Language Selection

English French German Italian Portuguese Spanish

Security: Secure Shell, MasterPeace, “Dark Web Scan” and Reproducible Builds

Filed under
Security
  • Secure Shell: What is SSH?

    So, here is my ode to Secure Shell for those that are unaware of SSH (It will not be any kind of artistic prose.) Many outside of the technology world may not realize how oft-utilized and important SSH and, indeed, shelling is in our everyday technological lives. This article will examine SSH and shelling, in general, and go over some of the technical aspects that encompass SSH and secure shell.

  • A Columbia cyber firm’s open source project is looking to improve IoT security

    Columbia-based MasterPeace Solutions is working on an open source project to address security vulnerabilities in Internet of Things devices.

    osMUD is aimed at protecting internet-connected devices used at homes and small businesses. The project was shared with the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence, which is based in Rockville, according to MasterPeace.

    Now, the cybersecurity firm will participate in a consortium that was formed around the effort that looks to bring together bring together device manufacturers, network security companies, and network administrators. Participating organizations include Cable Labs, Cisco, CTIA, Digicert, ForeScout, Global Cyber Alliance, Patton, and Symantec. Each organization will provide code and expertise to the effort. MasterPeace is providing network security engineering and defense operations expertise. The longtime government contractor has previously shown willingness to gather the community in recent years with efforts like an in-house accelerator.

  • What is a “Dark Web Scan” and Should You Use One?

    The “dark web” consists of hidden websites that you can’t access without special software. These websites won’t appear when you use Google or another search engine, and you can’t even access them unless you go out of your way to use the appropriate tools.

    For example, the Tor software can be used for anonymous browsing of the normal web, but it also hides special sites known as “.onion sites” or “Tor hidden services.” These websites use Tor to cloak their location, and you only access them through the Tor network.

  • Reproducible Builds Joins Conservancy

    We are very excited to announce the Reproducible Builds project as our newest member project. Reproducible builds is a set of software development practices that create an independently-verifiable path from the source code to the binary code used by computers. This ensures that the builds you are installing are exactly the ones you were expecting, which is critical for freedom, security and compatibility and exposes injections of backdoors introduced by compromising build servers or coercing developers to do so via political or violent means.

    The Reproducible Builds project, which began as a project within the Debian community, joins our other adjacent work around this distribution, such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy's own compliance work: a build that cannot be verified may contain code that triggers different license compliance responsibilities than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software to guarantee that they are doing so responsibly and with care for those who receive the software.

More in Tux Machines

Devices: Indigo Igloo, Raspberry Pi Projects and Ibase

  • AR-controlled robot could help people with motor disabilities with daily tasks
    Researchers employed the PR2 robot running Ubuntu 14.04 and an open-source Robot Operating System called Indigo Igloo for the study. The team made adjustments to the robot including padding metal grippers and adding “fabric-based tactile sensing” in certain areas.
  • 5 IoT Projects You Can Do Yourself on a Raspberry Pi
    Are you new to the Internet of Things and wonder what IoT devices can do for you? Or do you just have a spare Raspberry Pi hanging around and are wondering what you can do with it? Either way, there are plenty of ways to put that cheap little board to work. Some of these projects are easy while others are much more involved. Some you can tackle in a day while others will take a while. No matter what, you’re bound to at least get some ideas looking at this list.
  • Retail-oriented 21.5-inch panel PCs run on Kaby Lake and Bay Trail
    Ibase’s 21.5-inch “UPC-7210” and “UPC-6210” panel PCs run Linux or Windows on 7th Gen Kaby Lake-U and Bay Trail CPUs, respectively. Highlights include 64GB SSDs, mini-PCIe, mSATA, and IP65 protection.

NexDock 2 Turns Your Android Phone or Raspberry Pi into a Laptop

Ever wished your Android smartphone or Raspberry Pi was a laptop? Well, with the NexDock 2 project, now live on Kickstarter, it can be! Both the name and the conceit should be familiar to long-time gadget fans. The original NexDock was a 14.1-inch laptop shell with no computer inside. It successfully crowdfunded back in 2016. The OG device made its way in to the hands of thousands of backers. While competent enough, some of-the-time reviews were tepid about the dock’s build quality. After a brief stint fawning over Intel’s innovative (now scrapped) Compute Cards, the team behind the portable device is back with an updated, refined and hugely improved model. Read more

Graphics: Libinput 1.13 RC2, NVIDIA and AMD

  • libinput 1.12.902
    The second RC for libinput 1.13 is now available.
    
    This is the last RC, expect the final within the next few days unless
    someone finds a particulaly egregious bug.
    
    One user-visible change: multitap (doubletap or more) now resets the timer
    on release as well. This should improve tripletap detection as well as any
    tripletap-and-drag and similar gestures.
    
    valgrind is no longer a required dependency to build with tests. It was only
    used in a specific test run anyway (meson test --setup=valgrind) and not
    part of the regular build.
    
    As usual, the git shortlog is below.
    
    Benjamin Poirier (1):
          evdev: Rename button up and down states to mirror each other
    
    Feldwor (1):
          Set TouchPad Pressure Range for Toshiba L855
    
    Paolo Giangrandi (1):
          touchpad: multitap state transitions use the same timing used for taps
    
    Peter Hutterer (3):
          tools: flake8 fixes, typo fixes and missing exception handling
          meson.build: make valgrind optional
          libinput 1.12.902
  • Libinput 1.13 RC2 Better Detects Triple Taps
    Peter Hutterer of Red Hat announced the release of libinput 1.13 Release Candidate 2 on Thursday as the newest test release for this input handling library used by both X.Org and Wayland Linux systems. Libinput 1.13 will be released in the days ahead as the latest six month update to this input library. But with the time that has passed, it's not all that exciting of a release as the Logitech high resolution scrolling support as well as Dell Totem input device support for the company's Canvas display was delayed to the next release cycle. But libinput 1.13 is bringing touch arbitration improvements for tablets, various new quirks, and other fixes and usability enhancements.
  • Open-Source NVIDIA PhysX 4.1 Released
    Software releases are aplenty for GDC week and NVIDIA's latest release is their newest post-4.0 PhysX SDK. NVIDIA released the open-source PhysX 4.0 SDK just before Christmas as part of the company re-approaching open-source for this widely used physics library. Now the latest available is PhysX 4.1 and the open-source code drop is out in tandem.
  • AMD have launched an update to their open source Radeon GPU Analyzer, better Vulkan support
    AMD are showing off a little here, with an update to the Radeon GPU Analyzer open source project and it sounds great.

New Release of GNU Parallel and New FSF-Endorsed Products From ThinkPenguin

  • GNU Parallel 20190322 ('FridayforFuture') released
    GNU Parallel 20190322 ('FridayforFuture') has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ The change in signalling makes this release experimental for users that send SIGTERM to GNU Parallel.
  • Seven new devices from ThinkPenguin, Inc. now FSF-certified to Respect Your Freedom
    Thursday, March 21st, 2019 -- The Free Software Foundation (FSF) today awarded Respects Your Freedom (RYF) certification to seven devices from ThinkPenguin, Inc.: The Penguin Wireless G USB Adapter (TPE-G54USB2), the Penguin USB Desktop Microphone for GNU / Linux (TPE-USBMIC), the Penguin Wireless N Dual-Band PCIe Card (TPE-N300PCIED2), the PCIe Gigabit Ethernet Card Dual Port (TPE-1000MPCIE), the PCI Gigabit Ethernet Card (TPE-1000MPCI), the Penguin 10/100 USB Ethernet Network Adapter v1 (TPE-100NET1), and the Penguin 10/100 USB Ethernet Network Adapter v2 (TPE-100NET2). The RYF certification mark means that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy. [...] "I've always believed that the biggest difficulty for users in the free software world has been in obtaining compatible hardware, and so I'm glad to be participating in the expansion of the RYF program" said Christopher Waid, founder and CEO of ThinkPenguin. ThinkPenguin, Inc. was one of the first companies to receive RYF certification, gaining their first and second certifications in 2013, and adding several more over the years since. "ThinkPenguin has excelled for years in providing users with the tools they need to control their own computing. We are excited by these new additions today, and look forward to what they have in store for the future," said the FSF's licensing and compliance manager, Donald Robertson, III.
  • FSF Certifies A USB Microphone For Respecting Your Freedom Plus Some Network Adapters
    The Free Software Foundation has announced the latest batch of hardware it has certified for "Respecting Your Freedom" as part of its RYF program. Seven more devices from Linux-focused e-tailer Think Penguin have been certified for respecting your freedoms and privacy in that no binary blobs are required for use nor any other restrictions on the hardware's use or comprising the user's privacy.