Language Selection

English French German Italian Portuguese Spanish

Security

Parsix GNU/Linux 8.10 "Erik" & 8.15 "Nev" Receive Latest Debian Security Updates

Filed under
GNU
Linux
Security
Debian

After releasing the first Test build of the upcoming Parsix GNU/Linux 8.15 "Nev" operating system a couple of days ago, today, October 23, 2016, the Parsix GNU/Linux development team announced the availability of new security updates for all supported Parsix GNU/Linux releases.

Parsix GNU/Linux 8.10 "Erik" is the current stable release of the Debian-based operating system, and it relies on the Debian Stable (Debian GNU/Linux 8 "Jessie") software repositories. On the other hand Parsix GNU/Linux 8.15 "Nev" is the next major version, which right now is in development, but receives the same updates as the former.

Read more

More Security Leftovers

Filed under
Security

Security News

Filed under
Security
  • Friday's security updates
  • World’s first hack-proof Wi-Fi router with open source firmware is here

    Turris Omnia WiFi Router, the world’s first hack-proof router with open source firmware launched yesterday at the CES Unveiled Show in Prague, Czech Republic.

  • Open-source hack-proof router aims to close cyber security gap

    Routers are the gateway of every home internet network. Yet, while many computers run antivirus software, little has been done thus far to protect routers against cyber threats. A new device, described as the world’s first hack-proof router, was launched on Thursday at the CES Unveiled Show in Prague.

    The main strength of the Turris Omnia router, a spin-out of a cyber security research project by Czech Republic’s domain administrator NIC.cz, is the fact that it automatically updates and patches vulnerabilities as they become known.

  • Adding a phone number to your Google account can make it LESS secure.

    Recently, account takeovers, email hacking, and targeted phishing attacks have been all over the news. Hacks of various politicians, allegedly carried out by Russian hackers, have yielded troves of data. Despite the supposed involvement of state-sponsored agents, some hacks were not reliant on complex zero-day attacks, but involved social engineering unsuspecting victims. These kinds of attacks are increasingly likely to be used against regular people. This recently happened to a friend of mine:

    Two weeks ago, an ex-colleague (actually, my officemate at Google way back in 2002) — let’s call him Bob — had his Google account compromised while on vacation in Hawaii. With his primary email account compromised, the attacker could have:

  • “Dirty COW”, the most dangerous Linux Bug for the last 9 years

    Red Hat, the leading open source software developer firm, has revealed that Linux Kernel has been infected with a serious bug for the past 9 years. The bug has been dubbed as Dirty Cow. It is deemed dangerous because through this bug, an attacker can get write access to read-only memory.

  • Serious Dirty COW bug leaves millions of Linux users vulnerable to attack
  • Rigging the Election

    When Dorothy discovers fraud in the land of Oz, she is told by the Wizard, "Don't look behind the curtain." But she does. In America, we demand truth and accountability in so many aspects of our daily lives, and yet somehow there's little public outcry for transparency within voting, the sacred cornerstone of our democracy. For the most part, we sleep soundly under the blanket of assurances from government officials. FBI Director James Comey even attempted a spin of irony recently, noting that our "clunky" voting process actually makes wholesale rigging more difficult. However, Comey misses the bigger picture.

    [...]

    Hardly anyone uses the same computer from 12 years ago, yet large sections of the country currently vote on aging electronic systems which utilize proprietary software that cannot be publicly examined. Unverifiable technology remains deployed in 29 states – including Pennsylvania, Ohio, Florida – and other key battleground states, which may determine our next president. Races in these areas are not evidence based, and consequently, we cannot be certain ballots reflect voter intent. Bereft of such knowledge, how can we put faith in the legitimacy of our government?

  • Cyber attack: hackers 'weaponised' everyday devices with malware to mount assault

    The huge attack on global internet access, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.

    Among the sites targeted on Friday were Twitter, Paypal and Spotify. All were customers of Dyn, an infrastructure company in New Hampshire in the US that acts as a switchboard for internet traffic.

    Outages were intermittent and varied by geography, but reportedly began in the eastern US before spreading to other parts of the country and Europe.

    Users complained they could not reach dozens of internet destinations, including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.

  • Homeland Security Is ‘Investigating All Potential Causes’ of Internet Disruptions

    Cyber attacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing PayPal, Twitter and Spotify.

    It was not immediately clear who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and Western Europe.

    The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.

  • Blame the Internet of Things for Destroying the Internet Today

    A massive botnet of hacked Internet of Things devices has been implicated in the cyberattack that caused a significant internet outage on Friday.

    The botnet, which is powered by the malware known as Mirai, is in part responsible for the attack that intermittently knocked some popular websites offline, according to Level 3 Communications, one of the world’s largest internet backbone providers, and security firm Flashpoint.

    “We are seeing attacks coming from a number of different locations. We’re seeing attacks coming from an Internet of Things botnet that we identified called Mirai, also involved in this attack,” Dale Drew, chief security officer at Level 3 Communications, said on a livestream on Friday afternoon.

  • How to Understand Today’s Internet Outage in 4 Words

    A massive DDoS attack against a major DNS service likely using a botnet of IoT devices resulted in Internet issues across the eastern United States Friday, making it hard for many users to access their favorite sites.

    Phew. That’s a lot of acronyms.

  • IoT Can Never Be Fixed

    This title is a bit click baity, but it's true, not for the reason you think. Keep reading to see why.

    If you've ever been involved in keeping a software product updated, I mean from the development side of things, you know it's not a simple task. It's nearly impossible really. The biggest problem is that even after you've tested it to death and gone out of your way to ensure the update is as small as possible, things break. Something always breaks.

    If you're using a typical computer, when something breaks, you sit down in front of it, type away on the keyboard, and you fix the problem. More often than not you just roll back the update and things go back to the way they used to be.

  • Hacked Cameras, DVRs Powered Today’s Massive Internet Outage

    A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

    Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

  • How an army of vulnerable gadgets took down the web today

    At some point this morning, one of the US’s critical internet infrastructure players was hit with a staggering distributed denial of service (DDoS) attack that has taken out huge swaths of the web. Sites like Twitter, Netflix, Spotify, Reddit, and many others — all clients of a domain registration service provider called Dyn — have suffered crippling interruptions and, in some cases, blanket outages.

    Details are now emerging about the nature of the attack. It appears the cause is what’s known as a Mirai-based IoT botnet, according to security journalist Brian Krebs, who cited cyber-threat intelligence firm Flashpoint. Dyn’s chief strategy officer Kyle Owen, who spoke with reporters this afternoon, later confirmed Flashpoint’s claim, revealing that traffic to its servers was clogged with malicious requests from tens of millions of IP addresses in what the company is calling a "very sophisticated and complex attack."

  • Fixing the IoT isn't going to be easy

    A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there's no real amount of diversification that can fix this - malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.

    To fix this properly we need to get rid of the compromised systems. The question is how. Many of these devices are sold by resellers who have no resources to handle any kind of recall. The manufacturer may not have any kind of legal presence in many of the countries where their products are sold. There's no way anybody can compel a recall, and even if they could it probably wouldn't help. If I've paid a contractor to install a security camera in my office, and if I get a notification that my camera is being used to take down Twitter, what do I do? Pay someone to come and take the camera down again, wait for a fixed one and pay to get that put up? That's probably not going to happen. As long as the device carries on working, many users are going to ignore any voluntary request.

  • Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS

    Software implementations of discrete logarithm based cryptosystems over finite fields typically make the assumption that any domain parameters they are presented with are trustworthy, i.e., the parameters implement cyclic groups where the discrete logarithm problem is assumed to be hard. An informal and widespread justification for this seemingly exists that says validating parameters at run time is too computationally expensive relative to the perceived risk of a server sabotaging the privacy of its own connection. In this paper we explore this trust assumption and examine situations where it may not always be justified.

    We conducted an investigation of discrete logarithm domain parameters in use across the Internet and discovered evidence of a multitude of potentially backdoored moduli of unknown order in TLS and STARTTLS spanning numerous countries, organizations, and protocols. Although our disclosures resulted in a number of organizations taking down suspicious parameters, we argue the potential for TLS backdoors is systematic and will persist until either until better parameter hygiene is taken up by the community, or finite field based cryptography is eliminated altogether.

Security News

Filed under
Security
  • Free tool protects PCs from master boot record attacks [Ed: UEFI has repeatedly been found to be both a detriment to security and enabler of Microsoft lock-in]

    Cisco's Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.

    The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.

    The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.

    Since the MBR code is executed before the OS itself, it can be abused by malware programs to increase their persistence and gain a head start before antivirus programs. Malware programs that infect the MBR to hide from antivirus programs have historically been known as bootkits -- boot-level rootkits.

    Microsoft attempted to solve the bootkit problem by implementing cryptographic verification of the bootloader in Windows 8 and later. This feature is known as Secure Boot and is based on the Unified Extensible Firmware Interface (UEFI) -- the modern BIOS.

  • DDOS Attack On Internet Infrastructure

    I hope somebody's paying attention. There's been another big DDOS attack, this time against the infrastructure of the Internet. It began at 7:10 a.m. EDT today against Dyn, a major DNS host, and was brought under control at 9:36 a.m. According to Gizmodo, which was the first to report the story, at least 40 sites were made unreachable to users on the US East Coast. Many of the sites affected are among the most trafficed on the web, and included CNN, Twitter, PayPal, Pinterest and Reddit to name a few. The developer community was also touched, as GitHub was also made unreachable.

    This event comes on the heels of a record breaking 620 Gbps DDOS attack about a month ago that brought down security expert Brian Krebs' website, KrebsonSecurity. In that attack, Krebs determined the attack had been launched by botnets that primarily utilized compromised IoT devices, and was seen by some as ushering in a new era of Internet security woes.

  • This Is Why Half the Internet Shut Down Today [Update: It’s Getting Worse]

    Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.

  • Major DNS provider Dyn hit with DDoS attack

    Attacks against DNS provider Dyn continued into Friday afternoon. Shortly before noon, the company said it began "monitoring and mitigating a DDoS attack" against its Dyn Managed DNS infrastructure. The attack may also have impacted Managed DNS advanced service "with possible delays in monitoring."

  • What We Know About Friday’s Massive East Coast Internet Outage

    Friday morning is prime time for some casual news reading, tweeting, and general Internet browsing, but you may have had some trouble accessing your usual sites and services this morning and throughout the day, from Spotify and Reddit to the New York Times and even good ol’ WIRED.com. For that, you can thank a distributed denial of service attack (DDoS) that took down a big chunk of the Internet for most of the Eastern seaboard.

    This morning’s attack started around 7 am ET and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. Dyn reported a third wave of attacks a little after 4 pm ET. In all cases, traffic to Dyn’s Internet directory servers throughout the US—primarily on the East Coast but later on the opposite end of the country as well—was stopped by a flood of malicious requests from tens of millions of IP addresses disrupting the system. Late in the day, Dyn described the events as a “very sophisticated and complex attack.” Still ongoing, the situation is a definite reminder of the fragility of the web, and the power of the forces that aim to disrupt it.

  • Either IoT will be secure or the internet will be crippled forever

    First things first a disclaimer. I neither like nor trust the National Security Agency (NSA). I believe them to be mainly engaged in economic spying for the corporate American empire. Glenn Greenwald has clearly proven that in his book No Place to Hide. At the NSA, profit and power come first and I have no fucking clue as to how high they prioritize national security. Having said that, the NSA should hack the Internet of (insecure) Things (IoT) to death. I know Homeland Security and the FBI are investigating where the DDoS of doomsday proportions is coming from and the commentariat is already screaming RUSSIA! But it is really no secret what is enabling this clusterfuck. It’s the Mirai botnet. If you buy a “smart camera” from the Chinese company Hangzhou XiongMai Technologies and do not change the default password, it will be part of a botnet five minutes after you connect it to the internet. We were promised a future where we would have flying cars but we’re living in a future where camera’s, light-bulbs, doorbells and fridges can get you in serious trouble because your home appliances are breaking the law.

  • IoT at the Network Edge

    Fog computing, also known as fog networking, is a decentralized computing infrastructure. Computing resources and application services are distributed in logical, efficient places at any points along the connection from the data source (endpoint) to the cloud. The concept is to process data locally and then use the network for communicating with other resources for further processing and analysis. Data could be sent to a data center or a cloud service. A worthwhile reference published by Cisco is the white paper, "Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are."

  • Canonical now offers live kernel patching for Ubuntu 16.04 LTS users

    Canonical has announced its ‘Livepatch Service’ which any user can enable on their current installations to eliminate the need for rebooting their machine after installing an update for the Linux kernel. With the release of Linux 4.0, users have been able to update their kernel packages without rebooting, however, Ubuntu will be the first distribution to offer this feature for free.

  • ​The Dirty Cow Linux bug: A silly name for a serious problem

    Dirty Cow is a silly name, but it's a serious Linux kernel problem. According to the Red Hat bug report, "a race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."

  • Ancient Privilege Escalation Bug Haunts Linux
  • October 21, 2016 Is Dirty COW a serious concern for Linux?
  • There is a Dirty Cow in Linux
  • Red Hat Discovers Dirty COW Archaic Linux Kernel Flaw Exploited In The Wild
  • Linux kernel bug being exploited in the wild
  • Update Linux now: Critical privilege escalation security flaw gives hackers full root access
  • Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know
  • 'Most serious' Linux privilege-escalation bug ever discovered
  • New 'Dirty Cow' vulnerability threatens Linux systems
  • Serious Dirty Cow Linux Vulnerability Under Attack
  • Easy-to-exploit rooting flaw puts Linux PCs at risk
  • Linux just patched a vulnerability it's had for 9 years
  • Dirty COW Linux vulnerability has existed for nine years
  • 'Dirty Cow' Linux Vulnerability Found
  • 'Dirty Cow' Linux Vulnerability Found After Nine Years
  • FakeFile Trojan Opens Backdoors on Linux Computers, Except openSUSE

    Malware authors are taking aim at Linux computers, more precisely desktops and not servers, with a new trojan named FakeFile, currently distributed in live attacks.

    Russian antivirus vendor Dr.Web discovered this new trojan in October. The company's malware analysts say the trojan is spread in the form of an archived PDF, Microsoft Office, or OpenOffice file.

And More Security Leftovers

Filed under
Security
  • The NyaDrop Trojan for Linux-running IoT Devices
  • Flaw resides in BTB helps bypass ASLR
  • Thoughts on the BTB Paper

    Though the attack might have some merits with regards to KASLR, the attack on ASLR is completely debunked. The authors of the paper didn't release any supporting code or steps for independent analysis and verification. The results, therefore, cannot be trusted until the authors fully open source their work and the work is validated by trusted and independent third parties.

  • Spreading the DDoS Disease and Selling the Cure

    Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.

More Security News (and FUD)

Filed under
Security

CVE-2016-5195 Patched

Filed under
Linux
Security
Ubuntu
  • Linux Kernels 4.8.3, 4.7.9 & 4.4.26 LTS Out to Patch "Dirty COW" Security Flaw

    Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability.

    Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.

  • Canonical Patches Ancient "Dirty COW" Kernel Bug in All Supported Ubuntu OSes

    As reported earlier, three new Linux kernel maintenance releases arrived for various Linux-based operating systems, patching a critical and ancient bug popularly known as "Dirty COW."

    We already told you that the kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.

Security News

Filed under
Security
  • Security advisories for Thursday
  • More information about Dirty COW (aka CVE-2016-5195)

    The security hole fixed in the stable kernels released today has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.

  • CVE-2016-5195

    My prior post showed my research from earlier in the year at the 2016 Linux Security Summit on kernel security flaw lifetimes. Now that CVE-2016-5195 is public, here are updated graphs and statistics. Due to their rarity, the Critical bug average has now jumped from 3.3 years to 5.2 years. There aren’t many, but, as I mentioned, they still exist, whether you know about them or not. CVE-2016-5195 was sitting on everyone’s machine when I gave my LSS talk, and there are still other flaws on all our Linux machines right now. (And, I should note, this problem is not unique to Linux.) Dealing with knowing that there are always going to be bugs present requires proactive kernel self-protection (to minimize the effects of possible flaws) and vendors dedicated to updating their devices regularly and quickly (to keep the exposure window minimized once a flaw is widely known).

  • “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)

    While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

  • Linux users urged to protect against 'Dirty COW' security flaw

    Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'.

    This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild.

    Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used.

    "The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.

  • Hackers Hit U.S. Senate GOP Committee

    The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC).

    [...]

    Dataflow markets itself as an “offshore” hosting provider with presences in Belize and The Seychelles. Dataflow has long been advertised on Russian-language cybercrime forums as an offshore haven that offers so-called “bulletproof hosting,” a phrase used to describe hosting firms that court all manner of sites that most legitimate hosting firms shun, including those that knowingly host spam and phishing sites as well as malicious software.

    De Groot published a list of the sites currently present at Dataflow. The list speaks for itself as a collection of badness, including quite a number of Russian-language sites selling synthetic drugs and stolen credit card data.

    According to De Groot, other sites that were retrofitted with the malware included e-commerce sites for the shoe maker Converse as well as the automaker Audi, although he says those sites and the NRSC’s have been scrubbed of the malicious software since his report was published.

    But De Groot said the hackers behind this scheme are continuing to find new sites to compromise.

    “Last Monday my scans found about 5,900 hacked sites,” he said. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.”

  • Thoughts on the BTB Paper

    The Branch Target Buffer (BTB) whitepaper presents some interesting information. It details potential side-channel attacks by utilizing timing attacks against the branch prediction hardware present in Intel Haswell processors. The article does not mention Intel processors later than Haswell, such as Broadwell or Skylake.

    Side-channel attacks are always interesting and fun. Indeed, the authors have stumbled into areas that need more research. Their research can be applicable in certain circumstances.

    As a side-note, KASLR in general is rather weak and can be considered a waste of time[1]. The discussion why is outside the scope of this article.

Linux users urged to protect against 'Dirty COW' security flaw

Filed under
Linux
Red Hat
Security

Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'.

This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild.

Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used.

"The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.

Read more

Also: New Debian Linux Kernel Update Addresses "Dirty COW" Bug, Three Security Issues

Why Security Distributions Use Debian

Filed under
Security
Debian

What do distributions like Qube OS, Subgraph, Tails, and Whonix have in common? Besides an emphasis on security and privacy, all of them are Debian derivatives -- and, probably, this common origin is not accidental.

At first, this trend seems curious. After all, other distributions ranging from Slackware and Gentoo to Arch Linux all emphasize security and privacy in their selection of tools. In particular, Fedora's SE Linux can be so restrictive that some users would rather disable it than learn how to configure it. By contrast, while Debian carries many standard security and privacy tools, it has seldom emphasized them.

Similarly, Debian's main branch consists of only free and open source software, its contrib and non-free branches not being official parts of the distribution. With many security experts favoring the announcement of vulnerabilities and exploit code rather than relying on security through obscurity, the way that many pieces of proprietary software do, this transparency has obvious appeal.

Yet although the advantage of free software to security and privacy is that the code can be examined for backdoors and malware, this advantage is hardly unique to Debian. To one or degree another, it is shared by all Linux distributions.

Read more

More from Susan: Why Use Linux, Systemd Complications, Debian's Security

Syndicate content

More in Tux Machines

Red Hat and Fedora

  • Is there need for Red Hat Certification training in Zimbabwe?
    A local institution is investigating the need to train Systems Administrators/Engineers who use Linux towards Red Hat certifications. The course is targeted at individuals with at least 2 years experience using Linux.
  • Red Hat, Inc. (NYSE:RHT) By The Numbers: Valuation in Focus
  • Fedora @ Konteh 2017 - event report
    This year we managed to get a booth on a very popular student job fair called Konteh. (Thanks to Boban Poznanovic, one of the event managers)
  • Fedora 26 Alpha status is NO-GO
    The result of the second Fedora 26 Alpha Go/No-Go Meeting is NO-GO. Due to blockers found during the last days [1] we have decided to delay the Fedora 26 Alpha release for one more week. There is going to be one more Go/No-Go meeting on the next Thursday, March 30th, 2017 at 17:00 UTC to verify we are ready for the release.
  • Fedora 26 Alpha Faces Another Delay
    Fedora 26 was set back by a delay last week and today it's been delayed again for another week. Fedora 26 Alpha has been delayed for another week when at today's Go/No-Go meeting it was given a No-Go status due to outstanding blocker bugs.

GNOME News: Gtef, GNOME 3.24 Release Video, Epiphany 3.24

  • Gtef 2.0 – GTK+ Text Editor Framework
    Gtef is now hosted on gnome.org, and the 2.0 version has been released alongside GNOME 3.24. So it’s a good time for a new blog post on this new library.
  • GNOME's GTK Gets Gtef'ed
    Developer Sébastien Wilmet has provided an overview of Gtef with this text editing framework having been released in tandem with GNOME 3.24. Gtef provides a higher level API to make it easier for text editing or in developer-focused integrated development environments.
  • The Official GNOME 3.24 Release Video Is Here
    By now you’re probably well aware that a new update to the GNOME desktop has been released — and if you’re not, where’ve you been?! GNOME 3.24 features a number of neat new features, welcome improvements, and important advances, most of which we’ve documented in blog posts during the course of this week.
  • A Web Browser for Awesome People (Epiphany 3.24)
    Are you using a sad web browser that integrates poorly with GNOME or elementary OS? Was your sad browser’s GNOME integration theme broken for most of the past year? Does that make you feel sad? Do you wish you were using an awesome web browser that feels right at home in your chosen desktop instead? If so, Epiphany 3.24 might be right for you. It will make you awesome. (Ask your doctor before switching to a new web browser. Results not guaranteed. May cause severe Internet addiction. Some content unsuitable for minors.)

today's howtos

AMDGPU Vega Patches and AMD Open-Sources Code

  • More AMDGPU Vega Patches Published
    Less than one week after AMDGPU DRM Vega support was published along with the other Vega enablement patches for the Linux driver stack, more Direct Rendering Manager patches are being shot out today.
  • AMD have announced 'Anvil', an MIT-licensed wrapper library for Vulkan
    AMD are continuing their open source push with 'Anvil' a new MIT-licenses wrapper library for Vulkan. It's aim is to reduce the time developers spend to get a working Vulkan application.
  • AMD Open-Sources Vulkan "Anvil"
    While waiting for AMD to open-source their Vulkan Linux driver, we have a new AMD open-source Vulkan project to look at: Anvil. Anvil is a project out of AMD's GPUOpen division and aims to be a wrapper library for Vulkan to make it easier to bring-up new Vulkan applications/games. Anvil provides C++ Vulkan wrappers similar to other open-source Vulkan projects while also adding in some extra features.