Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 05 Dec 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Servers/Networks Roy Schestowitz 01/12/2016 - 11:58am
Story Comma.ai: Car AI Liberated Roy Schestowitz 01/12/2016 - 11:54am
Story Comcast Becomes the First Cable Company to Join ONOS & CORD Roy Schestowitz 01/12/2016 - 11:47am
Story R3 Corda Ledger Is Now Open Source Roy Schestowitz 01/12/2016 - 11:45am
Story SUSE and HPE: The Latest Roy Schestowitz 01/12/2016 - 11:28am
Story Development News (SourceForge and Perl) Roy Schestowitz 01/12/2016 - 11:06am
Story Games for GNU/Linux Roy Schestowitz 01/12/2016 - 10:26am
Story 3 open source password managers Rianne Schestowitz 01/12/2016 - 10:09am
Story Is Open Source Good for Business? Rianne Schestowitz 01/12/2016 - 10:08am
Story Make Q4OS Look Like Windows With XPQ4 Rianne Schestowitz 01/12/2016 - 10:00am

Android Leftovers

Filed under
Android

Leftovers: OSS and Sharing

Filed under
OSS
  • Nomulus: Google’s open-source TLD registry platform

    In mid-October, Google open-sourced the core software behind their TLD registry: Nomulus. This software allows creation and management of new top-level domains (TLDs) in the cloud, enabling current businesses in the Internet real-estate market to expand into the new, rapidly growing generic TLD (gTLD) space, as well as reducing the technological barrier for prospective newcomers.

    Nomulus provides a wealth of core features out of the box. Because it is designed to run on Google App Engine, Nomulus is cloud-based and can scale quickly and efficiently as domains leased increase in popularity and number of registrations or inquiries.

  • Contribute To Open Source On #OpenCyberMonday

    Today is Cyber Monday, the day when everyone in the US goes back to work after Thanksgiving. Cyber Monday is a celebration of consumerism, and the largest online shopping day of the year. Right now, hundreds of thousands of office workers are browsing Amazon for Christmas presents, while the black sheep of the office are on LiveLeak checking out this year’s Black Friday compartment syndrome compilations.

  • Pentaho’s Quentin Gallivan: Open-Source Framework, Analytics Tools Key to Agencies’ Data Integration Efforts

    Quentin Gallivan, CEO of Hitachi Data Systems’ Pentaho subsidiary, has said government agencies should develop a “centralized” plan that seeks to leverage the use of business analytics tools and an open-source framework like Hadoop in order to facilitate data integration and access.

    Gallivan wrote that agencies should adopt an open-source framework that includes governance practices on the use of data and works to support big data processing operations.

  • Bitcoin in 5 minutes

    Blockstream's Eric Martindale opened his five-minute All Things Open lightning talk with a bold claim: "Bitcoin is one on the most significant innovations of our time."

  • 3 alternative reasons why you should test Nextcloud 11 Beta

    On the Nextcloud blog I just published about the beta for Nextcloud 11. The release will deliver many improvements and is worth checking out in itself, plus I put a nice clickbait-style title and gave three reasons to test it.

  • The Glass Room: Looking into Your Online Life

    It’s that time of year! The excitement of Black Friday carries into today – CyberMonday – the juxtaposition of the analog age and the digital age. Both days are fueled by media and retailers alike and are about shopping. And both days are heavily reliant on the things that we want, that we need and what we think others want and need. And, all of it is powered by the data about us as consumers. So, today – the day of electronic shopping – is the perfect day to provoke some deep thinking on how our digital lives impact our privacy and online security. How do we do this?

  • phpMyAdmin security issues

    You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.

    First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.

  • Time is running out for NTP

    Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives

  • KDE End of Year Fundraising

    Have you ever felt that you wanted to give back to the KDE project? As the season of giving draws near there's never been a better time to support KDE and help the project continue to bring free software to millions of lives worldwide.

    By participating in the end of year fundraiser, you can help us in our mission. Your donations are used to pay for transport and accomodation for developers to attend sprints as well as to support the server infrastructure required to keep the project running.

  • The Latest On C++17, Early Work For C++20

    There was a C++ standards meeting recently in Issaquah, Washington and a report on it is now available with the latest on C++17 and early work around what will form C++20.

    This meeting resulted in the C++17 committee draft as the first feature-complete draft of the C++17 specification.Various tweaks to the language and library were accepted at this meeting. C++17 remains on track for seeing its official spec out in 2017.

  • From Concept to License: Stewarding Your Own Open Source Project

    Are you of a mind to launch an open source project or are you in the process of doing so? Doing it successfully and rallying community support can be more complicated than you think, but a little up-front footwork and howework can help things go smoothly. Beyond that, some planning can also keep you out of legal trouble. Issues pertaining to licensing, distribution, support options and even branding require thinking ahead if you want your project to flourish. In this post, you'll find our newly updated collection of good, free resources to pay attention to if you're doing an open source project.

  • Open source virtual reality, a new board for electronics testing, Fedora 25, and more news

    In this week's edition of our open source news roundup, we take a look at open source virtual reality, a new board for electronics testing, Fedora 25, and more.

  • Switzerland to create an open food data programme

    Opendata.ch, which represents the Open Knowledge Foundation in Switzerland, has launched the Business Innovation food.opendata.ch programme, with the goal of building an open and public database on food and nutrition data. The programme is also funded by the Swiss food industry, represented by Migros – via its funding arm Engagement Migros.

Assimilation That Confuses/Openwashing

Filed under
Microsoft
Mac

Security Leftovers

Filed under
Security
  • Security advisories for Monday
  • FutureVault Inc.'s FutureVault

    Though short of Mr Torvalds' aim of world domination, FutureVault, Inc., has set the ambitious goal to "change the way business is done" with its FutureVault digital collaborative vault application. Described by its developer as "at the epicenter of a brand new disruptive category in the financial services world", FutureVault allows users to deposit, store and manage important financial, legal and personal documents digitally by means of a white-label, cloud-based, SaaS platform.

  • Azure glitch allowed attackers to gain admin rights over hosted Red Hat Linux instances

    A VULNERABILITY in Microsoft's Azure cloud platform could have been exploited by an attacker to gain admin rights to instances of Red Hat Enterprise Linux (RHEL) and storage accounts hosted on Azure.

  • Microsoft update servers leave Azure RHEL instances hackable
  • Microsoft update left Azure Linux virtual machines open to hacking
  • Microsoft Azure bug put Red Hat instances at risk
  • Microsoft update servers left all Azure RHEL instances hackable

    Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.

    Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.

    From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.

    Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.

  • Deutsche Telekom Says Cyber Attack Hits 900,000 Customers

    Deutsche Telekom (DTEGY) , Europe's largest, said it could have been a victim of a cyber attack as 900,000 fixed-line customers face a second consecutive day of outages.

    The Bonn, Germany-based company, which has 20 million fixed network customers, said 900,000 customers with specific routers have faced temporary problems and marked fluctuations in quality, with some also receiving no service at all. It added that the problems have occurred in a wide region, not in a specific area.

  • San Francisco’s Muni Hacked

    It seems that on Friday, right in the midst of busy Thanksgiving weekend holiday traffic, the San Francisco Municipal Transportation Agency or Muni, was hit by hackers, forcing the system to offer Saturday free rides on the system’s light rail trains. The breach was apparently a ransomware attack, with the hackers demanding 100 Bitcoin, or approximately $73,000, to unencrypt the system.

    It all began when the words “You Hacked, ALL Data Encrypted” appeared on Muni agents’ screens. It’s not known whether Muni paid the ransom, although that’s considered unlikely. Operations of the system’s vehicles were not affected.

Mesa 13.0.2 Released, Includes Many Intel/RADV Vulkan Driver Fixes

Filed under
Graphics/Benchmarks

For those riding the stable Mesa release train, Mesa 13.0.2 is now available as the newest Mesa 13.0 point release.

As covered last week, the 50+ changes in this version include many fixes to VC4, i965, Radeon, and RADV drivers. There are also a number of Vulkan WSI (windowing system integration) fixes plus driver specific work, more smoke-testing, and memory leak fixes. The Intel Mesa driver also has received its share of support for Intel Geminilake hardware coming out in 2017.

Read more

20-Way NVIDIA/AMD GPU Darktable OpenCL Photography Performance

Filed under
Graphics/Benchmarks

With the holiday season in full swing, whether you are just a casual photographer or professional, Darktable is easily one of the best photography workflow applications and it's free software! Darktable has offered OpenCL acceleration for providing faster performance on GPUs and with the imminent Darktable 2.2 release there is even better OpenCL results. For those curious about the OpenCL performance of Darktable, I've done some Darktable 2.2-RC1 benchmarks on a variety of NVIDIA GeForce and AMD Radeon graphics cards under Ubuntu Linux.

Read more

Also: More Darktable GPU/CPU Benchmarks - 27 Different Setups

Linux-based YunOS To Beat Apple’s iOS In China

Filed under
Linux

The chances are slim that you might be knowing about YunOS, the mobile operating system developed by China’s Alibaba group. In a recent development related to YunOS, this relatively newer OS is on the track to gather a 14 per cent share of phone shipments in mainland China.

According to forecasts made by analysts, by the end of this year, YunOS will beat iOS to become the second-largest mobile operating system in China. This forecast falls in line with Alibaba’s previous claims that YunOS has already passed iOS.

Read more

How to add more entropy to improve cryptographic randomness on Linux

Filed under
Linux
HowTos

If you have Linux servers that depend upon encryption, you owe it to yourself to beef up the system entropy. Here's how to do so with haveged.

Read more

Yelp offers up Kafka tools to open source

Filed under
OSS

Yelp saved itself US$10 million by building out its Apache Kafka-based Data Pipeline, and now it wants to spread that love to other enterprises. Just before the holidays, Yelp open-sourced its Data Pipeline and assorted utilities used to maintain and build out this streaming data platform.

Data Pipeline is now available on GitHub under the Apache 2.0 license. Using Data Pipeline, developers can tie their applications into the constantly flowing stream of Kafka data. The company detailed this in a blog entry.

Read more

Are we in a golden age of open source or just openwashing?

Filed under
OSS

We are witnessing a golden age of open source. Never in the history of the technology industry have we seen so many developers coding in the open, jointly working on common codebases that can be leveraged by any individual user or company.

This trend is a huge step forward, with broad benefits to both the user and vendor community. It is spurring significantly greater innovation and interoperability across solutions.

Read more

Build Your Own Netflix and Pandora With Raspberry Pi 3

Filed under
Linux
HowTos

Do you have a huge collection of movies, TV shows, and music that you purchased over the years but it’s collecting digital dust on your hard drives? How about creating your very own Netflix- and Pandora-like setup using the free Plex Media Server software? No, you don’t have to buy an expensive, bulky PC. All you need is a Raspberry Pi 3, a hard drive, an SD card and a mobile charger. It should all cost less than $100.

Read more

3.5-inch Apollo Lake SBC supports extended temperatures

Filed under
Linux

The AECX-APL0 supports the three Atom-branded Apollo Lake processors instead of the related Celeron and Pentium models. No OS support is listed, which is also the case for the other Litemax/WynMax embedded boards, which are mostly Mini-ITX boards, with a sprinkling of 3.5-inch SBCs, based on Intel and AMD processors. Running Linux should not be a problem.

The 146 x 102mm AECX-APL0 supports up to 8GB DDR3L RAM, and offers SATA III and mSATA, with the latter made available via one of the two mini-PCIe slots. The other is paired with a micro-SIM for wireless expansion.

Read more

Games for GNU/Linux

Filed under
Gaming

Leftovers: Software

Filed under
Software
  • anytime 0.1.1: More robust

    CRAN just accepted the newest release 0.1.1 of anytime, following the previous five releases since September.

    anytime is a very focussed package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and to do so without requiring a format string.

  • FFmpeg 3.2 "Hypatia" Multimedia Backend Gets Its First Point Release, Adds Fixes

    It's been almost a month since the major FFmpeg 3.2 "Hypatia" open-source, free and cross-platform multimedia framework was officially unveiled, and now the first point release arrives for all supported platforms.

    FFmpeg 3.2 "Hypatia" brought us many goodies, including OpenH264 decoder wrapper, libopenmpt demuxer, alias muxer for Ogg Video (.ogv), VP8 support for Ogg muxing, the True Audio (TTA) muxer, as well as the crystalizer, maskedclamp, hysteresis, lut2, yuvtestsrc, vaguedenoiser, weave, avgblur, gblur, and acrusher audio filters.

  • Alduin is an Open-Source Desktop RSS Reader for Linux

    On the look out for a clean, modern and open-source desktop RSS reader app for Linux? I know I am, so I was excited to come across Alduin. Alduin is a simple RSS (and Atom) feed aggregator that’s billed as having an “ergonomic, complete and easy to use interface, which will be suitable for all types of user.”

  • Vivaldi 1.5.676.6 Web Browser Snapshot Introduces Easier Tab Selection by Domain
  • Microsoft enables Linux desktop users to send SMS text messages with latest Skype Alpha [Ed: Missing the fact that Skype already had GNU/Linux support before Microsoft bought it and then abandoned it]

GNOME News

Filed under
GNOME
  • This week in GTK+ – 26

    In this last week, the master branch of GTK+ has seen 40 commits, with 1551 lines added and 1998 lines removed.

  • Linux communities, we need your help!

    There are a lot of Linux communities all over the globe filled with really nice people who just want to help others. Typically these people either can’t (or don’t feel comfortable) coding, and I’d love to harness some of that potential by adding a huge number of new application reviews to the ODRS. At the moment we have about 1100 reviews, mostly covering the more popular applications, and also mostly written in English.

KDE Leftovers

Filed under
KDE
  • Chakra GNU/Linux Users Get KDE Plasma 5.8.4, Apps 16.08.3, and Frameworks 5.28.0

    On November 27, 2016, Chakra GNU/Linux developer Neofytos Kolokotronis informs the community about the availability of a set of new software updates for the rolling distro originally based on Arch Linux.

    A week ago, we reported on the availability of the cups 2.1.4-3 and pepperflashplugin 23.0.0.207-1 packages in the Chakra GNU/Linux repositories, which required manual intervention from the user. And, after some issues with their hosting provider, the promised KDE goodies are finally here, along with numerous other updates.

  • Google Code-in begins soon; KDE mentors welcome students

    The KDE community will once more be participating in Google Code-in, which pairs KDE mentors with students beween the ages of 13 and 18 to work on tasks which both help the KDE community and teach the students how to contribute to free and open source projects. Not only coding, but also documentation and training, outreach and research, quality assurance and user interface tasks will be offered.

  • KDE Developer Guide needs a new home and some fresh content

    As I just posted in the Mission Forum, our KDE Developer Guide needs a new home. Currently it is "not found" where it is supposed to be.

    We had great luck using markdown files in git for the chapters of the Frameworks Cookbook, so the Devel Guide should be stored and developed in a like manner. I've been reading about Sphinx lately as a way to write documentation, which is another possibility. Kubuntu uses Sphinx for docs.

    In any case, I do not have the time or skills to get, restructure and re-place this handy guide for our GSoC students and other new KDE contributors.

Android Leftovers

Filed under
Android

Security News

Filed under
Security
  • European Commission knocked offline by 'large scale' DDoS attack

    THE EUROPEAN COMMISSION (EC) was struck by a large-scale distributed denial of service (DDoS) attack on Thursday, bringing down its internet access for hours.

    The EC confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.

    "No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."

  • Overclocked Wearables Can Pick Up Bio-Acoustic Signals

    The sensors incorporated into wearables can sometimes be repurposed to perform tasks beyond their intended applications. For example, it's been shown that it's possible to discover a victim user’s passwords and PINs by applying a sophisticated algorithm to the data gathered by wearable embedded sensors.

    Recently, researchers at the Future Interfaces Group at Carnegie Mellon University have overclocked the accelerometer of an LG smartwatch to extend its capabilities to more than just tracking fitness. By overclocking the off-the-shelf smartwatch via some software updates, they can now detect and process very small vibrations and audio signals.

    The new technology, dubbed ViBand, can allow different apps to understand the context of your activities by capturing bio-acoustic signals.

  • The Economics of stealing a Tesla with a phone

    A few days ago there was a story about how to steal a Tesla by installing malware on the owner's phone. If you look at the big picture view of this problem it's not all that bad, but our security brains want to make a huge deal out of this. Now I'm not saying that Tesla shouldn't fix this problem, especially since it's going to be a trivial fix. What we want to think about is how all these working parts have to fit together. This is something we're not very good at in the security universe; there can be one single horrible problem, but when we paint the full picture, it's not what it seems.

  • Config fumble left Azure Red Hat Enterprise Linux wide open

    A software engineer setting up a secure Red Hat Enterprise Linux virtual machine in the cloud discovered a serious configuration flaw that could be exploited to upload arbitrary software packages to Microsoft Azure update infrastructure.

    Ian Duffy found Microsoft had configured the Red Hat Update Appliance used for Azure in such a way that an attacker could easily get access to the content delivery servers and upload packages that client virtual machines would acquire when updating.

    Duffy was able to bypass the username and password authentication on the content delivery server by running a log file collector application. Once completed, the log file collector provided a link to a downloadable compressed archive.

  • Azure bug bounty Root to storage account administrator

    In my previous blog post Azure bug bounty Pwning Red Hat Enterprise Linux I detailed how it was possible to get administrative access to the Red Hat Update Infrastructure consumed by Red Hat Enterprise Linux virtual machines booted from the Microsoft Azure Marketplace image. In theory, if exploited one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute yum update.

15 JavaScript frameworks and libraries

Filed under
OSS

JavaScript’s open source stance is also one of the best. Contrary to popular belief, JavaScript is not a project, but a specification with an open standard where the language is evolved and maintained by its core team. ECMAScript, another fancy name of JavaScript, is not open source, but it too has an open standard.

You can easily see evidence of JavaScript's popularity when you look at both at GitHub. JavaScript is the top programming language when it comes to the number of repositories. Its prominance is also evident on Livecoding.tv, where members are diligently creating more videos on JavaScript than any other topic. At the time of this writing, the self-dubbed edutainment site hosts 45,919 JavaScript videos.

Read more

Open source has won, and Microsoft has surrendered

Filed under
GNU
Linux
OSS

I have covered Microsoft’s interference with FOSS [free and open-source software] for over a decade and carefully studied even pertinent antitrust documents. I know the company’s way of thinking when it comes to undermining their competition

The pattern of embrace and extend (to extinguish) — all this while leveraging software patents to make Linux a Microsoft cash cow or compel OEMs to preinstall privacy-hostile Microsoft software/apps with proprietary formats (lockin) — never ended. What I see in the Linux Foundation right now is what I saw in Nokia 5 years ago and in Novell 10 years ago — the very thing that motivated me to start BoycottNovell, a site that has just turned 10 with nearly 22,000 blog posts. It is a saddening day because it’s a culmination, after years of Microsoft ‘micro’ payments to the Linux Foundation (e.g. event sponsorship in exchange for keynote positions), which will have Microsoft shoved down the throats of GNU/Linux proponents and give an illusion of peace when there is none, not just on the patent front but also other fronts (see what Microsoft’s partner Accenture is doing in Munich right now).

Read more

Syndicate content

More in Tux Machines

Eight great Linux gifts for the holiday season

Do you want to give your techie friend a very Linux holiday season? Sure you do! Here are some suggestion to brighten your favorite Tux fan's day. Read more Also: More Random Gift Ideas For Linux Enthusiasts & Others Into Tech Which open source gift is at the top of your holiday wish list?

Ubuntu-Based ExTiX OS Updated for Intel Compute Sticks with Improved Installer

GNU/Linux developer Arne Exton announced this past weekend the release of an updated build of his Ubuntu-based ExTiX Linux distribution for Intel Compute Stick devices. Last month, we reported on the initial availability of a port of the ExTiX operating system for Intel Compute Sticks, boasting the lightweight and modern LXQt 0.10.0 desktop environment and powered by the latest Linux 4.8 kernel, tweaked by Arne Exton for Intel Atom processors. And now, ExTiX Build 161203 is out as a drop-in replacement for Build 161119, bringing a much-improved Ubiquity graphics installer that should no longer crash, as several users who attempted to install the Ubuntu-based GNU/Linux distro on their Intel Compute Stick devices reported. Read more Also: Debian-Based SparkyLinux 4.5 Brings Support for exFAT Filesystems, systemd 232 4MLinux 20.1 Linux Distro Released with Kernel 4.4.34 LTS to Restore PAE Support

Today in Techrights

Canonical Releases Snapcraft 2.23 Snap Creator for Ubuntu 16.04 LTS and 16.10

Canonical's Snappy development team have released a new maintenance version of the Snapcraft 2.x tool that lets applications developers package their apps as Snap packages for Ubuntu and other GNU/Linux distributions that support Snaps. Read more