Language Selection

English French German Italian Portuguese Spanish

October 2017

How To Burn ISO Image To DVD And USB Using dd

Filed under
Linux
News

As a Linux enthusiast and a distro hopper, I am always checking out new distros or newly released of distros I already know about. There are a few handy tools available on Linux for writing ISO images to disks or USBs. Some of these tools include Unetbootin and Etcher amongst others.

Read<br />
more

today's leftovers

Filed under
Misc

Debian and Ubuntu Leftovers

Filed under
Debian
Ubuntu
  • How Can Debian Turn Disagreement into Something that Makes us Stronger

    Recently, when asked to engage with the Debian Technical Committee, a maintainer chose to orphan their package rather than discuss the issue brought before the committee. In another decision earlier this year, a maintainer orphaned their package indicating a lack of respect for the approach being taken and the process. Unfortunately, this joins an ever longer set of issues where people walk away from the TC process disheartened and upset.

    For me personally the situations where maintainers walked away from the process were hard. People I respect and admire were telling me that they were unwilling to participate in our dispute resolution process. In one case the maintainer explicitly did not respect a process I had been heavily involved in. As someone who values understanding and build a team, I feel disappointed and hurt thinking about this.

  • Full Circle Magazine #126
  • Ubuntu Desktop Weekly Update: GNOME Fixes & New Snaps

    I’ll be starting the weekly round-up posts again now that the release is out and 18.04 is getting under way. At this early stage in the development cycle we’re spending a week or so tidying up the loose ends from 17.10, SRUing the important fixes that we’ve found, getting ready to sync new packages from Debian, and generally doing the groundwork to give us a clear run at 18.04. As you know, 18.04 will be an LTS release and so we will be focusing on stability and reliability this cycle, as well as a few new features. I’ll give a more detailed view into 18.04 in the coming weeks.

Lightweight Linux Distributions, KDE Server Decoration, GNOME GitLab initiative

Filed under
GNU
KDE
Linux
GNOME
  • 10 Best Lightweight Linux Distributions For Older Computers In 2017

    What do you do with your old computers? The one which once had good hardware configuration but now those are considered outdated. Why not revive your old computer with Linux? I am going to list best lightweight Linux distributions that you can use on your older PC.

    While our focus is on older computers, you can also use most of these lightweight Linux on relatively new hardware. This will give you a better performance if you use your computer for resource-heavy usage such as video editing on Linux.

  •  

  • KDE Server Decoration Protocol Proposed For Wayland-Protocols

    Yesterday the GTK tool-kit added support for KDE's server-side decorations on Wayland to be used when client-side decorations are not active. Now it's been proposed adding the KDE Server Decoration Protocol to the upstream Wayland-Protocols repository.

  • GitLab initiative – Short summary

    Georges told me some people outside of our community asked about our GitLab initiative and that there is some confusion what the status is and that contrary to my belief, there is actual interest outside of GNOME. Since I guess people outside of our community didn’t follow our regular conversations, discussions and update reports in our GNOME mailing list for general desktop discussion,  I’ll do a short summarize.

    Almost a year ago we started looking into alternatives to Bugzilla and cgit, and it became a long research, discussion and meeting with several parties and a few of us, Alberto, Allan and me, which then expanded to more people in order to give a different point of vision, like Emmanuele, Daniel, etc. All the research, work and reasoning we did and our eventual decision for a recommendation is written in our wiki page.

Software. HowTos and Games

Filed under
Software
Gaming
HowTos
  • Synergy – Share Your Mouse and Keyboard Between Multiple Computers

    If you are one to use many screens at work or at your workstation at home then you are probably aware of Synergy. After all, it is the most voted Mouse and Keyboard sharing software on Slant.

    Synergy is a cross-platform app that lets you share your mouse and keyboard across multiple computers as if they are one – thereby providing a single cohesive user experience.

  • 6 Best Linux Music Players That Every User Must Try — (2017 Edition)

    Watching movies and playing music is one of the primary entertainment purposes served by our computers. So, when you move to a new operating system, it makes perfect sense if you look for useful media players.

  • Anypaste – Share And Upload Files To Compatible Hosting Sites Automatically

    A while ago, we have written a guide about Transfer.sh which allows you to share files over Internet from command-line. Today, we will see yet another file sharing utility called Anypaste. It is a simple script to share and upload files to compatible hosting sites depending upon the type of the files, automatically. You don’t need to manually log in to the hosting sites and upload or share your files. Anypaste will pick the right hosting sites depends upon the type of the file you want to upload. To put this simply, photos will get uploaded to image hosting sites, videos to video sites, code to pastebins. Cool, yeah? Anypaste is completely free, open source and light-weight script and you can do everything from command line. You don’t need to depend on any heavy, memory-consuming GUI apps to upload and share files.

  • Getting a Virtual Machine’s IP Address from virsh
  • Telegram notifications for Jenkins builds
  • Fallback to default values for NULL columns in Rust SQLite
  • Minilens – Fun Open Source Puzzle Platform Game

    Minilens is a fun open source puzzle-platform game set on post-apocalyptic Earth. The star of the show is Minilens, a robot that lacks the ability to jump. His task is to cleanse Earth of radioactive barrels, and at the same time collect the only life left on the planet — flowers.

    There are 45 levels to solve. The game offers a great way to stimulate your grey matter, particularly as some of the levels are tricky to solve. And when (if?) you’ve solved all the levels or you’re totally stumped, the fun doesn’t end. It’s easy to make new challenging levels using the Godot Engine. The engine creates games targeting PC, console, mobile and web platforms, and has dozens of developers and more than 400 contributors.

  • FORMULA ONE returns to Linux with F1 2017, coming November 2nd

Programming: Android 8.1 Developer, Z Garbage Collector, GNU C Library

Filed under
Development
  • Android 8.1 Developer Preview hands-on: Everything new in Google’s latest update

    Google gave us 64 days to get used to Android 8.0 Oreo being the latest version of Android. While only one third-party phone has upgraded to the latest version, Google is already dropping a developer preview for the next version of Android on the world. Two days ago it released the Android 8.1 Developer Preview, and after a solid day of trying to flash it, totally bricking a Pixel 2, and later having Google pull the update files because they didn't work, we're here to report what Android 8.1 is actually like.

    Like most of the .1 releases these days, it's full of some minor, but important, updates that probably just weren't ready in time for Android 8.0.

  • ZGC large-heap Java garbage collector may go open source

    An Oracle-developed, low-latency Java garbage collector geared to large heaps could move to the open source community, if a proposal to do so gets community approval. Votes are due by November 8.

    Called the Z Garbage Collector (ZGC), the project is designed to support multiterabyte heaps, have pause times not exceeding 10 milliseconds, and offer no more than a 15 percent application reduction throughput compared to the G1 garbage collector.

  • Point releases for the GNU C Library

    The GNU C Library (glibc) project produces regular releases on an approximately six-month cadence. The current release is 2.26 from early August; the 2.27 release is expected at the beginning of February 2018. Unlike many other projects, though, glibc does not normally create point releases for important fixes between the major releases. The last point release from glibc was 2.14.1, which came out in 2011. A discussion on the need for a 2.26 point release led to questions about whether such releases have a useful place in the current software-development environment.

    The glibc 2.26 release is generally only found in relatively fast-moving distributions at this point. For most users, 2.26 has been without problems, but that is not true for everybody. There have been a few significant regressions in this release that have required fixes; one of those was seen as important enough that the question of creating a 2.26.1 point release was raised. Romain Naour subsequently brought that discussion to the libc-alpha mailing list. Having a point release containing important fixes would be helpful to downstream distributors that want to incorporate those fixes, he said.

OSS Leftovers

Filed under
OSS
  • US Logistics Agency Launches Blockchain Sector Mapping Tool

    The U.S. government agency in charge of logistics is taking the next step in its effort to better understand blockchain.

    Through its Emerging Citizen Technology (ECT) program, a blockchain analysis effort first announced in September, the General Services Administration (GSA) this week opened to contributions from industry members, according to a post on its website.

    These contributions will now be compiled into an open-source tool called Atlas, which will include "programs, use cases and resources" created by the private sector and researchers working within government agencies.

  • Baidu Aims For 'Android' Of Robocar Tech With Open-Source Apollo Platform
  • Open source Apollo speeds up Baidu's self-driving software development

    In July, Chinese technology company Baidu made its Apollo 1.0 self-driving car software available as open source on Github, using the Apache/BSD license. By Day 4 of the release, it was the most downloaded C++ software on the site.

    At an Apollo meetup hosted by Baidu at its Sunnyvale, California, offices, company president Ya-Qin Zhang announced Apollo 1.5, a major iteration of the software, just three months after the initial release.

  • This Engineering student is studying how open-source software projects can increase diversity within computer science

    Engineering senior Judy Weng has been working alongside Penn professor Chris Murphy to better understand the lack of diversity in the field of computer science despite its rapidly increasing popularity across majors.

    Weng became interested in the subject when she took CIS 399, an open software development class Murphy taught earlier this year. Upon realizing that open source coding can serve as a resource to underrepresented minorities because of its collaborative structure, she began to work with Murphy to look deeper into the issue.

  • AT&T creates Open Source Lab at T-REX

    AT&T is reaching out to St. Louis’ tech startup community with a new Open Source Lab.

  • Mapbox weighs in on location platforms, augmented reality, and the open source enterprise

    With all the happy talk about AI and blockchain we’ve been hearing lately, we can lose track of where the traction really is. The open sourcing of the enterprise immediately comes to mind.

    At Constellation Research‘s Connected Enterprise 2017, I tracked down Alex Barth of Mapbox to talk about their location-platform and the how open source has driven their growth.

  • Catalonia Rejoices As Another Advocate Of Open Source Becomes Moodle Partner

    Founded in 2004, 3ipunt (read “tresipunt”) provides Moodle and open source solutions from an explicit place of support for open source technologies, communities, and thinking. As a member of CatPL, the largest network of Catalan language organizations supporting open source, 3ipunt commits to advocating for open source opportunities through a program that seeks higher recognition, from government to enterprise, and funding for open source initiatives. This is why the Moodle Partner status, through which 3ipunt now commits 10% of its revenue to Moodle HQ, enjoys complete philosophical alignment.

  • Kodi: set-top streaming boxes that take the complexity out of building your own media server

    Kodi boxes are commercial video-streaming gadgets that implement XBMC, a longstanding media-server free/open source project, in pre-packaged form, ready to accept third party plugins, including ones that access infringing streaming services, giving users access to practically every video, commercial and noncommercial, for free, with an easy search-interface.

    Though XBMC has been around for a long time, it is a real chore to set up your own standalone XBMC server, requiring that you buy a mini-ATX all-in-one PC, install a GNU/Linux OS on it, set up and configure XBMC, and so on. The Kodi boxes take all that complexity out of the picture, prepackaging the system in boxes purpose-built to sit unobtrusively on your media totem. They're a really interesting contrast to the set-top boxes the average American family is forced to spend $200/year renting from their cable-operators, whose power-hungry, trailing-edge architecture have been the subject of a Congressional "Unlock-the-Box" rule for decades, with no motion in sight.

  • The Little Black Box That Took Over Piracy [Ed: Conde Nast (Wall Street) is attacking Kodi. Dubbing it "Piracy" and "Black Box" even though it's FOSS]
  • Hitachi Vantara launches Pentaho 8.0 into global datasphere

    The Pentaho brand is now a fully signed up card-carrying element of Hitachi Vantara.

    But making good on its promise to invest in what was a company and is now a brand/product, the PentahoWorld 2017 user conference saw Hitachi Vantara launch the the Pentaho 8.0 version release.

  • Chrome 63 Beta: Dynamic module imports, async iterators and generators, Device Memory API, and permissions UI changes

    It’s challenging for developers to create one user experience that can work across all devices, due to varying device capabilities. The new Device Memory JavaScript API helps developers with this challenge by using the total RAM on a user’s machine to provide insights into device constraints. This insight enables developers to tailor content at runtime in accordance with hardware limitations. For example, developers can serve a “lite” app to users on low-end devices, resulting in better experiences and fewer frustrations. T

  • Chrome 63 Beta Rolls Out With Dynamic Module Imports, Device Memory API

    Ahead of the weekend, the beta of Chrome 63 is now available for all supported platforms.

  • Open Source Music Festival to Launch Next Month at Abrons Arts Center

    "Open Source is based on the simple idea that we share our creative work, and allow others to build upon it freely. We've built our whole music festival around this powerful concept." says Joel Fan explaining his inspiration for the Festival, "The open source movement is changing the world, and affects every part of our lives. As a pianist, I've always been fascinated by the way music is created - how musical ideas are remixed and new musical trends emerge. The Internet and the open source movement have radically changed the way we communicate, collaborate, and powers much of our creativity today. New innovations such as the blockchain will alter how we power our creativity in the near future. The artists and composers featured at the Festival have won "Genius" Grants, Grammys, Pulitzers, and have earned recognition throughout the world."

  • Rousing Masses to Fight Cancer with Open Source Machine Learning

    Here’s an open invitation to steal. It goes out to cancer fighters and tempts them with a new program that predicts cancer drug effectiveness via machine learning and raw genetic data.

    The researchers who built the program at the Georgia Institute of Technology would like cancer fighters to take it for free, or even just swipe parts of their programming code, so they’ve made it open source. They hope to attract a crowd of researchers who will also share their own cancer and computer expertise and data to improve upon the program and save more lives together.

  • Samsung's new Linux smartphones, Raspberry Pi laptops, and more open source news
  • A Look Back: Challenges Of Open Access In 2017 (An Industry Perspective)

    Over the course of the year, three issues repeatedly reared their heads as barriers to the successful implementation of Open Access: the burden of expected author OA expertise; the underutilization of metadata in the publication lifecycle, and the challenges posed to authors and institutions by one-off solutions. As the tenth Open Access Week draws to a close, with its focus on the concrete benefits of making scholarly research openly available, where have we gotten to in solving these problems and realizing the potential of OA?

Security: Updates, Reaper, KRACK, Cryptographic kKeycards, Flexera's FUD, Google Play, Windows BadRabbit

Filed under
Security
  • Security updates for Friday
  • Assessing the threat the Reaper botnet poses to the Internet—what we know now
  • KRACK, ROCA, and device insecurity

    It is a fairly bleak picture from a number of different viewpoints. One almost amusing outcome of this mess is contained near the end of Vanhoef's KRACK web page. He notified OpenBSD of the flaw in mid-July with an embargo (at the time) until the end of August. OpenBSD leader Theo de Raadt complained about the length of the embargo, so Vanhoef allowed OpenBSD to silently patch the flaw. "In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo." That might not quite be the outcome De Raadt was hoping for with his (quite reasonable) complaint, especially given that Vanhoef strongly hints that there are other WiFi vulnerabilities in the pipeline.

  • A comparison of cryptographic keycards

    An earlier LWN article showed that private key storage is an important problem to solve in any cryptographic system and established keycards as a good way to store private key material offline. But which keycard should we use? This article examines the form factor, openness, and performance of four keycards to try to help readers choose the one that will fit their needs.

    I have personally been using a YubiKey NEO, since a 2015 announcement on GitHub promoting two-factor authentication. I was also able to hook up my SSH authentication key into the YubiKey's 2048 bit RSA slot. It seemed natural to move the other subkeys onto the keycard, provided that performance was sufficient. The mail client that I use, (Notmuch), blocks when decrypting messages, which could be a serious problems on large email threads from encrypted mailing lists.

    So I built a test harness and got access to some more keycards: I bought a FST-01 from its creator, Yutaka Niibe, at the last DebConf and Nitrokey donated a Nitrokey Pro. I also bought a YubiKey 4 when I got the NEO. There are of course other keycards out there, but those are the ones I could get my hands on. You'll notice none of those keycards have a physical keypad to enter passwords, so they are all vulnerable to keyloggers that could extract the key's PIN. Keep in mind, however, that even with the PIN, an attacker could only ask the keycard to decrypt or sign material but not extract the key that is protected by the card's firmware.

  • Study Examines Open Source Risks in Enterprise Software [Ed: Microsoft network promotes anti FOSS 'study' (marketing by Flexera)]
  • Google Play Protect is 'dead last' at fingering malware on Android

    Last month, German software testing laboratory AV-Test threw malware at 20 Android antivirus systems – and now the results aren't particularly great for Google.

    Its Play Protect system, which is supposed block malicious apps from running on your handheld, was beaten by every other anti-malware vendor.

  • NSA hacking tool EternalRomance found in BadRabbit

Flatpak 0.10 New Stable Series Adds Minor Improvements, 0.11 to Get New Features

Filed under
Red Hat

Flatpak maintainer Alexander Larsson announced the release of a new stable Flatpak series, versioned 0.10.x, which introduces a handful of improvements and bug fixes.

Flatpak 0.10.0 is the first update in the new series, and it's a small release adding the "flatpak config" option to allow users to set the language settings, implement a workaround for some random OSTree static delta issues, adds /dev/mali0 to --device=dri, and fixes a bug that makes ld.so.conf files to not be generated.

"This is the first release in a new series of stable releases called 0.10.x. New features will be added to 0.11.x, and bugfixes will be backported to 0.10.x. During the early phase of the 0.10.x series we may also backport minor features, but we guarantee backwards compatibility," said Alexander Larsson.

Read more

More in Tux Machines

Security: Linux, Docker and Guix

  • Unpatched Linux bug may open devices to serious attacks over Wi-Fi

    The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.

  • Docker Attack Worm Mines for Monero
  • Insecure permissions on profile directory (CVE-2019-18192)

    We have become aware of a security issue for Guix on multi-user systems that we have just fixed (CVE-2019-18192). Anyone running Guix on a multi-user system is encouraged to upgrade guix-daemon—see below for instructions. Context The default user profile, ~/.guix-profile, points to /var/guix/profiles/per-user/$USER. Until now, /var/guix/profiles/per-user was world-writable, allowing the guix command to create the $USER sub-directory. On a multi-user system, this allowed a malicious user to create and populate that $USER sub-directory for another user that had not yet logged in. Since /var/…/$USER is in $PATH, the target user could end up running attacker-provided code. See the bug report for more information. This issue was initially reported by Michael Orlitzky for Nix (CVE-2019-17365).

In 2019, multiple open source companies changed course—is it the right move?

Free and open source software enables the world as we know it in 2019. From Web servers to kiosks to the big data algorithms mining your Facebook feed, nearly every computer system you interact with runs, at least in part, on free software. And in the larger tech industry, free software has given rise to a galaxy of startups and enabled the largest software acquisition in the history of the world. Free software is a gift, a gift that made the world as we know it possible. And from the start, it seemed like an astounding gift to give. So astounding in fact that it initially made businesses unaccustomed to this kind of generosity uncomfortable. These companies weren't unwilling to use free software, it was simply too radical and by extension too political. It had to be renamed: "open source." Once that happened, open source software took over the world. Recently, though, there's been a disturbance in the open source force. Within the last year, companies like Redis Labs, MongoDB, and Confluent all changed their software licenses, moving away from open source licenses to more restrictive terms that limit what can be done with the software, making it no longer open source software. Read more Also: Network Time Foundation Joins Open Source Initiative

Red Hat: OpenShift, RHEL, Dependency Analytics, vDPA and More

  • Red Hat Expands the Kubernetes Developer Experience with Newest Version of Red Hat OpenShift 4

    Red Hat, Inc., the world's leading provider of open source solutions, today announced Red Hat OpenShift 4.2, the latest version of Red Hat’s trusted enterprise Kubernetes platform designed to deliver a more powerful developer experience. Red Hat OpenShift 4.2 extends Red Hat’s commitment to simplifying and automating enterprise-grade services across the hybrid cloud while empowering developers to innovate and enhance business value through cloud-native applications.

  • RHEL and Insights combo illuminates threats and spotlights performance for Red Hat systems

    When Red Hat Inc. officially rolled out its Red Hat Enterprise Linux 8, or RHEL 8, operating system in May, the open-source software company also included Red Hat Insights with every subscription for the new release. Based on data supplied by one of the company’s top executives, that has proven to be a wise decision. Insights is a software as a service product that works from a rules-based engine to offer continuous connected analysis of registered Red Hat-based systems. “We’ve seen an 87% increase since May in the number of systems that are linked in,” said Stefanie Chiras (pictured), vice president and general manager of the RHEL Business Unit at Red Hat. “We’re seeing a 33% increase in coverage of rules-based and a 152% increase in customers who are using it. That creates a community of people using and getting value from it, but also giving value back because the more data we have the better the rules get.”

  • What’s new in Red Hat Dependency Analytics

    We are excited to announce a new release of Red Hat Dependency Analytics, a solution that enables developers to create better applications by evaluating and adding high-quality open source components, directly from their IDE. Red Hat Dependency Analytics helps your development team avoid security and licensing issues when building your applications. It plugs into the developer’s IDE, automatically analyzes your software composition, and provides recommendations to address security holes and licensing problems that your team may be missing. Without further ado, let’s jump into the new capabilities offered in this release. This release includes a new version of the IDE plugin and the server-side analysis service hosted by Red Hat.

  • Breaking cloud native network performance barriers

    Up until now we have covered virtio-networking and its usage in VMs. We started with the original vhost-net/virtio-net architecture, moved on to the vhost-user/virito-pmd architecture and continued to vDPA (vHost Data Path Acceleration) where the virtio ring layout was pushed all the way into the NIC providing wiresspeed/wirelatency to VMs. We now turn our attention to using vDPA for providing wirespeed/wirelatency L2 interfaces to containers leveraging kubernetes to orchestrate the overall solution. We will demonstrate how Containerized Network Functions (CNFs) can be accelerated using a combination of vDPA interfaces and DPDK libraries. The vDPA interfaces are added as a secondary interface to containers using the Multus CNI plugin. This post is a high level solution overview describing the main building blocks and how they fit together. We assume that the reader has an overall understanding of Kubernetes, the Container Network Interface (CNI) and NFV terminology such as VNFs and CNFs.

  • Top 5 stress reliefs for sysadmins

Purism shows off more pictures of Librem 5 Phone and PureOS UI

As the first batch of the Librem 5 phones starts reaching its respectful owners, we can now have a better look at the product from its pictures taken by the customers. Before we check them out, let’s get to know a bit more about these phones. The Librem 5 smartphones are powered by PureOS, which is a Linux-based mobile operating system. The brains behind this product, namely Purism, have made it their top priority to offer such phones that provide security, privacy, and freedom to the customers. Accordingly, this product has been made for people who want to have complete control over their phones. You should check out this article if you want to know more about the Librem 5 smartphones. Now coming back to the news, people who have ordered this phone are in for a treat as the Librem 5 comes with a black anodized aluminum case. Not only it’s stylish, but it also maintains high radio reception quality – thanks to its non-metal backing. It accompanies easier-to-slide, flush hardware kill switches. Read more Also: Nathan Wolf: New Life to Rock Candy Gamepad for PS3 | Another Repair