Language Selection

English French German Italian Portuguese Spanish

Debian

Academix GNU/Linux – A Debian-Based Education-Focused Distro

Filed under
Debian

Recently, We have published articles focusing on education with titles including 10 best Linux educational software for your kids, and QupZilla – An Educational Lightweight Qt Web Browser.

Today, we have a Linux distro that even though you may not have heard about, is doing a lot of great work for learners in various parts of the world and it goes by the name of Academix GNU/Linux.

Academix GNU/Linux is a Debian-based distro that was created specifically for teaching. All of the bundled software that it ships with is free, open-source, and targetted at education fields ranging from primary to university level.

Read more

Debian-Based antiX Linux Gets L1TF/Foreshadow, Meltdown, and Spectre Mitigations

Filed under
Linux
Debian

Coming more than half a year after the first point release of the antiX 17 "Heather Heyer" Linux-based operating system series, the antiX 17.2 point release is now available for downoad and it's based on the latest Debian GNU/Linux 9.5 "Stretch" operating system, which means that it includes all its package and security updates.

antiX 17.2 ships with a newer version of the long-term supported Linux 4.9 kernel series used by Debian Stretch, v4.9.126, which is fully patched against the latest Meltdown and Spectre exploits, aas well as the L1TF (L1 Terminal Fault) a.k.a. Foreshadow speculative execution side channel cache timing security vulnerability.

Read more

Daniel Pocock on Meeting Developers

Filed under
Development
Debian
  • Daniel Pocock: Stigmatizing volunteers who miss an event

    In various free software communities, I've come across incidents where people have been criticized inappropriately when they couldn't attend an event or didn't meet other people's expectations. This has happened to me a few times and I've seen it happen to other people too.

    As it turns out, this is an incredibly bad thing to do. I'm not writing about this to criticize any one person or group in return. Rather, it is written in the hope that people who are still holding grudges like this might finally put them aside and also to reassure other volunteers that you don't have to accept this type of criticism.

  • Unusual meetings

    It was interesting to finally know someone inside the Debian organization. We discussed about various conferences on free software, how Debian works, my work during the GSoC and the heating system he’s working on in his house.

Interview With Peter Ganten, CEO of Univention GmbH

Filed under
Interviews
Debian

I have been asking the Univention team to share the behind-the-scenes story of Univention for a couple months. Finally, today we got the interview of Mr.Peter H. Ganten, CEO of Univention GmbH. Despite his busy schedule, in this interview, he shares what he thinks of the Univention project and its impact on open source ecosystem, what open source developers and companies will need to do to keep thriving and what are the biggest challenges for open source projects.

Read more

Tails 3.9.1 is out

Filed under
Security
Debian

This release is an emergency release to fix critical security vulnerabilities in Tor Browser and Thunderbird.

Read more

Debian KDE for Fun Computing Part 1: Intro

Filed under
KDE
Debian

Hello, please introduce Debian Live KDE Edition. It is a free, beautiful desktop operating system with LiveCD capability, available in 50+ of world languages, with tens of thousands free software packages are available, and amazingly vast user community. This article is the first part of introducing fun living with Debian KDE as desktop computer operating system. Here, you will see basic things about Debian, Debian Live, and Debian KDE, including where to download and how to make a bootable installation media. I hope you will like Debian KDE and find it user friendly. Enjoy Debian KDE!

[...]

That's all for now. You got a basic knowledge about Debian KDE. The next part will talk about basic orientation of Debian KDE internals such as built-in applications, doing basic tasks, how to get new applications, and so on. See you next time. Have fun with Debian KDE!

Read more

Microsoft Takeover of GNU/Linux Machines by Debian/APT

Filed under
Microsoft
Security
Debian
  • Skype's Debian Package Could Allow Attackers To Completely Takeover Machines

    Security researcher Enrico Weigelt uncovered a critical security issue in the way Skype installs itself on Debian Linux machines, adding its Microsoft's APT repository in the system's sources.list file.

    Skype's Debian package uses an APT configuration profile which automatically inserts Microsoft's apt repository to the default system package sources which would allow anyone with access to it to hypothetically use malicious tools to compromise the machine.

    In layman's terms, APT repositories are collections of .deb packages used as the central storage, management and delivery platform for all Debian-based Linux machines.

    The APT repositories can be used to install, remove, or update applications on a Debian machine with the help of the apt-get command.

  • Apt Repositories: Goodbye Aptly, Welcome RepRepro

    I have been using aptly for several years publishing all kinds of repositories for different developments. The other day, when I wanted to update my calibre repository (see previous post) I realized that aptly cannot sign anything anymore. Huuu…

Major Debian GNU/Linux 9 "Stretch" Linux Kernel Patch Fixes 18 Security Flaws

Filed under
Linux
Debian

Affecting the long-term supported Linux 4.9 kernel used by the Debian GNU/Linux 9 "Stretch" operating system series, there are a total of 18 security vulnerabilities patched in this major update that have been discovered in the upstream Linux kernel and may lead to information leaks, privilege escalation, or denial of service.

These include a memory leak in the irda_bind function and a flaw in the irda_setsockopt function of Linux kernel's IrDA subsystem, a flaw in the fd_locked_ioctl function in the Floppy driver, a buffer overflow in the Bluetooth HIDP implementation, and a double-realloc (double free) flaw in the rawmidi kernel driver.

Read more

Debian and Security

Filed under
Security
Debian
  • Thorsten Alteholz: My Debian Activities in September 2018

    As promised in an earlier post, I raised the number of accepted packages to 215, as well as the number of rejects to 69 this month. The overall number of packages that got accepted this month was 314.

  • October 2018 report: LTS, Mastodon, Firefox privacy, etc

    I've played around with the latest attempt from the free software community to come up with a "federation" model to replace Twitter and other social networks, Mastodon. I've had an account for a while but I haven't talked about it much here yet.

    My Mastodon account is linked with my Twitter account through some unofficial Twitter cross-posting app which more or less works. Another "app" I use is the toot client to connect my website with Mastodon through feed2exec.

    And because all of this social networking stuff is just IRC 2.0, I read it all through my IRC client, thanks to Bitlbee and Mastodon is (thankfully) no exception. Unfortunately, there's a problem in my hosting provider's configuration which has made it impossible to read Mastodon status from Bitlbee for a while. I've created a test profile on the main Mastodon instance to double-check, and indeed, Bitlbee works fine there.

    Before I figured that out, I tried upgrading the Bitlbee Mastodon bridge (for which I also filed a RFP) and found a regression has been introduced somewhere after 1.3.1. On the plus side, the feature request I filed to allow for custom visibility statuses from Bitlbee has been accepted, which means it's now possible to send "private" messages from Bitlbee.

    Those messages, unfortunately, are not really private: they are visible to all followers, which, in the social networking world, means a lot of people. In my case, I have already accepted over a dozen followers before realizing how that worked, and I do not really know or trust most of those people. I have still 15 pending follow requests which I don't want to approve until there's a better solution, which would probably involve two levels of followship. There's at least one proposal to fix this already.

    Another thing I'm concerned about with Mastodon is account migration: what happens if I'm unhappy with my current host? Or if I prefer to host it myself? My online identity is strongly tied with that hostname and there doesn't seem to be good mechanisms to support moving around Mastodon instances. OpenID had this concept of delegation where the real OpenID provider could be discovered and redirected, keeping a consistent identity. Mastodon's proposed solutions seem to aim at using redirections or at least informing users your account has moved which isn't as nice, but might be an acceptable long-term compromise.

    Finally, it seems that Mastodon will likely end up in the same space as email with regards to abuse: we are already seeing block lists show up to deal with abusive servers, which is horribly reminiscent of the early days of spam fighting, where you could keep such lists (as opposed to bayesian or machine learning). Fundamentally, I'm worried about the viability of this ecosystem, just like I'm concerned about the amount of fake news, spam, and harassment that takes place on commercial platforms. One theory is that the only way to fix this is to enforce two-way sharing between followers, the approach taken by Manyverse and Scuttlebutt.

    Only time will tell, I guess, but Mastodon does look like a promising platform, at least in terms of raw numbers of users...

  • Reproducible Builds: Weekly report #179
  • The Devil Is in The Details Of Project Verify’s Goal To Eliminate Passwords

    A coalition of the four largest U.S. wireless providers calling itself the Mobile Authentication Taskforce recently announced an initiative named Project Verify. This project would let users log in to apps and websites with their phone instead of a password, or serve as an alternative to multi-factor authentication methods such as SMS or hardware tokens.

    Any work to find a more secure and user-friendly solution than passwords is worthwhile. However, the devil is always in the details—and this project is the work of many devils we already know well. The companies behind this initiative are the same ones responsible for the infrastructure behind security failures like SIM-swapping attacks, neutrality failures like unadvertised throttling, and privacy failures like supercookies and NSA surveillance.

    Research on moving user-friendly security and authentication forward must be open and vendor- and platform-neutral, not tied to any one product, platform, or industry group. It must allow users to take control of our identities, not leave them in the hands of the very same ISP companies that have repeatedly subverted our trust.

  • Touch ID and Face ID Don’t Make You More Secure [Ed: Of course sharing biometrics with the state or the "security state" isn't about security but mere subjugation]

    Touch ID and Face ID area great. We like them, and we use them. But they’re convenience features, not security features, and you have fewer legal protections when using them in the US. When necessary, you can temporarily disable them.

    This also applies to Android phones with fingerprint sensors, iris scans, or other biometric features.

  • How Face ID could be a game-changer for aggressive US border agents

    Apple’s Touch ID is already on its way out. Just five years ago, iPhones began getting the famed fingerprint scanner that makes unlocking your phone dozens of times a day even easier.

    But all of the new iPhones released this year—iPhone XS, iPhone XS Max, and iPhone XR—only have Face ID. They do not have Touch ID.

Krita, KDE Contributions, Debian Contributions and Debian Leftovers

Filed under
KDE
Debian
  • [Krita] Interview with João Garcia

    My name is João Garcia and I’m an illustrator hailing from Brazil, more specifically, from the city of Florianópolis in the southern part of the country. I graduated in Design in the Universidade Federal de Santa Catarina with a focus on illustration and animation.

  • [Krita] Updated Vote Tally!

    This week, we also plan to bring out a preview release of Krita 4.2. We don’t have everything in that we want to yet — like the updated resource handling, but there’s already plenty to play with!

  • FOSS Contributions Log: August/September 2018

    This post will be related not only to the last month (September), but I have decided to include my experiences from August as well. In the last month, I was very occupied with some assignments from the university after the two week travel that I had in August for Akademy and ERBASE (which is a congress that I had presented a paper). I am in the end of this semester in the university, so I am anxious for my vacations to code more in the projects that I contribute to.

    Well, following this brief comment about Akademy, I will start talking about what I have done in KDE in the weeks of August/September. I am still working in that RAID patch on KDE Partition Manager, where I still got some problems with device mapping and udev. The RAID arrays are not been mapped as I expected. Also there are some bugs related to partition creation inside of RAID and another one related to udev, that is keeping the device busy, which will raise some errors when you try to do any disk operation.

  • My Open Source Contributions Week in Review, Debian sponsor needed!

    It has been a busy week!

    My significant accomplishment this week is the packaging of squashfuse for Debian.

    This is required for libappimage, which is next on my to-do list.

    I have uploaded it to mentors here: https://mentors.debian.net/package/squashfuse

    I do have a mentor/sponsor, but under the KDE umbrella ( Thank you lisandro! ),

    he is very busy and I would like to give him a break on this one.

    If anyone has some spare time to give this a look, thank you!

  • Paul Wise: FLOSS Activities September 2018
  • Chris Lamb: Free software activities in September 2018
  • Debian Developers Weighed The Idea Of Not Allowing Q&A Sessions At Their Conference

    Debian developers have been discussing what to many seems like a rather unorthodox idea of not allowing questions/answers following presentations at their annual DebConf conference. This idea of banning questions and answers follows a policy by a Python conference that forbids questions/answers following presentations and is meant to help ease newcomers.

    Debian developers have largely rejected this idea of not allowing Q&A periods following presentations at DebConf considering this annual gathering of developers/contributors is about collaboration and fostering new ideas for this leading Linux distribution. The idea though was brought up by Debian Project Leader Chris Lamb who initiated the discussion over this idea after seeing the PyCascades Python conference has explicitly banned question and answer sessions following presentations at their conference.

  • Calibre and rar support – again

    Rar support is necessary in the case that the eBook uses rar as compression, which happens quite often in comic books (cbr extension). Calibre 3 has split out rar support into a dynamically loaded module, so what needs to be done is packaging it. I have prepared a package for the Python library unrardll which allows Calibre to read rar-compressed ebooks, but it depends on the unrar shared library, which unfortunately is not built in Debian. I have sent a patch to fix this to the maintainer, see bug 720051, but without reaction from the maintainer.

    This has passed now the time-frame of a year, so I have decided to “salvage” unrar-nonfree. Package salvaging has been recently introduced into the Debian ecosystem to step in between leaving the package in dire state and the full MIA process...

Syndicate content

More in Tux Machines

Android Leftovers

Samsung 970 EVO Plus 500GB NVMe Linux SSD Benchmarks

Announced at the end of January was the Samsung 970 EVO Plus as the first consumer-grade solid-state drive with 96-layer 3D NAND memory. The Samsung 970 EVO NVMe SSDs are now shipping and in this review are the first Linux benchmarks of these new SSDs in the form of the Samsung 970 EVO Plus 500GB MZ-V7S500B/AM compared to several other SSDs on Linux. The Samsung 970 EVO Plus uses the same Phoenix controller as in their existing SSDs but the big upgrade with the EVO Plus is the shift to the 96-layer 3D NAND memory. Available now through Internet retailers are the 250GB / 500GB / 1TB versions of the 970 EVO Plus at a new low of just $130 USD for the 500GB model or $250 USD for the 1TB version. A 2GB model is expected to ship this spring. Read more

elementary 5 "Juno"

In the spring of 2014 (nearly five years ago), I was preparing a regular presentation I give most years—where I look at the bad side (and the good side) of the greater Linux world. As I had done in years prior, I was preparing a graph showing the market share of various Linux distributions changing over time. But, this year, something was different. In the span of less than two years, a tiny little Linux distro came out of nowhere to become one of the most watched and talked about systems available. In the blink of an eye, it went from nothing to passing several grand-daddies of Linux flavors that had been around for decades. This was elementary. Needless to say, it caught my attention. Read more

Audiophile Linux Promises Aural Nirvana

Linux isn’t just for developers. I know that might come as a surprise for you, but the types of users that work with the open source platform are as varied as the available distributions. Take yours truly for example. Although I once studied programming, I am not a developer. The creating I do with Linux is with words, sounds, and visuals. I write books, I record audio, and a create digital images and video. And even though I don’t choose to work with distributions geared toward those specific tasks, they do exist. I also listen to a lot of music. I tend to listen to most of my music via vinyl. But sometimes I want to listen to music not available in my format of choice. That’s when I turn to digital music. Read more