) domain controller (DC) code was written by his colleague Stefan Metzmacher, winbind is a crucial component of Samba's AD functionality. In his information-packed talk at FOSDEM 2018, Lendecke said he aimed to give a high-level overview of what AD and Samba authentication is, and in particular the communication pathways and trust relationships between the parts of Samba that authenticate a Samba user in an AD environment.

  • Two FOSDEM talks on Samba 4

    Much as some of us would love never to have to deal with Windows, it exists. It wants to authenticate its users and share resources like files and printers over the network. Although many enterprises use Microsoft tools to do this, there is a free alternative, in the form of Samba. While Samba 3 has been happily providing authentication along with file and print sharing to Windows clients for many years, the Microsoft world has been slowly moving toward Active Directory (AD). Meanwhile, Samba 4, which adds a free reimplementation of AD on Linux, has been increasingly ready for deployment. Three short talks at FOSDEM 2018 provided three different views of Samba 4, also known as Samba-AD, and left behind a pretty clear picture that Samba 4 is truly ready for use. I will cover the first two talks in this article, and the third in a later one.

  • A report from the Enigma conference

    The 2018 USENIX Enigma conference was held for the third time in January. Among many interesting talks, three presentations dealing with human security behaviors stood out. This article covers the key messages of these talks, namely the finding that humans are social in their security behaviors: their decision to adopt a good security practice is hardly ever an isolated decision.

    Security conferences tend to be dominated by security researchers demonstrating their latest exploits. The talks are attack-oriented, they keep a narrow focus, and usually they close with a dark outlook. The security industry has been doing security conferences like this for twenty years and seems to prefer this format. Yet, if you are tired of this style, the annual USENIX Enigma conference is a welcome change of pace. Most of the talks are defense-oriented, they have a horizon going far beyond technology alone, and they are generally focused on successful solutions.

  • DIY biology

    A scientist with a rather unusual name, Meow-Ludo Meow-Meow, gave a talk at linux.conf.au 2018 about the current trends in "do it yourself" (DIY) biology or "biohacking". He is perhaps most famous for being prosecuted for implanting an Opal card RFID chip into his hand; the Opal card is used for public transportation fares in Sydney. He gave more details about his implant as well as describing some other biohacking projects in an engaging presentation.

    Meow-Meow is a politician with the Australian Science Party, he said by way of introduction; he has run in the last two elections. He founded BioFoundry, which is "Australia's first open-access molecular biology lab"; there are now two such labs in the country. He is also speaks frequently as "an emerging technology evangelist" for biology as well as other topics.

  • Notes from FAST18

    I attended the technical sessions of Usenix's File And Storage Technology conference this week. Below the fold, notes on the papers that caught my attention.

Security: Vista10 and uTorrent Holes Found by Google

Filed under
Security
  • Google drops new Edge zero-day as Microsoft misses 90-day deadline

    Google originally shared details of the flaw with Microsoft on 17 November 2017, but Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days to do this” period.

  • Google Goes Public with Another Major Windows 10 Bug

    After revealing an Edge browser vulnerability that Microsoft failed to fix, Google is now back with another disclosure, this time aimed at Windows 10 Fall Creators Update (version 1709), but potentially affecting other Windows versions as well.

    James Forshaw, a security researcher that’s part of Google’s Project Zero program, says the elevation of privilege vulnerability can be exploited because of the way the operating system handles calls to Advanced Local Procedure Call (ALPC).

    This means a standard user could obtain administrator privileges on a Windows 10 computer, which in the case of an attack, could eventually lead to full control over the impacted system.

    But as Neowin noted, this is the second bug discovered in the same function, and both of them, labeled as 1427 and 1428, were reported to Microsoft on November 10, 2017. Microsoft said it fixed them with the release of the February 2018 Patch Tuesday updates, yet as it turns out, only issue 1427 was addressed.

  • uTorrent bugs let websites control your computer and steal your downloads

    The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.

  • BitTorrent Client uTorrent Suffers Security Vulnerability (Updated)

    BitTorrent client uTorrent is suffering from an as yet undisclosed vulnerability. The security flaw was discovered by Google security researcher Tavis Ormandy, who previously said he would reveal a series of "remote code execution flaws" in torrent clients. BitTorrent Inc. has rolled out a 'patch' in the latest Beta release and hopes to fix the stable uTorrent client later this week.

Red Hat introduces updated decision management platform

Filed under
Red Hat

Troubleshoot a network? No problem. Write a 3,000 word article on Kubernetes cloud container management? When do you want it. Talk to a few hundred people about Linux's history? Been there, done that. Manage a business's delivery routing and shift scheduling? I'll break out in a cold sweat.

If you too find the nuts and bolts of business processing management a nightmare, you'll want to check out Red Hat's latest program: Red Hat Decision Manager 7.

Read more

Syndicate content

More in Tux Machines

Canonical Releases Major Kernel Security Update for Ubuntu 14.04 to Fix 26 Flaws

A total of 26 security flaws were fixed in today's kernel update for Ubuntu 14.04 LTS systems and derivatives, including an out-of-bounds write vulnerability in Linux kernel's F2F (Flash-Friendly File System) file system, a use-after-free flaw in Linux kernel's ALSA PCM subsystem, and an integer overflow in Linux kernel's sysfs interface for the QLogic 24xx+ series SCSI driver. Additionally, the kernel update addresses a use-after-free vulnerability in Linux kernel's SCTP protocol implementation, as well as a race condition in the LEGO USB Infrared Tower driver and a use-after-free vulnerability in the USB serial console driver, both allowing a physically proximate attacker to execute arbitrary code or crash the system with a denial of service attack. Read more

Stable kernels 4.4.117, 4.9.83, 4.14.21 and 4.15.5

Plasma Mobile Could Give Life to a Mobile Linux Experience

In the past few years, it’s become clear that, outside of powering Android, Linux on mobile devices has been a resounding failure. Canonical came close, even releasing devices running Ubuntu Touch. Unfortunately, the idea of Scopes was doomed before it touched down on its first piece of hardware and subsequently died a silent death. The next best hope for mobile Linux comes in the form of the Samsung DeX program. With DeX, users will be able to install an app (Linux On Galaxy—not available yet) on their Samsung devices, which would in turn allow them to run a full-blown Linux distribution. The caveat here is that you’ll be running both Android and Linux at the same time—which is not exactly an efficient use of resources. On top of that, most Linux distributions aren’t designed to run on such small form factors. The good news for DeX is that, when you run Linux on Galaxy and dock your Samsung device to DeX, that Linux OS will be running on your connected monitor—so form factor issues need not apply. Read more

Red Hat Leftovers