Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 03 Dec 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Development News (SourceForge and Perl)

Filed under
Development
  • Introducing HTTPS for Project Websites
  • Securing SourceForge With HTTPS

    SourceForge has added a feature that gives project websites the opportunity to opt-in to using SSL HTTPS encryption. Project admins can find this option in the Admin page under “HTTPS.”

    Opting-in will also trigger a domain name change, from http://name.sourceforge.net to https://name.sourceforge.io. Visitors using the old domain will automatically redirect to the new domain.

  • Fedora 25 Easy Enough, SourceForge Goes HTTPS
  • CPAN Testers RULE!

    Late last evening I sent a development version of a Perl module to PAUSE. This module had had a bunch of work on it since the last release, including a change in the way timegm() and timelocal() were called.

    The CPAN testers worked on it overnight, and this morning I had a brand-new shiny RT ticket in my inbox. Slaven Rezic (to give credit where it is due) had noticed and correctly diagnosed the problem. I fixed it, and tonight the CPAN testers are chewing on a new and hopefully better test release.

Games for GNU/Linux

Filed under
Gaming

3 open source password managers

Filed under
OSS

Keep your data and accounts safe by using a secure open source password manager to store unique, complex passwords.

Read more

Is Open Source Good for Business?

Filed under
OSS

Open source software firms have made a push for the business world for quite some time now. The idea of running a business on software whose source code is readily available for anyone to tinker with gained considerable validity when IBM announced its full on support for Linux on its hardware, including z Series mainframes, in 1999.

The potency and capability of open source software is not in doubt. Open source software powers much of the Internet: Linux, the Apache Web server, sendmail, and OpenSSL are just a few important Internet technologies that are open source, among many.

Read more

Make Q4OS Look Like Windows With XPQ4

Filed under
OS

Many Linux distributions over the years have tried to look like Windows including Lindows, to a certain extent Linux Mint and of course Zorin OS.

Q4OS with the XPQ4 theme is definitely the one that has achieved the best results.

Zorin OS looks to be moving in a slightly different direction now and I have just installed version 12 as a dual boot to Q4OS so a review will be coming shortly.

I could have made my experience with XPQ4 better by installing the ttf-mscorefonts-installer package from Synaptic.

Read more

An Everyday Linux User Review Of Q4OS - Part 2

Filed under
OS
Reviews

So now I have all the software I need installed, all hardware setup and running and I am using Q4OS on a daily basis.

As an operating system I am finding the performance is extremely good and everything is extremely stable.

Check out this guide which shows how to make Q4OS look like Windows XP, 2000, 7, 8 and 10.

Read more

Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

Filed under
Moz/FF

If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

Read more

Raspberry Pi Foundation Disables SSH in Raspbian PIXEL's Latest Security Update

Filed under
Linux

Raspberry Pi Foundation, through Simon Long, announces that a security update is now available for the PIXEL desktop environment of the company's Debian-based Raspbian operating system for Raspberry Pi single-board computers.

Read more

Security News

Filed under
Security
  • Security advisories for Wednesday
  • What Malware Is on Your Router?

    Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

    Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

    After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

    It’s not just routers. I’m also seriously considering installing the low-tech sliding door devices that were handed out as swag at this year’s All Things Open to block the all-seeing-eye of the web cams on my laptops. And I’m becoming worried about the $10 Vonage VoIP modem that keeps my office phone up and running. Thank goodness I don’t have a need for a baby monitor and I don’t own a digital camera, other than what’s on my burner phone.

  • National Lottery 'hack' is the poster-girl of consumer security fails

    IN THE NEW age of hacking, you don't even need to be a hacker. National Lottery management company Camelot has confirmed that up to 26,500 online accounts for their systems may have been compromised in an attempted hack, that required no hacking.

    It appears the players affected have been targetted from hacks to other sites, and the resulting availability of their credentials on the dark web. With so many people using the same password across multiple sites, it takes very little brute force to attack another site, which is what appears to have happened here.

  • Mozilla and Tor release urgent update for Firefox 0-day under active attack

    "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

    The Tor browser is based on the open-source Firefox browser developed by the Mozilla Foundation. Shortly after this post went live, Mozilla security official Daniel Veditz published a blog post that said the vulnerability has also been fixed in a just-released version of Firefox for mainstream users. On early Wednesday, Veditz said, his team received a copy of the attack code that exploited a previously unknown vulnerability in Firefox.

  • Tor Browser 6.0.7 is released

    Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

    This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

    The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

    Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

  • Firefox 0-day in the wild is being used to attack Tor users

    Firefox developer Mozilla and Tor have patched the underlying vulnerability, which is found not only in the Windows version of the browser, but also the versions of Mac OS X and Linux.

    There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.

    Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.

  • Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

    If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

City of Munich now uses Kolab open source groupware

Filed under
OSS

In August this year, the city of Munich completed its two-year switch to Kolab, an open source based suite of groupware and collaboration tools such as email and calendaring. Across the city’s 50 departmentsb there are now some 60,000 Kolab mail boxes, said Kolab CEO George Greve at a conference for the IT departments of the European Commission and European Parliament, in Brussels on Tuesday.

Read more

It's All Aboard for Linux Gamers at The Final Station

Filed under
Gaming

The developers of The Final Station, recognizing the growing market for the post-apocalyptic train ride in the open source community, have made their hot-selling title available for the Linux OS.

The indie game, which Do My Best Games and TinyBuild launched for PC, Mac, Xbox One and PlayStation 4 this summer, became available for Linux last week.

Although the post-civilization genre is fairly crowded space, the zombie-killing horror ride has earned generally positive reviews from veteran games critics, who appreciated its narrative and level of detail.

Read more

Canonical Releases New Kernel Live Patch Security Update for Ubuntu 16.04 LTS

Filed under
Ubuntu

On November 30, 2016, after publishing new kernel updates for all of its supported Ubuntu Linux releases, Canonical, through Luis Henriques, announced the availability of the second kernel live patch security update to Ubuntu 16.04 LTS.

Read more

Also: Four New Kernel Vulnerabilities Patched in All Supported Ubuntu OSes, Update Now

Ubuntu-Based Trisquel GNU/Linux 8.0 "Flidas" Enters Development with MATE 1.12.1

Filed under
Ubuntu

The development team behind Trisquel GNU/Linux, a 100% libre distribution based on the Ubuntu Linux operating system, announced the availability of the first Alpha images for the upcoming Trisquel GNU/Linux 8.0 release.

Read more

R3 Makes Code for Financial Agreements Platform Open Source

Filed under
OSS
  • R3 Makes Code for Financial Agreements Platform Open Source

    The bank consortium R3 CEV has released its Corda platform as open source to encourage innovation and interoperability in the industry's development of blockchain technology.

  • R3 open sources Corda

    Financial innovation company R3 has made its Corda distributed ledger platform open source, granting the global developer community universal access to its source code to encourage collaboration, review and contribution to the platform.

  • R3 Consortium Open-Sources its Corda Blockchain Platform

    R3 has just made its Corda distributed ledger platform open source, granting the developers access to its source code to encourage collaboration, review and contribution to the platform. This news comes at a time when R3 needs it most, after it recently lost a few of its member banks including Goldman Sachs and Morgan Stanley.

Linux/FOSS Events

Filed under
Linux
OSS
GNOME
  • GNOME Core Apps Hackfest 2016

    Last weekend I attended the GNOME Core Apps hackfest that I helped organize here in Berlin.

    It was the first time I participated in a Core Apps hackfest and I must say I am really glad with how it all went. I felt like there was a perfect balance of planning, working, and just hanging out together. If you want to know more about the planned items, check out this very complete post by Carlos Soriano.

  • Core Apps Hackfest

    Last weekend I attended the Core Apps hackfest in Berlin. This was a reboot of the Content Apps hackfest we held last year around the same time of year, with a slightly broader focus. One motivation behind these events was to try and make sure that GNOME has a UX focused event in Europe at the beginning of the Autumn/Spring development cycle, since this is a really good time to come together and plan what we want to work on for the next GNOME version.

  • Highlights from ISTA and GTAC 2016

    Another two weeks have passed and I'm blogging about another 2 conferences. This year both Innovations in Software Technologies and Automation and Google Test Automation Conference happened on the same day. I was attending ISTA in Sofia during the day and watching the live stream of GTAC during the evenings. Here are some of the things that reflected on me:

  • FGSL XIII Event Report

    Before I became a Fedora Project contributor, I went to an event in the central west region of Brazil called FGSL ( “Fórum Goiano de Software Livre”), which had its 12th edition in 2015. It was a great event, and now ( 2016) that I have joined the Fedora Community as a contribuitor I thought about being there again, this time representing the Fedora Project.

Linux and Graphics

Filed under
Graphics/Benchmarks
Linux
  • MSM-Next Prepares Adreno A5xx Support For Linux 4.10

    On Tuesday was the MSM-Next submission by Red Hat developer Rob Clark of these Freedreno MSM changes to be sent to mainline for the Linux 4.10 kernel.

    Notable with this MSM-Next pull request is the addition of Qualcomm Adreno A5xx support. Adreno A500 series support coming to this open-source driver stack was covered earlier this week in Qualcomm Adreno A5xx Open-Source Driver Bringup For Freedreno.

  • Amazon Working On EC2 Linux OpenGL Support, Considering Vulkan

    Amazon Web Services today revealed more information about their EC2 Elastic GPUs support they are working to implement in the cloud.

    Amazon's Elastic GPUs will be offered in four different tiers and range in GPU memory capacity from 1GB to 8GB. They also revealed their work on an Amazon-optimized OpenGL library for Elastic GPUs. They shared that initially there is just Windows support for OpenGL but they are working to support Amazon Linux AMI with their OpenGL implementation. They are also looking at Vulkan support (and DirectX too, sadly).

  • Vivante Gallium3D Driver Proposed For Mainline Mesa + Render-Only Gallium Library

    Fresh from the libdrm 2.4.74 release that had some Etnaviv API changes, the Etnaviv Gallium3D driver has been proposed for mainline Mesa as the open-source, reverse-engineered 3D effort for Vivante graphics cores.

  • Initial XWayland Window Positioning Support For Weston

Devuan and Ubuntu

Filed under
Debian
Ubuntu
  • New Devuan Beta, Sharket Mare, 2016 Predictions

    Not even 24 hours after my saying there hasn't been a new Devuan release since April, the project released Beta 2 for 32 and 64-bit machines. Elsewhere, Jeremy Garcia celebrates 16 years of LinuxQuestions.org and writer-blogger Bruce Byfield today said that Linux and its application are commercial grade despite what some may think. The Ubuntu 17.04 release schedule was posted and Canonical has approved Snaps sans dependencies.

  • Systemd-Free Debian Fork Devuan Releases Its Second Beta
  • Docker and Canonical partner on CS Docker Engine for millions of Ubuntu users
  • Docker, Canonical Team Up on CS Docker Engine for Ubuntu

    When it comes to containers, Canonical has been early to make many of the right moves. The company was one one of the first to weave in platform support for Docker, which is partly significant because the majority of OpenStack deployments are built on Ubuntu.

    Now, Docker and Canonical have announced an integrated Commercially Supported (CS) Docker Engine offering on Ubuntu, meant to provide Canonical customers with a single path for support of the Ubuntu operating system and CS Docker Engine in enterprise Docker operations.

  • Ubuntu devs can now build Snaps without dependencies

    To encourage app distribution advancements, Canonical is now letting Ubuntu app developers build their Snaps without bundling their dependencies. The new support comes through the ubuntu-app-platform snap that has just been reached the Ubuntu Software store.

OSS Leftovers

Filed under
OSS
  • Who cares about market share?

    And if that seems selfish, I only have so much time for evangelism. Besides, if the advantage of free software for developers is that they are free to pursue their own interests, I see no reason that ordinary users can't claim the same privilege. I may be irked by the inaccurate statements about free software, or wish Linux more popular, but neither really matters compared to my everyday experience on the desktop. The diversity that I enjoy exists precisely because free software development is bound by considerations other than the commercial.

  • Release notes for the Genode OS Framework 16.11

    In contrast to most parts of the framework, the fundamental low-level protocols, which define the interaction between parent and child components have remained unchanged since the very first Genode version. From this interplay, the entire architecture follows. That said, certain initial design choices were not perfect. They partially resulted from limitations of the kernels we used during Genode's early years and from our pre-occupation with a certain style of programming. Over the years, the drawbacks inherent in our original design became more and more clear and we drafted rough plans to overcome them. However, reworking the fundamental protocols of a system that already accommodates hundreds of component implementations cannot be taken light-handily. Because of this discomfort, we repeatedly deferred the topic - until now. With the rapidly growing workloads carried by Genode, we deliberately decided to address long-standing deficiencies rather than adding the features we originally planned according to the road map.

  • Genode OS Framework 16.11 Now Available

    Genode OS Framework 16.11 adds support for asynchronous parent-child interactions, improved virtual networking, an improved RPC mechanism, unification and tightening of session labels, new framework APIs, support for smart cards, time-based password generation support, VirtualBox-over-NOVA improvements, and a range of other work.

  • Free Linux Foundation Webinar on Hyperledger: Blockchain Technologies for Business
  • Kubernetes Founders Have Ambitious Plans for Heptio Startup

    Two founders of the Kubernetes project at Google, Craig McLuckie and Joe Beda, recently announced their new company, Heptio. The company has raised an $8.5M series A investment round led by Accel, with participation from Madrona Venture Group. Heptio will bring Kubernetes to enterprises in order to accelerate software development, increase infrastructure efficiency and reduce the complexity of managing software at scale.

    Beda became an entrepreneur-in-residence at Accel Partners in late 2015, and it looks like this startup will have solid funding and lots of experience to work with. The company's concept is that Kubernetes can significantly reduce infrastructure costs and simplify operations at many businesses, but it is too hard to get up and running with the platform.

  • Node.js Moves to a Stable, VM-Neutral Future

    On November 29, 2016 the Node.js Foundation announced a major effort to help further grow and stabilize node.js on different virtual machines (VMs). By enabling node.js to be VM-neutral, the hope is that it can be used by application developers on a wider variety of platforms and devices.

    The Node.js Foundation is a multi-stakeholder effort that was first launched by the Linux Foundation in June 2015 in an effort to help stabilize the fractured node.js community.

Syndicate content

More in Tux Machines

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.

Security Leftovers

  • Security updates for Friday
  • Understanding SELinux Roles
    I received a container bugzilla today for someone who was attempting to assign a container process to the object_r role. Hopefully this blog will help explain how roles work with SELinux. When we describe SELinux we often concentrate on Type Enforcement, which is the most important and most used feature of SELinux. This is what describe in the SELinux Coloring book as Dogs and Cats. We also describe MLS/MCS Separation in the coloring book.
  • The Internet Society is unhappy about security – pretty much all of it
    The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”. Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the Internet (by Ipsos on behalf of the Centre for International Governance Innovation). Report author, economist and ISOC fellow Michael Kende, reckons companies aren't doing enough to control breaches. “According to the Online Trust Alliance, 93 per cent of breaches are preventable” he said, but “steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted.”
  • UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
    Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.
  • EU budget creates bug bounty programme to improve cybersecurity
    Today the European Parliament approved the EU Budget for 2017. The budget sets aside 1.9 million euros in order to improve the EU's IT infrastructure by extending the free software audit programme (FOSSA) that MEPs Max Anderson and Julia Reda initiated two years ago, and by including a bug bounty approach in the programme that was proposed by MEP Marietje Schaake.
  • Qubes OS Begins Commercialization and Community Funding Efforts
    Since the initial launch of Qubes OS back in April 2010, work on Qubes has been funded in several different ways. Originally a pet project, it was first supported by Invisible Things Lab (ITL) out of the money we earned on various R&D and consulting contracts. Later, we decided that we should try to commercialize it. Our idea, back then, was to commercialize Windows AppVM support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought we would offer Windows AppVM support under a proprietary license. Even though we made a lot of progress on both the business and technical sides of this endeavor, it ultimately failed. Luckily, we got a helping hand from the Open Technology Fund (OTF), which has supported the project for the past two years. While not a large sum of money in itself, it did help us a lot, especially with all the work necessary to improve Qubes’ user interface, documentation, and outreach to new communities. Indeed, the (estimated) Qubes user base has grown significantly over that period. Thank you, OTF!
  • Linux Security Basics: What System Administrators Need to Know
    Every new Linux system administrator needs to learn a few core concepts before delving into the operating system and its applications. This short guide gives a summary of some of the essential security measures that every root user must know. All advice given follows the best security practices that are mandated by the community and the industry.
  • BitUnmap: Attacking Android Ashmem
    The law of leaky abstractions states that “all non-trivial abstractions, to some degree, are leaky”. In this blog post we’ll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.

GNU/FSF

  • The Three Software Freedoms
    The government can help us by making software companies distribute the source code. They can say it's "in the interest of national security". And they can sort out the patent system (there are various problems with how the patent system handles software which are out of the scope of this article). So when you chat to your MP please mention this.
  • Leapfrog Honoring the GPL
  • A discussion on GPL compliance
    Among its many activities, the Software Freedom Conservancy (SFC) is one of the few organizations that does any work on enforcing the GPL when other compliance efforts have failed. A suggestion by SFC executive director Karen Sandler to have a Q&A session about compliance and enforcement at this year's Kernel Summit led to a prolonged discussion, but not to such a session being added to the agenda. However, the co-located Linux Plumbers Conference set up a "birds of a feather" (BoF) session so that interested developers could hear more about the SFC's efforts, get their questions answered, and provide feedback. Sandler and SFC director of strategic initiatives Brett Smith hosted the discussion, which was quite well-attended—roughly 70 people were there at a 6pm BoF on November 3.
  • Join us as a member to give back for the free software you use
    At the FSF, we run our own infrastructure using only free software, which makes us stand out from nearly every other nonprofit organization. Virtually all others rely on outside providers and use a significant amount of nonfree software. With your support, we set an example proving that a nonprofit can follow best practices while running only free software.
  • The Free Software Foundation is in need of members

today's howtos