Language Selection

English French German Italian Portuguese Spanish

Site Map

Blogs

Community blog and recent blog authors at Tux Machines.

Forum

forums

content

blog

More in Tux Machines

Devices: Open Source Arduino Buzzers, GNU Projects for the Motorola 68HC11, Android Pico Projector

  • Game On With These Open Source Arduino Buzzers

    Planning a game of Hacker Jeopardy at your next meetup? You’re going to want some proper buzzers to complete the experience, but why buy when you can build? [Flute Systems] has released an open source DIY game buzzer system based on the Arduino that will help instantly elevate your game. Certainly beats just yelling across the room. The design has been made to be as easily replicable as possible: as long as you’ve got access to a 3D printer to run off the enclosures for the buzzers and base station, you’ll be able to follow along no problem. The rest of the project consists of modular components put together with jumper wires and scraps of perfboard. Granted it might not be the most elegant solution, but there’s something to be said for projects that beginners and old salts alike can complete.

  • GNU Projects for the Motorola 68HC11

    Now that the GNU GCC 3.0 compiler has shipped and supports cross-compilation on the 68HC11 and 68HC12, what can you do with it? You can try out NanoK, a “nanoscopic” task-switching kernel. Or how about running Ethernet and a TCP/IP stack on your 68HC11? These and other uses of the GNU tool chain for 68HC11/68HC12 chips is covered at www.gnu-m68hc11.org. You’ll also find lots of documentation on installing and using the GNU compiler and tool chain.

  • Philips Crowdfunds PicoPix Max Android Pico Projector with Autofocus

OSS Leftovers

  • This Program Makes It Even Easier to Make Deepfakes

    A new method for making deepfakes creates realistic face-swapped videos in real-time, no lengthy training needed. Unlike previous approaches to making deepfakes—algorithmically-generated videos that make it seem like someone is doing or saying something they didn’t in real life—this method works on any two people without any specific training on their faces. Most of the deepfakes that are shared online are created by feeding an algorithm hundreds or thousands of images of a specific face. The algorithm "trains" on that specific face so it can swap it into the target video. This can take hours or days even with access to expensive hardware, and even longer with consumer-grade PC components. A program that doesn’t need to be trained on each new target is another leap forward in making realistic deepfakes quicker and easier to create. [...] On their project website, the researchers say that the project code will eventually be available on GitHub...

  • 5 Free and Open Source CRM Software

    We’re here to save you time by going over some of the most popular free and open source CRM solutions and when you should consider paid system...

  • A free/open tool for making XKCD-style "hand-drawn" charts

    Tim Qian, a "full stack developer and open source activist," has published chart.xkcd, a free/open tool that lets you create interactive, "hand-drawn" charts in the style of XKCD comics. It's pretty fabulous!

  • The Secret Source: Machine Learning and Open Source Come Together

    There was a time when banks and asset managers would dare not talk about their use of AI—and, specifically, machine learning—in public forums, as they either viewed it as taboo or they wanted to hide its power from competitors. The secret, though, is out of the black box.

  • How China became a hero in open source

    China was once a relative zero when it came to software. Not anymore. In both proprietary and open source development, China's influence is growing. Sure, open source has helped to fuel that rise—as Swim.ai CTO Simon Crosby has suggested, "Now [China] can download our best, for free, every day"—but this tells an incomplete story. China may have been a net consumer of code once upon a time, but now has gone from zero to hero in open source.

  • The 7 Best Tools for Open-Source Network Bandwidth Monitoring

    Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is. There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users. Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when. Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

  • Au Revoir DTW

    While I wanted to use it for my tiny, crazy, work in progress thoughts, I find that it was increasingly being subsumed by my new shiny Mastodon. And as the volume of things I write now scales up, I do not want another place to maintain.

  • How To Promote Real Social Good

    It was big news this week when the nation’s most powerful chief executives finally acknowledged that corporations should contribute more to society than maximizing shareholder value. [...] This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation. [...] We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

Security Leftovers

  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

GNOME Feeds is a Simple RSS Reader for Linux Desktops

Feedreader, Liferea, and Thunderbird are three of the most popular desktop RSS readers for Linux, but now there’s a new option on the scene. GNOME Feeds app is simple, no-frills desktop RSS reader for Linux systems. It doesn’t integrate or sync with a cloud-based service, like Feedly or Inoreader, but you can import a list of feeds via an .opml file. “Power” users of RSS feeds will likely find that GNOME Feeds a little too limited for their needs. But the lean feature set is, arguably, what will make this app appeal to more casual users. Read more