Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 24 Feb 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Video: TedX talk - Richard Stallman Roy Schestowitz 22/08/2014 - 10:07pm
Story Eclipse Luna for Fedora 20 Rianne Schestowitz 22/08/2014 - 9:42pm
Story Patch By Patch, LLVM Clang Gets Better At Building The Linux Kernel Rianne Schestowitz 22/08/2014 - 9:30pm
Story Today in Techrights Roy Schestowitz 22/08/2014 - 9:26pm
Story Wayland and Weston 1.6 alpha snapshot (1.5.91) Rianne Schestowitz 22/08/2014 - 9:03pm
Story Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated Rianne Schestowitz 22/08/2014 - 8:54pm
Story Apache Tomcat 8.0.0 RC11 Now Available for Download and Testing Rianne Schestowitz 22/08/2014 - 8:50pm
Story Operating System U Rianne Schestowitz 22/08/2014 - 8:46pm
Story Backup Your PC with Clonezilla Live 2.2.4-1 Rianne Schestowitz 22/08/2014 - 8:32pm
Story Emulator brings x86 Linux apps to ARM devices Rianne Schestowitz 22/08/2014 - 8:29pm

Is open source losing its soul?

Filed under
OSS

cnet.com: Has open source come to include so much that it's somewhat meaningless? If so, should we return to the free-software roots that defined its infancy?

The Myth of the Freeloading User

Filed under
Linux

linuxfoundation.org: Michael Scharf of the Eclipse Project got things going last month in a blog entry that railed against "freeloaders." This argument keeps coming up every once in a while, and every time it does, I find it short-sided at best.

Linux Mint 7

Filed under
Linux

blog.jjtcomputing: Linux Mint has always been a great distro, taking the excellent points of Ubuntu, and removing some of the bad points, such as the lack of multimedia plugins, and replacing the warm brown with a cool crisp green.

Building an open source stack for social software

Filed under
OSS

fastforwardblog.com: It would be hard to deny that open source has changed enterprise computing in a big way. Right now however, it is mostly commercial vendors creating enterprise social software products. So, what’s next for Open Source in the enterprise?

Red Hat Sees Strong Demand For Cloud Computing

Filed under
Linux

informationweek.com: As many as 50 of its customers have begun building private compute clouds using Red Hat Linux, says Red Hat CEO Jim Whitehurst.

Microsoft may shoot itself in the foot with Win 7 pricing

Filed under
Microsoft

computerworld.com: Believe it or not, I rather like Windows 7. Windows 7 is exactly what Microsoft needs in order to recover from its Vista fiasco. Too bad the company seems to want to shoot itself in the foot.

What makes a good Linux distribution?

Filed under
Linux

blogs.techrepublic.com: Lately I have written various articles that have stirred the pot regarding the various Linux distributions available. I have heard quite a bit of dislike for Ubuntu, GNOME, and KDE 4. In fact I have heard opinions from people that make me wonder why they even use Linux.

The fight over open source 'leeches'

Filed under
OSS

computerworld.com: "Leeches" -- that's how Dave Rosenberg, co-founder and former CEO of MuleSource, and now part of the founding team of RiverMuse, refers to companies that use open source technology but don't give back.

...then you win. Then what?

Filed under
OSS

blogs.the451group: Last week I asked the question, if open source has won, then where do we go from here? A number of different answers were forthcoming to the two parts of the question.

Linux standardization is not the end of the world

Filed under
Linux

raiden.net: I've been hearing an ever increasing cry for Linux standardization over the past couple of months, with Googles most recent cry being the loudest. And yet we still hear the same tired old mantra from Linux geeks galore that says “Standardization will kill what Linux is and what it stands for.”

Linux does not equal an unwashed foulmouthed rebel

Filed under
Linux

toolbox.com/blogs: If you use Linux then you are automatically a geek, an unwashed, pizza eating, cola and coffee swilling, obnoxious and scruffy rebel who just wants to stick it to the man.

OpenOffice.org New User Orientation

Filed under
OOo

blog.worldlabel: Welcome to OpenOffice.org, the world-class office suite that’s also free and open source. This is your new-user orientation.

Dailymotion tests non-Flash video portal

Filed under
Web

h-online.com: French video portal Dailymotion is ditching the use of proprietary plug-ins such as Flash and Silverlight for its "pré bêta" Dailymotion site. Instead, the open video site is exploring the possibilities offered by HTML 5 and the pre-release version of Firefox 3.5.

Free as Free Can Be--gNewSense Linux 2.2

Filed under
Linux

extremetech.com: Linux has, in some ways, always been a bit politicized in the sense that there are true believers among Linux users and developers that all software should be truly free. gNewSense Linux is geared toward those who want a truly free Linux distribution.

IBM Luring Unix Customers Onto Linux Mainframes

Filed under
Linux

eweekeurope.co.uk: IBM, which is seeing a continued resurgence in the mainframe space, is offering new migration services and financial incentives in hopes of luring away some HP and Sun Unix customers

DistroWatch Weekly, Issue 305

Filed under
Linux

This week in DistroWatch Weekly:

  • Reviews: Taking a look at Debris Linux

  • Tips and tricks: Running openSUSE "Factory"
  • News: OpenSolaris readies 2009.06, Fedora slips 11 again, FreeBSD 8.0 enters code freeze, NetBSD gets a new binary package manager, Debian gets improved support for Eee PC, openSUSE community develops a new Moblin distro, Ubuntu User magazine
  • Released last week: Linux Mint 7, CentOS 5.3 "Live CD"
  • Upcoming releases: OpenSolaris 2009.06
  • Donations: SliTaz GNU/Linux receives US$200
  • New additions: Debris Linux
  • New distributions: Foxy Linux
  • Reader comments

Read more in this week's issue of DistroWatch Weekly....

OpenSolaris is becoming more like regular Solaris

Filed under
OS

infoworld.com: Lines are beginning to blur between the open source and commercial versions of the Sun Microsystems Solaris Unix operating system.

Linux market share growing, growing, growing

Filed under
Linux

itwire.com: What is the true market share for Linux? A: Depends who you ask! You can find desktop penetration of 1%, 2% and 4% - and a server share right up to 46%!

Ubuntu Desktop: Plenty of sizzle, not much steak

Filed under
Ubuntu

networkworld.com: Ubuntu 9.0.4 Desktop, nicknamed Jaunty Jackalope, is likely to continue the Mac-like cult following for Canonical's Debian-based Linux distribution. But there's not a lot new here.

Syndicate content

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers