Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 24 May 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Windows Intruded by CIA Rianne Schestowitz 19/05/2017 - 2:20pm
Story Android Leftovers Rianne Schestowitz 19/05/2017 - 2:27am
Story today's howtos Rianne Schestowitz 18/05/2017 - 9:57pm
Story OSS Leftovers Rianne Schestowitz 18/05/2017 - 8:55pm
Story Tizen Everywhere at Samsung Rianne Schestowitz 18/05/2017 - 8:22pm
Story Security Leftovers Rianne Schestowitz 18/05/2017 - 4:42pm
Story Android Domination and Android O Rianne Schestowitz 18/05/2017 - 4:06pm
Story Red Hat News Rianne Schestowitz 18/05/2017 - 3:04pm
Story Samsung Z4, Tizen 4.0 and More Tizen Rianne Schestowitz 18/05/2017 - 2:53pm
Story Black Lab Enterprise Linux 11 Xfce and MATE Spins Now Available for Download Rianne Schestowitz 18/05/2017 - 2:03pm

Microsoft Windows and Ransom

Filed under
Microsoft
Security
  • Massive ransomware attack hits UK hospitals, Spanish banks [Ed: Microsoft shows its real cost]

    A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, with telecoms provider Telefonica apparently hit hard. Further attacks have been reported in Russia, Ukraine, and Taiwan. Batten down the hatches: we might be in the middle of a global ransomware attack.

    Multiple sources point to this ransomware attack being based on the EternalBlue vulnerability, which was discovered by the NSA but was leaked by a group calling itself Shadow Brokers last month.

    NHS Digital has confirmed the attack and issued a brief statement, stating that there's no evidence that patient data had been accessed and that the attack was not specifically targeted at the NHS. At this point it isn't clear whether a central NHS network has been knocked offline by the ransomware or whether individual computers connected to the network are being locked out. In any case, a number of hospitals and clinics are reporting that their computer systems are inaccessible, and some telephone services are down too.

  • New ransomware Jaff demands $3,700 payments
  • Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

    This is a Wordfence public service security announcement for all users of computers running any version of Windows.

    We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

SUSE Security Breach (Again) and Tumbleweed Update

Filed under
SUSE
  • Several openSUSE services disabled due to a security breach

    We have been informed of a security breach of the MF authentication system used by several openSUSE services.

    As a result, the openSUSE services using this authentication method are immediately being set to read-only mode/preventing authentication.

    This includes the openSUSE OBS, wiki, and forums.

    The scope and impact of the breach is not yet fully clear. The disabling of authentication is to ensure the protection of our systems and user data while the situation is fully investigated.

  • Tumbleweed: Review of the weeks 2017/18 & 19

    In the last two weeks, a total of 6 snapshots had been released to the wild (0428, 0429, 0430, 0502, 0503, 0505): all those snapshots were mainly in Week 18 – while we were having some struggles this week due to the way the pattern packages are now laid out. The change was slightly more complex than anticipated and small issues crept in here and there. But the change is well worth the effort, as patterns are now smaller chunks with their own respective maintainer groups assigned. For example, the KDE Team has more, and especially more direct, control over their pattern. The same holds, of course, true for all other desktop related patterns: those now live in the respective desktop environment’s devel projects.

CoreOS's Linux platform bolsters enterprise Kubernetes features

Filed under
OS
Linux

Tectonic, CoreOS's Linux platform built to run containers, was revamped this week to version 1.6.2. Underneath that minor point revision label lie some significant changes.

Read more

Open source, $125 NAS SBC has four SATA 3.0 ports

Filed under
OSS

On Kickstarter, an open source, 4-bay “Helios4” NAS SBC runs Armbian on a Marvell Armada 388 SoC, and sells for $125, or $139 for the full case kit with fans.

A Singapore-based startup called Kobol has gone to Kickstarter to pitch an open source network attached storage (NAS) SBC that supports up to 40TB of onboard storage, as well as media streaming and file sharing. The Helios4 Personal Cloud also comes with an optional enclosure kit with bays and dual fans for the board’s four SATA ports. Two USB 3.0 ports are also available.

Read more

CIA Uses "AfterMidnight" and "Assassin" Against Windows

Filed under
Microsoft

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.

"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus". Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target.

Read more

Which Official Ubuntu Flavor Is Best for You?

Filed under
Ubuntu

Up until recently, the official Ubuntu Linux included the in-house Unity desktop and a sixth recognized flavor existed: Ubuntu GNOME -- Ubuntu with the GNOME desktop environment.

When Mark Shuttleworth decided to nix Unity, the choice was obvious to Canonical—make GNOME the official desktop of Ubuntu Linux. This begins with Ubuntu 18.04 (so April, 2018) and we’ll be down to the official distribution and four recognized flavors.

For those already enmeshed in the Linux community, that’s some seriously simple math to do—you know which Linux desktop you like, so making the choice between Ubuntu, Kubuntu, Lubuntu, Mythbuntu, and Ubuntu Budgie couldn’t be easier. Those that haven’t already been indoctrinated into the way of Linux won’t see that as such a cut-and-dried decision.

To that end, I thought it might be a good idea to help newer users decide which flavor is best for them. After all, choosing the wrong distribution out of the starting gate can make for a less-than-ideal experience.

And so, if you’re considering a flavor of Ubuntu, and you want your experience to be as painless as possible, read on.

Read more

RADV vs. AMDGPU-PRO Vulkan Performance vs. OpenGL In May 2017

Filed under
Graphics/Benchmarks

With the open-source RADV Radeon Vulkan driver recently hitting the milestone of effectively being Vulkan 1.0 compliant, I figured this warranted a good time for running a fresh open-source Vulkan vs. AMDGPU-PRO Vulkan performance comparison on various graphics cards. For additional context, the RadeonSI and AMDGPU-PRO OpenGL numbers are also present to provide additional value.

Read more

Also:

  • VK9 Direct3D-Over-Vulkan Begins Hitting More Advanced Milestones

    The VK9 hobbyist project implementing Direct3D 9 over the Vulkan graphics API is beginning to reach the more challenging milestones.

  • Mesa 17.0.6 Is Coming Soon with Polaris 12 Support for Radeon RADV Vulkan Driver

    A new maintenance update of the Mesa 17.0 3D Graphics Library stable series, which numerous GNU/Linux distributions are currently using in their default install, is being prepped these days.

    We're talking here about Mesa 17.0.6, which is now in the Release Candidate stage of development, promising to bring more than 50 improvements for various supported drivers, as well as core components. The final release of Mesa 17.0.6 is expected this weekend, but let's have a look at what to expect from it.

Leftovers: Gaming

Filed under
Gaming

Con Kolivas and MuQSS 0.155

Filed under
Linux
  • linux-4.11-ck1 / MuQSS CPU scheduler 0.155

    These are patches designed to improve system responsiveness and interactivity with specific emphasis on the desktop, but configurable for any workload. The patchset is mainly centred around the Multiple Queue Skiplist Scheduler, MuQSS.

  • MuQSS CPU Scheduler 0.155 Released

    Con Kolivas has released his latest version of the MuQSS CPU scheduler that succeeds the Brain BFS scheduler.

    MuQSS 0.155 is now available along with his Linux-4.11-ck1 patch series. MuQSS continues to be designed for delivering maximum system responsiveness and interactivity with a focus on desktop workloads.

More Security Leftovers

Filed under
Security

today's howtos

Filed under
HowTos

Android Leftovers

Filed under
Android

Tizen News

Filed under
Linux

Embrace and Extend: Microsoft Wants to Control the Competition

Filed under
GNU
Linux
Microsoft

“They’ll get sort of addicted, and then we’ll somehow figure out how to collect sometime in the next decade.”

--Bill Gates

Multimedia: Recording Audio, VLC Media Player 2.2.5, OpenShot 2.3.2

Filed under
Software
  • A simple command-line tool for recording audio

    Machine learning and natural language processing are transforming our relationship with our devices by giving them a human voice. People with visual impairments have especially benefited from these technologies, but those who speak languages like my native Odia have largely been left behind by most voicebanks.

    When T. Shrinivasan, a Tamil-language Wikipedian, started the Voice-recorder-for-tawictionary, he probably didn't realize how useful his open source tool can be for users like me. I was in search of a simple tool that could allow me to record large chunks of words in a short time so that those recordings can be used on Odia Wiktionary, a sister project of Wikipedia and a free dictionary in Odia language that has translations of Odia and other language words.

  • VLC Media Player 2.2.5 Improves Video Scaling in VDPAU, MP3 Playback, and More

    VLC 2.2.5 arrived recently with a great number of improvements over the previous stable update of the open-source, free and cross-platform video player application for GNU/Linux, macOS and Microsoft Windows operating systems.

    In fact, it's been almost a year since VLC 2.2.4 was announced back in early June 2016, and users can now finally update their beloved media player to a newer version that has quite a number of improvements. For example, VLC 2.2.5 improves the MP3 playback quality when the libmad library is used, as well as VDPAU video scalling and the playback of palettized codecs.

  • OpenShot 2.3.2 Open-Source Video Editor Is Out, Addresses a Few Important Issues

    OpenShot developer Jonathan Thomas today announced the release and immediate availability of the first public maintenance update to the OpenShot 2.3 stable series of the open-source and cross-platform video editor.

    OpenShot 2.3 arrived at the end of March 2017 as "one of the biggest updates ever" of the popular and free video editor software that's used with success by many videographers and vloggers on the Open Source community, but also by any home user who wants to edit his/her vacation movies.

PC repair chap lets tech support scammer log on to his PC. His Linux PC

Filed under
GNU
Linux

Why look at that! Friday is upon us, which means it’s time for another instalment of On-Call, The Register’s weekly column in which readers share memories of being asked to fix odd stuff at unpleasant times of the day.

This week, meet “Shane,” who used to do a bit of computer repair work on the side, and kept a phone just for that business.

“This was back in the days when XP would regularly crap itself and need to be reinstalled every year or so, and thus such a sideline was worth the effort,” Shane explained in his mail to El Reg.

That phone rang one day and the caller proclaimed he was from Microsoft tech support and that they had detected a virus on Shane’s computer. “The irony of this obvious scam coming into that particular phone amused me enough that I played along with the scammer for a while.”

Read more

Security Leftovers

Filed under
Security

Leftovers: Ubuntu

Filed under
Ubuntu

Events and Webinars: XDC2018, Linux Foundation, and Canonical

Filed under
OSS
  • X.Org Is Looking For An XDC2018 Host

    The X.Org Foundation is looking for interested individuals to offer bids for organizing the 2018 X.Org Developers' Conference.

    The XDC2017 conference happening this September is taking place at the Googleplex in Mountain View and thus in the usual rotation, for the 2018 conference will ideally be trying to find a host in Europe.

  • New Continuous Development Course Now Available From The Linux Foundation
  • Webinar: Delivering the value of IoT in the retail industry

    IoT is being embraced by an increasingly diverse set of sectors and one which is reaping the benefits is the retail sector, specifically supermarkets and how they are using data in cold-chain (refrigeration) solutions. For this webinar, join Paul Edrich, CTO of IMS Evolve, who is helping major supermarket chains to manage billions of data points in real time to inform operational processes, reduce energy consumption and increase product quality.

A federal court has ruled that an open-source license is an enforceable contract

Filed under
GNU
Legal

When the South Korean developer of a suite of productivity apps called Hancom Office incorporated an open-source PDF interpreter called Ghostscript into its word-processing software, it was supposed to do one of two things.

To use Ghostscript for free, Hancom would have to adhere to its open-source license, the GNU General Public License (GPL). The GNU GPL requires that when you use GPL-licensed software to make some other software, the resulting software also has to be open-sourced with the same license if it’s released to the public. That means Hancom would have to open-source its entire suite of apps.

Read more

Syndicate content

More in Tux Machines

Red Hat General and Financial News

today's howtos

Tizen in Bolivia and India

Security Leftovers

  • Security updates for Wednesday
  • Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)

    On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

  • What's got a vast attack surface and runs on Linux? Windows Defender, of course
    Google Project Zero's Windows bug-hunter and fuzz-boffin Tavis Ormandy has given the world an insight into how he works so fast: he works on Linux, and with the release of a personal project on GitHub, others can too. Ormandy's project is to port Windows DLLs to Linux for his vuln tests (“So that's how he works so fast!” Penguinistas around the world are saying). Typically self-effacing, Ormandy made this simple announcement on Twitter (to a reception mixing admiration, humour, and horror):
  • Hacked in Translation – from Subtitles to Complete Takeover
    Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
  • A Samba remote code execution vulnerability
    Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.