Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 24 Feb 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Linux: 2.6.22 Kernel Released

Filed under
Linux

kernelTRAP: Linux creator Linus Torvalds announced the official release of the 2.6.22 kernel, "it's out there now (or at least in the process of mirroring out - if you don't see everything, give it a bit of time)." He summarized the changes since 2.6.22-rc7.

Python Magazine Lives

Filed under
Software

Musings of an anonymous geek: For the past 6 weeks, I’ve been leading a secret double life. By day, I’m a mild mannered system/network/database admin in academia. I also write some PHP, Perl, and Python code. By night, however, I’m an author and editor. My latest project is bigger than most. In fact, it’s an entire magazine. Devoted to Python.

Why does Microsoft seem scared of GPLv3?

ZDNet: Microsoft is extremely keen to avoid "legal debate" over whether its recent partnerships with Linux firms such as Novell, Xandros, and Linspire, mean Redmond must assume any of the new licenses' legal obligations.

Episode 23 - linuX-gamers Live DVD

Filed under
Linux
Gaming

Linux on the desktop: As promised a good download link for LinuX-gamers Live DVD and a brief overview is given. Shuttleworth – KDE, GNOME and OpenOffice should have a common and regular release cycle.

Magnolia native works to spread cheap laptops around world

Filed under
OLPC

Pine Bluff Commercial: Magnolia native Mitch Bradley is working on a project that could revolutionize education and society as a whole in the Third World.

Dell Adds Nerdy Sense of Humor to Linux Promotion

guardian blogs: The in-jokes are not going to get too many people rolling in the aisles, but a link from the Direct2Dell blog to this YouTube news report shows more humour than most people might expect.

Installing Solaris Express Developer Edition(5/07) on PC/VMWare

Filed under
OS

EveryFlavorBean: Sun released the second version of Solaris Express Developer Edition(SXDE) in June this year. I received my Solaris Express Developer Edition 5/07 DVD a week ago and wanted to try it out in VMWare. I will eventually install it on a real machine to find out its hardware compatibility.

Packaging: Windows Vista, Ubuntu, and MacOS X

some blog: To me Ubuntu has the edge. The CD cover design on the left is just one of the many variations that are centered on the same idea. Ubuntu has the courage to associate human faces to a software.

Open source’s benefits to business spelled out

Filed under
OSS

computerworld: Free Software Foundation (FSF) leader Richard Stallman said at the launch of version 3 of the General Public License (GPLv3) late last month that businesses are “foolish” not to adopt non-proprietary technologies.

Dell's Linux desktop line keeps expanding

desktoplinux: When Dell first announced that it would be releasing Ubuntu Linux-powered consumer desktops and laptops, some people saw it as more of a stunt than a serious business move. They were wrong. Dell has already expanded its consumer Linux line, and now it has announced that it will soon be offering Ubuntu Linux systems outside of the United States and for new businesses.

NVIDIA GeForce 7050

Filed under
Hardware

phoronix: It's now time that the GeForce 6 series moves on with NVIDIA having recently introduced the NVIDIA GeForce 7025 and 7050 with the nForce 630a as the replacement for the GeForce 6100 and 6150 with the nForce 410/430. We have decided to look at the NVIDIA GeForce 7050 today as we compare it to the GeForce 6150 and test it in a variety of Linux graphics benchmarks.

Ubuntu "Feisty Fawn" on my Compaq V3000

Filed under
Ubuntu

simonsspace: This weekend I decided to take the plunge and install a Linux distro on my notebook PC. The reason I not done so already is because this particular notebook is well documented as being problematic under Linux.

Installing ModSecurity2 On Debian Etch

Filed under
HowTos

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications.

OpenArena 0.7.0

Filed under
Gaming

linuxgames.com: The OpenArena team has released version 0.7.0 of their GPL'd Quake 3-a-like with the ioquake3 engine. We've done a lot of stuff for this release, so this is our biggest release ever.

Repeat last shell command that started with a particular word

Filed under
HowTos

nixcraft: Bash / CSH shell offers command history feature. Most of you may be aware and using of UP / DOWN arrow keys to recall previous commands. History expansions introduce words from the history list into the input stream.

Configuring Mutt To Use An Alternate MTA : ESMTP

Filed under
HowTos

ubuntu-tutorials.com: In this tutorial I’ll outline installing, configuring and using ESMTP to handle your outgoing mail. This will allow you to send your email, via Mutt, through gmail, your ISP, or some other mail relay that you have access to.

Slackware 12: The anti-'buntu

Filed under
Reviews

Slackware is the oldest surviving Linux distribution; its first version came out in 1993. Version 12 was recently released. As its Wikipedia entry notes, it's got a reputation for sacrificing ease-of-use (in terms of configuration and package management tools provided by the distribution) in favor of letting the end user configure the system and its software by herself.

QEMU: easy and fast processor emulator

Filed under
Software

DPofD: QEMU lets you emulate a machine —in other words, you can run a virtual computer on top of your real computer. This makes it perfect for trying and testing the latest release of a distribution, running older operating systems, or just testing.

What open source does to people

Filed under
OSS

Matt Asay: The notion of "transparency" that comes with applying an OSS style to one's business model makes for more than a slick marketing slide. It permeates the software company's culture and drastically transforms relationships across-the-board.

Is open source running out of ideas?

Filed under
OSS

CBR: Gianugo Rabellino suggests that while it is good news that significant amounts are being invested in open source vendors, there has been a decrease in the amount of funds invested in Series A rounds, suggesting that “the VC industry has filled the checkerboard and has moved to something else as far as startups are concerned”.

Syndicate content

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers