Language Selection

English French German Italian Portuguese Spanish

Debian

SolydXK 10.4 Distro Released, Based on Debian GNU/Linux 10.4 “Buster”

Filed under
GNU
Linux
Debian

As its version number suggests, SolydXK 10.4 is based on Debian GNU/Linux 10.4, which was released in early May 2020 with more than 50 security updates and over 100 bug fixes.

The SolydXK team has worked hard over the past several months to bring you SolydXK 10.4, which includes the latest Linux 4.19 kernel and up-to-date packages from the Debian Buster repositories.

On top of that, the new release comes with some important under-the-hood changes. For example, the /usr directories have been merged and the /bin, /sbin and /lib directories have now become symbolic links to /usr/bin, /usr/sbin and /usr/lib.

Read more

Security 101: Beginning with Kali Linux

Filed under
GNU
Linux
Security
Debian

I’ve found a lot of people who are new to security, particularly those with an interest in penetration testing or red teaming, install Kali Linux™1 as one of their first forays into the “hacking” world. In general, there’s absolutely nothing wrong with that. Unfortunately, I also see many who end up stuck on this journey: either stuck in the setup/installation phase, or just not knowing what to do once they get into Kali.

This isn’t going to be a tutorial about how to use the tools within Kali (though I hope to get to some of them eventually), but it will be a tour of the operating system’s basic options and functionality, and hopefully will help those new to the distribution get more oriented.

Read more

Debian-based Grml 2020.06 Released and NsCDE in Debian-based Sparky

Filed under
Debian

  • Grml 2020.06 – Codename Ausgehfuahangl

    We did it again™, at the end of June we released Grml 2020.06, codename Ausgehfuahangl. This Grml release (a Linux live system for system administrators) is based on Debian/testing (AKA bullseye) and provides current software packages as of June, incorporates up to date hardware support and fixes known issues from previous Grml releases.

    I am especially fond of our cloud-init and qemu-guest-agent integration, which makes usage and automation in virtual environments like Proxmox VE much more comfortable.

  • NsCDE

    There is a new desktop available for Sparkers: NsCDE

    What is NsCDE?

    Not so Common Desktop Environment (NsCDE) is a retro but powerful (kind of) UNIX desktop environment which resembles CDE look (and partially feel) but with a more powerful and flexible framework beneath-the-surface, more suited for 21st century unix-like and Linux systems and user requirements than original CDE.
    NsCDE can be considered as a heavyweight FVWM theme on steroids, but combined with a couple other free software components and custom FVWM applications and a lot of configuration, NsCDE can be considered a lightweight hybrid desktop environment.

Debian Work by Utkarsh Gupta, Mike Gabriel and Ben Hutchings

Filed under
Debian
  • Utkarsh Gupta: FOSS Activites in June 2020

    This was my 16th month of contributing to Debian. I became a DM in late March last year and a DD last Christmas! \o/

    This month was a little intense. I did a a lot of different kinds of things in Debian this month. Whilst most of my time went on doing security stuff, I also sponosred a bunch of packages.

  • Mike Gabriel: My Work on Debian LTS (June 2020)

    In June 2020, I have worked on the Debian LTS project for 8 hours (of 8 hours planned).

  • Ben Hutchings: Debian LTS work, June 2020

    I was assigned 20 hours of work by Freexian's Debian LTS initiative, and worked all 20 hours this month.

    I sent a final request for testing for the next update to Linux 3.16 in jessie. I also prepared an update to Linux 4.9, included in both jessie and stretch. I completed backporting of kernel changes related to CVE-2020-0543, which was still under embargo, to Linux 3.16.

Debian: Sparky, TeX Live and Development Reports

Filed under
Debian
  • Sparky news 2020/06

    The 6th monthly report of 2020 of the Sparky project:

    • Linux kernel updated up to version 5.7.6 & 5.8-rc3
    • added to repos: Popcorn-Time, eDEX-UI, Visual Studio Code, VSCodium, Bitcoin-Qt, Litecoin-Qt
    • Sparky 2020.06 of the rolling line released
    • a point release of the stable line is on the way, stay tuned

  • TeX Live Debian update 20200629

    More than a month has passed since the last update of TeX Live packages in Debian, so here is a new checkout!

  • Chris Lamb: Free software activities in June 2020

    As part of my duties of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthly meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics and policy etc.

    [...]

    One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security. However, whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into ostensibly secure software during the various compilation and distribution processes.

    The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

    [...]

    This month I have worked 18 hours on Debian Long Term Support (LTS) and 5¼ hours on its sister Extended LTS project.

  • Paul Wise: FLOSS Activities June 2020

    This month I didn't have any particular focus. I just worked on issues in my info bubble.

    [...]

    The ifenslave and apt-listchanges work was sponsored by my employer. All other work was done on a volunteer basis.

Tails 4.8 is out

Filed under
Security
Debian

This release fixes many security vulnerabilities. You should upgrade as soon as possible.

Read more

Also: Tails 4.8 Anonymous OS Released with Linux Kernel 5.6, Improved Security

Debian: MiniDebConfOnline 2020, BTS and Cinnamon 4.6 for Debian GNU/Linux

Filed under
Debian
  • MiniDebConfOnline 2020 - I'm a programmer, how can I help Debian
  • developer-reference challenge: get the bug count down to 0

    As of now, the BTS counts 52 bugs for src:developers-reference and I'd like to get this down to zero, because src:developers-reference is just documenting best practices and this should be easy and done well.

    So, I've been trying to keep the habit of fixing at least one bug per month and I also try to do one upload per month. And I very much welcome your patches, commits, MRs and bug reports, because else it will take more than 5 years. Though I'm hopeful, src:developers-reference is maintained by the debian group on salsa, which is like a thousand people.

  • Cinnamon 4.6 for Debian

    After a few rounds of testing in experimental, I have uploaded Cinnamon 4.6 packages to Debian/unstable. Nothing spectacular new besides the usual stream of fixes. Enjoy the new Cinnamon!

KDE/Plasma 5.19.2 for Debian

Filed under
KDE
Debian

I have been preparing this release for quite some time, but due to Qt 5.12 I could only test it in a virtual machine using Debian/experimental. But now, finally, a full upgrade to Plasma 5.19(.2) has arrived.

Unfortunately, it turned out that the OBS build servers are either overloaded, incapable, or broken, but they do not properly build the necessary packages. Thus, I make the Plasma 5.19.2 (and framework) packages available via my server, for amd64. Please use the following apt line...

Read more

Raspberry Pi VideoCore IV Boards Get an Unofficial Vulkan Driver Good Enough to Play Quake 3

Filed under
Linux
Debian

The Raspberry Pi Foundation is collaborating with Igalia to work on everything related to graphics support for VideoCore VI GPU found in Raspberry Pi 4’s Broadcom BCM2711 SoC. This lead to OpenGL ES 3.1 conformance at the beginning of the year, and good progress with Raspberry Pi 4 Vulkan support.

There’s no plan to work on an official Vulkan driver for earlier Raspberry Pi boards with VideoCore IV GPU, but since the Raspberry Pi Foundation released open-source VideoCore IV driver and documentation several years ago, it’s, in theory, possible for skilled developers to improve on it. That’s exactly what Martin Thomas, an NVIDIA engineer, has done in his spare time, and after two years of work, a Vulkan driver for Raspberry Pi VideoCore IV board – RPi-VK-Driver – has been released on Github.

Read more

Easy Buster version 2.3.2

Filed under
Debian

EasyOS versions 1.x are the "Pyro" series, the latest is 1.3. Easy Pyro is built with packages compiled from source using 'oe-qky-src', a fork of OpenEmbedded. Consequently, the builds are small and streamlined and integrated. The Pyro series may have future releases, but it is considered to be in maintenance status.
The "Buster" series start from version 2.0, and are intended to be where most of the action is, ongoing. Version 2.0 was really a beta-quality build, to allow the testers to report back. The first official release was 2.1.
The main feature of Easy Buster is that it is built from Debian 10 Buster DEBs, using WoofQ (a fork of Woof2: Woof-CE is another fork, used to build Puppy Linux).
The advantage of Buster over Pyro is access to the large Debian package repositories. That is a big plus.
On the other hand, DEB packages have many dependencies, and the end result is a release considerably larger than Pyro with similar app selection. For example, the download file of Pyro 1.2 is 418MB, Buster 2.1 is 504MB -- despite the Buster build having less apps (Pyro has Qt5 and big Qt5-based apps such as Scribus, this is all missing from the Buster build, but can be installed).

Read more

Also: EasyOS version 2.3.2 released

Syndicate content

More in Tux Machines

today's leftovers

  • Doom Emacs For Noobs

    Doom Emacs is my preferred text editor, and I have made several videos about it. But some of those videos assumed that the viewer had some knowledge of Vim and/or Emacs. So I decided to make this Doom Emacs introductory video for the complete noob! This video covers how to install Doom Emacs, how to configure it, and some of the basic keybindings and commands.

  • The Endless Stream Of Linux Video Topics To Sift Through
  • Debian Janitor: Expanding Into Improving Multi-Arch

    The Debian Janitor is an automated system that commits fixes for (minor) issues in Debian packages that can be fixed by software. It gradually started proposing merges in early December. The first set of changes sent out ran lintian-brush on sid packages maintained in Git. This post is part of a series about the progress of the Janitor.

  • New Debian Maintainers (July and August 2020)

    The following contributors were added as Debian Maintainers in the last two months: Chirayu Desai Shayan Doust Arnaud Ferraris Fritz Reichwald Kartik Kulkarni François Mazen Patrick Franz Francisco Vilmar Cardoso Ruviaro Octavio Alvarez Nick Black Congratulations!

  • MYIR launches FZ5 EdgeBoard AI Box for AI on the Edge

    Back in July of this year (2020), MYRI technology announced the MYIR’s FZ3 deep learning accelerator card powered by the Xilinx Zynq UltraScale+ ZU3EG Arm FPGA MPSoC and it is capable of delivering up to 1.2TOPS computing power. With only a few months since that launch, MYRI technology is now announcing another two related sets of products – FZ5 EdgeBoard AI Box and the FZ5 Card.

  • SYNCPLIFY.ME AFT! V3.0 SUPPORTS LINUX ON ARM

    But, arguably, the most relevant new feature is AFT!’s native support for ARM processors, when in combination with a Linux operating system. With giants like Apple, moving away from the x86 architecture to fully embrace ARM on their entire product line, it was a strategic choice for Syncplify to be ahead of the curve, and release an ARM-native version of their software.

  • Where’s the Yelp for open-source tools?

    We’d like an easy way to judge open-source programs. It can be done. But easily? That’s another matter. When it comes to open source, you can’t rely on star power. The “wisdom of the crowd” has inspired all sorts of online services wherein people share their opinions and guide others in making choices. The Internet community has created many ways to do this, such as Amazon reviews, Glassdoor (where you can rate employers), and TripAdvisor and Yelp (for hotels, restaurants, and other service providers). You can rate or recommend commercial software, too, such as on mobile app stores or through sites like product hunt. But if you want advice to help you choose open-source applications, the results are disappointing. It isn’t for lack of trying. Plenty of people have created systems to collect, judge, and evaluate open-source projects, including information about a project’s popularity, reliability, and activity. But each of those review sites – and their methodologies – have flaws. Take that most archaic of programming metrics: Lines of code (LoC). Yes, it’s easy to measure. But it’s also profoundly misleading. As programming genius Edsger Dijkstra observed in 1988, LoC gives people “the reassuring illusion that programs are just devices like any others, the only difference admitted being that their manufacture might require a new type of craftsmen, viz. programmers. From there it is only a small step to measuring ‘programmer productivity’ in terms of ‘number of lines of code produced per month.’ This is a very costly measuring unit because it encourages the writing of insipid code.” We’ve gotten better since then, haven’t we? Perhaps not.

  • These Weeks in Firefox: Issue 79
  • Fun with Java Records

    Records, like lambdas and default methods on interfaces are tremendously useful language features because they enable many different patterns and uses beyond the obvious. Java 8 brought lambdas, with lots of compelling uses for streams. What I found exciting at the time was that for the first time lots of things that we’d previously have to have waited for as new language features could become library features. While waiting for lambdas we had a Java 7 release with try-with-resources. If we’d had lambdas we could have implemented something similar in a library without needing a language change.

  • How to code a basic WordPress plugin

    With over 7 million downloads for WordPress 5.3 alone, WordPress has become one of the most influential CMS of all time.

  • Laravel CSRF Protection

    The full form of CSRF is Cross-Site Request Forgery. It is one type of online attack in which the attacker sends requests as an authorized user to a system by gaining access information of a particular user of that system and performs different types of malicious activities by using the identity of that user. The impact of this attack depends on the victim’s privileges on the system. If the victim is a normal user then it will affect the personal data of the victim only. But if the victim is the administrator of the system then the attacker can damage the whole system. The users of any business website, social networking can be affected by this attack. This attack can be prevented easily by using Laravel CSRF protection to make the system more secure. Laravel generates CRSF token for each active user session automatically by which any request and approval are given to the authenticated user for the system. How Laravel CSRF Protection can be applied in the Laravel application is shown in this tutorial.

  • Popular VPN closes critical vulnerability on Linux client

    The VPN service Private Internet Access (PIA) has released a new version of its Linux client which fixes a critical vulnerability that could have allowed remote attackers to bypass the software's kill switch. The vulnerability, tracked as CVE-2020-15590, was discovered by Sick Codes and it affects versions 1.5 through 2.3 of PIA's Linux client. The client's kill switch is configured to block all inbound and outbound network traffic when a VPN connection drops. However, privileged applications still have the ability to send and receive network traffic even when the kill switch is turned on if net.ipv4.ip_forward has been enabled in the system kernel parameters. [...] “For the issue raised, we have no legacy customer support requests relating to this use case. We welcome input from community sources in addressing their usage and with this in mind, we took the decision to support this use case with our next Linux client release.” PIA users running Docker on Linux should upgrade to version 2.4 of the company's client as soon as possible to avoid any potential attacks leveraging this vulnerability.

  • 3 ways to protect yourself from imposter syndrome

    Poet and activist Maya Angelou published many books throughout her storied career, but each time, she feared people would figure out that she'd "run a game on everybody, and they're going to find me out." This seems an odd response from a well-honored writer. What she is describing is her own challenge with imposter syndrome. Think for a moment about your own accomplishments. Being hired into a new role. Having your first open source contribution merged into the project. Receiving an award or recognition. Being invited to participate in a project or event with people you respect and look up to. Did you question whether you belonged there? Did you fear people would "know that you didn't belong?" There is an extremely high likelihood that you have also experienced imposter syndrome. Please check the survey at the end of this article to see that you're not alone.

Graphics: NVIDIA, Intel, AMD and Zink

     
  • NVIDIA GeForce Now quietly starts working on Linux as the Avengers come to play

    If you use or have been following NVIDIA GeForce Now, the cloud gaming platform that delivers PC titles you already own from sources such as Steam and Epic Games to a multitude of devices, the latest development seems to have emerged silently. Spotted by the team at GamingonLinux, users of Linux can now, it seems, access GeForce Now in either Chromium of Google Chrome. Indeed, previously this tactic involved fudging user agents to make GeForce Now believe you were on a Chromebook, following the launch of the web client for Google's laptops. And it works just fine, I logged in and played some games with no issues on Ubuntu in both browsers. And just to double check, Firefox still shows an incompatible device error.

  • Intel Compute Runtime 20.37.17906 Brings Rocket Lake Support

    Intel's software team has released a new version of their Compute Runtime that provides OpenCL and oneAPI Level Zero capabilities for their graphics hardware on Linux.

  • AMDGPU TMZ + HDCP Should Allow Widevine DRM To Behave Nicely With AMD Linux Systems

    Coming together this year for the mainline Linux kernel was the AMDGPU Trusted Memory Zone (TMZ) capability for encrypted video memory support with Radeon GPUs. This topic was talked about at this week's XDC2020 conference. AMDGPU TMZ prevents unauthorized applications from accessing the encrypted/trusted memory of an application. TMZ protects both reads and writes while leveraging an AES cipher. But while discrete Radeon GPUs can also support TMZ, for now the AMD Linux developers have just been focused on the capability for their APU platforms.

  • Zink OpenGL-On-Vulkan Seeing Some 50~100% FPS Gains

    After working on getting the Zink OpenGL-over-Vulkan driver up to OpenGL 4.6 with still pending patches, former Samsung OSG engineer Mike Blumenkrantz has been making remarkable progress on the performance aspect as well. This generic Mesa OpenGL implementation that works atop Vulkan drivers is about to see much better performance. Blumenkrantz recently commented the performance was turning out better than expected but that was for micro-benchmarks. But now with more optimizations he is achieving even better results.

Sculpt OS release 20.08

  • Sculpt OS release 20.08

    The new version of Sculpt OS is based on the latest Genode release 20.08. In particular, it incorporates the redesigned GUI stack to the benefit of quicker boot times, improved interactive responsiveness, and better pixel output quality. It also removes the last traces of the noux runtime. Fortunately, these massive under-the-hood changes do not disrupt the user-visible surface of Sculpt. Most users will feel right at home. Upon closer inspection, there are couple of new features to appreciate. The CPU-affinity of each component can now be restricted interactively by the user, components can be easily restarted via a click on a button, font-size changes have an immediate effect now, and the VESA driver (used when running Sculpt in a virtual machine) can dynamically change the screen resolution.

  • Sculpt OS 20.08 Released With Redesigned GUI Stack

    Building off the recent Genode OS 20.08 operating system framework release is now Sculpt OS 20.08 as the open-source project's general purpose operating system attempt. Sculpt OS 20.08 pulls in the notable Genode 20.08 changes like the redesigned GUI stack with better responsiveness and other benefits. It also includes the ability to run the Falk web browser as the first Chromium-based browser on Genode/Sculpt. Sculpt OS is Genode's effort around creating a general purpose OS but for right now is still largely limited to developers, hobbyists, and those wishing to tinker around with new operating systems.

today's howtos