Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 13 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Linux: Ready, willing and able srlinuxx 11/04/2005 - 3:27am
Story Microsoft's IT security plans spark controversy srlinuxx 11/04/2005 - 3:27am
Story Paris Hilton's sidekick hacked srlinuxx 11/04/2005 - 3:27am
Blog entry Weird *ss Weather srlinuxx 11/04/2005 - 3:26am
Story Greetings From the Most Connected Place on Earth srlinuxx 11/04/2005 - 3:26am
Story Get Into the Flame War ...please! srlinuxx 11/04/2005 - 3:26am
Story Linux kernel to include IPv6 firewall srlinuxx 11/04/2005 - 3:25am
Story Linux For The Future srlinuxx 11/04/2005 - 3:25am
Story M$ Not Ready to Settle Yet srlinuxx 11/04/2005 - 3:24am
Story security breach affects every state srlinuxx 11/04/2005 - 3:24am

The Latest Hardware Defects

Filed under
Hardware
Security
  • Patch, Or Your Solid State Drives Roll Over And Die

    Expiration dates for computer drives? That’s what a line of HP solid-state drives are facing as the variable for their uptime counter is running out. When it does, the drive “expires” and, well, no more data storage for you!

    There are a series of stages in the evolution of a software developer as they master their art, and one of those stages comes in understanding that while they may have a handle on the abstracted world presented by their development environment they perhaps haven’t considered the moments in which the real computer that lives behind it intrudes. Think of the first time you saw an SQL injection attack on a website, for example, or the moment you realised that a variable type is linked to the physical constraints of the number of memory locations it has reserved for it. So people who write software surround themselves with an armoury of things they watch out for as they code, and thus endeavour to produce software less likely to break. Firmly in that arena is the size of the variables you use and what will happen when that limit is reached.

  • New Plundervolt attack impacts Intel CPUs

Andes’ RISC-V SoC debuts with AI-ready VPU as Microchip opens access to its PolarFire SoC

Filed under
Linux

Andes unveiled a Linux-ready, RISC-V-based “AndesCore 27-series” CPU core that features a VPU for AI applications. In other RISC-V on Linux news, Microchip opened early access to its FPGA-enabled PolarFire SoC and Hex Five announced MultiZone Security for Linux.

In conjunction with the RISC-V Summit in San Jose this week, Andes Technology announced a Linux-focused RISC-V core design that it says is the first to include a vector processing unit (VPU). Meanwhile, Microchip announced an early access program for its previously announced, Linux-friendly PolarFire SoC, and there’s a new MultiZone Security for Linux application for RISC-V chips from Hex Five Security that will initially run on the PolarFire SoC (see farther below).

Read more

Android Leftovers

Filed under
Android

Meet The New Linux Desktop That Offers A Unique Twist On Ubuntu 19.10

Filed under
Linux
Ubuntu

Are you a fan of the Cinnamon Desktop used in Linux Mint, but prefer more recent software and the familiarity of the Ubuntu ecosystem? If so, there’s a brand new spin of Ubuntu 19.10 that may interest you. Say hello to Ubuntu Cinnamon (or, as Michael Tunnell from This Week in Linux cleverly dubbed it, “CinnaBuntu”).

Ubuntu Cinnamon is a brand new “remix” project that incorporates the Cinnamon Desktop Environment into Ubuntu. It’s not an official “flavor” of Ubuntu, but the developers are hoping that — like Ubuntu Budgie and Ubuntu MATE before it — it’s welcomed by both the community and Canonical to eventually join the ranks of the official Ubuntu family.

Read more

Google Releases Chrome 79 for Linux, Windows, and Mac with 51 Security Fixes

Filed under
Google
Security

Chrome 79 has been in development since earlier this fall and entered beta testing at the end of October, when Google gave us a glimpse of the new features and improvements to come. And now, users can now enjoy all of them if they update their Chrome web browser to version 79.0.3945.79, which is rolling out now to Linux, Windows, and Mac desktop platforms.

With Chrome 79, Google brings VR (Virtual Reality) support to the Web with a new API called WebXR Device API, which allows developers to create immersive experiences for smartphones, as well as head-mounted displays. This also paves the way for the development of many other similar emerging technologies, among which we can mention AR (Augmented Reality).

Read more

Direct:Stable Channel Update for Desktop

The latest Linux kernel is headed to Chromebooks in the very near future and that’s a big deal

Filed under
Linux
Google

For those of you who may not be familiar with the subject, Google’s Chrome OS that powers millions of Chromebooks is built on the Linux kernel. I’ll save you the long-winded explanation of what the Linux kernel is and how it works for two reasons. One, it would take all day. Two, I’m not a developer and I would likely confuse myself and you in the process. Apart from numerous Linux distributions and Chrome OS, the Linux kernel is at the heart of the Android operating system as well as various embedded devices and products such as smart TVs and webcams.

Read more

Qt for MCUs 1.0 is now available

Filed under
KDE

Qt for MCUs enables creation of fluid graphical user interfaces (GUI) with a low memory footprint on displays powered by microcontrollers (MCU). It is a complete graphics toolkit with everything needed to design, develop, and deploy GUIs on MCUs. It enables a unified technology approach for an entire product line to create a consistent and branded end user experience. Watch the Qt for MCUs video showcasing different use cases.

Qt for MCUs 1.0 has already been adopted by lead customers in Japan, Europe and the US, who have started developing their next generation product. This release has been tested on microcontrollers from NXP, Renesas and STMicroelectronics. The software release contains Platform Adaptations for NXP i.MX RT1050 and STM32F769i as the default Deployment Platforms. Platform Adaptations for several other NXP and STM32 microcontrollers as well as the Renesas RH850 microcontroller are available as separate Deployment Platform Packages. On request, Qt Professional Services can provide new Platform Adaptions for additional microcontrollers.

Read more

Replicant needs your help to liberate Android in 2020

Filed under
Android
GNU

Mobile devices such as phones and tablets are becoming an increasingly important part in our computing, hence they are particularly subject to freedom and security concerns. These devices aren't simply "phones" or "tablets." They are full computers with powerful hardware, running complete operating systems that allow for updates, software changes, and installable applications. This makes it feasible to run free software on them. Thus, it is possible to choose a device that runs a free bootloader and free mobile operating system -- Replicant -- as well as fully free apps for the user. You can read more about privacy and security on mobile phones and the solutions that Replicant offers, as well as learn some valuable lessons on how better to protect your freedom on mobile devices on the Replicant Web site.

Replicant is currently steered by a team of three people: Fil Bergamo, Joonas Kylmälä (Putti), and myself. At the beginning of this year, we successfully applied for funding from a program from the European Union called Next Generation Internet. We also received a sizeable donation from Handshake, which allowed us to make some significant investments.

Read more

CVE patching is not making your Linux secure

Filed under
Security

Would you like to enhance your Linux security? Do you wonder what factors should be considered when evaluating your open source security from both – the infrastructure and the application perspectives? Are you keen to learn the Ubuntu security team approach? I’ve learned that CVE patching is indeed an important puzzle, but without a structured approach, professional tools and well-defined processes in place, your Linux environment will not be secure.

What do Linux security experts say?

I got inspired by all these questions during the Open Source Security Summit, which was followed by the Linux Security Summit. I really enjoyed a week full of keynotes, workshops and meaningful conversations. So much so that, in my notebook, I noted down some really good quotes about the Linux security. For instance, Kelly Hammond from Intel opened her keynote by saying that “security is like doing the laundry or the dishes – it’s never done”.

Linux security is more complicated than fixing CVEs

Fixing CVEs is a continuous job that all Linux security teams focus on. In his keynote, Greg Kroah-Hartman from the Linux Foundation looked at this problem from the kernel perspective. In his exact words “CVEs mean nothing for the kernel” because very few CVEs are ever going to be assigned for the kernel. A stable Linux kernel receives 22-25 patches every day without any CVE process involved. So Greg’s position on the Linux security comes down to always using the latest stable kernel and not worrying about CVEs.

Read more

Also: Security updates for Tuesday

DebEX Linux Distro Released for Older PCs with LXQt Desktop and Linux Kernel 5.4

Filed under
Debian

GNU/Linux developer Arne Exton has released today a new version of his Debian-based DebEX Linux distribution, which promises to bring back to life older 32-bit computers.
Based on the Debian GNU/Linux 10 "Buster" operating system series, DebEX Linux uses LXQt as default desktop environment, which is known to be very resource-friendly and efficient on older computers from 15 or 20 years ago.

The new DebEX Linux version comes with only a minimum set of packages installed in the live and installable ISO image, which makes it just under 1GB in size. Under the hood, DebEX Linux uses the latest and greatest Linux kernel, Linux 5.4.2, for out-of-the-box hardware support.

"I've made a new DebEX system for older computers. It uses LXQt as desktop environment. I could run and install DebEX LXQt without problems on my oldest computer, an Acer Aspire 5102WLMi from the year 2006," said Arne Exton.

Read more

Meet Sparky Bonsai, SparkyLinux Portable Edition Featuring Joe's Window Manager

Filed under
Debian

The Debian-based SparkyLinux operating system recently received a new community edition that you can run and use directly from a USB stick without installing anything on your personal computer.
While many of today's GNU/Linux distributions come as a live medium that lets users test drive it without installing the actual OS on their computers, it would appear that some users are still interested in the type of systems that lives in a USB flash drive, running completely from there with persistence.

So today's we'd like to introduce you Sparky Bonsai, a portable edition of the Debian-based SparkyLinux operating system that works in the same way famous portable distros like Slax, Puppy Linux, Porteus, and DebianDog work. It features the JWM (Joe's Window Manager) stacking window manager for X11.

Read more

Mozilla Firefox 71 Is Now Available for All Supported Ubuntu Linux Releases

Filed under
Moz/FF
Ubuntu

Mozilla's latest Firefox 71 web browser is now finally available for installation from the software repositories of all supported Ubuntu Linux releases.
Officially announced by Mozilla last week, the Firefox 71 web browser introduces native MP3 decoding, a much-improved built-in password manager that can now recognize subdomains and automatically fill domain logins or warn users with screen readers about breaches from Firefox Monitor, and a new kiosk mode that allows the use of Firefox in kiosk terminals by running it exclusively in full-screen.

Firefox 71 also comes with a redesigned internal configuration page (about:config) rewritten in HTML, an improved Enhanced Tracking Protection feature to offer users more information about the actions it takes by displaying notifications when Firefox blocks cryptominers, and new locales for Catalan (Valencian) (ca-valencia), Tagalog (tl), and Triqui (trs).

Read more

Microsoft Once Again Googlebombing "Linux" to Push/Promote Proprietary Spyware

Filed under
Microsoft

Games: Commandos, Area 86, Insurgency: Sandstorm and Humble Paradox Management Bundle

Filed under
Gaming

today's leftovers

Filed under
Misc
  • Ubuntu Weekly Newsletter Issue 608

    Welcome to the Ubuntu Weekly Newsletter, Issue 608 for the week of December 1 – 7, 2019. The full version of this issue is available here.

  • Developers shouldn't distribute their own software

    Thankfully, each distro includes its own set of volunteers dedicated to this specific job: packaging software for the distribution and making sure it conforms to the norms of the target environment. This model also adds a set of checks and balances to the system, in which the distro maintainers can audit each other’s work for bugs and examine the software being packaged for anti-features like telemetry or advertisements, patching it out as necessary. These systems keep malware out of the repositories, handle distribution of updates, cryptographically verifying signatures, scaling the distribution out across many mirrors - it’s a robust system with decades of refinement.

  • attention please: host's IP stack behavior got changed slightly

    Your laptops, desktops and servers now check packet destination address with IP address bound to interface, where such packet is received on. If there will be mismatch the packet will be discarded and 'wrongif' counter will be bumped. You can use 'netstat -s|grep wrongif' to display the counter value.

  • Trusted Recursive Resolvers – Protecting Your Privacy with Policy and Technology

    In keeping with a longstanding commitment to privacy and online security, this year Mozilla has launched products and features that ensure privacy is respected and is the default. We recognize that technology alone isn’t enough to protect your privacy. To build a product that truly protects people, you need strong data policies.

    An example of our work here is the U.S. deployment of DNS over HTTPS (DoH), a new protocol to keep people’s browsing activity safe from being intercepted or tampered with, and our Trusted Recursive Resolver program (TRR). Connecting the right technology with strict operational requirements will make it harder for malicious actors to spy on or tamper with users’ browsing activity, and will protect users from DNS providers, including internet service providers (ISPs), that can abuse their data.

    DoH’s ability to encrypt DNS data addresses only half the problem we are trying to solve. The second half is requiring that companies with the ability to see and store your browsing history change their data handling practices. This is what the TRR program is for. With these two initiatives, we’re helping close data leaks that have been part of the Internet since the DNS was created 35 years ago.

  • Mozilla Privacy Blog: Mozilla comments on CCPA regulations

    Around the globe, Mozilla has been a supporter of data privacy laws that empower people – including the California Consumer Protection Act (CCPA). For the last few weeks, we’ve been considering the draft regulations, released in October, from Attorney General Becerra. Today, we submitted comments to help California effectively and meaningfully implement CCPA.

    We all know that people deserve more control over their online data. And we take care to provide people protection and control by baking privacy and the same principles we want to see in legislation into the Firefox browser.

  • Linux is junk, but GPL is for ever

    Once in a while people used to say that the lovely programs they used becomes obsolete. Then talk about its nostalgia.

    What will be the status of linux kernel after 100 years? Lets say 50 years? Will it be there supporting the new technologies of that time? I don’t think so.

    Linux like all other technologies may not able to adapt to those new environments.

    Where as GPL is eternal. As far as there is software, the rules of GPL will be valid.

  • AGL Announces CES 2020 Demos by 18 Members

    Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, will be at CES 2020 demonstrating open source infotainment and instrument cluster applications along with 20+ connected car demonstrations developed by AGL members.

    The AGL Booth in the Westgate Hotel Pavilion #1815 will feature a 2020 Toyota RAV4 with an AGL-based multimedia system that is currently in production, a 2020 Mazda CX-30 showcasing a proof of concept (POC) demo using new AGL reference hardware, and automotive technology demonstrations by: AISIN AW, DENSO, DENSO TEN, Igalia, IoT.bzh, LG Electronics, Mazda, Microchip, NTT DATA MSE, OpenSynergy, Panasonic, Renesas, SafeRide Technologies, Suzuki, SYSGO, Tuxera and VNC Automotive. The booth will be open to the public during CES show hours from January 7-10, 2020.

    “Instrument Cluster has been a big focus over the past year, and we look forward to demonstrating the amazing work being done by our members to optimize the AGL platform for use in lower performance processors and low-cost vehicles, including motorcycles,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We are proud to be showing vehicles from Toyota and Mazda and we will also have 20+ open source demos in our booth, a small sampling of some of the AGL-based products and services that automakers and suppliers continue to bring to market.”

  •                    

  • You can now email your emails in Gmail [iophk: they begin to close the protocol]

                         

                           

    Fervent emailers can attach as many emails, which will appear as an .eml file, as they like. Users who love to have multiple tabs open may also be pleased to hear that the attachment will open in a new window.

  •                    

  • More than half of NHS devices are still running Windows 7 [iophk: Why is Canonical not spinning this into gold?]

                         

                           

    As per the FoI, 52 per cent of the total 447,000+ devices being used in the NHS, including desktops, laptops, and tablets, are still running Windows 7, which reaches end-of-life status on 14 January 2020.

                           

    That's despite the fact that the Department of Health and Social Care (DHSC) last year announced a £150m plan to upgrade all NHS systems to Windows 10 by the time that Windows 7 reaches the digital graveyard. However, it's worth noting that the NHS is an E5 licence holder, which means it'll get an extra year of Windows 7 support for free.

  • LHS Episode #316: GridTracker Deep Dive Part 2

    Welcome to the 316th installment of Linux in the Ham Shack. In this episode, we have Stephen "Tag" Loomis, N0TTL, back for a second episode on GridTracker. In this episode, the hosts discuss updates, additions and bug fixes to the application since the last time and then dive into its most complex and powerful feature, the Callable Roster. Then there is information about the myriad updates to statistical analysis that will be available in the next release. Thank you for listening and we hope you enjoy this episode and your time using GridTracker.

Comparing Linux distributions: Red Hat vs. Ubuntu

Filed under
Red Hat
Ubuntu

Red Hat Enterprise Linux and Ubuntu are easily two of the most popular Linux distributions used in the enterprise. Even so, there are some key differences between these two Linux flavors. Features, user experience, licensing and documentation are the key components to evaluate when comparing Linux distributions.

Red Hat Enterprise Linux (RHEL) can support nearly any application server or infrastructure role. In its latest version, Red Hat seems to focus heavily on security and compliance. The company has introduced systemwide cryptographic policies, advanced auditing capabilities and updated protocols. These include Transport Layer Security, IPsec, Domain Name System Security Extensions and Kerberos.

Red Hat has also reduced the complexity of RHEL's latest version. RHEL 8 is designed to provide a consistent user experience by using the same administrative tools, regardless of whether the server is running in the cloud, in a VM or on a bare-metal server

Read more

Devs: Open Source Is Growing Despite Challenges

Filed under
OSS

Optimism about the future of open source is high among software developers worldwide. However, a growing number of devs worry that a lack of funding and corporate support threatens its sustainability.

That is one of the key takeaways from DigitalOcean's second annual open source survey, published in its "Currents, Open Source 2019," seasonal report last week.

The online survey provides a snapshot of the state of open source, as well as a gauge of the inclusivity and friendliness of contributors. More than 5,800 developers from around the world participated.

Because developers may work as individuals or in small teams, the survey was not sent to specific companies. Respondents self-identified and shared the size of the company/team they worked with, said Eddie Zaneski, manager of developer relations at DigitalOcean. The company reached out to the developer community primarily through social media and email campaigns from late August to early October.

Read more

Open Hardware: RISC-V and Raspberry Pi’s 8th Birthday

Filed under
GNU
Linux
Hardware
  • SiFive Learn Inventor is a Wireless RISC-V Development Kit Inspired by BBC Micro:bit

    SiFive Learn Inventor is a RISC-V educational board partially inspired by BBC Micro:bit board with the same crocodile clip-friendly edge connector, and an LED matrix.

  • Hex Five Announces General Availability of MultiZone Security for Linux - The First Commercial Enclave for RISC-V processors

    Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five Security Inc. announces the general availability of MultiZone™ Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone™ Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem. Support for additional RISC-V processors to be announced later in 2020.

  • Celebrate the Raspberry Pi’s 8th birthday at a Raspberry Jam

    On 29 February 2020, the Raspberry Pi Foundation will celebrate the eighth birthday of the Raspberry Pi computer (or its second birthday, depending on how strict you are about counting leap years).

Syndicate content

More in Tux Machines

Screencasts and Shows: ArcoLinux 19.12 Run Through, TechSNAP and Python Bytes

today's howtos

Security Leftovers

  • WordPress 5.3.1 Security and Maintenance Release

    This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

  • 49% of workers, when forced to update their password, reuse the same one with just a minor change

    For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.

  • The FSB’s personal hackers How Evil Corp, the world’s most powerful hacking collective, takes advantage of its deep family ties in the Russian intelligence community

    On December 5, the U.S. government formally indicted members of the Russian hacker group “Evil Corp.” Washington says these men are behind “the world’s most egregious cyberattacks,” causing hundreds of millions of dollars in damages to banks. The Justice Department believes Evil Corp’s leader is Maxim Yakubets, who remains at large and was still actively involved in hacking activities as recently as March 2019. Meduza investigative journalist Liliya Yapparova discovered that Evil Corp’s hackers belong to the families of high-ranking Russian state bureaucrats and security officials. She also learned more about the Russian intelligence community’s close ties to Maxim Yakubets, whose arrest is now worth $5 million to the United States.

Programming Leftovers

  • Fedora 32 Will Feature Bleeding-Edge Compilers Again With LLVM 10 + GCC 10

    Fedora Linux is on track to deliver another bleeding-edge compiler toolchain stack with Fedora 32 due out this spring.  Fedora's spring releases have tended to always introduce new GNU Compiler Collection (GCC) releases that are generally out a few weeks before the April~May Fedora releases. Thanks to Red Hat employing several GCC developers that collaborate with Fedora, they tend to stick to ensuring Fedora ships new GCC releases quite quickly while managing minimal bugs -- in part due to tracking GCC development snapshots well before launch to begin the package rebuilds. 

  • What makes Python a great language?

    I know I’m far from the only person who has opined about this topic, but figured I’d take my turn. A while ago I hinted on Twitter that I have Thoughts(tm) about the future of Python, and while this is not going to be that post, this is going to be important background for when I do share those thoughts. If you came expecting a well researched article full of citations to peer-reviewed literature, you came to the wrong place. Similarly if you were hoping for unbiased and objective analysis. I’m not even going to link to external sources for definitions. This is literally just me on a soap box, and you can take it or leave it. I’m also deliberately not talking about CPython the runtime, pip the package manager, venv the %PATH% manipulator, or PyPI the ecosystem. This post is about the Python language. My hope is that you will get some ideas for thinking about why some programming languages feel better than others, even if you don’t agree that Python feels better than most.

  • Python String Replace

    In this article, we will talk about how to replace a substring inside a string in Python, using the replace() method. .replace() Method In Python, strings are represented as immutable str objects. The str class comes with many methods that allow you to manipulate strings. The .replace() method takes the following syntax: str.replace(old, new[, maxreplace]) str - The string you are working with. old – The substring you want to replace.