Language Selection

English French German Italian Portuguese Spanish

July 2005

Mandriva Linux 2006 Beta

Filed under
MDV

The beta testing process for Mandriva Linux 2006 is now officially underway: "The test period for Mandriva Linux 2006 has now officially begun with the first beta available.

Intel hands off BIOS successor to trade group

Filed under
Hardware

The Extensible Firmware Interface, which could speed the boot-up process for PCs, has been handed over to a group that will promote and standardize it.

First Windows Vista Beta Could Ship Wednesday

Filed under
Microsoft

Microsoft is poised to ship an early beta version of its newly re-christened Vista operating system to its key developers as early as Wednesday, according to reports circulating throughout the industry.

Give Up Privacy to Skip Airport Security Lines?

Filed under
Misc

Attention frequent fliers: Your dream of bypassing long security lines may soon be a reality at airports across the country. But you will have to let the feds scan not only your background, but your iris too. And you'll have to give up prints of your index fingers.

M$ to boost compatibility with OSS?

Filed under
Microsoft
OSS

Microsoft is bowing to pressure from users to improve compatibility between its systems software and open-source technology.

Open-source vendor seeks OS-free PCs

Filed under
OSS

An open-source software vendor is petitioning the Australian consumer watchdog to make it possible for all name-brand PC resellers to sell systems without an operating system on board.

Sizing up the Linux desktop market, part 2

Filed under
Linux

In part two of our conversation with Iams, the analyst names the rising Linux desktop vendors to keep an eye on, offers migration advice for companies considering Linux on the desktop and explains why "Windows versus desktop Linux" is essentially a non-story right now.

UK AWE adopts Open Source Systems

Filed under
OSS

The UK Atomic Weapons Establishment plc (AWE) is using a visualization cluster system based on open source software.

Everyday Linux Gripes

Filed under
Linux

I've sometimes been labeled a cheerleader for Free Software. This doesn't bother me too much; there's no doubt that I am a lot more gung-ho on Linux and related technologies than most of my colleagues. But lest I seem like a full-time penguin apologist who can't fairly critique his platform of choice, I'm using this month's Free Agent to revel in that oldest pastime of tech columnists: I'm going to gripe.

M$ expands Windows anti-piracy program

Filed under
Microsoft

Microsoft Corp. is adopting more stringent controls for registering legitimate copies of its flagship Windows operating system in an effort to curtail piracy of its products worldwide, the world's largest software maker said on Tuesday.

More in Tux Machines

Security: Proprietary Software Holes and More

  • It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

    With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs. [...] Also of note is CVE-2019-1471, a critical hypervisor escape bug that would allow an attacker running on a guest VM to execute code on the host box. The bulk of this month's critical fixes were for a series of five remote code execution flaws in Git for Visual Studio. In each of the flaws, said to be caused by improper handling of command-line input, an attacker would launch the exploit by convincing the target to clone a malicious repo. The remaining critical patch is for CVE-2019-1468, a play on the tried-and-true font-parsing vulnerability. In the wild, an attacker would embed the poisoned font file in a webpage and attack any system that visits.

  • Exploring Legacy Unix Security Issues

    The operating system SGI IRIX 6.5.22 was declared end of life in 2003, so it has limited use as a production system. I decided I could relive the good old days by looking for new vulnerabilities on an old system in my spare time. It was also an excuse to write some C code, and refresh my memory. One of my favorite vulnerabilities is the Insecure Temporary File (CWE-377). This involves manipulating files created in /tmp in an insecure manner. A file is created in /tmp by a piece of software that doesn’t check if the file exists before creating it. Allowing a malicious local user to symlink that file to a critical system file and overwriting it with the contents of what is written to the file in /tmp. So I started looking under the /usr/sbin directory for binaries to target. I did a quick examination of binaries and scripts in using the find command to give myself a starting point.

  • Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

    The Breakpointing Bad team at the University of New Mexico recently reported a VPN vulnerability that affects Linux, MacOS, iOS, Android, and more. The vulnerability allows malicious actors to not only see your VPN IP address, but also identify sites you are visiting and inject data into connections. The team consists of William J. Tolley, Beau Kujath, and Jedidiah R. Crandall and the public was notified on December 4th, 2019. Designated [CVE-2019-14899], the vulnerability shook the VPN industry due to the breadth of affected systems. [CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections. To our knowledge, Private Internet Access is the first commercial VPN to release a new client that prevents this ongoing security vulnerability.

  • Chrome now warns you when your password has been stolen

    Google is rolling out Chrome version 79 today, and it includes a number of password protection improvements. The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach. Google has been warning about reused passwords in a separate browser extension or in its password checkup tool, but the company is now baking this directly into Chrome to provide warnings as you log in to sites on the web.

today's howtos

Android Leftovers

8 of the worst open source innovations of the decade

Over the years, Linux and open source have been a master class on slow burn success. From out of nothing, Linux has become the champion of the cloud, IoT, and containers. And although it hasn't reached the "world domination" status it swore in the early 2000s, Linux desktop is still very much alive and building momentum. But that doesn't mean it's been all success; in fact, there have been a few stumbles along the way. Let's take a look at some of the worst open source failures of the decade. Read more