Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 17 Jun 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Audiocasts/Shows: Linux Action News, Full Circle Magazine and Python Podcast Roy Schestowitz 17/06/2019 - 5:17pm
Story Debian: Cross-Version Benchmarks, Debian LTS and HubLinked Meeting in Dublin Roy Schestowitz 17/06/2019 - 5:13pm
Story Android Leftovers Rianne Schestowitz 17/06/2019 - 4:54pm
Story Lenovo ThinkPad P Laptops Are Available with Ubuntu Roy Schestowitz 1 17/06/2019 - 4:49pm
Story Developers Devising Plan To Ship Newer NVIDIA Drivers On Ubuntu Stable Releases Roy Schestowitz 17/06/2019 - 4:42pm
Story Security Leftovers Roy Schestowitz 17/06/2019 - 4:36pm
Story 10 Excellent Free Mind Mapping Software for Linux Users Roy Schestowitz 17/06/2019 - 4:29pm
Story PCLinuxOS KDE Full Edition 2019.06 Release Roy Schestowitz 1 17/06/2019 - 4:16pm
Story today's howtos Roy Schestowitz 17/06/2019 - 3:58pm
Story Android Leftovers Rianne Schestowitz 17/06/2019 - 3:06pm

Audiocasts/Shows: Linux Action News, Full Circle Magazine and Python Podcast

Filed under
GNU
Linux
OSS
  • Linux Action News 110

    Elders in the community show us how to properly build services, Huawei is reportedly working on a Sailfish OS fork and Apple joins the Cloud Native club.

    Plus Facebook wants you to use their cryptocurrency, and CERN launches "The Microsoft Alternatives project"

  • Full Circle Magazine: Full Circle Weekly News #135
  • Podcast.__init__: Algorithmic Trading In Python Using Open Tools And Open Data

    Algorithmic trading is a field that has grown in recent years due to the availability of cheap computing and platforms that grant access to historical financial data. QuantConnect is a business that has focused on community engagement and open data access to grant opportunities for learning and growth to their users. In this episode CEO Jared Broad and senior engineer Alex Catarino explain how they have built an open source engine for testing and running algorithmic trading strategies in multiple languages, the challenges of collecting and serving currrent and historical financial data, and how they provide training and opportunity to their community members. If you are curious about the financial industry and want to try it out for yourself then be sure to listen to this episode and experiment with the QuantConnect platform for free.

Debian: Cross-Version Benchmarks, Debian LTS and HubLinked Meeting in Dublin

Filed under
Debian
  • A Quick Look At The Debian 10.0 Buster vs. Debian 9.9 Performance

    With Debian 10 "Buster" due to be releasing in early July, I've begun testing the near-final Buster images on various systems. Here is a look at a common Intel Core i7 system comparing the current performance of Debian 10.0 to the current stable 9.9 release.

    On the Core i7 8700K system, Debian 9.9 vs. 10.0 were benchmarked with the same hardware under test and each Debian release being cleanly installed and kept to its default settings.

  • Freexian’s report about Debian Long Term Support, May 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Virtual Labs presentation at the HubLinked meeting in Dublin

    We have participated to the HubLinked workshop in Dublin this week, where I delivered a presentation on some of our efforts on Virtual Labs, in the hope that this could be useful to the partners designing the “Global Labs” where students will experiment together for Software Engineering projects.

Developers Devising Plan To Ship Newer NVIDIA Drivers On Ubuntu Stable Releases

Filed under
Graphics/Benchmarks
Linux
Ubuntu

Currently NVIDIA's packaged drivers on Ubuntu can get a bit stale on Ubuntu stable releases since they aren't updated in-step with the latest driver releases. But a new stable release update (SRU) policy/exception similar to the Firefox approach is being made for Ubuntu so that new releases will end up working their way into currently supported Ubuntu series.

The Canonical developers working on Ubuntu are really ramping up their support for NVIDIA's proprietary driver. On top of Ubuntu 19.10 to bundle the NVIDIA binary driver into the operating system's ISO image, they are working out the SRU details for shipping newer NVIDIA driver releases on existing Ubuntu stable releases.

Read more

Security Leftovers

Filed under
Security
  • Microsoft Warns about Worm Attacking Exim Servers on Azure [Ed: Microsoft should also warn "customers" of Windows back doors for the NSA, but it does not (this one was patched ages ago; the Microsoft back doors aren't). Shouldn't Microsoft ask its proxies and partners, as usual, to come up with buzzwords and logos and Web sites for bugs in FOSS, then talk about how FOSS is the end of the world?]
  • The Highly Dangerous 'Triton' [Attackers] Have Probed the US Grid [Ed: It's Windows]

     

    Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated [attackers] carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these [attackers], known as Xenotime—or sometimes as the Triton actor, after their signature malware—have a particularly dark history. The Triton malware was designed to disable the so-called safety-instrument systems at Saudi Arabian oil refinery Petro Rabigh in a 2017 cyberattack, with the apparent aim of crippling equipment that monitors for leaks, explosions, or other catastrophic physical events. Dragos has called Xenotime "easily the most dangerous threat activity publicly known."

  • A Researcher Found a Bunch of Voting Machine Passwords Online

    A little more than a week ago, the Department of Homeland Security confirmed that it was going to forensically analyze computer equipment associated with part of the 2016 elections in North Carolina in association with questions about Russian hacking. The news prompted an information security researcher to announce that he’d found evidence of other election security issues in North Carolina last fall, which he’d kept quiet until now.

    Chris Vickery, the director of cyber-risk research at UpGuard, a cybersecurity services firm, tweeted June 7 that he had found an unlocked online repository that contained what he said were passwords for touchscreen voting machines. The repository, he said, also contained other information, including serial numbers for machines that had modems, which theoretically could have allowed them to connect to the internet.

    Vickery said that after he found the open repository in September 2018, he immediately told state officials, who locked the file. State officials have told Mother Jones that the passwords were nearly 10 years old and encrypted—a claim disputed by Vickery and a Democratic technology consultant in North Carolina—but admitted that the file shouldn’t have been publicly available online.

  • TPM now stands for Tiny Platform Module: TCG shrinks crypto chip to secure all the Things [Ed: Misusing the word "trust" to obliterate computer freedom and general-purpose computing]

    The Trusted Computing Group (TCG), a nonprofit developing hardware-based cybersecurity tools, has started work on the "world's tiniest" Trusted Platform Module (TPM).

    TPMs are silicon gizmos designed to protect devices by verifying the integrity of essential software – like firmware and BIOS − and making sure no dodgy code has been injected into the system prior to boot.

    These are widely used to protect servers. Now TCG wants to adopt the technology for devices that are so small that the inclusion of a full TPM chip might be impractical due to cost, space and power considerations.

    The first tiny TPM prototype, codenamed Radicle, was demonstrated last week at a TCG members' meeting in Warsaw, Poland.

    [...]

    We have to mention that for years, TCG and its TPMs were criticised by the open-source software community, which suspected the tech could be used for vendor lock-in – GNU father Richard Stallman called trusted computing "treacherous computing", but it looks like his worst fears have not come to pass.

    That doesn't mean TPMs haven't seen their share of dark days: back in 2017, it emerged that security chips made by Infineon contained a serious flaw, with experts estimating that 25 to 30 per cent of all TPMs used globally were open to attack.

  • What Is a Buffer Overflow

    A buffer overflow vulnerability occurs when you give a program too much data. The excess data corrupts nearby space in memory and may alter other data. As a result, the program might report an error or behave differently. Such vulnerabilities are also called buffer overrun.

    Some programming languages are more susceptible to buffer overflow issues, such as C and C++. This is because these are low-level languages that rely on the developer to allocate memory. Most common languages used on the web such as PHP, Java, JavaScript or Python, are much less prone to buffer overflow exploits because they manage memory allocation on behalf of the developer. However, they are not completely safe: some of them allow direct memory manipulation and they often use core functions that are written in C/C++.

  • Any iPhone can be hacked

    Apple’s so called secure iPhones can be turned over by US coppers using a service promoted by an Israeli security contractor.

    Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3.

    Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9 but no-one ever called them secure and safe.

    What is unusual is that Cellebrite is making  broad claims about turning over Apple gear. This is not a cat-and-mouse claim where they exploit a tiny flaw which one day might be fixed. It would appear that Cellebrite has its paw on a real howler.

  • Cellebrite Claims It Can Unlock ‘Any’ iPhone And iPad, 1.4 Billion Apple Devices Hackable

    Israel-based Cellebrite has announced a new version of its system Universal Forensic Extraction Device (UFED) — UFED Premium — which is capable of unlocking any iPhone, high-end Android device, or an iPad.

    The forensics company has suggested that UFED Premium is meant to help the police in unlocking iPhones and Android smartphones and getting data from locked smartphones.

  • Web-based DNA sequencers getting compromised through old, unpatched flaw

    DnaLIMS is developed by Colorado-based dnaTools. It provides software tools for processing and managing DNA sequencing requests.

    These tools use browsers to access a UNIX-based web server on the local network, which is responsible for managing all aspects of DNA sequencing.

    A simple Google search shows that dnaLIMS is used by a number of scientific, academic and medical institutions.

  • Generrate Cryptographically Secure RANDOM PASSWORD
  • DMARC, mailing list, yahoo and gmail

    Gmail was blocking one person’s email via our list (he sent that using Yahoo and from his iPhone client), and caused more than 1700 gmail users in our list in the nomail block unless they check for the mailman’s email and click to reenable their membership.

    I panicked for a couple of minutes and then started manually clicking on the mailman2 UI for each user to unblock them. However, that was too many clicks. Suddenly I remembered the suggestion from Saptak about using JavaScript to do this kind of work. Even though I tried to learn JavaScript 4 times and failed happily, I thought a bit searching on Duckduckgo and search/replace within example code can help me out.

  • Tired of #$%& passwords? Single Sign-on could be savior

    So how is single sign-on more secure, if Facebook is in charge? It's not, say security experts. "They’ve shown they can’t be trusted with our information," says Rudis.

  • Are SSO Buttons Like “Sign-in With Apple” Better Than Passwords?

    Apple recently announced a new product that could prevent users from giving away their email ID to every other site on the internet. It’s expected to launch sometime later in 2019.

    Called “Sign-in with Apple,” it is similar to other Single Sign-on services provided by Google and Facebook. The button lets you login to websites without creating a new user account every time.

  • App Makers Are Mixed on ‘Sign In With Apple’

    But other app makers have mixed feelings on what Apple has proposed. I spoke to a variety of developers who make apps for iOS and Android, one of whom asked to remain anonymous because they aren’t authorized to speak on behalf of their employer. Some are skeptical that Sign In with Apple will offer a solution dramatically different from what’s already available through Facebook or Google. Apple’s infamous opacity around new products means the app makers don’t have many answers yet as to how Apple’s sign in mechanism is going to impact their apps. And one app maker went as far as referring to Apple’s demand that its sign-in system be offered if any other sign-in systems are shown as “petty.”

  • Chinese Cyberattack Hits Telegram, App Used by Hong Kong Protesters

    “This case was not an exception,” he wrote.

    The Hong Kong police made their own move to limit digital communications. On Tuesday night, as demonstrators gathered near Hong Kong’s legislative building, the authorities arrested the administrator of a Telegram chat group with 20,000 members, even though he was at his home miles from the protest site.

  • Security News This Week: Telegram Says China Is Behind DDoS

    As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack. The company tweeted on Wednesday that it was under attack. Then the app’s founder and CEO Pavel Durov followed up and suggested the culprits were Chinese state actors. He tweeted that the IP addresses for the attackers were coming from China. “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” he added. As Reuters notes, Telegram was DDoSed during protests in China in 2015, as well. Hong Kong does not face the strict [Internet] censorship that exists in mainland China, although activists have expressed concern about increased pressure from Beijing on the region.

  • Nextcloud signs public letter, opposing German plan to force decryption of chat

10 Excellent Free Mind Mapping Software for Linux Users

Filed under
GNU
Linux
Software

Mind maps are diagrams used to organize information visually in hierarchical ways that show relationships among the elements that make up the map. Drawing mind maps have been proven to be highly effective for getting information in and out of the brain especially when combined with logical note-taking that typically details or summarizes the roles of the map’s components along the way.

There are various mind mapping software out there ranging from free to paid to open source options. Today, my job is to list the best mind mapping software available to users for free. They are all modern, easy enough to use, and offer sufficient consumer support.

Read more

Filesystem Hierarchy Standard

Filed under
Linux

If you are new to the Linux command line, you may find yourself wondering why there are so many unusual directories, what they are there for, and why things are organized the way they are. In fact, if you aren't accustomed to how Linux organizes files, the directories can seem downright arbitrary with odd truncated names and, in many cases, redundant names. It turns out there's a method to this madness based on decades of UNIX convention, and in this article, I provide an introduction to the Linux directory structure.

Although each Linux distribution has its own quirks, the majority conform (for the most part) with the Filesystem Hierarchy Standard (FHS). The FHS project began in 1993, and the goal was to come to a consensus on how directories should be organized and which files should be stored where, so that distributions could have a single reference point from which to work. A lot of decisions about directory structure were based on traditional UNIX directory structures with a focus on servers and with an assumption that disk space was at a premium, so machines likely would have multiple hard drives.

Read more

Games: Terminal, Donensbourgh, Voxel Tycoon, SteamWorld Quest: Hand of Gilgamech, Truck the System, RPCS3 and Thrive

Filed under
Gaming
  • 5 command-line games for sysadmins

    Just because you prefer working in a text-mode interface doesn't mean you're not entitled to a little fun here and there.

    Last December, I took some time out before the holidays to explore some of my favorite command-line diversions into a series for Opensource.com. It ended up being a bit of an advent calendar for terminal toys, and I got some great suggestions from readers.

    Now summer has arrived, at least for us in the northern hemisphere, and for many of this means a time of summer breaks, vacations, and generally trying to fit in a little relaxation between committing code and closing tickets. So to that end, I thought I'd revisit five of my favorite command-line games from that series, and share them here with you on Enable Sysadmin.

  • Donensbourgh, a medieval farming RPG that could be one to watch has Linux support

    Currently in the early stages but it seems promising, Donensbourgh is a medieval RPG with no violence or combat of any kind for those after perhaps a more relaxing experience. I'm glad developers take risks and make games like this, as I do enjoy games with plenty of combat but I often find there's not enough outside of that.

    Sadly, it seems they don't do their development videos showcasing gameplay in English so I've not a clue what they're saying.

  • An early build of the tycoon strategy game 'Voxel Tycoon' will release on itch.io later this month

    Voxel Tycoon, another in-development indie game that will have Linux support is arriving soon with an early build.

    What exactly is it? The developer says it's a "tycoon strategy game about transportation, building factories, and mining in a beautiful voxel landscapes" which sounds interesting. Even more interesting perhaps, is their claim that it will include "all-new features never before seen in the genre". I'm keen to see if it will live up to that in any way, so I will be taking a look when it's ready.

  • SteamWorld Quest: Hand of Gilgamech can now be picked up DRM-free on GOG

    SteamWorld Quest: Hand of Gilgamech, the fun card-based tactical RPG from Image and Form (developer) and Thunderful (publisher) can now be picked up DRM-free on GOG.

  • Truck the System, an upcoming game about building trucks and then racing them sounds amusing

    Currently in development by UK developer jorgen games (hooray, a fellow Brit!), Truck the System is a slightly unusual racing game that's coming to Linux.

    It's not a standard racing game like Dirt or Grid as you will be actually building your vehicle, possibly adding a bunch of weapons and then race or fight your way to the finish. Sounds like it could be a lot of fun! There's no full trailer yet since it's still in development but here's a few quick clips to give you an idea:

  • PlayStation 3 emulator RPCS3 has a new report out, over 40% of listed games now "Playable"

    RPCS3, the very impressive PlayStation 3 emulator continues advancing quickly with the team putting up a new report. This latest report covers April, with the delay being due to not having enough contributors. They're actually looking for help writing them, which you can apply for here.

  • Thrive, a free and open source game about the evolution of life

    Thrive [Official Site] is a game I came across years ago, a game about the evolution of life with you starting as a tiny Microbe and eventually working up to something more complex.

    That idea might sound familiar and for good reason, as it was originally inspired by the game Spore. However, they're attempting to go a little further by being scientifically accurate and have the evolution play-out across both you and everything around you.

Hack Computer review

Filed under
GNU
Linux
Hardware
Reviews

I bought a hack computer for $299 - it's designed for teaching 8+ year olds programming. That's not my intended use case, but I wanted to support a Linux pre-installed vendor with my purchase (I bought an OLPC back in the day in the buy-one give-one program).

I only use a laptop for company events, which are usually 2-4 weeks a year. Otherwise, I use my desktop. I would have bought a machine with Ubuntu pre-installed if I was looking for more of a daily driver.

Read more

KIT Scenarist is a Powerful Tool for Creating Screenplays

Filed under
Software

KIT Scenarist is an open source software for creating screenplays. You can use it for creating stories from the birth of the idea and before the transfer of the script to production.
Read more

R.T. Russell's Z80 BBC Basic is now open source

Filed under
Development
OSS

As part of the work I’ve been doing with cpmish I’ve been trying to track down the copyright holders of some of the more classic pieces of CP/M software and asking them to license it in a way that allows redistribution. One of the people I contacted was R.T. Russell, the author of the classic Z80 BBC BASIC, and he very kindly sent me the source and agreed to allow it to be distributed under the terms of the zlib license. So it’s now open source!

Read more

Games: Strange Loop Games and City Builder

Filed under
Gaming

Debian GNU/Linux riscv64 port in mid 2019

Filed under
Debian

As it can be seen in the first graph, perhaps with some difficulty, is that the percent of arch-dependent packages built for riscv64 (grey line) has been around or higher than 80% since mid 2018, just a few months after the port was added to the infrastructure.

Given than the arch-dependent packages are about half of the Debian['s main, unstable] archive and that (in simple terms) arch-independent packages can be used by all ports (provided that the software that they rely on is present, e.g. a programming language interpreter), this means that around 90% of packages of the whole archive has been available for this architecture from early on.

Read more

Latest Security FUD

Filed under
Security

Software: Synapse, Qmmp and LibreOffice

Filed under
Software
  • How to install and use Synapse, the MacOS Spotlight alternative for Linux

    Mac OS is everybody’s favorite, and there are several reasons behind it. One of the most useful utilities you can find on Mac OS is Spotlight, which makes searching for things a piece of cake, all directly from the desktop. While most developers have already designed similar utilities for Windows, the open-source Linux based operating systems are no exception, as well. Most Linux operating systems like Ubuntu have its own search functionality, but it can sometimes be troublesome to reach there and isn’t as powerful as Spotlight. So with Synapse for Linux, you can do just that, and boost the power of the search functionality on your system.

    With Synapse for Ubuntu, you can even search for things on the web, which is cool, as well. Some Linux distros like Lubuntu, don’t offer decent search functionality, and Synapse can be a great solution in such cases. With Synapse, searching is easy with just the navigation buttons on your keyboard, and you are ready to go. Synapse can be downloaded and installed from the Linux official repository. Synapse can also be configured to run on startup so that too don’t need to search for, and open Synapse, each time you need to use it.

  • Qmmp 1.3.3 Released with Floating PulseAudio, ALSA, OSS4 Support

    Qmmp, Qt based audio player, released version 1.3.3 with improvements and bug fixes. Here’s how to install it in Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10, Ubuntu 19.04.

  • Office Suites for Ubuntu 18.04

    Today we are looking at different office suites for Ubuntu 18.04. LibreOffice is the default LibreOffice suite for Ubuntu but it is by all means not the only one. In this article, we will look at different office suites for Ubuntu and all of its pros and cons.

    All these Office Suites are available for at least all Ubuntu based distros, and the installation method is the same for all the Ubuntu based distros.

  • Week 3 Report

    I continue working on Rewriting the logger messages with the new DSL grammar:

Lenovo ThinkPad P Laptops Are Available with Ubuntu

Filed under
GNU
Linux
Hardware

Dell may be the best-known Linux laptop vendor right now, but Lenovo is looking to muscle in on the pre-installed Linux machine market.

All of Lenovo’s refreshed ThinkPad P series laptops will be available to buy with Ubuntu 18.04 LTS preinstalled when they go on sale in the US later this month.

Oddly, Lenovo doesn’t mention Linux availability in their press release introducing the new ThinkPad P series laptops, but eagle-eyed Linux users spotted the additional OS option on when investigating the laptop’s ‘tech specs’ on the Lenovo website.

The company says its refreshed P-series ‘portfolio’ is “…is designed to meet the ever-changing power and portability needs of modern professionals across industries – both in the office and beyond without sacrificing our legendary engineering know-how, reliability and security.”

Read more

Also: How to install Lubuntu Linux OS on PC via USB stick/drive

Move to pay Debian devs for project work rears its head again

Filed under
GNU
Linux
Debian

The idea of paying developers to work on Debian GNU/Linux packages has reared its head again, with senior developer Raphael Hertzog proposing that project funds be used for the purpose.

Hertzog made the suggestion in a reply to a post on one of the project's mailing lists which was part of a thread on the subject "Why do we take so long to realise good ideas?"

"Use the $300,000 on our bank accounts?", he wrote, adding that he had heard of another US$300,000 donation made by Google to the project though he was unable to find any publicly accessible reference to it.

The idea of paying developers for their work on what is a community project was raised 13 years ago by former project leader Anthony Towns, with the reason being the speeding up of development so that releases could take place sooner. The idea did not prove very popular as it was meant to be run outside the project proper and was meant to pay core members for their work.

Read more

Syndicate content

More in Tux Machines

Developers Devising Plan To Ship Newer NVIDIA Drivers On Ubuntu Stable Releases

Currently NVIDIA's packaged drivers on Ubuntu can get a bit stale on Ubuntu stable releases since they aren't updated in-step with the latest driver releases. But a new stable release update (SRU) policy/exception similar to the Firefox approach is being made for Ubuntu so that new releases will end up working their way into currently supported Ubuntu series. The Canonical developers working on Ubuntu are really ramping up their support for NVIDIA's proprietary driver. On top of Ubuntu 19.10 to bundle the NVIDIA binary driver into the operating system's ISO image, they are working out the SRU details for shipping newer NVIDIA driver releases on existing Ubuntu stable releases. Read more

Security Leftovers

  • Microsoft Warns about Worm Attacking Exim Servers on Azure [Ed: Microsoft should also warn "customers" of Windows back doors for the NSA, but it does not (this one was patched ages ago; the Microsoft back doors aren't). Shouldn't Microsoft ask its proxies and partners, as usual, to come up with buzzwords and logos and Web sites for bugs in FOSS, then talk about how FOSS is the end of the world?]
  • The Highly Dangerous 'Triton' [Attackers] Have Probed the US Grid [Ed: It's Windows]
     

    Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated [attackers] carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these [attackers], known as Xenotime—or sometimes as the Triton actor, after their signature malware—have a particularly dark history. The Triton malware was designed to disable the so-called safety-instrument systems at Saudi Arabian oil refinery Petro Rabigh in a 2017 cyberattack, with the apparent aim of crippling equipment that monitors for leaks, explosions, or other catastrophic physical events. Dragos has called Xenotime "easily the most dangerous threat activity publicly known."

  • A Researcher Found a Bunch of Voting Machine Passwords Online
    A little more than a week ago, the Department of Homeland Security confirmed that it was going to forensically analyze computer equipment associated with part of the 2016 elections in North Carolina in association with questions about Russian hacking. The news prompted an information security researcher to announce that he’d found evidence of other election security issues in North Carolina last fall, which he’d kept quiet until now. Chris Vickery, the director of cyber-risk research at UpGuard, a cybersecurity services firm, tweeted June 7 that he had found an unlocked online repository that contained what he said were passwords for touchscreen voting machines. The repository, he said, also contained other information, including serial numbers for machines that had modems, which theoretically could have allowed them to connect to the internet. Vickery said that after he found the open repository in September 2018, he immediately told state officials, who locked the file. State officials have told Mother Jones that the passwords were nearly 10 years old and encrypted—a claim disputed by Vickery and a Democratic technology consultant in North Carolina—but admitted that the file shouldn’t have been publicly available online.
  • TPM now stands for Tiny Platform Module: TCG shrinks crypto chip to secure all the Things [Ed: Misusing the word "trust" to obliterate computer freedom and general-purpose computing]
    The Trusted Computing Group (TCG), a nonprofit developing hardware-based cybersecurity tools, has started work on the "world's tiniest" Trusted Platform Module (TPM). TPMs are silicon gizmos designed to protect devices by verifying the integrity of essential software – like firmware and BIOS − and making sure no dodgy code has been injected into the system prior to boot. These are widely used to protect servers. Now TCG wants to adopt the technology for devices that are so small that the inclusion of a full TPM chip might be impractical due to cost, space and power considerations. The first tiny TPM prototype, codenamed Radicle, was demonstrated last week at a TCG members' meeting in Warsaw, Poland. [...] We have to mention that for years, TCG and its TPMs were criticised by the open-source software community, which suspected the tech could be used for vendor lock-in – GNU father Richard Stallman called trusted computing "treacherous computing", but it looks like his worst fears have not come to pass. That doesn't mean TPMs haven't seen their share of dark days: back in 2017, it emerged that security chips made by Infineon contained a serious flaw, with experts estimating that 25 to 30 per cent of all TPMs used globally were open to attack.
  • What Is a Buffer Overflow
    A buffer overflow vulnerability occurs when you give a program too much data. The excess data corrupts nearby space in memory and may alter other data. As a result, the program might report an error or behave differently. Such vulnerabilities are also called buffer overrun. Some programming languages are more susceptible to buffer overflow issues, such as C and C++. This is because these are low-level languages that rely on the developer to allocate memory. Most common languages used on the web such as PHP, Java, JavaScript or Python, are much less prone to buffer overflow exploits because they manage memory allocation on behalf of the developer. However, they are not completely safe: some of them allow direct memory manipulation and they often use core functions that are written in C/C++.
  • Any iPhone can be hacked
    Apple’s so called secure iPhones can be turned over by US coppers using a service promoted by an Israeli security contractor. Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9 but no-one ever called them secure and safe. What is unusual is that Cellebrite is making  broad claims about turning over Apple gear. This is not a cat-and-mouse claim where they exploit a tiny flaw which one day might be fixed. It would appear that Cellebrite has its paw on a real howler.
  • Cellebrite Claims It Can Unlock ‘Any’ iPhone And iPad, 1.4 Billion Apple Devices Hackable
    Israel-based Cellebrite has announced a new version of its system Universal Forensic Extraction Device (UFED) — UFED Premium — which is capable of unlocking any iPhone, high-end Android device, or an iPad. The forensics company has suggested that UFED Premium is meant to help the police in unlocking iPhones and Android smartphones and getting data from locked smartphones.
  • Web-based DNA sequencers getting compromised through old, unpatched flaw
    DnaLIMS is developed by Colorado-based dnaTools. It provides software tools for processing and managing DNA sequencing requests. These tools use browsers to access a UNIX-based web server on the local network, which is responsible for managing all aspects of DNA sequencing. A simple Google search shows that dnaLIMS is used by a number of scientific, academic and medical institutions.
  • Generrate Cryptographically Secure RANDOM PASSWORD
  • DMARC, mailing list, yahoo and gmail
    Gmail was blocking one person’s email via our list (he sent that using Yahoo and from his iPhone client), and caused more than 1700 gmail users in our list in the nomail block unless they check for the mailman’s email and click to reenable their membership. I panicked for a couple of minutes and then started manually clicking on the mailman2 UI for each user to unblock them. However, that was too many clicks. Suddenly I remembered the suggestion from Saptak about using JavaScript to do this kind of work. Even though I tried to learn JavaScript 4 times and failed happily, I thought a bit searching on Duckduckgo and search/replace within example code can help me out.
  • Tired of #$%& passwords? Single Sign-on could be savior

    So how is single sign-on more secure, if Facebook is in charge? It's not, say security experts. "They’ve shown they can’t be trusted with our information," says Rudis.

  • Are SSO Buttons Like “Sign-in With Apple” Better Than Passwords?
    Apple recently announced a new product that could prevent users from giving away their email ID to every other site on the internet. It’s expected to launch sometime later in 2019. Called “Sign-in with Apple,” it is similar to other Single Sign-on services provided by Google and Facebook. The button lets you login to websites without creating a new user account every time.
  • App Makers Are Mixed on ‘Sign In With Apple’

    But other app makers have mixed feelings on what Apple has proposed. I spoke to a variety of developers who make apps for iOS and Android, one of whom asked to remain anonymous because they aren’t authorized to speak on behalf of their employer. Some are skeptical that Sign In with Apple will offer a solution dramatically different from what’s already available through Facebook or Google. Apple’s infamous opacity around new products means the app makers don’t have many answers yet as to how Apple’s sign in mechanism is going to impact their apps. And one app maker went as far as referring to Apple’s demand that its sign-in system be offered if any other sign-in systems are shown as “petty.”

  • Chinese Cyberattack Hits Telegram, App Used by Hong Kong Protesters

    “This case was not an exception,” he wrote.

    The Hong Kong police made their own move to limit digital communications. On Tuesday night, as demonstrators gathered near Hong Kong’s legislative building, the authorities arrested the administrator of a Telegram chat group with 20,000 members, even though he was at his home miles from the protest site.

  • Security News This Week: Telegram Says China Is Behind DDoS

    As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack. The company tweeted on Wednesday that it was under attack. Then the app’s founder and CEO Pavel Durov followed up and suggested the culprits were Chinese state actors. He tweeted that the IP addresses for the attackers were coming from China. “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” he added. As Reuters notes, Telegram was DDoSed during protests in China in 2015, as well. Hong Kong does not face the strict [Internet] censorship that exists in mainland China, although activists have expressed concern about increased pressure from Beijing on the region.

  • Nextcloud signs public letter, opposing German plan to force decryption of chat

10 Excellent Free Mind Mapping Software for Linux Users

Mind maps are diagrams used to organize information visually in hierarchical ways that show relationships among the elements that make up the map. Drawing mind maps have been proven to be highly effective for getting information in and out of the brain especially when combined with logical note-taking that typically details or summarizes the roles of the map’s components along the way. There are various mind mapping software out there ranging from free to paid to open source options. Today, my job is to list the best mind mapping software available to users for free. They are all modern, easy enough to use, and offer sufficient consumer support. Read more

today's howtos