Language Selection

English French German Italian Portuguese Spanish

News

Linux Journal's Return, OpenSource.com Roundup, and LWN's 2017 Retrospective

Filed under
News
  • Linux Journal returns, Automotive Grade Linux at CES, and more open source news

    In this week's edition of our open source news roundup, we cover the rebirth of Linux Journal, Automotive Grade Linux infotainment systems, and more.

  • A 2017 retrospective

    The December 21 LWN Weekly Edition will be the final one for 2017; as usual, we will take the last week of the year off and return on January 4. It's that time of year where one is moved to look back over the last twelve months and ruminate on what happened; at LWN, we also get the opportunity to mock the predictions we made back in January. Read on for the scorecard and a year-end note from LWN.
    Your editor led off with a prediction that group maintainer models would be adopted by more projects over the course of the year; this prediction was partly motivated by the Debian discussion on the idea of eliminating single maintainers. Debian appears to have dropped the idea; Fedora, meanwhile, has seen some strong pushback from maintainers who resent others touching "their" packages. Group maintainership may have made a few gains here and there, but it has not yet succeeded in taking over the free-software world.

    The prediction that the vendor kernels shipped on Android devices would move closer to the mainline was not a complete failure. Google has made some efforts to push vendors toward less-ancient kernels, and efforts to get those vendors to work more closely with the mainline are beginning to bear fruit. It will be a long and slow process, though.

What Every Linux Users Must Know About Meltdown and Spectre Bugs

Filed under
News

Meltdown and Spectre are two vulnerabilities that impact almost all computers, tablets and smartphones on the earth. Does it mean you can be hacked? What can you, a Linux user, do about it?
Read more

Tizen Experts Ends (No More Articles in 2018), Another End-of-2017 Report, HTTPS Year in Review

Filed under
News
  • IoT Gadgets, the new home for Tizen Experts

    Where has the time gone? Once upon a time (seems appropriate) I was fascinated with an Operating System (OS), that powered the Nokia N900, which was called Maemo. The N900 was a Linux based smartphone that the iPhone could not compete with on many technical points. This device could actually run flash in its native browser and it could run it well. This is when I started my first website MaemoExperts.

  • GIMP 2.9.8 and end-of-2017 report

    Here it is, GIMP 2.9.8 has been released some days ago now, the latest development version of GIMP! As it is customary now, let’s list our involvement in this version so that our supporters on crowdfunding platforms know what they funded.

  • Tipping the Scales on HTTPS: 2017 in Review

    The movement to encrypt the web reached milestone after milestone in 2017. The web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. By adding Transport Layer Security (or TLS, a prior version of which was known as Secure Sockets Layer or SSL) HTTPS fixes most of these problems. That’s why EFF, and many like-minded supporters, have been pushing for web sites to adopt HTTPS by default.

    In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox and are encrypted, and Chrome shows even higher numbers.

Today in Techrights

Filed under
News
Syndicate content

More in Tux Machines

Security: VPNFilter, Encryption in GNU/Linux, Intel CPU Bug Affecting rr Watchpoints

  • [Crackers] infect 500,000 consumer routers all over the world with malware

    VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday’s report before the research is completed.

  • Do Not Use sha256crypt / sha512crypt - They're Dangerous

    I'd like to demonstrate why I think using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why I think the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2.

  • Intel CPU Bug Affecting rr Watchpoints
    I investigated an rr bug report and discovered an annoying Intel CPU bug that affects rr replay using data watchpoints. It doesn't seem to be hit very often in practice, which is good because I don't know any way to work around it. It turns out that the bug is probably covered by an existing Intel erratum for Skylake and Kaby Lake (and probably later generations, but I'm not sure), which I even blogged about previously! However, the erratum does not mention watchpoints and the bug I've found definitely depends on data watchpoints being set. I was able to write a stand-alone testcase to characterize the bug. The issue seems to be that if a rep stos (and probably rep movs) instruction writes between 1 and 64 bytes (inclusive), and you have a read or write watchpoint in the range [64, 128) bytes from the start of the writes (i.e., not triggered by the instruction), then one spurious retired conditional branch is (usually) counted. The alignment of the writes does not matter, and it's not related to speculative execution.

In Memoriam: Robin "Roblimo" Miller, a Videographer and Free Software Champion

Videographer Robin Roblimo Miller

Robin "Roblimo" Miller was a clever, friendly, and very amicable individual who everyone I know has plenty of positive things to say about. I had the pleasure of speaking to him for several hours about anything from personal life and professional views. Miller was a very knowledgeable person whose trade as a journalist and video producer I often envied. I have seen him facing his critics in his capacity as a journalist over a decade ago when he arranged a debate about OOXML (on live radio). Miller, to me, will always be remembered as a strong-minded and investigative journalist who "did the right thing" as the cliché goes, irrespective of financial gain -- something which can sometimes be detrimental to one's longterm health. Miller sacrificed many of his later years to a cause worth fighting for. This is what we ought to remember him for. Miller was - and always will be - a FOSS hero.

May everything you fought for be fulfilled, Mr. Miller. I already miss you.

Today in Techrights

Tux Machines Privacy Statement

Summary: Today, May 25th, the European General Data Protection Regulation (GDPR) goes into full effect; we hereby make a statement on privacy AS a matter of strict principle, this site never has and never will accumulate data on visitors (e.g. access logs) for longer than 28 days. The servers are configured to permanently delete all access data after this period of time. No 'offline' copies are being made. Temporary logging is only required in case of DDOS attacks and cracking attempts -- the sole purpose of such access. Additionally, we never have and never will sell any data pertaining to anything. We never received demands for such data from authorities; even if we had, we would openly declare this (publicly, a la Canary) and decline to comply. Privacy is extremely important to us, which is why pages contain little or no cross-site channels (such as Google Analytics, 'interactive' buttons for 'social' media etc.) and won't be adding any. Google may be able to 'see' what pages people visit because of Google Translate (top left of every page), but that is not much worse than one's ISP 'seeing' the same thing. We are aware of this caveat. Shall readers have any further questions on such matters, do not hesitate to contact us.