Language Selection

English French German Italian Portuguese Spanish

Debian

Academix GNU/Linux – A Debian-Based Education-Focused Distro

Filed under
Debian

Recently, We have published articles focusing on education with titles including 10 best Linux educational software for your kids, and QupZilla – An Educational Lightweight Qt Web Browser.

Today, we have a Linux distro that even though you may not have heard about, is doing a lot of great work for learners in various parts of the world and it goes by the name of Academix GNU/Linux.

Academix GNU/Linux is a Debian-based distro that was created specifically for teaching. All of the bundled software that it ships with is free, open-source, and targetted at education fields ranging from primary to university level.

Read more

Debian-Based antiX Linux Gets L1TF/Foreshadow, Meltdown, and Spectre Mitigations

Filed under
Linux
Debian

Coming more than half a year after the first point release of the antiX 17 "Heather Heyer" Linux-based operating system series, the antiX 17.2 point release is now available for downoad and it's based on the latest Debian GNU/Linux 9.5 "Stretch" operating system, which means that it includes all its package and security updates.

antiX 17.2 ships with a newer version of the long-term supported Linux 4.9 kernel series used by Debian Stretch, v4.9.126, which is fully patched against the latest Meltdown and Spectre exploits, aas well as the L1TF (L1 Terminal Fault) a.k.a. Foreshadow speculative execution side channel cache timing security vulnerability.

Read more

Daniel Pocock on Meeting Developers

Filed under
Development
Debian
  • Daniel Pocock: Stigmatizing volunteers who miss an event

    In various free software communities, I've come across incidents where people have been criticized inappropriately when they couldn't attend an event or didn't meet other people's expectations. This has happened to me a few times and I've seen it happen to other people too.

    As it turns out, this is an incredibly bad thing to do. I'm not writing about this to criticize any one person or group in return. Rather, it is written in the hope that people who are still holding grudges like this might finally put them aside and also to reassure other volunteers that you don't have to accept this type of criticism.

  • Unusual meetings

    It was interesting to finally know someone inside the Debian organization. We discussed about various conferences on free software, how Debian works, my work during the GSoC and the heating system he’s working on in his house.

Interview With Peter Ganten, CEO of Univention GmbH

Filed under
Interviews
Debian

I have been asking the Univention team to share the behind-the-scenes story of Univention for a couple months. Finally, today we got the interview of Mr.Peter H. Ganten, CEO of Univention GmbH. Despite his busy schedule, in this interview, he shares what he thinks of the Univention project and its impact on open source ecosystem, what open source developers and companies will need to do to keep thriving and what are the biggest challenges for open source projects.

Read more

Tails 3.9.1 is out

Filed under
Security
Debian

This release is an emergency release to fix critical security vulnerabilities in Tor Browser and Thunderbird.

Read more

Debian KDE for Fun Computing Part 1: Intro

Filed under
KDE
Debian

Hello, please introduce Debian Live KDE Edition. It is a free, beautiful desktop operating system with LiveCD capability, available in 50+ of world languages, with tens of thousands free software packages are available, and amazingly vast user community. This article is the first part of introducing fun living with Debian KDE as desktop computer operating system. Here, you will see basic things about Debian, Debian Live, and Debian KDE, including where to download and how to make a bootable installation media. I hope you will like Debian KDE and find it user friendly. Enjoy Debian KDE!

[...]

That's all for now. You got a basic knowledge about Debian KDE. The next part will talk about basic orientation of Debian KDE internals such as built-in applications, doing basic tasks, how to get new applications, and so on. See you next time. Have fun with Debian KDE!

Read more

Microsoft Takeover of GNU/Linux Machines by Debian/APT

Filed under
Microsoft
Security
Debian
  • Skype's Debian Package Could Allow Attackers To Completely Takeover Machines

    Security researcher Enrico Weigelt uncovered a critical security issue in the way Skype installs itself on Debian Linux machines, adding its Microsoft's APT repository in the system's sources.list file.

    Skype's Debian package uses an APT configuration profile which automatically inserts Microsoft's apt repository to the default system package sources which would allow anyone with access to it to hypothetically use malicious tools to compromise the machine.

    In layman's terms, APT repositories are collections of .deb packages used as the central storage, management and delivery platform for all Debian-based Linux machines.

    The APT repositories can be used to install, remove, or update applications on a Debian machine with the help of the apt-get command.

  • Apt Repositories: Goodbye Aptly, Welcome RepRepro

    I have been using aptly for several years publishing all kinds of repositories for different developments. The other day, when I wanted to update my calibre repository (see previous post) I realized that aptly cannot sign anything anymore. Huuu…

Major Debian GNU/Linux 9 "Stretch" Linux Kernel Patch Fixes 18 Security Flaws

Filed under
Linux
Debian

Affecting the long-term supported Linux 4.9 kernel used by the Debian GNU/Linux 9 "Stretch" operating system series, there are a total of 18 security vulnerabilities patched in this major update that have been discovered in the upstream Linux kernel and may lead to information leaks, privilege escalation, or denial of service.

These include a memory leak in the irda_bind function and a flaw in the irda_setsockopt function of Linux kernel's IrDA subsystem, a flaw in the fd_locked_ioctl function in the Floppy driver, a buffer overflow in the Bluetooth HIDP implementation, and a double-realloc (double free) flaw in the rawmidi kernel driver.

Read more

Debian and Security

Filed under
Security
Debian
  • Thorsten Alteholz: My Debian Activities in September 2018

    As promised in an earlier post, I raised the number of accepted packages to 215, as well as the number of rejects to 69 this month. The overall number of packages that got accepted this month was 314.

  • October 2018 report: LTS, Mastodon, Firefox privacy, etc

    I've played around with the latest attempt from the free software community to come up with a "federation" model to replace Twitter and other social networks, Mastodon. I've had an account for a while but I haven't talked about it much here yet.

    My Mastodon account is linked with my Twitter account through some unofficial Twitter cross-posting app which more or less works. Another "app" I use is the toot client to connect my website with Mastodon through feed2exec.

    And because all of this social networking stuff is just IRC 2.0, I read it all through my IRC client, thanks to Bitlbee and Mastodon is (thankfully) no exception. Unfortunately, there's a problem in my hosting provider's configuration which has made it impossible to read Mastodon status from Bitlbee for a while. I've created a test profile on the main Mastodon instance to double-check, and indeed, Bitlbee works fine there.

    Before I figured that out, I tried upgrading the Bitlbee Mastodon bridge (for which I also filed a RFP) and found a regression has been introduced somewhere after 1.3.1. On the plus side, the feature request I filed to allow for custom visibility statuses from Bitlbee has been accepted, which means it's now possible to send "private" messages from Bitlbee.

    Those messages, unfortunately, are not really private: they are visible to all followers, which, in the social networking world, means a lot of people. In my case, I have already accepted over a dozen followers before realizing how that worked, and I do not really know or trust most of those people. I have still 15 pending follow requests which I don't want to approve until there's a better solution, which would probably involve two levels of followship. There's at least one proposal to fix this already.

    Another thing I'm concerned about with Mastodon is account migration: what happens if I'm unhappy with my current host? Or if I prefer to host it myself? My online identity is strongly tied with that hostname and there doesn't seem to be good mechanisms to support moving around Mastodon instances. OpenID had this concept of delegation where the real OpenID provider could be discovered and redirected, keeping a consistent identity. Mastodon's proposed solutions seem to aim at using redirections or at least informing users your account has moved which isn't as nice, but might be an acceptable long-term compromise.

    Finally, it seems that Mastodon will likely end up in the same space as email with regards to abuse: we are already seeing block lists show up to deal with abusive servers, which is horribly reminiscent of the early days of spam fighting, where you could keep such lists (as opposed to bayesian or machine learning). Fundamentally, I'm worried about the viability of this ecosystem, just like I'm concerned about the amount of fake news, spam, and harassment that takes place on commercial platforms. One theory is that the only way to fix this is to enforce two-way sharing between followers, the approach taken by Manyverse and Scuttlebutt.

    Only time will tell, I guess, but Mastodon does look like a promising platform, at least in terms of raw numbers of users...

  • Reproducible Builds: Weekly report #179
  • The Devil Is in The Details Of Project Verify’s Goal To Eliminate Passwords

    A coalition of the four largest U.S. wireless providers calling itself the Mobile Authentication Taskforce recently announced an initiative named Project Verify. This project would let users log in to apps and websites with their phone instead of a password, or serve as an alternative to multi-factor authentication methods such as SMS or hardware tokens.

    Any work to find a more secure and user-friendly solution than passwords is worthwhile. However, the devil is always in the details—and this project is the work of many devils we already know well. The companies behind this initiative are the same ones responsible for the infrastructure behind security failures like SIM-swapping attacks, neutrality failures like unadvertised throttling, and privacy failures like supercookies and NSA surveillance.

    Research on moving user-friendly security and authentication forward must be open and vendor- and platform-neutral, not tied to any one product, platform, or industry group. It must allow users to take control of our identities, not leave them in the hands of the very same ISP companies that have repeatedly subverted our trust.

  • Touch ID and Face ID Don’t Make You More Secure [Ed: Of course sharing biometrics with the state or the "security state" isn't about security but mere subjugation]

    Touch ID and Face ID area great. We like them, and we use them. But they’re convenience features, not security features, and you have fewer legal protections when using them in the US. When necessary, you can temporarily disable them.

    This also applies to Android phones with fingerprint sensors, iris scans, or other biometric features.

  • How Face ID could be a game-changer for aggressive US border agents

    Apple’s Touch ID is already on its way out. Just five years ago, iPhones began getting the famed fingerprint scanner that makes unlocking your phone dozens of times a day even easier.

    But all of the new iPhones released this year—iPhone XS, iPhone XS Max, and iPhone XR—only have Face ID. They do not have Touch ID.

Syndicate content

More in Tux Machines

Programming Leftovers

  • C Programming Language - Introduction
    This tutorial is the first part of a C programming language course on Linux. C is a procedural programming language that was designed by American computer scientist Dennis Ritchie. Please note that we'll be using Linux for all our examples and explanation. Specifically, we'll be using Ubuntu 18.04 LTS.
  • DSF 2019 Board Election Results
    I'm pleased to announce the winners of our 2019 DSF Board of Directors election. [...] This year we had 17 great candidates and while not everyone can get elected each year I hope they all consider running again in the 2020 election. Another item of note with this election is that our Board is now comprised of two thirds women, which is a first for the DSF.
  • coloured shell prompt
  • Create multiple threads to delete multiple files with python

Security: Updates, Best VPNs for GNU/Linux, and Google+ Chaos Again

  • Security updates for Monday
  • Best VPNs for Linux
  • After a Second Data Leak, Google+ Will Shut Down in April Instead of August
    Back in October, a security hole in Google+’s APIs lead Google to announce it was shutting down the service. Now, a second data leak has surfaced, causing the company to move the shutdown up by four months. This new data leak is quite similar to the first one: profile information such as name, email address, age, and occupation was exposed to developers, even for private profiles. It’s estimated that upwards of 52 million users were affected by this leak. The good news is that while the first hole was open for three years, this one was only an issue for six days, from November 7th to the 13th, 2018.

Linux and Linux Foundation Leftovers

  • Initial i.MX8 SoC Support & Development Board Possibly Ready For Linux 4.21
    While the i.MX8 series was announced almost two years ago and the open-source developers working on the enablement for these new NXP SoCs hoped for initial support in Linux 4.17, the Linux 4.21 kernel that will be released in the early months of 2019 is slated to possibly have the first i.MX8 support in the form of the i.MX8MQ and also supporting its development/evaluation board.
  • AeonWave: An Open-Source Audio Engine Akin To Microsoft's XAudio2 / Apple CoreAudio
    An open-source audio initiative that's been in development for years but flying under our radar until its lead developer chimed in is AeonWave, which supports Windows and Linux systems while being inspired by Microsoft XAudio and Apple's CoreAudio.
  • Take Linux Foundation Certification Exams from Anywhere
    2018 has seen a new wave of popularity for the open source community and it has sparked more interest in potential engineers, system administrators, and Linux experts. 2019 is around the corner and now is a good time to look up Linux certification examinations that will enable you to progress in your career. The good news we have for you is that the Linux Foundation has made certification examinations available online so that IT enthusiasts can get certificates in a wide range of open source domains.

Games Leftovers

  • The Linux version of Civilization VI has been updated with cross-platform multiplayer support
    Just in time for the holidays, Linux gamers finally have version parity with other platforms. Expect to be able to spend just one more turn playing with friends on other operating systems.
  • John Romero has announced a free unofficial spiritual successor to The Ultimate DOOM's 4th episode
    John Romero, one of the co-founders of id Software has revealed he's been working on SIGIL, a free megawad for the original 1993 DOOM. [...] These boxes, will contain music from Buckethead, along with a custom song written expressly for SIGIL. A tempting purchase for any big DOOM fan, I especially love the sound of a 16GB 3-1/2-inch floppy disk-themed USB. You have until December 24, 2018 to order one and I imagine stock will go quite quickly.
  • Unvanquished Open-Source Game Sees Its First Alpha Release In Nearly Three Years
    Unvanquished had been easily one of the most promising open-source games several years back with decent in-game visuals/art, a continually improving "Daemon" engine that was a distant mod of ioquake3 while leveraging ETXReaL components and more, and all-around a well-organized, advancing open-source game project. Their monthly alpha releases stopped almost three years ago while today that's changed just ahead of Christmas. The Unvanquished developers announced Unvanquished Alpha 51 today as their first release in two years and eight months after having made fifty monthly alpha releases. While this is the fifty-first alpha, the developers say they should soon be ready for the beta drop.
  • Unvanquished, the free and open source shooter has a huge new release now out
    After being quiet for some time, the Unvanquished team is back and they have quite a lot to show off in the new release of their free and open source shooter. This is their first new release since April 2016, so the amount that's changed is quite striking! Hopefully, this will be the start of regular release once again, since they used to do monthly releases a few years ago and it was fun to watch it grow.
  • Valve adds even more gamepad support to their latest client beta
    Valve are continuing to support as many devices as possible with a new Steam client beta now available. Since there's no gamepad to rule them all, it makes sense for Valve to support as many as they can. Even though I love the Steam Controller, I do understand that it's not going to be a good fit for everyone. Now, Steam will support the PowerA wired/wireless GameCube Style controllers, PowerA Enhanced Wireless Controller and the PDP Faceoff Wired Pro Controller to boost their already rather large list of supported devices.
  • The turn-based tactical RPG Fell Seal: Arbiter's Mark is coming along nicely
    After a few months in Early Access, the tactical RPG Fell Seal: Arbiter's Mark has come along nicely and it's quite impressive. It became available on Steam back in August, this was with same-day Linux support as promised from developer 6 Eyes Studio after their successful Kickstarter.
  • Citra, the Nintendo 3DS emulator now has 'Accurate Audio Emulation'
    Citra, the impressive and quickly moving Nintendo 3DS emulator has a new progress report out and it sounds great. They've made some great progress on accurate audio emulation, with their new "LLE (Accurate)" option. They say this has enabled games like Pokémon X / Y, Fire Emblem Fates and Echoes and more to work. There's a downside though, that currently the performance does take quite a hit with it so they're still recommending the "HLE (Fast)" setting for now. They go into quite a lot of detail about how they got here, with plenty of bumps along the way. Most of the work towards this, was done by a single developer who suffered a bit of a burn-out over it.
  • Mindustry, an open source sandbox Tower Defense game that's a little like Factorio
    Available under the GPL, the developer originally made it for the GDL Metal Monstrosity Jam which happened back in 2017 and it ended up winning! Seems the developer didn't stop development after this, as they're currently going through a new major release with regular alpha builds.
  • Have graphical distortions in Unity games with NVIDIA? Here's a workaround
    It seems a lot of Unity games upgrading to later versions of Unity are suffering from graphical distortions on Linux with an NVIDIA GPU. There is a workaround available.