Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 19 Nov 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story LG V30 review: Good hardware design marred by bad camera, software Rianne Schestowitz 15/11/2017 - 2:02pm
Story Deepin 15.5 Beta——Small and Beautiful Features Roy Schestowitz 15/11/2017 - 1:40pm
Story Security Leftovers Roy Schestowitz 15/11/2017 - 12:14pm
Story Tails 3.3 is out Roy Schestowitz 15/11/2017 - 8:45am
Story Linux Runs on All of the 500 Fastest Supercomputers itsfoss 15/11/2017 - 8:31am
Story Today in Techrights Roy Schestowitz 15/11/2017 - 5:32am
Story today's leftovers Roy Schestowitz 15/11/2017 - 5:19am
Story Linux Mint 18.3 Betas Roy Schestowitz 15/11/2017 - 5:18am
Story today's howtos Roy Schestowitz 15/11/2017 - 5:17am
Story OSS Leftovers Roy Schestowitz 15/11/2017 - 5:12am

Security: Intel Back Door, Hacking a Fingerprint Biometric, Dashlane, Vault 8, Cryptojacking, MongoDB and More

Filed under
Security
  • Recent Intel Chipsets Have A Built-In Hidden Computer, Running Minix With A Networking Stack And A Web Server

    The "Ring-3" mentioned there refers to the level of privileges granted to the ME system. As a Google presentation about ME (pdf) explains, operating systems like GNU/Linux run on Intel chips at Ring 0 level; Ring-3 ("minus 3") trumps everything above -- include the operating system -- and has total control over the hardware. Throwing a Web server and a networking stack in there too seems like a really bad idea. Suppose there was some bug in the ME system that allowed an attacker to take control? Funny you should ask; here's what we learned earlier this year...

    [...]

     Those don't seem unreasonable requests given how serious the flaws in the ME system have been, and probably will be again in the future. It also seems only fair that people should be able to control fully a computer that they own -- and that ought to include the Minix-based computer hidden within.

  •  

     

  • “Game Over!” — Intel’s Hidden, MINIX-powered ME Chip Can Be Hacked Over USB

    Even the creator of MINIX operating system didn’t know that his for-education operating system is on almost every Intel-powered computer.

  • Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

     

    Turns out they were right. Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad.

  •  
     

  • Hacking a Fingerprint Biometric
  •  

  • Dashlane Password Manager Now Supports Linux [Ed: But why would anyone with a clue choose to upload his/her passwords?]

    Dashlane, the popular password manager, now supports Linux (and ChromeOS and Microsoft Edge) thanks to new web extension and web app combination.

  • Source Code For CIA’s Spying Tool Hive Released By Wikileaks: Vault 8

    From November 9, Wikileaks has started a new series named Vault 8. As a part of this series, the first leak contains the source code and analysis for Hive software project. Later, the other leaks of this series are expected to contain the source code for other tools as well.

  • Cryptojacking found on 2496 online stores

    Cryptojacking - running crypto mining software in the browser of unsuspecting visitors - is quickly spreading around the web. And the landgrab extends to online stores. The infamous CoinHive software was detected today on 2496 e-commerce sites.

  • 2,500+ Websites Are Now “Cryptojacking” To Use Your CPU Power And Mine Cryptocurrency
  • MongoDB update plugs security hole and sets sights on the enterprise

    Document database-flinger MongoDB has long positioned itself as the dev's best friend, but after ten years it is now fluffing itself up for the enterprise.

    The firm, which went public just last month and hopes to earn up to $220m, has now launched the latest version of its database, which aims to appeal to these bigger customers.

  • How AV can open you to attacks that otherwise wouldn’t be possible [Ed: Any proprietary software put on top of any other software (FOSS included) is a threat and a possible back door]

    Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn't be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.

    AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.

  • Estonia arrests suspected FSB agent accused of “computer-related crime”

    Estonian authorities announced this week that they had recently arrested a Russian man suspected of being an agent of the Federal Security Service (FSB) who was allegedly planning "computer-related crime."

    The 20-year-old man, whose identity was not made public, was arrested last weekend in the Estonian border city of Narva as he was trying to return to Russia.

today's howtos

Filed under
HowTos

What Red Hat is, Fedora 27 Release Imminent

Filed under
Red Hat

OpenChain and copyleft

Filed under
GNU
Legal
  • How OpenChain can transform the supply chain

    OpenChain is all about increasing open source compliance in the supply chain. This issue, which many people initially dismiss as a legal concern or a low priority, is actually tied to making sure that open source is as useful and frictionless as possible. In a nutshell, because open source is about the use of third-party code, compliance is the nexus where equality of access, safety of use, and reduction of risk can be found. OpenChain accomplishes this by building trust between organizations.

    Many companies today understand open source and act as major supporters of open source development; however, addressing open source license compliance in a systematic, industry-wide manner has proven to be a somewhat elusive challenge. The global IT market has not seen a significant reduction in the number of open source compliance issues in areas such as consumer electronics over the past decade.

    [...]

    The OpenChain Project, hosted by The Linux Foundation, is intended to make open source license compliance more predictable, understandable, and efficient for the software supply chain. Formally launched in October 2016, the OpenChain Project started three years earlier with discussions that continued at an increasing pace until a formal project was born. The basic idea was simple: Identify recommended processes for effective open source management. The goal was equally clear: Reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

  • Software Freedom Strategy with Community Projects

    All of those led me to understand how software freedom is under attack, in particular how copyleft in under attack. And, as I talked during FISL, though many might say that "Open Source has won", end users software freedom has not. Lots of companies have co-opted "free software" but give no software freedom to their users. They seem friends with free software, and they are. Because they want software to be free. But freedom should not be a value for software itself, it needs to be a value for people, not only companies or people who are labeled software developers, but all people.

    That's why I want to stop talking about free software, and talk more about software freedom. Because I believe the latter is more clear about what we are talking about. I don't mind that we use whatever label, as long as we stablish its meaning during conversations, and set the tone to distinguish them. The thing is: free software does not software freedom make. Not by itself. As Bradley Kuhn puts it: it's not magic pixie dust.

    Those who have known me for years might remember me as a person who studied free software licenses and how I valued copyleft, the GPL specifically, and how I concerned myself with topics like license compatibility and other licensing matters.

    Others might remember me as a person who valued a lot about upstreaming code. Not carrying changes to software openly developed that you had not made an effort to put upstream.

    I can't say I was wrong on both accounts. I still believe in those things. I still believe in the importance of copyleft and the GPL. I still value sharing your code in the commons by going upstream. But I was certaily wrong in valuing them too much. Or not giving as much or even more value to distribution efforts of getting software freedom to the users.

The OpenStack Foundation starts to look at projects beyond OpenStack

Filed under
Server
OSS

Over the last few years, we’ve seen the launch of a number of open source foundations like the Cloud Native Compute Foundation, the Cloud Foundry Foundation and others. Most of these run under the Linux Foundation, but one of the largest open source foundation outside of that group’s orbit is the OpenStack Foundation, which — at least until now — has solely focused on the development of the OpenStack cloud computing platform.

Read more

Also: Organizations Favoring Multicloud Deployments, OpenStack Survey Finds

FreeCS: Aiming For An Open-Source Counter-Strike Implementation

Filed under
OSS
Gaming

The latest open-source game project working on an open-source engine re-implementation of a popular game is FreeCS that is aiming to be a free software re-implementation of Counter-Strike.

Before getting too excited, FreeCS isn't targeting Counter-Strike: Global Offensive, Counter-Strike: Source, nor Counter-Strike 1.6, but rather Counter-Strike 1.5. Nevertheless, plenty of nostalgic Linux gamers will probably be interested.

Read more

Ubuntu 17.10 Artful Aardvark - Art eater

Filed under
Reviews
Ubuntu

Ubuntu 17.10 Artful Aardvark is definitely one of the worst releases ever - among the few distros that I actually consider worth actually using to begin with, and probably the most underwhelming Ubuntu ever released. If Canonical really wants to revive the desktop, then it must ditch Gnome and go with Plasma. Otherwise, it's just going to be one long, neverending disaster of apathy, mediocrity and self-delusion. Fonts are the only thing that works well in this release.

Everything else is just awful - a sad live session that showcases nothing, Samba regressions, Nouveau color fiasco, application crashes, botched extensions mechanism, a neutered and counter-intuitive desktop, and the list goes on. You've read the review, no need for me to repeat itself. And the simple reason for this is Gnome. But then it's up to Canonical to do things right. Only can you really blame them for not trying? They wanted to make Linux big, but the so-called community took a proverbial dump on them. The only reason why anyone even remotely cares about Linux desktop is Ubuntu, and now it's not even that. Ubuntu is tired. The old passion is gone.

The only salvation is to reboot the whole thing. Plasma. Hopefully, come April 2018, there will be one LTS and it will be running KDE, and it will be called Ubuntu. At the moment, we're back in 2005 or so, when Ubuntu just started. Maybe other DE flavors will be better. 1/10. Hardly worth testing. You might be luckier, but if it comes to luck and not professionalism, you might as well not bother. Dedoimedo regretfully approves this review.

Read more

Also: Ubuntu 18.04 Daily Builds Available For Download — A New Default Theme Is (Probably) Coming

Games: Valve, Rust, Solus, Serious Sam 3, Football Manager 2018

Filed under
Gaming

Lakka 2.1 RC6 released with new Allwinner and Rockchip images and Kiosk mode

Filed under
GNU
Linux

Lakka 2.1 RC6 is available for download. It’s a very important update that brings support for a lot of new boards and fixes many compatibility issues.

Read more

Tiny NanoPi SBCs debut with new Ubuntu Core based FriendlyCore

Filed under
Ubuntu

FriendlyElec released two Samsung-based NanoPi SBCs with similar specs: a $28, quad -A9 Fire2A and an $35, octa -A53 Fire3, with new FriendlyCore distro.

FriendlyElec’s open source, NanoPi Fire2A and NanoPi Fire3 SBCs are both very similar to the $29 NanoPi 2 Fire, which itself is roughly based on the old NanoPi 2. The two new SBCs, which support Android and Linux distributions including a new Ubuntu Core-based FriendlyCore distro, are identical except for the processor and RAM. The NanoPi Fire2A uses the same Samsung S5P4418 (4x Cortex-A9 @ 400MHz to 1.4GHz) as the NanoPi 2 Fire, accompanied with 512MB DDR3 while the NanoPi Fire3 taps the S5P6818 (8x Cortex-A53 @ 400MHz to 1.4GHz) used on the NanoPC-T3 and NanoPi M3, with 1GB RAM.

Read more

Security: Updates and Intel Back Doors

Filed under
Security

Samsung shows off Linux desktops on Galaxy smartmobes

Filed under
Linux

Samsung teased the idea of Linux on its flagship phones in October 2017, promising that Linux would run in your hand or, if you use its DeX dock, in full desktop mode on a monitor. Now it's released the video below to show off its idea.

Described as a “Concept Demo”, the vid has a couple of interesting moments.

The first comes at the 12 second mark, after the “Linux on Galaxy” app has been run. At this point we see Ubuntu 16 listed, along with a plus sign to add other OSes to the app. This appears to make good on Samsung's promise that you'll be able to have multiple OSes in your Galaxy.

Read more

Chrome OS Getting Accelerated Video Decoding and Encoding Capabilities Info Soon

Filed under
OS

François Beaufort is always teasing Chromebook users with the latest features, and today he posted a message on his Google+ page that accelerated video decoding and encoding capabilities are now available in the internal chrome://gpu page in Chrome Canary.

It appears that the functionally works if you set profiles for various of the supported video codecs by Chrome OS, which can be decoded and encoded through hardware acceleration if your Chromebook is supported, which many of them are.

Read more

Mageia 5 GNU/Linux Operating System to Reach End of Life on New Year's Eve

Filed under
Linux
MDV

In the blog announcement, the Mageia developer explains that the team decided to postpone the EOL (End-of-Life) for the Mageia 5 release, which was supposed to reach end of life on October 31, until New Year's Eve, because many Mageia 5 users haven't upgraded to Mageia 6.

Announced on July 16, 2017, Mageia 6 is the latest stable release of the GNU/Linux distribution, incorporating some of the latest GNU/Linux technologies and Open Source applications, including the KDE Plasma 5.11 desktop environment, AppStream support, GRUB2 as default bootloader, a new Xfce Live edition, and much more.

Read more

The Best PCB Design Software For Linux

Filed under
Linux

PCB design software is a piece of open source CAD software for use in a number of different engineering industries. PCB design software benefits manufacturing and engineering companies so much because you can run thorough tests on products without having to make a prototype first. This saves no end of time and money and avoids repeated attempts at prototypes because of small errors. It allows you to fix multiple products at a time and most importantly, it is viable for use by smaller businesses as well. Traditionally PCB software has been run on Mac or Windows but there are plenty of programs that are optimized for Linux. If you’re struggling to find the best Linux optimized PCB software, here are some of the best ones on the market at the moment.

Read more

Kubuntu 17.10 Users Can Now Update to KDE Plasma 5.11.3 Desktop Environment

Filed under
Ubuntu

Kubuntu 17.10 was released on October 19, 2017, with the KDE Plasma 5.10.5 desktop environment by default. If you're running Kubuntu 17.10 on your personal computer, you can now update it to the KDE Plasma 5.11.3 desktop environment, a bugfix release that addresses multiple issues and annoyances.

The KDE Plasma 5.11.3 packages landed today in the Kubuntu Backports PPA (Personal Package Archive), not Kubuntu 17.10's standard software repositories, along with several other recent KDE applications and core component, including the recently released Krita 3.3.2.1 digital painting software.

Read more

Also: Plasma 5.11.3 bugfix release now in backports PPA for Artful Aardvark 17.10

KDE Applications 17.08 Reaches End of Life, KDE Apps 17.12 Coming December 14

Filed under
KDE

KDE Applications 17.08.3 is the last stability update for KDE Applications 17.08, bringing a total of 41 bug fixes for various core components and applications, among which we can mention Ark, Gwenview, Kdenlive, KGpg, Kontact, Kleopatra, KMail, KNotes, KWave, Okular, and Spectacle, along with updated translations.

Among the improvements included in this release, we can mention a workaround for a Samba 4.7 regression related to password-protected SMB shares, a fix for an Okular crash that occurred after certain rotation jobs, as well as support for the Ark archive manager to preserve file modification dates when extracting ZIP archives.

Read more

Syndicate content

More in Tux Machines

OSS Leftovers

  • The Future of Marketing Technology Is Headed for an Open-Source Revolution
  • Edging Closer – ODS Sydney
    Despite the fact that OpenStack’s mission statement has not fundamentally changed since the inception of the project in 2010, we have found many different interpretations of the technology through the years. One of them was that OpenStack would be an all-inclusive anything-as-a-service, in a striking parallel to the many different definitions the “cloud” assumed at the time. At the OpenStack Developer Summit in Sydney, we found a project that is returning to its roots: scalable Infrastructure-as-a-Service. It turns out, that resonates well with its user base.
  • Firefox Quantum Now Available on openSUSE Tumbleweed, Linux 4.14 Coming Soon
    Users of the openSUSE Tumbleweed rolling operating system can now update their computers to the latest and greatest Firefox Quantum web browser.
  • Short Delay with WordPress 4.9
    You may have heard WordPress 4.9 is out. While this seems a good improvement over 4.8, it has a new editor that uses codemirror.  So what’s the problem? Well, inside codemirror is jshint and this has that idiotic no evil license. I think this was added in by WordPress, not codemirror itself. So basically WordPress 4.9 has a file, or actually a tiny part of a file that is non-free.  I’ll now have to delay the update of WordPress to hack that piece out, which probably means removing the javascript linter. Not ideal but that’s the way things go.

Red Hat and Fedora Leftovers

Darling ('Wine' for OS X) and Games Leftovers

Linux 4.13.14, 4.9.63, 4.4.99, and 3.18.82