Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 22 Jul 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Titlesort icon Author Replies Last Post
Story 3 open source genealogy tools for mapping your family tree Roy Schestowitz 17/12/2015 - 1:15pm
Story 3 open source personal finance tools for Linux Roy Schestowitz 07/01/2016 - 10:45am
Story 3 tools that make scanning on the Linux desktop quick and easy Roy Schestowitz 23/09/2014 - 8:05pm
Story 4 open source alternatives to Dreamweaver Roy Schestowitz 24/03/2016 - 10:40am
Story 4 open source tools I used to write a Linux book Roy Schestowitz 06/07/2016 - 8:10am
Story 4 steps to creating a thriving open source project Roy Schestowitz 26/05/2015 - 3:48pm
Story 4 tips for how to migrate to Drupal Roy Schestowitz 20/02/2015 - 12:49pm
Story 4 versatile boards for fast, inexpensive IoT development Roy Schestowitz 10/10/2016 - 8:44am
Story 5 open access journals for open source enthusiasts Roy Schestowitz 21/10/2014 - 8:04am
Story 5 open source projects to join in 2015 Roy Schestowitz 05/01/2015 - 6:23pm

Openwashing Latest

Filed under
OSS

Security: Spectre V1, Gentoo, Google’s Servers and Denuvo DRM

Filed under
Security
  • Spectre V1 defense in GCC
  • Signing and distributing Gentoo

    The compromise of the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefully to the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo—even if the distribution's own infrastructure were to be compromised.

    Unlike other distributions, Gentoo is focused on each user building the software packages they want using the Portage software-management tool. This is done by using the emerge tool, which is the usual interface to Portage. Software "packages" are stored as ebuilds, which are sets of files that contain the information and code needed by Portage to build the software. The GitHub compromise altered the ebuilds for three packages to add malicious content so that users who pulled from those repositories would get it.

    Ebuilds are stored in the /usr/portage directory on each system. That local repository is updated using emerge --sync (which uses rsync under the hood), either from Gentoo's infrastructure or one of its mirrors. Alternatively, users can use emerge-webrsync to get snapshots of the Gentoo repository, which are updated daily. Snapshots are individually signed by the Gentoo infrastructure OpenPGP keys, while the /usr/portage tree is signed by way of Manifest files that list the hash of each file in a directory. The top-level Manifest is signed by the infrastructure team, so following and verifying the chain of hashes down to a particular file (while also making sure there are no unlisted files) ensures that the right files are present in the tree.

  • Here’s How Hackers Are Using Google’s Servers To Host Malware For Free
  • Pirates Punish Denuvo-Protected Games With Poor Ratings

    Denuvo's anti-piracy technology is a thorn in the side of game pirates. While it has been defeated on several occasions recently, the strict anti-piracy measures have not been without consequence. According to new research, Denuvo has frustrated pirates to a point where they sabotage reviews on Metacritic, leading to significantly lower ratings for protected games.

Games: EXAPUNKS, Minecraft, The Station, Chicken Assassin: Reloaded, Stack Gun Heroes

Filed under
Gaming

GUADEC 2018 and GNOME

Filed under
GNOME
  • Felipe Borges: Summing up GUADEC 2018

    This year’s edition was once again a blast. The best opportunity to put faces into the names we interact daily throughout the communication channels of our community, and to meet new folk.

    Once again a volunteer, this year a chaired the sessions in the auditorium during the first day, organized one of the newcomers activities, and the football game. Don’t forget to check out the conference photos.

  • GUADEC 2018 (It’s a Gitlab world)

    GUADEC in Almería was a great opportunity to catch up with some technologies in the GNOME world, hang out with lovely folks again, and spend time at the beach.

  • Jakub Steiner: Detail Considered Harmful

    As many moons have passed since GNOME 3, it’s fair to stop and reconsider the aesthetic choices we made. We don’t actually present app icons at small resolutions anymore. Pixel perfection sounds like a great slogan, but maybe this is another area that dillutes our focus. Asking app authors to craft pixel precise variants that nobody actually sees? Complex size lookup infrastructure that prominent applications like Blender fail to utilize properly?

    [...]

    The irony of the previous blog post is not lost on me, as I’ve been seduced by the shading and detail of these highres artworks. But every day it’s more obvious that we need to do a dramatic redesign of the app icon style. Perhaps allowing to programatically generate the unstable/nightlies style. Allow a faster turnaround for keeping the style contemporary and in sync what other platforms are doing. Right now, the dated nature of our current guidelines shows.

More Android Leftovers (Mostly Microsoft's Antitrust Push Against Android)

Filed under
Android

Ubuntu 17.10 Reaches End of Life, Existing Users Must Upgrade to 18.04

Filed under
News

Ubuntu 17.10 reached the end of life on 19th July 2018. This means that systems running Ubuntu 17.10 won’t receive security and maintenance updates from Canonical anymore leaving them vulnerable.
Read more

3 big steps toward building authentic developer communities

Filed under
OSS

As more software businesses are selling open source products, we've seen a corresponding rise in the emphasis of building out developer communities around these products as a key metric for success. Happy users are passionate advocates, and these passionate advocates raise overall awareness of a company's product offerings. Attract the right vocal influencers into your community, and customers become more interested in forming a relationship with your company.

Doing community building the right way, however, is a delicate balance. Undercut the needs of your user community in favor of driving sales, and your company will face a decrease in adoption and unfavorable brand awareness. Meanwhile, too little focus on the bottom line isn't good for the company. So how can this tension be balanced effectively, especially in a world in which developers are the "new kingmakers" and meeting their sensibilities is a cornerstone of driving corporate purchasing decisions?

Over the past year, I've thought a lot about how to do effective community building while building the business bottom line. In this article, I'll outline three big steps to take toward building authentic, productive, sustainable developer communities.

Read more

Also: A 4-step plan for creating teams that aren't afraid to fail

Amid the 20th anniversary of open source, Tim O’Reilly warns that platform companies built on open-source software have lost their way

Filed under
OSS

It’s rare to hear Chinese philosophy quoted on stage at a software-development conference. But O’Reilly Media founder and CEO Tim O’Reilly invoked the words of Lao Tzu Wednesday morning during the opening keynotes at OSCON 2018 in hopes of convincing those in attendance — many of whom work for the big internet platform companies of our time — that the tech industry needs to return to the spirit of openness and collaboration that drove the early days of the open-source community before it is too late.

“We have an opportunity with these next generation of systems, to rebuild, to rethink the future, to discover what does it mean to get these systems right,” O’Reilly said. If the first era of the internet was dominated by open protocols, and the second era was dominated by the rise of huge platform companies like Amazon, Google, and Facebook, the third era we’re about to enter presents a chance to get it right again.

Read more

Speech to Text conversion in Linux

Filed under
Linux

This is how you can convert speech to text in Linux systems using Google Docs. There are not much speech recognition software available in Linux systems including native desktop apps. There are some apps available which uses IBM Watson and other APIs to convert speech to text but they are not user-friendly and requires advanced level of user interactions e.g. little bit of programming or scripting in respective languages.

However not many users know that Google Docs provides an advanced level of Speech Recognition using its own AI technologies which can be accessed via Chrome in Google Docs. Any category of user can use this feature to convert speech to text and this requires no advanced level of computer knowledge. The best thing about this feature of Google Docs is you can use it in any Ubuntu derivatives, any Linux distributions including Windows where Chrome is available.

Read more

Ubuntu 17.10 (Artful Aardvark) Reached End of Life, Upgrade to Ubuntu 18.04 LTS

Filed under
Ubuntu

Released nine months ago on October 19, 2017, Ubuntu 17.10 was dubbed "Artful Aardvark" by Canonical CEO Mark Shuttleworth because it was the first release of the Ubuntu Linux operating system to ship with the GNOME desktop environment instead of Unity on the Desktop edition.

To due to the sudden move from Unity to GNOME, Ubuntu 17.10 brought several substantial changes, such as the switch to the next-generation Wayland display server by default instead of X.Org Server, a decision that was reverted with the release of Ubuntu 18.04 LTS (Bionic Beaver), and the discontinuation of the Ubuntu GNOME flavor.

Read more

How to add Linux to your Chromebook

Filed under
Linux
HowTos

It's long been possible to run Linux on a Chromebook. That's no surprise. After all, Chrome OS is a Linux variant. But, doing it by using either Crouton in a chroot container or Gallium OS, a Xubuntu Chromebook-specific Linux variant, wasn't easy. Then, Google announced it was bringing a completely integrated Linux desktop to the Chromebook.

Today, with a properly-equipped Chromebook and the bravery to run canary code, you can run Debian Linux on your Chromebook. Here's how to do it.

This new Chromebook Linux feature is Crostini, the umbrella technology for getting Linux running with Chrome OS. Crostini gets enough Linux running to run KVM, Linux's built-in virtual machine (VM). On top of this, Crostini starts and runs LXC containers. You won't see it, unless you look closely, but it's in those containers that your Debian Linux instances are running.

Read more

Linux File Server Guide

Filed under
Linux

Linux file servers play an essential role. The ability to share files is a basic expectation with any modern operating system in the workplace. When using one of the popular Linux distributions, you have a few different file sharing options to choose from. Some of them are simple but not that secure. Others are highly secure, yet require some know-how to set up initially.

Once set up on a dedicated machine, you can utilize these file sharing technologies on a dedicated file server. This article will address these technologies and provide some guidance on choosing one option over another.

Read more

Security: SSL, Microsoft Windows TCO, Security Breach Detection and SIM Hijackers

Filed under
Security
  • Why Does Google Chrome Say Websites Are “Not Secure”?

    Starting with Chrome 68, Google Chrome labels all non-HTTPS websites as “Not Secure.” Nothing else has changed—HTTP websites are just as secure as they’ve always been—but Google is giving the entire web a shove towards secure, encrypted connections.

  • Biggest Voting Machine Maker Admits -- Ooops -- That It Installed Remote Access Software After First Denying It [Ed: Microsoft Windows TCO]

    We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ.

    What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago.

  • Bringing cybersecurity to the DNC [Ed: Microsoft Windows TCO. Microsoft Exchange was used.]

    When Raffi Krikorian joined the Democratic National Committee (DNC) as chief technology officer, the party was still reeling from its devastating loss in 2016 — and the stunning cyberattacks that resulted in high-level officials’ emails being embarrassingly leaked online.

  • Getting Started with Successful Security Breach Detection

    Organizations historically believed that security software and tools were effective at protecting them from hackers. Today, this is no longer the case, as modern businesses are now connected in a digital global supply ecosystem with a web of connections to customers and suppliers. Often, organizations are attacked as part of a larger attack on one of their customers or suppliers. They represent low hanging fruit for hackers, as many organizations have not invested in operationalizing security breach detection.

    As this new reality takes hold in the marketplace, many will be tempted to invest in new technology tools to plug the perceived security hole and move on with their current activities. However, this approach is doomed to fail. Security is not a "set it and forget it" type of thing. Defending an organization from a breach requires a careful balance of tools and operational practices -- operational practices being the more important element.

  • The SIM Hijackers

    By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

GNU/Linux Desktops/Laptops and Windows Spying

Filed under
GNU
Linux
  • Changes [Pop!_OS]

    For the last 12 years, my main development machine has been a Mac. As of last week, it’s a Dell XPS 13 running Pop!_OS 18.04.

    [...]

    Take note: this is the first operating system I’ve used that is simpler, more elegant, and does certain things better than macOS.

  • System76 Opens Manufacturing Facility to Build Linux Laptops

    As it turns out, System76 is making the transition from a Linux-based computer seller, into a complete Linux-based computer manufacturer. The Twitter photos are from their new manufacturing facility. This means that System76 will no longer be slapping their logo on other company’s laptops and shipping them out, but making their own in-house laptops for consumers.

  • Extension adding Windows Timeline support to third-party browsers should have raised more privacy questions

    Windows Timeline is a unified activity history explorer that received a prominent placement next to the Start menu button in Windows 10 earlier this year. You can see all your activities including your web browser history and app activity across all your Windows devices in one place; and pickup and resume activities you were doing on other devices. This is a useful and cool feature, but it’s also a privacy nightmare.

    You may have read about a cool new browser extension that adds your web browsing history from third-party web browsers — including Firefox, Google Chrome, Vivaldi, and others — to Windows Timeline. The extension attracted some media attention from outlets like MSPoweruser, Neowin, The Verge, and Windows Central.

Public money, public code? FSFE spearheads open-source initiative

Filed under
OSS

Last September, the non-profit Free Software Foundation Europe (FSFE) launched a new campaign that calls for EU-wide legislation that requires publicly financed software developed for the public sector to be made publicly available under a free and open-source software license.

According to the ‘Public Money, Public Code’ open letter, free and open-source software in the public sector would enable anyone to “use, study, share, and improve applications used on a daily basis”.

The initiative, says the non-profit, would provide safeguards against public sector organizations being locked into services from specific companies that use “restrictive licenses” to hinder competition.

The FSFE also says the open-source model would help improve security in the public sector, as it would allow backdoors and other vulnerabilities to fixed quickly, without depending on one single service provider.

Since its launch, the Public Money, Public Code initiative has gained the support of 150 organizations, including WordPress Foundation, Wikimedia Foundation, and Tor, along with nearly 18,000 individuals.

With the initiative now approaching its first anniversary, The Daily Swig caught up with FSFE spokesperson Paul Brown, who discussed the campaign’s progress.

Read more

Best Tools to Access Remote Linux Desktop

Filed under
GNU
Linux

Nowadays, you can’t carry your system or laptop everywhere. So to make the things more manageable, there is a service of remote access that gives you full access to your system from anywhere. It is made possible by the Microsoft that developed a remote desktop protocol (RDP), which offers a graphical interface to connect to a remote system over a network connection.

Read more

Syndicate content

More in Tux Machines

KDE Applications 18.08 Software Suite Enters Beta, Adds Apple Wallet Pass Reader

With KDE Applications 18.04 reached end of life with the third and last point release, the KDE Project started working earlier this month on the next release of their open-source software suite, KDE Applications 18.08. KDE Applications is an open-source software suite designed as part of the KDE ecosystem, but can also be used independently on any Linux-based operating system. To fully enjoy the KDE Plasma desktop environment, users will also need to install various of the apps that are distributed as part of the KDE Applications initiative. KDE Applications 18.08 is the next major version of the open-source software suite slated for release on August 16, 2018. As of yesterday, July 20, the KDE Applications 18.08 software suite entered beta testing as version 18.07.80, introducing two new libraries, KPkPass and KItinerary. Read more

NetBSD 8.0 Released

  • Announcing NetBSD 8.0
    The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.
  • NetBSD 8.0 Officially Released With USB3 Support, Security Improvements & UEFI
    While it's been on mirrors for a few days, NetBSD 8.0 was officially released this weekend. NetBSD 8.0 represents this BSD operating system project's 16th major release and introduces USB 3.0 support, an in-kernel audio mixer, a new socket layer, Meltdown/Spectre mitigation, eager FPU support, SMAP support, UEFI boot-loader support for x86/x86_64 hardware, and a variety of long sought after improvements -- many of which are improving the security of NetBSD.
  • NetBSD 8.0 Released with Spectre V2/V4, Meltdown, and Lazy FPU Mitigations
    The NetBSD open-source operating system has been updated this week to version 8.0, a major release that finally brings mitigations for all the Spectre variants, Meltdown, and Lazy FPU security vulnerabilities, as well as many stability improvements and bug fixes. Coming seven months after the first and last point release of the NetBSD 7 series, NetBSD 8.0 is here with mitigations for both the Spectre Variant 2 (CVE-2017-5715) and Spectre Variant 4 (CVE-2018-3639) security vulnerabilities, as well as for the Meltdown (CVE-2017-5754) and Lazy FPU State Save/Restore (CVE-2018-3665) vulnerabilities.

Neptune 5.4

We are proud to announce version 5.4 of Neptune . This update represents the current state of Neptune 5 and renews the ISO file so if you install Neptune you don't have to download tons of Updates. In this update we introduce a new look and feel package called Neptune Dark. This comes together with an modified icon theme optimized for dark themes called Faenza Dark. We improved hardware support further by providing Linux Kernel 4.16.16 with improved drivers and bugfixes. Read more

Plasma 5.14 Wallpaper “Cluster”

The time for a new Plasma wallpaper is here, so for 5.14 I’m excited to offer up “Cluster”. But first, please allow me to gush for a moment. In tandem with Inkscape, this is the first wallpaper for KDE produced using the ever excellent Krita. For graphic design my computer has a bit of beef to it, but when I work with Inkscape or GIMP things always chug just a bit more than I feel they should. Whenever I’ve had the distinct pleasure of opening Krita, even on my lesser powered laptop, it’s always been productive, rewarding, and performant. I’m looking forward to using Krita more in future wallpapers. *claps for Krita* Read more