Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 08 Dec 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story GTK Graphics Roy Schestowitz 05/12/2016 - 7:41pm
Story Linux and Graphics Roy Schestowitz 05/12/2016 - 7:38pm
Story Early Benchmarks Of GCC 7 On Linux x86_64 With An Intel Core i7 6800K Roy Schestowitz 05/12/2016 - 7:32pm
Story KDE Leftovers Roy Schestowitz 05/12/2016 - 7:29pm
Story 64-bit Raspberry Image and OpenStack at SUSE Roy Schestowitz 05/12/2016 - 7:23pm
Story Pico-ITX SBC runs Ubuntu on Braswell Roy Schestowitz 05/12/2016 - 7:21pm
Story Shuttleworth Foundation/Mozilla Foundation Overlap Roy Schestowitz 05/12/2016 - 7:16pm
Story Games for GNU/Linux Roy Schestowitz 05/12/2016 - 7:10pm
Story Ubuntu Leftovers Roy Schestowitz 05/12/2016 - 11:08am
Story Android Leftovers Roy Schestowitz 05/12/2016 - 11:05am

Raspberry Pi Foundation Disables SSH in Raspbian PIXEL's Latest Security Update

Filed under
Linux

Raspberry Pi Foundation, through Simon Long, announces that a security update is now available for the PIXEL desktop environment of the company's Debian-based Raspbian operating system for Raspberry Pi single-board computers.

Read more

Security News

Filed under
Security
  • Security advisories for Wednesday
  • What Malware Is on Your Router?

    Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

    Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

    After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

    It’s not just routers. I’m also seriously considering installing the low-tech sliding door devices that were handed out as swag at this year’s All Things Open to block the all-seeing-eye of the web cams on my laptops. And I’m becoming worried about the $10 Vonage VoIP modem that keeps my office phone up and running. Thank goodness I don’t have a need for a baby monitor and I don’t own a digital camera, other than what’s on my burner phone.

  • National Lottery 'hack' is the poster-girl of consumer security fails

    IN THE NEW age of hacking, you don't even need to be a hacker. National Lottery management company Camelot has confirmed that up to 26,500 online accounts for their systems may have been compromised in an attempted hack, that required no hacking.

    It appears the players affected have been targetted from hacks to other sites, and the resulting availability of their credentials on the dark web. With so many people using the same password across multiple sites, it takes very little brute force to attack another site, which is what appears to have happened here.

  • Mozilla and Tor release urgent update for Firefox 0-day under active attack

    "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

    The Tor browser is based on the open-source Firefox browser developed by the Mozilla Foundation. Shortly after this post went live, Mozilla security official Daniel Veditz published a blog post that said the vulnerability has also been fixed in a just-released version of Firefox for mainstream users. On early Wednesday, Veditz said, his team received a copy of the attack code that exploited a previously unknown vulnerability in Firefox.

  • Tor Browser 6.0.7 is released

    Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

    This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

    The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

    Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

  • Firefox 0-day in the wild is being used to attack Tor users

    Firefox developer Mozilla and Tor have patched the underlying vulnerability, which is found not only in the Windows version of the browser, but also the versions of Mac OS X and Linux.

    There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.

    Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.

  • Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

    If you've been reading the news lately, you might have stumbled upon an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

City of Munich now uses Kolab open source groupware

Filed under
OSS

In August this year, the city of Munich completed its two-year switch to Kolab, an open source based suite of groupware and collaboration tools such as email and calendaring. Across the city’s 50 departmentsb there are now some 60,000 Kolab mail boxes, said Kolab CEO George Greve at a conference for the IT departments of the European Commission and European Parliament, in Brussels on Tuesday.

Read more

It's All Aboard for Linux Gamers at The Final Station

Filed under
Gaming

The developers of The Final Station, recognizing the growing market for the post-apocalyptic train ride in the open source community, have made their hot-selling title available for the Linux OS.

The indie game, which Do My Best Games and TinyBuild launched for PC, Mac, Xbox One and PlayStation 4 this summer, became available for Linux last week.

Although the post-civilization genre is fairly crowded space, the zombie-killing horror ride has earned generally positive reviews from veteran games critics, who appreciated its narrative and level of detail.

Read more

Canonical Releases New Kernel Live Patch Security Update for Ubuntu 16.04 LTS

Filed under
Ubuntu

On November 30, 2016, after publishing new kernel updates for all of its supported Ubuntu Linux releases, Canonical, through Luis Henriques, announced the availability of the second kernel live patch security update to Ubuntu 16.04 LTS.

Read more

Also: Four New Kernel Vulnerabilities Patched in All Supported Ubuntu OSes, Update Now

Ubuntu-Based Trisquel GNU/Linux 8.0 "Flidas" Enters Development with MATE 1.12.1

Filed under
Ubuntu

The development team behind Trisquel GNU/Linux, a 100% libre distribution based on the Ubuntu Linux operating system, announced the availability of the first Alpha images for the upcoming Trisquel GNU/Linux 8.0 release.

Read more

R3 Makes Code for Financial Agreements Platform Open Source

Filed under
OSS
  • R3 Makes Code for Financial Agreements Platform Open Source

    The bank consortium R3 CEV has released its Corda platform as open source to encourage innovation and interoperability in the industry's development of blockchain technology.

  • R3 open sources Corda

    Financial innovation company R3 has made its Corda distributed ledger platform open source, granting the global developer community universal access to its source code to encourage collaboration, review and contribution to the platform.

  • R3 Consortium Open-Sources its Corda Blockchain Platform

    R3 has just made its Corda distributed ledger platform open source, granting the developers access to its source code to encourage collaboration, review and contribution to the platform. This news comes at a time when R3 needs it most, after it recently lost a few of its member banks including Goldman Sachs and Morgan Stanley.

Linux/FOSS Events

Filed under
Linux
OSS
GNOME
  • GNOME Core Apps Hackfest 2016

    Last weekend I attended the GNOME Core Apps hackfest that I helped organize here in Berlin.

    It was the first time I participated in a Core Apps hackfest and I must say I am really glad with how it all went. I felt like there was a perfect balance of planning, working, and just hanging out together. If you want to know more about the planned items, check out this very complete post by Carlos Soriano.

  • Core Apps Hackfest

    Last weekend I attended the Core Apps hackfest in Berlin. This was a reboot of the Content Apps hackfest we held last year around the same time of year, with a slightly broader focus. One motivation behind these events was to try and make sure that GNOME has a UX focused event in Europe at the beginning of the Autumn/Spring development cycle, since this is a really good time to come together and plan what we want to work on for the next GNOME version.

  • Highlights from ISTA and GTAC 2016

    Another two weeks have passed and I'm blogging about another 2 conferences. This year both Innovations in Software Technologies and Automation and Google Test Automation Conference happened on the same day. I was attending ISTA in Sofia during the day and watching the live stream of GTAC during the evenings. Here are some of the things that reflected on me:

  • FGSL XIII Event Report

    Before I became a Fedora Project contributor, I went to an event in the central west region of Brazil called FGSL ( “Fórum Goiano de Software Livre”), which had its 12th edition in 2015. It was a great event, and now ( 2016) that I have joined the Fedora Community as a contribuitor I thought about being there again, this time representing the Fedora Project.

Linux and Graphics

Filed under
Graphics/Benchmarks
Linux
  • MSM-Next Prepares Adreno A5xx Support For Linux 4.10

    On Tuesday was the MSM-Next submission by Red Hat developer Rob Clark of these Freedreno MSM changes to be sent to mainline for the Linux 4.10 kernel.

    Notable with this MSM-Next pull request is the addition of Qualcomm Adreno A5xx support. Adreno A500 series support coming to this open-source driver stack was covered earlier this week in Qualcomm Adreno A5xx Open-Source Driver Bringup For Freedreno.

  • Amazon Working On EC2 Linux OpenGL Support, Considering Vulkan

    Amazon Web Services today revealed more information about their EC2 Elastic GPUs support they are working to implement in the cloud.

    Amazon's Elastic GPUs will be offered in four different tiers and range in GPU memory capacity from 1GB to 8GB. They also revealed their work on an Amazon-optimized OpenGL library for Elastic GPUs. They shared that initially there is just Windows support for OpenGL but they are working to support Amazon Linux AMI with their OpenGL implementation. They are also looking at Vulkan support (and DirectX too, sadly).

  • Vivante Gallium3D Driver Proposed For Mainline Mesa + Render-Only Gallium Library

    Fresh from the libdrm 2.4.74 release that had some Etnaviv API changes, the Etnaviv Gallium3D driver has been proposed for mainline Mesa as the open-source, reverse-engineered 3D effort for Vivante graphics cores.

  • Initial XWayland Window Positioning Support For Weston

Devuan and Ubuntu

Filed under
Debian
Ubuntu
  • New Devuan Beta, Sharket Mare, 2016 Predictions

    Not even 24 hours after my saying there hasn't been a new Devuan release since April, the project released Beta 2 for 32 and 64-bit machines. Elsewhere, Jeremy Garcia celebrates 16 years of LinuxQuestions.org and writer-blogger Bruce Byfield today said that Linux and its application are commercial grade despite what some may think. The Ubuntu 17.04 release schedule was posted and Canonical has approved Snaps sans dependencies.

  • Systemd-Free Debian Fork Devuan Releases Its Second Beta
  • Docker and Canonical partner on CS Docker Engine for millions of Ubuntu users
  • Docker, Canonical Team Up on CS Docker Engine for Ubuntu

    When it comes to containers, Canonical has been early to make many of the right moves. The company was one one of the first to weave in platform support for Docker, which is partly significant because the majority of OpenStack deployments are built on Ubuntu.

    Now, Docker and Canonical have announced an integrated Commercially Supported (CS) Docker Engine offering on Ubuntu, meant to provide Canonical customers with a single path for support of the Ubuntu operating system and CS Docker Engine in enterprise Docker operations.

  • Ubuntu devs can now build Snaps without dependencies

    To encourage app distribution advancements, Canonical is now letting Ubuntu app developers build their Snaps without bundling their dependencies. The new support comes through the ubuntu-app-platform snap that has just been reached the Ubuntu Software store.

OSS Leftovers

Filed under
OSS
  • Who cares about market share?

    And if that seems selfish, I only have so much time for evangelism. Besides, if the advantage of free software for developers is that they are free to pursue their own interests, I see no reason that ordinary users can't claim the same privilege. I may be irked by the inaccurate statements about free software, or wish Linux more popular, but neither really matters compared to my everyday experience on the desktop. The diversity that I enjoy exists precisely because free software development is bound by considerations other than the commercial.

  • Release notes for the Genode OS Framework 16.11

    In contrast to most parts of the framework, the fundamental low-level protocols, which define the interaction between parent and child components have remained unchanged since the very first Genode version. From this interplay, the entire architecture follows. That said, certain initial design choices were not perfect. They partially resulted from limitations of the kernels we used during Genode's early years and from our pre-occupation with a certain style of programming. Over the years, the drawbacks inherent in our original design became more and more clear and we drafted rough plans to overcome them. However, reworking the fundamental protocols of a system that already accommodates hundreds of component implementations cannot be taken light-handily. Because of this discomfort, we repeatedly deferred the topic - until now. With the rapidly growing workloads carried by Genode, we deliberately decided to address long-standing deficiencies rather than adding the features we originally planned according to the road map.

  • Genode OS Framework 16.11 Now Available

    Genode OS Framework 16.11 adds support for asynchronous parent-child interactions, improved virtual networking, an improved RPC mechanism, unification and tightening of session labels, new framework APIs, support for smart cards, time-based password generation support, VirtualBox-over-NOVA improvements, and a range of other work.

  • Free Linux Foundation Webinar on Hyperledger: Blockchain Technologies for Business
  • Kubernetes Founders Have Ambitious Plans for Heptio Startup

    Two founders of the Kubernetes project at Google, Craig McLuckie and Joe Beda, recently announced their new company, Heptio. The company has raised an $8.5M series A investment round led by Accel, with participation from Madrona Venture Group. Heptio will bring Kubernetes to enterprises in order to accelerate software development, increase infrastructure efficiency and reduce the complexity of managing software at scale.

    Beda became an entrepreneur-in-residence at Accel Partners in late 2015, and it looks like this startup will have solid funding and lots of experience to work with. The company's concept is that Kubernetes can significantly reduce infrastructure costs and simplify operations at many businesses, but it is too hard to get up and running with the platform.

  • Node.js Moves to a Stable, VM-Neutral Future

    On November 29, 2016 the Node.js Foundation announced a major effort to help further grow and stabilize node.js on different virtual machines (VMs). By enabling node.js to be VM-neutral, the hope is that it can be used by application developers on a wider variety of platforms and devices.

    The Node.js Foundation is a multi-stakeholder effort that was first launched by the Linux Foundation in June 2015 in an effort to help stabilize the fractured node.js community.

Red Hat News

Filed under
Red Hat

Android Leftovers

Filed under
Android

Good News for Jolla (Linux)

Filed under
Linux

Canonical offers direct Docker support to Ubuntu users

Filed under
Ubuntu

Enterprise Ubuntu users running Docker in production now have a new source for Docker support: from Canonical.

Earlier today, Canonical and Docker announced joint support for the commercial edition of Docker Engine on Ubuntu. The pair also will provide updates for Docker on Ubuntu through an application delivery system Canonical originally devised.

Read more

Zorin OS 12 Improves Linux Desktop Access for Windows Users

Filed under
OS

There is a seemingly endless variety of Linux distributions in the marketplace, each attempting to carve out its own unique market niche. Zorin OS is one such flavor — a desktop-focused Linux distribution with the goal of helping Windows and macOS users to make the transition to Linux. Zorin OS 12, its latest milestone release, became generally available Nov. 18. Among the improvements in the new release is the updated Zorin Desktop 2.0, based on the open-source Gnome Shell. The new desktop provides users with redesigned icons and a new look for windows and navigation. A feature of Zorin worth noting is the ability to configure the desktop using Zorin Appearance, a tool that provides configurable options for layout, theme, fonts and panel display. Zorin OS also aims to help make the transition from Windows easier by directly integrating the Wine software compatibility layer, which enables many different types of Windows applications to run natively on Linux. Additionally, the included PlayOnLinux tool provides Zorin OS users with a menu of games, internet and office applications that can be installed easily. This slide show covers some of the key highlights of the Zorin OS 12 release.

Read more

SUSE buys HPE’s OpenStack and Cloud Foundry assets

Filed under
SUSE

SUSE, which probably is best known for its Linux distribution, has long been a quiet but persistent player in the OpenStack ecosystem. Over the last few months, though, the German company has also emerged as one of the stronger competitors in this world, especially now that we are seeing a good bit of consolidation around OpenStack.

Today, SUSE announced that it is acquiring OpenStack and Cloud Foundry (the Platform-as-a-Service to OpenStack’s Infrastructure-as-a-Service) assets and talent from the troubled HPE. This follows HPE’s decision to sell off (or “spin-merge” in HPE’s own language) its software business (including Autonomy, which HP bought for $11 billion, followed by a $9 billion write-off) to Micro Focus. And to bring this full circle: Micro Focus also owns SUSE, and SUSE is now picking up HPE’s OpenStack and Cloud Foundry assets.

Read more

Also: SUSE acquires HPE OpenStack and Cloud Foundry assets

Fedora 25 makes Linux easy enough for anyone to try

Filed under
Red Hat

When I got the heads-up that Red Hat was readying the release of Fedora 25, it caught my attention like any new release of a major Linux distribution would. But I was in for a pleasant surprise when I went to download a copy of the image.

The first thing to know about the new version of Fedora is that you don’t have to download an ISO file and write it to a USB stick. This is an important thing to note, as preparing installation media for Linux is one of the bigger hurdles for newbies. (When I say newbies, I think of my mom trying to download and properly burn a USB image.)

Read more

NVIDIA GTX 680 To GTX 1080 Blender OpenCL Benchmarks

Filed under
Graphics/Benchmarks

For this article are benchmarks of 13 Kepler/Maxwell/Pascal NVIDIA GeForce graphics cards when testing Blender 2.78's OpenCL renderer. Unfortunately, no AMD OpenCL benchmarks for Blender yet -- the current open-source stack doesn't work until ROCm OpenCL support comes into play and the AMDGPU-PRO stack wasn't working for Blender OpenCL but was falling back to CPU rendering.

Read more

Syndicate content

More in Tux Machines

Leftovers: OSS and Sharing

  • Lenovo Cloud Director: Open Source Technologies Are The Glue That Binds The Hybrid Cloud
    Hardware giant Lenovo is banking on a future where both public and private clouds are critical in driving IT innovation, and the glue binding those hybrid environments is mostly open source technologies. Dan Harmon, Lenovo's group director of cloud and software-defined infrastructure, encouraged solution providers attending the NexGen Cloud Conference & Expo on Wednesday to explore opportunities to engage Lenovo as its products stock the next generation of cloud data centers. Both public and private clouds are growing rapidly and will dominate the market by 2020, Harmon told attendees of the conference produced by CRN parent The Channel Company.
  • Cloudera Ratchets Up its Training for Top Open Source Data Solutions
    Recently, we've taken note of the many organizations offering free or low cost Hadoop and Big Data training. MIT and MapR are just a couple of the players making waves in this space. Recently, Cloudera announced a catalog of online, self-paced training classes covering the company's entire portfolio of industry-standard Apache Hadoop and Apache Spark training courses. The courses, according to Cloudera, allow you to learn about the latest big data technologies "in a searchable environment anytime, anywhere." Now, Cloudera has announced an updated lineup of training courses and performance-based certification exams for data analysts, database administrators, and developers. The expanded training offerings address the skills gap around many top open source technologies, such as Apache Impala (incubating), Apache Spark, Apache Kudu, Apache Kafka and Apache Hive.
  • Netflix’s open-source project Hollow, NVIDIA’s deep learning kits for educators, and new IBM Bluemix integrations—SD Times news digest: Dec. 6, 2016
  • Open governance enhances the value of land use policy software
    In December 2015, the COP21 Paris Agreement saw many countries commit to reducing greenhouse gas emissions through initiatives in the land sector. In this context, emissions estimation systems will be key in ensuring these targets are met. Such solutions would not only be capable of assessing past trends but also of supporting target setting, tracking progress and helping to develop scenarios to inform policy decisions.
  • Blender Institute collaborate with Lulzbot in the name of open source
    Blender Institute, a platform for 3D design and animation, are collaborating with Lulzbot 3D printers. This project a continuation of Lulzbot and Blender Institute’s approach to open source and aimed at enhancing collaboration. The Blender Institute in Amsterdam, the Netherlands, is an important figure in the Free and Open Source Software community (FOSS). Providing open source design tool software for 3D movies, games, and visual effects. While Lulzbot, a product line of Aleph Objects take an open source approach to hardware through their 3D printers.
  • Bluetooth 5 Specification Released

Remembering Linux Installfests

Ah, yes. I remember the good old days when you had to be a real man or woman to install Linux, and the first time you tried you ended up saying something like “Help!” or maybe “Mommmmyyyyy!” Really, kids, that’s how it was. Stacks of floppies that took about 7,000 hours to download over your 16 baud connection. Times sure have changed, haven’t they? I remember Caldera advertising that their distribution autodetected 1,500 different monitors. I wrote an article titled “Monitor Number 1501,” because it didn’t detect my monitor. And sound. Getting sound going in Linux took mighty feats of systemic administsationish strength. Mere mortals could not do it. And that’s why we had installfests: so mighty Linux he-men and she-women could come down from the top of Slackware Mountain or the Red Hat Volcano and share their godlike wisdom with us. We gladly packed up our computers and took them to the installfest location (often at a college, since many Linux-skilled people were collegians) and walked away with Linuxized computers. Praise be! Read more

What New Is Going To Be In Ubuntu 17.04 'Zesty Zapus'

Right on the heels of Ubuntu 16.10 'Yakkety Yak' is Ubuntu 17.04 Zesty Zapus. Ubuntu 17.04 is currently scheduled for release on April 13, 2017 but know that this is only an estimate. One thing to know is that all things being equal, it is going to be released in April 2017. Ubuntu Zesty Zapus will be supported for only 9 months until January 2018 as it is not a LTS (long term support) release. Read
more

Security News

  • News in brief: DirtyCOW patched for Android; naked lack of security; South Korea hacked
  • Millions exposed to malvertising that hid attack code in banner pixels
    Researchers from antivirus provider Eset said "Stegano," as they've dubbed the campaign, dates back to 2014. Beginning in early October, its unusually stealthy operators scored a major coup by getting the ads displayed on a variety of unnamed reputable news sites, each with millions of daily visitors. Borrowing from the word steganography—the practice of concealing secret messages inside a larger document that dates back to at least 440 BC—Stegano hides parts of its malicious code in parameters controlling the transparency of pixels used to display banner ads. While the attack code alters the tone or color of the images, the changes are almost invisible to the untrained eye.
  • Backdoor accounts found in 80 Sony IP security camera models
    Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price. One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday.
  • I'm giving up on PGP
    After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It's about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.