Language Selection

English French German Italian Portuguese Spanish


Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Best Open Source Secure Email Gateway Packages

Secure Email Gateways or Email security gateways are gateways designed to filter mail traffic. Some mail providers and other types of organizations implement this solution to fight attacks like phishing, email-borne attacks, viruses, malwares and more attacks which can be filtered by an email gateway, but it also can prevent information leak by infidel members of the organization, etc. It is a controller of mail content which rules according to the specified rules and policies. Email Secure Gateways are available as a cloud service, as virtual appliance, locally at the mail server and there are both software and hardware solutions but this article focuses on 5 Email Security Gateways: MailScanner, MailCleaner, Proxmox, Hermes Secure Email Gateway and OrangeAssasin, all them include free versions while some offer additional paid versions with extra features. Read more

FerenOS (2020) | Review from an openSUSE User

FerenOS undoubtedly focuses on visual aesthetics, user interface and user experience. The last time I looked at FerenOS, it was built on the Cinnamon Desktop Environment. At the time, the Plasma version was called “Feren Next” and and initially I was disappointed I didn’t use the Plasma version, but now I am very glad I did as I can compare this experience with my last FerenOS experience. This is my review as an openSUSE User. To say this will be completely objective would essentially be a big giant lie. This will be quite biased as I enjoy openSUSE Tumbleweed with the Plasma desktop, day in and day out on multiple machines, including my daily driver, low end laptops and more powerful workstations and servers. I am happily entrenched but that doesn’t mean I don’t like to look over the fences from time to time to see what other parts of the community are doing. Plus, you can’t go anywhere without bumping in to “FerenOS Dev” on some YouTube chat, Telegram or Discord announcing his enhancements. Bottom Line Up Front: FerenOS (2020) is simply fantastic. The way you are greeted and guided through your setup is brilliant. I am not keen on every design decision but that matters not as I am never keen on every design decision presented in any other distribution, to include my own. FerenOS is going for a look that is uniquely its own and is not afraid to experiment, cross toolkit boundaries and stray from the normal. I appreciate the design decisions, more than any other “boutique” distribution I have seen in a long while. Do I like all of them? No. Would I choose many of these? Also, No. But I think they do look great make for an enjoyable experience, just not one I would prefer. Read more

Security Leftovers

  • The Idealistic Future of HardenedBSD

    In the last status report, we stood up our own git server. Since then, we've migrated our entire infrastructure to point to our self-hosted git as the source-of-truth repo.

  • Leaked Documents Expose the Secretive Market for Your Web Browsing Data
  • Wladimir Palant: Avast's broken data anonymization approach

    Avast used to collect the browsing history of their users without informing them and turn this data into profits via their Jumpshot subsidiary. After a public outcry and considerable pressure from browser vendors they decided to change their practices, so that only data of free antivirus users would be collected and only if these explicitly opt in. Throughout the entire debacle Avast maintained that the privacy impact wasn’t so wild because the data is “de-identified and aggregated,” so that Jumpshot clients never get to see personally identifiable information (PII). [...] How Amazon would deanonymize this data The example used by Ondřej Vlček makes it very obvious who Avast tries to protect against. I mean, the address identifier they removed there is completely useless to me. Only Amazon, with access to their data, could turn that parameter value into user’s identity. So the concern is that Jumpshot customers (and Amazon could be one) owning large websites could cross-reference Jumpshot data with their own to deanonymize users. Their patent confirms this concern when explaining implicit private information. But what if Amazon cannot see that addressID parameter any more? They can no longer determine directly which user the browsing history belongs to. But they could still check which users edited their address at this specific time. That’s probably going to be too many users at Amazon’s scale, so they will have to check which users edited their address at time X and then completed the purchase at time Z. That should be sufficient to identify a single user. And if Jumpshot doesn’t expose request times to their clients or merely shows the dates without the exact times? Still, somebody like Amazon could for example take all the products viewed in a particular browser history and check it against their logs. Each individual product has been viewed by a large number of users, yet the combination of them is a sure way to identify a single user. Mission accomplished, anonymization failed. How everybody else could deanonymize this data Not everybody has access to the same amounts of data as Amazon or Google. Does this mean that in most scenarios Jumpshot data can be considered properly anonymized? Unfortunately not. Researchers already realized that social media contain huge amounts of publicly accessible data, which is why their deanonymization demonstrations such as this one focused on cross-referencing “anonymous” browsing histories with social media. And if you think about it, it’s really not complicated. For example, if Avast were collecting my data, they would have received the web address which I visited at some point. This address contains no information about me, plenty of other people visited it as well, so it would have been passed on to Jumpshot clients unchanged. And these could retrieve the list of likes for the post. My Twitter account is one of the currently 179 who’s on that list.

  • Mushtik botnet now shopping for Tomato routers

    A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet. Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant uses its botnet for only a few tasks, cryptocurrency mining as to launch DDoS attacks and it has not been spotted injecting any additional malware onto a system, said Palo Alto Networks Unit 42. [...] “Botnet developers are increasingly compromising IoT devices installed with the open source firmware, which often lack the security updates and maintenance patches necessary to keep devices safeguarded. End users should be cautious when installing open source firmware and must follow the security guidelines in the firmware manual,” Unit 42 said.

  • Fugue open sources Regula, security and compliance tool for Terraform

    Working with Terraform infrastructure-as-code can sometimes be a bit of a headache when it comes to tracking security misconfigurations and compliance violations, but now Fugue has open sourced their Regula tool to assist engineers with maintaining vigilance. Let’s take a closer look. Last week, cloud infrastructure security and compliance solution provider Fugue open sourced one of their tools called Regula. From the press release, it “is a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices.”

  • More 2020 Trends for Open Source and SCA [Ed: In order to sell its proprietary software, Flexera is -- as usual -- badmouthing FOSS security]

    A review of the National Vulnerability Database (NVD) shows the number of vulnerabilities contributed to the database is increasing year over year. Let’s be clear. This doesn’t mean that code development is getting worse. To the contrary, the industry is doing a better job of paying attention to finding and reporting issues and, in addition, to finding fixes that address problems. We see this as a trend that will continue into 2020 and beyond. Likewise, developers are spending a significant amount of time both reviewing and remediating vulnerabilities as opposed to innovating and improving their applications. Technical debt is more than ever moving to the forefront of application development as engineers are dealing with security issues that were once dormant or unknown but because of raised awareness are now being discovered.

Games: Isleward, Unity, Nethercard Kingdom, FoodBall, Dezatopia, PULSAR: Lost Colony and More

  • Isleward - a free and open source cross-platform roguelike MMO

    I adventured far and wide, clicking across page after page of unique and often very weird games on until a little sparkle caught my eye. That spark was Isleward, a free and open source roguelike MMO. The developer claims it's "the world's only open source, moddable, roguelike MMO"—a bold claim. There's been a few classic-styled roguelike MMOs before, however being free and open source like this with cross-platform play in your browser (and downloads for Linux, macOS and Windows) is certainly refreshing.

  • Unity deprecating built-in XR (VR/AR etc) support for a new plugin system - Valve doing their own for SteamVR

    While the state of Virtual/Mixed/Augmented Reality (XR) is constantly in flux and improving all the time, Unity have announced with Unity 2019.3 that their built-in XR support is being deprecated. Unity 2019.3 is the next upcoming (Edit: now out after we published this) major build of the Unity game engine, currently in Beta and when released they're going to be pushing their newer unified XR plugin framework. It makes sense, giving developers of XR hardware the chance to get updates out a lot quicker, rather than waiting for engine upgrades.

  • Unity 2019.3 is now out - adds Google Stadia support and IL2CPP on Linux

    Another big new release of the Unity game engine has today been released with 2019.3, full to the brim with massive tech enhancements. On the Linux side, which we're most interested in, is finally the inclusion of IL2CPP support (a Unity-developed scripting backend) on Linux builds of games and applications. Linux missing this caused issues for a few developers, so hopefully now publishing Linux builds with Unity might be better. Unity say that x can increase the "performance, security, and platform compatibility" of Unity projects. OpenGL and Vulkan especially saw plenty of bug fixes too.

  • Nethercard Kingdom - a free deck-builder with real-time battles

    I'm always on the hunt for new and exciting games, a big fan currently of deck-building strategy games of all kinds. This never-ending search recently led me to the free Nethercard Kingdom and I want more. Unlike most deck-builders, the combat in Nethercard Kingdom happens in real-time. You have to build a deck of assorted cards, each with their own mana cost. As you battle, your mana constantly refills allowing you to play these cards which form your troops who battle out in real-time, plus you can also use spells.

  • FoodBall, a mix of car combat and Football comes to Linux later this year

    Cat-astrophe Games are currently developing FoodBall, a game that mixes together car combat and Football with a theme involving all sorts of edible items. When speaking to their team about it recently, they confirmed that not only is FoodBall coming to Linux but their team "actually work on Linux a lot" and their CTO "loves Linux".

  • Dezatopia, a unique feeling multi-directional shoot 'em up is out now - it's awesome

    Developer HEY and Japanese publisher Hanaji Games have released Dezatopia, an imaginative and unique feeling multi-directional shoot 'em up with Linux support. [...] Managing your weapons is key to victory. You're able to set them to auto fire, however, that doesn't allow their charge to build up. Additionally, you collect Crystals from destroyed objects but you can only collect them automatically when all weapons are off. The more weapons you having firing at once, the slower you move too.

  • Co-op first-person spaceship command game PULSAR: Lost Colony now has a proper tutorial

    PULSAR: Lost Colony is a fantastic idea for a game, always has been but it lacked a good experience for new players and it was easy to bounce off it. Giving each player a dedicated role on a spaceship, this co-op game can be a lot of fun. Shouting orders at each other with one playing as the Captain and others as the Pilot, Scientist, Weapons Specialist and Engineer it can be quite a riot. If you've always wanted to be part of a crew and travel the galaxy together, this is a fun choice.

  • Catch the True Sight: The International 2019 Grand Finals - the Dota 2 documentary tonight

    Tonight, Valve will be releasing a documentary of the recent The International 2019 tournament, focused on the Grand Finals. During the Grand Finals we had a showdown between OG and Team Liquid, with OG making history during the tournament by not only being the first team to win The International two times in a row but also the first team to carve their names into the Aegis (the physical trophy) for a second time. Since then, multiple members of the Team Liquid squad left to form Nigma.