Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 21 Jan 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Programming: GCN, Python, Rust, RcppArmadillo Roy Schestowitz 18/01/2019 - 9:58am
Story Games: Lost in Sky: Violent Seed, Steam and PlayOnLinux 5.0 Alpha 2 Roy Schestowitz 18/01/2019 - 9:56am
Story today's howtos Roy Schestowitz 18/01/2019 - 9:53am
Story Android: Android Q, Fossil and Deprecating 32-Bit Android Apps Roy Schestowitz 18/01/2019 - 9:52am
Story Android Leftovers Rianne Schestowitz 18/01/2019 - 9:01am
Story Inkscape 1.0 Open-Source Vector Graphics Editor Is Finally Coming After 15 Years Rianne Schestowitz 1 18/01/2019 - 8:56am
Story CNC milling with open source software Rianne Schestowitz 18/01/2019 - 8:45am
Story Security: Jenkins, Polyverse, Rootkits, Cryptojacking and Kali Linux Roy Schestowitz 18/01/2019 - 8:33am
Story Server Side Public License (SSPL) Fallout Roy Schestowitz 18/01/2019 - 8:31am
Story MariaDB Platform X3 Roy Schestowitz 18/01/2019 - 8:03am

Games: Demonizer, Taste of Power, Road to your City and More

Filed under
Gaming

Security: Software Security is a Civil Right, Security Isn’t a Feature, Metasploit and Software Updates

Filed under
Security
  • Software Security is a Civil Right!
  • Security isn’t a feature

    As CES draws to a close, I’ve seen more than one security person complain that nobody at the show was talking about security. There were an incredible number of consumer devices unveiled, no doubt there is no security in any of them. I think we get caught up in the security world sometimes so we forget that the VAST majority of people don’t care if something has zero security. People want interesting features that amuse them or make their lives easier. Security is rarely either of these, generally it makes their lives worse so it’s an anti-feature to many.

    Now the first thing many security people think goes something like this “if there’s no security they’ll be sorry when their lightbulb steals their wallet and dumps the milk on the floor!!!” The reality is that argument will convince nobody, it’s not even very funny so they’re laughing at us, not with us. Our thoughts by very nature blame all the wrong people and we try to scare them into listening to us. It’s never worked. Ever. That one time you think it worked they were only pretended to care so you would go away.

    So it brings us to the idea that security isn’t a feature. Turning your lights on is a feature. Cooking you dinner is a feature. Driving your car is a feature. Not bursting into flames is not a feature. Well it sort of is, but nobody talks about it. Security is a lot like the bursting into flames thing. Security really is about something not happening, things not happening is the fundamental problem we have when we try to talk about all this. You can’t build a plausible story around an event that may or may not happen. Trying to build a narrative around something that may or may not happen is incredibly confusing. This isn’t how feature work, features do positive things, they don’t not do negative things (I don’t even know if that’s right). Security isn’t a feature.

    So the question you should be asking then is how do we make products being created contain more of this thing we keep calling security. The reality is we can’t make this happen given our current strategies. There are two ways products will be produced that are less insecure (see what I did there). Either the market demands it, which given the current trends isn’t happening anytime soon. People just don’t care about security. The second way is a government creates regulations that demand it. Given the current state of the world’s governments, I’m not confident that will happen either.

  • Metasploit, popular hacking and security tool, gets long-awaited update

    The open-source Metasploit Framework 5.0 has long been used by hackers and security professionals alike to break into systems. Now, this popular system penetration testing platform, which enables you to find, exploit, and validate security holes, has been given a long-delayed refresh.

    Rapid7, Metasploit's parent company, announced this first major release since 2011. It brings many new features and a fresh release cadence to the program. While the Framework has remained the same for years, the program was kept up to date and useful with weekly module updates.

  • Security updates for Tuesday
  • [Slackware] New VLC and Flash

    AV1 is a new video codec by the Alliance for Open Media, composed of most of the important Web companies (Google, Facebook, Netflix, Amazon, Microsoft, Mozilla…). AV1 has the potential to be up to 20% better than the HEVC codec, but the patents license is totally free. VLC supports AV1 since version 3.0.0 but I never added the ‘aom‘ decoder/encoder to my vlc package, since ‘aom’ is the reference implementation of the video format and it does not really perform.
    The VideoLAN and FFmpeg communities are collaborating on ‘dav1d’ to make this a reference optimized decoder for AV1. Now that ‘dav1d’ has an official release I thought it would be cool to have in the VLC package. Mozilla and Google browsers already have the support for AV1 video playback built-in, so… overdue here.

Blue Collar Linux: Something Borrowed, Something New

Filed under
Linux
Reviews

Sometimes it takes more than a few tweaks to turn an old-style desktop design into a fresh new Linux distribution. That is the case with the public release of Blue Collar Linux.

"The guidance and design were shaped by real people -- blue collar people," Blue Collar developer Steven A. Auringer told LinuxInsider. "Think useful and guided by Joe and Jane Whitebread in Suburbia."

Blue Collar Linux has been under development for the last four years. Until its public release this week, it has circulated only through an invitation for private use by the developer's family, friends and associates looking for an alternative to the Windows nightmare.

Read more

Compact i.MX6 UL gateway offers WiFi, 4G, LoRa, and ZigBee

Filed under
Linux

Forlinx’s “FCU1101” is a compact embedded gateway with -35 to 70℃ support that runs Linux on an i.MX6 UL and offers 4x isolated RS485 ports, a LAN port, and WiFi, 4G, LoRa, and ZigBee.

A year ago, the wireless studded, serial connected FCU1101 might have been called an IoT gateway, but the name seems to be going out of fashion. A similar system with a more powerful processor than the FCU1101‘s power-efficient, Cortex-A7 based NXP i.MX6 UltraLite (UL) might today be called an edge server. Forlinx calls its mini-PC sized, 105 x 100 x 33mm device what we used to call them back in the day: an embedded computer.

Read more

NVIDIA GeForce GTX 760/960/1060 / RTX 2060 Linux Gaming & Compute Performance

Filed under
Graphics/Benchmarks
Gaming

The NVIDIA GeForce RTX 2060 is shipping today as the most affordable Turing GPU option to date at $349 USD. Last week we posted our initial GeForce RTX 2060 Linux review and followed-up with more 1080p and 1440p Linux gaming benchmarks after having more time with the card. In this article is a side-by-side performance comparison of the GeForce RTX 2060 up against the GTX 1060 Pascal, GTX 960 Maxwell, and GTX 760 Kepler graphics cards. Not only are we looking at the raw OpenGL, Vulkan, and OpenCL/CUDA compute performance between these four generations, but also the power consumption and performance-per-Watt.

Read more

Linux Tools: The Meaning of Dot

Filed under
Linux

Let's face it: writing one-liners and scripts using shell commands can be confusing. Many of the names of the tools at your disposal are far from obvious in terms of what they do (grep, tee and awk, anyone?) and, when you combine two or more, the resulting "sentence" looks like some kind of alien gobbledygook.

None of the above is helped by the fact that many of the symbols you use to build a chain of instructions can mean different things depending on their context.

Read more

VirtualBox 6.0.2 Released with Support for SUSE Linux Enterprise Server 12.4

Filed under
SUSE

VirtualBox 6.0 brought numerous new features and improvements to the open-source and cross-platform virtualization software used by millions of computer users worldwide to run multiple operating systems on their PCs. These include a major user interface revamp, the ability to export virtual machines to the Oracle Cloud infrastructure, better 4K/HiDPI support for high-end displays, and support for Linux kernel 4.20.

VirtualBox 6.0.2 is the first maintenance update to the VirtualBox 6.0 series, adding support for building the VirtualBox drivers on the SUSE Linux Enterprise Server 12.4 operating system, implementing a new virtual optical disk creation window in the UI, making the VirtualBoxVM command accessible on Linux and macOS hosts, supporting older Linux kernels for building the shared folder driver, and fixing resetting of USB devices on Linux guests.

Read more

36-Year-Old SCP Clients' Implementation Flaws Discovered

Filed under
Security

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly.

Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a local host and a remote host using RCP (Remote Copy Protocol) and SSH protocol.

In other terms, SCP, which dates back to 1983, is a secure version of RCP that uses authentication and encryption of SSH protocol to transfer files between a server and a client.

Discovered by Harry Sintonen, one of F-Secure's Senior Security Consultants, the vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle (MiTM) attackers to drop or overwrite arbitrary files on the client's system.

Read more

today's leftovers

Filed under
Misc
  • Archman 2019.01 Openbox Run Through

    In this video, we look at Archman 2019.01 Openbox.

  • And the Race is On! 2018-2019 openSUSE Board Elections Enter Campaign Phase

    Marina is a very active Italian openSUSE Advocate, involved in the Project since 2009, deeply involved in LibreOffice.  She relocated to Munich last June, where she is working for CIB mainly on its LibreOffice team as Senior Migrations & Deployments Engineer.  You may read more about Marina on her Wiki User page.

    Marina joins an already impressive line-up of Quality Candidates who announced they were stepping up during the past week, adding to what will be very tough decisions for the Voters in the upcoming Elections.  Official openSUSE Members in Good Standing are qualified to vote in the Elections, and they will have to make difficult choices for who should take the three open Board Seats, choosing between Marina, incumbent Christian Boltz aka cboltz, Dr. Axel Braun aka DocB, incumbent Sarah Julia Kriesch aka AdaLovelace, Sébastien Poher aka sogal, Vinzenz Vietzke aka vinzv, and Nathan Wolf aka futureboy and CubicleNate on IRC.

    Sarah and Sébastien’s run for the Board was announced in last Wednesday’s openSUSE News, while the Candidacies of Christian, Dr. Braun, Vinzenz, and  Nathan were announced in the next day’s news article.

  • Entry-level Bay Trail SBC ready for workhorse duty

    Acrosser’s 3.5-inch “AMB-BT19S1” SBC runs on an Intel Bay Trail SoC and offers up to 8GB RAM, dual display support, plus SATA, mSATA, mini-PCIe, serial, USB 3.0, and GbE ports.

    With newer Atom processor families such as Cherry Trail, Braswell, Apollo Lake, and now Gemini Lake, the popular, five-year old Bay Trail product line appears to be close to “legacy” status. Yet, aside from graphics capabilities and support for the latest memories and peripherals, there’s not that much separating Bay Trail from Gemini Lake in terms of CPU performance and power consumption. Depending on the price, an “entry level” Bay Trail SBC like Acrosser’s 3.5-inch AMB-BT19S1 board could be the smart move for some applications.

OSS Leftovers

Filed under
OSS
  • Key Resources for Effective, Professional Open Source Management

    At organizations everywhere, managing the use of open source software well requires the participation of business executives, the legal team, software architecture, software development and maintenance staff and product managers. One of the most significant challenges is integrating all of these functions with their very different points of view into a coherent and efficient set of practices.

  • An open source world

    HotPicks is one of, if not the most popular section of Linux Format and while the reader survey tells me that, I don’t actually understand why! My gut feeling is that people love the choice, variety and freedom HotPicks delivers every issue. I guess the truth is the sheer variety of open source means it can be hard to discover the best tools for the job and HotPicks offers a way to discover the best each issue… so say hello to our HotPicks Special!

    It’s a guide to this vast open source world and isn’t that what this magazine is here for? So we’re running a best open source software list for 2019. We’ve not done anything like this for over two years, so it’s more than time we help people discover new software that’s just waiting for an apt install to download. The availability of open source is a curse and blessing. It makes some see it as free of value while the sheer abundance makes it hard for others to cut through the noise and get to the tools they need.

  • Open source may be the key to securing IoT [Ed: The writer is selling insecurity and FOSS FUD for a living]

    As a society, we like things that are smart. Your TV, phone, thermostat, even your water bottle now tracks your habits and interacts with you via applications.  

    We demand that our connected devices do more for us, collecting data to help us make more informed decisions, offer us more options, and just be downright better. Unfortunately, far too often in the quest to gain more features from our various devices, security concerns are lost along the way.

    Internet of Things (IoT) devices face risks that the industries producing them are generally unprepared to deal with. Time after time, we see new breaches that target vulnerabilities in IoT products which should make us increasingly cautious about buying them, with good reason.

  • Why teachers should get out of their comfort zones and into the open

    If ever there was an experience that brought the above quotation home for me, it was my experience at the All Things Open conference in Raleigh, NC last October. Thousands of people from all over the world attended the conference, and many (if not most), worked as open source coders and developers. As one of the relatively few educators in attendance, I saw and heard things that were completely foreign to me—terms like as Istio, Stack Overflow, Ubuntu, Sidecar, HyperLedger, and Kubernetes tossed around for days.

  • A design chat with DevConf.cz '19 UX speakers

    At the end of January, Red Hat’s User Experience Design team heads to Brno, the second largest city in the Czech Republic, to attend DevConf.cz, the 11th annual, free, Red Hat sponsored community conference for contributors to open source.

    This trip marks our team’s first appearance at the Brno conference, and we’re excited to see interest in user experience from the open source development community. I sat down with some of the team to talk a bit about why UX matters and how development teams can shift their thinking to build more usable and intuitive user experiences.

  • Girlscript Summer of Code Is Here

    Heard of Open Source but don’t know how to begin? Wish to work on real projects but don’t know where to get started?

  • LibreOffice 6.2 community focus: Localisation

    Last week, we talked to the design community about their preparations for the upcoming LibreOffice 6.2 release. Today we hear from Sophie Gautier, who helps out with localisation (l10n) – that is, translating the software’s user interface, documentation and website into other languages…

  • Google Partners With Automattic to Setup a Publishing Platform For Their News Initiative

    Automattic, the parent company of WordPress.com, has received $2.4 million in funding for Newspack initiative. Half of the funding has come from Google through its Google News Initiative that the company launched last year. The remaining funding came from multiple investors that include Lenfest Institute of Journalism, ConsenSys, Civil Media, and John S. and James L. Knight Foundation.

    The main aim is that journalists should be more focused on writing news rather than the design of the website. Automaticc will work in collaboration with News Revenue Hub and Spirited Media. The collaboration will help to find out new features that can help in the success of publishers. Constant feedback will be taken regarding Newpack so that the product can turn out to be a hit for everyone.

  • Worked On The Migration Of A Second Plone Addon

    I finished my migration of a first Plone addon some a week ago sucessfully and started with migration of a further addon, collective.dexteritytextindexer to Python 3 compatibility. I was able to migrate the source code of the addon itself, but run into issues with the behaviors test script. The tests ran successful on Plone 4.3 to 5.2 and Python 2.7, but failed on Plone 5.2 on Python 3.

  • A national electronic health record for primary care

    Selecting open-source software may avoid dependence on the owners of a proprietary product, because the source code will remain freely available and any vendor can provide support and customization services to users. Examples of open-source electronic health record software in use currently include OSCAR, developed at McMaster University and widely used in Canada, and OpenEMR, developed through a collaboration in the United States.

  • Baidu Unveils Major Advancements to the Apollo Intelligent Driving Ecosystem at CES 2019

    Apollo 3.5 is the latest and most sophisticated iteration of Baidu's open autonomous driving platform, now supporting complex urban and suburban driving environments

  • EdX Starts the Process to Release “Ironwood”, the Next Version of its Open Source Platform

    The first step will be to create the master branches in the appropriate repos – edX Architect, Ned Batchelder announced. This task is expected for January 18th.

Licensing: GPL Compliance and the Server Side Public License (SSPL)

Filed under
OSS
Legal
  • arter97’s custom kernel and vendor images greatly improve the Xiaomi Mi Pad 4’s performance

    Xiaomi (and a lot of Chinese OEMs) have had a difficult time complying with the rules of the GNU GPL when it comes to releasing the kernel source code for their Android products. The company said they would start doing this 3 months after the release of a new product, but that wasn’t the case with the Xiaomi Mi Pad 4. The device launched in June of last year and, as of October, they had yet to comply with the GPL. Thankfully, they finally released it (a month after we reported on their tardiness) and it has helped developers work their magic on the device.

  • Amazon Web Services’ DocumentDB Takes Aims At MongoDB Workloads

    DocumentDB uses version 3.6 of the MongoDB application programming interface (API) to interact with MongoDB clients.

    That version, dating back to 2017, is covered by the open source Apache licence, a move intended to circumvent MongoDB’s new licensing structure, based on the specially created Server Side Public License (SSPL).

Programming: Python, Qt 6.0, and LLVM

Filed under
Development
  • The starting of new pygame project

    Hello, welcome back, due to busy managing the offline business as well as writing article for another website, therefore, no post had been created in the past few days.

  • Qt 6 To Begin Early Stages Of Development In Git

    While Qt 6.0 isn't due out for the better part of two years still, early patches planned for Qt 6 are expected to begin taking shape within a Git staging branch.

    Lars Knoll laid out plans today to have a Qt 6 branch start for qtbase, since that's where most of the early stage Qt6 development will begin taking place. Already he's been collecting some patches from fellow developers and at least having this branch early will serve as a basis for staging until the Qt 6.0 development really heats up.

    The current Qt5 "dev" code would regularly merge into the Qt6 code-base, functions planned for removal in Qt6 would need to be first marked as deprecated by the Qt5 code, and binary compatibility breakage can begin.

  • Intel Looking To Drop Their Nios II Backend From LLVM

    One of the lesser known compiler backends/targets by the LLVM compiler is Nios II, which is for the 32-bit embedded FPGA processor designs.

    Of course, Intel acquired Altera back in 2015 and has been focusing upon the Intel Stratix hardware as their current FPGA focus. For Nios II coverage there's long been an out-of-tree GCC-derived compiler while the LLVM back-end hasn't received much attention. It seems the LLVM support for Nios II isn't widely used as the Intel developers are now looking to drop this back-end.

    In fact, the Nios2 LLVM back-end with being broken for months before it was noticed. Additionally, the experimental target has never been full-featured to the extent that the Intel compiler developers would rather just drop the code.

  • Apple Opens Up Swift/C LSP Based On Clangd

    Built atop LLVM's clangd server, Apple recently open-sourced SourceKit-LSP as a language server protocol for Swift and C-based languages. This allows for better integration with various IDEs and development tools.

    Language Server Protocols are a standardized protocol for communicating between integrated development environments / IDEs and servers providing various programming language specific features. These LSPs can be re-used by different development tools / editors while providing the necessary functionality for code completion, code formatting, syntax highlighting, and other features that are language-specific and better off re-used across projects rather than needing to be re-implemented each time.

  • Writing Golang as a Python Dev

    I’ve gone through the Golang tutorial once before but in the last month or so, I fully dove into it. I started by writing a simple hello world web application. I found the implementation of the webserver so neat that most of the uses I’d have for a framework is redundant. The in-built libraries already take care of handling most of the use-cases I have. I did a couple of views and a couple of templates. It seems to be working well.

    As someone coming from Python, I keep tripping over types. I started my professional career with PHP and then moved to Python. Both of these languages aren’t very strongly typed by default. So it’s been fun to find errors and fix them. I learn more and more that I can’t be lazy.

Debian and Ubuntu Leftovers

Filed under
Debian
Ubuntu
  • Freexian’s report about Debian Long Term Support, December 2018

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • CasparCG Server for TV broadcast playout in Debian

    The layered video playout server created by Sveriges Television, CasparCG Server, entered Debian today. This completes many months of work to get the source ready to go into Debian. The first upload to the Debian NEW queue happened a month ago, but the work upstream to prepare it for Debian started more than two and a half month ago. So far the casparcg-server package is only available for amd64, but I hope this can be improved. The package is in contrib because it depend on the non-free fdk-aac library. The Debian package lack support for streaming web pages because Debian is missing CEF, Chromium Embedded Framework. CEF is wanted by several packages in Debian. But because the Chromium source is not available as a build dependency, it is not yet possible to upload CEF to Debian. I hope this will change in the future.

  • Participate in Fedora Test Day Today, Netrunner Announces Netrunner 19.01 Blackbird, Security Patch for GNOME Bluetooth Tools in Ubuntu 18.04, New Giant Board SBC from Groboard and Linspire Posts Development Roadmap for 2019-2020

    Canonical yesterday released a security patch for the GNOME Bluetooth tools to address a security vulnerability with Ubuntu 18.04. Softpedia News reports that security researcher Chris Marchesi discovered the vulnerability in the BlueZ Linux Bluetooth stack, "which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices." All Ubuntu 18.04 LTS users should update immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages from the official repos. See the wiki for detailed instructions.

  • Ubuntu Weekly Newsletter Issue 561

Linux Steam Integration 0.7.3 Released With Annoyance Fixes

Filed under
GNU
Linux
Gaming

Solus founder Ikey Doherty who is back working for Intel on the Clear Linux team and brought the Linux Steam Integration (LSI) into that fold has issued a new release of this software for improving the Steam integration on Linux.

Read more

Server: HPC, Cloudera, and Artisans

Filed under
Server
  • The Slow But Inevitable Shift To Cloudy Infrastructure

    Architectural transitions for layers in the IT stack at hyperscalers can happen in a matter of years, and cloud builders and HPC centers can move at almost the same speed. But for the vast number of enterprises, it takes a long time to change their stacks, in part because they are more risk averse and in part because they have more – and more diverse – applications to support to run their businesses.

    This, we think, is one of the reasons why the transition from bare metal to cloudy infrastructure is taking so long in the enterprise, even as it has long since taken over at the hyperscalers and cloud builders and is making significant headway – mostly due to the advent of containerized environments that are significantly less heavy than clusters that are virtualized with full-on hypervisors – in the HPC realm.

  • ‘Cloudera brand going nowhere,’ says CEO Reilly

    As expected, the newly merged Cloudera and Hortonworks will operate under the Cloudera brand, and is aiming to start moving customers to a new, unified Cloudera Data Platform, while also committing to hybrid and multi-cloud deployments and remaining ‘100% open source’.

    Back in October last year the rivals announced that they would be merging via an “all-stock merger of equals” bringing together two once red-hot heavily VC-backed unicorns that have both struggled to effectively monetise their open source-backed data solutions.

    At the time it was not known how the new company would be branded, but it has now been confirmed it will be called Cloudera, with the Hortonworks branding hitting the scrapheap.

  • Alibaba Acquires Open Source Firm Data Artisans for $130M

    Berlin-based Data Artisans provides distributed systems and large-scale data processing solutions for enterprises. The startup offers its dA Platform, which consists of Apache Flink and dA Application Manager. Its customers include Netflix, ING and Uber. The Chinese e-commerce giant has been working with Data Artisans since 2016 and is one of the biggest users of Apache Flink.

Security: Back Doors and Metasploit

Filed under
Security
  • Vulnerabilities found in building access system used by schools, governments

    Tenable Research discovered four zero-day vulnerabilities in PremiSys access control system from IDenticard (PremiSys IDenticard). The first, a hardcoded backdoor account, “allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function.”

    The ability to “give an attacker unfettered access to the badge system database, allowing him/her to covertly enter buildings by creating fraudulent badges and disabling building locks” is troubling considering tens of thousands of customers, ranging from K-12 schools, universities, government agencies, medical centers, and Fortune 500 companies, rely on IDenticard for secure key card access.

  • Open-Source Metasploit Framework 5.0 Improves Security Testing

    Among the most widely used tools by security researchers is the open-source Metasploit Framework, which has now been updated with the new 5.0 release.

    Metasploit Framework is penetration testing technology, providing security researchers with a variety of tools and capabilities to validate the security of a given application or infrastructure deployment. With Metasploit, researchers can also test exploits against targets to see if they are at risk, in an attempt to penetrate the defensive measures that are in place. The 5.0 release of Metasploit introduces multiple new and enhanced capabilities, including automation APIs, evasion modules and usability improvements.

    "As the first major Metasploit release since 2011, Metasploit 5.0 brings many new features, as well as a fresh release cadence," Brent Cook, senior manager at Rapid7, wrote in a blog post.

    [...]

    Metasploit 5.0 now also brings improved usability for security researchers to test multiple targets at scale.

    "While Metasploit has supported the concept of scanners that can target a subnet or network range, using an exploit module was limited to only one host at a time," Cook wrote. "With Metasploit 5.0, any module can now target multiple hosts in the same way by setting RHOSTS to a range of IPs or referencing a host’s file with the file:// option."

    Usability also gets a boost with improved performance, including faster startup and searching capabilities than in previous versions of Metasploit. Additionally, with Metasploit 5.0, researchers are now able to write and use modules in any of three programming languages: Go, Python and Ruby. Overall, development for Metasploit 5.0 benefited from an updated process that included a stable branch that is used by Rapid7 and other distributions for everyday use and an unstable branch where new development can be rapidly added before it’s ready for broader consumption.

Syndicate content

More in Tux Machines

today's howtos

Audiocasts: Linux in the Ham Shack (LHS), Linux Action News, Open Source Security Podcast and Let’s Encrypt

  • LHS Episode #266: #$%&! Net Neutrality
    Welcome to the first episode of Linux in the Ham Shack for 2019. In this episode, the hosts discuss topics including the 2018 RTTY Roundup using FT-8, Cubesats and wideband receivers in space, the ORI at Hamcation, Wekcan, Raspberry Pi-based VPN servers, the LHS Linux distributions, CW trainers and much more.
  • LHS Episode #267: The Weekender XXII
    Welcome to the 22nd edition of the LHS Weekender. In this episode, the hosts discuss upcoming amateur radio contests and special event stations, Open Source events in the next fortnight, Linux distributions of interest, news about science, technology and related endeavors as well is dive into food, drink and other hedonistic topics.
  • Linux Action News 89
    Another troubling week for MongoDB, ZFS On Linux lands a kernel workaround, and 600 days of postmarketOS. Plus our thoughts on the new Project Trident release, and Mozilla ending the Test Pilot program.
  • Open Source Security Podcast: Episode 130 - Chat with Snyk co-founder Danny Grander
  • The ACME Era | TechSNAP 395
    We welcome Jim to the show, and he and Wes dive deep into all things Let’s Encrypt.

Review: Sculpt OS 18.09

The Sculpt OS website suggests that the operating system is ready for day to day use, at least in some environments: "Sculpt is used as day-to-day OS by the Genode developers." Though this makes me wonder in what capacity the operating system runs on the machines of those developers. When I tried out the Haiku beta last year, the operating system had some limitations, but I could see how it could be useful to some people in environments with compatible hardware. In theory, I could browse the web, perform some basic tasks and develop software on Haiku. With Sculpt though, I was unable to get the operating system to do anything, from a user's point of view. The small OS could download packages and load some of them into memory, and it could display a graph of related components. Sculpt could connect to my network and mount additional storage. All of this is good and a fine demo of the Genode design. However, I (as a user) was unable to interact with any applications, find a command line, or browse the file system. All of this put a severe damper on my ability to use Sculpt to do anything useful. Genode, and by extension Sculpt OS, has some interesting design goals when it comes to security and minimalism. However, I don't think Sculpt is practical for any end-user tasks at this time. Read more

This Week in Linux, Chrome OS, and Death of Windows 10 Mobile

  • Episode 51 | This Week in Linux
    On this episode of This Week in Linux, we got some new announcements from Inkscape, Purism, Solus, Mozilla, and Steam. We’ll also check out some new Distro releases from Netrunner, Deeping, Android X86 and more. Then we’ll look at some new hardware offerings from Purism and Entroware. Later in the show will talk about some drama happening with a project’s licensing issues and then we’ll round out the episode with some Linux Gaming news including some sales from Humble Bundle. All that and much more!
  • Chrome OS 73 Dev Channel adds Google Drive, Play Files mount in Linux, USB device management and Crostini backup flag
    On Tuesday, Google released the first iteration of Chrome OS 73 for the Dev Channel and there are quite a few new items related to Project Crostini, for Linux app support. Some things in the lengthy changelog only set up new features coming soon while others add new functionality. Here’s a rundown on some of the Crostini additions to Chrome OS 73.
  • Tens to be disappointed as Windows 10 Mobile death date set: Doomed phone OS won't see 2020
    Microsoft has formally set the end date for support of its all-but-forgotten Windows 10 Mobile platform. The Redmond code factory said today that, come December 10, it's curtains for the ill-fated smartphone venture. The retirement will end a four-year run for a Microsoft phone effort that never really got off the ground and helped destroy Nokia in the process. "The end of support date applies to all Windows 10 Mobile products, including Windows 10 Mobile and Windows 10 Mobile Enterprise," Microsoft declared.