Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 17 Dec 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story KDE Applications 17.12 Lands with Dolphin Enhancements, HiDPI Support for Okular Rianne Schestowitz 14/12/2017 - 11:29pm
Story Stable kernels 4.14.6 and 4.9.69 Rianne Schestowitz 14/12/2017 - 6:29pm
Story Introducing bolt: Thunderbolt 3 security levels for GNU/Linux Rianne Schestowitz 14/12/2017 - 6:24pm
Story Elementary LibreOffice Rianne Schestowitz 14/12/2017 - 6:22pm
Story Huawei Mate9 Rianne Schestowitz 14/12/2017 - 6:18pm
Story Today in Techrights Roy Schestowitz 14/12/2017 - 8:30am
Story today's leftover Roy Schestowitz 14/12/2017 - 7:11am
Story Ataribox and Chromebooks Roy Schestowitz 14/12/2017 - 7:06am
Story 5 Kubernetes must-reads: Tips and trends Roy Schestowitz 14/12/2017 - 7:04am
Story Australian Securities Exchange completes Red Hat migration Roy Schestowitz 14/12/2017 - 6:54am

Security: NSA, Microsoft Debacles, and FOSS Updates

Filed under
Security
  • Script Recovers Event Logs Doctored by NSA Hacking Tool

    Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines.

    Last week, Fox-IT published a Python script that recovers event log entries deleted using the "eventlogedit" utility that's part of DanderSpritz, a supposed NSA cyber-weapon that was leaked online by a hacking group known as the Shadow Brokers.

    According to Fox-IT, they found a flaw in the DanderSpritz log cleaner when they realized the utility does not actually delete event log entries, but only unreferences them, merging entries together.

  • Pre-Installed Keylogger Discovered on Hundreds of HP Laptop Models

    A keylogger that can help record pretty much every keystroke on the computer has been discovered on HP’s devices, with a security researcher revealing that hundreds of laptop models come with this hidden software pre-installed.

    Michael Myng says in an analysis of the keylogger that the malicious code is hiding in the Synaptics Touchpad software and he actually discovered it when looking into ways to control the keyboard backlight on his laptop.

    According to his findings, the keylogger isn’t activated by default, but it can be turned on by any cybercriminals that get access to the system. The list of affected models includes hundreds of laptops like EliteBook, ProBook, Spectre, Zbook, Envy, and Pavilion.

  • Laptop touchpad driver included extra feature: a keylogger [Ed: This is the second time in recent times HP gets caught with keyloggers; This is no accident, it's intentional.]

    Flaws in software often offer a potential path for attackers to install malicious software, but you wouldn't necessarily expect a hardware vendor to include potentially malicious software built right into its device drivers. But that's exactly what a security researcher found while poking around the internals of a driver for a touchpad commonly used on HP notebook computers—a keystroke logger that could be turned on with a simple change to its configuration in the Windows registry.

  • Microsoft Needed 110 Days to Fix Critical Security Bug After First Ignoring It

    Microsoft needed more than 100 days to fix a critical credential leak in Dynamics 365 after the company originally ignored the bug report and only reacted after being warned that details could go public.

    Software engineer Matthias Gliwka explains in a long blog post that he discovered and reported a security flaw in Microsoft’s Customer Relationship Manager and Enterprise Resource Planning software in August, but the software giant refused to fix it on claims that administrator credentials would be required.

    Gliwka says he came across a wildcard transport layer security (TLS) certificate that also included the private key, which would in turn expose communications by anyone who could decrypt traffic. The developer says that extracting the certificate grants access to any sandbox environment, with absolutely no warning or message displayed to clients.

  • UK Spy Agency Finds Severe Flaw in Microsoft Antivirus in Kaspersky Bye-Bye Push
  • Security updates for Monday

OSS Leftovers

Filed under
OSS
  • What is a blockchain smart contract?

    Now, in a blockchain, the important thing is that once the state has changed, you then ensure it's recorded on the blockchain so that it's public and nobody can change or challenge it. But there are other uses for blockchain technology, as I explained in "Is blockchain a security topic?" Permissionless systems, often referred to as distributed ledger technologies (DLTs) are a great fit for non-transactional state models, largely because the sort of people who are interested in them are closed groups of organisations that want to have complex sets of conditions met before they move to the next state. These aren't, by the tightest definition, blockchains. Banks and other financial institutions may be the most obvious examples where DLTs are gaining traction, but they are very useful in supply chain sectors, for instance, where you may have conditions around changing market rates, availability, and shipping times or costs, which may all play into the final price of the commodity or service being provided.

  • Running a successful open source project

    Running an open source project is easy. All you have to do is make your source code available and you’re open source, right? Well, maybe. Ultimately, whether or not an open source project is successful depends on your definition of success. Regardless of your definition, creating an open source project can be a lot of work. If you have goals regarding adoption, for example, then you need to be prepared to invest. While open source software is “free as in beer”, it’s not really free: time and energy are valuable resources and these valuable resources need to be invested in the project.

    So, how do you invest those resources?

  • New package repositories are now enabled by default

    During this year’s coding sprint in Toulouse (which I was able to attend, thanks to being in Europe on a study-abroad program), I spent a lot of time massaging HaikuPorts to generate a consistent-enough state of packages for us to switch to them by default, and then making the in-tree changes necessary for the switch. Thanks to this and mmlr’s comprehensive overhaul of the HaikuPorter Buildmaster over the past couple months, we have finally switched to the new repositories by default as of hrev51620. If you’ve installed a nightly image from after this, you should be able to just pkgman full-sync and upgrade away.

  • Haiku OS Is Very Close To Their Long Awaited Beta, New Repository Working

    The BeOS-inspired Haiku operating system should be issuing its long-awaited beta release by early 2018.

    For months there has been talk of the long-awaited beta for Haiku OS while it looks like roughly within the next month we should be actually seeing this milestone.

  • DeepVariant: Tool to call out variants in sequencing data goes open source

    Megan Molteni, Wired, decoded, at least, the very nature of the challenge to know more about our human puzzle. "Today, a teaspoon of spit and a hundred bucks is all you need to get a snapshot of your DNA. But getting the full picture—all 3 billion base pairs of your genome—requires a much more laborious process. One that, even with the aid of sophisticated statistics, scientists still struggle over."

    DeepVariant was developed by researchers from the Google Brain team, focused on AI techniques, and Verily, the Alphabet subsidiary focused on life sciences.

    It is based on the same neural network for image recognition, but DeepVariant, is now making headlines not for cat IDs but as a way to scan a genetic code for mutations. DeepVariant has gone open source. The GitHub definition of DeepVariant: "an analysis pipeline that uses a deep neural network to call genetic variants from next-generation DNA sequencing data."

  • Open source VPN clients vs VPN provider apps: which is better?

    Power users love open source software for its transparency and flexibility – but what about open source VPN software? Are there any open source VPN clients that can stand up to being compared with the more popular VPN apps from premium providers like ExpressVPN, VyprVPN, IPVanish or NordVPN?

    The short answer is... not really. But the long answer depends a lot on your level of technical know-how, patience, and where you’re willing to place your trust.

  • Coreboot Conference 2017 Videos Now Available

    For those interested in the open-source Coreboot project that serves as a replacement to proprietary UEFI/BIOS, the videos from their European Coreboot Conference are now available.

    The European Coreboot Conference 2017 (ECC'17) was held in Bochum, Germany back at the end of October.

  • Election night hackathon supports civic engagement

    On November 7, 2017, members of the Rochester Institute of Technology (RIT) community came together for the annual Election Night Hackathon held in the Simone Center for Student Innovation. This marked the seventh anniversary of a civic tradition for the FOSS @ MAGIC community, in which students and faculty analyze civic problems in the local community, state, or country and propose a project to address them. MAGIC Center faculty and event organizers are on hand to help students choose open source licenses and publish and share their code.

KDE: Randa Meetings and KDE Edu Sprint 2017

Filed under
KDE
  • Looking Back at Randa Meetings 2017: Accessibility for Everyone

    Randa Meetings are a yearly collection of KDE Community contributor sprints that take place in Randa, Switzerland. With origins dating back to a Plasma meeting in 2009, Randa is one of the most important developer-related events in the community.

  • KDE Edu Sprint 2017

    Two months ago I attended to KDE Edu Sprint 2017 at Berlin. It was my first KDE sprint (really, I send code to KDE software since 2010 and never went to a sprint!) so I was really excited for the event.

    KDE Edu is the an umbrella for specific educational software of KDE. There are a lot of them and it is the main educational software suite in free software world. Despite it, KDE Edu has received little attention in organization side, for instance the previous KDE Edu sprint occurred several years ago, our website has some problems, and more.

    Therefore, this sprint was an opportunity not only for developers work in software development, but for works in organization side as well.

    In organization work side, we discuss about the rebranding of some software more related to university work than for “education” itself, like Cantor and Labplot. There was a wish to create something like a KDE Research/Science in order to put software like them and others like Kile and KBibTex in a same umbrella. There is a discussion about this theme.

Programming/Development: fwupd, LLVM and More

Filed under
Development
  • CSR devices now supported in fwupd

    The BlueCore CSR chips are used everywhere. If you have a “wireless” speaker or headphones that uses Bluetooth there is a high probability that it’s using a CSR chip inside. This makes the addition of CSR support into fwupd a big deal to access a lot of vendors. It’s a lot easier to say “just upload firmware” rather than “you have to write code” so I think it’s useful to have done this work.

  • Skylake Server Scheduler Model Updated In LLVM 6.0 Along With Other Intel CPU Updates
  • Most Software Code Will Be Written By Machines By 2040, Researchers Predict

    Imagine a scenario where a programmer needs to follow a couple of tried and tested procedures to write code that becomes a part of a bigger program that needs some insightful contribution from another programmer. So, is the first programmer really needed? Can’t we find a robotic replacement for the same?

    In the past, GitHub CEO had already made a prediction which says that future of coding is no coding at all. A similar speculation has been made by the researchers at the Oak Ridge National Laboratory, Tennessee, who have said that machines will write most of their own code by 2040.

  • Hazelcast joins Eclipse, JCache is key focal point

    Open source In-Memory Data Grid (IMDG) company Hazelcast has joined the Eclipse Foundation – and it has done so for a reason.

    Hazelcast’s primary focus will be on JCache the Eclipse MicroProfile and EE4J.

    In particular, Hazelcast will be collaborating with members to popularize JCache, a Java Specification Request (JSR-107).

    So what place does JCache fill in the universe then?

Software: Darktable, VLC, Mesa, Audacity, Toplip, GNUstep

Filed under
Software
  • Darktable 2.4-RC1 Rolls Out With Windows Support, OpenCL Improvements

    The open-source Darktable RAW photography software that's long been available for Linux and macOS has finally been ported to Microsoft Windows. But fortunately that's not all to be found in Darktable 2.4.

    While Windows support is their big headline feature of Darktable 2.4, the RC1 release that came out today is also packed with other improvements.

  • Linux Release Roundup: VLC, Mesa, Audacity + More

    Another week has flown by, making it time for another round-up of pertinent Linux app releases that didn’t manage to wangle a full post’s worth of waffle on this site.

    This week’s crop of curios includes updates to the world’s most popular open-source video player, the world’s most popular open-source audio editor, and the world’s most popular open-source graphics drivers.

  • Toplip – A Very Strong File Encryption And Decryption CLI Utility

    There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”. It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.

  • GNUstep Takes Another Step Forward For Implementing Apple's Cocoa Frameworks

    GNUstep is the long-standing free software project working to implement Apple's Cocoa Objective-C frameworks used by macOS. The GNU project has made new releases of their GUI and Back libraries.

    GNUstep GUI 0.26 is out this morning as the latest update to their graphical user-interface library. GNUstep GUI 0.26 has a number of compatibility improvements, translation updates, mouse tracking logic improvements, bug fixes, and other work.

today's howtos

Filed under
HowTos

Games: The Last Wind Monk, Haque, Super Night Riders, Bad Pad

Filed under
Gaming

Is PowerTop / TLP Still Useful To Save Power On Linux Laptops?

Filed under
Graphics/Benchmarks

This system was running Ubuntu 17.10 and the configurations tested included:

- Ubuntu 17.10 in a "stock" or "out of the box" experience when using its Linux 4.13 kernel, GNOME Shell 3.26.1 with Wayland, and Mesa 17.2.2 atop an EXT4 file-system.

- Upgrading the Ubuntu 17.10 system to Linux 4.15 Git for showing the power consumption when using the very latest kernel cycle.

- This Ubuntu 17.10 + Linux 4.15 system then with Intel PowerTop installed and changing all the tunables to their "good" values for maximum power-savings.

- Installing TLP and using its default power-saving options.

Read more

Linux 4.15 I/O Scheduler Tests: BFQ, CFQ, Kyber

Filed under
Graphics/Benchmarks
Linux

With some BFQ performance fixes included as part of Linux 4.15 along with other I/O scheduler work and block improvements for this latest Linux kernel series, here are some fresh benchmarks of the different I/O scheduler options using the Linux 4.15 Git kernel.

Read more

Ataribox Pre-Orders Begin on December 14

Filed under
GNU
Linux
Hardware
Gaming

The company behind the new games machine revealed the pre-order date in a (now deleted) Facebook post. It later uploaded an image teasing the date ‘14.12.17’ (pictured above).

Users will be able to “pre-order” the Ataribox through IndieGoGo, where the price for the console is expected to be start somewhere around the $299 mark.

Read more

Ubuntu Devs Work on Demoting Python 2 to "Universe" Repo for Ubuntu 18.04 LTS

Filed under
Ubuntu

Canonical's Matthias Klose informed the Ubuntu community in a mailing list announcement last week that getting the Python 2 interpreter demoted from Ubuntu has been an ongoing task for the last few releases, and that Ubuntu 17.10 (Artful Aardvark) is the first to ship with a Desktop ISO image that doesn't contain Python2.

However, the next step for them is to prepare to move the Python 2 packages to the "universe" repository in the next few months before the release of the Ubuntu 18.04 LTS (Bionic Beaver) operating system in April 2018. While Python 2 will be supported for only two more years, Ubuntu 18.04 is an LTS (Long Term Support) release supported for five years, until 2023.

Read more

SysAdmins and Kernel Developers Advance Linux Skills with LiFT

Filed under
Linux

The annual Linux Foundation Training (LiFT) Scholarships provide advanced open source training to existing and aspiring IT professionals from all over the world. Twenty-seven recipients received scholarships this year – the highest number ever awarded by the Foundation. Scholarship recipients receive a Linux Foundation training course and certification exam at no cost.

Read more

New Antivirus Live CD Release Is Out Now Based on 4MLinux 24.0 and ClamAV 0.99.2

Filed under
Linux

Every time a new major 4MLinux release is being prepped, Antivirus Live CD gets updated with the latest GNU/Linux technologies and Open Source components that have been included in the respective 4MLinux release. As such, Antivirus Live CD 24.0-0.99.2 is based on 4MLinux 24.0 and ClamAV 0.99.2 open-source antivirus software toolkit.

"Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses," said Zbigniew Konojacki in the release announcement‏. "The latest version 24.0-0.99.2 is based on 4MLinux 24.0 and ClamAV 0.99.2."

Read more

LibreOffice 6.0 Coming Soon to openSUSE Tumbleweed, Along with KDE Apps 17.12

Filed under
LibO

A total of six snapshots have been released to the public this month, as OpenSuSE Project's Dominique Leuenberger announced this past weekend, and they brought lots of goodies, along with some of the latest GNU/Linux technologies and Open Source software components. But first, there's been a bunch of more python2->python3 conversions lately that you should know about.

"For the ones that don’t know yet, the python2 -> python3 switches are especially of interest to SLE/Leap 15," said Dominique Leuenberger. "Minimizing the support surface for Python 2 in favor of Python 3 will lead to a much stronger, supportable product for the future. As Tumbleweed is the leading and trendsetting product, it is but natural that we get those changes as well."

Read more

Linux Kernel 5.0 is Coming in the Summer of 2018

Filed under
News

Linus Torvalds reveals the silly reason about why there will be a Linux Kernel 5 hopefully in the summer of 2018. He also discusses the need for new Linux Kernel maintainers.
Read more

Linux: 4.14.5, 4.9.68, 4.4.105, and 3.18.87

Filed under
Linux

Dedoimedo interviews: Tuxmachines

Filed under
Interviews

Dedoimedo prowls the many corners of the Web, searching for textogenic faces for a fresh new interview. Truth to be told, finding the candidate for today's slot wasn't too difficult. Roy Schestowitz is a familiar name round the Tux block. Nowadays, you will most likely find him on tuxmachines.org, a community-driven news site.

News aggregation can be tricky; finding the right balance of quality content isn't easy, but even with the relatively recent change of ownership, tuxmachines marches on with solid consistency, ardently trying to offer its readers the best the open-source world has to report. I have always been a great fan and supporter, and I approached Roy for an interview. He agreed.

Read more

Syndicate content

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story KDE Applications 17.12 Lands with Dolphin Enhancements, HiDPI Support for Okular Rianne Schestowitz 14/12/2017 - 11:29pm
Story Stable kernels 4.14.6 and 4.9.69 Rianne Schestowitz 14/12/2017 - 6:29pm
Story Introducing bolt: Thunderbolt 3 security levels for GNU/Linux Rianne Schestowitz 14/12/2017 - 6:24pm
Story Elementary LibreOffice Rianne Schestowitz 14/12/2017 - 6:22pm
Story Huawei Mate9 Rianne Schestowitz 14/12/2017 - 6:18pm
Story Today in Techrights Roy Schestowitz 14/12/2017 - 8:30am
Story today's leftover Roy Schestowitz 14/12/2017 - 7:11am
Story Ataribox and Chromebooks Roy Schestowitz 14/12/2017 - 7:06am
Story 5 Kubernetes must-reads: Tips and trends Roy Schestowitz 14/12/2017 - 7:04am
Story Australian Securities Exchange completes Red Hat migration Roy Schestowitz 14/12/2017 - 6:54am