Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • The mysterious case of the Linux Page Table Isolation patches

    tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.

  • systemd Breached One Million Lines Of Code In 2017

    Systemd had a busy 2017 and its code-base is now up to over one million lines.

    Systemd in 2017 saw 3,443 commits, which is actually the lowest point since 2012. But the commits were larger with having 418,903 lines of code added and 119,975 lines removed: a net gain of nearly 300,000 lines of code.

  • NuTyX 10.0-rc1 is release

    The NuTyX team is proud to annonce the first release candidat of the next major version 10 of NuTyX.

  • Arcan 0.5.4, Durden 0.4

    From left to right, we have a little Raspberry  running the ‘prio’ WM using the broadcom binary blob drivers (so lacks some of the features needed to run durden), with arcan and terminals eating up all of 20MB of ram. The left Macbook running OSX with Arcan/Durden in fullscreen, retina resolution, of course. The Macbook on the right is running the same system on OpenBSD 6.2. The three-headed monkey behind them is a voidlinux setup with two instances, one on an intel GPU, the other on an AMD GPU. If only the android devices on the wall could be brought in on the fun as well…

  • Arcan 0.5.4 Display Server Released With Durden 0.4 Desktop

    Remember Arcan? The Linux display server built off a game engine. The project is ending 2017 with the release of the Arcan 0.5.4 display server and its associated Durden v0.4 desktop.

    With the Arcan 0.5.4 release, its X.Org-backend has been ported to OpenBSD, its VRbridge tool now has basic OpenHMD support, improvements to its Wayland protocol handling, and a lot more.

  • LinuxJournal, Which Ceased Publication Last Month Citing Poor Financial Condition, Secures Fresh Fund From Readers To Resume Operation

    LinuxJournal announced in Nov 2017 that they were going to cease publication; With some timely intervention by Private Internet Access they are going to be able to continue operation and are currently soliciting feedback for improving the magazine in the future.

More in Tux Machines

Security: Updates, GrayKey, Google and Cilium

  • Security updates for Wednesday
  • Hackers Leaked The Code Of iPhone Cracking Device “GrayKey”, Attempted Extortion
    The mysterious piece of hardware GrayKey might give a sense of happiness to cops because they can get inside most of the iPhone models currently active, including the iPhone X. The $30,000 device is known to crack a 4-digit iPhone passcode in a matter of a few hours, and a six-digit passcode in 3 days, or possibly 11 hours in ideal scenarios. That’s why security experts suggest that iOS users should keep an alphanumeric passcode instead of an all-number passcode.
  • Someone Is Trying to Extort iPhone Crackers GrayShift With Leaked Code
    Law enforcement agencies across the country are buying or have expressed interest in buying GrayKey, a device that can unlock up-to-date iPhones. But Grayshift, the company that makes the device, has attracted some other attention as well. Last week, an unknown party quietly leaked portions of GrayKey code onto the internet, and demanded over $15,000 from Grayshift—ironically, the price of an entry-level GrayKey—in order to stop publishing the material. The code itself does not appear to be particularly sensitive, but Grayshift confirmed to Motherboard the brief data leak that led to the extortion attempt.
  • It's not you, it's Big G: Sneaky spammers slip strangers spoofed spam, swamp Gmail sent files
    Google has confirmed spammers can not only send out spoofed emails that appear to have been sent by Gmail users, but said messages also appear in those users' sent mail folders. The Chocolate Factory on Monday told The Register that someone has indeed created and sent spam with forged email headers. These not only override the send address, so that it appears a legit Gmail user sent the message, but it also mysteriously shows up in that person's sent box as if they had typed it and emitted themselves. In turn, the messages would also appear in their inboxes as sent mail.
  • Cilium 1.0 Advances Container Networking With Improved Security
    For last two decades, the IPtables technology has been the cornerstone of Linux networking implementations, including new container models. On April 24, the open-source Cilium 1.0 release was launched, providing a new alternative to IPtables by using BPF (Berkeley Packet Filter), which improves both networking and security. The Cilium project's GitHub code repository defines the effort as Linux Native, HTTP Aware Network Security for Containers. Cilium development has been driven to date by stealth startup Covalent, which is led by CEO Dan Wendlandt, who well-known in the networking community for his work at VMware on software-defined networking, and CTO Thomas Graf, who is a core Linux kernel networking developer.

Applications: KStars, Kurly, Pamac, QEMU

  • KStars 2.9.5 is out!
    Autofocus module users would be happy to learn that the HFR value is now responsive to changing seeing conditions. Previously, the first successful autofocus operation would set the HFR Threshold value of which subsequent measurements are compared against during the in-sequence-focusing step.
  • Kurly – An Alternative to Most Widely Used Curl Program
    Kurly is a free open source, simple but effective, cross-platform alternative to the popular curl command-line tool. It is written in Go programming language and works in the same way as curl but only aims to offer common usage options and procedures, with emphasis on the HTTP(S) operations. In this tutorial we will learn how to install and use kurly program – an alternative to most widely used curl command in Linux.
  • Pamac – Easily Install and Manage Software on Arch Linux
    Arch Linux is one of the most popular Linux distribution available despite its apparent technicality. Its default package manager pacman is powerful but as time always tells, it is a lot easier to get certain things done using a mouse because GUI apps barely require any typing nor do they require you to remember any commands; and this is where Pamac comes in. Pamac is a Gtk3 frontend for libalpm and it is the GUI tool that Arch Linux users turn to the most when they aren’t in the mood to manage their software packages via the terminal; and who can blame them? It was specifically created to be used with Pacman.
  • QEMU 2.12 Released With RISC-V, Spectre/Meltdown & Intel vGPU Action
    QEMU 2.12 is now officially available as the latest stable feature update to this important component to the open-source Linux virtualization stack.

Ubuntu Leftovers

today's howtos