Language Selection

English French German Italian Portuguese Spanish

Interviews

Raspberry Pi 3D full-body scanner interview

Filed under
Development
Interviews
Gadgets

“In the last five to six years I began working with 3D printers and CNC machines. I started to build stuff, such as furniture and gadgets, and my first Raspberry Pi project was the Pi Snap Box. It’s the size of a mini-PC and is a box you put on the wall with one button on it. If you press the button, it takes three photos. It posts the first photo to a Facebook account for whoever the box belongs to. So for example, if you hang it up in a hairdresser’s salon and get your hair done all nicely, people could then see the good results on the hairdresser’s Facebook page.

Read more

The state of accessibility in Linux and open source software

Filed under
Linux
Interviews
OSS

Spencer Hunley is an autistic professional, former Vice Chair of the Kansas City Mayor's Committee for People with Disabilities, and current board member of the Autism Society of the Heartland & ASAN's Kansas City chapter. In August, Spencer will be giving a talk, Universal Tux: Accessibility For Our Future Selves, at LinuxCon in Chicago. He also gave a talk, Maximizing Accessibility: Engaging People with Disabilities In The Linux Community, at LinuxCon North America 2013.

In this interview, Spencer provides an update on the state of accessibility in Linux and open source software.

Read more

Why Women in Tech Can, and Should, Write a Better Resume

Filed under
Linux
Interviews

Experience with Linux is an important thing – a track record of tinkering and involvement in the open source world. Working in drivers, embedded Linux, etc. At this point companies are desperate for Linux talent. The most important thing to show is you've gotten hands-on with bits of the kernel, whichever ones are interesting to you personally. Time spent as a site reliability engineer or working in a DevOps environment is particularly attractive to employers these days, as are well rounded sys admin skills. Even if you just run Linux as your primary operating system and know how to tinker with your machine, you’re ahead of many candidates.

Read more

Linux Foundation SysAdmin Michael Halstead's IT Career Started at Age 15

Filed under
Linux
Interviews

Michael Halstead maintains all of the public facing infrastructure for the Yocto Project, a Linux Foundation collaborative project that provides the tools and methods for building custom embedded Linux distributions. In this Q&A he describes his typical day at work, the best part of his job, how he spends his free time, and more.

Read more

Imad Sousou: The Future of Linux and Intel in the New Connected World

Filed under
Linux
Hardware
Interviews

From new cloud platforms, to changes in virtualization and container technologies, to how data is stored and transmitted, every innovation in the data center has a Linux-based or open source component, says Imad Sousou vice president of the Software and Services Group and general manager of the Intel Open Source Technology Center at Intel.

“To a great degree... the speed with which solutions can be brought online is the result of Linux and open source in the data center,” said Sousou, who is also on the OpenStack Foundation board of directors. “The amount of collaboration around the future of the data center is very encouraging.”

Read more

Is making your product free and open source crazy talk?

Filed under
Interviews
OSS

Making money from open source. To many in the corporate world, that seems like a contradiction in terms. How are you supposed to make money from something that you give away? they ask. It can be done. A number of companies, large and small, have done quite well in the open source space over the years.

Just ask Patrick McFadin. He’s the chief evangelist for Apache Cassandra at DataStax, a company that’s embraced the open source way. He’s also interviewed leaders at a number of successful open source companies to gain insights into what makes a successful open source business.

Read more

Red Hat CEO Whitehurst on VMware, OpenStack and CentOS

Filed under
Red Hat
Interviews

"Open source gives us brand permission to enter a ton of categories," said Red Hat CEO Jim Whitehurst.

Read more

This Is What It's Like To Be A Woman CEO In The Male-Dominated Open-Source Software World

Filed under
Interviews
Ubuntu

Jane Silber is the CEO of Canonical, a 650-employee software company best known for two things. Its Linux operating system, named Ubuntu, that competes with Windows and Macs, and its bold plan to take on Apple, Google, and Microsoft with soon-to-be released phones/tablets/internet TV devices.

Read more

Automotive Grade Linux Released: An Interview With Dan Cauchy

Filed under
Linux
Interviews

On June 30, the Linux Foundation's Automotive Grade Linux (AGL) project released the first version of its open source AGL stack for in-vehicle infotainment (IVI). Based on Tizen IVI, AGL adds a stylish user interface and various applications written in HTML5 and JavaScript. The AGL stack, which is partially compatible with the somewhat similar, open source Linux GENIVI Foundation spec, supports multiple hardware architectures.

Read more

3 ways to contribute to Firefox OS

Filed under
Linux
Interviews
Moz/FF

A Firefox OS evangelist and volunteer working as the platform's Early Feedback Community Release Manager, Kerensa will use his time on stage at this year's OSCON to wage a recruitment effort. Along with Alex Lakatos, Kerensa will present Getting Started Contributing to Firefox OS, an introduction to building applications for the operating system. Attendees will learn how Firefox OS embodies Mozilla's commitment to open web standards like HTML, CSS, and Javascript.

Read more

Syndicate content

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers