Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 24 May 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Pi Desktop: This kit turns your Raspberry Pi into a Linux desktop Rianne Schestowitz 20/05/2017 - 9:18am
Story [Review] Antergos Is More Than Just A Noob’s Arch Linux Rianne Schestowitz 20/05/2017 - 9:14am
Story Events: QtCon, Akademy, Free and Open Source Software Compliance, Linux Plumbers Conference Rianne Schestowitz 20/05/2017 - 12:19am
Story Fedora Leftovers Rianne Schestowitz 20/05/2017 - 12:11am
Story PCLinuxOS Roll-Up Release: Another Linux installed on my new notebook Rianne Schestowitz 19/05/2017 - 11:30pm
Story SUSE EOL and Tumbleweed Rianne Schestowitz 19/05/2017 - 11:22pm
Story GNOME News Rianne Schestowitz 19/05/2017 - 11:14pm
Story Red Hat Financial News Rianne Schestowitz 19/05/2017 - 11:00pm
Story OpenMandriva Lx 3.02 Distro Is Being Prepped with KDE Plasma 5.9.5 and Mesa 17.1 Rianne Schestowitz 19/05/2017 - 10:52pm
Story Ubuntu Leftovers Rianne Schestowitz 19/05/2017 - 10:51pm

GNU/Linux Review: Ubuntu MATE 17.04 Zesty Zapus

Filed under
Reviews
Ubuntu

Ubuntu MATE 17.04 has been released at April 13th 2017. Here is a review for this user-friendly, desktop-oriented operating system with highly customizable interface and complete set of software. It keeps the same user-experience from the old Ubuntu GNOME2 era while also providing 4 other desktop layout choices (that resemble OS X, Windows, and Unity plus a Netbook-friendly look) and user can transform between them anytime. With only around 550MB of RAM idle use and the latest MATE 1.18, Ubuntu MATE 17.04 becomes an ultimate desktop choice for everyone. I hope you'll enjoy this review and be comfortable with 17.04.

Read more

Eric Hameleers on Slackware

Filed under
Slack
  • Some thoughts on the recent updates in Slackware-current

    Last week, a new LTS kernel (4.9.26), new glibc (2.25) and a new gcc compiler suite (7.1.0) landed in Slackware-current. Note that gcc no longer contains the Java compiler (gcj): subsequently Slackware’s gcc-java package has been removed from slackware-current.
    We are at the head of the herd again folks. There is not yet any other distro that ships with the gcc-7 compiler by default. This will certainly pose some challenges for people who compile their stuff themselves – the SBo team warned their community about scripts that require patches to compile against gcc-7.

  • liveslak 1.1.8 and new ISO images

    Not much news of late about my ‘liveslak‘ scripts. I occasionally tweak them but the modifications these days are fairly minor. I stamped a new version on the repository this week: liveslak 1.1.8 on the occasion that I wanted to generate and upload a fresh series of Slackware-current based Live ISO images. After all, liveslak is meant to be a showcase of what Slackware-current is all about, and with the recent updates to kernel, gcc, glibc and more, a refresh was more than welcome.

  • Palemoon browser

    The Pale Moon browser was forked off the Mozilla Firefox codebase a couple of years ago, before Firefox switched to the Australis User Interface. Since then, the project has steadily been diverging from the Firefox codebase, optimizing its Gecko layout engine and rebranding that to ‘Goanna’ (which is the name of just another lizard). The community has a large vote in the direction the Pale Moon browser’s features are taking.

  • Chromium packages refreshed with v58

    I really like my new job. It is exciting, rewarding, but also demanding, and I find that I have a lot less free time at hand these days than I used to when I was with IBM. Hacking Slackware is becoming a luxury. Simply, because I realized how easily I can lose my job when an administrator puts my name in a spreadsheet… so I work my ass off and try to convince everyone that I am indispensable. Works so far.

  • Adobe Flash security update May ’17

Security News, Notably Microsoft/NSA Catastrophe

Filed under
Microsoft
Security
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

LinuxAndUbuntu Distro Review Of The Week Bodhi Linux

Filed under
Linux

​Bodhi Linux is essentially one of those distributions which try to bring your old PC back to life but at the same time, tries to make it look like it is still keeping up with the latest trends in Design and Interface. And with every new release, its community is growing larger and larger. We will look at the latest release which comes with a new theme and more bug fixes (more on this later).

Read<br />
more

Linux 4.12-rc1

Filed under
Linux

Linus Torvalds has went ahead and closed the Linux 4.12 kernel merge window one day early with the release of 4.12-rc1.

Linus wrote of 4.12-rc1, "Despite it being fairly large, it has (so far) been pretty smooth. I don't think I personally saw any breakage at all, which is always nice. Usually I end up having something break, or trigger some silly build failure that really should have been noticed before it even got to me, but so far things are looking good. Famous last words."

Read more

Also: Linux 4.12-rc1 Kernel Released One Day Early

today's leftovers

Filed under
News
  • FLOSS Weekly 432: FreeNAS

    Simon was co-host of the lively interview with the FreeNAS project last week on FLOSS Weekly 432.

  • Oracle Is Working On Interrupt-Aware Scheduler For Linux

    Rohit Jain of Oracle's Linux kernel team is working on an interrupt aware scheduler, which should improve performance for workloads with interrupt activity.

  • VC4 Raspberry Pi 3D Driver Development Has Been Busy This Spring

    Broadcom developer Eric Anholt has been busy this spring leading the charge on advancing the VC4 DRM+Gallium3D driver stack that most notably is used by Raspberry Pi devices for a fully-open graphics driver stack.

  • CoreOS releases Tectonic 1.6.2 with Kubernetes

    In CoreOS’ latest Tectonic release, it is providing several features to deliver enterprise Kubernetes. Tectonic 1.6.2 comes with major updates, like Kubernetes 1.6.2, and backend Terraform support for Tectonic Installer on AWS and bare metal.

    In this release, the Tectonic Installer is now supported by Terraform, a tool for safely launching and building infrastructure. According to head of product at CoreOS Mackenzie Burnett, in a blog post, shipping Tectonic with Terraform is “setting the stage” for scriptable and customizable installations of self-hosted Kubernetes on AWS and bare metal.

Leftovers: Software (Ebook Authoring Tools, Feedreader, and Wire)

Filed under
Software
  • Top 5 Ebook Authoring Tools for Linux

    Ebooks are quickly becoming the most popular publication medium for books. More people than ever are buying their books in digital form, and ebooks open up an invaluable opportunity for publishers and self-published authors alike. ebooks are even a popular tool for inbound marketing and lead generation.

    If you want to create your own ebook in Linux, you have some excellent options, and they’re all free (both as in beer and freedom) and open source.

    These aren’t in any particular order. They’re all great, and you should choose the one that best fits your use case and style.

  • Is Feedreader the Best RSS Reader for Ubuntu?

    Many people still read the news from RSS feeds, using services like Feedly, Feedbin and Old Reader to fetch, read and sync content between devices – myself very much included. Feedreader is a desktop RSS reader for Ubuntu and other Linux desktops. It has a clean, straightforward design with a three-panel layout.

  • Wire – A Secure Open Source Chat Application for Linux Systems

    We have covered many VoIP applications in past like Skype, Ring, Viber, etc. Today we are going to cover about wire. Wire is another VoIP applications which has full end-to-end encryption and best alternative for Skype users since Skype doesn’t offer all the features which is available for Windows and there is no proper updates for Linux too.

Fedora 25 and Fedora 26

Filed under
Red Hat

Tizen and Android

Filed under
Android
Linux

Leftovers: OSS and Sharing

Filed under
OSS

Security Leftovers

Filed under
Security
  • Intel's Management Engine is a security hazard, and users need a way to disable it

    Since 2008, most of Intel’s CPUs have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

    This post will describe the nature of the vulnerabilities (thanks to Matthew Garrett for documenting them well), and the potential for similar bugs in the future. EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our CPUs, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

  • 'Accidental hero' halts ransomware attack and warns: this is not over

    Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

  • Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

    Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

  • Vanilla Forums has a plain-flavoured zero-day

    The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016.

    Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.”

    The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as its default transport, as discussed by Legal Hackers here.

  • Google Fuzzing Service Uncovers 1K Bugs in Open-Source Projects

    Today’s topics include Google’s fuzzing service uncovering more than 1,000 bugs in open-source projects in five months, VMware helping Google make Chromebooks better for business; Edward Snowden advocating the need for open source and OpenStack; and Dell EMC aiming servers at data center modernization efforts.

Graphics in Linux: Vega/AMD

Filed under
Graphics/Benchmarks

Neptune Plasma 5 ISO Update May

Filed under
GNU
Linux

We are proud to announce the may update for our Neptune Plasma 5 ISO.

This version comes again with numerous detail improvements. We updated the Excalibur applicationmenu and improved it to support scrolling through your favorites and showing more than 3 sysactions.

Read more

Linux 4.12 Gained A Lot Of Weight: More Than One Million New Lines

Filed under
Linux

With big merges this cycle from the DRM additions, a lot of new staging code, and more, the Linux 4.12 kernel is a bit heavier... Here's some numbers.

Curious how Linux 4.12 sizes in with the merge window closing this weekend and all major code pulled for it, here are some Git statistics I ran this morning on the tree for seeing how much 4.12 has grown over Linux 4.11.

Read more

CIOs growing weary of database lock-in, increasingly buying into open source

Filed under
OSS

Oracle's annual revenue has been flat for the last five years, with new license revenue in steady decline during that same period. According to co-CEO Mark Hurd, however, Oracle can decline for decades and still retain its top spot on the database heap. He may be right.

Despite growth from would-be challengers, the database provides the ultimate lock-in. As such, the real question is not how fast companies will dump Oracle for rival databases, but rather how fast cloud computing will grow, given Oracle's relative weakness in that area.

Read more

Security Leftovers

Filed under
Security
  • Six things you need to know about IoT security
  • OpenStack Cloud Security Moves Forward

    When it comes to understanding security in the cloud and specifically security in OpenStack clouds, there are many factors to consider. In a panel session moderated by eWEEK at the OpenStack Summit in Boston, leaders from across different elements of the OpenStack security spectrum provided insight and recommendations on cloud security.

    Security is a broad term in the OpenStack context and isn't just one single item. There is the OpenStack Security Project, which has a mission to help build tools and processes that help to secure OpenStack and its various projects. There is also the Vulnerability Management Team (VMT) that handles vulnerabilities for OpenStack project. Security in OpenStack is also reflected in various OpenStack projects, including notably Project Barbican for security key management. Finally there is just general security for cloud deployment by operators, which includes secure configuration and monitoring.

  • We Wuz Warned

    The tools that are infecting computers worldwide were indeed developed by, and then leaked from, the NSA. (Thanks for nothing, spooks.) The bitcoin.com article contains tips about how to protect yourself, and links to Windows patches, if you haven't yet been hit. Fortunately for us, the attacks seem to be focused on Windows systems; our Linux desktops are so far unscathed.

  • NSA-created cyber tool spawns global attacks — and victims include Russia

    Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia, with Russia among the hardest-hit countries.

    But the Department of Homeland Security told POLITICO it had not confirmed any attacks in the U.S. on government targets or vital industries, such as hospitals and banks.

  • GCHQ tweeted about keeping Britain cyber-safe and it majorly backfired
  • Leaked NSA Hacking Tool On Global Ransomware Rampage [Ed: No, the problem isn't "patching" or "upgrade", the problem is Windows itself, irrespective of which version (back doors)]

    Thus, there's some debate online about whether the "problem" here is organizations who don't upgrade/patch or the NSA. Of course, these things are not mutually exclusive: you can reasonably blame both. Failing to update and patch your computers is a bad idea these days -- especially for large organizations with IT staff who should know better.

  • An NSA-derived ransomware worm is shutting down computers worldwide
  • WCry is so mean Microsoft issues patch for 3 unsupported Windows versions [Ed: Back doors in old versions of Windows belatedly closed because Microsoft risks losing millions of useds [sic] for good]

Graphics in Linux

Filed under
Graphics/Benchmarks
  • Mesa 17.0.6 Released With Polaris 12 RADV Support

    For those that haven't yet switched over to the newly-stable Mesa 17.1 series, last quarter's Mesa 17.0 series was just updated with the v17.0.6 point release.

  • Radeon's ROCm OpenCL Runtime Finally Open-Sourced

    AMD has made good on their word to open-source their ROCm OpenCL stack.

    AMD hadn't been contributing much to their Clover-based Gallium3D OpenCL stack in quite some time as their focus shifted to their ROCm-based compute stack with plans to eventually open up their OpenCL implementation. That implementation is now available as open-source.

  • Mesa 17.2 Planned For Release Mid-August

    With Mesa 17.1 having been released this week, the release calendar has been updated for Mesa 17.2.

  • Vulkan 1.0.49 Introduces Two New Extensions

    It had been close to one month since the last Vulkan update, which is rare since usually point releases to Vulkan 1.0 ship every week or two. But with the wait comes many bug fixes to the specifications as well as two new specifications.

    Vulkan 1.0.49 contains a number of document clarifications, new commentary, and in total fixes four GitHub issues and 11 internal issues.

NHS Cautionary Tale About Windows

Filed under
Microsoft
Security
Syndicate content

More in Tux Machines

Graphics News

More of today's howtos

GNOME News: Black Lab Drops GNOME and Further GNOME Experiments in Meson

  • Ubuntu-Based Black Lab Enterprise Linux 11.0.1 Drops GNOME 3 for MATE Desktop
    Coming about two weeks after the release of Black Lab Enterprise Linux 11, which is based on the Ubuntu 16.04.2 LTS (Xenial Xerus) operating system using the HWE (hardware enablement) kernel from Ubuntu 16.10 (Yakkety Yak), Black Lab Enterprise Linux 11.0.1 appears to be an unexpected maintenance update addressing a few important issues reported by users lately.
  • 3.26 Developments
    My approach to development can often differ from my peers. I prefer to spend the early phase of a cycle doing lots of prototypes of various features we plan to implement. That allows me to have the confidence necessary to know early in the cycle what I can finish and where to ask for help.
  • Further experiments in Meson
    Meson is definitely getting more traction in GNOME (and other projects), with many components adding support for it in parallel to autotools, or outright switching to it. There are still bugs, here and there, and we definitely need to improve build environments — like Continuous — to support Meson out of the box, but all in all I’m really happy about not having to deal with autotools any more, as well as being able to build the G* stack much more quickly when doing continuous integration.

Fedora and Red Hat