Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 23 Feb 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Hollywood Studios File New Round of Web Lawsuits srlinuxx 1 02/03/2005 - 12:37am
Story Review: SimplyMEPIS 3.3 Linux srlinuxx 1 02/03/2005 - 12:39am
Story Cannabis 'doubles mental health risk' srlinuxx 3 02/03/2005 - 6:31am
Story Invisibility Shields Planned srlinuxx 2 02/03/2005 - 5:21pm
Story Illicit drug sales booming online srlinuxx 2 02/03/2005 - 5:24pm
Story Half-Life 2 sweeps Bafta awards srlinuxx 2 02/03/2005 - 11:48pm
Story KDE's FOSDEM report srlinuxx 03/03/2005 - 5:06am
Story AMD's Latest Stunt srlinuxx 03/03/2005 - 5:14am
Poll I think polls srlinuxx 2 03/03/2005 - 10:20am
Story Court Overturns Eolas Browser Judgment Against Microsoft srlinuxx 03/03/2005 - 3:42pm

Embedded World 2019: Variscite reveals an impressive portfolio of new i.MX based products

Filed under
News

Variscite reveals the portfolio of its new i.MX based products that will be presented next week at the Embedded World 2019 exhibition & conference.

Server: Buildah, Red Hat and ARM

Filed under
Server
  • Buildah: Build containers fast and easy without Docker

    Linux containers are gaining an ever stronger foothold in the IT of modern companies. For this reason, developers need a simple way of creating containerized applications. Buildah makes it easy to build containers without the need for the overhead required by Docker.
    Linux containers are an efficient means of developing and deploying new applications. Container technologies package and isolate apps together with the entire runtime environment. As a result, the containers are quickly ready for operation and even more portable than traditional applications since they contain the entire application environment.

    There are two aspects of the container environment that are very important: On the one hand, Linux containers are undergoing continued development; in particular, the Open Container Initiative (OCI) is a key driver for innovation. On the other hand, several misunderstandings regarding the Linux container architecture persist. The following needs to be made clear: Containers do not run on Docker. Containers are processes that run on the Linux kernel. Therefore, containers are Linux. Moreover, Docker daemon is only one of many user space tools and libraries that communicate with the Linux kernel in order to create containers.

    Buildah is an excellent example of these two aspects: when creating containers and for innovative ongoing refinement. Buildah makes it possible to create containers without using Docker, which means that users can implement Docker- and OCI-compliant container images with Buildah without the need for executing a container runtime daemon.

  • Awards roll call: Red Hat awards, November 2018 - February 2019

    With the new year comes new excitement, including Red Hat winning new industry award accolades. Since our last award round up, Red Hat has been honored with over twenty-five new award wins across our organization. Our latest roll call includes recognition in categories from our unique culture and why it is a special place to work, to the design and creative strategies behind Open Source Stories, and the depth of our product portfolio.

  • Musings on Hybrid Cloud

    I believe working with a Hybrid/Cross cloud tools like OpenShift gives customers the best tools to prevent lock-in to any of the big cloud vendors. OpenShift will allow users to move workloads between the big cloud vendors, their private data centers and the specialty clouds. The best of local retail along with the commodity retail. Run your application where it makes sense and protect it against vendor lock-in.

  • Arm Takes On Intel With Neoverse Platforms For Edge, Cloud And 5G

These Weeks in Firefox, Mozilla on Privacy, FSFE Blogs on Tor, Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission

Filed under
Web
  • These Weeks in Firefox: Issue 53
  • Mozilla Future Releases Blog: Enhanced Tracking Protection Testing: Protecting users’ privacy by default

    Over the past couple of months since we announced that we would broaden our approach to anti-tracking we’ve been experimenting and testing Enhanced Tracking Protection, a feature that blocks cookies and storage access from third-party trackers. Recently, we published a set of policies that define which tracking practices will be blocked in Firefox, and a new set of redesigned controls for the Content Blocking section where users can choose their desired level of privacy protection. As the next step in our path to enable Enhanced Tracking Protection by default, this week we launched a study to observe how enabling this functionality for a group of Firefox users in our Release Channel would impact the online experience.

  • I am up to no good.

    am a user of “the darknet”. I use Tor to secure my communications from curious eyes. At the latest since Edward Snowden’s leaks we know, that this might be a good idea. There are many other valid, legal use-cases for using Tor. Circumventing censorship is one of them.

    But German state secretary Günter Krings (49, CDU) believes something else. Certainly he “understand[s], that the darknet may have a use in autocratic systems, but in my opinion there is no legitimate use for it in a free, open democracy. Whoever uses the darknet is usually up to no good.”

    [...]

    Instead of trying to ban our democratic people from using tor, we should celebrate the fact that we are a democracy that can afford having citizens who can avoid surveillance and that have access to uncensored information.

  • Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission

    My name is Todd Weaver, and I think you’ll find I’m an unusual witness here today, while I may be sitting side-by-side with impressive privacy protection groups, I am here as the CEO of a rapidly growing technology company based in California.

    I am here calling for much stronger consumer privacy protections – starting with giving consumers the power to opt IN rather than opt OUT of sharing their personal data.

    I am here to tell you it’s time for California’s extraordinary tech industry to stop harvesting and “sharing” our most personal private data without our meaningful consent and knowledge.

    I am not here to tell you AB 375 (or stronger) protections are tough to implement, history is filled with wrongdoers complaining that doing right will put them out of business only to comply and thrive later. Incidentally, this same tech industry complained about Europe’s GDPR that certainly did not put them out of business.

    I am here to tell you the new law (or stronger) is easy to technically comply with – if we companies simply begin to honor our customer’s privacy rights and design our services to be privacy-protecting rather than privacy-exploiting.

Games: Surviving Mars and OpenMW

Filed under
Gaming

Kernel and Security: BPF, Mesa, Embedded World, Kernel Address Sanitizer and More

Filed under
Security
  • Concurrency management in BPF

    In the beginning, programs run on the in-kernel BPF virtual machine had no persistent internal state and no data that was shared with any other part of the system. The arrival of eBPF and, in particular, its maps functionality, has changed that situation, though, since a map can be shared between two or more BPF programs as well as with processes running in user space. That sharing naturally leads to concurrency problems, so the BPF developers have found themselves needing to add primitives to manage concurrency (the "exchange and add" or XADD instruction, for example). The next step is the addition of a spinlock mechanism to protect data structures, which has also led to some wider discussions on what the BPF memory model should look like.

    A BPF map can be thought of as a sort of array or hash-table data structure. The actual data stored in a map can be of an arbitrary type, including structures. If a complex structure is read from a map while it is being modified, the result may be internally inconsistent, with surprising (and probably unwelcome) results. In an attempt to prevent such problems, Alexei Starovoitov introduced BPF spinlocks in mid-January; after a number of quick review cycles, version 7 of the patch set was applied on February 1. If all goes well, this feature will be included in the 5.1 kernel.

  • Intel Ready To Add Their Experimental "Iris" Gallium3D Driver To Mesa

    For just over the past year Intel open-source driver developers have been developing a new Gallium3D-based OpenGL driver for Linux systems as the eventual replacement to their long-standing "i965 classic" Mesa driver. The Intel developers are now confident enough in the state of this new driver dubbed Iris that they are looking to merge the driver into mainline Mesa proper. 

    The Iris Gallium3D driver has now matured enough that Kenneth Graunke, the Intel OTC developer who originally started Iris in late 2017, is looking to merge the driver into the mainline code-base of Mesa. The driver isn't yet complete but it's already in good enough shape that he's looking for it to be merged albeit marked experimental.

  • Hallo Nürnberg!

    Collabora is headed to Nuremberg, Germany next week to take part in the 2019 edition of Embedded World, "the leading international fair for embedded systems". Following a successful first attendance in 2018, we are very much looking forward to our second visit! If you are planning on attending, please come say hello in Hall 4, booth 4-280!

    This year, we will be showcasing a state-of-the-art infrastructure for end-to-end, embedded software production. From the birth of a software platform, to reproducible continuous builds, to automated testing on hardware, get a firsthand look at our platform building expertise and see how we use continuous integration to increase productivity and quality control in embedded Linux.

  • KASAN Spots Another Kernel Vulnerability From Early Linux 2.6 Through 4.20

    The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code has just picked up another win with uncovering a use-after-free vulnerability that's been around since the early Linux 2.6 kernels.

    KASAN (along with the other sanitizers) have already proven quite valuable in spotting various coding mistakes hopefully before they are exploited in the real-world. The Kernel Address Sanitizer picked up another feather in its hat with being responsible for the CVE-2019-8912 discovery.

  • io_uring, SCM_RIGHTS, and reference-count cycles

    The io_uring mechanism that was described here in January has been through a number of revisions since then; those changes have generally been fixing implementation issues rather than changing the user-space API. In particular, this patch set seems to have received more than the usual amount of security-related review, which can only be a good thing. Security concerns became a bit of an obstacle for io_uring, though, when virtual filesystem (VFS) maintainer Al Viro threatened to veto the merging of the whole thing. It turns out that there were some reference-counting issues that required his unique experience to straighten out.
    The VFS layer is a complicated beast; it must manage the complexities of the filesystem namespace in a way that provides the highest possible performance while maintaining security and correctness. Achieving that requires making use of almost all of the locking and concurrency-management mechanisms that the kernel offers, plus a couple more implemented internally. It is fair to say that the number of kernel developers who thoroughly understand how it works is extremely small; indeed, sometimes it seems like Viro is the only one with the full picture.

    In keeping with time-honored kernel tradition, little of this complexity is documented, so when Viro gets a moment to write down how some of it works, it's worth paying attention. In a long "brain dump", Viro described how file reference counts are managed, how reference-count cycles can come about, and what the kernel does to break them. For those with the time to beat their brains against it for a while, Viro's explanation (along with a few corrections) is well worth reading. For the rest of us, a lighter version follows.

Blacklisting insecure filesystems in openSUSE

Filed under
Linux

The Linux kernel supports a wide variety of filesystem types, many of which have not seen significant use — or maintenance — in many years. Developers in the openSUSE project have concluded that many of these filesystem types are, at this point, more useful to attackers than to openSUSE users and are proposing to blacklist many of them by default. Such changes can be controversial, but it's probably still fair to say that few people expected the massive discussion that resulted, covering everything from the number of OS/2 users to how openSUSE fits into the distribution marketplace.
On January 30, Martin Wilck started the discussion with a proposal to add a blacklist preventing the automatic loading of a set of kernel modules implementing (mostly) old filesystems. These include filesystems like JFS, Minix, cramfs, AFFS, and F2FS. For most of these, the logic is that the filesystems are essentially unused and the modules implementing them have seen little maintenance in recent decades. But those modules can still be automatically loaded if a user inserts a removable drive containing one of those filesystem types. There are a number of fuzz-testing efforts underway in the kernel community, but it seems relatively unlikely that any of them are targeting, say, FreeVxFS filesystem images. So it is not unreasonable to suspect that there just might be exploitable bugs in those modules. Preventing modules for ancient, unmaintained filesystems from automatically loading may thus protect some users against flash-drive attacks.

If there were to be a fight over a proposal like this, one would ordinarily expect it to be concerned with the specific list of unwelcome modules. But there was relatively little of that. One possible exception is F2FS, the presence of which raised some eyebrows since it is under active development, having received 44 changes in the 5.0 development cycle, for example. Interestingly, it turns out that openSUSE stopped shipping F2FS in September. While the filesystem is being actively developed, it seems that, with rare exceptions, nobody is actively backporting fixes, and the filesystem also lacks a mechanism to prevent an old F2FS implementation from being confused by a filesystem created by a newer version. Rather than deal with these issues, openSUSE decided to just drop the filesystem altogether. As it happens, the blacklist proposal looks likely to allow F2FS to return to the distribution since it can be blacklisted by default.

Read more

gitgeist: a git-based social network proof of concept

Filed under
Development
Web

Are you tired of not owning the data or the platform you use for social postings? I know I am.

It's hard to say when I "first" used a social network. I've been on email for about 30 years and one of the early ad-hoc forms of social networks were chain emails. Over the years I was asked to join all sorts of "social" things such as IRC, ICQ, Skype, MSN Messenger, etc. and eventually things like Orkut, MySpace, Facebook, etc. I'll readily admit that I'm not the type of person that happily jumps onto every new social bandwagon that appears on the Internet. I often prefer preserving the quietness of my own thoughts. That, though, hasn't stopped me from finding some meaningfulness participating in Twitter, Facebook, LinkedIn and more recently Google+. Twitter was in fact the first social network that I truly embraced. And it would've remained my primary social network had they not killed their own community by culling the swell of independently-developed Twitter clients that existed. That and their increased control of their API effectively made me look for something else. Right around that time Google+ was being introduced and many in the open source community started participating in that, in some ways to find a fresh place where techies can aggregate away from the noise and sometimes over-the-top nature of Facebook. Eventually I took to that too and started using G+ as my primary social network. That is, until Google recently decided to pull the plug on G+.

While Google+ might not have represented a success for Google, it had become a good place for sharing information among the technically-inclined. As such, I found it quite useful for learning and hearing about new things in my field. Soon-to-be-former users of G+ have gone in all sorts of directions. Some have adopted a "c'mon guys, get over it, Facebook is the spot" attitude, others have adopted things like Mastodon, others have fallen back to their existing IDs on Twitter, and yet others, like me, are still looking.

Read more

A Psion Palmtop Successor Has Arrived and It Runs Android and Linux

Filed under
Android
Linux
Gadgets

A lot of people probably remember the 1990s palmtop computers made by Psion fondly. The clamshell-design palmtops were pocketable, black and white, but had a working stylus and a fantastic tactile foldout QWERTY keyboard that you could type pretty substantial documents on or even write code with. A different company -- Planet Computers -- has now produced a spiritual successor to the old Psion palmtops called the Gemini PDA that is much like an old Psion but with the latest Android smartphone hardware in it and a virtually identical tactile keyboard. It can also dual boot to Linux (Debian, Ubuntu, Sailfish) alongside Android. The technical specs are a MediaTek deca-core processor, 4GB RAM, 64GB storage (plus microSD slot), 4G, 802.11c Wi-Fi, GPS, Bluetooth, eSIM support, and 4,220mAh battery. The screen measures in at 5.99-inches with a 2,160 x 1,080 (403ppi) resolution. The only thing missing seems to be the stylus -- but perhaps that would have complicated manufacturing of this niche-device in its first production run.

Read more

Eensy-weensy i.MX8M Mini module also powers SBC

Filed under
Android
Linux

CompuLab’s Linux-driven, 38 x 28mm “UCM-iMX8M-Mini” module features an i.MX8M Mini, WiFi/BT, and up to 4GB RAM and 64GB eMMC. The COM also ships on a sandwich-style “SBC-iMX8M-Mini” SBC.

CompuLab unveiled a Linux-driven computer-on-module with NXP’s new i.MX8M Mini SoC. At 38 x 28 x 4mm, the UCM-iMX8M-Mini is considerably smaller than CompuLab’s i.MX8M-based, 68 x 42mm CL-SOM-iMX. The module is also smaller than the two other Mini-based COMs we’ve seen so far: F&S Elektronik Systeme’s 40 x 35mm PicoCore MX8MM and Variscite’s 55 x 30mm DART-MX8M-Mini.

Read more

WWW and OSS Leftovers

Filed under
OSS
Web
  • WWW = Woeful, er, winternet wendering? CERN browser rebuilt after 30 years barely recognizes modern web

    In preparation for next month's 30th anniversary of the proposal that gave us the world wide web, boffins at the behest of CERN have recreated the world's first web browser, and made it accessible as a modern web page.

    Created by Sir Tim Berners-Lee, the ur-browser, first called WorldWideWeb, and later Nexus, was built from Objective-C in 1990 on a NeXT workstation to display its maker's HyperText Markup Language.

    The browser's resurrection – click here to try it out – follows five days of hacking by an international team of nine developers, reunited after a previous effort to revive the original Line Mode Browser in 2013.

  • Web Design Survey Findings and Next Steps

    Now we need your help again! The main takeaway from the first survey was that developers and designers of every experience level want to better understand CSS issues like unexpected scrollbars and sizing. We’ve started researching and prototyping potential tool ideas for investigating specific types of CSS bugs, but we need your feedback to guide our work.

    Please take a moment with our quick single-page CSS Layout Debugging survey and help us rank the most time-consuming bugs. Your feedback will be immensely helpful in clarifying our plans in 2019 and beyond.

  • How donations helped LibreOffice and TDF in 2018

    Donations to The Document Foundation, the non-profity entity behind LibreOffice, help us to grow our community, share knowledge about the software (and its development), maintain our infrastructure, organise events and much more. The image below shows what was made possible in 2018, thanks to your generous donations – click for a larger version!

  • NomadBSD 1.2-RC2 released!

    The second release candidate of NomadBSD 1.2 is now available! We would like to thank all the RC1 testers who sent us feedback and bug reports. If you notice any problems, please let us know.

  • Mi 9 kernel source code available on launch day

    Xiaomi literally declared war against Samsung by setting the launch date of Mi 9 on the same day with Galaxy S10. The Chinese launch event by Xiaomi completed just now – Mi 9, Mi 9 Transparent Edition and Mi 9 SE are now official.

  • Bell Labs, Skunk Works, and the Crowd Sourcing of Innovation

    I’ve noticed that we hear a lot less from corporate research labs than we used to. They still exist, though. Sure, Bell Labs is owned by Nokia and there is still some hot research at IBM even though they quit publication of the fabled IBM Technical Disclosure Bulletin in 1998. But today innovation is more likely to come from a small company attracting venture capital than from an established company investing in research. Why is that? And should it be that way?

Servers: Cockpit, SOA and Kubernetes

Filed under
Server
  • Cockpit 188

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 188.

  • Good news: Business automation is not about SOA

    This is not an article about service-oriented architecture (SOA); neither is it a business process management (BPM) article. This article is about how business automation can change the way you create software.

    At a first, developers and architects tend to associate the use of BPM suites (or business-oriented architecture) with SOA. This behavior immediately leads to an incorrect bias about the subject.

    C-suite executives understand: Transform—or be suppressed by new, disruptive, technology-driven startups. In 2019, business automation is a key transformation that executives will seek in order to improve business performance and lower costs. However, some technology teams are not very open to it. Why?

  • Is Kubernetes Serverless?

    If you take a look at where the IT industry is going, you will start to see a trend: a layer of complexity added to the relationship between applications and infrastructure. No longer can you draw a straight line from the application to the machine it runs on. Developers have been trying to get away from having to manage infrastructure for years. It’s no fun having to provision, manage, and patch a multitude of disparate servers, new and old.

    As a result, that layer of abstraction between the application and the underlying infrastructure has led to the invention of a number of technologies, one of them being Kubernetes. Not only can we ensure our application is going to run on a consistent Docker container image, no matter what environment, but we don’t have to manage the containers and keep track of where and how many are running at all times.

Events: Fedora at CLT 2019, LF's Open Networking Summit and Cloud Foundry Summit on Serverless, Knative, Microservices

Filed under
OSS
  • Fedora will be at CLT 2019

    The Fedora Project will be at the Chemnitzer Linux Tage 2019. So far, Robert Scheck and I will make it happen. As we pretty much did it for the last 10 years.

  • The Linux Foundation Announces the 2019 Open Networking Summit North America Speaking Schedule

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, has announced the keynote speakers and session line-up for Open Networking Summit North America (ONS), taking place April 3-5 in San Jose, Calif.

    The full lineup of sessions can be viewed here, and features speakers from AT&T, China Mobile, Ericsson, Google, Huawei, Intel, KPMG, Nokia, Red Hat, Target, and more.

    “The Open Networking Summit is a chance to bring together the entire open networking community – from telco providers to cloud providers – to share best practices and discuss how we can work together to advance networking technology,” said Arpit Joshipura, General Manager, Networking, Edge & IoT, the Linux Foundation. “Gathering the industry’s foremost innovators and technologists, ONS is a must-attend event for collaboration and knowledge sharing.”

  • 6 Must-Attend Talks at Cloud Foundry Summit on Serverless, Knative, Microservices

    That’s a lot of technical content, so make sure to also get your ideal ratio of business impact content and check out the User Stories track.

Graphics: TuxClocker and VK_EXT_depth_clip_enable

Filed under
Graphics/Benchmarks
  • TuxClocker: Another GPU Overclocking GUI For Linux

    Adding to the list of third-party GPU overclocking utilities for Linux is TuxClocker, a Qt5-based user-interface currently with support for NVIDIA graphics cards and experimental support for AMD GPUs. 

    TuxClocker is a Qt5 overclocking tool that supports adjusting not only the memory/core frequencies but also the power limit, fan speed, and other tunables based upon the GPU/driver in use. There is also graph monitors to show the power and temperature limit, where supported, among other features. 

    TuxClocker offers similar functionality to other third-party, open-source Linux GPU overclocking software though where as most utilities focus just on NVIDIA or AMD hardware, TuxClocker is pursuing both. Currently their stable release supports just NVIDIA GPUs but the development code has AMD Radeon support in the works.

  • Intel Wires VK_EXT_depth_clip_enable Into Their Vulkan Driver, Helping DXVK

    Intel's open-source ANV Vulkan driver now supports the VK_EXT_depth_clip_enable that was designed in part to help the DXVK project for mapping Direct3D atop of the Vulkan API.

Programming Leftovers

Filed under
Development
  • Packaging PyQt5 apps with fbs

    fbs is a cross-platform PyQt5 packaging system which supports building desktop applications for Windows, Mac and Linux (Ubuntu, Fedora and Arch). Built on top of PyInstaller it wraps some of the rough edges and defines a standard project structure which allows the build process to be entirely automated. The included resource API is particularly useful, simplifying the handling of external data files, images or third-party libraries — a common pain point when bundling apps.

  • Infrastructure monitoring: Defense against surprise downtime

    There are a number of tools available that can build a viable and strong monitoring system. The only decision to make is which to use; your answer lies in what you want to achieve with monitoring as well as various financial and business factors you must consider.

    While some monitoring tools are proprietary, many open source tools, either unmanaged or community-managed software, will do the job even better than the closed source options.

    In this article, I will focus on open source tools and how to use them to create a strong monitoring architecture.

  • GSlice considerations and possible improvements

    The paper Mesh: Compacting Memory Management for C/C++ Applications is about moving memory allocations for compaction, even though the memory pointers are exposed. The idea is to merge allocation blocks from different pages that are not overlapping at page offsets, and then letting multiple virtual page pointers point to the same physical page. Some have asked about the applicability to the GSlice allocator.

  • plprofiler – Getting a Handy Tool for Profiling Your PL/pgSQL Code
  • Reading and Writing Files in Python (Guide)
  • Today is a Good Day to Learn Python

Security Leftovers

Filed under
Security
  • Wi-Fi ‘Hiding’ Inside USB Cable: A New Security Threat On The Rise?

    Today, the world has become heavily reliant on computers owing to the various advantages they offer. It has thus become imperative that we, as users, remain updated about the various threats that can compromise the security of our data and privacy.

    A recent report published by Hackaday details a new threat that might just compromise the integrity of devices. At first glance, the O.MG cable (Offensive MG Kit) looks like any other USB cable available in the market. It is what lurks within that is a cause for concern.

  • WiFi Hides Inside a USB Cable [Ed: There are far worse things, like USB devices that send a high-voltage payload to burn your whole motherboard. Do not use/insert untrusted devices from dodgy people.]
  • The Insights into Linux Security You May Be Surprised About

    Linux has a strong reputation for being the most secure operating system on the market. It’s been like that for many years, and it doesn’t seem like Windows or macOS are going to overtake it anytime soon. And while the operating system’s reputation is well-deserved, it can also be harmless experienced users.

    The problem is that some seem to put too much trust in the capabilities of Linux by default. As a result, they often don’t pay enough attention to the manual aspect of their security. Linux can help you automate your workflow to a large extent, but it still requires a manual touch to keep things going well. This is even truer when it comes to security.

  • One Identity Bolsters Unix Security with New Release of Authentication Services

    Unix systems (including Linux and Mac OS), by their very nature, have distinct challenges when it comes to security and administration. Because native Unix-based systems are not linked to one another, each server or OS instance requires its own source of authentication and authorization.

  • Book Review – Linux Basics for Hackers

    With countless job openings and growth with no end in sight, InfoSec is the place to be. Many pose the question, “Where do I start?” Over his years of training hackers and eventual security experts across a wide array of industries and occupations, the author ascertains that one of the biggest hurdles that many up-and-coming professional hackers face is the lack of a foundational knowledge or experience with Linux. In an effort to help new practitioners grow, he made the decision to pen a basic ‘How To’ manual, of sorts, to introduce foundational concepts, commands and tricks in order to provide instruction to ease their transition into the world of Linux. Out of this effort, “Linux Basics for Hackers” was born.

  • Security updates for Wednesday

today's howtos

Filed under
HowTos

HTTP Vs. HTTPS

Filed under
Linux

The internet runs on protocols. Rules and norm defined so that there is some form of standardization. One such protocol is the HyperText Transfer Protocol(HTTP).

Read more

Syndicate content

More in Tux Machines

qoob – excellent foobar-like music player for Linux

Are you debilitated by the countless music players that use web technologies with a massive RAM footprint? Maybe you want a lean yet slick audio player with a good range of features? You might be interested in qoob. It’s a music player written in the versatile and hugely popular Python programming language. The software uses Qt 5, a cross-platform application framework and widget toolkit for creating classic and embedded graphical user interfaces. qoob is similar to foobar2000, a freeware audio player respected for its highly modular design, breadth of features, and extensive user flexibility in configuration. Unlike foobar, qoob is available for Linux and it’s released under an open source license. Read more

Programming: GStreamer, Rust, Python and More

  • GStreamer 1.15.1 unstable development release
    The GStreamer team is pleased to announce the first development release in the unstable 1.15 release series. The unstable 1.15 release series adds new features on top of the current stable 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.15 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen. Full release notes will be provided in the near future, highlighting all the new features, bugfixes, performance optimizations and other important changes.
  • GStreamer: GStreamer Rust bindings 0.13.0 release
    A new version of the GStreamer Rust bindings, 0.13.0, was released. This new release is the first to include direct support for implementing GStreamer elements and other types in Rust. Previously this was provided via a different crate. In addition to this, the new release features many API improvements, cleanups, newly added bindings and bugfixes.
  • Niko Matsakis: Rust lang team working groups
    Now that the Rust 2018 edition has shipped, the language design team has been thinking a lot about what to do in 2019 and over the next few years. I think we’ve got a lot of exciting stuff on the horizon, and I wanted to write about it.
  • RVowpalWabbit 0.0.13: Keeping CRAN happy
    Another small RVowpalWabbit package update brings us version 0.0.13. And just like Rblpapi yesterday, we have a new RVowpalWabbit update to cope with staged installs which will be a new feature of R 3.6.0. No other changes were made No new code or features were added.
  • Test automation framework thoughts and examples with Python, pytest and Jenkins
    In this article I'll share some personal thoughts about Test Automation Frameworks; you can take inspiration from them if you are going to evaluate different test automation platforms or assess your current test automation solution (or solutions). Despite it is a generic article about test automation, you'll find many examples explaining how to address some common needs using the Python based test framework named pytest and the Jenkins automation server: use the information contained here just as a comparison and feel free to comment sharing alternative methods or ideas coming from different worlds. It contains references to some well (or less) known pytest plugins or testing libraries too.
  • Basics of Object-Oriented Programming
    In programming, an object is simply a 'thing'. I know, I know...how can you define something as a 'thing'. Well, let's think about it - What do 'things' have? Attributes, right? Let's take a Song for example. A song has attributes! It has a Title, an Artist, a Genre, etc. How about a Dog - A dog has four legs, a color, a name, an owner, and a breed. Though there are millions Dogs with countless names, owners, etc, the one thing that ties them all together are the very fact that every single one can be described as a Dog. Although this may seem like a not-very informative explanation, these types of examples are what ultimately made me understand Object-oriented programing. The set of activities that an object can perform is an Object's behavior. A dog can bark, wag it's tail, sit, and even shake if it's owner trains them. In the same way, a programmer can create an object and teach it tricks in order to achieve certain goals. In Ruby(my first programming language), EVERYTHING is an object. This means that every piece of code you encounter can perform certain tricks at your command, some are built into Ruby while others can be created at your disposal. Let's look at a common element in programming, a simple string. As you can see, after the string is defined, I'm able to call different 'methods' or functions on the string I created. Ruby has several built in methods on common objects(ie strings, integers, arrays, and hashes.
  • Hello pytest-play!
    pytest-play is a rec&play (rec not yet available) pytest plugin that let you execute a set of actions and assertions using commands serialized in JSON format. It tries to make test automation more affordable for non programmers or non Python programmers for browser, functional, API, integration or system testing thanks to its pluggable architecture and third party plugins that let you interact with the most common databases and systems.
  • Nikola v8.0.2 is out!
    Nikola is a static site and blog generator, written in Python. It can use Mako and Jinja2 templates, and input in many popular markup formats, such as reStructuredText and Markdown — and can even turn Jupyter Notebooks into blog posts! It also supports image galleries, and is multilingual. Nikola is flexible, and page builds are extremely fast, courtesy of doit (which is rebuilding only what has been changed).
  • Mu!
    In the past several days, I innaugurated a private Fediverse instance, "Mu", running Pleroma for now. Although Mastodon is the dominant implementation, Pleroma is far easier to install, and uses less memory on small, private instances. By doing this, I'm bucking the trend of people hating to run their own infrastructure. Well, I do run my own e-mail service, so, what the heck, might as well join the Fediverse. So far, it was pretty fun, but Pleroma has problem spots. For example, Pleroma has a concept of "local accounts" and "remote accounts": local ones are normal, into which users log in at the instance, and remote ones mirror accounts on other instances. This way, if users Alice@Mu and Bob@Mu follow user zaitcev@SLC, Mu creates a "remote" account UnIqUeStRiNg@Mu, which tracks zaitcev@SLC, so Alice and Bob subscribe to it locally. This permits to send zaitcev's updates over the network only once. Makes sense, right? Well... I have a "stuck" remote account now at Mu, let's call it Xprime@Mu and posit that it follows X@SPC. Updates posted by X@SPC are reflected in Xprime@Mu, but if Alice@Mu tries to follow X@SPC, she does not see updates that Xprime@Mu receives (the updates are not reflected in Alice's friends/main timeline) [1]. I asked at #pleroma about it, but all they could suggest was to try and resubscribe. I think I need to unsubscribe and purge Xprime@Mu somehow. Then, when Alice resubscribes, Pleroma will re-create a remote, say Xbis@Mu, and things hopefully ought to work. Well, maybe. I need to examine the source to be sure.
  • Django ORM optimization story on selecting the least possible
    This an optimization story that should not surprise anyone using the Django ORM. But I thought I'd share because I have numbers now! The origin of this came from a real requirement. For a given parent model, I'd like to extract the value of the name column of all its child models, and the turn all these name strings into 1 MD5 checksum string.
  • Reasons Mitogen sucks
    I have a particular dislike for nonspecific negativity, where nothing can be done to address its source because the reasons underlying it are never explicitly described. In the context of Mitogen, there has been a consistent stream of this sort originating from an important camp in public spaces, and despite efforts to bring specifics out into the open, still it continues to persist. For that reason I'd like to try a new strategy: justify the negativity and give it a face by providing all the fuel it needs to burn. Therefore in this post, in the interests of encouraging honesty, I will critique my own work.
  • The North Star of PyCascades, core Python developer Mariatta Wijaya, receives the 2018 Q3 Community Service Award
    At Montreal PyCon 2015, Guido Van Rossum delivered the closing keynote during which Guido issued a public ask, “I want at least two female Python core developers in the next year ... and I will try to train them myself if that's what it takes. So come talk to me." Consequently, Mariatta did just that, she reached out to Guido after PyCon 2016 to learn more about starting in Python core development. Mariatta recalls, “I hadn’t contributed to open source [yet] and I wanted to know how to start”. Guido recommended some ways for Mariatta to start including reviewing the dev guide, looking at open issues and joining and introducing herself on the Python dev mailing list .
  • Episode #118: Better Python executable management with pipx

NVIDIA: GTX 1660 and Linux

  • NVIDIA have released the 418.43 driver, includes support for the just released GeForce GTX 1660
    Two bits of NVIDIA news for you today, not only have they released a new stable driver, they've also put out their latest GPU with the GTX 1660. First up, the new stable driver 418.43 is out which you can find here. It follows on from the 418.30 beta driver, released last month. The big new feature of the driver is initial support for G-SYNC Compatible monitors! So those of you with a FreeSync monitor should be able to use it (if you weren't already using the beta driver). This new driver also adds in support for the just released GeForce GTX 1660 Ti, the GeForce RTX 2070 with Max-Q Design and the GeForce RTX 2080 with Max-Q Design. There's also NVIDIA optical flow support, NVIDIA Video Codec SDK 9.0, support for stereo presentation in Vulkan and more.
  • NVIDIA 418.43 Stable Linux Driver Released, Includes GTX 1660 Ti Support
    As expected given today's GeForce GTX 1660 Ti launch, NVIDIA has released a new Linux graphics driver supporting the 1660 Ti as well as the RTX 2070 with Max-Q Design and RTX 2080 with Max-Q Design, among other changes. This is actually the first stable release in the NVIDIA 418 series for Linux users and succeeds last month's NVIDIA 418.30 Linux driver beta. Most of the changes in today's NVIDIA 418.43 driver release were previously found in the 418.30 version, just now made official with this stable driver debut plus adding in the NVIDIA GeForce GTX 1660 Ti graphics card support.
  • NVIDIA 390.116 Legacy & 410.104 Long-Lived Linux Drivers Released
    In addition to NVIDIA christening the 418 driver series as stable today with the GeForce GTX 1660 Ti release, they also issued updates for their 390 legacy driver series as well as the 410 long-lived driver release series. The NVIDIA 390.116 driver is out for those still using NVIDIA Fermi graphics cards on Linux. This update is the first in a while and has a number of fixes to the Linux driver, on the FreeBSD side there is now 12.0 support, support for the Linux 5.0 kernel, X.Org Server 1.20 fixes, and other random fixes collected in the past few months. For those using this NVIDIA legacy driver can find out more information via this DevTalk thread.
  • GeForce GTX 1660 Ti Launch Today - Supported By The NVIDIA Linux Driver, No Nouveau Yet
    After weeks of leaks, the GeForce GTX 1660 Ti is expected to be formally announced in just a few hours. This is a ~$300 Turing graphics card but without any ray-tracing support as so far has been common to all Turing graphics cards. The GTX 1600 series family is expected to expand as well in the weeks ahead.

Betty – A Friendly Interface For Your Linux Command Line

All Linux experts might already know this statement “Command line mode is more powerful than GUI” but newbies are scared about CLI. Don’t think that working on Linux CLI is difficult as everything is opensource nowadays and you can get it in online whatever you want. If you have any doubt just google it and you will get many suggestion, select the suitable one and move forward. If you are looking for some virtual assistant tool instead of google. Yes, there is a tool is available for this and the tool name is Betty which helps you to get the information right from your terminal. Do you want to try? if so, go through the entire article for details. Read more