Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 16 Dec 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Oh no, Keith Knudsen Passes On srlinuxx 10/04/2005 - 11:55pm
Story M$ Antitrust Settlement May Not Foster Competition srlinuxx 10/04/2005 - 11:57pm
Blog entry 2-10-05 Texstar 11/04/2005 - 3:13am
Story Firefox to Blame for Increased Attacks on M$ srlinuxx 11/04/2005 - 3:14am
Story Arthur Miller Dies at 89 srlinuxx 11/04/2005 - 3:14am
Story Desktop Summit Proves Linux Interest on the Rise srlinuxx 11/04/2005 - 3:14am
Story KDE 3.4beta2 revisited srlinuxx 11/04/2005 - 6:27am
Story Script Kiddie Gets Probation srlinuxx 11/04/2005 - 3:15am
Story Suicide Pact in Yahoo Chat Rooms srlinuxx 11/04/2005 - 3:16am
Story LokiTorrent Ordered to Pay Million Bucks srlinuxx 11/04/2005 - 3:16am

Security: VLC Bug Bounty, Avast Tools, Intel ME

Filed under
Security
  • European Commission Kicks Off Open-Source Bug Bounty

    The European Commission has announced its first-ever bug bounty program, and is calling on hackers to find vulnerabilities in VLC, a popular open-source multimedia player loaded on every workstation at the Commission.

    The program has kicked off with a three-week, invitation-only session, after which it will be open to the public. Rewards include a minimum of $2,000 for critical severity bugs, especially remote code execution.

    High severity bugs such as code execution without user intervention, will start at $750. Medium severity bugs will start at a minimum of $300; these include code execution with user intervention, high-impact crashes and infinite loops. Low-severity bugs, like information leaks, crashes and the like, will pay out starting at $100.

  • Avast launches open-source decompiler for machine code

    Keeping up with the latest malware and virus threats is a daunting task, even for industry professionals. Any device connected to the Internet is a target for being infected and abused. In order to stop attacks from happening, there needs to be an understanding of how they work so that a prevention method can be developed.

    To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS.

  • Avast makes 'RetDec' machine-code decompiler open source on GitHub

    Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.

  • The Intel ME vulnerabilities are a big deal for some people, harmless for most

    (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)

    I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and it's not absolutely the worst case scenario but it's still pretty bad. The short version is that one of the (signed) pieces of early bringup code for the ME reads an unsigned file from flash and parses it. Providing a malformed file could result in a buffer overflow, and a moderately complicated exploit chain could be built that allowed the ME's exploit mitigation features to be bypassed, resulting in arbitrary code execution on the ME.

    Getting this file into flash in the first place is the difficult bit. The ME region shouldn't be writable at OS runtime, so the most practical way for an attacker to achieve this is to physically disassemble the machine and directly reprogram it. The AMT management interface may provide a vector for a remote attacker to achieve this - for this to be possible, AMT must be enabled and provisioned and the attacker must have valid credentials[1]. Most systems don't have provisioned AMT, so most users don't have to worry about this.

Firefox Focus Adds Quick Access Without Sacrificing Users’ Privacy

Filed under
Moz/FF

It’s been a little over a year since we launched Firefox Focus. We’ve had tremendous success since then, we launched in 27+ languages, launched on Android, and hit over 1 million downloads on Android within the first month of launch.

Today, we’re introducing a new feature: quicker access to your most visited sites, as well as the ability to add any search engine to your Focus app. They were the most requested items from our users and are aligned with our goals on what makes Focus so great.

We know our users want choice and miss the convenience of having their favorite websites and search engines at their fingertips, but they don’t want to sacrifice their privacy. Since the moment we’ve built Focus, our goal has been to get our users quickly to the information and sites all while keeping their data safe from unwanted targeting.

Read more

The Best Linux Laptop (2017-2018): A Buyer’s Guide with Picks from an RHCE

Filed under
Linux

If you don’t posses the right knowledge & the experience, then finding the best Linux laptop can be a daunting task. And thus you can easily end-up with something that looks great, features great performance, but struggles to cope with ‘Linux’, shame! So, as a RedHat Certified Engineer, the author & the webmaster of this blog, and as a ‘Linux’ user with 14+ years of experience, I used all my knowledge to recommend to you a couple of laptops that I personally guarantee will let you run ‘Linux’ with ease. After 20+ hours of research (carefully looking through the hardware details & reading user feedback) I chose Dell XP S9360-3591-SLV, at the top of the line. If you want a laptop that’s equipped with modern features & excellent performance that ‘just works’ with Linux, then this is your best pick.

It’s well built (aluminium chassis), lightweight (2.7 lb), features powerful hardware, long battery life, includes an excellent 13.3 inch Gorilla Glass touchscreen with 3200×1800 QHD resolution which should give you excellently sharp images without making anything too small & difficult to read, a good & roomy track-pad (earlier versions had a few issues with it, but now they seem to be gone) with rubber-like palm rest area and a good keyboard (the key travel is not deep, but it’s a very think laptop so…) with Backlit, two USB 3.0 ports. Most importantly, two of the most common elements of a laptop that can give ‘Linux’ user a headache, the wireless adapter & the GPU (yes the Intel HD Graphics 620 can play 4K videos at 60fps), they are both super compatible with ‘Linux’ on this Dell.

Read more

FreeNAS 11.1 Provides Greater Performance and Cloud Integration

Filed under
BSD

The FreeNAS Development Team is excited and proud to present FreeNAS 11.1! FreeNAS 11.1 adds cloud integration, OpenZFS performance improvements, including the ability to prioritize resilvering operations, and preliminary Docker support to the world’s most popular software-defined storage operating system. This release includes an updated preview of the beta version of the new administrator graphical user interface, including the ability to select display themes. This post provides a brief overview of the new features.

The base operating system has been updated to the STABLE version of FreeBSD 11.1, which adds new features, updated drivers, and the latest security fixes. Support for Intel® Xeon® Scalable Family processors, AMD Ryzen processors, and HBA 9400-91 has been added.

Read more

Also: FreeNAS 11.1 Rolls Out With Better OpenZFS Performance, Docker Support

New Open Source Tools Test for VPN Leaks

Filed under
OSS

ExpressVPN on Tuesday launched a suite of open source tools that let users test for vulnerabilities that can compromise privacy and security in virtual private networks.

Released under an open source MIT License, they are the first-ever public tools to allow automated testing for leaks on VPNs, the company said. The tools are written primarily in Python, and available for download on Github.

Originally used to conduct automated regression testing on ExpressVPN's own software, the tools allow users to check VPNs that might not be providing complete protection to users, said Harold Li, vice president at ExpressVPN.

Read more

Debian 9 Complete Screenshot Tour

Filed under
Linux

The world’s most stable upstream Linux distro has just announced a point upgrade on its latest Debian 9 Stretch release. The latest version is 9.3, it comes with many corrections and improvements on the security front as well as some adjustments to cater for some other serious issues. The point release is not a new version of Debian 9 but only updates are added, so users do not need to throw away the old installation media as users can easily upgrade to an up-to-date system using an updated mirror.

Read<br />
more

6 open source home automation tools

Filed under
OSS

The Internet of Things isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016. In 2017, 26.5% of U.S. households already had some type of smart home technology in use; within five years that percentage is expected to double.

With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal.

Read more

Debian-Based Q4OS Linux Distro to Get a New Look with Debonaire Desktop Theme

Filed under
Debian

Q4OS is a small GNU/Linux distribution based on the latest Debian GNU/Linux operating system and built around the Trinity Desktop Environment (TDE). It's explicitly designed to make the Microsoft Windows to Linux transition accessible and more straightforward as possible for anyone.

Dubbed Debonaire, the new desktop theme uses dark-ish elements for the window titlebar and panel. Somehow it resembles the look and feels of the acclaimed Arc GTK+ theme, and it makes the Q4OS operating system more modern than the standard look offered by the Trinity Desktop Environment.

Read more

today's leftovers

Filed under
Misc

Software: GIMP, VLC, Cryptsetup, Caprine, KWin and NetworkManager

Filed under
Software
  • GIMP 2.9.8 Open-Source Image Editor Released with On-Canvas Gradient Editing

    GIMP 2.9.8, a development version towards the major GIMP 2.10 release, was announced by developer Alexandre Prokoudine for all supported platforms, including Linux, Mac, and Windows.

  • GIMP 2.9.8 Released

    Newly released GIMP 2.9.8 introduces on-canvas gradient editing and various enhancements while focusing on bugfixing and stability. For a complete list of changes please see NEWS.

  • It Looks Like VLC 3.0 Will Finally Be Released Soon

    VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon.

    Thanks to Phoronix reader Fran for pointing out that VLC 3.0 release candidates have begun to not much attention. VLC 3.0 RC1 was tagged at the end of November and then on Tuesday marked VLC 3.0 RC2 being tagged, but without any official release announcements.

  • cryptsetup 2.0.0
  • Cryptsetup 2.0 Released With LUKS2 Format Support

    A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes.

    Cryptsetup 2.0.0 is notable in that it introduces support for the new on-disk LUKS2 format but still retaining support for LUKS(1). The LUKS2 format is security hardened to a greater extent, more extensible than LUKS, supports in-place upgrading from LUKS, and other changes.

  • Caprine – An Unofficial Elegant Facebook Messenger Desktop App

    There is no doubt Facebook is one of the most popular and dynamic social network platform in the modern Internet era. It has revolutionized technology, social networking, and the future of how we live and interact. With Facebook, We can connect, communicate with one another, instantly share our memories, photos, files and even money to anyone, anywhere in the world. Even though Facebook has its own official messenger, some tech enthusiasts and developers are developing alternative and feature-rich apps to communicate with your buddies. The one we are going to discuss today is Caprine. It is a free, elegant, open source, and unofficial Facebook messenger desktop app built with Electron framework.

  • KWin On Wayland Without X11 Support Can Startup So Fast It Causes Problems

    It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems.

    Without XWayland for providing legacy X11 support to KDE Wayland clients, the KWin compositor fires up so fast that it can cause a crash in their Wayland integration as KWin's internal connection isn't even established... Yep, Wayland compositors are much leaner and cleaner than the aging X Server code-base that dates back 30+ years, granted most of the XWayland code is much newer than that.

  • NetworkManager Picks Up Support For Intel's IWD WiFi Daemon & Meson Build System

    NetworkManager now has support for Intel's lean "IWD" WiFi daemon.

    IWD is a lightweight daemon for managing WiFi devices via a D-Bus interface and has been in development since 2013 (but was only made public in 2016) and just depends upon GCC / Glibc / ELL (Embedded Linux Library).

Linux Foundation: Servers, Kubernetes and OpenContrail

Filed under
Server
  • Many cloud-native hands try to make light work of Kubernetes

    The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last week’s KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes — the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get.

    This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. “You kind of have to,” said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North America & Europe 2017. “These problems are really hard.”

  • Leveraging NFV and SDN for network slicing

    Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.

  • Juniper moves OpenContrail's SDN codebase to Linux Foundation

    Juniper Networks has announced its intent to move the codebase for OpenContrail, an open-source network virtualisation platform for the cloud, to the Linux Foundation. OpenContrail provides both software-defined networking (SDN) and security features and has been deployed by various organisations, including cloud providers, telecom operators and enterprises to simplify operational complexities and automate workload management across diverse cloud environments.

  • Juniper moves OpenContrail’s codebase to Linux Foundation, advances cloud approach

    Juniper Networks plans to move the codebase for its OpenContrail open-source network virtualization platform for the cloud to the Linux Foundation, broadening its efforts to drive more software innovations into the broader IT and service provider community.

    The vendor is hardly a novice in developing open source platforms. In 2013, Juniper released its Contrail products as open sourced and built a user and developer community around the project. To drive its next growth phase, Juniper expanded the project’s governance, creating an even more open, community-led effort.

  • 3 Essential Questions to Ask at Your Next Tech Interview

    The annual Open Source Jobs Report from Dice and The Linux Foundation reveals a lot about prospects for open source professionals and hiring activity in the year ahead. In this year’s report, 86 percent of tech professionals said that knowing open source has advanced their careers. Yet what happens with all that experience when it comes time for advancing within their own organization or applying for a new roles elsewhere?

Red Hat and Fedora News

Filed under
Red Hat
  • Red Hat Adds Common Criteria Security Certification for Red Hat Enterprise Linux

    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1, the world’s leading enterprise Linux platform, has achieved an additional Common Criteria Certification. Enhancing the existing Evaluation Assurance Level 4+ certification announced in October 2016, this certification was under the General-Purpose Operating System Protection Profile (OSPP) 3.9. Red Hat Enterprise Linux was the first operating system to be Common Criteria-certified with Linux Container Framework Support, underscoring Red Hat’s commitment to delivering hardened and more secure IT innovations like Linux containers.

  • ASX Upgrades Its Technical Architecture to Improve Requirements for Business Productivity with JBoss Middleware
  • Fedora 25 Linux Operating System Reached End of Life, Upgrade to Fedora 27

    As of December 12, 2017, the Fedora 25 Linux operating system is no longer supported and it won't receive further updates or security patches as it reached end of life.

    Fedora 25 Linux was released last year on November 22, and will be remembered as the first release of the GNU/Linux distribution to adopt the next-generation Wayland display server by default for its Workstation edition using the acclaimed GNOME desktop environment.

    Fedora Project usually provides updates for each Fedora Linux release until a month after the second succeeding version of the operating system is released. Fedora 25 received thirteen months of support, and now that Fedora 27 Linux is out as of November 14, 2017, users need to upgrade.

  • Server Edition of Fedora 27 Linux Is Finally Here, but It Lacks Modularity

    Three weeks after the launch of the Fedora 27 Linux operating system, the Fedora Project announced the release of Fedora 27 Server edition, but it's not what you might have expected.

OSS Leftovers

Filed under
OSS

Openwashing and FUD

Filed under
OSS

Cryptography in Ubuntu 16.04 and GTK2 Demotion

Filed under
GNOME
Security
Ubuntu
  • Canonical Announces Certified FIPS 140-2 Cryptographic Packages for Ubuntu 16.04

    Canonical announced on Wednesday the availability of officially certified FIPS 140-2 cryptographic packages for the long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series through its Cryptographic Module Validation Program.

    Level 1 FIPS 140-2 cryptographic packages can now be purchased for your Ubuntu 16.04 LTS operating system through Canonical's Ubuntu Advantage service or as a separate, standalone product. Ubuntu Advantage subscribers can already find the FIPS-compliant modules in the Ubuntu Advantage private archive if they use Ubuntu 16.04 LTS (Xenial Xerus) on their PCs.

  • GTK2 demotion
  • Ubuntu Developers Working Towards The Eventual Demotion Of GTK2

    Not only are Ubuntu developers working towards demoting Python 2 on their Linux distribution but they are also working on being able to demote the GTK2 tool-kit from the main archive to universe followed by its eventual removal in the future.

    Matthias Klose is hoping to organize more work towards this slow demotion process of GTK2 and ideally to get some of the issues cleared up ahead of the Ubuntu 18.04 Long-Term Support release in April.

SparkyLinux Operating System Launches for Raspberry Pi, Based on Debian Stretch

Filed under
Debian

SparkyLinux developers have released the SparkyLinux 4.7 operating system for ARMhf hardware architectures supported on Raspberry Pi single-board computers.

This is the first release of the Debian-based SparkyLinux operating system to come to the tiny Raspberry Pi SBCs, most probably supporting both Raspberry Pi 2 and Raspberry Pi 3 single-board computers. The ARMhf port of SparkyLinux was in development for the last couple of months.

Based on the latest Debian GNU/Linux 9 "Stretch" operating system, SparkyLinux 4.7 for ARMhf includes all the Raspberry Pi scripts and packages, and it's distributed in two flavors, a graphical version using the lightweight Openbox window manager and a text-based Lite edition that lets you customize the OS as you see fit.

Read more

Graphics: Radeon and Vulkan2

Filed under
Graphics/Benchmarks
  • Radeon Overlay Is Similar To A Feature Mesa Offered For Years

    With yesterday's release of the Radeon Software Adrenalin driver for Windows, it actually picks up a feature that is roughly similar to something the open-source Radeon driver stack - and all of the Mesa's Gallium3D drivers for that matter - have offered for years.

  • Radeon GPU Profiler Updated For Better Profiling Of Vulkan Games

    Following yesterday's excitement around the Radeon Software Adrenalin Driver as well as word of AMD open-sourcing their Linux driver and making other Linux driver changes, AMD's GPUOpen team has announced the release of a new version of Radeon GPU Profiler.

  • Qualcomm Mentions "Vulkan2" & What I Would Suspect Of "Vulkan 2.0"

    During last week's Snapdragon Technology Summit, a few references to "Vulkan2" were dropped... Well, here's the official comment from Khronos on that as well as my thoughts on this hypothetical next version of Vulkan.

    Several Phoronix readers have pointed out (e.g.) references to "Vulkan2" in the context of the new Snapdragon 845 SoC announced at this year's Snapdragon Technology Summit. The Snapdragon 845 with Adreno 630 does mention "Vulkan2" support.

Games: Finding Paradise, ARK: Survival Evolved, Party Panic, LandTraveller, Xenomarine

Filed under
Gaming
Syndicate content

More in Tux Machines

Devices: Fairwaves, FriendlyElec, Ataribox and Tizen

  • Low-cost embeddable SDR occupies a mini-PCIe card
    The Fairwaves “XTRX” mini-PCIe SDR card is a low-cost embeddable SDR card aimed at high data rate apps including 4G/5G and “massive” MIMO. Fairwaves Inc.’s “XTRX” SDR mini-PCIe card, which launched on Nov. 30 at Crowd Supply, has earned more than 80 percent of its funding goal with one month remaining. The company claims the full sized mini-PCIe XTRX card (30 x 51mm) is the smallest commercially available SDR card. For comparison, the USB-interfaced LimeSDR Mini and RTL-SDR boards measure 69 x 31.4mm and 40 x 60mm, respectively.
  • Tiny quad-core Linux SBCs slim down and get an RPi-like carrier
    FriendlyElec has unveiled COM-like variants of its tiny, low-cost quad-core, Allwinner H3- and H5-based NanoPi Neo and Neo2 SBCs, plus an RPi style carrier. FriendlyElec’s new $8 “NanoPi Neo Core” and $25 “NanoPi Neo Core2” boards are low-profile variants of the company’s earlier 40 x 40mm NanoPi Neo and NanoPi Neo 2 SBCs, but with their large, topside USB and Ethernet connectors replaced by a third dual-row pin header. As a result, the new boards are more like computer-on-modules (COMs) than single-board computers (SBCs), in that they’re meant to be combined with off-the-shelf or custom carrier boards, such as FriendlyElec’s RPi 3-like Mini Shield (see farther below). [...] Operating system — Ubuntu Core; Armbian; U-boot bootloader
  • You Can Pre-Order Ataribox Very Soon, But The Thing Is Still Sort Of A Mystery
  • Sling TV now available on 2017 models of Samsung Smart TVs
  • Give your Gear S3 and Gear Sport a Christmas makeover with these FREE watchfaces

Security: Bolt, Updates, NIST, Starbucks

Software: Top 5 Linux Music Players, Udeler, and Thomas

  • Top 5 Linux Music Players
    No matter what you do, chances are you enjoy a bit of music playing in the background. Whether you’re a coder, system administrator, or typical desktop user, enjoying good music might be at the top of your list of things you do on the desktop. And, with the holidays upon us, you might wind up with some gift cards that allow you to purchase some new music. If your music format of choice is of a digital nature (mine happens to be vinyl) and your platform is Linux, you’re going to want a good GUI player to enjoy that music. Fortunately, Linux has no lack of digital music players. In fact, there are quite a few, most of which are open source and available for free. Let’s take a look at a few such players, to see which one might suit your needs.
  • Udeler – A Cross-Platform Udemy Course Video Downloader
    I assume many of our readers are familiar with a number of online study education centers. Some of them focus on programming and computer science related topics alone while others have a wider topic range. Some websites are completely free or paid, and other offer both paid and free courses. Just like Khan Academy and Code Academy, Udemy is no newcomer to this domain. It’s a website where you can learn a variety of courses online at your own pace with some of them being available for free.
  • Thomas – A Simple Pomodoro Timer App for Linux
    One of the best methods you can implement to be more productive is time management. It allows you to keep track of how much time it takes you to get work done and how often you exceed your deadlines. Timer apps these days seem to have chosen a favorite technique to help users stay sharp and productive as is evident in apps like Gnome Pomodoro and Take a Break. The Pomodoro technique is a common pick.

today's howtos