Language Selection

English French German Italian Portuguese Spanish

Site Map

Blogs

Community blog and recent blog authors at Tux Machines.

Forum

forums

content

blog

More in Tux Machines

Security and Digital Restrictions (DRM) Leftovers

  • Security updates for Thursday

    Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).

  • The Common Pitfalls of Cloud Native Software Supply Chains

    Daniel Shapira talks about some of the common security vulnerabilities found in cloud-native environments, and why it is important to take security measures immediately to protect instances in the cloud.

  • Microsoft Zero-Day Actively Exploited, Patch Forthcoming

    An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available.

    The bug (CVE-2020-0674) which is listed as critical in severity for IE 11, and moderate for IE 9 and IE 10, exists in the way that the jscript.dll scripting engine handles objects in memory in the browser, according to Microsoft’s advisory, issued Friday.

    The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user – meaning that an adversary could gain the same user rights as the current user.

  • [Cracker] Leaks More Than 500K Telnet Credentials for IoT Devices

    A [cracker] has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things (IoT) devices online on a popular [cracking] forum in what’s being touted as the biggest leak of Telnet passwords to date, according to a published report.

  • How to stop typosquatting attacks

    Cybercriminals are turning to social engineering to try to trick unsuspecting people into divulging private information or valuable credentials. It is behind many phishing scams where the attacker poses as a reputable company or organization and uses it as a front to distribute a virus or other piece of malware. One such risk is typosquatting, a form of social engineering attack that tries to lure users into visiting malicious sites with URLs that are common misspellings of legitimate sites. These sites can cause significant damage to the reputation of organizations that are victimized by these attackers and harm users who are tricked into entering sensitive details into fake sites. Both system administrators and users need to be aware of the risks and take steps to protect themselves. Open source software, which is developed and tested by large groups in public repositories, is often lauded for its security benefits. However, when it comes to social engineering schemes and malware implantation, even open source tools can fall victim.

  •      
  • Sonos Will Stop Updating Older Speakers, Even Though 92% 'Still In Use'
           
    Sonos will stop updating its older speakers and hardware in May, the company has announced.
  •               
  • Tale of Jailbreaking Disobedient IoT Appliances Shortlisted for the National Canada Reads Prize
           
             

    In Unauthorized Bread, a novella by EFF Special Advisor Cory Doctorow published in his 2019 Tor Books collection Radicalized, a refugee named Salima leads a mass jailbreaking of the locked-down Internet of Things appliances in a subsidized housing unit in Boston. With this act, Salima and others risk eviction, felony prosecution under Section 1201 of the Digital Millennium Copyright Act and deportation to the countries they fled in fear of their lives.

             

    Radicalized has just been named a finalist in Canada Reads, the Canadian Broadcasting Corporation's national book prize. In honor of the occasion, Ars Technica has published Unauthorized Bread in full.

Games: Europa Universalis IV, Overcooked, ScourgeBringer and CreatorCrate

  • Paradox to trial a subscription system to help with DLC overload for Europa Universalis IV

    Recently Paradox Interactive and Paradox Development Studio put out a small update for Europa Universalis IV, initially saying it didn't really do much. However, after users did some digging, they had to release a statement about upcoming subscription plans. Initially, the update notes said they were "running a few experiments aimed at reducing the threshold for new players to access the full EU4 experience" and that they didn't want to disclose what as it would "interfere with the test". Not long after the post, a user replied to show subscriptions mentioning a "monthly payment" for DLC access.

  • Overcooked! 2 has a free content update out with the Spring Festival

    Team17 and Ghost Town Games have released a nice free content update for the crazy co-op cooking game Overcooked! 2. See Also: Some previous thoughts on Overcooked! 2. Out now, the Spring Festival update celebrates the upcoming Year of the Rat for the Chinese New Year celebrations later this month. It adds in five new specially themed kitchens to play through, plus two new chefs with the Rat Chef and Turtle Chef you can select as playable characters.

  • ScourgeBringer - an incredibly stylish mix something between 'Dead Cells and Celeste' arrives soon

    Flying Oak Games and Dear Villagers have announced that ScourgeBringer, their wonderfully stylish rogue-lite platformer is releasing on February 6 in Early Access. The same team that worked on NeuroVoider have returned, with what they say blends elements of Dead Cells and Celeste into a post-apocalyptic world where a mysterious entity wreaked havoc on all humanity. Sounds bleak but the graphics certainly look vibrant.

  • Try the demo for CreatorCrate, a wild roguelike platformer with a curved world and physics fun

    CreatorCrate is currently in development, a little rough around the edges but it's showing a lot of promise to be a very fun roguelike platformer with plenty of uniqueness. With a curved game world set inside a rotating space station, changing gravity, physics interactions with you being able to pick up objects and launch them across the screen—it certainly has a good amount of charm.

Red Hat Leftovers

  • Using Kubernetes ConfigMaps to define your Quarkus application’s properties

    So, you wrote your Quarkus application, and now you want to deploy it to a Kubernetes cluster. Good news: Deploying a Quarkus application to a Kubernetes cluster is easy. Before you do this, though, you need to straighten out your application’s properties. After all, your app probably has to connect with a database, call other services, and so on. These settings are already defined in your application.properties file, but the values match the ones for your local environment and won’t work once deployed onto your cluster. So, how do you easily solve this problem? Let’s walk through an example.

  • Deploy PostgreSQL in OpenShift backed by OpenShift Container Storage

    PostgreSQL has been the fastest growing open source RDBMS over the past decade. It has a solid community and has been around for many years adding more and more features. PostgreSQL features ACID (Atomicity, Consistent, Isolation and Durability) properties. It has indexes (primary/unique), updatable views, triggers, foreign keys (FKs) and even stored procedures (SPs). PostgreSQL also features built-in replication via shipping the WAL (Write Ahead Log) to a number of different database replicas. These replicas can be used in read-only mode. It also has a synchronous replication, where the master waits for at least one replica to have written the data before ACKing.

  • Convert2RHEL: How to update RHEL-like systems in place to subscribe to RHEL

    Convert2RHEL: How to update RHEL-like systems in place to subscribe to RHEL Over the years, one of the requests Red Hat has gotten over and over again is for help converting other Linux systems to Red Hat Enterprise Linux, in place. We're happy to announce the availability of Convert2RHEL in EPEL. This is a tool that can be used for the conversion of other-than-RHEL systems to RHEL to allow Red Hat to provide support for them. In this post we'll look at systems that can be converted with Convert2RHEL, some of its limitations, and some basic usage. [...] We recommend that customers who want to convert non-RHEL systems to RHEL set up a consulting engagement with Red Hat's Consulting Services. However, we are making the tool available as a self-service option for those customers who wish to try to convert their systems on their own. Naturally, we strongly recommend having tested backups for any system that you are looking to run a conversion on. If you have a support agreement with another vendor, it's our recommendation that you maintain that agreement while working on the transition to RHEL, as we do not provide support for non-RHEL systems. Note that we cannot support "hybrid" systems that have a mix of RHEL and other (e.g. CentOS) packages. Once a system has been converted to RHEL via the Convert2RHEL tool, or if you do a clean install of RHEL, then it can be eligible for support with a Red Hat Enterprise Linux subscription.

  • Culture of innovation and collaboration: Open Data Hub

    Red Hat is continually innovating and part of that innovation includes researching and striving to solve the problems our customers face. That innovation is driven through the Office of the CTO and includes Red Hat OpenShift, Red Hat OpenShift Container Storage and innovative projects such as the Open Data Hub. We recently interviewed Juana Nakfour, Senior Software Engineer in the AI Center of Excellence for the office of the CTO at Red Hat, about this very topic. [...] Open Data Hub is a meta-Operator that has a lot of tools packaged together that can easily install an end-to-end AI/ML platform at once. Just the fact that they're modular and all in together, connected, means you can use module A, together with module P together with module E, which makes it easier for data scientists and engineers to develop faster.

  • Introducing the syslog-ng-stable RPM repositories

    For many years – especially after syslog-ng changed to a rolling release model – users I talked to asked for up-to-date RPM packages. They also asked for a separate repository for each new release to avoid surprises (a new release might accidentally or even intentionally break old features) and to be able to use a given release if they want to (“if it works, do not fix it”). That is how my unofficial RPM repositories were born. Recently some long-time syslog-ng users and members of the Splunk community started to ask for a repository, which always has the latest syslog-ng version available. Most users still prefer to use separate repositories. That is how I came up with the idea for the syslog-ng-stable repository: I push a new release to this new rolling repo only after at least a week of delay. This is enough to spot most major problems. Once the delay is over and everything seems to be OK, I can push the latest release to the syslog-ng-stable repo. If there is a bigger problem, I can skip the release in the stable repo or wait for a fix.

  • IBM snaps out of its revenue doldrums, breaking a five-quarter losing streak in Q4

    International Business Machines is living a case study of a large, established company vying to transform. Over the last decade, the technology elder has struggled to move into areas like cloud and AI. IBM has leaned on a combination of its own R&D abilities and deep pockets to push into modern markets, but has struggled to turn them into revenue growth. At one point, Big Blue posted 22 sequential quarters of falling revenue, a mind-boggling testament to how hard it can be to turn around a juggernaut. More recently, IBM shrank for another five consecutive quarters, a streak it broke with yesterday’s news that it had beat analyst expectations.

  • MontaVista Software Announces Commercial Support for CentOS

    MontaVista® Software, LLC, extends its coverage of non-MontaVista Linux distributions by announcing commercial support for CentOS. In addition to Clear Linux OS commercial support that was announced in 2019 (http://bit.ly/302qQMB), MontaVista extends its commitment to the embedded Linux community with CentOS support and maintenance programs.

How to Remove Docker Containers [Beginner Tutorial]

Learn how to remove docker containers in various situations with these practical examples. Read more