Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 17 Oct 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Linux Kernel Security is Lacking? srlinuxx 10/04/2005 - 11:42pm
Story Did SCO end up helping Linux? srlinuxx 10/04/2005 - 11:42pm
Story Night that the Lights went Out in TN srlinuxx 11/04/2005 - 12:46am
Story More Summit Notes srlinuxx 10/04/2005 - 11:43pm
Story New Slack is Out srlinuxx 11/04/2005 - 5:01pm
Story New O'Reilly Security Book Released srlinuxx 10/04/2005 - 11:53pm
Story 97 bugs found in MySQL srlinuxx 10/04/2005 - 11:54pm
Story Intel Has Been Busy Busy Busy srlinuxx 10/04/2005 - 11:54pm
Story On the Redmond Front srlinuxx 10/04/2005 - 11:55pm
Story M$ Continues its Attack srlinuxx 10/04/2005 - 11:56pm

OSS Leftovers

Filed under
OSS

Security Leftovers

Filed under
Security
  • Google and IBM launch open-source security tool for containers

    Google and IBM, together with a few other partners, released an open-source project that gathers metadata that developers can use to secure their software.

    According to an IBM blog post, the goal of the project is to help developers keep security standards, while microservices and containers cut the software supply chain.

  • Top 10 Hacking Techniques Used By Hackers

    We live in a world where cyber security has become more important than physical security, thousands of websites and emails are hacked daily. Hence, It is important to know the Top hacking techniques used by hackers worldwide to exploit vulnerable targets all over the internet.

  • Protect your wifi on Fedora against KRACK

    You may have heard about KRACK (for “Key Reinstallation Attack”), a vulnerability in WPA2-protected Wi-Fi. This attack could let attackers decrypt, forge, or steal data, despite WPA2’s improved encryption capabilities. Fear not — fixes for Fedora packages are on their way to stable.

  • Federal watchdog tells Equifax—no $7.25 million IRS contract for you

    The Government Accountability Office (GAO) on Monday rejected Equifax's bid to retain its $7.25 million "taxpayer identity" contract—the one awarded days after Equifax announced it had exposed the Social Security numbers and other personal data of some 145 million people.

  • Adobe Flash vulnerability exploited by BlackOasis hacking group to plant FinSpy spyware

    Security researchers have discovered a new Adobe Flash vulnerability that has already been exploited by hackers to deploy the latest version of FinSpy malware on targets. Kaspersky Lab researchers said a hacker group called BlackOasis has already taken advantage of the zero-day exploit – CVE-2017-11292 – to deliver its malicious payload via a Microsoft Word document.

  • Companies turn a blind eye to open source risk [Ed: No, Equifax got b0rked due to bad practices, negligence, incompetence, not FOSS]

    For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability.

  • Checking Your Passwords Against the Have I Been Pwned List

    Two months ago, Troy Hunt, the security professional behind Have I been pwned?, released an incredibly comprehensive password list in the hope that it would allow web developers to steer their users away from passwords that have been compromised in past breaches.

How to use an Arduino and Raspberry Pi to turn a fiber optic neural network into wall art

Filed under
Linux
HowTos

Hollywood has made many big promises about artificial intelligence (AI): how it will destroy us, how it will save us, and how it will pass us butter. One of the less memorable promises is how cool it will look.

There's a great example of amazing AI visualization in Avengers: Age of Ultron when Tony Stark's AI butler Jarvis interacts with Ultron and we see an organic floating network of light morphing and pulsing. I wanted to make something similar to fill blank space on my apartment wall (to improve upon the usual Ikea art). Obviously, I couldn't create anything as amazing as Jarvis as a floating orb of light; however, I could use a machine learning algorithm that looks interesting with quirky data visualization: a neural network! It employs biologically inspired elements that were meant to replicate how (we thought) the human brain works.

Read more

Red Hat: Alibaba, CRI-O, Silencing Critics

Filed under
Red Hat

Linux Users Discuss DRM

Filed under
GNU
Linux
  • Linux Users Discuss DRM – Unleaded Hangout

    Today my Patreons and I discuss encrypted media extensions, digital rights management and our freedom on the Linux desktop.

  • The European Parliament Should Be Talking About DRM, Right Now!

    [Teresa Nobre, Communia Association, Link (CC-0)] The European Union is currently discussing a reform of its copyright system, including making mandatory certain copyright exceptions, in order to introduce a balance into the system. However, no one, except Julia Reda, is paying any attention to one of the biggest obstacles to the enforcement of copyright exceptions in the digital age: technological protection measures (TPM), including digital rights management (DRM). In this blogpost we will present the reasons why the European Parliament should not lose this opportunity to discuss a reform of the EU anti-circumvention rules.

Games: OpenMW and Linux Gaming Benchmark

Filed under
Gaming
  • OpenMW, the open source Morrowind game engine continues advancing

    OpenMW [Official Site], the open source Morrowind game engine continues advancing with recent blog posts highlighting some changes sounding rather great.

    Speaking on their official blog, the developers noted back in September that they've had some new developers come on board, with thanks in part to the multiplayer "TES3MP" project (Morrowind Multiplayer), which is built from OpenMW.

  • Core i7 8700K vs. Ryzen 7 1800X For NVIDIA/Radeon Linux Gaming

    Following last week's look at using the new "Coffee Lake" Intel Core i3 / i5 / i7 CPUs for Linux gaming comparison among our other ongoing tests of these new "8th Gen" processors, a frequent request has been a closer look at the gaming performance between the Core i7 8700K and the Ryzen 7 1800X. Here's a look with two AMD Radeon graphics cards and two NVIDIA GeForce offerings.

Bloomberg's big move on machine learning and open source

Filed under
OSS

With its orange text on black interface and colour coded keyboard, the Bloomberg professional services terminal – known simply as ‘The Terminal’ – doesn’t appear to have changed much since it was launched in the early ’80s.

But behind the retro (Bloomberg prefers ‘modern icon’) stylings, its delivery of financial markets data news, and trading tools has advanced rapidly.

The terminal’s 315,000 subscribers globally are now able to leverage on machine learning, deep learning, and natural language processing techniques developed by the company, as they seek an edge in their investment decisions. Bloomberg is also applying those same techniques to its internal processes.

Leading the company’s efforts in the area is Bloomberg’s head of data science Gideon Mann, who spoke with CIO Australia earlier this month.

[...]

Behind much of Bloomberg’s recent builds has been an open source ethic. Mann says there has been a sea change within the company about open source.

"When the company started in 1981 and there really wasn't a whole lot of open source. And so there was a mentality of you know if it's not invented here we're not interested,” Mann says.

[...]

The organisation took some convincing, but, championed by the CTO, there has been a “huge culture change” towards open source.

“There are two groups you got to convince: you’ve got to convince management that using open source is going to be safe and lead to better software, and then you also have to convince engineers that using open source is going to increase their skillset, will lead to software that’s easier to maintain and is less buggy and it's going to be a more beautiful system. Once you can kind of convince those two then you're set,” Mann says.

The company is an active contributor to projects including Solr, Hadoop, Apache Spark and Open Stack.

Read more

Also: Uber Open Sources AthenaX, Its Streaming Analytics Platform

Firefox 57 - Trick or Treat?

Filed under
Moz/FF

The best way to describe Firefox 57 is too little, too late, but better later than never. In a way, it's a pointless release, because it brings us back roughly where Firefox was and should have been years ago. Only all this time in between was wasted losing user base.

WebExtensions will be the thing that makes or breaks the browser, and with insufficient quality in the available replacements for those that don't make the culling list, there will be no real incentive for people to stay around. Firefox 57 is better than earlier versions in terms of looks and performance, but that's like saying you get 50% discount on a price that is twice what it should be. Ultimately unnecessary, just like graduating from university by the age of 68. There aren't any major advantages over Chrome. This is essentially a Firefox that sucks less.

So yes, on the positive side, if you do want to continue using Firefox, version 57 makes much more sense than the previous 53 releases. It has an almost normal look, some of the sorely needed security & privacy addons are available, and it offers a passable user experience in terms of speed and responsiveness. Bottom line, I will stick with Firefox for now. As long as my extensions keep working. Take care.

Read more

The origin and evolution of FreeDOS

Filed under
OS

Over the years, developers have shared with me how they use FreeDOS to run embedded systems. My all-time favorite example is a developer who used FreeDOS to power a pinball machine. FreeDOS ran an application that controlled the board, tallied the score, and updated the back display. I don't know exactly how it was built, but one way such a system could work is to have every bumper register a "key" on a keyboard bus and the application simply read from that input. I thought it was cool.

People sometimes forget about legacy software, but it pops up in unexpected places. I used to be campus CIO of a small university, and once a faculty member brought in some floppy disks with old research data on them. The data wasn't stored in plaintext files, rather as DOS application data. None of our modern systems would read the old data files, so we booted a spare PC with FreeDOS, downloaded a shareware DOS program that could read the application data, and exported the data to plaintext.

Read more

U.S. makes renewable energy software open source

Filed under
OSS

As a longtime proponent of open source solar photovoltaic development, I am happy that the U.S. National Renewable Energy Lab (NREL) has shared all the source code for System Advisor Model (SAM), its most powerful renewable energy economic analysis software.

SAM is now SAM Open Source. It is a performance and financial model designed to help make decisions about renewable energy. This is perfect timing, as the costs of solar have dropped so far that the levelized cost of electricity for solar power is less than what you are probably paying for electricity from your utility.

Read more

Solus Gets Driverless Printing, Improvements to Linux Steam Integration, More

Filed under
OS
Linux

Solus' communications manager Joshua Strobl is reporting today on the latest goodies and software updates that landed recently in the software repositories of the Linux-based operating system.

Read more

Canonical Adds Last-Minute Finishing Touches to Ubuntu 17.10 (Artful Aardvark)

Filed under
Ubuntu

Ubuntu contributor Didier Roche shares today with the community some of the last minute finishing touches that he and the Ubuntu Desktop team had to add to the forthcoming Ubuntu 17.10 release.

Read more

OSS Leftovers

Filed under
OSS
  • 20 Most Promising Open Source Solution Providers - 2017

    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.

  • DevOps pros and open source: Culturally connected

    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.

  • Interoperability: A Case For Open Source - GC@PCI Commentary

    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”

  • DevOps Skills Are Key to Collaboration within Organizations

    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).

  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics

    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.

  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More

    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.

  • Oracle Promises To Open Source Oracle JDK And Improve Java EE

    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.

  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls

    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls.

    Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."

  • An enforcement clarification from the kernel community

    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

Devices: Aaeon, Corvalent, and Renesas Electronics

Filed under
GNU
Linux
Hardware

Red Hat and Servers: India, China, Docker and Kubernetes

Filed under
Red Hat
Server

GNOME: LVFS and Epiphany

Filed under
GNOME
  • Richard Hughes: Shaking the tin for LVFS: Asking for donations!

    Nearly 100 million files are downloaded from the LVFS every month, the majority being metadata to know what updates are available. Although each metadata file is very small it still adds up to over 1TB in transfered bytes per month. Amazon has kindly given the LVFS a 2000 USD per year open source grant which more than covers the hosting costs and any test EC2 instances. I really appreciate the donation from Amazon as it allows us to continue to grow, both with the number of Linux clients connecting every hour, and with the number of firmware files hosted. Before the grant sometimes Red Hat would pay the bandwidth bill, and other times it was just paid out my own pocket, so the grant does mean a lot to me. Amazon seemed very friendly towards this kind of open source shared infrastructure, so kudos to them for that.

    At the moment the secure part of the LVFS is hosted in a dedicated Scaleway instance, so any additional donations would be spent on paying this small bill and perhaps more importantly buying some (2nd hand?) hardware to include as part of our release-time QA checks.

  • Epiphany 3.28 Development Kicks Off With Safe Browsing, Better Flatpak Handling

    Epiphany 3.27.1 was released a short time ago as the first development release of this web-browser for the GNOME 3.28 cycle.

    For being early in the development cycle there is already a fair number of improvements with Epiphany 3.27.1. Some of the highlights include Google Safe Browsing support, a new address bar dropdown powered by libdazzle, and improvements to the Flatpak support.

  • Safe Browsing in Epiphany

    I am pleased to announce that Epiphany users will now benefit from a safe browsing support which is capable to detect and alert users whenever they are visiting a potential malicious website. This feature will be shipped in GNOME 3.28, but those who don’t wish to wait that long can go ahead and build Epiphany from master to benefit from it.

    The safe browsing support is enabled by default in Epiphany, but you can always disable it from the preferences dialog by toggling the checkbox under General -> Web Content -> Try to block dangerous websites.

Syndicate content

More in Tux Machines

Security: WPA2, CVE-2017-15265, Fuzzing, Hyperledger

  • Fedora Dev Teaches Users How to Protect Their Wi-Fi Against WPA2 KRACK Bug
    Former Fedora Project leader Paul W. Frields talks today about how to protect your Fedora computers from the dangerous WPA2 KRACK security vulnerability that affects virtually any device using the security protocol to connect to the Internet.
  • WPA2 was kracked because it was based on a closed standard that you needed to pay to read
    How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Thank the IEEE's business model. The IEEE is the standards body that developed WPA2, and they fund their operations by charging hundreds of dollars to review the WPA2 standard, and hundreds more for each of the standards it builds upon, so that would-be auditors of the protocol have to shell out thousands just to start looking. It's an issue that Carl Mamamud, Public Resource and the Electronic Frontier Foundation have been fighting hard on for years, ensuring that the standards that undergird public safety and vital infrastructure are available for anyone to review, audit and criticize.
  • Patch Available for Linux Kernel Privilege Escalation
    The issue — tracked as CVE-2017-15265 — is a use-after-free memory corruption issue that affects ALSA (Advanced Linux Sound Architecture), a software framework included in the Linux kernel that provides an API for sound card drivers.
  • ​Linus Torvalds says targeted fuzzing is improving Linux security
    Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes. Fuzzing involves stress testing a system by generating random code to induce errors, which in turn may help identify potential security flaws. Fuzzing is helping software developers catch bugs before shipping software to users.
  • Devsecops: Add security to complete your devops process [Ed: more silly buzzwords]
  • Companies overlook risks in open source software [Ed: marketing disguised as "news" (and which is actually FUD)]
  • Q&A: Does blockchain alleviate security concerns or create new challenges?
    According to some, blockchain is one of the hottest and most intriguing technologies currently in the market. Similar to the rising of the internet, blockchain could potentially disrupt multiple industries, including financial services. This Thursday, October 19 at Sibos in Toronto, Hyperledger’s Security Maven Dave Huseby will be moderating a panel “Does Blockchain technology alleviate security concerns or create new challenges?” During this session, experts will explore whether the shared nature of blockchain helps or hinders security.

Games: Nowhere Prophet, Ebony Spire: Heresy, The First Tree, Daggerfall, Talos Principle

  • Nowhere Prophet, a single-player tactical roguelike with card-based battles has Linux support
    Nowhere Prophet [Official Site, itch.io], a single-player tactical roguelike with card-based battles is currently going through 'First Access' (itch's version of Early Access) and it has Linux support.
  • Ebony Spire: Heresy, a first-person turn-based dungeon crawler will release next month
    For fans of the classic first-person dungeon crawlers, Ebony Spire: Heresy [Steam] looks like it might scratch the itch. One interesting thing to note, is that Linux is the primary platform for the development of the game. It's really great to hear about more games actually developed on Linux! Even better, is that the source code for the game is under the MIT license. You can find the source on GitHub. The source is currently a little outdated, but the developer has told me that it will be updated when the Beta becomes available.
  • The First Tree, a short and powerful exploration game is now available on Linux
    The developer of The First Tree [itch.io, Steam, Official Site] email in to let everyone know that their beautiful 3rd-person exploration game is now on Linux 'due to a ton of requests'. Linux support arrived as part of a major patch, which improves gamepad support, adds an option to invert the Y-axis and Camera Sensitivity options are in too. On top of that, a bunch of bugs were also squashed.
  • The open source recreation of Daggerfall hits an important milestone
    Another classic game is getting closer to being fully playable natively on Linux. The project to recreate The Elder Scrolls II: Daggerfall in the Unity engine has hit an important milestone and now the the main quest is completely playable. Daggerfall is the second entry in Bethesda’s long-running Elder Scrolls series of role-playing games and was originally released way back in 1996. It was an ambitious game, with thousands upon thousands of locations to explore in an virtual game area the size of a small real-world nation. It’s a game that I personally lost a lot of time to way back in the day and I’m happy to see that a project that allows me to play it natively on Linux is coming along swimmingly.
  • The Talos Principle VR Launches With Linux Support
    Croteam has just released The Talos Principle VR, the virtual reality edition of their award-winning The Talos Principle puzzle game. SteamOS/Linux with the HTC Vive is supported alongside Windows. This VR-enhanced version of The Talos Principle is retailing for $39.99 USD.

Android Leftovers

Review: Google Pixel 2

If I had to pick the moment I most appreciated the Google Pixel 2, it would be when our airboat driver-slash-tour guide put a hot dog and a piece of raw chicken in his pocket, dove into the New Orleans swamp, and began playing with a giant gator named Who Dat. I’m no social media whiz, but I knew there was Instagram gold unfolding in front of me. So I pulled out my Pixel 2 XL, the larger of Google’s two new models, double-clicked on the power button to open the camera, and started snapping. Read more