Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 15 Aug 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
Blog entry PCLinuxOS 2011 - Preview Graphics Texstar 9 03/06/2011 - 2:13am
Blog entry Linux Libraries Texstar 01/06/2011 - 8:27pm
Blog entry first ticket srlinuxx 4 29/05/2011 - 7:38am
Blog entry Angry Birds for Chrome Browser Texstar 2 14/05/2011 - 2:35pm
Blog entry Fred srlinuxx 5 22/07/2011 - 3:51pm
Blog entry Enlightenment packages updated post beta 3 Texstar 27/12/2010 - 2:10am
Blog entry sorry downtime srlinuxx 21/12/2010 - 8:10am
Blog entry Maintenance Release - pclinuxos kde 2010.10 Texstar 06/11/2010 - 3:46am
Blog entry Maintenance Release - pclinuxos lxde 2010.10 Texstar 05/11/2010 - 11:35pm
Blog entry Maintenance Release - pclinuxos phoenix xfce 2010.10 Texstar 05/11/2010 - 11:32pm

Red Hat Leftovers

Filed under
Red Hat

Games: SteamOS, GOG, 'Gibbous - A Cthulhu Adventure', Kingdom Rush Origins

Filed under
Gaming

Proprietary Software on GNU/Linux: Dropbox and VMware Player 14

Filed under
GNU
Linux
Software
  • Dropbox makes the cloud rain poop on Linux users

    Cloud storage rules -- especially when coupled with a local backup plan. Quite frankly, it is one of the best computing innovations of all time. How cool is it that you can easily backup important files to an offsite location? Let's be honest -- before the cloud, many computer and smartphone users didn't bother backing up at all. While many still do not, the cloud has definitely improved the situation through convenience and affordability.

  • VMware Player 14 review - Alternate reality

    VMware Workstation Player is a very decent program, especially for new users. It comes with a reasonable set of options, it tries to guess what you're doing and help, and for lightweight use, it makes perfect sense. But if you are an advanced user, you will definitely need and want more, and this is where the full pro version comes into play. Or alternatively, go for other options. Overall, it remains similar to version 4, which I tested several years ago.

    My biggest gripe is not having hardware acceleration, which significantly improves the performance of virtual machines. The network and storage side of things are less critical for everyday use. Multi-VM is also important if you need to create more complicated setups or labs. That said, the program is simple and easy, and has a very gentle curve for people just freshly starting in the virtualization world. Worth testing, but always remember, 'tis but a teaser for the heavyweight just hiding behind the corner. Indeed, for me, the big take from this endeavor is that I need to test the Workstation as well. We shall see.

Source Code From Tesla

Filed under
OSS

GSoC: KDE and GNOME Final Reports

Filed under
KDE
GNOME
  • GSoC 2018: Final week

    Coming to the last week, the activity Note_names is finally developed and being tested on different platforms.

    Principle: This activity aims to teach sight reading the musical notes and their position on the staff by presenting several notes one-by-one with animation from the right of the staff sliding to the right of the clef image. The user will get the combination of all the notes he has learned previously and the current targetted notes from the dataset. Only the reference notes are colored as red and the user is made to learn the notes around it using it as a leverage. One has to correct enough notes to get a 100% and advance to next stage.

  • Five-or-More Modernisation: It's a Wrap

    As probably most of you already know, or recently found out, at the beginning of this week the GSoC coding period officially ended, and it is time for us, GSoC students, to submit our final evaluations and the results we achieved thus far. This blog post, as you can probably tell from the title, will be a summary of all of the work I put into modernising Five or More throughout the summer months.

    My main task was rewriting Five or More in Vala since this simple and fun game did not find its way to the list of those included in the Games Modernisation Initiative. This fun, strategy game consists of aligning, as often as possible, five or more objects of the same shape and color, to make them disappear and score points.

  • The end of GSoC

    After three months of hard work and a lot of coding the Google Summer of Code is over. I learned a lot and had a lot fun. GSoC was an amazing experience and I encourage everybody to participate in future editions. At this point I’ve been a contributor to GNOME for nearly a year, and I plan on sticking around for a long time. I really hope that other GSoC students also found it so enjoyable, and keep contributing to GNOME or other Free Software Projects.

today's howtos

Filed under
HowTos

Which Ubuntu Flavor Should You Choose?

Filed under
Ubuntu

So, you just decided to switch to using a Linux distro and you’ve come to the decision that Ubuntu is the one for you. But while you were doing your research you came across tags like Ubuntu flavours and derivatives – “what are the differences?” you ask. Also, why are there so many versions and what is the alpha-beta-LTS business all about?

Today, I’ll give you the perfect weighing scale to help you choose which Ubuntu version to use as well as give you a fundamental understanding of why there are “so many” versions.

Read more

GNOME Pomodoro: A Time Utility Tool That Increases Productivity

Filed under
GNOME

Hello readers, today I’ll be covering on how to increase your productivity and this applies to all types of computer users, especially Linux, just kidding. Tongue Believe me most of us who work on computers have suffered back pain, eye strain, stress, and then end up getting frustrated. However, did you know that one can fix all those issues by managing time in intervals and a short break in between? Yes, that’s right, read on below how you can go about that using GNOME Pomodoro.

Read more

DEF CON 26 Reports

Filed under
OSS
Security

KDE Frameworks 5.49.0 Released for KDE Plasma 5.13 with over 200 Improvements

Filed under
KDE

KDE Frameworks consists of more than 70 add-on libraries for the open-source and cross-platform Qt application framework that offers a wide range of commonly needed functionality, as well as many core components and apps that are required for the KDE Plasma desktop environment to function correctly.

For the past several years, new KDE Frameworks versions are published every month in the second Saturday of the month, and KDE Frameworks 5.49.0 is the release the KDE Project prepared for the month of August 2018, bringing various improvements and addressing numerous bugs.

Read more

Also: KDE Frameworks 5.49 Released With Many Changes

Canonical Releases New Linux Kernel Live Patch for Ubuntu 18.04 LTS & 16.04 LTS

Filed under
Linux
Ubuntu

Available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr), the new kernel live patch fixes a total of five security vulnerabilities, including the recently disclosed critical TCP flaw (CVE-2018-5390) discovered by Juha-Matti Tilli, which could allow a remote attacker to cause a denial of service.

The rebootless kernel security patch also addresses a vulnerability (CVE-2018-13405) in the inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 that could allow a local user to escalate his/her privileges by creating a file with an unintended group ownership and then make the file executable and SGID (Set Group ID).

Read more

Dropbox To End Sync Support For All Filesystems Except Ext4 on Linux

Filed under
News

Dropbox is thinking of limiting the synchronization support to only a handful of file system types: NTFS for Windows, HFS+/APFS for macOS and Ext4 for Linux.
Read more

Linux Foundation and DRM

Filed under
Linux
  • Academy and Linux Launch Software Foundation [iophk: "FUD + DRM"]

    The ASWF is the result of a two-year investigation by the Academy’s Science and Technology Council into the use of Open Source Software (OSS) across the motion picture industry. The survey found that more than 80% of the industry uses open source software, particularly for animation and visual effects. However, this widespread use of OSS has also created challenges including siloed development, managing multiple versions of OSS libraries (“versionitis”) and varying governance and licensing models that need to be addressed in order to ensure a healthy open source ecosystem.

  • Hollywood taps the Linux Foundation to create a home for its open-source projects

    Some 13 companies are listed as founding members alongside the Academy, including The Walt Disney Co., video game giant Epic Games Inc. and DreamWorks Animation LLC. A sizable portion of the foundation’s remaining backers hail from the tech industry. Among them are Intel Corp., Cisco Systems Inc. and Google LLC’s cloud division.

Security Leftovers

Filed under
Security
  • Practical Web Cache Poisoning

    In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.

    I'll illustrate and develop this technique with vulnerabilities that handed me control over numerous popular websites and frameworks, progressing from simple single-request attacks to intricate exploit chains that hijack JavaScript, pivot across cache layers, subvert social media and misdirect cloud services. I'll wrap up by discussing defense against cache poisoning, and releasing the open source Burp Suite Community extension that fueled this research.

  • IBM's proof-of-concept 'DeepLocker' malware uses AI to infect PCs
  • Hack causes pacemakers to deliver life-threatening shocks

    At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients.

  • Bad infrastructure means pacemakers can be compromised before they leave the factory

    # Windoze kills

    The new research is some of the most chilling to date. Rios and Butts have found vulnerabilities in Medtronic's infrastructure for programming and updating the pacemakers and their programming terminals (which run Windows XP!) (Windows XP!!). By attacking Medtronic's cloud infrastructure, the pair can poison all the devices as they leave the factory, or corrupt them once they're in the field.

  • Hackable implanted medical devices could cause deaths, researchers say

    To take control of the pacemaker, Rios and Butts went up the chain, hacking the system that a doctor would use to program a patient’s pacemaker. Their hack rewrote the system to replace the background with an ominous skull, but a real hack [sic] could modify the system invisibly, while ensuring that any pacemaker connected to it would be programmed with harmful instructions. “You can obviously issue a shock,” Butts said, “but you can also deny a shock.” Because the devices are implanted for a reason, he added, withholding treatment can be as damaging as active attempts to harm.

  • AWS does a guff in a bucket and exposes GoDaddy's dirty laundry

    Details included usage stats from GoDaddy, pricing and negotiated discounted rates from Amazon. More worryingly, there's also server config information, CPU specs, hostnames, operating systems and server loads.

    [...]

    GoDaddy was given a chance to plug the leaks, but after five weeks, UpGuard decided to act, as GoDaddy still hadn't locked things down.

  • Amazon AWS error exposes info on 31,000 GoDaddy servers

    Data leaks are par for the course these days, and the latest company to be involved in one is GoDaddy. The company, which says it's the world's top domain name registrar with over 18 million customers, is the subject of a new report from cybersecurity firm UpGuard that was shared exclusively with Engadget. In June, cyber risk analyst Chris Vickery discovered files containing detailed server information stored in an unsecured S3 bucket -- a cloud storage service from Amazon Web Services. A look into the files revealed multiple versions of data for over 31,000 GoDaddy systems.

  • Hackers [sic] Could Cause Havoc By Pwning Internet-Connected Irrigation Systems

    The researchers studied three different Internet of Things devices that help control irrigation and found flaws that would allow malicious hackers [sic] to turn them on remotely in an attempt to drain water. The attacks don’t rely on fancy hacking techniques or hard to find vulnerabilities, but to make a real, negative impact on a city’s water reserves, the hackers [sic] would need to take control of a lot of sprinklers. According to the researcher’s math, to empty an average water tower, hackers [sic] would need a botnet of 1,355 sprinklers; to empty a flood water reservoir, hackers [sic] would need a botnet of 23,866 sprinklers.

    The researchers say their attacks are innovative not because of the techniques, but because they don’t rely on targeting a city’s critical infrastructure itself, which is (or should be) hardened against hackers [sic]. Instead, it attacks weak Internet of Things devices connected to that infrastructure.

  • Windows BitPaymer ransomware scores a hole in one: US PGA takes a hit

    Malicious attackers have launched a Windows ransomware attack on the servers of the PGA of America golf tournament which began at the Bellerive County Club in St Louis on Thursday.

    Allan Liska, a ransomware expert from security form Recorded Future, told iTWire that the ransomware in question appeared to be BitPaymer.

  • Hacking [sic] a Brand New Mac Remotely, Right Out of the Box

    That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform. These enterprise tools allow employees of a company to walk through the customized IT setup of a Mac themselves, even if they work in a satellite office or from home. The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi.

  • In-the-wild router exploit sends unwitting users to fake banking site

    The vulnerability works against DLink DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B models that haven’t been patched in the past two years. As described in disclosures here, here, here, here, and here, the flaw allows attackers to remotely change the DNS server that connected computers use to translate domain names into IP addresses.

  • In-vehicle wireless devices are endangering emergency first responders

    In late 2016, security researcher Justin Shattuck was on assignment for an organization that was under a crippling denial-of-service attack by a large number of devices, some of which appeared to be hosted inside the network of a large European airport. As he scanned the airport’s network from the Internet—and later, with the airport operators’ permission, from inside the network—he was eventually able to confirm that the devices were indeed part of several previously unseen botnets that were delivering record-setting denial-of-service attacks on websites.

  • Breaking Down the Door to Emergency Services through Cellular IoT Gateway

    Nearly two years have passed since we first started observing cellular gateways distributing packets across the internet. Today, we are only scratching the surface of what will inevitably turn into years of future research and discoveries before the world has tackled the problem of IoT devices being deployed without security considerations. For now, this article includes the following, and will be followed up with future research and discoveries.

    • The existence of cellular IoT devices that are not properly configured is allowing attackers to easily leverage remote administration for nefarious purposes.
      • The improperly configured devices we discovered and tested had either default administration credentials (such as admin:12345), or they required no authentication at all.
    • The absence of logging capabilities on these devices ensures that nefarious activities cannot be tracked.
    • Because most of the use cases for cellular IoT are for moving fleets, devices that need tracking, or remote critical infrastructure, virtually all of them have GPS coordinates. Excessive information disclosure, such as providing GPS coordinates publicly without requiring authentication (as some devices we discovered do) is giving attackers the ability to track fleet vehicles without ever breaking the law with unauthorized access. Yes, police cars can be tracked without breaking the law.
    • There is no bias on which industries or cellular device manufacturer will fall victim to threats emerging from cellular devices. Virtually every industry that requires some form of long-range, constant connectivity is impacted (and likely, most manufacturers) as development standards apply unilaterally.
    • As of July 28, 2018, we have identified more than 100,000 devices that are impacted online. 86% of the devices identified exist within the United States.
    • Attackers have been exploiting many of these systems since August 2016, if not earlier.
    • We have a defined list of impacted Sierra Wireless makes and models, however, we believe the problem to be widespread across all manufacturers of cellular IoT devices.

today's leftovers

Filed under
Misc
  • PGP Clean Room 1.0 Release

    After several months of work, I am proud to announce that my GSoC 2018 project, the PGP/PKI Clean Room, has arrived at a stable (1.0) release!

  • Review: The Binary Times Podcast

    I recently authored a detailed review of the Linux podcast scene, grilling 25 podcasts targeted at Linux and open source enthusiasts. Like any roundup of this type, it’s almost inevitable that a few podcasts missed my radar. One of these is The Binary Times Podcast. Apologies to the hosts of the show.

    To rectify matters, here’s my take on The Binary Times Podcast.

    This review is incorporated into my detailed review, so you can see where they rank among their peers.

  • Ubuntu Podcast from the UK LoCo: S11E22 – Catch-22 - Ubuntu Podcast

    It’s Season 11 Episode 22 of the Ubuntu Podcast! Alan Pope and Mark Johnson are connected and speaking to your brain.

  • Conference Report: Fullstack 2018 London

    I recently attended Fullstack 2018, “The Conference on JavaScript, Node & Internet of Things” with my colleagues from the Canonical Web Team in London. Fullstack attempts to cover the full spectrum of the JS ecosystem – frontend, backend, IoT, machine learning and a number of other topics. While I attended a broad range of talks, I’ll just mention those that I think are most pertinent to the work we are doing currently in the web team.

  • Dropbox Client Will Only Support Ext4 Filesystems On Linux Beginning November 7

    Beginning November 7, 2018, the Dropbox client will only support the Ext4 filesystem on Linux. The news, coming from the Dropbox forums, mentions that the only supported filesystems will be Ext4 for Linux, NTFS for Windows, and HFS+ or APFS for Mac.

  • Opera Wants to Be World's First PC Web Browser with a Built-In Crypto Wallet

    Opera Software announced that it plans to bring its famous crypto wallet used on the Opera for Android mobile web browser to the desktop on Linux, Mac, and Windows platforms, in an upcoming Opera for PC stable release.

    Opera was already the world's first web browser to introduce a built-in crypto wallet when Opera Software announced it for its Opera for Android mobile web browser, allowing users to do seamless transactions on the Internet while promoting the adoption of cryptocurrencies by the mainstream.

  • Opera opens its PC browsers to crypto

    - Opera to soon ship crypto wallet access with its PC browser

    - Opera PC browser will give users access to the built-in crypto wallet in Opera for Android

    - After strong interest in the private beta, Opera is opening the crypto wallet to a larger audience for testing.

6 Reasons Why Linux Users Switch to BSD

Filed under
BSD

Wonder why people use BSD? Read some of the main reasons that compel people to use BSD over Linux.
Read more

Open Source FUD and Openwashing

Filed under
OSS
  • 5G futures: Why Huawei when open source may be the new black?

    So, the Australian government has a big decision to make about whether it will allow Huawei to be a provider of Australia’s 5G communications network that will power the internet of things for us. The national security concerns with having the large Chinese firm take on such an important role have been outlined well by ASPI’s cyber policy team and others in a series of recent Strategist posts.

    The big question people have asked, though, is, if not Huawei, then what? Ex-head of the UK’s GCHQ signals intelligence organisation Robert Hanigan, for example, has said, ‘The dilemma for western governments is that Chinese technology is no longer derivative or cheap, it’s often world-leading. Do we cut ourselves off from this technology by banning it, or find ways of managing the risk?’ It sounds like there’s an inevitability to embracing the solutions of China’s big tech firms, either now or sometime in the future.

    But that may well be just plain wrong. Rather than asking who’s the alternative supplier to Huawei, the better question might be, why would Australia go with an outdated approach to hardware and software provision at a time when new approaches might play to industry

  • The Top 3 Open Source Tools for AWS Incident Response

    Welcome to our third blog on incident response in the cloud. The first two posts primarily focused on the built-in capabilities from cloud service providers that can help your incident response efforts. We also discussed how to configure your Amazon Web Services (AWS) environment to take advantage of those features.

    Today, we are going to look at some tools that are extremely helpful for responding to cloud incidents. I’m only going to look at open source tools for AWS in this post, so you can go download and play with them in your training or test environment now.

  • WhiteSource Launches Free Open Source Vulnerability Checking [Ed: InfoQ is promoting/pushing proprietary software from Microsoft buddy (they co-author anti-FOSS papers)]
  • SD Times news digest: WhiteSource’s free vulnerability checker, Julia 1.0, and the Blockchain Learning Center

    WhiteSource is making its Vulnerability Checker available for free for developers to detect if their solutions contain any of the 50 most critical open-source bugs out there today. The checker will enable users to import and scan any library as well as check if their projects are susceptible to the most recent and common bugs.

Syndicate content

More in Tux Machines

Amiga Enthusiast Gets Quake Running On Killer NIC PowerPC CPU Core

The Amiga community remains one of the most passionate and inventive we have ever seen, even now, decades after Commodore’s demise. A couple of weeks back, we featured just a few recent projects that were designed to breathe new life into aging Amiga systems, or at the very least ensure they remain repairable for the foreseeable future. Our article explaining how to build a cheap Amiga emulator using a Raspberry Pi was immensely popular as well. Today, however, we stumbled across a video that encapsulates the ingenuity of many of the more technical folks in the Amiga community. What it shows is an Amiga 3000UX, equipped with a Voodoo 3 card and BigFoot Networks Killer NIC M1, running some software – including Quake – on the Killer NIC’s on-board Power PC processor. Read more

New Devices With Defective Intel Chips and Linux Support

  • Linux-friendly embedded computer runs on Apollo Lake power
    Axiomtek has released a rugged, Ubuntu-ready “eBOX627-312-FL” embedded PC with a dual-core Celeron N3350, 2x GbE, 6x USB, and 4x serial ports plus mini-PCIe, HDMI, SATA, and “Flexible I/O.”
  • EPIC board boasts 4x GbE ports and PCIe x4
    Aaeon is rolling out a new EPIC form-factor “EPIC-KBS9” SBC with 6th or 7th Gen Core S-series chips, 4x GbE ports, up to 32GB DDR3, and mini-PCIe and PCIe x4 expansion. Aaeon’s EPIC-KBS9 follows two other EPIC-KBS SBCs to support Intel’s 6th “Skylake” or 7th “Kaby Lake” generation S-Series processors: the EPIC-KBS7, which emphasized real-world ports, and last month’s EPIC-KBS8, which is a bit more feature rich but with fewer coastline ports. Unlike these earlier models, the KBS9 offers 4x GbE ports, up to 32GB DDR4-2133, and a full-size PCIe x4 slot, which supports NVMe storage.

'Foreshadow' Coverage

Flock 2018 Reports