Language Selection

English French German Italian Portuguese Spanish

Android Leftovers

More in Tux Machines

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel.

today's howtos

  • Inspect the capabilities of ELF binaries with this open source tool

    Capa is an open source project from Mandiant (a cybersecurity company). In the project's own words, capa detects capabilities in executable files. Although the primary target of Capa is unknown and possibly malicious executables, the examples in this article run Capa on day-to-day Linux utilities to see how the tool works. Given that most malware is Windows-based, earlier Capa versions only supported the PE file format, a dominant Windows executable format. However, starting with v3.0.0, support for ELF files has been added (thanks to Intezer).

  • What you need to know about Kubernetes NetworkPolicy | Opensource.com

    With a growing number of cloud-native applications going to production through Kubernetes adoption, security is an important checkpoint that you must consider early in the process. When designing a cloud-native application, it is very important to embed a security strategy up front. Failure to do so leads to lingering security issues that can cause project delays and ultimately cost you unnecessary stress and money. For years, people left security at the end—until their deployment was about to go into production. That practice causes delays on deliverables because each organization has security standards to adhere to, which are either bypassed or not followed with a lot of accepted risks to make the deliverables. Understanding Kubernetes NetworkPolicy can be daunting for people just starting to learn the ins and outs of Kubernetes implementation. But this is one of the fundamental requirements that you must learn before deploying an application to your Kubernetes cluster. When learning Kubernetes and cloud-native application patterns, make your slogan "Don't leave security behind!"

  • 3 tips for printing with Linux

    I have a confession to make. This may be an unpopular opinion. I actually enjoy reading documents on a piece of paper as opposed to digitally. When I want to try a new recipe, I print it out to follow it so I don't have to continually swipe my mobile device to keep up with the steps. I store all my favorite recipes in sheet protectors in a binder. I also like to print out coloring pages or activity sheets for my kids. There are a ton of options online or we create our own! Though I have a fond appreciation for printed documents, I have also had my fair share of printing nightmares. Paper jams, low ink, printer not found, the list of frustrating errors goes on and on. Thankfully, it is possible to print frustration-free on Linux. Below are three tutorials you need to get started printing on Linux. The first article walks through how to connect your printer to your Linux computer. Then, learn how to print from anywhere in your house using your home network. The last article teaches you how to print from your Linux terminal so you can live out all your productivity dreams. If you are in the market for a new printer, check out this article about choosing a printer for Linux.

  • 3 basic Linux user management commands every sysadmin should know [Ed: But those have nothing to do with Linux… they’re part of shadow-utils.]

    I like logical commands; commands that are simple, straightforward, and just make sense. When I delivered Linux sysadmin training, I found Linux user management commands to be easy to explain.

  • Strange Apache Reload Issue « etbe - Russell Coker

    I recently had to renew the SSL certificate for my web server, nothing exciting about that but Certbot created a new directory for the key because I had removed some domains (moved to a different web server). This normally isn’t a big deal, change the Apache configuration to the new file names and run the “reload” command. My monitoring system initially said that the SSL certificate wasn’t going to expire in the near future so it looked fine. Then an hour later my monitoring system told me that the certificate was about to expire, apparently the old certificate came back! I viewed my site with my web browser and the new certificate was being used, it seemed strange. Then I did more tests with gnutls-cli which revealed that exactly half the connections got the new certificate and half got the old one. Because my web server isn’t doing anything particularly demanding the mpm_event configuration only starts 2 servers, and even that may be excessive for what it does. So it seems that the Apache reload command had reloaded the configuration on one mpm_event server but not the other!

  • Featured Unixcop Oracle Data Integrator (ODI) on CentOS 8 Oracle Data Integrator (ODI) on CentOS 8

    Data Integration ensures that information is timely, accurate, and consistent across complex systems. Although it is still frequently referred as Extract-Transform-Load (ETL), data integration was initially considered as the architecture used for loading Enterprise Data Warehouse systems. Data integration now includes data movement, data synchronization, data quality, data management, and data services. Oracle Data Integrator s built on several components all working together around a centralized metadata repository. Also these components – graphical modules, runtime agents and web based interfaces – in conjunction with other advanced features make ODI a lightweight, state of the art data integration platform. With its superior performance and flexible architecture, Oracle Data Integrator can_be used in various types of projects such as Data Warehousing, SOA, Business Intelligence or Application Integration.

  • Oracle Weblogic 14c on CentOS 8 - Unixcop

    Modern business environment demands Web and e-commerce applications that accelerate your entry into new markets like a boom ! help you find new ways to reach and retain customers, and allow you to introduce new products and services quickly. To build and deploy these new solutions, you need a proven, reliable e-commerce platform that can connect and empower all types of users while integrating your corporate data. Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. Hi Guys ! Today, we will discuss about Oracle WebLogic server. We have got through some intro & now will have a glimpse of some architectural overview of this Oracle Middle ware product, Then we will go the how to’s. Don’t get bored till then ! WebLogic Server operates in the middle tier of a multi tier (or n-tier) architecture. A multi tier architecture determines where the software components that make up a computing system are executed in relation to each other and to the hardware, network, and users. Choosing the best location for each software component lets you develop applications faster; eases deployment and administration; and provides greater control over performance, utilization, security, scalability, and reliability.

  • Store Passwords Securely with Hashicorp Vault on Ubuntu 20.04 – VITUX

    It is always not possible to remember all the secret keys, passphrases, and tokens. Sometimes managing and maintaining secrets might be challenging tasks. We may need to store such secrets somewhere which we can use when needed. Hashicorp Vault is a solution that can be used to store secrets. It protects all the secrets stored on it and keeps secured. In this article, we will learn how to install Hashicorp vault on ubuntu 20.04.

Open Hardware/Modding: New Hardware Based on RISC-V and Arduino Projects

  • M5Stamp C3 RISC-V board supports WiFI 4, Bluetooth 5.0 Long Range and 2 Mbps bitrate - CNX Software

    It was only last month that M5Stack launched the M5Stamp Pico module based on an ESP32-PICO-D4 SiP and heat-resistant plastic shell, but M5Stamp C3 board is already out with most of the same specifications and features but an ESP32-C3 RISC-V SoC replaces the ESP32 dual-core Xtensa processor. M5Stamp C3 offers WiFi 4 and Bluetooth 5.0 with high bitrate and long-range connectivity and comes with the same heat-resistant plastic shell, but the company also highlights the RSA-3072-based secure boot and the AES-128-XTS-based flash encryption as a more secure way to address Bluetooth security concerns.

  • Alibaba open sources four RISC-V cores: XuanTie E902, E906, C906 and C910 - CNX Software

    Alibaba introduces a range of RISC-V processors in the last few years with the Xuantie family ranging from the E902 micro-controller class core to the C910 core for servers in data centers. This also includes the XuanTie C906 core found in the Allwinner D1 single-core RISC-V processor. While RISC-V is an open standard and there’s a fair share of open-source RISC-V cores available, many commercial RISC-V cores are closed source, but Zhang Jianfeng, President of Alibaba Cloud Intelligence speaking at the 2021 Apsara Conference, announced that T-Head had open-sourced four RISC-V-based Xuantie series processor cores, namely Xuantie E902, E906, C906, and C910, as well as related software and tools.

  • SiFive Has A New RISC-V Core To Improve Performance By 50%, Outperform Cortex-A78 - Phoronix

    SiFive just shared word that at today's Linley Conference they teased their Performance P550 successor that will "set a new standard for the highest efficiency RISC-V processor available."

  • This tinyML device counts your squats while you focus on your form | Arduino Blog

    Getting in your daily exercise is vital to living a healthy life and having proper form when squatting can go a long way towards achieving that goal without causing joint pain from doing them incorrectly. The Squats Counter is a device worn around the thigh that utilizes machine learning and TensorFlow Lite to automatically track the user’s form and count how many squats have been performed. Creator Manas Pange started his project by flashing the tf4micro-moition-kit code to a Nano 33 BLE Sense, which features an onboard three-axis accelerometer. From there, he opened the Tiny Motion Trainer Experiment by Google that connects to the Arduino over Bluetooth and captures many successive samples of motion. After gathering enough proper and improper form samples, Manas trained, tested, and deployed the resulting model to the board.

Neos.io: the next generation open-source WordPress CMS alternative

Neos.io is a free open-source modern CMS solution for developers and designers. It is the ideal solution for enterprise and developers. Neos.io is packed with dozens of features aiming to be easy to use for content creators and editors, effortlessly customized by designers, and extensible for developers. Developers can easily build custom themes, custom content models, plugins to add new features and functions and integrate 3rd party services and solutions. Neos.io offers long-term support for its releases, which means every production release goes through extensive testing and quality check before production. Read more