Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 21 Oct 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Security: FUD, Adobe, Cybersecurity Improvement Act, Updates and More

Filed under
Security
  • Focusing on Healthcare Open Source Security Awareness [Ed: More Flexera marketing in the form of scare-mongering]
  • Adobe patches zero-day vulnerability used to plant gov't spying software

    Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.

    On Monday, researchers from Kaspersky Lab revealed the new, previously unknown vulnerability, which has been actively used in the wild by advanced persistent threat (APT) group BlackOasis.

  • IoT Cybersecurity: What's Plan B?

    In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any companies to do anything. It doesn't even modify the liability laws for embedded software. Companies can continue to sell IoT devices with whatever lousy security they want.

  • Security updates for Wednesday
  • Security updates for Thursday
  • Abuse of RESTEasy Default Providers in JBoss EAP

    Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept only a specific media type, JBoss EAP will dynamically process the request with the default provider matching the Content-Type HTTP Header which the client specifies. Some of the default providers where found to have vulnerabilities which have now been removed from JBoss EAP and it's upstream Restful webservice project, RESTEasy.

  • “Security concerns” lead to LTE service shutdown on Chinese Apple Watches

Motorola Moto X4 Android One review: a Nexus by any other name

Filed under
Android
Reviews

That’s been a tough pill for many fans of the prior Nexus phones to swallow, as they frequently offered a lot of specs and performance for a lot less money than other smartphones. You could realistically get a great Nexus phone for under $500 without having to give up the traits that make them great: clean software, fast performance, and timely updates.

Enter Motorola’s new Moto X4 Android One smartphone. While not technically a Nexus phone, it shares many of the same qualities that made the Nexus line so loved. Clean build of Android? Check. Promise of fast updates and years of software support? Check. Reasonable cost? Check.

The $399 X4 won’t appeal to everyone. It’s not meant to compete with the Pixel or other premium phone in terms of features or performance, and its biggest limitation is that it’s only available on Google’s own Project Fi network. (Though it comes unlocked and works with other networks, the only way to buy this flavor of X4 is to be a Fi customer.) But if you’ve been holding on to that aging Nexus 5X hoping something would come along and pick up its mantle, the Moto X4 Android One version is it.

Read more

Xubuntu 17.10 Brings a Refreshed Xfce Experience and Latest Software Updates

Filed under
Ubuntu

The Xubuntu 17.10 operating system has been released today as part of the Ubuntu 17.10 (Artful Aardvark) release, bringing a refreshed Xfce desktop experience, up-to-date components, and many other improvements.

Read more

Also: Kubuntu 17.10 Switches to VLC as Default Media Player, Uses KDE Plasma 5.10.5

Ubuntu Budgie 17.10 Releases with Budgie Desktop 10.4, Night Light, and More

Filed under
Ubuntu

Ubuntu Budgie is a more recent officially recognized flavor of the popular and free Ubuntu operating system, and today it has been updated to version 17.10 as part of the Ubuntu 17.10 (Artful Aardvark) release.

Read more

BeagleBone based 3D printer focuses on ease of use

Filed under
Linux

The “Voladd 3D Printer” features a Linux-driven BeagleBone SBC that connects to a cloud-based sharing site, plus a unique cartridge and cooling system.

San Sebastián, Spain based Voladd has won Kickstarter funding for a Voladd 3D printer that runs Debian Linux on a BeagleBone Black single board computer. Like several other Linux-based printers we’ve seen (see farther below) the Voladd connects to a cloud service, and does not require an attached computer. The printer stands out with its mobile app remote control, as well as a streamlined cloud interface that lets you download one of thousands of free designs in 25 categories and share designs and printer access with others. Kickstarter pricing starts with early bird packages of 499 Euros ($591), with shipments due in December.

Read more

Ubuntu 17.10 Released! See What's New in Ubuntu 17.10

Filed under
News

Ubunt 17.10 has been released. Check out the new features in Ubuntu 17.10 and see how to upgrade to Ubuntu 17.10.

Read more

OSS: Open Source Initiative, Open Xchange, OpenOffice, MakerBot

Filed under
OSS
  • Open Source Initiative Welcomes Cumulus Networks As Premium Sponsor

    The Open Source Initiative® (OSI), the internationally recognized home of the open source software movement working to raise awareness and adoption of open source software, announced today the generous sponsorship of Cumulus Networks. Cumulus joins OSI's growing community of corporations that recognize the importance of not only investing in open source software projects and development, but also building a diverse ecosystem that promotes collaboration, enables innovation, and ensures quality.

    Cumulus Networks has a strong tradition of internally-driven development of original open source software, including most notably, contributions to the Linux kernel that complete the data center feature set for Linux such as Virtual Routing and Forwarding (VRF), MPLS, MLAG infrastructure, multicast routing features, etc. Cumulus' most recent open source effort is FRRouting, co-developed by a group of contributing companies in the open networking space, to enhance routing protocols. Cumulus Networks has also been a key driving member of the Open Network Install Environment (ONIE) with contributions to the Open Compute Project, Prescriptive Topology Manager--which simplifies the deployment of large L3 networks--and ifupdown2, a rewrite of Debian's tool for configuring networks that greatly simplifies large, complicated networking configurations.

  • Let's dig into how open source could KO the Silicon Valley chat silos

    There's never been a better opportunity for the world to start untangling itself from the giant Silicon Valley data harvesters than now. Last week, we revealed a plan to embed open-source chat into three quarters of the world's IMAP servers.

    And this may be an important development. Maybe.

    Google, Yahoo!, Apple and Microsoft handle around half the world's email, some 2.5 billion users, while open-source IMAP servers handle the rest, around 2.5-3 billion. Of these the Dovecot open-source server, part of the German business Open Xchange, is installed on 75 per cent of boxes. Quietly drop IM into the mix, and you've given the world a reason to leave WhatsApp.

  • Open source, agility powering enterprise IT

    Looking back over the past decade, history has certainly demonstrated that trying to predict the pace and nature of technology development is a near impossible task, writes Quentin Barnard, lead architect at redPanda Software.
    While analysts, business leaders and policymakers have certainly made wise predictions, businesses and individuals have to remain agile, responsive and open-minded to a wide possibility of outcomes and developments. It is also helpful, however, to reflect on key trends that have emerged in recent times — and to use this information to prepare for the years ahead.
    For software developers and development houses, several prominent themes emerged in 2017.

  • The Apache Software Foundation Announces Five Years of Apache® OpenOffice™ as a Top-Level Project

    The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the five-year anniversary of Apache® OpenOfficeTM, the leading Open Source office document productivity suite.

  • MakerBot Labs: new experimental 3D printing platform is MakerBot's olive branch to open source community

    New York 3D printing company MakerBot has launched MakerBot Labs, an experimental platform with open APIs, custom print modes, and an online resource-sharing site. The platform purportedly allows users to “push the limits” of 3D printing.

  • MakerBot attempts to embrace the open-source community with its new Labs platform

    The topic of open source has been a touchy one for MakerBot over the past decade. The one-time 3D-printing darling was the subject of some serious smack talk among the maker community when it stopped disclosing machine design in 2012 — a departure from the company’s roots as in the open-source Rep-Rap community.

    Announced this week, MakerBot Labs doesn’t mark a full return to those roots, but it does find the company carving out a niche for the DIY community that was once a driving force in its rapid growth.

    “I understand the history,” CEO Nadav Goshen told TechCrunch during a phone call this week, “This is one step in the direction. It’s a step to understand that there are limitations to openness. Openness for us doesn’t mean we have to compromise on quality or ease of use. We’re trying to take responsibility for both.”

More on Samsung DeX and Bixby

Filed under
GNU
Linux

Security: WPA2, Smartwatches, Google, NSA, Microsoft and Flexera FUD

Filed under
Security
  • WPA2 flaw's worst impact on Android, Linux devices

    The flaw in the WPA2 wireless protocol revealed recently has a critical impact on Android phones running version 6.0 of the mobile operating system and Linux devices, a security researcher says.

  • Why the Krack Wi-Fi Mess Will Take Decades to Clean Up

    But given the millions of routers and other IoT devices that will likely never see a fix, the true cost of Krack could play out for years.

  • 'All wifi networks' are vulnerable to hacking, security expert discovers

    WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers, highlighting potential for internet traffic to be exposed

  • Kids' smartwatches can be 'easily' hacked, says watchdog

    Smartwatches bought for children who do not necessarily need them can be hacked [sic], according to a warning out of Norway and its local Consumer Council (NCC).

  • John Lewis pulls children's smartwatch from sale over spying fears

    The Norwegian Consumer Council (NCC) revealed that several brands of children’s smartwatch, have such poor security controls that hackers [sic] could easily follow their movements and eavesdrop on conversations.

  • Google's 'Advanced Protection' Locks Down Accounts Like Never Before

    Google hasn't shared the details of what that process entails. But the CDT's Hall, whom Google briefed on the details, says it will include a "cooling-off" period that will lock the account for a period of time while the user proves his or her identity via several other factors. That slowed-down, intensive check is designed to make the account-recovery process a far less appealing backdoor into victims' data.

  • NSA won't say if it knew about KRACK, but don't look to this leaked doc for answers

    Given how involved the NSA has been with remote and local exploitation of networks, systems, devices, and even individuals, many put two and two together and assumed the worst.

    What compounded the matter was that some were pointing to a 2010-dated top secret NSA document leaked by whistleblower Edward Snowden, which detailed a hacking tool called BADDECISION, an "802.11 CNE tool" -- essentially an exploit designed to target wireless networks by using a man-in-the-middle attack within range of the network. It then uses a frame injection technique to redirect targets to one of the NSA's own servers, which acts as a "matchmaker" to supply the best malware for the target device to ensure it's compromised for the long-term. The slide said the hacking tool "works for WPA/WPA2," suggesting that BADDECISION could bypass the encryption.

    Cue the conspiracy theories. No wonder some thought the hacking tool was an early NSA-only version of KRACK.

  • You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early [Ed: Says the company that gives back doors to the NSA and attacks FOSS with patents, lobbying etc.]
  • Why Open Source Security Matters for Healthcare Orgs [Ed: marketing slant for firms that spread FUD]

    Open source software can help healthcare organizations remain flexible as they adopt new IT solutions, but if entities lack open source security measures it can lead to larger cybersecurity issues. A recent survey found that organizations in numerous industries might not be paying enough attention to potential open source risk factors.

    Half of all code used in commercial and Internet of Things (IoT) software products is open source, but only 37 percent of organizations have an open source acquisition or usage policy, according to a recent Flexera report.

    More than 400 commercial software suppliers and in-house software development teams were interviewed, with respondent roles including software developers, DevOps, IT, engineering, legal, and security.

Games: JASEM, openage, Riskers, Rise to Ruins, Slime Rancher

Filed under
Gaming

The most promising linux distributions in 2017

Filed under
GNU
Linux

Linux distributions have already gained recognition of its users and with every year new products appear in the market. Many of them focus on the certain tasks, so you can’t create a single list of the best ones. Here we have chosen several fields of Linux use and those distributions that have all chances to take the initial positions in their niche in 2017.

Read more

Ubuntu 17.10 (Artful Aardvark) released

Filed under
Ubuntu

Codenamed "Artful Aardvark", Ubuntu 17.10 continues Ubuntu's proud
tradition of integrating the latest and greatest open source technology
into a high-quality, easy-to-use Linux distribution. As always, the
team has been hard at work through this cycle, introducing new features
and fixing bugs.

Under the hood, there have been updates to many core packages, including
a new 4.13-based kernel, glibc 2.26, gcc 7.2, and much more.

Ubuntu Desktop has had a major overhaul, with the switch from Unity as
our default desktop to GNOME3 and gnome-shell. Along with that, there
are the usual incremental improvements, with newer versions of GTK and
Qt, and updates to major packages like Firefox and LibreOffice.

Read more

Also: Ubuntu 17.10 Debuts Officially with GNOME 3.26 on Top of Wayland, Linux 4.13

How to: Upgrade Ubuntu 17.04 to Ubuntu 17.10

Ubuntu 17.10 ISOs Officially Released

10 Things To Do After Installing Ubuntu 17.10

Ubuntu 17.10 Now Available to Download, This Is What’s New

How to Enable Night Light on Ubuntu 17.10

Ubuntu 17.10 Artful Aardvark Released With New Features — Download Torrents And ISO Files Here

Ubuntu Flavors, Including Ubuntu MATE 17.10, Are Available to Download

Ubuntu 17.10 'Artful Aardvark' ditches Unity for Gnome

Top 7 open source terminal emulators for Linux

Filed under
Linux
OSS

Are you a system administrator, Linux power user, or someone who just spends a lot of time at the command line? Chances are your choice of terminal emulator says something about you. Do you prefer something lightweight? Full of features and customizable options? Or do you just use the default that ships with your distribution?

If you're not familiar with terminal emulator clients, essentially they are graphical applications that give you shell access to your machine. By using a text-mode interface to your computer, you can unleash the true power of Linux and the many applications that provide fast, efficient, and customizable control over its every function, not to mention many utilities that system administrators and developers rely on for their day-to-day work. To get to the shell from your system's graphical interface, you need a terminal emulator.

Read more

NVIDIA ups Competition Using Open Source Collaboration

Filed under
OSS

Let’s imagine that you are a company with a very successful if nuanced product. Graphics accelerator chips, for example.

Hypothetically speaking, imagine that you find an interesting use for your chip in a rising market defined by a burgeoning technology. If you need an example, just use deep learning AI software.

Now, let’s say this proves to be a massive windfall for your company, raising its stock prices tenfold in just three short years.

What do you do with this fortunate turn of events?

Do you start designing your own AI chips based on your original design and remain one of the top competitors in this new market, or do you go open source and give your chip architecture designs to the public?

Read more

Ubuntu 17.10 (Artful Aardvark) Is Now Available to Download

Filed under
Ubuntu

While there's no official announcement published at the moment of writing, Canonical released the final ISO images of the Ubuntu 17.10 (Artful Aardvark) operating systems and its derivatives.

Read more

Also: Ubuntu 17.10 Ships Today - Arguably Its Most Interesting Release In Years

Security: WPA2, RSA/TPM, and Microsoft Breach

Filed under
Security
  • Google and Apple yet to fix Wi-Fi hole in a billion devices

    The WPA2 security protocol has been a mandatory requirement for all devices using the Wi-Fi protocol since 2006, which translates into billions of laptops, mobiles and routers. The weakness identified by Mathy Vanhoef, a digital security researcher at the Catholic University of Leuven (KUL) in Belgium, lies in the way devices running WPA2 encrypt information.

  • The Flawed System Behind the Krack Wi-Fi Meltdown

    No software is perfect. Bugs are inevitable now and then. But experts say that software standards that impact millions of devices are too often developed behind closed doors, making it difficult for the broader security community to assess potential flaws and vulnerabilities early on. They can lack full documentation even months or years after their release.

  • Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

    Security experts say the bug has been present since 2012 and found specifically in the Infineon’s Trusted Platform Module used on a large number of business-class HP, Lenovo and Fijitsu computers, Google Chromebooks as well as routers and IoT devices.

  • ROCA: RSA encryption key flaw puts 'millions' of devices at risk

    This results in cyber criminals computing the private part of an RSA key and affects chips manufactured from 2012 onwards, which are now commonplace in the industry.

  • Infineon RSA Key Generation Issue

    Yubico estimates that approximately 2% of YubiKey customers utilize the functionality affected by this issue. We have addressed this issue in all shipments of YubiKey 4, YubiKey 4 Nano, and YubiKey 4C, since June 6, 2017.

  • Microsoft remains tight-lipped about 2013 internal database hack [sic]

    A secretive internal database used by Microsoft to track bugs in its software was compromised by hackers [sic] in 2013.

  • Exclusive: Microsoft responded quietly after detecting secret database hack in 2013

    Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking [sic] group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

Red Hat reduces IoT tradeoffs and Asia Coverage

Filed under
Red Hat
  • Industry Spotlight: Red Hat reduces IoT tradeoffs

    Organizations rolling out the IoT usually aren’t prepared for the additional complexity. With the IoT, data volumes grow exponentially, infrastructure management gets more complicated and the security vulnerabilities increase disproportionately. Nevertheless, IT departments are expected to handle all these changes competently without proportional increases in budget or other resources.

  • Analyse Asia 211: Red Hat in Asia & Open Innovation Institute with Dirk-Peter van Leeuwen

    Dirk-Peter van Leeuwen, senior vice president & general manager at Redhat, Asia Pacific, joined us to discuss the company’s footprint across Asia and the recent launch of their new Open Innovation Institute in Singapore. We discuss how Asian companies are in different phases of digital transformation from culture to innovation and adjusting against digital disruption.

Syndicate content

More in Tux Machines

LWN on Linux: LTS, API, Pointer Leaks and Linux Plumbers Conference (LPC)

  • Cramming features into LTS kernel releases
    While the 4.14 development cycle has not been the busiest ever (12,500 changesets merged as of this writing, slightly more than 4.13 at this stage of the cycle), it has been seen as a rougher experience than its predecessors. There are all kinds of reasons why one cycle might be smoother than another, but it is not unreasonable to wonder whether the fact that 4.14 is a long-term support (LTS) release has affected how this cycle has gone. Indeed, when he released 4.14-rc3, Linus Torvalds complained that this cycle was more painful than most, and suggested that the long-term support status may be a part of the problem. A couple of recent pulls into the mainline highlight the pressures that, increasingly, apply to LTS releases. As was discussed in this article, the 4.14 kernel will include some changes to the kernel timer API aimed at making it more efficient, more like contemporary in-kernel APIs, and easier to harden. While API changes are normally confined to the merge window, this change was pulled into the mainline for the 4.14-rc3 release. The late merge has led to a small amount of grumbling in the community.
  • Improving the kernel timers API
    The kernel's timer interface has been around for a long time, and its API shows it. Beyond a lack of conformance with current in-kernel interface patterns, the timer API is not as efficient as it could be and stands in the way of ongoing kernel-hardening efforts. A late addition to the 4.14 kernel paves the way toward a wholesale change of this API to address these problems.
  • What's the best way to prevent kernel pointer leaks?
    An attacker who seeks to compromise a running kernel by overwriting kernel data structures or forcing a jump to specific kernel code must, in either case, have some idea of where the target objects are in memory. Techniques like kernel address-space layout randomization have been created in the hope of denying that knowledge, but that effort is wasted if the kernel leaks information about where it has been placed in memory. Developers have been plugging pointer leaks for years but, as a recent discussion shows, there is still some disagreement over the best way to prevent attackers from learning about the kernel's address-space layout. There are a number of ways for a kernel pointer value to find its way out to user space, but the most common path by far is the printk() function. There are on the order of 50,000 printk() calls in the kernel, any of which might include the value of a kernel pointer. Other places in the kernel use the underlying vsprintf() mechanism to format data for virtual files; they, too, often leak pointer values. A blanket ban on printing pointer values could solve this problem — if it could be properly enforced — but it would also prevent printing such values when they are really needed. Debugging kernel problems is one obvious use case for printing pointers, but there are others.
  • Continuous-integration testing for Intel graphics
    Two separate talks, at two different venues, give us a look into the kinds of testing that the Intel graphics team is doing. Daniel Vetter had a short presentation as part of the Testing and Fuzzing microconference at the Linux Plumbers Conference (LPC). His colleague, Martin Peres, gave a somewhat longer talk, complete with demos, at the X.Org Developers Conference (XDC). The picture they paint is a pleasing one: there is lots of testing going on there. But there are problems as well; that amount of testing runs afoul of bugs elsewhere in the kernel, which makes the job harder. Developing for upstream requires good testing, Peres said. If the development team is not doing that, features that land in the upstream kernel will be broken, which is not desirable. Using continuous-integration (CI) along with pre-merge testing allows the person making a change to make sure they did not break anything else in the process of landing their feature. That scales better as the number of developers grows and it allows developers to concentrate on feature development, rather than bug fixing when someone else finds the problem. It also promotes a better understanding of the code base; developers learn more "by breaking stuff", which lets them see the connections and dependencies between different parts of the code.

An update on GnuPG

The GNU Privacy Guard (GnuPG) is one of the fundamental tools that allows a distributed group to have trust in its communications. Werner Koch, lead developer of GnuPG, spoke about it at Kernel Recipes: what's in the new 2.2 version, when older versions will reach their end of life, and how development will proceed going forward. He also spoke at some length on the issue of best-practice key management and how GnuPG is evolving to assist. It is less than three years since attention was focused on the perilous position of GnuPG; because of systematic failure of the community to fund its development, Koch was considering packing it all in. The Snowden revelations persuaded him to keep going a little longer, then in the wake of Heartbleed there was a resurgent interest in funding the things we all rely on. Heartbleed led to the founding of the Core Infrastructure Initiative (CII). A grant from CII joined commitments from several companies and other organizations and an upsurge in community funding has put GnuPG on a more secure footing going forward. Read more

Ubuntu: GNOME, New Video, Ubuntu Podcast, Refreshing the Xubuntu Logo

  • Ubuntu 17.10: We're coming GNOME! Plenty that's Artful in Aardvark, with a few Wayland wails
    Ubuntu has done a good job of integrating a few plugins that improve GNOME's user experience compared to stock GNOME – most notably a modified version of the Dash-to-Dock and the App Indicator extensions, which go a long way toward making GNOME a bit more like Unity. It's worth noting that Ubuntu's fork of Dash-to-Dock lacks some features of the original, but you can uninstall the Ubuntu version in favour of the original if you prefer. In fact you can really revert to a pretty stock GNOME desktop with just a few tweaks. Canonical said it wasn't going to heavily modify GNOME and indeed it hasn't.
  • What’s New in Ubuntu 17.10 Artful Aardvark
  • Ubuntu Podcast: S10E33 – Aggressive Judicious Frame
    This week we’ve been protecting our privacy with LineageOS and playing Rust. Telegram get fined, your cloud is being used to mine BitCoin, Google announces a new privacy focused product tier, North Korea hacks a UK TV studio, a new fully branded attack vector is unveiled and Purism reach their funding goal for the Librem 5.
  • Refreshing the Xubuntu logo
    Earlier this year I worked a bit with our logo to propose a small change to it – first change to the logo in 5 years. The team approved, but for various reasons the new logo did not make it to 17.10. Now we’re ready to push it out to the world.

Intel Linux and GCC Work

  • Intel Begins Landing GFNI Support In GCC 8
    Intel compiler engineers have begun landing "GFNI" support within the GNU Compiler Collection as one of the new ISA extensions not expected until the Icelake processor debut.
  • Control-Flow Enforcement Technology Begins To Land In GCC 8
    Intel Control-flow Enforcement Technology (CET) support has begun landing within the GNU Compiler Collection (GCC) for this code safety feature. Patches have been in the works for several months while now the start of the patches are being merged to mainline. Coincidentally, at the same time Intel is also landing their GFNI instruction patches in GCC as well.
  • Intel Continues Landing New i915 DRM Features For Linux 4.15
    Jani Nikula has sent in another drm-intel-next update for David Airlie's DRM-Next tree. They continue prepping more updates to their Direct Rendering Manager (DRM) for targeting the upcoming Linux 4.15 cycle. There have already been several Intel "i915" DRM driver updates queued in DRM-Next for this new kernel version. Past pulls have included marking Coffeelake graphics as stable, continued Cannonlake "Gen 10" graphics enablement, various display improvements, and quite a lot of other low-level code improvements.