Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 25 Oct 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story RaspEX Project Now Lets You Run Ubuntu 16.10 on Raspberry Pi 3 and 2, with LXDE Rianne Schestowitz 19/10/2016 - 9:43pm
Story Nasdaq Selects Drupal 8 Roy Schestowitz 19/10/2016 - 9:42pm
Story Android Leftovers Roy Schestowitz 19/10/2016 - 9:16pm
Story Red Hat and Fedora Roy Schestowitz 19/10/2016 - 9:16pm
Story Security News Roy Schestowitz 19/10/2016 - 9:15pm
Story Linux Kernel News Roy Schestowitz 19/10/2016 - 9:14pm
Story Bosch and Red Hat join initiative to develop cloud-based IoT platform components Rianne Schestowitz 19/10/2016 - 7:56pm
Story Red Hat and Ericsson sign open source deal Rianne Schestowitz 19/10/2016 - 7:43pm
Story Who killed Cyanogen? Rianne Schestowitz 19/10/2016 - 7:36pm
Story Canonical Ltd.'s Ubuntu Core Rianne Schestowitz 19/10/2016 - 7:33pm

Lubuntu 16.10 Lands as a Bugfix Release That Prepares the Distro for LXQt

Filed under

Lubuntu 16.10 is the last official flavor announced as part of yesterday's Ubuntu 16.10 (Yakkety Yak) final release, and we'd love to tell you a little bit about what's new and what's coming next for the distribution.

Read more

Happy 20th Birthday, KDE

Filed under

20 years ago today Matthias Ettrich sent an email that would mark the start of KDE as we know it today - a world-wide community of amazing people creating Free Software for you. In his email he announced the new Kool Desktop Environment and said “Programmers wanted!” In the 20 years since then so much has happened. We released great software, fought for software freedom and empowered people all over the world to take charge of their digital life. In many ways we have achieved what we set out to do 20 years ago - “a consistant, nice looking free desktop-environment” and more. Millions of people use KDE’s software every single day to do their work, have fun and connect to the most important people in their life. And yet we still have a long way ahead of us. Our job is far from done.

Read more

Also: Happy 20th Birthday, KDE!

KDE's 20th Birthday Celebrated By Re-Releasing KDE 1

Security News

Filed under
  • Thursday's security updates
  • Guile security vulnerability w/ listening on localhost + port
  • Akamai Finds Longtime Security Flaw in 2 Million Devices

    It’s well known that the Internet of Things is woefully insecure, but the most shameful and frustrating part is that some of the vulnerabilities that are currently being exploited could have been eradicated years ago. Now evidence of how these bugs are being used in attacks is calling attention to security holes that are long overdue to be plugged.

    New research released this week from the content delivery network Akamai takes a closer look at how hackers are abusing weaknesses in a cryptographic protocol to commandeer millions of ordinary connected devices—routers, cable modems, satellite TV equipment, and DVRs—and then coordinate them to mount attacks. After analyzing IP address data from its Cloud Security Intelligence platform, Akamai estimates that more than 2 million devices have been compromised by this type of hack, which it calls SSHowDowN. The company also says that at least 11 of its customers—in industries like financial services, retail, hospitality, and gaming—have been targets of this attack.

    The exploited protocol, called Secure Shell (SSH), is commonly used to facilitate remote system access and can be implemented robustly. But many IoT manufacturers either don’t incorporate it or are oblivious to the best practices for SSH when setting up default configurations on their devices. As makers scramble to bring their products to market, these oversights sow widespread insecurity in the foundation of the Internet of Things.

  • IoT Devices as Proxies for Cybercrime

    However, WPS also may expose routers to easy compromise. Read more about this vulnerability here. If your router is among those listed as vulnerable, see if you can disable WPS from the router’s administration page. If you’re not sure whether it can be, or if you’d like to see whether your router maker has shipped an update to fix the WPS problem on their hardware, check this spreadsheet.

    Finally, the hardware inside consumer routers is controlled by software known as “firmware,” and occasionally the companies that make these products ship updates for their firmware to correct security and stability issues. When you’re logged in to the administrative panel, if your router prompts you to update the firmware, it’s a good idea to take care of that at some point. If and when you decide to take this step, please be sure to follow the manufacturer’s instructions to the letter: Failing to do so could leave you with an oversized and expensive paperweight.

    Personally, I never run the stock firmware that ships with these devices. Over the years, I’ve replaced the firmware in various routers I purchased with an open source alternative, such as DD-WRT (my favorite) or Tomato. These flavors generally are more secure and offer a much broader array of options and configurations. Again, though, before you embark on swapping out your router’s stock firmware with an open source alternative, take the time to research whether your router model is compatible, and that you understand and carefully observe all of the instructions involved in updating the firmware.

    Since October is officially National Cybersecurity Awareness Month, it probably makes sense to note that the above tips on router security come directly from a piece I wrote a while back called Tools for a Safer PC, which includes a number of other suggestions to help beef up your personal and network security.

  • Microsoft says hackers have exploited zero-days in Windows 10's Edge, Office, IE; issues fix

    Microsoft's October Patch Tuesday fixes dozens of critical flaws, among them five affecting Internet Explorer, Edge, and Office that have already been under attack.

    Tuesday's update addresses 49 vulnerabilities within 10 security bulletins. Five bulletins are rated as critical and concern remote code execution vulnerabilities affecting Edge, Internet Explorer, Adobe Flash Player, Office, Windows, and Skype for Business.

    According to Microsoft, there were four so-called zero-day flaws, or previously unknown bugs that were being exploited in the wild. However, none has been publicly disclosed before now.

    All these bugs serve as a reminder for users to be cautious when clicking on links or opening attachments from unknown sources.

  • Like it or not, here are ALL your October Microsoft patches

    Redmond kicks off the era of the force-fed security update


    Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.

    The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.

Android Leftovers

Filed under

Red Hat and Fedora

Filed under
Red Hat
  • Paul Smith: Red Hat Symposium to Highlight Role of Open Source on Government IT Modernization

    Red Hat (NYSE: RHT) is set to host its annual symposium on Nov. 2 in Arlington, Virginia that aims to focus on the significance of open source technology on the digital modernization efforts of the government, ExecutiveBiz reported Wednesday.

    The 2016 Red Hat Government Symposium will feature breakout sessions, demonstrations and panel discussions on topics such as open source development, security, automation and integration, hybrid cloud and mobility, the company said Wednesday.

  • The White House lays out AI plans, Red Hat Mobile Application Platform, and Ubuntu 16.10—SD Times news digest: Oct. 13, 2016
  • Notable Stock Analyst Ratings Red Hat Inc (NYSE:RHT), Autodesk, Inc. (NASDAQ:ADSK)
  • Fedora Server: Expanding Throughout the Galaxy

    Three years ago, Fedora embarked on a new initiative that we collectively refer to as As part of this initiative, we decided to start curating deliverable artifacts around specific use-cases rather than the one-size-fits-all approach of Fedora 20 and earlier. One of those specific use-cases was to meet the needs of “server administrators”. And thus, the Fedora Server Edition was born.

  • The Fedora infinote server

    Infinote is a collaborative text server. You can connect to it with the ‘gobby-0.5’ client located in the gobby05 package in Fedora. Once connected you can create documents and multiple people can work on them at the same time. The server takes a git snapshot of all documents every few minutes so you can see history. There’s even a cgit instance at

  • Wayland By Default Test Day 2016-10-13

    Today, Thursday, 2016-10-13, is the Wayland by Default Test Day! As part of this planned Change for Fedora 25, we need your help to test Wayland by Default! Using Wayland instead of X gives a better basis for isolating applications from each other and the rest of the system.

  • FUDCon Latam 2016 in Puno, Peru
  • FUDCon LATAM 2016 starts today!

    FUDCon is the Fedora Users and Developers Conference. The Fedora community holds this event annually in the APAC and LATAM regions since 2005. They became exclusive to APAC and LATAM in 2013 when the EMEA and NA regions began organizing the annual Flock conference.

  • Fedora 25 Beta Resets the Linux Performance Bar

    Red Hat on Wednesday released the beta version of Fedora 25, an open source Linux operating system maintained by the Fedora Project community. The beta release sharpens cloud and developer features, making this Linux distro more attractive to enterprise users. Fedora Linux is the community version of Red Hat Enterprise Linux, or RHEL. Fedora 25 is comprised of a set of base packages that form the foundation of three distinct editions -- Cloud, Server and Workstation -- that target different user bases.

today's leftovers

Filed under
  • TNS Guide to Serverless Technologies: The Best of FaaS and BaaS

    Like the terms “microservices” and “containers” before it, “serverless” is a loaded word. Countless blogs have argued about the meaning or importance.

    The first, obvious statement everyone makes is that, yes, there are servers or hardware of some sort somewhere in the system. But the point of “serverless” is not that servers aren’t used; it’s just that developers and administrators do not have to think about them.

    Serverless architectures refer to applications that significantly depend on third-party services. “Such architectures remove the need for the traditional ‘always on’ server system sitting behind an application,” said software developer Mike Roberts, in an article on Martin Fowler’s site. Inserting serverless technologies into systems can reduce the complexity that needs to be managed, and could also potentially save money.

  • One Day Is a Lifetime in Container Years

    The average life span of a container is short and getting shorter. While some organizations use containers as replacements for virtual machines, many are using them increasingly for elastic compute resources, with life spans measured in hours or even minutes. Containers allow an organization to treat the individual servers providing a service as disposable units, to be shut down or spun up on a whim when traffic or behavior dictates.

    Since the value of an individual container is low, and startup time is short, a company can be far more aggressive about its scaling policies, allowing the container service to scale both up and down faster. Since new containers can be spun up on the order of seconds or sub seconds instead of minutes, they also allow an organization to scale down further than would previously have provided sufficient available overhead to manage traffic spikes. Finally, if a service is advanced enough to have automated monitoring and self-healing, a minuscule perturbation in container behavior might be sufficient to cause the misbehaving instance to be destroyed and a new container started in its place.

    At container speeds, behavior and traffic monitoring happens too quickly for humans to process and react. By the time an event is triaged, assigned, and investigated, the container will be gone. Security and retention policies need to be set correctly from the time the container is spawned. Is this workload allowed to run in this location? Are rules set up to manage the arbitration between security policies and SLAs?

  • Linus Torvalds: “Linux Kernel 5.0 Will Be Released When We Hit 6 Million Git Objects”

    Linux creator Linus Torvalds has shared the news that we are half-way between Linux 4.0 and 5.0 as the Git object database has crossed the 5 million object mark. Some of you might be knowing that major version transition happens at every two million objects in the database. So, after 1 more million Git objects, we can expect the release of Linux kernel 5.0 in 2017.

  • GNOME 3.22.1 Released

    For those on rolling-release distributions that tend to wait until the first point release before upgrading your desktop environment, GNOME 3.22.1 is now available as the first update since last month's GNOME 3.22 debut.

  • Cyanogen's Android Alternative Goes Modular
  • Google Pixel: Devices are a dangerous distraction from the new AI interface

Red Hat News

Filed under
Red Hat

Leftovers: OSS

Filed under
  • Begin Broadcasting with a Powerful Open Source Media Platform

    But what a lot of people don't realize is that that it's definitely not just a media player. You can use it to stream and broadcast video, podcasts and other media content, and that includes streaming content to mobile devices of all kinds. Some organizations are integrating these streaming features with their networks and cloud deployments, embracing shared multimedia content. Here is our collection of guides for streaming with VLC, including guides for integrating it with your organization's publishing strategy. This newly updated collection has been expanded to include some very valuable new, free documentation.

  • AT&T (T) to Unveil ECOMP in Open Source Industry in 1Q17

    U.S. telecom giant AT&T Inc. T is moving ahead with plans to introduce its Enhanced Control, Orchestration, Management and Policy (ECOMP) virtualization platform in the open source industry in the first quarter of 2017. In relation to this, the company announced that it will release all 8.5 million lines of code for ECOMP. AT&T further claims that it has plans to standardize ECOMP as one of the best automated platforms for managing virtual network functions and other software-centric network operations in the telecom industry.

    Earlier in Sep 2016, AT&T and French telecom Orange S.A. ORAN had teamed up on open source initiatives in order to accelerate the standardization of software-defined networking (SDN) and network function virtualization (NFV). In relation to this, AT&T declared Orange as its first telecom partner to test its open-source Enhanced Control, Orchestration, Management, and Policy (ECOMP) platform.

  • OpenWrt Summit 2016 Happened Today, Here Are The Videos/Slides

    The OpenWrt Summit took place today in Berlin. For those that weren't able to make the event or unaware of it but interested in Linux networking, the slides and videos are now available.

    OpenWrt Summit 2016 featured talks on speeding up WiFi, commercial efforts around OpenWrt, OpenWrt in the IoT space, FCC compliance in open-source, GPL enforcement, and more.

  • Veritas to Showcase Software-Defined Storage at OpenStack Summit

    With the OpenStack Summit event in Barcelona rapidly approaching, news is already arriving on some important new technologies in the OpenStack ecosystem. Veritas Technologies announced that it will showcase two of its software-defined storage solutions—HyperScale for OpenStack and Veritas Access—at the summit.

    With OpenStack quickly gaining traction as an open source software platform of choice for public and private clouds, storage management and support for enterprise production workloads is becoming critical for many enterprises.

  • How to Find Funding for an Open Source Project

    Ask people how to find funding for a technology project, and many of them will point to crowdsourcing sites. After all, the Oculus Rift virtual reality headset, the Pebble smartwatch, and even the low-cost Raspberry Pi computer were launched after their inventors collectively raised millions of dollars from contributors. If you happen to have an open source project that you want to get funded, what are some of your options?

  • vmm enabled

    With a small commit, OpenBSD now has a hypervisor and virtualization in-tree. This has been a lot of hard work by Mike Larkin, Reyk Flöter, and many others.

    VMM requires certain hardware features (Intel Nehalem or later, and virtualization enabled in the BIOS) in order to provide VM services, and currently only supports OpenBSD guests.

  • 50 tips for improving your software development game

    How do you keep improving as a software engineer? Some pieces of advice are valid no matter your experience level, but often the advice will depend on where you are in your career.

    If you're a beginner, the best advice is to simply learn your language, frameworks, and tools top to bottom and gain more experience with a variety of different projects.

    If you're an experienced software developer, you should constantly try to find new ways to optimize your code for readability, performance, and maintainability, and then practice making well-reasoned decisions about where to focus time and resources in your code—whether it's testing, performance optimization, or other technical debt.

  • Why You Should Seriously Care About SSH User Keys

    A recent film chronicled the downfall of the US subprime home loan market, and its parallels to the current state of Secure Shell (SSH) protocol and SSH user keys were astonishing.

  • 5900 online stores found skimming [analysis]

    Online card skimming is up 69% since Nov 2015


    In short: hackers gain access to a store’s source code using various unpatched software flaws. Once a store is under control of a perpetrator, a (Javascript) wiretap is installed that funnels live payment data to an off-shore collection server (mostly in Russia). This wiretap operates transparently for customers and the merchant. Skimmed credit cards are then sold on the dark web for the going rate of $30 per card .


Filed under
  • GNU Guile 2.0.13 released [security fixes]

    We've just released a new version of GNU Guile, version 2.0.13, which is a security release for Guile (see the original announcement).

    This handles a significant security vulnerability affecting the live REPL, CVE-2016-8606. Due to the nature of this bug, Guile applications themselves in general aren't vulnerable, but Guile developers are. Arbitrary Scheme code may be used to attack your system in this scenario. (A more minor security issue is also addressed, CVE-2016-8605.)

    There is also a lesson here that applies beyond Guile: the presumption that "localhost" is only accessible by local users can't be guaranteed by modern operating system environments. If you are looking to provide local-execution-only, we recommend using Unix domain sockets or named pipes. Don't rely on localhost plus some port.

  • Free Software Directory meeting recap for October 7th, 2016
  • The Free Software Foundation seeks nominations for the 19th annual Free Software Awards

    This award is presented annually by FSF president Richard Stallman to an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software.

    Individuals who describe their projects as "open" instead of "free" are eligible nonetheless, provided the software is in fact free/libre.

    Last year, Werner Koch was recognized with the Award for the Advancement of Free Software for his work on GnuPG, the de facto tool for encrypted communication. Koch joined a prestigious list of previous winners including Sébastien Jodogne, Matthew Garrett, Dr. Fernando Perez, Yukihiro Matsumoto, Rob Savoye, John Gilmore, Wietse Venema, Harald Welte, Ted Ts'o, Andrew Tridgell, Theo de Raadt, Alan Cox, Larry Lessig, Guido van Rossum, Brian Paul, Miguel de Icaza, and Larry Wall.

Ubuntu Studio 16.10 Released with Ardour 5.0, Blender 2.77a, and LMMS 1.1.3

Filed under

As part of today's Ubuntu 16.10 (Yakkety Yak) release, Canonical also unveiled the new version of the Ubuntu Studio operating system, an official flavor targeted at general multimedia production.

Read more

Ubuntu Kylin 16.10 Arrives for Chinese-Speaking Users, Here's What's New

Filed under

Today, October 13, 2016, was an important day for Ubuntu users, as Canonical launched the release of Ubuntu 16.10 (Yakkety Yak), along with most of its officially recognized derivatives.

Read more

Red Hat launches open source low-code workforce management modules

Filed under
Red Hat

“Modern applications are complex, multi-tiered and omnichannel,” wrote Forrester Research’s Jeffrey Hammond and Michael Facemire in an August report on mobile experience development. “They arrive faster, scale up and down as necessary, and create value quicker than traditional applications – and developers often compose, rather than code, them.

“Development leaders must embrace modern application development techniques to achieve long-term success building mobile experiences.”

Read more

Linksys unveils open source WRT3200ACM Gigabit MU-MIMO Tri-Stream 160 Wi-Fi router

Filed under

The blue 'WRT' routers from Linksys are iconic. These open source-friendly devices have been very popular with in-the-know consumers that enjoy flashing alternative firmware, such as OpenWrt or DD-WRT. This can sometimes provide added features and functionality.

Today, Linksys unveils its latest such offering, the AC3200 WRT Gigabit MU-MIMO Wi-Fi Router (WRT3200ACM). The 802.11AC device features Tri-Stream 160 technology, 512MB DDR3, and a 1.8 GHz Dual Core processor. Despite all of these amazing specifications, it is surprisingly affordable.

Read more

Secure Desktops with Qubes: Compartmentalization

Filed under

This is the third article in my series about Qubes. In the first two articles, I gave an overview about what Qubes is and described how to install it. One of the defining security features of Qubes is how it lets you compartmentalize your different desktop activities into separate VMs. The idea behind security by compartmentalization is that if one of your VMs is compromised, the damage is limited to just that VM.

Read more

elementary OS 0.4: Review and interview with the founder

Filed under

Last month the elementary team released elementary OS “Loki” 0.4.

Needless to say, I wasted no time downloading and installing that bad boy on one of my machines. Even though I tend to use openSUSE on most of my desktops and laptops, I’ve had a soft spot for elementary since its very first release. It’s always been a high-quality, polished system—and the team behind it clearly care a great deal about the user experience.

Read more

3 command-line file conversion tools for Linux

Filed under

Recently, a friend innocently asked me how many file formats there are. My semi-serious response was, "Think of a soup bowl filled with beach sand."

OK, there aren't quite that many file formats. That said, you've probably never heard of many of the formats that are commonly used enough to warrant listing on Wikipedia. Chances are, you'll never see and never use most of them. If, however, you want or need to convert between file formats, then there are a quite a few applications for the job.

Let's take a look at three solid file conversion tools for the Linux command line.

Read more

Study: ‘Open source coders more aware of security’

Filed under

Developers of open source software are generally more aware of code security issues than developers working for the European institutions, according to a study for the European Commission and European Parliament. Developers working for the European institutions have more tools available for management and testing of code security, but using them is not yet a standard practice.

Read more

Midi-Pyrenees French Region remains committed to Free Software

Filed under

“Free software is one of three pillars of our digital strategy”, has confirmed Nadia Pellefigue, the vice-president of the regional council of the Midi-Pyrenees (South-West of France).

“Free software and open source will help the regional industry and employment, because it can mobilise people”, Nadia Pellefigue said. “Public procurement has been spurred but there is still room for improvements”, she added. Cost savings, meaningful local jobs and lower dependencies on foreign firms are the three advantages of free software she listed.

Ms Pellefigue was one of the officials at the Rencontres Régionales du Logiciel Libre (RRLL), which took place in Toulouse in October.

Read more

Syndicate content

More in Tux Machines

A History Of Everyday Linux User's 350 Blog Posts

This article is something of a landmark as it is the 350th post on Everyday Linux User. I took last week off to celebrate. Well actually I went away with the family down to England for a few days and didn't take a computer with me. I did take in Alnwick Castle however which is the location for Hogwarts from the Harry Potter films. Read more

Kodi 17 "Krypton" Beta 4 Released with ARMv8A 64-bit Builds for Android, Fixes

Today, October 25, 2016, Martijn Kaijser had the great pleasure of announcing the release and immediate availability of the fourth, and probably the last Beta milestone of the upcoming Kodi 17 open-source and cross-platform media center software. Read more

GNOME's Epiphany 3.24 Web Browser to Use Firefox Sync Service, HTTPS Everywhere

The GNOME developers are preparing to release the first development version of the upcoming GNOME 3.24 desktop environment, versioned 3.23.1, and we can't help but notice that some of the core apps were updated recently. Read more

Suse: Question. What do you call second-place in ARM enterprise server linux? Answer: Red Hat

ARM TechCon Suse is claiming victory over Red Hat by announcing – and these caveats are all crucial – "the first commercial enterprise Linux distribution optimized for ARM AArch64 architecture servers." In plainer English, Suse has developed an enterprise-grade Linux distribution that runs on 64-bit ARM servers (should you happen to ever find one). Suse claims this software is a world first because it is a finished commercial product, thus beating Red Hat to the punch: Red Hat Enterprise Linux Server for ARM is still only available as a beta-like development preview. Read more