Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 28 Feb 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Games for GNU/Linux Roy Schestowitz 27/02/2017 - 12:08pm
Story The Great Debian Iceweasel/Icedove Saga Comes to an End Rianne Schestowitz 27/02/2017 - 10:56am
Story Releases: Linux From Scratch 8.0, LEDE 17.01, 4MRescueKit 21.0 Roy Schestowitz 27/02/2017 - 10:45am
Story Linux Kernel News Roy Schestowitz 27/02/2017 - 10:29am
Story Today in Techrights Roy Schestowitz 27/02/2017 - 10:10am
Story FreeBSD-Based TrueOS Operating System Gets New Jail Tools, Automounting Feature Rianne Schestowitz 27/02/2017 - 12:47am
Story Calamares 3.1 Distribution-Independent Linux Installer Officially Released Rianne Schestowitz 27/02/2017 - 12:46am
Story Reiser4 Updated For The Linux 4.10 Kernel Rianne Schestowitz 27/02/2017 - 12:44am
Story Voyager 9 Linux Distro Enters Development, Now Based on Debian 9 "Stretch" Rianne Schestowitz 27/02/2017 - 12:40am
Story Black Lab Linux Gets First Weekly ISOs, Adds Linux Kernel 4.8 from Ubuntu 16.10 Rianne Schestowitz 27/02/2017 - 12:38am

Linux 4.11 and the Linux Foundation

Filed under
Linux
  • RADV Vulkan Performance Appears To Improve With Linux 4.11

    A few days ago I posted some results of surprise performance improvements for a Radeon RX 470 when testing the DRM-Next code queued for Linux 4.11. I've now tested that kernel on more systems and can confirm at least benefits more widespread for RADV's Vulkan performance.

  • New ARM SoCs & Board Support In The Linux 4.11 Kernel

    Arnd Bergmann has submitted the big batch of ARM hardware changes for the Linux 4.11 kernel merge window.

  • Linus Ends Up Accepting The DRM Changes For Linux 4.11

    While Linus Torvalds yesterday was criticizing the DRM code quality using colorful language and threatening not to accept the DRM changes for Linux 4.11, he ended up merging the code to mainline.

    After complaining about the code and making some changes to it for reducing the compiler warnings, he ended up letting all of this new Direct Rendering Manager code be merged rather than dropping TinyDRM or not merging any DRM code at all.

  • Better Turbo Boost Max 3.0 Support Is Landing For Linux 4.11

    Better support for Intel Turbo Boost Max 3.0 are among the changes to find with the platform-drivers-x86 updates for the Linux 4.11 kernel.

    With Linux 4.10 came initial Turbo Boost Max 3.0 (TBM3) support, but it was only enabled for systems with the motherboard/BIOS exposing hardware P-States. For many Broadwell-E boards, including mine, this wasn't the case and as such TBM 3.0 isn't currently working on systems like my Core i7 6800K. But Intel developers have been working on expanded Turbo Boost Max 3.0 support for non-HWP systems and that code is now set to land for Linux 4.11.

  • MD RAID Optimizations, Btrfs Fixes For Linux 4.11

    The MD pull request was submitted on Friday for the Linux 4.11 kernel as were the Btrfs file-system changes.

    Chris Mason's pull request of new feature material for Linux 4.11 wasn't particularly exciting. The Btrfs updates primarily include fixes and code clean-ups. There's been a lot of code polishing and fixing that happened by multiple developers, but not much in the way of new feature work.

  • Project consolidation continues at The Linux Foundation

Games for GNU/Linux

Filed under
Gaming

Bodhi Linux review

Filed under
Reviews

Bodhi Linux is a lightweight Ubuntu-based distro that appeared on the scene back in 2011. Its system requirements are among the lowest out there for any desktop Linux flavour. It can even run on a non-PAE CPU with 128MB of RAM and a 300MHz processor.

We didn’t have one of those lying around, but we did have a pretty old and dusty PC which we could test it on. The OS boasts a simple Ubiquity install process (just like you get on Ubuntu) and it’s a thoroughly usable, and not at all bad-looking, distro.

Read more

Also: Best power user Linux distros in 2017: 5 reviewed and rated

Fresh Supply of FOSS FUD

Filed under
OSS
  • Think open source software is free? Think again… [Ed: Think open source FUD is dead? Think again… gymnastics in logic and cherry-picking]
  • Open Source: Not Pragmatic After All? [Ed: FUD that is repeating Microsoft talking points and dirty tricks in Munich, pretending that proprietary software never ceases development]

    Another open-source project, the Mozilla-backed (and Dipert-beloved) Thunderbird email client also mentioned as atypically thriving in my late-2012 blog post, is now also struggling. As is Firefox itself, which recently wound down its Firefox OS-for-smartphones efforts and is also facing browser add-on developer defections due to its embrace of Chrome-model APIs and other changes. Even mighty Linux is struggling with developer-induced bugs. Wonder if all this uncertainty is behind longstanding open-source poster child Munich, Germany's reconsideration of Microsoft products?

  • You Can’t Get Around Code Scanning if You Care About Open Source Licenses [Ed: Let's just pretend there are no issues associated with proprietary licensing, renewal, patching etc.]

Red Hat and Fedora

Filed under
Red Hat

Linux Kernel News

Filed under
Linux
  • Linux Foundation smushes two smaller projects together to form Open Networking Automation Platform

    The Linux Foundation announced yesterday that it had combined open source ECOMP and the Open Orchestrator Project into ONAP, the Open Networking Automation Platform, with the aim of helping users automate network service delivery, design, and service through a unified standard.

    Jim Zemlin, executive director of the Linux Foundation, said that ONAP should be a boon to enterprise IT departments, thanks to improved speed and flexibility.

  • Linux Foundation merges Open Source ECOMP, OPEN-O, further harmonizes virtualization group efforts

    Open source ECOMP and the Open Orchestrator Project (OPEN-O) have merged to create the new Open Network Automation Platform (ONAP) Project, further harmonizing the ever-growing array of disparate virtualization groups.

    ONAP will allow end users to automate, design, orchestrate, and manage services and virtual functions.

  • I am a Cranky, White, Male Feminist

    Today, I was re-reading an linux.com article from 2014 by Leslie Hawthorne which had been reshared by the Linux Foundation Facebook account yesterday in honor of #GirlDay2017 (which I was regrettably unaware of until it was over). It wasn’t so much the specific content of the article that got me thinking, but instead the level of discourse that it “inspired” on the Facebook thread that pointed me there (I will not link to it as it is unpleasant and reflects poorly on The Linux Foundation, an organization which is in most circumstances largely benevolent).

  • encyclopedia snabb and the case of the foreign drivers

    Peoples of the blogosphere, welcome back to the solipsism! Happy 2017 and all that. Today's missive is about Snabb (formerly Snabb Switch), a high-speed networking project we've been working on at work for some years now.

    What's Snabb all about you say? Good question and I have a nice answer for you in video and third-party textual form! This year I managed to make it to linux.conf.au in lovely Tasmania. Tasmania is amazing, with wild wombats and pademelons and devils and wallabies and all kinds of things, and they let me talk about Snabb.

Security News

Filed under
Security
  • Security updates for Friday
  • [Older] Microsoft Delays February Patch Tuesday Updates Until Next Month

    It was created by Microsoft as a way to have a standard delivery date/schedule for updates that were being provided for the companies software. This allowed a lot of stability for users and IT Pros so they could be prepared for the monthly distribution oof the updates.

    Well this month Microsoft has hit a snag with their monthly Patch Tuesday.

  • Watershed SHA1 collision just broke the WebKit repository, others may follow

    The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.

  • Cloudflare Reverse Proxies are Dumping Uninitialized Memory

    Thanks to Josh Triplett for sending us this Google Project Zero report about a dump of unitialized memory caused by Cloudflare's reverse proxies. "A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield" feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security. "

  • Secure your system with SELinux

    SELinux is well known as the most sophisticated Linux Mandatory Access Control (MAC) System. If you install any Fedora or Redhat operating System it is enabled by default and running in enforcing mode. So far so good.

Entroware Launches Ubuntu-Powered Aether Laptop with Intel Kaby Lake CPUs

Filed under
Ubuntu

Softpedia was informed today, February 24, 2017, by Entroware, a UK-based hardware manufacturer known for building and selling desktops, laptops, and servers with the popular Ubuntu Linux operating system pre-installed, about a brand-new product.

Read more

3 little things in Linux 4.10 that will make a big difference

Filed under
Linux

Linux never sleeps. Linus Torvalds is already hard at work pulling together changes for the next version of the kernel (4.11). But with Linux 4.10 now out, three groups of changes are worth paying close attention to because they improve performance and enable feature sets that weren’t possible before on Linux.

Here’s a rundown of those changes to 4.10 and what they likely will mean for you, your cloud providers, and your Linux applications.

Read more

SODIMM-style module runs Linux on VIA’s 1GHz Cortex-A9 SoC

Filed under
Android
Linux

VIA unveiled an SODIMM-style COM based on its Cortex-A9 WM8850 SoC, with 512MB RAM and 8GB eMMC, plus Ethernet, CSI, graphics, USB, and serial ports.

The 68.6 x 43mm “SOM-6X50” computer-on-module appears to be VIA’s second-ever ARM COM. Back in Sept. 2015, the company released a 70 x 70mm Qseven form factor QSM-8Q60 COM, based on a 1GHz NXP DualLite SoC.

Read more

today's leftovers

Filed under
Misc
  • LinuXatUSIL – Previas 2 for #LinuxPlaya

    Damian from GNOME Argentina explained us some code based on this tutorial and the widgets in Glade were presented.

  • RancherOS v0.8.0 released! [Ed: and a bugfix release, 0.8.1, out today]

    RancherOS v0.8.0 is now available! This release has taken a bit more time than prior versions, as we’ve been laying more groundwork to allow us to do much faster updates, and to release more often.

  • The Technicals For Red Hat, Inc. (RHT) Tell An Interesting Tale
  • Ubuntu 17.04 Beta 1 Released | New Features And Download

    Ubuntu 17.04 Zesty Zapus Beta 1 release is finally here. If you’re interested, you can go ahead and download the ISO images of the participating flavors, which are, Lubuntu, Kubuntu, Xubuntu, Ubuntu Budgie, Ubuntu GNOME, Ubuntu Kylin, and Ubuntu Studio. Powered by Linux kernel 4.10, these releases feature the latest stable versions of their respective desktop environments. This release will be followed by the Final Beta release on March 23 and final release on April 13.

  • Ubuntu 17.04 Beta 1 Now Available to Download

    The first beta releases in the Ubuntu 17.04 development cycle are ready for testing, with Xubuntu, Ubuntu GNOME and Ubuntu Budgie among the flavors taking part.

FOSS Policies

Filed under
OSS
Legal

Leftovers: BSD

Filed under
BSD

Security Leftovers

Filed under
Security
  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves

    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.

    SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.

    However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.

  • on pgp

    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor.

    However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.

  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history

    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started.

    For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.

  • Serious Cloudflare bug exposed a potpourri of secret customer data

    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users.

    A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines.

    "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

Filed under
Security
  • Change all the passwords (again)

    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.

  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]

    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.

  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!

    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.

  • SHA1 collision via ASCII art

    Happy SHA1 collision day everybody!

    If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.

  • PayThink Knowledge is power in fighting new Android attack bot

    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime.

    It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.

  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation

    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges.

    Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users.

    Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers

Filed under
Android
Syndicate content

More in Tux Machines

Linux Kernel and Graphics

Security News

  • Windows 10 least secure of Windows versions: study
    Windows 10 was the least secure of of current Windows versions in 2016, with 46% more vulnerabilities than either Windows 8 or 8.1, according to an analysis of Microsoft's own security bulletins in 2016. Security firm Avecto said its research, titled "2016 Microsoft Vulnerabilities Study: Mitigating risk by removing user privileges", had also found that a vast majority of vulnerabilities found in Microsoft products could be mitigated by removing admin rights. The research found that, despite its claims to being the "most secure" of Microsoft's operating systems, Windows 10 had 395 vulnerabilities in 2016, while Windows 8 and 8.1 each had 265. The research also found that while 530 Microsoft vulnerabilities were reported — marginally up from the 524 reported in 2015 — and 189 given a critical rating, 94% could be mitigated by removing admin rights. This was up from 85% in 2015.
  • Windows 10 Creators Update can block Win32 apps if they’re not from the Store [Ed: By Microsoft Peter. People who put Vista 10 on a PC totally lose control of that PC; remember, the OS itself is malware, as per textbook definitions. With DRM and other antifeatures expect copyright enforcement on the desktop soon.]
    The latest Windows 10 Insider Preview build doesn't add much in the way of features—it's mostly just bug fixes—but one small new feature has been spotted, and it could be contentious. Vitor Mikaelson noticed that the latest build lets you restrict the installation of applications built using the Win32 API.
  • Router assimilated into the Borg, sends 3TB in 24 hours
    "Well, f**k." Harsh language was appropriate under the circumstances. My router had just been hacked. Setting up a reliable home network has always been a challenge for me. I live in a cramped three-story house, and I don't like running cables. So my router's position is determined by the fiber modem in a corner on the bottom floor. Not long after we moved in, I realized that our old Airport Extreme was not delivering much signal to the attic, where two game-obsessed occupants fought for bandwidth. I tried all sorts of things. I extended the network. I used Ethernet-over-powerline connectors to deliver network access. I made a mystic circle and danced naked under the full moon. We lost neighbors, but we didn't gain a signal.
  • Purism's Librem 13 Coreboot Port Now "100%" Complete
    According to Purism's Youness Alaoui, their Coreboot port to the Librem 13 v1 laptop is now considered complete. The Librem 13 was long talked about having Coreboot over a proprietary BIOS while the initial models still had shipped with the conventional BIOS. Finally in 2017, they have now Coreboot at what they consider to be 100% complete for this Linux-friendly laptop.
  • The Librem 13 v1 coreboot port is now complete
    Here are the news you’ve been waiting for: the coreboot port for the Librem 13 v1 is 100% done! I fixed all of the remaining issues, it is now fully working and is stable, ready for others to enjoy. I fixed the instability problem with the M.2 SATA port, finished running all the tests to ensure coreboot is working correctly, fixed the headphone jack that was not working, made the boot prettier, and started investigating the Intel Management Engine issue.
  • Linux Update Fixes 11-Year-Old Flaw
    Andrey Konovalov, a security researcher at Google, found a use-after-free hole within Linux, CSO Online reported. This particular flaw is of interest because it appears to be situational. It only showed up in kernels built with a certain configuration option — CONFIG_IP_DCCP — enabled.

Kerala saves Rs 300 cr as schools switch to open software

The Kerala government has made a saving of Rs 300 crore through introduction and adoption of Free & Open Source Software (FOSS) in the school education sector, said a state government official on Sunday. IT became a compulsory subject in Kerala schools from 2003, but it was in 2005 only that FOSS was introduced in a phased manner and started to replace proprietary software. The decision made by the curriculum committee to implement it in the higher secondary sector has also been completed now. Read more

Tired of Windows and MAC computer systems? Linux may now be ready for prime time

Are you a bit tired of the same old options of salt and pepper, meaning having to choose only between the venerable Windows and MAC computer operating systems? Looking to branch out a bit, maybe take a walk on the wild side, learn some new things and save money? If so, the Linux operating system, which has been around for a long time and is used and loved by many hard-core techies and developers, may now be ready for prime time with the masses. Read more