Quick Roundup
- Latest Headlines
- Highlights
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- Latest Members
- Categories
Type![]() |
Title | Author | Replies | Last Post |
---|---|---|---|---|
goblinxfc | srlinuxx | 26/04/2007 - 6:30pm | ||
nixsys.com | srlinuxx | 24/09/2007 - 11:24pm | ||
wolvixondisk | srlinuxx | 02/10/2007 - 10:49pm | ||
arnybw | srlinuxx | 18/10/2007 - 3:39pm | ||
webpathinlovelinux | srlinuxx | 07/02/2008 - 3:44pm | ||
bluewhite | srlinuxx | 25/03/2008 - 10:44pm | ||
pclos | srlinuxx | 15/06/2008 - 11:18pm | ||
nixsys2 | srlinuxx | 18/08/2008 - 7:12am | ||
nixsys3 | srlinuxx | 18/08/2008 - 7:22am | ||
gg 480x60 | srlinuxx | 03/09/2008 - 11:55am |
What is project /e/? Should you install it on your Android smartphone?
Submitted by Roy Schestowitz on Monday 18th of February 2019 08:34:47 AM Filed under

Have you ever thought about how secure your Android device, let’s be clear, not very much. Now you might be wondering why? It is because due to Android being open source many apps can track you. However, if you are even a bit into flashing new ROMs onto your smartphone or even rooting your mobile /e/ might be the thing you want to read about right now.
The /e/ ROM helps enhance device security and makes your Android powered smartphone much more secure. /e/ is a project of the E-Foundation, which is focused on enhancing a user’s device security by restricting anything that logs user data. As per the company, /e/ is a non-profit project, made in public interest. The E Foundation is building an open-source mobile operating system, which respects a user’s data privacy.
Project /e/ provides a great and unique mobile operating system alternative, stripped down of all the services that might collect and use user data. Things like Google services that collect user information anonymously are stripped down and replaced with things like microG services which enable users to enjoy the benefits of Android without Google collecting their data.
- Login or register to post comments
Printer-friendly version
- Read more
- 633 reads
PDF version
HowTos and Programming Leftovers
Submitted by Roy Schestowitz on Monday 18th of February 2019 07:48:26 AM Filed under

-
How to Use Two Versions of GIMP in Ubuntu
-
How To Make a Countdown Timer in Bash
-
Command Line Utilities… in the Cloud?
-
A Lightweight AVR IDE
All the basic features are there – there’s syntax highlighting, as well as integration with the AVRA assembler and AVRDUDE for programming chips. It’s a tool that could make taking the leap into assembly code just that little bit easier. For another taste of bare metal coding, check out [Ben Jojo]’s discussion of x86 bootloaders.
-
patience diffing algorithm
I needed a (text) diff algorithm, and if you search for one you mostly come up with the Myers algorithm. But then I stumbled across something called patience diffing, and it turns out to be just what I wanted. It’s already described elsewhere, but it seems more people could stand to know about it, so here we are. It’s easy to understand, and more importantly, usually makes pretty diffs (often prettier than Myers).
- Login or register to post comments
Printer-friendly version
- Read more
- 623 reads
PDF version
Android Leftovers
Submitted by Rianne Schestowitz on Monday 18th of February 2019 07:46:29 AM Filed under
-
Google Play Will Automatically Update Pre-Loaded Android Apps
-
Google will finally make Chrome’s Incognito Mode truly incognito
-
This week in Android: MWC 2019 is coming
-
Best Cryptocurrency Trading Apps for iOS and Android in 2019?
-
5 web browser alternatives to Chrome and Firefox on Android
-
The Samsung Galaxy Note 8 is now receiving the stable One UI Android Pie update
-
Showbox APK: How to Download It for Android?
-
Poll results: Android widgets are as popular as ever
- Login or register to post comments
Printer-friendly version
- Read more
- 610 reads
PDF version
Slovak advocates want parliament to push for open source
Submitted by Roy Schestowitz on Monday 18th of February 2019 07:25:27 AM Filed under
Slovak proponents of the use of free and open source software are rallying for their country’s parliament to approve plans to share the source code of software solutions developed by and for public services. They are concerned that proprietary software vendors will lobby for changes to the eGovernment act, a strategic IT Government proposal that is to be discussed in parliament in March or April.
- Login or register to post comments
Printer-friendly version
- Read more
- 588 reads
PDF version
Intel Graphics: Discrete Graphics Cards and SVT-AV1
Submitted by Roy Schestowitz on Monday 18th of February 2019 05:34:36 AM Filed under

-
Intel Preps For Discrete Graphics Cards With Linux Patches
Intel has confirmed that recent patches to its Linux graphics driver were related to its continued work on preparing the ecosystem for its new line of discrete graphics cards.
Phoronix reported that Intel released 42 such patches with more than 4,000 lines of code between them on February 14. The main purpose of the patches was to introduce the concept of memory regions in "preparation for upcoming devices with device local memory." (Such as, you know, discrete graphics cards.)
[...]
Still, any information about Intel's graphics plans is welcome. Right now the graphics market is dominated by AMD and Nvidia, and as we noted in December, Intel is probably the only company that even has a possibility of successfully introducing a new discrete graphics architecture. Why not enjoy the occasional glimpse behind the curtain as that architecture's being built?
-
SVT-VP9 Is Intel's Latest Open-Source Video Encoder Yielding High Performance VP9
At the start of the month Intel open-sourced SVT-AV1 aiming for high-performance AV1 video encoding on CPUs. That complemented their existing SVT-HEVC encoder for H.265 content and already SVT-AV1 has been seeing nice performance improvements. Intel now has released SVT-VP9 as a speedy open-source VP9 video encoder.
Uploaded on Friday was the initial public open-source commit of SVT-VP9, the Intel Scalable Video Technology VP9 encoder. With this encoder they are focusing on being able to provide real-time encoding of up to two 4Kp60 streams on an Intel Xeon Gold 6140 processor. SVT-VP9 is under a BSD-style license and currently runs on Windows and Linux.
- Login or register to post comments
Printer-friendly version
- Read more
- 639 reads
PDF version
How I got my job in Linux: from Newbie to Pro
Submitted by Roy Schestowitz on Monday 18th of February 2019 05:23:53 AM Filed under

I was peeved, because I’d spent my own money on building a computer and buying Microsoft Windows to put on it. Money that I really needed to pay the rent and put food in my belly. I also felt sorry for all the people that I’d end up re-installing Windows on their PC to fix their problem. I knew that most of them would probably be back in the store six or so months later with the same complaint.
Almost by accident, I found Linux. I was in the magazine section of the PC shop I worked in one day in late 1999. I saw a magazine called ‘Linux Answers’. On the cover was a copy of Red Hat Linux 6.0. Before long, I had done the unthinkable: I had deleted Windows in a rage of fury because it had completely crashed and wouldn’t start up. All of my MP3s, photos and documents, all but gone save for a few backups on CDs I had lying around. Back in those days I had no idea that I would have been able to salvage those files with Linux; I just blithely reformatted my hard disk and went cold-turkey, believing everything that the magazine said, I forced myself into the abyss of the unknown! These were exciting times!
I remember the blue text-mode installer, the glare of the many lines of text flying by when the machine started up for the first time. It looked really un-user friendly. Eventually, the screen flipped into what I’d later know to be called ‘runlevel 5’ and I could see a graphical login screen. Little did I know it, but that flashing cursor was the beginning to a whole new world of computing for me.
- Login or register to post comments
Printer-friendly version
- Read more
- 660 reads
PDF version
Linux 5.0-rc7
Submitted by Roy Schestowitz on Monday 18th of February 2019 05:19:28 AM Filed under
A nice and calm week, with statistics looking normal. Just under half
drivers (gpu, networking, input, md, block, sound, ...), with the rest
being architecture fixes (arm64, arm, x86, kvm), networking and misc
(filesystem etc).
Nothing particularly odd stands out, and everything is pretty small.
Just the way I like it. Shortlog appended,
Linus
- Login or register to post comments
Printer-friendly version
- Read more
- 588 reads
PDF version
Linux Foundation and Servers: LF Edge, Open Mainframe Project, CNCF and Kubernetes
Submitted by Roy Schestowitz on Monday 18th of February 2019 04:55:57 AM Filed under
-
ETSI MEC Creates Its First Working Group
The group will be led by Walter Featherstone, a principal research engineer at Viavi.
ETSI formed the MEC industry specification group (ISG) with 24 companies in December 2014. The group now boasts around 85 members. It set out to create a standardized, open environment for the integration of applications across multi-vendor MEC platforms.
MEC will enable operators and vendors to provide cloud computing as well as an IT service environment at the edge of the network, which is characterized by low latency and high bandwidth. The technology is a rapidly developing application for 5G and IoT use cases.
[...]
The Linux Foundation, earlier this year, launched an edge computing initiative called LF Edge. The initiative will serve as an umbrella organization for five edge projects. The group has set out to build an open, interoperable framework for edge computing that is independent of hardware, silicon, cloud, or operating systems.
-
Open Mainframe Project: Zowe Ready for Prime Time
There is a lot of interest in updating mainframe technology/interfaces across traditional enterprises. As development environments and toolsets have evolved outside the mainframe, there is a struggle to keep up—partially because backward compatibility requirements make wild changes difficult and partly because the very architecture of mainframes is different.
-
These Are Not The Containers You're Looking For
It is a well-documented fact that the rise of cloud and open-source has been connected, which also brings some interesting tensions, as I explored in my previous article. In containers, this synergy seems stronger than ever. The juggernaut behind Kubernetes and many related open source projects, the Cloud Native Computing Foundation (CNCF), is part of the Linux Foundation. The CNCF charter is clear about the intentions of the foundation: it seeks to foster and sustain an ecosystem of open source, vendor-neutral projects. Consequentially, since the CNCF's inception in 2014, it has become increasingly feasible to manage a complex cloud-native stack with a large mix of these open source projects (some interesting data in the foundation's annual report). The more you get into container-native methodologies, the more open source you will use.
-
What is Knative, and What Can It Do for You?
Kubernetes is great, as it is. But with Knative, a new, open source platform spearheaded by Google, Kubernetes can be even better.
If you haven’t yet taken a look at what Knative is or how it can save developers time and headaches, you could be missing out on some powerful features that help you get more out of Kubernetes (and containers in general) with less effort.
Keep reading for an overview of what Knative is and how it can help you double down on microservices and containers.
Databases: DigitalOcean, InfluxData and SQLite
Submitted by Roy Schestowitz on Monday 18th of February 2019 04:52:36 AM Filed under

-
DigitalOcean launches its managed database service
DigitalOcean started as an affordable but basic virtual private server offering with a pleasant user interface. Over the last few years, the company started adding features like object and block storage, load balancers and a container service. Today, it’s expanding its portfolio once again by launching a feature that was sorely missing in its lineup: a managed database service.
The first edition of these DigitalOcean Managed Databases only supports PostgreSQL, the popular open-source relational database. Later this year, it’ll add MySQL and Redis support (likely in Q2 or Q3). As for other databases, the company says that it’ll listen to customer feedback and use that to prioritize other offerings.
-
InfluxData Secures $60 Million in Series D Funding to Bring the Value of Time Series to the Enterprise Mainstream
-
InfluxData raises $60 million for time-series database software
The amount of data generated today boggles the mind — U.S. companies alone produce 2.5 quintillion bytes daily, enough to fill ten thousand Libraries of Congress in a year — and much of it is of the time-series variety (i.e., data points indexed in time order). Given the sheer volume, it’s no wonder that only 12 percent of companies say they’re analyzing the data they have, according to Forrester Research.
That’s one of the reasons Paul Dix — who’s helped to build software for startups, large companies, and organizations like Microsoft, Google, McAfee, Thomson Reuters, and Air Force Space Command — founded Y Combinator- and Bloomberg Beta-backed InfluxData (formerly Errplane) in 2012. The San Francisco startup develops an open source time series platform, InfluxDB, that is optimized to handle metrics and events in DevOps, internet of things (IoT), and real-time analytics domains. And after a banner year that saw revenue double, InfluxDB 2.0 launch in alpha, and Flux — a functional language for both querying and processing data — debut in technical preview, the startup is gearing up for growth.
-
Why you should use SQLite
Lift the hood on most any business application, and you’ll reveal some way to store and use structured data. Whether it’s a client-side app, an app with a web front-end, or an edge-device app, chances are it needs an embedded database of some kind.
SQLite is an embeddable open source database, written in C and queryable with conventional SQL, that is designed to cover those use cases and more. SQLite is designed to be fast, portable, and reliable, whether you’re storing only kilobytes of data or multi-gigabyte blobs.
- Login or register to post comments
Printer-friendly version
- Read more
- 637 reads
PDF version
Open Hardware: RISC-V and ESP32
Submitted by Roy Schestowitz on Monday 18th of February 2019 04:50:10 AM Filed under

-
RISC-V Climbs Software Mountain
Now that RISC-V has established a beachhead as a deeply embedded controller in SoCs, it’s time to start asking the next question: Can this open-source instruction-set architecture (ISA) make the next big leap into being an alternative to Arm and the x86 as a host processor?
The short answer is yes, but it could take several years and there are plenty of pitfalls along the way. Essentially, the freewheeling open-source community behind RISC-V will need to develop and adhere to a wide range of system-level standards.
So far, Nvidia and Western Digital plan to use RISC-V controllers in their SoCs, and Microsemi will use it in a new FPGA. Andes, Cortus, and startup SiFive sell IP cores, and a handful of startups plan to launch mainly machine-learning accelerators using it.
-
Western Digital’s RISC-V ‘Swerv’ Core Now Available for Free
Western Digital has announced that it’s completed work on its Swerv RISC-V CPU core and has published the register-transfer level (RTL) abstraction of the design. Publishing the RTL code allows other companies to use the design.
Open-source hardware initiatives and ISAs have existed for decades, but RISC-V has gathered a critical ecosystem and corporate interests in these projects where historically there was little incentive to buy-in. The issue isn’t primarily cost savings — particularly as node sizes decrease, the licensing costs of an ARM core simply aren’t a major part of the total. The end of conventional Moore’s Law scaling has moved interest back to ISAs, as has the rise of IoT, AI, ML, and the need for new architectures to address these challenges.
-
Western Digital Releases Their RISC-V Cores To The World
What grew out of a university research project is finally becoming real silicon. RISC-V, the ISA that’s completely Big-O Open, is making inroads in dev boards, Arduino-ish things, and some light Internet of Things things. That’s great and all, but it doesn’t mean anything until you can find RISC-V cores in actual products. The great hope for RISC-V in this regard looks to be Western Digital, manufacturers of storage. They’re going to put RISC-V in all their drives, and they’ve just released their own version of the core, the SweRV.
Last year, Western Digital made the amazing claim that they will transition their consumption of silicon over to RISC-V, putting one Billion RISC-V cores per year into the marketplace. This is huge news, akin to Apple saying they’re not going to bother with ARM anymore. Sure, these cores won’t necessarily be user-facing but at least we’re getting something.
As far as technical specs for the Western Digital SweRV core go, it’s a 32-bit in-order core, with a target implementation process of 28nm, running at 1.8GHz. Performance per MHz is good, and if you want a chip or device to compare the SweRV core to (this is an inexact comparison, because we’re just talking about a core here and not an entire CPU or device), we’re looking at something between a decade-old iPhone or a very early version of the Raspberry Pi and a modern-ish tablet. Again, an inexact comparison, but no direct comparison can be made at this point.
-
A Network Card For The Trash-80
The idea for the trsnic comes from [Arno Puder]’s RetroStoreCard, a device that plugs into the TRS-80 Model III and connects it to a ‘personal cloud’ of sorts that hosts and runs applications without the need for cassettes or floppys. It does this with an ESP32 wired up to the I/O bus in the Model III, and it’s all completely Open Source.
[Peter] took this idea and ran with it. Thanks to the power found in the ESP32, real encrypted Internet communication can happen, and that means HTTPS and TLS.
- Login or register to post comments
Printer-friendly version
- Read more
- 667 reads
PDF version
Free/Open Source Software on IoT and the Net/WWW
Submitted by Roy Schestowitz on Monday 18th of February 2019 04:48:01 AM Filed under
-
Security Vulnerabilities Pose a Challenge to IoT/IIoT Mass Adoption
Statista, a leading market and consumer data research firm, estimates that by 2020, the utilities, transportation and logistics, and discrete manufacturing industries are each projected to spend $40 billion on Internet of Things (IoT) platforms, systems and services. The next largest spending category will be business-to-consumer vendors, at $25 billion, while the health-care, energy and retail industries are each projected to spend north of $10 billion. These numbers add up to a significant investment in the IoT. In fact, the Boston Consulting Group predicts that the IoT market will reach $267 billion by 2020.
-
Decentralised IoT Network Gets Tencent Investment
Wienke Giezeman is a man on a mission: since 2015, he’s been busy creating a decentralized LoRaWAN based internet of things (IoT) network which has no single owner and no single point of control. His goal is to make it easy for people to focus on the business value created by IoT, and not have to worry about the technology.
Giezeman stood on the stage at his The Things Conference here earlier this month to announce some major breakthroughs that could just tip the balance for mass deployment of LoRaWAN devices and gateways. This includes a very low cost $69 indoor gateway, a generic software defined IoT node device incorporating multiple sensors, a security chip in conjunction with Microchip Technology, and a partnership with Tencent to accelerate LoRaWAN network expansion among the Chinese developer community.
-
Open IoT Network Adds Devices, Expands in China
Giezeman stood on the stage at his The Things Conference here earlier this month to announce some major breakthroughs that could just tip the balance for mass deployment of LoRaWAN devices and gateways. This includes a very low cost $69 indoor gateway, a generic software defined IoT node device incorporating multiple sensors, a security chip in conjunction with Microchip Technology, and a partnership with Tencent to accelerate LoRaWAN network expansion among the Chinese developer community.
-
How Tim Berners-Lee's Inrupt project plans to fix the web
Tim Berners-Lee wants to change the face of the internet he created. In September 2018, the father of the world wide web announced the launch of startup Inrupt, co-founded with cybersecurity entrepreneur John Bruce, which has as its mission “to restore rightful ownership of data back to every web user.”
Since 2015, Berners-Lee has been working on a new web infrastructure called Solid, which rethinks how web apps store and share personal data. Inrupt aims to drive the development of the Solid platform and transform it from an innovative idea to a viable platform for businesses and consumers. “My group in the CSAIL [Computer Sciences and Artifical Intelligence Laboratory] Lab at MIT had been working on Solid for some years,” Berners-Lee says. “The initial goal of Inrupt is to add the energy and resources of a startup to the open-source efforts to make the Solid movement happen.”
Over the past three decades, the web has evolved into something very different to Berners-Lee's original vision of openness, co-operation and creativity. Most of the data we put online is now siloed on the servers of companies like Google, Facebook and Twitter, and used to sell us as an audience for targeted advertising. We can download and delete our online histories, but we still can't easily move our data between services. “Innovation and value creation are choked by powerful forces whose focus is primarily on what generates profit or serves political agendas,”says John Bruce, who takes the role of CEO at Inrupt (Berners-Lee is CTO).
- Login or register to post comments
Printer-friendly version
- Read more
- 665 reads
PDF version
Programming: DApp, Groovy, TensorFlown and a Lot More
Submitted by Roy Schestowitz on Monday 18th of February 2019 04:44:58 AM Filed under
-
Chinese Tech Giant Baidu Launches Blockchain OS to Support DApp Development
Chinese search engine and web services company Baidu has launched its Baidu Blockchain Engine (BBE), an operating system designed to facilitate decentralized application (DApp) development. The news was officially announced by Baidu’s cloud computing unit, Baidu Cloud, on Feb. 14.
Baidu Cloud states that it considers an open source, commercialized platform to be “the only way to build a blockchain operating system.” BBE has reportedly been built on the basis of Baidu’s “ABC” technology strategy — artificial intelligence (AI), big data and cloud computing — and aims to make DApp development “as simple as creating a mobile app.” -
How is the Eclipse Foundation Specification Process (EFSP) different from the Java Community Process (JCP)?
As most of you are aware, Oracle has contributed the Java EE specification to the Eclipse Foundation. The enterprise Java community decided to rename the Java EE specification to Jakarta EE. Part of this huge transition to open source is changing the specification process. The famous Java Community Process (JCP) is going to be replaced by the Eclipse Foundation Specification Process (EFSP), which will be better suited for vendor neutrality, transparency, and all other attributes associated with open source. So what exactly is the difference?
To learn more about the new process, please refer to the EFSP v1.0, and Wayne Beaton’s article in this newsletter.
-
How To Build A Successful Developer Community
As a community starter, the first question one should ask themselves is why developers want to join the community: is it because they are going to learn new skills or make their work easier?
What is the impetus for building the community by asking questions like, whether the community is built around an open-source project? Are the developer tools available? Is there a platform with an API? Is it like a partner ecosystem? Or is it just selling a product?
-
Ember.js video documentary released
Besides being an interesting piece of content for developers and open-source enthusiasts around the world, the documentary also addresses the human element of open-source software and the power of community.
The documentary starts off with Tom Dale telling the story about how in the early days of creating web apps using Javascript, people where telling them, "please stop using Javascript", and "you guys are abusing the system" - but they had to stick with the vision and see it through and today, everyone uses Javascript to create web applications.
-
Why 2019 Will Be the Year for Shift-Left Mainframe Testing
While 2018 was the year for planning and implementing shift-left methodologies in testing, mainframe and server testers were, for the most part, left behind. These legacy infrastructure experts were tied down to old-school testing tools. Mainframes kept functioning, but tools and testing practices often became bottlenecks, preventing performance testing teams from testing more quickly mid-cycle and pre-release.
-
Ubisoft's Clever-Commit AI will sniff out bugs in Firefox
GAMES DO ENCOURAGE VIOLENCE, but against bugs in the case Ubisoft which has partnered with Mozilla to build out an artificial intelligence (AI) system that sniffs out code gremlins.
Dubbed Clever-Commit, the AI will act as a form of coding assistant that learns from a developer's base bug and regression data to predict and flag potential new bugs that might be added as new code is slapped onto the codebase.
The system, which is already being used internally by Ubisoft, will be adopted by Mozilla to review Firefox code and spot dodgy bits, with the goal of making the browser more stable for its users. But if the systems works well, Mozilla has plans to stick it further into Firefox.
-
Ubisoft and Mozilla team up to develop Clever-Commit, an AI coding assistant
Game developer Ubisoft today announced that it has partnered with Mozilla to develop Clever-Commit, an AI-based coding assistant that learns from your code base’s bug and regression data to analyze and flag potential new bugs as new code is committed. Ubisoft already uses this tool internally and Mozilla says that it will deploy it to spot bugs in its Firefox code.
-
Programming languages: Python rides high but Groovy is cool again with developers
Groovy, which came to life in 2007, hasn't been a top-20 language in Tiobe's index since 2016 but in the February listing it is now at 19th place, up from 49th last year.
Groovy hit its stride as a language for writing scripts for popular continuous-integration tool Jenkins, but it's also been buoyed by the Gradle open-source build-automation system. According to Tiobe, these days more 'glue' software is being written in Groovy.
-
The Deep Learning Framework Backed By Facebook Is Getting Industry's Attention
When it comes to deep learning frameworks, TensorFlow is one of the most preferred toolkits.
-
Inside the AI developer’s toolbox
-
Guide To Web Scraping With Python Libraries Selenium & Beautiful Soup
-
Speeding up basic object operations in Cython
-
Python’s str.isdigit vs. str.isnumeric
-
Test and Code: 65: one assert per test
-
Setting up Tor hidden service
-
How to install WildFly (JBoss) on Ubuntu 18.04
- Login or register to post comments
Printer-friendly version
- Read more
- 656 reads
PDF version
Security: runc, Switzerland and More
Submitted by Roy Schestowitz on Monday 18th of February 2019 03:37:47 AM Filed under
-
Open Source Security Podcast: Episode 134 - What's up with the container runc security flaw?
Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.
-
Switzerland launches e-voting bug bounty
The Swiss government is inviting hackers to test its electronic voting (e-voting) system for vulnerabilities, in a move aimed at improving the security and integrity of the country’s electoral process.
The initiative was unveiled last week by Swiss Post, Switzerland’s national postal service and the organization tasked with deploying and managing the country’s e-voting platform.
Ahead of the system’s planned nationwide rollout, a public intrusion test will take place between February 25 and March 24. A range of cash prizes are on offer for successful pen testers.
-
A Conversation about ZipSlip, NodeJS Security, and BBS Hacking
Earlier this year, the popular Bower package manager was found vulnerable to archive extraction, allowing attackers to write arbitrary files on a user's disk. As Nodejs Security WG member and Snyk developer advocate Liran Tal wrote, the vector attacks used by this exploit have been known since the early days of BBS.
As security researcher skyn3t reported on January 1st 2019, an attacker could craft a malicious zip archive to exploit improper validation of symlinks to write arbitrary files outside of the zip extraction directory. According to Tal, the culprit for enabling path transversal in Bower's case is a small Nodejs package, decompress-zip, but it is far from being an isolated case. In fact, this kind of vulnerability has been found in several ecosystems, including JavaScript, Ruby, .NET, Go, and Java, and seems to affect thousands of projects, making it deserve the ZipSlip moniker. What is even more striking is that the basic attack vector used by ZipSlip has been known, and potentially exploited many times, since the very early days of Bulletin Board Systems (BBS).
-
Vet third-party apps to reduce supply chain threats [Ed: At least NPM caught this; with proprietary software the back doors are there permanent, hidden, and you cannot remove them]
Case in point: there was last fall's update to the event-stream Node Package Manager (NPM), which included cryptocurrency-stealing code, and which wasn't revealed until almost two months after the software was released. There have also been prior security issues identified in NPM packages.
Jarrod Overson blogged about investigating the event-stream NPM package. The event-stream developer changed ownership of the project and the cryptocurrency-stealing code was added by the new developer in a subsequent update. The original developer hadn't used the module in years and agreed to give a new developer control of the package.
Once the malicious code was added, the developer updated the version information so applications that used the module would install the updated version. The package was installed as a dependency to other modules and was reportedly downloaded two million times per week. NPM packages will follow best practices to determine if updates to dependencies are available and auto-install the updated modules, making these types of attacks difficult to combat.
Ubuntu Studio: Updates for February 2019
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:40:18 AM Filed under
With Ubuntu 19.04’s feature freeze quickly approaching, we would like to announce the new updates coming to Ubuntu Studio 19.04.
- Login or register to post comments
Printer-friendly version
- Read more
- 625 reads
PDF version
Bastian Ilsø Hougaard's and Tobias Bernard's Reports From GNOME at FOSDEM
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:37:14 AM Filed under
-
Bastian Ilsø Hougaard: GNOME at FOSDEM 2019
Earlier this month, the annual FOSDEM conference happened again at ULB, Bruxelles, Belgium. I had the opportunity to go there, man the GNOME booth, sell socks, and catch up with other GNOME contributors.
Prior to the conference I had booked La Chambre Haute, which is a great little rooftop apartment located in Etterbeek, around 1.7km from the FOSDEM venue. I arranged the apartment for sharing through the GNOME wiki and shared the apartment with fellow GNOMEies Florian, Tobias, Julian and Niclas. We had a really pleasant time there, including oriental cooking and hacking! I can recommend joining for FOSDEM 2020.
-
Tobias Bernard: FOSDEM 2019
Earlier this month I attended FOSDEM in Brussels. This year was much more relaxed than last year because I didn’t have a talk or other major responsibilities. That meant I had a lot more time to talk to fellow GNOME people and other friends working on different projects.
I spent a lot of time at our booth, talking to people coming by, and planning new projects with fellow developers. The only talk I ended up going to was Zeeshan’s on Rust. I really wanted to go see Jordan’s talk as well, but the Rust devroom was way too packed on Sunday. I also attended the Mobile Free Software BoF, where Nicole gave a status update about the Librem 5 to interested community members, and people could ask questions.
- Login or register to post comments
Printer-friendly version
- Read more
- 608 reads
PDF version
Review: Slontoo 18.07.1 "LXDE"
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:34:16 AM Filed under
It is not often that I experiment with projects from the Gentoo family of distributions. This week I decided to enjoy a change of pace and experiment with a desktop oriented distribution from the Gentoo family called Slontoo. According to the project's website,
Slontoo is an operating system based on Funtoo Linux. It uses the Linux Mint live installer to simplify the installation procedure. Slontoo tries to provide most appropriate tools for home and office use.
Funtoo is, in turn, based on Gentoo and strives to improve the technologies presented in the Gentoo meta-distribution.
Slontoo is available in three editions: LXDE, MATE and Xfce. New users can download one unified ISO (1.7GB) that contains all three desktop environments, or select from one of three smaller ISO files that each include just one desktop. I decided to download the distribution's LXDE edition which is 1GB in size. Slontoo is available for 64-bit systems only.
Booting from the live media brings up a menu asking us to pick our preferred language. Then the system boots into a graphical mode and presents us with the LXDE desktop. A panel sits at the bottom of the screen, with the application menu in the bottom-left corner. Icons on the desktop open the file manager and launch the system installer. The live desktop was responsive and the distribution appeared to be working smoothly so I jumped immediately into the installer.
Also: Solus Plasma Testing V1 overview | A kde flavored Solus OS
- Login or register to post comments
Printer-friendly version
- Read more
- 624 reads
PDF version
Debian: Sway in Experimental and More
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:31:02 AM Filed under
-
Sway in experimental
A couple of days ago the 1.0-RC2 version of Sway, a Wayland compositor, landed in Debian experimental. Sway is a drop in replacement for the i3 tiling window manager for wayland. Drop in replacement means that, apart from minor adaptions, you can reuse your existing i3 configuration file for Sway. On the Website of sway you can find a short introduction video that shows the most basic concepts of using Sway, though if you have worked with i3 you will feel at home soon.
In the video the utility swaygrab is mentioned, but this tool is not part of Sway anymore. There is another screenshot tool now though, called grim which you can combine with the tool slurp if you want to select regions for screenshots. The video also mentions swaylock, which is a screen locking utility similar to i3lock. It was split out of the main Sway release a couple of weeks ago but there also exists a Debian package by now. And there is a package for swayidle, which is a idle management daemon, which comes handy for locking the screen or for turning of your display after a timeout. If you need clipboard manager, you can use wl-clipboard. There is also a notification daemon called mako (the Debian package is called mako-notifier and is in NEW) and if you don’t like the default swaybar, you can have a look at waybar (not yet in Debian, see this RFS). If you want to get in touch with other Sway users there is a #sway IRC channel on freenode. For some tricks setting up Sway you can browse the wiki.
-
The Sway Wayland Compositor Is Now Available From Debian Experimental
For those that have been wanting to try out the near-final Sway 1.0, this Wayland compositor has made its way into the Debian archive albeit only in the "experimental" section for now.
At the end of January was the start of the upstream Debian packaging work around Sway and it's kept up with the latest release candidates. Available from Debian Experimental is now the latest Sway 1.0-RC2.
-
Making debug symbols discoverable and fetchable
Michael wrote a few days ago about the experience of debugging programs on Debian. And he is certainly not the only one, who found it more difficult to find debug symbols on Linux systems in general.
But fortunately, it is a fixable problem. Basically, we just need a service to map a build-id to a downloadable file containing that build-id. You can find the source code to my (prototype) of such a dbgsym service on salsa.debian.org.
- Login or register to post comments
Printer-friendly version
- Read more
- 633 reads
PDF version
Linux Vs. Unix: What's the Difference?
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:24:28 AM Filed under

Linux and Unix are often compared to each other. If the similarity in their names wasn't enough, Linux is technically a descendant of Unix, and they share a number of similarities in tool kits and overall structure. They aren't exactly the same, though, and the approaches and philosophies behind them are radically different.
- Login or register to post comments
Printer-friendly version
- Read more
- 650 reads
PDF version
Daniel García Moreno: I'm a hacker
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:14:23 AM Filed under

The hack computer is built on top of the Endless OS. Endless OS is based on debian and the desktop is a modified gnome shell, but it's not the usual debian derivative, it's based on OSTree. The main difference is that the root filesystem is read only and updates are managed with ostree, that's like a git repository.
This kind of Operating System is easier to maintain, because the user can't modify the base system, so this means that he was unable to break it. All user applications are installed via flatpak, so are independent of the OS version and because of flathub you can install latests version of apps without the need to update the full operating system.
This is the way that Fedora SilverBlue is trying to follow and is a new way to build and distribute GNU/Linux.
- Login or register to post comments
Printer-friendly version
- Read more
- 606 reads
PDF version
Wine Developers Release Hangover Alpha To Run Windows x86_64 Programs On 64-Bit ARM
Submitted by Roy Schestowitz on Monday 18th of February 2019 02:08:11 AM Filed under
Wine developers André Hentschel and Stefan Dösinger have been working on "Hangover" as a means of running Windows x86/x86_64 applications on 64-bit ARM (AArch64) Linux and Android or even Windows for ARM. They are out today with the project's first alpha release.
Hangover 0.4 is the first (alpha) release from this project for running x86/x86_64 Windows programs now on 64-bit ARM Linux distributions. Besides GNU/Linux platforms, Hangover can also run on Android as well. This also lays the groundwork for supporting Windows games on AArch64 using Direct3D/WineD3D though due to upstream Wine limitations that doesn't yet work on Android due to WineD3D not working off OpenGL ES at this time.
- Login or register to post comments
Printer-friendly version
- Read more
- 599 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Type![]() |
Title | Author | Replies | Last Post |
---|---|---|---|---|
goblinxfc | srlinuxx | 26/04/2007 - 6:30pm | ||
nixsys.com | srlinuxx | 24/09/2007 - 11:24pm | ||
wolvixondisk | srlinuxx | 02/10/2007 - 10:49pm | ||
arnybw | srlinuxx | 18/10/2007 - 3:39pm | ||
webpathinlovelinux | srlinuxx | 07/02/2008 - 3:44pm | ||
bluewhite | srlinuxx | 25/03/2008 - 10:44pm | ||
pclos | srlinuxx | 15/06/2008 - 11:18pm | ||
nixsys2 | srlinuxx | 18/08/2008 - 7:12am | ||
nixsys3 | srlinuxx | 18/08/2008 - 7:22am | ||
gg 480x60 | srlinuxx | 03/09/2008 - 11:55am |
Older Stories (Next Page)
- Microsoft VSCode – Finally a free, fast and cross-platform code editor
- Here Is Why I Finally Switched To Firefox
- Android Leftovers
- FocusWriter An App For Distraction-Free Writing
- Inserting Data Into Tables - MySQL Series Part 4
- Today in Techrights
- today's leftovers
- Software: 14 Excellent Free Plotting Tools and Texinfo 6.6
- Bare-Metal Kubernetes Servers and SUSE Servers
- Steam's Slipping Grip and Release of Wine-Staging 4.2
- OSS Leftovers
- FOSS in Networking: O-RAN Alliance, AT&T, OMEC/ONF
- HowTos and Programming Leftovers
- Geary 0.13.0
- Red Hat/IBM on Open Source
- MongoDB and Amazon Licence Battles
- Noctua's NH-U9 TR4-SP3 Is Still The Best 4U EPYC / Threadripper Cooler I've Found
- Uber: AresDB and Ludwig Source Code
- Linux Foundation: Hyperledger, Mapzen, Open Mainframe Project and Academy Software Foundation
- Open Hardware: Hackable Devices, RISC-V and 3-D Printing
Recent comments
1 min 1 sec ago
10 min 4 sec ago
33 min 49 sec ago
4 hours 32 min ago
4 hours 47 min ago
5 hours 7 min ago
6 hours 43 min ago
15 hours 21 min ago
21 hours 27 min ago
1 day 5 hours ago