Language Selection

English French German Italian Portuguese Spanish

srlinuxx's blog

Simple and Easy Linux File System diagram

fscking Drupal Man!

I pull in the rss feed from drupal.org, mainly to be sure to get security updates asap. Well this morning they had this as their opening paragraph:

With 4.7 nearing completition, it has been decided that for the next version we should look for another language as PHP is now blocks our growing. As you will read in the newsletter, we have found many very obscure language obstacles. We worked around them, but this can not go on. Also, in the IRC development channel, it was said for a long time that Drupal will be rewritten in Haskell, so that was a primary option.

tuxmachines' new rig

As many of you know, my old AMD 2800+ system popped a vessel approximately two weeks ago and a friend suggested I post a request for donations to help fund the purchase of new equipment. The response was great and we raised over 200 USD in 3 days. I purchased an Asus A8V motherboard, AMD 64 3700+ and 1 gig of Kingston HyperX DDR400 memory for a final pricetag with shipping of $439.

SUSE 10.1 Beta NINE?

OMG, I see a beta 9 directory showing up on mirrors around the world. Does this mean yet another beta instead of a release candidate? What does this mean for the release schedule?

Tuxmachines Hardware Drive

We have recently suffered the loss of our linux review test system. If you'd like to donate towards the purchase of new equipment, please click the Paypal Donation button located in the right hand column of our site. Any help is greatly appreciated.

Quake3 on BIIIG Screen

It's amazing how much more fun games are when you can play them on really large, high-resolution screens. Our lab also has a 24 monitor display wall, and as you can see from the pictures below, I got Quake 3 running on it. Full Story.

Tuxmachines: 4th quarter Report

Filed under
Site News

February 4th was Tuxmachines official one year anniversary. Although I put a site up and added content 6 months prior, it was static and unknown. A year ago I began putting a little content in this little cms called Drupal and we've been growing every since. Tuxmachines continued to showed some growth early part of the quarter, but perhaps has now leveled off some.

Gltron on the BIG screen

Filed under
Just talk

Oh man, I was getting the yen to play gltron and went to the site to check out the latest and greatest on it when I saw this post:

Gltron on the 'big screen'. "Pablo Veramendi got GLtron running across 12 monitors. Amazing."

daaaaaang! 12 monitors! I wish he had posted his howto! Big Grin

Swim, Frosty, Swim...

Filed under
Humor

A friend sent me this and I thought it was too cute and befitting the season... Big Grin


Swim, Frosty, swim faster...

Please Welcome our Newest Sponsor

Filed under
Site News

Please help Tuxmachines welcome our newest sponsor, Inventio Consulting, IT Training Specialists. Inventio Consulting is a reseller/broker for many of the leading training companies throughout the UK. Their goal is to find the most suitable course to suit your individual needs from the course offerings of all of our partners and to offer savings for these pairings in some cases.

Sorry 'Bout 'dat

Filed under
News

Sorry about the downtime this morning. It seems a transformer blew in the neighborhood at or about 9:20 CST.

Tuxmachines' 3rd quarter report

Filed under
Site News

Well, another 3 months has gone by bringing my official time online to 9 months. Boy how time flies. The big news this quarter was the hardware upgrade. I wonder if anyone noticed the site performing a bit better. We're still limited by my bellsouth business dsl pipe, but the server is functioning much snappier now.

Gentoo User's Response to Slacker who tried Gentoo

This is a gentoo user's answer to Mr. Slacker Tries His Hand at Gentoo. If you missed the story on OSNews on the Slacker Tries His Hand at Gentoo, you really must read it. It's a hilarios account of an experienced linux user's first try at gettting a Gentoo system all set up for work or play. At first I was gonna make a cute witty comment to the story and be on my way, but instead it turned into an article. I guess as I read his story I found I had something to say at about every experience he shared.

My Top 5 Distro Picks

Seems a hot topic for internet journalists in the technology field is "which distro should you try." As you might know, I download and check out a few from time to time. I started testing Linux back when there were only a few players in the field. I'm quite fortunate for my site's sake this is no longer the case. In fact, there are so many these days, what's a newbie to do?

Ultima Linux: Ultimate Disappointment

Filed under
Reviews

I'm not sure this can be classified as much a review as a rant. This is why I'll file this as a blog instead of a news/review. I love slackware, I've stated that numerous times. In fact one of my first reviews here at Tuxmachines was on slackware. So why is it that more times than not when someone goes to try and "improve" upon slackware, it just makes a mess.

tuxmachines 2nd quarter report

Filed under
Site News

This second quarter has been very exciting for me. The hits have continued to grow each month and we've had some great community contributions in the forms of articles and comments. Meanies still plague the site, but I've had a wonderful time reviewing distros and posting news links.

Origami Tux

Nerd Test

How nerdy are you? Big Grin

I am nerdier than 93% of all people. Are you nerdier? Click here to find out!

Dark Water & Charlie & Choc Factory

Filed under
Reviews

I saw Dark Water last weekend and Charlie and the Chocolate Factory this weekend and this is what I think about these latest productions in theaters now.

A New High in Low

Filed under
News

The windows from which President John F Kennedy is said to have been assassinated are to go up for auction in the United States, it emerged today. Tho the Secret Service reports that everything including the kitchen sink was confiscated from that room at the time of the assassination. There's just no end to what some folks'll do to make a buck.

Syndicate content

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers