Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 20 Aug 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 07/07/2019 - 5:40pm
    JamieCull
  • 04/07/2019 - 7:09pm
    ksanaj
  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney

Raspberry Pi gets MIT's Scratch 3 programming language for Raspbian

Filed under
Development
Hardware

Ever since Scratch 3 was released this January, a team at the Raspberry Pi Foundation has been working with MIT to develop an offline, installable version for the Raspberry Pi.

That offline version is now available, offering students and beginners an easy environment to begin coding with the language's visual 'code blocks', as well as paint and sound-editing tools.

Scratch 3 requires installing the latest version of Raspbian known as 'Buster', the latest version of Debian Linux that was released alongside the Raspberry Pi 4 in June.

Due to the memory requirements of Scratch 3, the Raspberry Pi Foundation is recommending it is installed on a Raspberry Pi 4 with at least 2GB of RAM. The 2GB model costs $45.

Read more

Also: GCC 10 Lands Support For -march=tigerlake & -march=cooperlake

Games Leftovers

Filed under
Gaming
  • Attack of the Clones with custom Proton builds for Steam Play

    I know how you all love to tinker, so how about tinkering away with some custom builds of Steam Play Proton on this fine Tuesday afternoon?

    There's a feature in the Steam client on Linux that enables you to add in your own special builds of Steam Play and other compatibility tools like Boxtron for native DOSBox. A very useful feature, since the community can build on top of work done by Valve to make Linux gaming with Steam Play even better.

    One such custom build of Proton which recently released is Proton-i 4.13-3. This one is quite simple with a few little updates and fixes like moving Proton 4.11-2 patches on top of Wine 4.13, a fix for Unreal Engine 4 and a few other little changes. Likely a good one to try, if you just want to be that little bit more up to date.

  • Mixing Tower Defense with production chains, the free and open source game Mindustry has a big update

    Could this be your next time sink? Mindustry merges together Tower Defense style gameplay with production chains from the likes of Factorio.

    A few days ago, the developer released the final 4.0 build which is an absolutely massive update to Mindustry. It took 88 builds to get there and it was worth the wait. It's an overhaul to all parts of the game including new gamemodes, customizable rules, a new editor, new graphics, new enemies, unit production, new progression, a campaign and more.

  • Wasteland 3 has an impressive new trailer for Gamescom

    inXile Entertainment have shown off more of their upcoming party-based RPG Wasteland 3 at Gamescom and it's looking great.

  • Areia: Pathway to Dawn aims to be a relaxing meditative adventure game

    Areia: Pathway to Dawn from Gilp Studio was just recently announced with the developer promising it to be a "journey like no other".

    It's an adventure game, with a few puzzle elements to it and a wondrous style. The developer said it's a game about emotions and spiritual growth, a tale of wonder as you explore a land inhabited by only one character. It's supposed to be a calming experience, with Gilp Studio saying it's "a unique addition to the range of meditative games".

today's howtos and leftover

Filed under
Misc
HowTos
  • Overview of Linux system + getting around
  • Rename all files in lower case
  • Install Nginx with Server Blocks (Virtual Hosts) on Debian 10
  • GNOME 3.34 Works Out Refined XWayland Support For X11 Apps Run Under Sudo

    GNOME 3.34 continues to look like an incredibly great release in the performance department as well as for Wayland users.

    Earlier this summer, support was added to GNOME's Mutter to generate an Xauth file and passing it to XWayland when starting. The focus of that Red Hat contribution was for allowing X.Org/X11 applications to be run under XWayland as sudo. Up to this point when using sudo with an X11 app on Wayland, it hasn't worked out but this addition for GNOME 3.34 corrects that behavior.

  • Sonoff S55 Waterproof WiFi Smart Sockets are Offered in Six Regional Variants

    When WiFi smart sockets (aka smart plugs) started to appear a few years ago, they were often only available with either US or China plugs, and users from Europe, UK or other locales...

  • Toybrick TB-RK1808 AI Compute Stick is now Available for $86

    Last May, we wrote about RK1808 AI Compute Stick, a USB stick with Rockchip RK1808 dual-core Cortex-A35 processor also featuring a 3.0 TOPS neural processing unit to accelerate AI workloads...

  • DragonFlyBSD Developing DSynth As Synth Rewrite For Custom Package Building

    Adding to another creation being worked on by DragonFlyBSD lead developer Matthew Dillon, DSynth is a C rewrite of the FreeBSD originating Synth program that serves as a custom package repository builder.

  • RADV Vulkan Driver Lands Renoir APU Support In Time For Mesa 19.2

    Just hours ahead of the Mesa 19.2 feature freeze and days after the RadeonSI OpenGL driver added Renoir support, the RADV Vulkan driver has picked up support for this next-gen Zen 2 + Vega APU.

    The support comes down to just eight lines of new code for this new APU rumored to be launching in 2020. While it was hoped that this would be the first APU built on the Zen 2 CPU microarchitecture and with Navi graphics, the open-source Linux driver code drops have all pointed it to be more of a Raven/Vega refresh on the graphics side.

  • DevNation Live: Plumbing Kubernetes builds | Deploy with Tekton

    DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, you’ll learn about Tekton, a Kubernetes-native way of defining and running CI/CD, from Kamesh Sampath, Principal Software Engineer at Red Hat.

    The session explores the characteristics of Tekton, which is cloud-native, decoupled, and declarative. This demo-filled session will show how to combine various building blocks of Tekton to build and deploy (Tasks and Pipelines) a Kubernetes application.

Security: Hacker Summer Camp, Nexus Repository, Ransomware, Web Server Security

Filed under
Security
  • Hacker Summer Camp 2019: CTFs for Fun & Profit

    Okay, I’m back from Summer Camp and have caught up (slightly) on life. I had the privilege of giving a talk at BSidesLV entitled “CTFs for Fun and Profit: Playing Games to Build Your Skills.” I wanted to post a quick link to my slides and talk about the IoT CTF I had the chance to play.

    I played in the IoT Village CTF at DEF CON, which was interesting because it uses real-world devices with real-world vulnerabilities instead of the typical made-up challenges in a CTF. On the other hand, I’m a little disappointed that it seems pretty similar (maybe even the same) year-to-year, not providing much variety or new learning experiences if you’ve played before.

  • Nexus Repository Now Supports APT

    Beginning with version 3.17, Nexus Repository Manager supports APT (Advanced Package Tool) repositories. APT is a set of tools used to search, install, and manage packages on Debian, Ubuntu, and similar Linux distributions. With this new release, you can now host your own local APT repos. Developers benefit from no longer having to rely on connecting externally to a public repository every time an often-used package is needed.

    In the case of Debian-based Docker containers, the ability to locally cache Debian packages from public repositories can save copious amounts of time when rebuilding your containers. This can do wonders especially for containers built frequently in a CI pipeline and for the more traditional use-case of provisioning virtual machines.

  • Ransomware attack has hit 20 government agencies in Texas [iophk: Windows TCO]

    This week the state of Texas has joined the list of targets. According to Texas’s Department of Information Resources (DIR), more than 20 local government entities have been impacted by a ‘coordinated ransomware attack.’ DIR states that “the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions.”

    No disclosure has beeen made regarding how much of a payment is being requested, though given recent attacks on other states the amount is likely to be eye-watering. Also absent is any information on which ‘local government entities’ have been affected.

  • Web server security – Part 8: Basic log file analysis

    Tools like lnav (“The Log File Navigator”) allow quicker analysis of log files. Instead of manually searching for attack-like behavior, you can use SQL queries, load and combine multiple files at once, and switch between different views.

    However, keep in mind that not only tools but also underlying processes and organization are important. You must know where log files are stored, how they are created and how long information is available. This requires a basic security concept. Understand the structure of your log files, and use customization of logging rules if available.

Chromebooks Switching Over To The BFQ I/O Scheduler

Filed under
Linux
Google

On Chromebooks when moving to the latest Chrome OS that switches over to a Linux 4.19 based kernel, BFQ has become the default I/O scheduler.

BFQ has been maturing nicely and as of late there's been an uptick in interest around this I/O scheduler with some also calling for it to be used by default in distributions. Google has decided BFQ is attractive enough to enable by default for Chromebooks to provide better responsiveness.

Read more

Debian: Salsa, Promoting Debian LTS and Debian Patch Porting System

Filed under
Debian
  • salsa.debian.org: Postmortem of failed Docker registry move

    The Salsa admin team provides the following report about the failed migration of the Docker container registry. The Docker container registry stores Docker images, which are for example used in the Salsa CI toolset. This migration would have moved all data off to Google Cloud Storage (GCS) and would have lowered the used file system space on Debian systems significantly.

    [...]

    On 2019-08-06 the migration process was started. The migration itself went fine, although it took a bit longer than anticipated. However, as not all parts of the migration had been properly tested, a test of the garbage collection triggered a bug in the software.

    On 2019-08-10 the Salsa admins started to see problems with garbage collection. The job running it timed out after one hour. Within this timeframe it not even managed to collect information about all used layers to see what it can cleanup. A source code analysis showed that this design flaw can't be fixed.

    On 2019-08-13 the change was rolled back to storing data on the file system.

  • Raphaël Hertzog: Promoting Debian LTS with stickers, flyers and a video

    With the agreement of the Debian LTS contributors funded by Freexian, earlier this year I decided to spend some Freexian money on marketing: we sponsored DebConf 19 as a bronze sponsor and we prepared some stickers and flyers to give out during the event.

    The stickers only promote the Debian LTS project with the semi-official logo we have been using and a link to the wiki page. You can see them on the back of a laptop in the picture below.

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Jaskaran Singh: GSoC Final Report

    The Debian Patch Porting System aims to systematize and partially automate the security patch porting process.

    In this Google Summer of Code (2019), I wrote a webcrawler to extract security patches for a given security vulnerability identifier. This webcrawler or patch-finder serves as the first step of the Debian Patch Porting System.

    The Patch-finder should recognize numerous vulnerability identifiers. These identifiers can be security advisories (DSA, GLSA, RHSA), vulnerability identifiers (OVAL, CVE), etc. So far, it can identify CVE, DSA (Debian Security Advisory), GLSA (Gentoo Linux Security Advisory) and RHSA (Red Hat Security Advisory).

    Each vulnerability identifier has a list of entrypoint URLs associated with it. These URLs are used to initiate the patch finding.

Marek’s Take: Why open source communities are critical to operators

Filed under
OSS

Open source locks down standards in code and makes sure it is interoperable, Rice said. “That’s why it’s symbiotic. Standards are options but they come together because they are built on one another.”

And, similar to standards bodies, where delegates work side-by-side with competitors to develop global specifications, the same occurs in open source groups.

Read more

The infrastructure is code: A story of COBOL and Go

Filed under
Development

But what about today? With the decline of mainframes and the rise of newer and more innovative languages designed for the web and cloud, where does COBOL sit?

As last week's episode of Command Line Heroes mentioned, in the late 1990s, Perl (as well as JavaScript and C++) was outpacing COBOL. And, as Perl's creator, Larry Wall stated then: "COBOL is no big deal these days since demand for COBOL seems to be trailing off, for some strange reason."

Read more

Video and Audio: Neptune OS 6.0, Test and Code, GNU World Order, Coder Radio and This Week in Linux

Filed under
GNU
Linux
  • Neptune OS 6.0 Run Through

    In this video, we are looking at Neptune OS 6.0. Enjoy!

  • Test and Code: 84: CircuitPython - Scott Shawcroft

    The combination of Python's ease of use and Adafruit's super cool hardware and a focus on a successful beginner experience makes learning to write code that controls hardware super fun.

    In this episode, Scott Shawcroft, the project lead, talks about the past, present, and future of CircuitPython, and discusses the focus on the beginner.

    We also discuss contributing to the project, testing CircuitPython, and many of the cool projects and hardware boards that can use CircuitPython, and Blinka, a library to allow you to use "CircuitPython APIs for non-CircuitPython versions of Python such as CPython on Linux and MicroPython," including Raspberry Pi.

  • GNU World Order 13x34
  • Absurd Abstractions | Coder Radio 371

    It’s a Coder Radio special all about abstraction. What it is, why we need it, and what to do when it leaks.

    Plus your feedback, Mike’s next language challenge, and a functional ruby pick.

  • KDE Apps 19.08, KNOPPIX, System76, Slackware, Huawei, EndeavourOS, Dreamcast | This Week in Linux 79

    On this episode of This Week in Linux, KDE announced their latest big release of their Application Suite with dozens of new app updates. We got some Distro news to talk about with KNOPPIX, Slackware, EndeavourOS and Neptune Linux. System76 announced some really cool news with their new Graphical Firmware Manager tool.

Games: Underworld Ascendant, Dark Envoy and Elite Dangerous

Filed under
Gaming
  • Underworld Ascendant's Linux port has now been released

    Get ready to dungeon crawl! After many delays, the sequel to the classic Ultima Underworld games has finally seen a Linux release.

  • Event Horizon (Tower of Time) show off the first gameplay from their next RPG Dark Envoy

    Ah Gamescom has arrived, which means tons of games will be shown off over the next week. Event Horizon (Tower of Time dev) are getting in on the action, to show off footage from their brand new RPG called Dark Envoy.

    For those who missed the previous article, it is already confirmed to be coming to Linux. To save you a click, when asked they said "We spent a considerable effort to make Tower of Time run well on Linux - so now, being more experienced with it, we also plan to release on Linux at the same time as PC launch.".

  • Going where no Steam Play has gone before with Elite Dangerous

    What’s the one game keeping you a dual booter? Maybe it’s PUBG, or Rainbow Six: Siege? Maybe it used to be Overwatch? For me, that game was Elite Dangerous, and one year on from Proton’s release, I have a story to tell.

    There’s a certain “je ne sais quoi” about Elite Dangerous that I’ve never been able to put my finger on. It’s a game set in a scientifically modelled, full-scale replica of the whole Milky Way galaxy, and as with that setting, the game is truly vast, remarkably cold, and frequently incomprehensible. Yet, when playing Elite, I get the same feeling as when looking up at the stars on a dark and moonless night — my hungry soul is fed. Or it could just be space madness. Regardless, it’s a feeling that I like to dip into every once in a while, immerse myself in, and try not to drown.

Red Hat and Fedora: HPC, Ansible and More Flock Reports

Filed under
Android
  • HPC workloads in containers: Comparison of container run-times

    Recently, I worked on an interesting project to evaluate different container run-times for high-performance computing (HPC) clusters. HPC clusters are what we once knew as supercomputers. Today, instead of giant mainframes, they are hundreds, thousands, or tens of thousands of massively parallel systems. Since performance is critical, virtualization with tools like virtual machines or Docker containers was not realistic. The overhead was too much compared to bare metal.

  • A project manager's guide to Ansible

    For project managers, it's important to know that deploying Ansible will improve the effectiveness of a company's IT. Employees will spend less time trying to troubleshoot their own configuration, deployment, and provisioning. Ansible is designed to be a straightforward, reliable way to automate a network's IT tasks.

    Further, development teams can use the Ansible Tower to track applications from development to production. Ansible Tower includes everything from role-based access to graphical inventory management and enables teams to remain on the same page even with complex tasks.

    Ansible has a number of fantastic use cases and provides substantial productivity gains for both internal teams and the IT infrastructure as a whole. It's free, easy to use, and robust. By automating IT with Ansible, project managers will find that their teams can work more effectively without the burden of having to manage their own IT—and that IT works more smoothly overall.

  • Flock to Fedora '19

    I had a wonderful opportunity to go to Fedora’s annual contributor summit, Flock to Fedora in Budapest, Hungary. This is me penning down my takeaway from a week full of learning!

    [...]

    Apart from the talks, the conference outshone when it came to meeting mind-blowing developers. I got to know the most about Fedora and Red Hat through those interactions and it was a really pleasant experience. It was also super amazing to finally meet all the people I had been interacting with over the course of the internship in real life.

    My advice for any future Flock attendee would be to always make time to talk to people at Flock. Even I have a hard time interacting but the people are extremely nice and you get to learn a lot through those small interactions and end up making friends for a life time.

    Definitely taking back a tonne of memories, loads of pictures, and plethora of learning from this one week of experience.

  • Paul W. Frields: Flock 2019 in Budapest, Hungary.

    Last week I attended the Flock 2019 conference in Budapest, like many Fedora community members. There was a good mix of paid and volunteer community members at the event. That was nice to see, because I often worry about the overall aging of the community.

    Many people I know in Fedora have been with the project a long time. Over time, people’s lives change. Their jobs, family, or other circumstances move them in different directions. Sometimes this means they have less time for volunteer work, and they might not be active in a community like Fedora. So being able to refresh my view of who’s around and interested in an event like Flock was helpful.

    Also, at last year’s Flock in Dresden, after the first night of the conference, something I ate got the better of me — or I might have picked up a norovirus. I was out of commission for most of the remaining time, confined to my room to ride out whatever was ailing my gut. (It wasn’t pretty.) So I was glad this year also to be perfectly well, and able to attend the whole event. That was despite trying this terrible, terrible libation called ArchieMite, provided by my buddy Dennis Gilmore...

    [...]

    I also attended several sessions on Modularity. One of them was Merlin Mathesius’ presentation on tools for building modules. Merlin is on my team at Red Hat and I happened to know he hadn’t done a lot of public speaking. But you wouldn’t have guessed from his talk! It was well organized and logically presented. He gave a nice overview of how maintainers can use the available tools to build modules for community use.

    The Modularity group also held a discussion to hear about friction points with modularity. Much of the feedback lined up well with other inputs the group has received. We could solve some with better documentation and awareness. In some cases the tools could benefit from ease of use enhancements. In others, people were unaware of the difficult design decisions or choices that had to be made to produce a workable system. Fortunately there are some fixes on the way for tooling like the replacement for the so-called “Ursa Major” in Fedora. It allows normal packages to build against capabilities provided by modules.

Programming Leftovers

Filed under
Development
  • Excellent Free Books to Learn Groovy

    Apache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities, for the Java platform aimed at improving developer productivity thanks to a concise, familiar and easy to learn syntax.

    It integrates seamlessly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming.

    It’s both a static and dynamic language with features similar to those of Python, Ruby, Perl, and Smalltalk. It can be used as both a programming language and a scripting language for the Java Platform.

  • Top 9 Django Concepts - Part 2 : 5 Mins

    I will be covering 3 Django concepts, for those who had missed the first part of the 3 part series, you can head down to the Top 9 Django Concepts - Part 1

    The first concept is essential Django commands that you will be using when developing in Django.

    The second is the concept of using either a front-end like Vue, React or Angular web framework or using Django existing template system to build UI.

  • Get Current Date & Time in Python

    In this article, you will learn the datetime module supplies classes for manipulating dates and times in both simple and complex ways.

  • RcppQuantuccia 0.0.3

    RcppQuantuccia brings the Quantuccia header-only subset / variant of QuantLib to R. At the current stage, it mostly offers date and calendaring functions.

    This release was triggered by some work CRAN is doing on updating C++ standards for code in the repository. Notably, under C++11 some constructs such ptr_fun, bind1st, bind2nd, … are now deprecated, and CRAN prefers the code base to not issue such warnings (as e.g. now seen under clang++-9). So we updated the corresponding code in a good dozen or so places to the (more current and compliant) code from QuantLib itself.

7 of the Best IoT Projects Using Arduino

Filed under
Hardware
Gadgets

If you’re an electronics hobbyist, chances are you’ve heard of the Arduino. It’s a tiny computer that you can use to do surprisingly complex things. It also happens to be behind a fair number of Internet of Things projects.

While some people reach a for Raspberry Pi or something even more powerful, an Arduino or Arduino Uno might be all you need. We’ve put together a list of IoT projects that prove this to be true.

Read more

Also: mDash Cloud platform for IoT Devices Targets ESP8266/ESP32, STM32, and TI CC3220 Wireless MCUs

Installing five flavours of Linux on my new laptop: One month on, here's what I've learned

Filed under
Linux

It's been a month since I wrote about getting a new HP Pavilion 14 laptop and loading Linux on it. My experience with it so far has been extremely good – it has done exactly what I wanted, I haven't had any trouble with it, I have used it, traveled with it, updated all of the various Linux distributions I loaded on it, and even added another distribution to it.

First, I broke one of my own basic rules – never travel with only a new and untested laptop. I left for a three-week-plus vacation in the US the day after my previous posting. I used the laptop pretty much every day during the trip. and never had a problem of any kind. It was fast and reliable, suspend/resume on closing/opening the lid worked perfectly. Battery life is extremely good – I've never actually managed to run the batteries completely out, but I can certainly say that they are good for 6-8 hours depending on your use.

Read more

The cloud isn't killing open source software

Filed under
OSS

The most common reason given for software vendors making these changes is "foul play" by cloud vendors. The argument is that cloud vendors unfairly offer open source software "as a service," capturing large portions of the revenue, while the original software vendor continues to carry most of the development costs. Market rumors claim Amazon Web Services (AWS) makes more revenue from MySQL than Oracle, which owns the product.

So, who is claiming foul play is destroying the open source ecosystem? Typically, the loudest voices are venture-funded open source software companies. These companies require a very high growth rate to justify their hefty valuation, so it makes sense that they would prefer not to worry about additional competition.

Read more

Linux Mint 19.2 Cinnamon Released. Here’s What’s New

Filed under
Linux

Linux Mint releases latest version 19.2 with Cinnamon flavor.

The popular Linux Mint project announced release of 19.2 version with Cinnamon, XFCE and MATE desktop environment flavors. Based on Ubuntu 18.04 LTS package base, Linux Mint is supported 2023 with security updates. This makes it ideal for new users who are migrating to Linux from Windows for the first time along with experienced users.

Read more

today's leftovers

Filed under
Misc
  • Intel Icelake Thunderbolt Support Still Being Squared Away For Linux - Hopefully For 5.4

    Intel Icelake laptops will soon be hitting store shelves and a vast majority of the Linux support has been squared away for many months. Unfortunately one bit still not mainlined is the Thunderbolt support.

    Back in July we wrote about the Icelake Thunderbolt support still not merged yet while Icelake's Gen11 graphics and other new processor features have all been squared away for several kernel releases in ensuring good launch-day support. With Icelake, the Thunderbolt functionality has moved onto the SoC itself (sans the Thunderbolt power delivery) and that's taken additional time for getting the Linux kernel support in order.

  • OBS Studio 24.0 Will Let You Pause While Recording, Other New Options

    For those using OBS Studio for cross-platform live-streaming and screen recording needs, OBS Studio 24.0 is on the way but out first is their release candidate to vet the new features coming into this big update.

  • Kontact and Google Integration Issues

    Lately there were some issues with the Google integration in Kontact which caused that it is no longer possible to add new Google Calendar or Gmail account in Kontact because the log in process will fail. This is due to an oversight on our side which lead to Google blocking Kontact as it did not comply with Google’s policies. We are working on resolving the situation, but it will take a little bit.

    Existing users should not be affected by this - if you already had Google Calendar or Gmail set up in Kontact, the sync should continue to work. It is only new accounts that cannot be created.

    In case of Gmail the problem can mostly be worked around when setting up the IMAP account in KMail by selecting PLAIN authentication1 method in the Advanced tab and using your email and password. You may need to enable Less Secure Applications in your Google account settings in order to be able to log in with regular email address and password.

  • rpminspect-0.3 released

    Released rpminspect-0.3 today with bugs reported and fixed during Flock Budapest 2019.

  • Kevin Fenzi: Flock 2019

    Flock time is upon is! This time in lovely Budapest. As always when flock is in europe, it’s a long flight for me, but otherwise travel was uneventfull: Drive 2 hours to PDX, then PDX to AMS, then a short layover for coffee and stoupwaffles and then AMS to BUD, and finally a taxi ride to the hotel.

    The hotel is quite lovely. It’s right next to the danube river and has a nice view. The AC is working nicely too (it’s quite hot outside here right now). After getting into the hotel yesterday and a quick dinner at a very nice place down the road, I managed to sleep for 10+ hours.

  • Design and Web team summary – 16 August 2019

    This iteration was the Web & design team’s first iteration of the second half of our roadmap cycle, after returning from the mid-cycle roadmap sprint in Toronto 2 weeks ago.

    Priorities have moved around a bit since before the cycle, and we made a good start on the new priorities for the next 3 months.

  • Ubuntu Weekly Newsletter Issue 592

    Welcome to the Ubuntu Weekly Newsletter, Issue 592 for the week of August 11 – 17, 2019. The full version of this issue is available here.

  • KNOB attack: Is my Bluetooth device insecure?

    A recent attack against Bluetooth, called KNOB, has been making waves last week. In essence, it allows an attacker to downgrade the security of a Bluetooth so much that it's possible for the attacker to break the encryption key and spy on all the traffic. The attack is so devastating that some have described it as the "stop using bluetooth" flaw.

    This is my attempt at answering my own lingering questions about "can I still use Bluetooth now?" Disclaimer: I'm not an expert in Bluetooth at all, and just base this analysis on my own (limited) knowledge of the protocol, and some articles (including the paper) I read on the topic.

  • Dear sysadmins: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

    The bug appears to have been revealed on Saturday, August 10, by Özkan Mustafa Akkuş at DEF CON and to have been made available as an exploit in a module for the Metasploit framework. The Webmin maintainers didn't hear about it until Saturday, August 17, when they noticed people discussing the issue on Twitter and Reddit. The CVE was created Thursday, August 15.

    Webmin has about 215,000 installations, according to a Shodan search (account required), and about 13,000 instances of the particularly vulnerable version 1.890.

    [...]

    According to Cooper, the malicious code was introduced into Webmin and Usermin through the project's build infrastructure. "We're still investigating how and when, but the exploitable code has never existed in our GitHub repositories, so we've rebuilt from git source on new infrastructure," he said.

    In an email to The Register, Cooper said the malicious code – which appeared in the Sourceforge repo but not the GitHub repo – was introduced to Webmin on local package build infrastructure before it reached Sourceforge.

  • Backdoor found in Webmin, a popular web-based utility for managing Unix servers [Ed: No, it is not a backdoor and it's not there by design]
Syndicate content