Language Selection

English French German Italian Portuguese Spanish

Linux

Ubuntu for Android and TV signal strong future

Filed under
Linux

It is often said that Linux Desktop distros spend half their time playing catchup with the Windows or OSX Desktop environments. I'd agree for many years this has been the truth however something is happening in the world of Linux. I is starting to innovate again.
Some might say that it has been doing this for years, however i think its fair to say with the numbers of Windows users coming over to the desktop it's had to slow down the innovation and focus on the usability aspect.

Read More

Upgrading your Gen 1 Apple TV to CrystalBuntu..

Filed under
Linux

I recently did a post on cutting the cable which the article explained how you get XBMC 11.0 ontop of the ATV OS. Having run with this for a week or so it turns out that when streaming media from a NAS the playback becomes very choppy and out of sync audio and video occustrs a lot.

Thankfully there is another option however which involves removing the Apple TV OS and putting a Linux based OS onto the box which has been built specifically to work with an AppleTV containing the CrystalHD card.

Read More

Why do I use Linux, or rather why I don't like using Windows.

Filed under
Linux

Anyone who knows me, knows me to be a bit of a Fanboy, I love using Linux I use it on the Desktop, i've migrated may of our servers to it and am a firm advocate for Desktop Linux as an alternative for Windows. Using Linux is an entrance to a whole new world and I don' just mean with Linux, its the gateway to other OS's.

My trip into the wonderful world of *nix operating systems started over 20 years ago when working for the BBC a Sun Indigo was plonked onto my desk. I'd been using different OS's for a while, very early in my career i was using OS/2 instead of Windows 3.1 and this sparked an interested I guess in what was to be come the path for the future.

Read More

Looking at the computer experience

Filed under
Linux

Just a bit of rambling about Linux, as well as reflections and meanderings about computer history in general

Ubuntu Linux Server is a growing but important part of Canonicals stable moving forward

Filed under
Linux

Just been reading an interesting piece on zdnet.com by the love him or hate him auther who is Steven J. Vaughan-Nichols which talks about the possible rise of Ubuntu as a server platform when compared to RHEL. The article quotes the Canonical founder Mark Shuttleworth on some figures from W3Tech.

Read More

Restore the Windows bootloader to MBR after dual-booting with Linux

Filed under
Linux

If you installed the Linux boot loader to the MBR and want to restore the Windows boot loader, this short tutorial shows you how to do it. It is an easy, point-and-click process. And the application that makes it that easy is called EasyBCD, a free-for-personal-use application from Neosmart Technologies.

4 Linux and a BSD Distro every Sysadmin should have in their toolbox

Filed under
Linux

While as a Sysadmin our world is generally speaking goverend by Windows Desktops and servers, Microsoft's OS isn't the best one out there at every task, for some tasks Linux is the answer, I've written on other blogs on a similar topic, about Linux Distros and which ones you will get he most out of. The idea behind most of these Linux Distros is they act as a tool or a set of tools to perform a certain task.
Each one of thses distros is free, downloads as an ISO and can be run (apart from one) booted from a CD without installation.

Read More

How to dual-boot Windows 7 and Chakra Linux Archimedes, with shared NTFS partition at the end

Filed under
Linux

The broad objective, if it is not already evident from the title of this article, is to: Dual-boot Windows 7 and Chakra Archimedes on a computer with one hard drive; then, create an NTFS partition at the end of the drive that will be shared between both operating systems. When completed, you should see this screen when you reboot or restart the computer.

How to install and configure Gufw on Linux Deepin 11.12.1

Filed under
Linux

A new installation of Linux Deepin 11.12.1 does not have any of the network security applications that you find on Ubuntu enabled: A default installation of Linux Deepin 11.12.1, the latest edition, will leave your computer wide open for the bad guys to mess with.

Linux Deepin 11.12.1 review

Filed under
Linux

Linux Deepin is a desktop distribution based on Ubuntu Desktop, but using a modifed GNOME 3 shell, not Ubuntu’s Unity desktop. It was founded by Liu Wenhuan, who is also a co-founder of Wuhan Linux User Group (LUG), a LUG in Wuhan, the capital of Hubei province, China.

Syndicate content

More in Tux Machines

Python Programming

  • Analysis of the progress of COVID-19 in the world with Data Science.

    All the data in this article was made with Data Scientis tools. Given the circumstances the planet is experiencing at the moment, we show below a series of results after implementing Data Science techniques to monitor the virus. For the following analyzes, the data from the Johns repositories were taken Hopkins University Center for Systems Science and Engineering (JHU CSSE). As it is public knowledge, the advance of the pandemic is a worldwidede concer, that is why I consider interesting to be able to make an analysis of certain countries. Therefore we can see in the following graph how the curve of confirmed infected persons in countries such as USA, Italy, France and Argentina advances from the beginning to today.

  • Introduction to the Python HTTP header

    You can create your own custom headers for the HTTP destination using the Python HTTP header plugin of syslog-ng and Python scripts. The included example configuration just adds a simple counter to the headers but with a bit of coding you can resolve authentication problems or fine tune how data is handled at cloud-based logging and SIEM platforms, like Sumologic.

  • Announcing a new Sponsorship Program for Python Packaging

    The Packaging Working Group of the Python Software Foundation is launching an all-new sponsorship program to sustain and improve Python's packaging ecosystem. Funds raised through this program will go directly towards improving the tools that your company uses every day and sustaining the continued operation of the Python Package Index.

  • Python String Concatenation

    String concatenation means creating a new string by combining two or more string values. Many built-in methods and ‘+’ operator are used to combine string values in many programming languages. ‘+’ operator is also used in python to combine string values but it works differently than other scripting languages. In JavaScript, when a string value combines with the number value then the number value will convert automatically into the string and combines with the other string value. But if you do the same task in Python then it will generate an error because Python can’t convert the number into string automatically. Many other ways exist in Python to combine string values. This article shows how you can do string concatenation in Python in different ways. Here, spyder3 editor is used for writing and executing the scripts of this article.

  • Python String Replacement using Pattern

    Any string data can be replaced with another string in Python by using the replace() method. But if you want to replace any part of the string by matching a specific pattern then you have to use a regular expression. It is used to search a specific pattern in a particular string value and the string will be replaced with another string if any match found. Python uses ‘re’ module to use regular expression pattern in the script for searching or matching or replacing. Using regular expression patterns for string replacement is a little bit slower than normal replace() method but many complicated searches and replace can be done easily by using the pattern. You can replace a string in various ways using the pattern in Python. Some common uses of pattern to replace string are shown in this tutorial. Spyder3 editor is used here to write and run the script.

  • Python String startswith and endswith

    Sometimes we need to check the starting or the ending part of any string for the programming purpose. There are two built-in methods in Python to do the task. These are startswith() and endswith() methods. If any string starts with a given prefix then startswith() method will return true otherwise returns false and if any string ending with a given suffix then endswith() method will return true otherwise returns false. How these methods work and use in Python are shown in this tutorial. Spyder3 editor is used here to write and run the python script.

  • Examples are Awesome

    There are two things I look for whenever I check out an Opensource project or library that I want to use. 1. Screenshots (A picture is worth a thousand words). 2. Examples (Don't tell me what to do, show me how to do it). Having a fully working example (or many examples) helps me shape my thought process.

  • App Assisted Contact Tracing

    I don't know how I thought the world would look like 10 years ago, but a pandemic that prevents us from going outside was not what I was picturing. It's about three weeks now that I and my family are spending at home in Austria instead of going to work or having the kids at daycare, two of those weeks were under mandatory social distancing because of SARS-CoV-2. And as cute as social distancing and “flattening the curve” sounds at first, the consequences to our daily lives are beyond anything I could have imagined would happen in my lifetime. What is still conveniently forgotten is that the curve really only stays flat if we're doing this for a very, very long time. And quite frankly, I'm not sure for how long our society will be able to do this. Even just closing restaurants is costing tens of thousands of jobs and closing schools is going to set back the lives of many children growing up. Many people are currently separated from their loved ones with no easy way to get to them because international travel grinded to a halt.

Proprietary Stuff and Openwashing

  • Federal, State, and Local Law Enforcement Warn Against Teleconferencing [Cracking] During Coronavirus Pandemic

    Western District of Michigan U.S. Attorney Andrew Birge advised video conference users: “Whether you run a business, a law enforcement meeting, a classroom or you just want to video chat with family, you need to be aware that your video conference may not be secure and information you share may be compromised. Be careful. If you do get [attacked], call us.”

  • Zoom CEO says company reached 200 million daily users in March

    In order to address the company’s problems, Yuan detailed steps taken including removing Facebook’s software development kit to stop the collection of unnecessary user data, updating Zoom’s privacy policy to be more transparent, giving tips to users to prevent Zoom bombings and offering more specific programs for classes on Zoom.

  • Update: Zoom issues fix for UNC vulnerability that lets [attackers] steal Windows credentials via chat

    All an attacker needs to do is to send a link to another user and convince them to click it, for the attack to commence. Though the Windows password is still encrypted, the hack claims it can be easily decrypted by third-party tools if the password is a weak one.

  • Thousands of Zoom recordings exposed because of the way Zoom names recordings

    Thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings, according to a report by The Washington Post. The recordings are apparently named in “an identical way” and many have been posted onto unprotected Amazon Web Services (AWS) buckets, making it possible to find them through an online search.

    One search engine that can look through cloud storage space turned up more than 15,000 Zoom recordings, according to The Washington Post. “Thousands” of clips have apparently also been uploaded to YouTube and Vimeo. The Washington Post said it was able to view recordings of therapy sessions, orientations, business meetings, elementary school classes, and more.

  • Move Fast & Roll Your Own Crypto

    Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.

    The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.

    Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

  • ‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn

    Federal prosecutors are now warning pranksters and [attackers] of the potential legal implications of “Zoombombing,” wherein someone successfully invades a public or sometimes even private meeting over the videoconferencing platform to broadcast shock videos, pornography, or other disruptive content.

    The warning was posted as a press released to the Department of Justice’s website under the US Attorney’s office for the state’s Eastern district with support from the state attorney general and the FBI.

  • [Attackers] are targeting your kids to infect Android and Chromebook devices with malware

    Hide your kids; hide your wives. Security investigators from Check Point Research discovered 56 malware-infected Google Play apps. Before Google had a chance to pull them down, users already downloaded the apps one million times; 24 of those apps, Check Point Research discovered, targeted children.

    The study -- spearheaded by Israel Wernik, Danil Golubenko , Aviran Hazum -- found that the Google Play Store-based apps were poisoned with Tekya, which is a form of adware. The goal of Tekya, Hazum told Laptop Mag, is to commit mobile-ad fraud.

  • Apparently Microsoft’s Claim of 775 Percent Surge in Cloud Services Wasn’t Really Accurate

    The company has now made a correction, saying that the 775 percent increase was experienced by Microsoft Teams, not all of the cloud offerings, which isn't as surprising since the video calling app generated over 900 million meeting and calling minutes daily in a one-week period alone.

    As it turns out the figure also only came from Microsoft Teams' users in Italy, where millions of people were put under lockdown. The corrected statement now reads: [...]

  • Zoom isn’t actually end-to-end encrypted

    Zoom does use TLS encryption, the same standard that web browsers use to secure HTTPS websites. In practice, that means that data is encrypted between you and Zoom’s servers, similar to Gmail or Facebook content. But the term end-to-end encryption typically refers to protecting content between the users entirely with no company access at all, similar to Signal or WhatsApp. Zoom does not offer that level of encryption, making the use of “end-to-end” highly misleading.

  • Zoom Calls Are Not End-to-End Encrypted Contrary to Claims

    What this means it that Zoom can access the video feed of your meetings. The company did confirm that it does not “directly access, mine, or sell user data.”

    Zoom offers an option where a meeting can only be hosted with mandatory encryption for third-party endpoints. However, when contacted, the company clarified that it is currently not possible to hold E2E video meetings using Zoom.

  • Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems

    With its vaguely worded privacy policies and misleading marketing materials, Zoom’s real overarching issue seems to be a lack of transparency. Combine that with an apparent lack of forethought about how video meetings with insufficient privacy protections — both on the back and the front end — could be exploited by [attackers] or trolls. This entire scenario becomes especially problematic considering the growing number of students that Zoom eagerly recruits for the platform. It all seems like a bad publicity time bomb that went off as soon as Zoom became an essential piece of pandemic software and people started really looking more closely at how the service worked.

  • Dark Sky Has a New Home

    Android and Wear OS App

    The app will no longer be available for download. Service to existing users and subscribers will continue until July 1, 2020, at which point the app will be shut down. Subscribers who are still active at that time will receive a refund.

    Website

    Weather forecasts, maps, and embeds will continue until July 1, 2020. The website will remain active beyond that time in support of API and iOS App customers.

  • Microsoft’s Skype struggles have created a Zoom moment

    The transition lasted years, and resulted in calls, messages, and notifications repeating on multiple devices. Skype became unreliable, at a time when rivals were continuing to offer solid alternatives that incorporated messaging functionality that actually worked and synced across devices. Instead of quickly fixing the underlying issues, Microsoft spent years trying to redesign Skype. This led to a lethal combination of an unreliable product with a user experience that changed on a monthly basis.

  • ‘War Dialing’ Tool Exposes Zoom’s Password Problems

    Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day. Each instance, he said, has a success rate of approximately 14 percent, meaning for each random meeting number it tries, the program has a 14 percent chance of finding an open meeting.

    Only meetings that are protected by a password are undetectable by zWarDial, Lo said.

  • Open Source Moves From Rebel to Mainstream

    That shift has its critics. “The degree in which corporations knowingly and openly use open source has grown,” says Karl Fogel, a developer and open-source advocate. Still, some open-source developers feel that although these businesses build a lot of value on top of their work, they’re not seeing “enough of it flowing back to them,” Fogel says.

    But the narrative of a noncommercial open source being colonized by the corporate world also has its flaws, cautions Fogel. Open source has always been commercial to a certain degree. Even in the more radical currents of the movement, where the term “free software” is preferred over open source, making money isn’t necessarily shunned. Richard Stallman, one of the movement’s pioneers, famously said that the “free” in “free software” should be taken as “free speech, not free beer.” All the talk about freedom and digital self-ownership doesn’t preclude making money.

  • HPE announces new open source programme to simplify 5G rollout

    Hewlett Packard Enterprise (HPE) today announced the Open Distributed Infrastructure Management initiative, a new open source programme that will simplify the management of large-scale geographically distributed physical infrastructure deployments. In addition, HPE will introduce an enterprise offering, the HPE Open Distributed Infrastructure Management Resource Aggregator that is aligned with the initiative. Open Distributed Infrastructure Management helps resolve the complexity that telcos face in rolling out 5G networks across thousands of sites equipped with IT infrastructure from multiple vendors and different generations of technology. This new initiative underlines HPE’s continued leadership in open 5G technologies and commitment to accelerating industry alignment through open source innovation.

Android Leftovers

Security Leftovers

  • Browser makers cite coronavirus, restore support for obsolete TLS 1.0 and 1.1 encryption

    By common agreement, Google's Chrome, Microsoft's Internet Explorer (IE) and Edge, and Mozilla's Firefox were to disable support for TLS 1.0 and 1.1 early in 2020. They, along with Apple - which produces Safari - announced the move a year and a half ago, noting then that the protocols had been made obsolete by TLS 1.2 and 1.3.

    Apple, Google and Mozilla had committed to dropping support in March 2020, while Microsoft had only promised to purge TLS 1.0 and 1.1 sometime during the first half of this year.

    But it was Microsoft that was most detailed about the TLS turnabout. "In light of current global circumstances, we will be postponing this planned change - originally scheduled for the first half of 2020," Karl Pflug, of the Edge developer experience team, wrote in a post to a company blog.

  • Security updates for Friday

    Security updates have been issued by Debian (mediawiki and qbittorrent), Gentoo (gnutls), Mageia (bluez, kernel, python-yaml, varnish, and weechat), Oracle (haproxy and nodejs:12), SUSE (exiv2, haproxy, libpng12, mgetty, and python3), and Ubuntu (libgd2).

  • Google Squashes High-Severity Flaws in Chrome Browser

    Do you use Google Chrome as your web browser? Google has patched high-security vulnerabilities in its Chrome browser, and is rolling out the newest Chrome browser version in the coming days. [...] As is typical for Chrome updates, Google is initially scant in details of the bugs “until a majority of users are updated with a fix.” It did outline three of the vulnerabilities that were discovered by external researchers, however. These included two high-severity vulnerabilities the WebAudio component of Chrome (CVE-2020-6450 and CVE-2020-6451). The WebAudio component is used for processing and synthesizing audio in web applications. The flaws tied to CVE-2020-6450 and CVE-2020-6451 are both use-after-free flaws. Use after free is a memory corruption flaw where an attempt is made to access memory after it has been freed. This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code.

  • How YubiKey Bio could make remote security concerns a thing of the past

    The bottom line is, your office brings a level of built-in security that’s not as readily available at home. Even if your Wi-Fi is WPA2-encrypted with a strong password, the security on your PC and personal accounts likely pales in comparison to the firewalls and intranets inside your office. “This is the perfect scenario for an attacker to thrive in and opens opportunities for social engineering and phishing attacks––making it imperative for businesses to develop a contingency plan that includes securing remote workers,” said Appenzeller. “Enabling multi-factor authentication wherever possible is one of the best ways to protect a remote team and should be a top requirement for a work-from-home policy.”