Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 03 Dec 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Raspberry Pi Foundation Disables SSH in Raspbian PIXEL's Latest Security Update Rianne Schestowitz 01/12/2016 - 9:55am
Story Security News Roy Schestowitz 01/12/2016 - 9:53am
Story City of Munich now uses Kolab open source groupware Rianne Schestowitz 01/12/2016 - 9:52am
Story It's All Aboard for Linux Gamers at The Final Station Rianne Schestowitz 01/12/2016 - 9:50am
Story Canonical Releases New Kernel Live Patch Security Update for Ubuntu 16.04 LTS Rianne Schestowitz 01/12/2016 - 9:42am
Story Ubuntu-Based Trisquel GNU/Linux 8.0 "Flidas" Enters Development with MATE 1.12.1 Rianne Schestowitz 01/12/2016 - 9:40am
Story R3 Makes Code for Financial Agreements Platform Open Source Roy Schestowitz 01/12/2016 - 8:06am
Story Linux/FOSS Events Roy Schestowitz 01/12/2016 - 8:05am
Story Linux and Graphics Roy Schestowitz 01/12/2016 - 1:04am
Story Devuan and Ubuntu Roy Schestowitz 01/12/2016 - 1:02am

Assimilation That Confuses/Openwashing

Filed under
Microsoft
Mac

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • FutureVault Inc.'s FutureVault

    Though short of Mr Torvalds' aim of world domination, FutureVault, Inc., has set the ambitious goal to "change the way business is done" with its FutureVault digital collaborative vault application. Described by its developer as "at the epicenter of a brand new disruptive category in the financial services world", FutureVault allows users to deposit, store and manage important financial, legal and personal documents digitally by means of a white-label, cloud-based, SaaS platform.

  • Azure glitch allowed attackers to gain admin rights over hosted Red Hat Linux instances

    A VULNERABILITY in Microsoft's Azure cloud platform could have been exploited by an attacker to gain admin rights to instances of Red Hat Enterprise Linux (RHEL) and storage accounts hosted on Azure.

  • Microsoft update servers leave Azure RHEL instances hackable
  • Microsoft update left Azure Linux virtual machines open to hacking
  • Microsoft Azure bug put Red Hat instances at risk
  • Microsoft update servers left all Azure RHEL instances hackable

    Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.

    Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.

    From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.

    Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.

  • Deutsche Telekom Says Cyber Attack Hits 900,000 Customers

    Deutsche Telekom (DTEGY) , Europe's largest, said it could have been a victim of a cyber attack as 900,000 fixed-line customers face a second consecutive day of outages.

    The Bonn, Germany-based company, which has 20 million fixed network customers, said 900,000 customers with specific routers have faced temporary problems and marked fluctuations in quality, with some also receiving no service at all. It added that the problems have occurred in a wide region, not in a specific area.

  • San Francisco’s Muni Hacked

    It seems that on Friday, right in the midst of busy Thanksgiving weekend holiday traffic, the San Francisco Municipal Transportation Agency or Muni, was hit by hackers, forcing the system to offer Saturday free rides on the system’s light rail trains. The breach was apparently a ransomware attack, with the hackers demanding 100 Bitcoin, or approximately $73,000, to unencrypt the system.

    It all began when the words “You Hacked, ALL Data Encrypted” appeared on Muni agents’ screens. It’s not known whether Muni paid the ransom, although that’s considered unlikely. Operations of the system’s vehicles were not affected.

Mesa 13.0.2 Released, Includes Many Intel/RADV Vulkan Driver Fixes

Filed under
Graphics/Benchmarks

For those riding the stable Mesa release train, Mesa 13.0.2 is now available as the newest Mesa 13.0 point release.

As covered last week, the 50+ changes in this version include many fixes to VC4, i965, Radeon, and RADV drivers. There are also a number of Vulkan WSI (windowing system integration) fixes plus driver specific work, more smoke-testing, and memory leak fixes. The Intel Mesa driver also has received its share of support for Intel Geminilake hardware coming out in 2017.

Read more

20-Way NVIDIA/AMD GPU Darktable OpenCL Photography Performance

Filed under
Graphics/Benchmarks

With the holiday season in full swing, whether you are just a casual photographer or professional, Darktable is easily one of the best photography workflow applications and it's free software! Darktable has offered OpenCL acceleration for providing faster performance on GPUs and with the imminent Darktable 2.2 release there is even better OpenCL results. For those curious about the OpenCL performance of Darktable, I've done some Darktable 2.2-RC1 benchmarks on a variety of NVIDIA GeForce and AMD Radeon graphics cards under Ubuntu Linux.

Read more

Also: More Darktable GPU/CPU Benchmarks - 27 Different Setups

Linux-based YunOS To Beat Apple’s iOS In China

Filed under
Linux

The chances are slim that you might be knowing about YunOS, the mobile operating system developed by China’s Alibaba group. In a recent development related to YunOS, this relatively newer OS is on the track to gather a 14 per cent share of phone shipments in mainland China.

According to forecasts made by analysts, by the end of this year, YunOS will beat iOS to become the second-largest mobile operating system in China. This forecast falls in line with Alibaba’s previous claims that YunOS has already passed iOS.

Read more

How to add more entropy to improve cryptographic randomness on Linux

Filed under
Linux
HowTos

If you have Linux servers that depend upon encryption, you owe it to yourself to beef up the system entropy. Here's how to do so with haveged.

Read more

Yelp offers up Kafka tools to open source

Filed under
OSS

Yelp saved itself US$10 million by building out its Apache Kafka-based Data Pipeline, and now it wants to spread that love to other enterprises. Just before the holidays, Yelp open-sourced its Data Pipeline and assorted utilities used to maintain and build out this streaming data platform.

Data Pipeline is now available on GitHub under the Apache 2.0 license. Using Data Pipeline, developers can tie their applications into the constantly flowing stream of Kafka data. The company detailed this in a blog entry.

Read more

Are we in a golden age of open source or just openwashing?

Filed under
OSS

We are witnessing a golden age of open source. Never in the history of the technology industry have we seen so many developers coding in the open, jointly working on common codebases that can be leveraged by any individual user or company.

This trend is a huge step forward, with broad benefits to both the user and vendor community. It is spurring significantly greater innovation and interoperability across solutions.

Read more

Build Your Own Netflix and Pandora With Raspberry Pi 3

Filed under
Linux
HowTos

Do you have a huge collection of movies, TV shows, and music that you purchased over the years but it’s collecting digital dust on your hard drives? How about creating your very own Netflix- and Pandora-like setup using the free Plex Media Server software? No, you don’t have to buy an expensive, bulky PC. All you need is a Raspberry Pi 3, a hard drive, an SD card and a mobile charger. It should all cost less than $100.

Read more

3.5-inch Apollo Lake SBC supports extended temperatures

Filed under
Linux

The AECX-APL0 supports the three Atom-branded Apollo Lake processors instead of the related Celeron and Pentium models. No OS support is listed, which is also the case for the other Litemax/WynMax embedded boards, which are mostly Mini-ITX boards, with a sprinkling of 3.5-inch SBCs, based on Intel and AMD processors. Running Linux should not be a problem.

The 146 x 102mm AECX-APL0 supports up to 8GB DDR3L RAM, and offers SATA III and mSATA, with the latter made available via one of the two mini-PCIe slots. The other is paired with a micro-SIM for wireless expansion.

Read more

Games for GNU/Linux

Filed under
Gaming

Leftovers: Software

Filed under
Software
  • anytime 0.1.1: More robust

    CRAN just accepted the newest release 0.1.1 of anytime, following the previous five releases since September.

    anytime is a very focussed package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and to do so without requiring a format string.

  • FFmpeg 3.2 "Hypatia" Multimedia Backend Gets Its First Point Release, Adds Fixes

    It's been almost a month since the major FFmpeg 3.2 "Hypatia" open-source, free and cross-platform multimedia framework was officially unveiled, and now the first point release arrives for all supported platforms.

    FFmpeg 3.2 "Hypatia" brought us many goodies, including OpenH264 decoder wrapper, libopenmpt demuxer, alias muxer for Ogg Video (.ogv), VP8 support for Ogg muxing, the True Audio (TTA) muxer, as well as the crystalizer, maskedclamp, hysteresis, lut2, yuvtestsrc, vaguedenoiser, weave, avgblur, gblur, and acrusher audio filters.

  • Alduin is an Open-Source Desktop RSS Reader for Linux

    On the look out for a clean, modern and open-source desktop RSS reader app for Linux? I know I am, so I was excited to come across Alduin. Alduin is a simple RSS (and Atom) feed aggregator that’s billed as having an “ergonomic, complete and easy to use interface, which will be suitable for all types of user.”

  • Vivaldi 1.5.676.6 Web Browser Snapshot Introduces Easier Tab Selection by Domain
  • Microsoft enables Linux desktop users to send SMS text messages with latest Skype Alpha [Ed: Missing the fact that Skype already had GNU/Linux support before Microsoft bought it and then abandoned it]

GNOME News

Filed under
GNOME
  • This week in GTK+ – 26

    In this last week, the master branch of GTK+ has seen 40 commits, with 1551 lines added and 1998 lines removed.

  • Linux communities, we need your help!

    There are a lot of Linux communities all over the globe filled with really nice people who just want to help others. Typically these people either can’t (or don’t feel comfortable) coding, and I’d love to harness some of that potential by adding a huge number of new application reviews to the ODRS. At the moment we have about 1100 reviews, mostly covering the more popular applications, and also mostly written in English.

KDE Leftovers

Filed under
KDE
  • Chakra GNU/Linux Users Get KDE Plasma 5.8.4, Apps 16.08.3, and Frameworks 5.28.0

    On November 27, 2016, Chakra GNU/Linux developer Neofytos Kolokotronis informs the community about the availability of a set of new software updates for the rolling distro originally based on Arch Linux.

    A week ago, we reported on the availability of the cups 2.1.4-3 and pepperflashplugin 23.0.0.207-1 packages in the Chakra GNU/Linux repositories, which required manual intervention from the user. And, after some issues with their hosting provider, the promised KDE goodies are finally here, along with numerous other updates.

  • Google Code-in begins soon; KDE mentors welcome students

    The KDE community will once more be participating in Google Code-in, which pairs KDE mentors with students beween the ages of 13 and 18 to work on tasks which both help the KDE community and teach the students how to contribute to free and open source projects. Not only coding, but also documentation and training, outreach and research, quality assurance and user interface tasks will be offered.

  • KDE Developer Guide needs a new home and some fresh content

    As I just posted in the Mission Forum, our KDE Developer Guide needs a new home. Currently it is "not found" where it is supposed to be.

    We had great luck using markdown files in git for the chapters of the Frameworks Cookbook, so the Devel Guide should be stored and developed in a like manner. I've been reading about Sphinx lately as a way to write documentation, which is another possibility. Kubuntu uses Sphinx for docs.

    In any case, I do not have the time or skills to get, restructure and re-place this handy guide for our GSoC students and other new KDE contributors.

Android Leftovers

Filed under
Android

Security News

Filed under
Security
  • European Commission knocked offline by 'large scale' DDoS attack

    THE EUROPEAN COMMISSION (EC) was struck by a large-scale distributed denial of service (DDoS) attack on Thursday, bringing down its internet access for hours.

    The EC confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.

    "No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."

  • Overclocked Wearables Can Pick Up Bio-Acoustic Signals

    The sensors incorporated into wearables can sometimes be repurposed to perform tasks beyond their intended applications. For example, it's been shown that it's possible to discover a victim user’s passwords and PINs by applying a sophisticated algorithm to the data gathered by wearable embedded sensors.

    Recently, researchers at the Future Interfaces Group at Carnegie Mellon University have overclocked the accelerometer of an LG smartwatch to extend its capabilities to more than just tracking fitness. By overclocking the off-the-shelf smartwatch via some software updates, they can now detect and process very small vibrations and audio signals.

    The new technology, dubbed ViBand, can allow different apps to understand the context of your activities by capturing bio-acoustic signals.

  • The Economics of stealing a Tesla with a phone

    A few days ago there was a story about how to steal a Tesla by installing malware on the owner's phone. If you look at the big picture view of this problem it's not all that bad, but our security brains want to make a huge deal out of this. Now I'm not saying that Tesla shouldn't fix this problem, especially since it's going to be a trivial fix. What we want to think about is how all these working parts have to fit together. This is something we're not very good at in the security universe; there can be one single horrible problem, but when we paint the full picture, it's not what it seems.

  • Config fumble left Azure Red Hat Enterprise Linux wide open

    A software engineer setting up a secure Red Hat Enterprise Linux virtual machine in the cloud discovered a serious configuration flaw that could be exploited to upload arbitrary software packages to Microsoft Azure update infrastructure.

    Ian Duffy found Microsoft had configured the Red Hat Update Appliance used for Azure in such a way that an attacker could easily get access to the content delivery servers and upload packages that client virtual machines would acquire when updating.

    Duffy was able to bypass the username and password authentication on the content delivery server by running a log file collector application. Once completed, the log file collector provided a link to a downloadable compressed archive.

  • Azure bug bounty Root to storage account administrator

    In my previous blog post Azure bug bounty Pwning Red Hat Enterprise Linux I detailed how it was possible to get administrative access to the Red Hat Update Infrastructure consumed by Red Hat Enterprise Linux virtual machines booted from the Microsoft Azure Marketplace image. In theory, if exploited one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute yum update.

15 JavaScript frameworks and libraries

Filed under
OSS

JavaScript’s open source stance is also one of the best. Contrary to popular belief, JavaScript is not a project, but a specification with an open standard where the language is evolved and maintained by its core team. ECMAScript, another fancy name of JavaScript, is not open source, but it too has an open standard.

You can easily see evidence of JavaScript's popularity when you look at both at GitHub. JavaScript is the top programming language when it comes to the number of repositories. Its prominance is also evident on Livecoding.tv, where members are diligently creating more videos on JavaScript than any other topic. At the time of this writing, the self-dubbed edutainment site hosts 45,919 JavaScript videos.

Read more

Open source has won, and Microsoft has surrendered

Filed under
GNU
Linux
OSS

I have covered Microsoft’s interference with FOSS [free and open-source software] for over a decade and carefully studied even pertinent antitrust documents. I know the company’s way of thinking when it comes to undermining their competition

The pattern of embrace and extend (to extinguish) — all this while leveraging software patents to make Linux a Microsoft cash cow or compel OEMs to preinstall privacy-hostile Microsoft software/apps with proprietary formats (lockin) — never ended. What I see in the Linux Foundation right now is what I saw in Nokia 5 years ago and in Novell 10 years ago — the very thing that motivated me to start BoycottNovell, a site that has just turned 10 with nearly 22,000 blog posts. It is a saddening day because it’s a culmination, after years of Microsoft ‘micro’ payments to the Linux Foundation (e.g. event sponsorship in exchange for keynote positions), which will have Microsoft shoved down the throats of GNU/Linux proponents and give an illusion of peace when there is none, not just on the patent front but also other fronts (see what Microsoft’s partner Accenture is doing in Munich right now).

Read more

Productivity hacks: Optimizing your workflow with open source

Filed under
OSS

Communication with your team is key.

For chat, IRC or Mattermost are great ways to stay in touch in real time. But chat can be a productivity killer if you feel like you have to be present at all times. Structure your day so that you only focus on necessary chat converstions; log off of chat when you need to focus on another task and set expectations with your team. Also, talk to your team about what types of things will be discussed on chat and what discussions are better for a different method, like a meeting.

For meetings, talking with people in person can be necessary and very helpful for getting things done, but meetings can also be a time sink. Try to set them for only 30 minutes and stick to it. If you need more time, then take it as needed. If you set an agenda (try Etherpad for this), stick to it. Use your calendar to track your time—check out these open source Google calendar alternatives.

Read more

Managing devices in Linux

Filed under
Linux

There are many interesting features of the Linux directory structure. This month I cover some fascinating aspects of the /dev directory. Before you proceed any further with this article, I suggest that, if you have not already done so, you read my earlier articles, Everything is a file, and An introduction to Linux filesystems, both of which introduce some interesting Linux filesystem concepts. Go ahead—I will wait.

Great! Welcome back. Now we can proceed with a more detailed exploration of the /dev directory.

Read more

Syndicate content

More in Tux Machines

today's leftovers

  • How fast is KVM? Host vs virtual machine performance!
  • Kernel maintenance, Brillo style
    Brillo, he said, is a software stack for the Internet of things based on the Android system. These deployments bring a number of challenges, starting with the need to support a different sort of hardware than Android normally runs on; target devices may have no display or input devices, but might well have "fun buses" to drive interesting peripherals. The mix of vendors interested in this area is different; handset vendors are present, but many more traditional embedded vendors can also be found there. Brillo is still in an early state of development.
  • Reviewing Project Management Service `Wrike` And Seems Interesting
    I have been testing some services for our project and found this amazing service, thought why not share it with you guys, it might be useful for you. Project management is a term that in some respects appears common, yet in practice still seems to be limited to large companies. While this may be true, the foundations of project management are actually rather simple and can be adopted by anyone, in any industry. One of the major requirements you need to consider when selecting a good project management software is the ability to run and operate it on the go via your mobile devices. Other factors include the ability to access the software from any platform whether it be Linux, Mac, or Windows. This can be achieved when the project management software is web-based. Wrike is a software that does of all this.
  • World Wine News Issue 403
  • OSVR on Steam, Unity drops legacy OpenGL, and more gaming news
  • GNOME Core Apps Hackfest 2016
    This November from Friday 25 to Sunday 27 was held in Berlin the GNOME Core Apps Hackfest. My focus during this hackfest was to start implementing a widget for the series view of the Videos application, following a mockup by Allan Day.
  • Worth Watching: What Will Happen to Red Hat Inc Next? The Stock Just Declined A Lot
  • Vetr Inc. Lowers Red Hat Inc. (RHT) to Buy
  • Redshift functionality on Fedora 25 (GNOME + Wayland). Yes, it's possible!
    For those who can't live without screen colour shifting technology such as Redshift or f.lux, myself being one of them, using Wayland did pose the challenge of having these existing tools not working with the Xorg replacement. Thankfully, all is not lost and it is possible even right now. Thanks to a copr repo, it's particularly easy on Fedora 25. One of the changes that comes with Wayland is there is currently no way for third-party apps to modify screen gamma curves. Therefore, no redshift apps, such as Redshift itself (which I recently covered here) will work while running under Wayland.
  • My Free Software Activities in November 2016
  • Google's ambitious smartwatch vision is failing to materialise
    In February this year, Google's smartwatch boss painted me a rosy picture of the future of wearable technology. The wrist is, David Singleton said, "the ideal place for the power of Google to help people with their lives."
  • Giving Thanks (along with a Shipping Update)
    Mycroft will soon be available as a pre-built Raspberry Pi 3 image for any hobbyist to use. The new backend we have been quietly building is emerging from beta, making the configuration and management of you devices simple. We are forming partnerships to get Mycroft onto laptops, desktops and other devices in the world. Mycroft will soon be speaking to you throughout your day.
  • App: Ixigo Indian Rail Train PNR Status for Tizen Smart Phones
    Going on a train journey in India? Ixigo will check the PNR status, the train arrival and departure & how many of the particular tickets are left that you can purchase. You can also do a PNR status check to make sure that your seat is booked and confirmed.

Networking and Servers

  • How We Knew It Was Time to Leave the Cloud
    In my last infrastructure update, I documented our challenges with storage as GitLab scales. We built a CephFS cluster to tackle both the capacity and performance issues of NFS and decided to replace PostgreSQL standard Vacuum with the pg_repack extension. Now, we're feeling the pain of running a high performance distributed filesystem on the cloud.
  • Hype Driven Development
  • SysAdmins Arena in a nutshell
    Sysadmins can use the product to improve their skills or prepare for an interview by practicing some day to day job scenarios. There is an invitation list opened for the first testers of the product.

Desktop GNU/Linux

  • PINEBOOK Latest News: Affordable Linux Laptop at Only $89 Made by Raspberry Pi Rival, PINE
    PINE, the rival company of Raspberry Pi and maker of the $20 Pine A64, has just announced its two below $100-priced Linux laptops, known as PINEBOOK. The affordable Linux laptop is powered by Quad-Core ARM Cortex A53 64-bit processor and comes with an 11.6" or 14" monitor.
  • Some thoughts about options for light Unix laptops
    I have an odd confession: sometimes I feel (irrationally) embarrassed that despite being a computer person, I don't have a laptop. Everyone else seems to have one, yet here I am, clearly behind the times, clinging to a desktop-only setup. At times like this I naturally wind up considering the issue of what laptop I might get if I was going to get one, and after my recent exposure to a Chromebook I've been thinking about this once again. I'll never be someone who uses a laptop by itself as my only computer, so I'm not interested in a giant laptop with a giant display; giant displays are one of the things that the desktop is for. Based on my experiences so far I think that a roughly 13" laptop is at the sweet spot of a display that's big enough without things being too big, and I would like something that's nicely portable.
  • What is HiDPI and Why Does it Matter?

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.