TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 4 min 45 sec ago

Linux 4.11.1

Sun, 2017-05-14 17:47

I'm announcing the release of the 4.11.1 kernel.

All users of the 4.11 kernel series must upgrade.

The updated 4.11.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.11.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-st...

Also: Linux 4.10.16

Linux 4.9.28

Linux 4.4.68

read more

Kernel Space/Linux

Sun, 2017-05-14 17:38
  • Kernel prepatch 4.12-rc1
  • The Many New Features Of The Linux 4.12 Kernel

    With the Linux 4.12 merge window now over, here is a look at some of the most exciting features that were added to the Linux kernel for this next installment.

  • Razer Sabertooth & Mad Catz Brawlstick Support In Linux 4.12

    Dmitry Torokhov has sent in some last-minute updates for the Linux 4.12 kernel around its input support.

    In particular, this final pull request is primarily an xpad input driver update. This xpad driver update adds in USB IDs for the Mad Catz Brawlstick and Razer Sabertooth.

  • Freedreno Gallium3D Gets Hardware Binning For A5xx

    The Freedreno Gallium3D driver for open-source, reverse-engineered 3D driver support for Qualcomm Adreno graphics has another important performance feature.

    Hardware binning is now supported by the latest-generation A5xx hardware on Freedreno. Hardware binning can boost performance, when it was added for older hardware on Freedreno developer Rob Clark mentioned performance boosts of 35~45% for vertex-heavy workloads.

read more

today's howtos

Sun, 2017-05-14 17:37

read more

Leftovers: KDE

Sun, 2017-05-14 17:35
  • A ‘ittl bit on th’ kde.org work

    Earlier this week the decision was made to switch from Drupal to WordPress as the CMS used for the KDE.org main website. While Drupal is certainly a fine system, the decision to switch was borne when my quick work to update a WordPress asset turned into a serious venture much more successful than my work with Drupal. Prior to my contributing to KDE I used to develop on WP, and I was surprised to find out my experience largely held in this new version. In hindsight, WordPress was the obvious option considering this.

  • Release of KDE Frameworks 5.34.0

    May 13, 2017. KDE today announces the release of KDE Frameworks 5.34.0.

    KDE Frameworks are 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the Frameworks 5.0 release announcement.

  • KDE Frameworks 5.34 Released

    The latest monthly KDE Frameworks 5 update is now available for KDE/Qt developers.

    This month's KDE Frameworks 5.34 release brings new/updated Breeze icons, the KAuth fix for the root exploit vulnerability reported a few days ago, KAuth integration in document saving for KTextEditor, KWayland does some additional surface validation, Plasma Framework updates, an Arduino extension in the syntax highlighting, and various other changes.

  • Introduction and plans for GSoC
  • GCompris- Changes made in roman_numerals activity
  • Latte Dock v0.6.2
  • Latte Dock v0.6.1

    Latte Dock v0.6.1 (bug fix release) is out and you can get its source from our release page at github. Those that dont want to build it by themselves should wait their distro's repos/channels to provide it. Many distros are already providing packages for v0.6.0 and we update that list at our main page in github.

  • A sandbox for the screen locker
  • Plasma bugfix releases, Frameworks, & selected app updates now available in backports PPA for Zesty and Xenial

    Plasma Desktop 5.9.5 for Zesty 17.04, 5.8.6 for Xenial 16.04, KDE Frameworks 5.33 and some selected application updates are now available via the Kubuntu backports PPA.

  • Telegram desktop client for flatpak #3
  • Cutelyst benchmarks on TechEmpower round 14
  • Finishing started activities
  • Craft: Time for a Beta
  • My adventures on crafting PT I
  • Okular – An eye for an eye

    Documents, documents, documents. Didn’t Steve Ballmer shout that at some expo some time ago? No? Never mind. Let’s talk about Okular instead, then. This is a document viewer for Linux and THE document viewer available in the KDE/Plasma desktop environment. It’s been around for a long time, it’s survived quite a few seasons of ever-changing desktop versions and tool, and its name doesn’t even begin with the letter K, which tells you how robust it really is.

    Having embarked on a journey of leaving no stone unturned in the Linux desktop world, it is time for me to take a deeper look at Okular. We started with the rather comprehensive State of Plasma report, we talked about Amarok and whether it will ever see revival, and now we will do this. After me.

  • The second QDQuest Krita game art course is out!

    The second premium Krita game art course, Make Cel Shaded Game Characters, is out! It contains 14 tutorials

  • LaKademy 2017

    I’m here for the first time to talk about my first participation in a sprint event and try to keep coming out of my shell. To clarify this, I have to back in time…

  • Google Drive integration in Plasma

    It took longer than expected (many pieces to fit together), but now it’s ready: KDE Plasma is going to get Google Drive integration! Just add your Google account once, in the System Settings “Online Accounts” module, and you will be able to browse your Google Drive files from Dolphin or Plasma Folder View applets.

read more

GNU/Linux Review: Ubuntu MATE 17.04 Zesty Zapus

Sun, 2017-05-14 17:15

Ubuntu MATE 17.04 has been released at April 13th 2017. Here is a review for this user-friendly, desktop-oriented operating system with highly customizable interface and complete set of software. It keeps the same user-experience from the old Ubuntu GNOME2 era while also providing 4 other desktop layout choices (that resemble OS X, Windows, and Unity plus a Netbook-friendly look) and user can transform between them anytime. With only around 550MB of RAM idle use and the latest MATE 1.18, Ubuntu MATE 17.04 becomes an ultimate desktop choice for everyone. I hope you'll enjoy this review and be comfortable with 17.04.

read more

Eric Hameleers on Slackware

Sun, 2017-05-14 17:10
  • Some thoughts on the recent updates in Slackware-current

    Last week, a new LTS kernel (4.9.26), new glibc (2.25) and a new gcc compiler suite (7.1.0) landed in Slackware-current. Note that gcc no longer contains the Java compiler (gcj): subsequently Slackware’s gcc-java package has been removed from slackware-current.
    We are at the head of the herd again folks. There is not yet any other distro that ships with the gcc-7 compiler by default. This will certainly pose some challenges for people who compile their stuff themselves – the SBo team warned their community about scripts that require patches to compile against gcc-7.

  • liveslak 1.1.8 and new ISO images

    Not much news of late about my ‘liveslak‘ scripts. I occasionally tweak them but the modifications these days are fairly minor. I stamped a new version on the repository this week: liveslak 1.1.8 on the occasion that I wanted to generate and upload a fresh series of Slackware-current based Live ISO images. After all, liveslak is meant to be a showcase of what Slackware-current is all about, and with the recent updates to kernel, gcc, glibc and more, a refresh was more than welcome.

  • Palemoon browser

    The Pale Moon browser was forked off the Mozilla Firefox codebase a couple of years ago, before Firefox switched to the Australis User Interface. Since then, the project has steadily been diverging from the Firefox codebase, optimizing its Gecko layout engine and rebranding that to ‘Goanna’ (which is the name of just another lizard). The community has a large vote in the direction the Pale Moon browser’s features are taking.

  • Chromium packages refreshed with v58

    I really like my new job. It is exciting, rewarding, but also demanding, and I find that I have a lot less free time at hand these days than I used to when I was with IBM. Hacking Slackware is becoming a luxury. Simply, because I realized how easily I can lose my job when an administrator puts my name in a spreadsheet… so I work my ass off and try to convince everyone that I am indispensable. Works so far.

  • Adobe Flash security update May ’17

read more

Security News, Notably Microsoft/NSA Catastrophe

Sun, 2017-05-14 11:55
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

read more

LinuxAndUbuntu Distro Review Of The Week Bodhi Linux

Sun, 2017-05-14 06:17

​Bodhi Linux is essentially one of those distributions which try to bring your old PC back to life but at the same time, tries to make it look like it is still keeping up with the latest trends in Design and Interface. And with every new release, its community is growing larger and larger. We will look at the latest release which comes with a new theme and more bug fixes (more on this later).

more" title="Read the rest of this article" />

read more

Linux 4.12-rc1

Sun, 2017-05-14 02:20

Linus Torvalds has went ahead and closed the Linux 4.12 kernel merge window one day early with the release of 4.12-rc1.

Linus wrote of 4.12-rc1, "Despite it being fairly large, it has (so far) been pretty smooth. I don't think I personally saw any breakage at all, which is always nice. Usually I end up having something break, or trigger some silly build failure that really should have been noticed before it even got to me, but so far things are looking good. Famous last words."

Also: Linux 4.12-rc1 Kernel Released One Day Early

read more

today's leftovers

Sat, 2017-05-13 21:48
  • FLOSS Weekly 432: FreeNAS

    Simon was co-host of the lively interview with the FreeNAS project last week on FLOSS Weekly 432.

  • Oracle Is Working On Interrupt-Aware Scheduler For Linux

    Rohit Jain of Oracle's Linux kernel team is working on an interrupt aware scheduler, which should improve performance for workloads with interrupt activity.

  • VC4 Raspberry Pi 3D Driver Development Has Been Busy This Spring

    Broadcom developer Eric Anholt has been busy this spring leading the charge on advancing the VC4 DRM+Gallium3D driver stack that most notably is used by Raspberry Pi devices for a fully-open graphics driver stack.

  • CoreOS releases Tectonic 1.6.2 with Kubernetes

    In CoreOS’ latest Tectonic release, it is providing several features to deliver enterprise Kubernetes. Tectonic 1.6.2 comes with major updates, like Kubernetes 1.6.2, and backend Terraform support for Tectonic Installer on AWS and bare metal.

    In this release, the Tectonic Installer is now supported by Terraform, a tool for safely launching and building infrastructure. According to head of product at CoreOS Mackenzie Burnett, in a blog post, shipping Tectonic with Terraform is “setting the stage” for scriptable and customizable installations of self-hosted Kubernetes on AWS and bare metal.

read more

Leftovers: Software (Ebook Authoring Tools, Feedreader, and Wire)

Sat, 2017-05-13 21:47
  • Top 5 Ebook Authoring Tools for Linux

    Ebooks are quickly becoming the most popular publication medium for books. More people than ever are buying their books in digital form, and ebooks open up an invaluable opportunity for publishers and self-published authors alike. ebooks are even a popular tool for inbound marketing and lead generation.

    If you want to create your own ebook in Linux, you have some excellent options, and they’re all free (both as in beer and freedom) and open source.

    These aren’t in any particular order. They’re all great, and you should choose the one that best fits your use case and style.

  • Is Feedreader the Best RSS Reader for Ubuntu?

    Many people still read the news from RSS feeds, using services like Feedly, Feedbin and Old Reader to fetch, read and sync content between devices – myself very much included. Feedreader is a desktop RSS reader for Ubuntu and other Linux desktops. It has a clean, straightforward design with a three-panel layout.

  • Wire – A Secure Open Source Chat Application for Linux Systems

    We have covered many VoIP applications in past like Skype, Ring, Viber, etc. Today we are going to cover about wire. Wire is another VoIP applications which has full end-to-end encryption and best alternative for Skype users since Skype doesn’t offer all the features which is available for Windows and there is no proper updates for Linux too.

read more

Fedora 25 and Fedora 26

Sat, 2017-05-13 21:44

read more

Tizen and Android

Sat, 2017-05-13 21:43

read more

Leftovers: OSS and Sharing

Sat, 2017-05-13 21:42

read more

Security Leftovers

Sat, 2017-05-13 21:38
  • Intel's Management Engine is a security hazard, and users need a way to disable it

    Since 2008, most of Intel’s CPUs have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

    This post will describe the nature of the vulnerabilities (thanks to Matthew Garrett for documenting them well), and the potential for similar bugs in the future. EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our CPUs, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

  • 'Accidental hero' halts ransomware attack and warns: this is not over

    Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

  • Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

    Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

  • Vanilla Forums has a plain-flavoured zero-day

    The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016.

    Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.”

    The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as its default transport, as discussed by Legal Hackers here.

  • Google Fuzzing Service Uncovers 1K Bugs in Open-Source Projects

    Today’s topics include Google’s fuzzing service uncovering more than 1,000 bugs in open-source projects in five months, VMware helping Google make Chromebooks better for business; Edward Snowden advocating the need for open source and OpenStack; and Dell EMC aiming servers at data center modernization efforts.

read more

Pages