Language Selection

English French German Italian Portuguese Spanish

Just talk

Happy Easter and Remarkable Spring

Filed under
Just talk

Happy Easter

Happy New Year From Roy and Rianne

Filed under
Just talk

Xmas tree

2014 was a great year for Tux Machines. The site moved to a new server with much higher capacity and better caching, Rianne and I moved to a better house, and we finally set up a tree the way we wanted to. Financial contributions from readers were enough to subsidise a laptop for Rianne and she now happily submits a lot of links from there.

In 2015 we expect to improve both volume and quality of links. We are going to think of ways to improve the Web site and we openly welcome suggestions from readers. The goal is to make the site more informative more efficiently. We wish to help readers steer away from cruft and gossip and instead identify news of importance, without repetition unless new information and details arise.

Vacation Photos

Filed under
Just talk

Tux and Rianne

Last week we did not post as much news as usual because we went to the south of England with Roy's sister. We did take some photos.

Fireworks! And Tux Machines Works.

Filed under
Just talk

November effigies

Fireworks continue to appear all over the place, even a day after Guy Fawkes Night. Yesterday the city was full of smoke (as though it is under heavy fog all around), but that is just an annually-recurring tradition. It's very bad for the environment, but hey, lots of people enjoy it.

Over 400 Guy Fawkes tried to destroy the House of Lords, just as some gang or a person has been trying now for nearly two months to keep Tux Machines offline. Thankfully, however, the attacks are not succeeding anymore because we have refined our defenses and the offending zombie PCs are being banned left and right (all day long). Surely the plot has been foiled. All we need now is effigies.

Tux Claus

Filed under
Just talk

Tux Claus

Summer is finally over, but summertime or the climate hasn't officially changed yet. I wonder if I can still do something out of the ordinary, but the weather is disrupting my planned activities outside. Sometimes there is sunlight, but the next minute the dark clouds covers the beautiful sky and it makes the day dull and cold.

Two days ago my husband and I went to stroll inside the mall and ended up buying some personal stuff in a store. While I was in a queue to pay my husband was in a hurry to add this tiny bit of stuff which I didn't recognise at first. I thought of ignoring and not buying that tiny little thing. Then my husband said "look what I found" and then I asked what is it -- it's tux! Tux Claus. Soon I saw a tiny penguin dressed in Santa clothes; the design was simple ,but it was artistically made. I know it is still early, but we're both excited to add Tux under our Christmas tree and be merry.

Life Goes On

Filed under
Just talk

Manchester

TUX MACHINES HAS BEEN under attack for nearly two weeks now. We need not really comment on our technical means of defence and how we mostly overcome these attacks (we are not giving too many clues to the attackers, who are mostly deflected with blacklists and redirects for the time being), but for the most part the Web site continues to run and to serve visitors. That's what is important. We work hard to keep posting the latest news and not let distraction, aggravation or sabotage get in the way. It is hard to imagine who would want to attack a site like this. This site is not even political or controversial.

In more general news, Manchester has had a nice and warm September. It continues into October (so far). Today we started seeing some hybrid (partly electric) double-decker buses and today we also found out that the health club we always go to has been voted best in the north west and third-best in the UK for the second year in a row. We still post some news whilst out of the house (if a wireless connection becomes available) and this morning the weather was so fine that we managed to play some badminton outdoors.

Life goes on and no level of attacks on the site is going to stop it. There are many ways to combat DDOS attacks, so they are merely a nuisance. The attackers should know that they are only wasting their time; there are much better things to do in life. Those commandeering Microsoft Windows botnets would be better off targeting the KKK or something, not a GNU and Linux news site.

Logo Concepts

Filed under
Just talk

More below...

Secret Back Doors in Android

Filed under
Just talk

I am everything but a Google basher and I spent a lot of my life descending deep into research of Google foes, Google smear campaigns, lawsuits by proxy, and antitrust actions by proxy. I also advocate Android, but in recent years I have been increasingly concerned about the direction it is taking. I wish to share my latest concern. It relates to what the media characterises as "anti-theft" but is actually a facility to kill phones in a protest or convert them into hostile listening devices. Technology impacts human rights and those who control technology can be tempted to control humans.

Google habitually updates my tablet. It is a Nexus 7 tablet which Google invites itself to update remotely (shame on me for not installing Replicant, but this device does not support it yet). It is not a 3G tablet and it does not have two operation systems (unlike mobile phones) or even a carrier tracking its location all the time. It's a purely Android device with no network tying. It is network-agnostic. I only bought it because in order to replace my PDA (for over a decade) I wanted a device that is not a tracking device. Phones were out of the question.

Networks don't track the tablet. Google, however, is always out there, fully able to identify the connected user (latched onto a Gmail address because of Play), modifying the software without even the user's consent (the user is sometimes prompted to boot, without being able to opt out of the core update itself).

The update in itself is not a problem. What's problematic is its effect.

Following the latest Google update (which I was given no option to reject) I noticed that Google had added a remote kill switch as an opition. It was enabed by default. "Allow remote lock and erase" is what Google calls it and it is essentially working like a back door. Google and its partners in government are gaining a lot of power not over a smartphone but over a tablet.

The significance of this is that not only phones should be assumed to be remotely accessible for modification, including for example additional back doors. What's more, some devices that were sold without this functionality silently have it added. According to the corporate press, the FBI remotely turns Android devices into listening devices and it is getting simpler to see how.

NSA and PRISM destroy our computing. We definitely need to demand Free software, but we should go further by asking for audits, rejecting user-hostile 'features' like DRM, 'secure' boot, and kill switches. I gradually lose any remaining trust that I had in Google and even Free software such as Android.

Manchester and Computing

Filed under
Just talk

Manchester's role in the history of computing is not widely recognised. I spent several years working in Manchester Computing and I studied where the first programmable computer was built (by Kilburn, whom the building was later named after). One of my colleagues at Manchester Computing (MCC) was the person who was first to build and distribute a GNU/Linux distribution (combining both GNU and Linux) and yesterday I met and spoke to one of the earlier PC distributors from across the road (supplier for Manchester Computing). Right here at the centre of Manchester a lot of the early milestones of computing took place (Turing also), but Manchester became better known for the splitting of atoms, the football teams, famous bands like Oasis, and the industrial revolution. A few days ago Rianne and I visited the local museum which demonstrates the industrial revolution (photo above from this album); what we really need here, however, are more museums documenting Manchester's role in modern computing. This city deserves more credit.

Nokia

Filed under
Just talk

It is now the talk of the town. Nokia will be making their own smartphone based on Android. It seems like they no longer want to be in the shadow, under Windows Phone. I would like to think this might be the comeback of Nokia phones after a decade or so. I liked Nokia as a gadget way before this so-called "smart phones" trend started. I remember when SMS became the most convenient tool for communication, like a telegraph type. Nokia phones were once a gadgets giant; only then, when Microsoft bought Nokia, the once cellphone giant was kept and never to be found. I mean, not literally, but I can hardly see Nokia out in the Market along with those cellphone giants like Mac/iOS , Blueberry and Samsung. Nokia's merging into Microsoft has never been good; their tandem strategy never created any new innovation that makes them different from the other competitors. In fact, there were no success stories for Nokia when it was based on Windows Phone.

I expect Nokia to have lots to offer in the next expo. Improvements in software using Android OS, distinct design in hardware which can compete in comparables among the others. The price might be a little less than the existing smartphones to attract potential costumers. Lastly, I wish Nokia well for bravely taking such a huge change. In this road it has many challenges, but it's worth taking.

Syndicate content

More in Tux Machines

How App Stores Are Addressing Fragmentation in the Linux Ecosystem

According to DistroWatch, 273 Linux distributions are currently active, with another 56 dormant and 521 discontinued. While some of these have shared underpinnings, it still makes for an extremely varied landscape for companies and developers. It means developers must create multiple versions of their applications to be able to provide their software to all Linux users or just address a fraction of the market. Also, developers require multiple versions of build tools, which inevitably results in significant resource overhead. Desktop application distribution is complex across all operating systems in general; in Linux, this is further compounded by such fragmentation and inter-dependencies both in the packaging and distribution of software. For example, Fedora uses the RPM packaging format, while Debian uses the .deb format. Moreover, packages built for one version of a Linux distribution are often incompatible with other versions of the same distribution and need to be built for each version separately. Read more

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

  • Open Source Security Podcast: Episode 161 - Human nature and ad powered open source

    Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source?

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post today. “Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits – given their capability to overwrite or modify parts of the kernel – makes it harder to clean compared to other malware,” the blog post states. “In addition, Skidmap has multiple ways to access affected machines, which allow it to reinfect systems that have been restored or cleaned up.”

  • Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

    Cryptocurrency-mining malware is still a prevalent threat, as illustrated by our detections of this threat in the first half of 2019. Cybercriminals, too, increasingly explored new platforms and ways to further cash in on their malware — from mobile devices and Unix and Unix-like systems to servers and cloud environments. They also constantly hone their malware’s resilience against detection. Some, for instance, bundle their malware with a watchdog component that ensures that the illicit cryptocurrency mining activities persist in the infected machine, while others, affecting Linux-based systems, utilize an LD_PRELOAD-based userland rootkit to make their components undetectable by system monitoring tools.

Oracle launches completely autonomous operating system

Together, these two solutions provide automated patching, updates, and tuning. This includes 100 percent automatic daily security updates to the Linux kernel and user space library. In addition, patching can be done while the system is running, instead of a sysadmin having to take systems down to patch them. This reduces downtime and helps to eliminate some of the friction between developers and IT, explained Coekaerts. Read more

Software: Zotero, PulseCaster and Qt Port of SFXR

  • Zotero and LibreOffice

    If you’re working with LibreOffice and need to create a bibliography, this software makes it simple to manage your citations. You can tell how few people use LibreOffice’s Bibliography Database by the fact that a bug that would take 10 minutes to fix has survived since 2002. Instead, those who need bibliographies or citations rely on other software such as Zotero, which can be integrated into LibreOffice with an extension. That robust bug is that the Citation Format in the database table is called the Short Name in the input fields. Even more confusing, the examples give an arbitrary name, when to work with the citation insertion tool in Insert | Table of Contents and Index | Insert Bibliography Entry, it should in a standard form, such as (Byfield: 2016) for the MLA format. Add the fact that a single database is used for all files – an absurdity in these memory-rich days – and the neglect of the Bibliography Database is completely understandable.

  • PulseCaster 0.9 released!

    For starters, PulseCaster is now ported to Python 3. I used Python 3.6 and Python 3.7 to do the porting. Nothing in the code should be particular to either version, though. But you’ll need to have Python 3 installed to use it, as most Linux bistros do these days. Another enhancement is that PulseCaster now relies on the excellent pulsectl library for Python, by George Filipkin and Mike Kazantsev. Hats off to them for doing a great job, which allowed me to remove many, many lines of code from this release. Also, due the use of PyGObject3 in this release, there are numerous improvements that make it easier for me to hack on. Silly issues with the GLib mainloop and other entrance/exit stupidity are hopefully a bit better now. Also, the code for dealing with temporary files is now a bit less ugly. I still want to do more work on the overall design and interface, and have ideas. I’ve gotten way better at time management since the last series of releases and hope to do some of this over the USA holiday season this late fall and winter (but no promises).

  • SFXR Qt 1.3.0

    I just released version 1.3.0 of SFXR Qt, my Qt port of the SFXR sound effect generator.