Language Selection

English French German Italian Portuguese Spanish

December 2019

Security Leftovers

Filed under
Security
  • 36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

    With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

    Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

    On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

  • Election security, ransomware dominate cyber concerns for 2020 [iophk: Windows TCO]

    Senate Democrats have repeatedly tried to force Senate Majority Leader Mitch McConnell (R-Ky.) to schedule votes on a raft of various election security bills. The House has passed three major pieces of election security legislation this year that have stalled amid Republican objections in the Senate.

  • There’s Money To Be Made In Taming Open Source Software Code

    “We’re trying to create order out of chaos,” said CEO Wayne Jackson of his company, Sonatype.

    [...]

    “We are building the world’s critical infrastructure on software somebody else wrote, a stranger with unknown skills, motivations and desires, but the desire to innovate is so high, we’re willing to accept the risk of using some random person’s software invention,” Jackson said.

    Sometimes developers understand the practical use of the open source code they’re creating, and sometimes they don’t, according to Jackson. 

  • Medley India Infosolution helps Indian Railways build crew management software system

    The system design is end-to-end UNIX and Linux thereby immunising the systems against malicious threats. The solution has with immense power to control the client locations from central location by way of maintenance tasks, time synchronisation, patch updates and variety of user access requirements thus speeding up the service request handling from a remote location. Service requests can be lodged into the CMS system and are automated through SMS call lodging and reminder mechanisms. At the client side the users are authenticated via a biometric device (thumb impression reader) for logging onto the applications via a kiosk which ensures an audit trail and logging of activities for transparency and accountability.

LibreOffice Writer: Inserting Pictures

Filed under
LibO
HowTos

This tutorial explains the ways to insert pictures into document in LibreOffice Writer. This is a preparation for you to work with multiple photos, graphics, logos, etc. You will learn how to do it manually and automatically, with menubar, copy-paste, and drag-and-drop, including to resize & arrange them within text, and finally to crop them. I also include download links to beautiful pictures like above and I hope with this article you can compose good documents. Happy learning!

Read more

How to install GIMP on Linux Mint 19.3 Tricia

Filed under
GNU
Linux
HowTos

Linux Mint is a great operating system, but with the most recent version (19.3 "Tricia"), there was some shocking news -- GIMP (GNU Image Manipulation Program) was being removed! Crazy, right? I mean, of all of the great software available for Linux, GIMP is one of the best. It is an essential image editing tool that rivals Adobe Photoshop.

So, why did Linux Mint remove it as a pre-installed program? The developers thought the software was too advanced for newer Linux users. While I think that is a bit of nonsense, I can understand why the Mint developers would want to cater to beginners. Thankfully, it is totally easy to install GIMP on a new Linux Mint 19.3 installation.

Read more

Kernel: Microsoft-Controlled File Systems and AMD's Lack of Linux Support

Filed under
Linux
  • Linux's exFAT Driver Looking To Still Be Replaced By A Newer Driver From Samsung

    Introduced with Linux 5.4 was a long-awaited Microsoft exFAT file-system driver albeit within the kernel's staging area and based upon some dated Samsung file-system driver code. That exFAT staging driver was improved upon more with Linux 5.5 but ultimately there is a concurrent effort for replacing it with a driver derived from newer Samsung open-source code and to be merged outside of staging.

  • Controlling AMD Wraith Prism RGB Heatsinks On Linux Is Easy Now With CM-RGB

    With the Wraith Prism heatsink fan included with many modern AMD Ryzen processors there is configurable RGB lighting, which unfortunately AMD hadn't publicly documented or offered a Linux utility for manipulating the RGBs under Linux. Fortunately, there is now a straight-forward solution for dealing with those Wraith Prism RGB LEDs thanks to the open-source and independent CM-RGB project.

    Just like AMD doesn't offer any CPU overclocking client from the Linux desktop, they don't offer any RGB control software for Linux. But CM-RGB is a Python-written independent utility that is command-line based and allows easily controlling the heatsink's lighting under Linux. The program allows setting the lighting mode, color based upon hex code, brightness, and other factors.

Linux on Hardware: Dragino, Marvell, Kospet Prime SE

Filed under
Linux
Hardware

How Nitrux is Changing the Traditional Linux Scenario [Interview]

Filed under
Interviews

Nitrux Linux founder Uri Herrera shares how Nitrux is adding new dimension to Linux scene with innovative tools like ZNX, MAUI and more.
Read more

FSF, Free Software and GNU (PSPP)

Filed under
GNU
  • Building ethical software based on the four freedoms

    Just because a license is not the right place to enforce ethical software usage doesn't mean we don't recognize the problem, or respect the people raising it. We should encourage and participate in conversations about the ethical usage of software. With the ground rules of free software as the baseline, anyone can build systems to specifically promote ethical use.

  • Google’s Monopoly is Stifling Free Software

    If you’d like a regular certificate, you can do so by attaching your public legal name to your software and sending in a copy of your driver’s license. And that is to say nothing of the risks you take these days online by publishing your legal name.

    And even if you do all of this and start signing your executables, I still can’t find any assurance whether Google will begin to treat these executables as safe or not.

  • PSPP now supports .spv files

    I just pushed support for SPV files to the master branch of PSPP.

    [...]

    I would appreciate experience reports, positive or negative. The main known limitation is that graphs are not yet supported (this is actually a huge amount of work due to the way that SPSS implements graphs).

More in Tux Machines

Android Leftovers

Ferdi: A Free & Open-Source Alternative to Franz & Rambox

A single application to help you manage multiple services comes in handy when you do not want to do everything on your browser. While technically, you can, it may not be the most organized way of doing things. Hence, options like Rambox and Franz are pretty popular cross-platform solutions to sign in to several services and access all of them at a glance. Even though they both are available for Linux (and we’ve covered them separately), they offer limited features for free. In contrast, Ferdi is a fork of Franz offering many premium functionalities for free while aiming to provide a better experience. Read more

How to Install Python 3.10 in Ubuntu and Other Related Linux

Planning to get the Python 3.10 installed for your work? Here's how to install Python 3.10 in Ubuntu and related distributions. Read more

today's leftovers

  • Newest Linux Optimizations Can Achieve 10M IOPS Per-Core With IO_uring - Phoronix

    Just one week ago Linux block subsystem maintainer Jens Axboe was optimizing the kernel to get 8 million IOPS on a single CPU core. He progressed the week hitting around ~8.9M IOPS per-core and began to think he was hitting the hardware limits and running out of possible optimizations. However, this week he is kicking things off by managing to hit 10 million IOPS!

  • Ubuntu Kylin 21.10 Quick overview #Shorts - Invidious

    A Quick overview of Ubuntu Kylin 21.10.

  • Reset Password On Any Linux Distro (No Root Needed) - Invidious

    Losing your access to your user account on Linux can be really frustrating but luckily resetting that lost password is actually incredibly easy but the process slightly changes depending on the bootloader you're using at least for the easy approach

  • Ubuntu Weekly Newsletter Issue 706

    Welcome to the Ubuntu Weekly Newsletter, Issue 706 for the week of October 17 – 23, 2021.

  • Rakudo Weekly News: 2021.43 Thank You

    Oleksandr Kyriukhin has released the 2021.10 version of the Rakudo Compiler, which includes all of the work of the new MoarVM dispatch mechanism. This is the culmination of more than 1.5 year work by many people, but mostly by Jonathan Worthington. A historic step forward that lays the groundwork on more efficient executing of Raku programs, and actually delivers on a number of improvements.

  • Team Profile by KDE's Cornelius Schumacher

    What makes a great team? One important factor is that you have a balanced set of skills and personalities in the team. A team which only consists of leaders won't get much work done. A team which only consists of workers will not work into the right direction. So how can you identify the right balance and combination of people? One answer is the Team Member Profile Test. It's a set of questions which team members answer. They are evaluated to give a result indicating which type of team member the person is and where it lies in the spectrum of possible types.

  • Some users on Reddit report that Windows 11 loses Internet connectivity when trying to connect to NordVPN.
  • Pat Gelsinger's Open-Source Bias, Intel's Pledge To Openness [Ed: Intel is openwashing again, but leaks from Intel show that Intel is a foe, not a a friend. It's also rather ironic that Intel puts an "open" letter in a proprietary site of Microsoft, which is viciously attacking Free software. Intel is a Microsoft booster.]

    Ahead of Intel's inaugural Intel Innovation event taking place virtually later this week, Intel CEO Pat Gelsinger published an open letter to an open ecosystem. In this open ecosystem letter, Gelsinger talks up opennness and choice, adding, "This is why I fundamentally believe in an open source bias, which powers the software-defined infrastructure that transformed the modern data center and ushered in the data-centric era."