Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 23 Jul 16 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Security News Roy Schestowitz 18/07/2016 - 8:11am
Story Intel's SGX tiptoes towards Linux Roy Schestowitz 18/07/2016 - 7:35am
Story Today in Techrights Roy Schestowitz 17/07/2016 - 10:58pm
Story today's leftovers Roy Schestowitz 17/07/2016 - 10:19pm
Story Security News Roy Schestowitz 17/07/2016 - 10:18pm
Story Android Leftovers Roy Schestowitz 17/07/2016 - 10:17pm
Story Debian News Roy Schestowitz 17/07/2016 - 10:16pm
Story Red Hat News Roy Schestowitz 17/07/2016 - 10:15pm
Story today's howtos Roy Schestowitz 17/07/2016 - 10:11pm
Story Nautilus Development Roy Schestowitz 17/07/2016 - 10:05pm

Security News

Filed under
Security
  • New Report Shows Healthy Growth in Open Source Usage, but Security is Not Locked Down
  • Tuesday's security advisories
  • Security staff should talk to end users more

    IT security departments need to improve their relationships with their users by going out and talking to them, Red Hat's security strategist Josh Pressers has advised.

    Pressers warned that in order to stop the spread of 'shadow IT' within the enterprise, security professionals need to make a bigger effort to understand staff in other departments, warning that "we don't listen very well".

    Shadow IT has become an increasing problem for corporate IT managers, as employees use non-approved tools and technologies at work, rather than the systems provided by the in-house team.

  • Every version of Windows hit by "critical" security flaw [Ed: Microsoft Zack (Zack Whittaker, formerly Microsoft UK) on the latest back/bug door in Windows]

    Microsoft has patched a security vulnerability found in every supported version of Windows, which if exploited could allow an attacker to take over a system.

    The software giant said in a bulletin posted Tuesday as part of its monthly release of security fixes that the the "critical" flaw could let an attacker remotely install malware, which can be used to modify or delete data, or create new accounts with full user rights.

    The "critical"-rated flaw affects Windows Vista and later -- including Windows Server 2008 and later.

    Those who are logged in as an administrator, such as some home accounts and server users, are at the greatest risk.

KDE Applications 16.04.3 Is the Last in the Series, Out Now for KDE Plasma 5.7.1

Filed under
KDE
Software

After announcing the availability of the first maintenance update for the KDE Plasma 5.7 desktop environment, KDE also released today the third and last point release for the KDE Applications 16.04 software suite.

KDE Applications 16.04.3 is here to fix twenty more bugs reported by users since last month's KDE Applications 16.04.2 point release, bringing improvements to various KDE applications that are usually shipped by default with any new installation of the KDE Plasma 5 desktop environment.

Read more

Android Leftovers

Filed under
Android

Shipping Rust in Firefox

Filed under
Moz/FF
  • Shipping Rust in Firefox

    It’s hard to believe it’s been almost seven years since Mozilla Research first began sponsoring the development of Rust, at the time little more than an ambitious research experiment with a small but devoted community. Remarkably, despite a long history of inventions and discoveries, Rust’s key principles have remained constant. The Rust core team’s original vision—a safe alternative to C++ to make systems programmers more productive, mission-critical software less prone to memory exploits, and parallel algorithms more tractable—has been central to Mozilla’s interest in backing the Rust project and, ultimately, using Rust in production.

  • Firefox 48 Will Take The First Rust Code Into Production

    Mozilla will be taking their first Rust programming language code into production with Firefox 48.

    Beyond the Servo/Browser.html tech preview that's now shipping nightly, another goal of Mozilla developers for 2016 has been to ship at least one Servo/Rust component within the Gecko engine / Firefox. With Firefox 48, they are stepping along on that crusade with shipping their first Rust production code.

More NVIDIA CUDA Benchmarks With Blender Cycles Engine

Filed under
Graphics/Benchmarks

For those interested in Blender Cycles performance on NVIDIA hardware with CUDA, these latest benchmarks have GeForce GTX 900/700/600 series data points. The GTX 1000 Pascal numbers were left out of this later testing since as yesterday's numbers show Blender or somewhere in the software stack are some performance issues... See yesterday's articles for that data.

Read more

Linux Mint 18 Cinnamon: pity, pity, pity

Filed under
Linux
Reviews

I could say that Linux Mint 18 Cinnamon is a nice and easy distribution everyone can use... I could, if there was not the issue with multimedia codecs. That spoon of tar spoiled the whole barrel of honey. The error with the installation of multimedia codecs well may be a result of my running Linux Mint 18 Cinnamon in Live mode. But that error was not there before, in previous Live versions of Linux Mint, mainly because all necessary codecs were already pre-installed. The Linux Mint team introduced the error by changing the way codecs are distributed.

Read more

5 Best GNOME Shell Extensions for Ubuntu

Filed under
GNOME

Over the past fortnight we asked you to nominate your top extensions for the GNOME desktop. And you did just that. Having now sifted through the hundreds of entries, we’re ready to reveal your favourite GNOME Shell extensions.

Read more

KDE Plasma 5.7.1 Improves Microphone Volume Actions, Adds Plasma Workspace Fixes

Filed under
KDE

Today, July 12, 2016, the KDE project has announced the general availability of the first point release for the KDE Plasma 5.7 desktop environment, bringing multiple fixes and improvements.

The KDE Plasma 5.7 release is the most advanced version of the acclaimed desktop environment used by many GNU/Linux operating systems by default for their users, but this doesn't mean that it's perfect, and bug reports are submitted every single day.

Read more

Leftovers: Gaming

Filed under
Gaming

Comparing the DevOps and Open Source Movements

Filed under
OSS

DevOps has emerged as one of the next big things in the channel. But in many ways, the DevOps story is a replay of the history of open source software over the past several years. Here's what the DevOps and open source movements have in common.

The term DevOps refers to new methods of developing, delivering and deploying software. It prioritizes modularity, collaboration and continuity across all parts of the development process.

Read more

Also: Open Source Ansible Community Will Converge at AnsibleFest in San Francisco on July 28

today's leftovers

Filed under
Misc

Leftovers: OSS and Sharing

Filed under
OSS
  • An Introduction to Iridium, an Open Source Selenium and Cucumber Testing Tool

    Today I would like to introduce Iridium, an open source web testing tool built around Cucumber and Selenium and designed to make automated testing of web sites easy and accessible.

  • Commission Wants to Throw Out VistA (Again)

    A VistA commission report can be found here. Its text and conclusion are of the 'seen it before' variety multiple times in VistA's long history. Maybe the bureaucrats will finally succeed this time at murdering VistA after so many past attempts.

  • LLVM 3.8.1 Release

    LLVM 3.8.1 is now available! Download it now, or read the release notes.

  • LLVM 3.8.1 Released
  • Beware of Contradictory “Support”

    There are organizations that proclaim support for free software or the GNU Project, and teach classes in use of nonfree software.

    It's possible that they do some other things that really support free software, but those classes certainly don't. On the contrary, they work directly against the free software movement by promoting the use of the nonfree software. That increases the magnitude of the practical problem it is our mission to correct.

    Even worse, that grants nonfree software legitimacy. The basic point of the free software movement is that nonfree software is unjust and should not exist. That's why we need a movement to replace and eliminate it. Teaching how to use it asserts that it isn't a problem; that opposes the free software movement at the deepest level.

  • New release of the CEF Dashboard

    The Connecting Europe Facility (CEF) provides EUR 870 million for the creation of cross-border digital services in Europe, largely through the CEF building block Digital Service Infrastructure (DSI) (eDelivery, eID, eSignature, eTranslation and eInvoicing). Cross-border digital services are a fundamental aspect of the Digital Single Market, which aims to overcome digital barriers, with a projected value of EUR 415 billion to the European economy.

  • Luxembourg adopts the CIMF

    In May, the Government of Luxembourg became the first EU Member State to adopt the CIMF, a framework for Corporate Information Management tailored for the European Public Sector.

  • 10 Reasons Why You Should Learn Java Programming Language

    Why one should learn Java programming language? The answer to this question comprises of multiple reasons like its popularity, ease-to-learn nature, helpful open source tools and libraries etc. Gaining expertise in Java ensures a secure career with fat paychecks and the power to create applications with real-world applications.

Leftovers: Debian

Filed under
Debian

Security Leftovers

Filed under
Security
  • CISSP certification: Are multiple choice tests the best way to hire infosec pros?

    Want a job in infosec? Your first task: hacking your way through what many call the "HR firewall" by adding a CISSP certification to your resume.

    Job listings for security roles often list the CISSP (Certified Information Systems Security Professional) or other cybersecurity certifications, such as those offered by SANS, CompTIA, and Cisco, as a requirement. This is especially true in the enterprise space, including banks, insurance companies, and FTSE 100 corporations. But at a time when the demand for good infosec people sees companies outbidding each other to hire top talent, and ominous studies warn of a looming cybersecurity skills shortage, experts are questioning whether certifications based on multiple choice tests are really the best way to recruit the right people.

  • Pokémon Go on iOS gives full access to Google accounts

    Signing into Pokémon Go on iOS with a Google account gives the game full access to that account, according to a systems architect, Adam Reeve.

    The Android version of the game apparently does not have these issues.

    Reeve said that the security situation was not the same for all iOS users.

    Pokémon Go was released last week and has been a huge hit. It is the latest in a series of games from Nintendo but is made by a developer named Niantic, which is part owned by Google.

  • Pokémon Go shouldn’t have full access to your Gmail, Docs and Google account — but it does

    When you use Google to sign into Pokémon Go, as so many of you have already, the popular game for some reason grants itself (for some iOS users, anyway) the highest possible level of access to your Google account, meaning it can read your email, location history… pretty much everything. Why does it need this, and why aren’t users told?

  • Have you given Pokémon Go full access to everything in your Google account?

    Gamers who have downloaded the Pokémon Go augmented reality game were given a scare on Monday, after noticing that the app had apparently been granted “full access” to their Google accounts.

    Taken at face value, the permissions would have represented a major security vulnerability, albeit one that only appeared to affect players who signed up to play the game using their Google account on Apple devices.

  • Pokémon Go Was Never Able To Read Your Email [Updated]

    Here’s even more confirmation that Pokémon Go never had the ability to access your Gmail or Calendar. A product security developer at Slack tested the token provided by Pokémon Go and found that it was never able to get data from services like Gmail or Calendar.

  • HTTPS is not a magic bullet for Web security

    We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.

    HTTPS has been around nearly as long as the Web, but it has been primarily used by sites that handle money—your bank's website, shopping carts, social networks, and webmail services like Gmail. But these days Google, Mozilla, the EFF, and others want every website to adopt HTTPS. The push for HTTPS everywhere is about to get a big boost from Mozilla and Google when both companies' Web browsers begin to actively call out sites that still use HTTP.

  • Now it’s easy to see if leaked passwords work on other sites

    Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other popular sites.

  • What serverless computing really means [iophk: "securityless"]

    Arimura even goes as far as to use the controversial “no-ops,” coined by former Netflix cloud architect Adrain Cockcroft. Again, just as there will always be servers, there will always be ops to run them. Again, no-ops and serverless computing take the developer’s point of view: Someone else has to worry about that stuff, but not me while I create software.

  • An open letter to security researchers and practitioners

    Earlier this month, the World Wide Web Consortium's Encrypted Media
    Extensions (EME) spec progressed to Draft Recommendation phase. This is
    a controversial standard for transmitting DRM-encumbered videos, and it
    marks the very first time that the W3C has attempted to standardize a
    DRM system.

    This means that for the first time, W3C standards for browsers will fall
    under laws like the DMCA (and its international equivalents, which the
    US Trade Representative has spread all over the world). These laws allow
    companies to threaten security researchers who disclose vulnerabilities
    in DRM systems, on the grounds that these disclosures make it easier to
    figure out how to bypass the DRM.

    Last summer, the Copyright Office heard from security researchers about
    the effect that DRM has on their work; those filings detail showstopper
    bugs in consumer devices, cars, agricultural equipment, medical
    implants, and voting machines that researchers felt they couldn't
    readily publish about, lest they face punitive lawsuits from the
    companies they embarrassed.

Fedora: The Latest

Filed under
Red Hat
  • Event report: Fedora 24 release party Pune

    Last Saturday we had the Fedora 24 release party in Pune. This was actually done along with our regular Fedora meetup, and in the same location. We had a few new faces this time. But most of the regular attendees attended the meetup.

  • Hosting your own Fedora Test Day

    Many important packages and software are developed for Fedora every day. One of the most important parts of software development is quality assurance, or testing. For important software collections in Fedora, there are sometimes concentrated testing efforts for pulling large groups of people in who might not always help test. Organizing a Fedora Test Day is a great way to help expose your project and bring more testers to trialing a new update before it goes live.

  • Farewell Pharlap

    Korora "was born out of a desire to make Linux easier for new users" and one way of achieving that aim was the development of Pharlap, a tool for the simple installation of third party drivers. However times change and sadly it is time to say goodbye to Pharlap which will not be included in Korora 24.

    This decision was not taken lightly and there are many reasons behind the move.

  • Creating a reproducible build system for Docker images

    As the population of DevOps practitioners grows greater in size, so does the Linux container userbase, as these often go hand in hand. In the world of Linux container implementations, Docker is certainly the most popular for server-side application deployments as of this writing. Docker is a powerful tool that provides a standard build workflow, an imaging format, a distribution mechanism, and a runtime. These attributes have made it a very attractive for developer and operations teams alike as it helps lower the barrier between these groups and establishes common ground.

Android Leftovers

Filed under
Android
  • Alphabet (GOOGL) Announces Free Android Training In India As It Retakes Smartphone Lead

    Alphabet (NASDAQ: GOOGL) announced that it would begin training 2 million developers in India on Android as the company tries to take market share from the iOS ecosystem. The free Android Skilling program will be introduced across public and private universities, training schools and the government’s National Skills Development Corporation of India. India is expected to have the largest developer population with 4 million people by 2018, overtaking the U.S.

  • Google aims to train two million Indian Android devs by 2018

    Google will train two million Android developers across India over the next three years.

    Mountain View will provide complete training in its Android operating system under a new program that is paired with the Modi Government's "Skill India" program.

    The course kicks off with Android Developer Fundamentals available in universities and the National Skills Development Corporation of India.

  • Google to train 2 million Indian Android developers

    Google has announced its new “Android Fundamentals” training program, which aims to train and certify up to two million Android developers in India. An Android Fundamentals training course, soon to be available online and at schools country-wide, is focused on training, testing and certifying Android developers to prepare students for careers using Android technology.

  • Samsung Galaxy Note 7 leaks in three new pics

    Earlier today, it was reported that the Samsung Galaxy Note 7 might be the most expensive product in the productivity-purposed phablet line so far, starting at roughly $910 in Europe. It seems that was not to be the only leak of the day however, as three images have surfaced via Steve Hemmerstoffer of nowhereelse.fr who has Tweeted no less than three different images of Samsung’s up and coming creation. Here is the first:

  • Android Nougat may contain traces of NOT for users of custom CAs

    Google will sweeten the forthcoming Nougat release of Android by changing the way apps work with certificate authorities (CAs) and simplifying APIs.

    The changes will affect only some apps and users, Android security team software engineer Chad Brubaker says .

    The changes mean Google will not automatically trust user-selected CAs. Instead, all Android devices running Nougat and later versions of Android will run a standard set of Google-trusted AOSP certificate authorities, forcing some developers to change their apps if non-trusted certificate authorities are needed.

  • First Nokia Android Device, P1 Rumoured To Have 3GB RAM, HD Display

    If you have used Nokia, you will remember the rugged Nokia 3310 and other smartphones that could break a wall and still survive. Nokia is back to making smartphones but Android operating system.

  • How to live stream Android games to YouTube and Twitch

    Watching people play live video games from anywhere in the world has become a surprisingly huge phenomenon in recent years. Twitch is now a game-streaming juggernaut while YouTube has embraced gaming and live streaming in a big way, and seemingly everyday people have become well-paid Internet personalities because they play video games and chat.

  • Six Points on The Samsung Galaxy Note 7: AKA The Best Android Phone of 2016

Anki Cozmo: AI toy robot gets open-source SDK for programming, hacking

Filed under
Hardware
OSS

Bodhi 4.0.0 Time Line, First Woman Debian TC

Filed under
-s

The top story today in Linux news is the controversy following the removal of Nano from the GNU umbrella. Original maintainer Christian Allegretta had to address the resulting rumors that threaten the community. Elsewhere, Jeff Hoogland posted an updated time line for Bodhi 4.0 and the Debian project welcomes its first woman Technical Committee member. Linus is on the hot seat again after losing his patience over commenting style and the Korora project is dropping their driver manager Pharlap.

Read more

Syndicate content

More in Tux Machines

Leftovers: Software

Emulation or WINE

Fedora: The Latest

  • New "remi-php71" repository
  • PHP on the road to the 7.1.0 release
  • First round of Fedora 24 Updated Lives now available. (torrents expected later this week)
    As noted by my colleague on his blog the first round of F24 Updated Lives are now available and carry the date 20160720, Also as mentioned last week on his blog F23 Respins are not going to be actively made, however we and the rest of the volunteer team will field off-off requests as time and resources permit. We are considering a new/second tracker for the Updated Spins but as of today there are only .ISO files available at https://alt.fedoraproject.org/pub/alt/live-respins [shortlink] F24 Live-Respins . The F24 respins carry the 4.6.4-200 Kernel and roughly ~500M of updates since the Gold ISOs were released just 5 weeks ago. (some ISOs have more updates, some less)

Leftovers: Ubuntu

  • Snappy Packaging Happenings In The Fedora, Arch Space
    This week Canonical hosted a Snappy Sprint in Heidelberg, Germany where they worked to further their new package management solution originally spearheaded for Ubuntu Touch. This wasn't an Ubuntu-only event, but Canonical did invite other distribution stakeholders. Coming out of this week's event were at least positive moments to share for both Arch and Fedora developers. The Arch snaps package guy made progress on snap confinement on Arch. Currently when using Snaps on Arch, there isn't any confinement support, which defeats some of the purpose. There isn't any confinement support since it relies upon some functionality in the Ubuntu-patched AppArmor with that code not yet being mainlined. Arch's Timothy Redaelli has got those AppArmor patches now running via some AUR packages. Thus it's possible to get snap confinement working on Arch, but it's not yet too pleasant of an experience.
  • PhantomJS 2.1.1 in Ubuntu different from upstream
    At the moment of this writing Vitaly's qtwebkit fork is 28 commits ahead and 39 commits behind qt:dev. I'm surprised Ubuntu's PhantomJS even works.
  • Ubuntu 16.04.1 LTS released
    Ubuntu 16.04 is a LTS version of Ubuntu.Now Ubuntu team has announced the release of it's first point release,Ubuntu 16.04.1.This first point release includes many updates containing bug fixes and fixing security issues as well and as always what most of users want from a distribution and most of distributions tries to perform,Stability.This release is also well focoused on stabilty as Ubuntu 16.04.