Language Selection

English French German Italian Portuguese Spanish

News Feeds

LinuxSecurity.com Advisories

Collabora

LXer

Slashdot

FOSSMint

Phoronix

Techrights

Ubuntu Buzz

UbuntuBuzz

DW Latest Releases

It's FOSS

FOSSLinux

Linux.com

OSNews

DistroWatch

Kde Planet

LWN

Linux Today

Steven

OMG! Ubuntu!

Mozilla

GamingOnLinux

Gizmoz

Linux Gizmos

Softpedia News

KDE Dot News

Gnu Planet

Debian

Planet Debian

Tizen

openSUSE News

LinuxLinks

OpenSource.com

Insider

Purism

Fedora Magazine

Tecmint

LinOxide

Kernel Planet

Reviews Guy

Distrowatch Weekly

FOSS Force

SparkyLinux

FSF

FOSS Post

Jamie

System 76

Gentoo News

Linux Journal

TechBytes

GNOME News

Jolla Users Blog

Linux Voice

TuxGallery

Web Upd8

Syndicate content

More in Tux Machines

Security: Linux, Docker and Guix

  • Unpatched Linux bug may open devices to serious attacks over Wi-Fi

    The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.

  • Docker Attack Worm Mines for Monero
  • Insecure permissions on profile directory (CVE-2019-18192)

    We have become aware of a security issue for Guix on multi-user systems that we have just fixed (CVE-2019-18192). Anyone running Guix on a multi-user system is encouraged to upgrade guix-daemon—see below for instructions. Context The default user profile, ~/.guix-profile, points to /var/guix/profiles/per-user/$USER. Until now, /var/guix/profiles/per-user was world-writable, allowing the guix command to create the $USER sub-directory. On a multi-user system, this allowed a malicious user to create and populate that $USER sub-directory for another user that had not yet logged in. Since /var/…/$USER is in $PATH, the target user could end up running attacker-provided code. See the bug report for more information. This issue was initially reported by Michael Orlitzky for Nix (CVE-2019-17365).

In 2019, multiple open source companies changed course—is it the right move?

Free and open source software enables the world as we know it in 2019. From Web servers to kiosks to the big data algorithms mining your Facebook feed, nearly every computer system you interact with runs, at least in part, on free software. And in the larger tech industry, free software has given rise to a galaxy of startups and enabled the largest software acquisition in the history of the world. Free software is a gift, a gift that made the world as we know it possible. And from the start, it seemed like an astounding gift to give. So astounding in fact that it initially made businesses unaccustomed to this kind of generosity uncomfortable. These companies weren't unwilling to use free software, it was simply too radical and by extension too political. It had to be renamed: "open source." Once that happened, open source software took over the world. Recently, though, there's been a disturbance in the open source force. Within the last year, companies like Redis Labs, MongoDB, and Confluent all changed their software licenses, moving away from open source licenses to more restrictive terms that limit what can be done with the software, making it no longer open source software. Read more Also: Network Time Foundation Joins Open Source Initiative

Red Hat: OpenShift, RHEL, Dependency Analytics, vDPA and More

  • Red Hat Expands the Kubernetes Developer Experience with Newest Version of Red Hat OpenShift 4

    Red Hat, Inc., the world's leading provider of open source solutions, today announced Red Hat OpenShift 4.2, the latest version of Red Hat’s trusted enterprise Kubernetes platform designed to deliver a more powerful developer experience. Red Hat OpenShift 4.2 extends Red Hat’s commitment to simplifying and automating enterprise-grade services across the hybrid cloud while empowering developers to innovate and enhance business value through cloud-native applications.

  • RHEL and Insights combo illuminates threats and spotlights performance for Red Hat systems

    When Red Hat Inc. officially rolled out its Red Hat Enterprise Linux 8, or RHEL 8, operating system in May, the open-source software company also included Red Hat Insights with every subscription for the new release. Based on data supplied by one of the company’s top executives, that has proven to be a wise decision. Insights is a software as a service product that works from a rules-based engine to offer continuous connected analysis of registered Red Hat-based systems. “We’ve seen an 87% increase since May in the number of systems that are linked in,” said Stefanie Chiras (pictured), vice president and general manager of the RHEL Business Unit at Red Hat. “We’re seeing a 33% increase in coverage of rules-based and a 152% increase in customers who are using it. That creates a community of people using and getting value from it, but also giving value back because the more data we have the better the rules get.”

  • What’s new in Red Hat Dependency Analytics

    We are excited to announce a new release of Red Hat Dependency Analytics, a solution that enables developers to create better applications by evaluating and adding high-quality open source components, directly from their IDE. Red Hat Dependency Analytics helps your development team avoid security and licensing issues when building your applications. It plugs into the developer’s IDE, automatically analyzes your software composition, and provides recommendations to address security holes and licensing problems that your team may be missing. Without further ado, let’s jump into the new capabilities offered in this release. This release includes a new version of the IDE plugin and the server-side analysis service hosted by Red Hat.

  • Breaking cloud native network performance barriers

    Up until now we have covered virtio-networking and its usage in VMs. We started with the original vhost-net/virtio-net architecture, moved on to the vhost-user/virito-pmd architecture and continued to vDPA (vHost Data Path Acceleration) where the virtio ring layout was pushed all the way into the NIC providing wiresspeed/wirelatency to VMs. We now turn our attention to using vDPA for providing wirespeed/wirelatency L2 interfaces to containers leveraging kubernetes to orchestrate the overall solution. We will demonstrate how Containerized Network Functions (CNFs) can be accelerated using a combination of vDPA interfaces and DPDK libraries. The vDPA interfaces are added as a secondary interface to containers using the Multus CNI plugin. This post is a high level solution overview describing the main building blocks and how they fit together. We assume that the reader has an overall understanding of Kubernetes, the Container Network Interface (CNI) and NFV terminology such as VNFs and CNFs.

  • Top 5 stress reliefs for sysadmins

Purism shows off more pictures of Librem 5 Phone and PureOS UI

As the first batch of the Librem 5 phones starts reaching its respectful owners, we can now have a better look at the product from its pictures taken by the customers. Before we check them out, let’s get to know a bit more about these phones. The Librem 5 smartphones are powered by PureOS, which is a Linux-based mobile operating system. The brains behind this product, namely Purism, have made it their top priority to offer such phones that provide security, privacy, and freedom to the customers. Accordingly, this product has been made for people who want to have complete control over their phones. You should check out this article if you want to know more about the Librem 5 smartphones. Now coming back to the news, people who have ordered this phone are in for a treat as the Librem 5 comes with a black anodized aluminum case. Not only it’s stylish, but it also maintains high radio reception quality – thanks to its non-metal backing. It accompanies easier-to-slide, flush hardware kill switches. Read more Also: Nathan Wolf: New Life to Rock Candy Gamepad for PS3 | Another Repair