TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 9 min 41 sec ago

SkySilk Launches As Linux-Powered Cloud Provider, Offers AMD EPYC Instances

Fri, 2018-09-07 18:57

There is a new public cloud provider that exited beta this past weekend and is exclusively offering Linux instances from Arch Linux to CentOS to Debian and Fedora. In addition to the usual assortment of Intel Xeon powered clouds/VPS instances, they also offer a range of AMD EPYC powered systems too.

SkySilk has provided some credits for our testing and benchmarking of their new Linux cloud / virtual private servers. I've spent the past few days trying out some of their instances and running off a variety of benchmarks. While reviewing cloud providers isn't one of our main focuses at Phoronix, I always take the opportune to benchmark public clouds for fun. So for now are some of my initial tests for reference purposes should you be shopping around for a new cloud provider.

read more

Raspberry Pi HAT does hydroponic root zone monitoring

Fri, 2018-09-07 18:50

Autogrow has released open source files for building an “OpenMinder” root zone monitor HAT and API for the Raspberry Pi that manages water, pH, and nutrient usage in hydroponic farming.

Auckland, New Zealand based AgTech firm Autogrow has launched an OpenMinder project for DIY water management and root zone monitoring by releasing schematics and other open source files for building a Raspberry Pi HAT add-on board. The system, which came to our attention from a bizEdge New Zealand story, is designed in response to increasing restrictions on water usage and pesticide and fertilizer runoff. A commercial version is due in Q4 2019.

read more

Security: British Airways, MikroTik, Microsoft/NSA Back Doors and ProtonMail

Fri, 2018-09-07 12:02
  • British Airways breach sees hackers take-off with customers' payment details

    The airline fessed up to the mega-breach on Thursday, revealing that the payment cards of at least 380,000 customers have been "compromised" in a theft of data from the company's online booking systems.

  • Unpatched routers being used to build vast proxy army, spy on networks [Ed: And our governments MANDATE back doors. Mandate.]

    Researchers at China's Netlab 360 have discovered that thousands of routers manufactured by the Latvian company MikroTik have been compromised by malware attacking a vulnerability revealed April. While MikroTik posted a software update for the vulnerability in April, researchers found that more than 370,000 MikroTik devices they identified on the Internet were still vulnerable. The attack comes after a previous wave based on a vulnerability made public by WikiLeaks' publication of tools from the CIA's "Vault7" toolkit.

    According to a report by Netlab 360's Genshen Ye, more than 7,500 of them are actively being spied on by attackers, who are actively forwarding full captures of their network traffic to a number of remote servers. Additionally, 239,000 of the devices have been turned into SOCKS 4 proxies accessible from a single, small Internet address block.

  • North Korean Hacker Charged Over WannaCry Attack And Sony Hacking [Ed: They should charge Microsoft and the NSA for colluding to make back doors that emasculated crackers]

    The U.S. has charged and sanctioned a North Korean hacker who is accused of being responsible for the infamous WannaCry Cyberattacks of 2017 and the 2014 cyberassault on Sony Corp.

    The man named Park Jin Kyok who is the part of the Lazarus Group, a team of hackers, has been sanctioned under the strategy devised by the U.S. government for naming and shaming the hackers.

  • North Korean 'hacker' charged over cyber-attacks against NHS

    The US justice department has charged an alleged North Korean spy for helping to perpetrate cyber-attacks against the National Health Service that saw operations cancelled, ambulances diverted and patient records made unavailable following a worldwide hack in 2017 which affected computers in more than 150 countries.

  • DoJ to charge North Korean 'spy' over Sony Pictures, WannaCry attacks

    Pak is also linked to the notorious Lazarus Group, writes The Post, which has been linked to 2017 WannaCry attack that infected more than 300,000 computers worldwide and as many as one-fifth of NHS hospital trusts in the UK.

  • Brit teen arrested for involvement in DDoS attack on ProtonMail

    "It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online."

read more

Seattle GNU/Linux Conference and International Day Against DRM (IDAD)

Fri, 2018-09-07 11:09
  • Recognize free software heroes in Cascadia at SeaGL

    Presented in November 2018, at the Seattle GNU/Linux Conference (SeaGL), the Cascadia Community Builder Award honors the free software work of people living in the Cascadia region of the United States and Canada. The award is designed to recognize work in software projects, non-profit organizations, outreach and education, hackerspaces, user groups, or any activity that promotes the adoption and appreciation of free software to new and larger groups of people. The awards committee is especially interested in individuals who have successfully reached out to traditionally under-represented groups, even if that isn’t their primary goal.

    [...]

    The award will be presented at SeaGL, which takes place November 9 and 10, 2018 at Seattle Central College in Seattle, Washington. Want to be part of the action? SeaGL is actively seeking volunteers! Just email participate@seagl.org and introduce yourself!

  • IDAD 2018 modal window

    Looking to add the International Day Against DRM (IDAD) modal window to your Web site? Copy the following and paste it near the top of the contents of the "body" tag on your Web page.

  • Take action on September 18th for International Day Against DRM

    We're less than two weeks away from International Day Against DRM (IDAD), an annual day of action and celebration against Digital Restrictions Management (DRM). It's happening this September 18th, all over the world and the Web. IDAD is the day to stand together and loudly declare our stance against DRM. This is your chance to join a worldwide movement of people standing for digital freedom.

read more

What do open source and cooking have in common?

Fri, 2018-09-07 10:51

What’s a fun way to promote the principles of free software without actually coding? Here’s an idea: open source cooking. For the past eight years, this is what we’ve been doing in Munich.

The idea of open source cooking grew out of our regular open source meetups because we realized that cooking and free software have a lot in common.

read more

6 open source tools for writing a book

Fri, 2018-09-07 10:49

I first used and contributed to free and open source software in 1993, and since then I've been an open source software developer and evangelist. I've written or contributed to dozens of open source software projects, although the one that I'll be remembered for is the FreeDOS Project, an open source implementation of the DOS operating system.

I recently wrote a book about FreeDOS. Using FreeDOS is my celebration of the 24th anniversary of FreeDOS. It is a collection of how-to's about installing and using FreeDOS, essays about my favorite DOS applications, and quick-reference guides to the DOS command line and DOS batch programming. I've been working on this book for the last few months, with the help of a great professional editor.

read more

Android Leftovers

Fri, 2018-09-07 10:17
  • United Airlines Made Its App Stop Working On My Phone, And What This Says About How Broken The Mobile Tech Space Is

    This post isn't really about United Airlines, but let's start there because it's still due plenty of criticism.

    One day my phone updated the United App. I forget if I had trusted it to auto-update, or if I'd manually accepted the update (which I usually do only after reviewing what's been changed in the new version), but in any case, suddenly I found that it wasn't working. I waited a few days to see if it was a transient problem, but it still wouldn't work. So I decided to uninstall and reinstall, and that's where I ran into a wall: it wouldn't download, because Google Play said the new version wasn't compatible with my phone.

    [...]

    But let's not let United off the hook too soon. First, even if United were justified in ceasing to support an Android 4.x capable app, it should have clearly communicated this to the customers with 4.x phones. Perhaps we could have refused the update, but even if not, at least we would have known what happened and not wasted time troubleshooting. Plus we would have had some idea of how much United valued our business...

    Second, one of the points raised in United's defense is that it is expensive to have to support older versions of software. True, but if United wants to pursue the business strategy of driving its customers to its app as a way of managing that relationship, then it will need to figure out how to budget for maintaining that relationship with all of its customers, or at least those whose business it wants to keep. If providing support for older phones is too expensive, then it should reconsider the business decision of driving everyone to the app in the first place. It shouldn't make customers subsidize this business decision by forcing them to invest in new equipment.

    And then there was the third and most troubling point raised in United's defense, which is that Android 4.x is a ticking time bomb of hackable horror, and that any device still running it should be cast out of our lives as soon as possible. According to this argument, for United to continue to allow people to use their app on a 4.x Android device would be akin to malpractice, and possibly not even be allowed per their payment provider agreements.

  • Updated Android Bionic Commit Suggests API Level 29 will be Android Q
  • Official Open GApps Packages Now Available for Android Pie ROMs
  • Samsung Galaxy S10+ Variant Will Support 5G: Report
  • Huawei And Honor Phones Caught Cheating Benchmark Tests
  • Huawei & Honor's Recent Benchmarking Behaviour: A Cheating Headache
  • Confirmed: Google Pixel 3 Launch Event Scheduled For October 9

    Earlier today, Google sent out invites for its annual hardware event scheduled for October 9 this year. Google is most likely to announce its upcoming flagship Google Pixel 3, which has been leaked inside out, in the event.

read more

OpenMandriva Lx 4.0 Alpha Surfaces

Fri, 2018-09-07 07:39

We've been looking forward to the OpenMandriva Lx 4.0 release for a number of months now with Lx 3.0 having debuted two years ago. Fortunately, that release is inching closer to release as this week the alpha release is now available for testing.

OpenMandriva Lx 4.0 is a big release and as such is taking a long time to get into shape for release. Some of the big ticket items include switching back from RPM5 to RPM4, utilizing Fedora's DNF package manager, shipping with Linux 4.17~4.18 , LLVM Clang 7 as the default compiler while GCC 8 is also available , complete support for AArch64, and a variety of package updates.

read more

KDE and GNOME Desktop Leftovers

Fri, 2018-09-07 07:34
  • Librem 5 general development report — September 6th, 2018

    Some of the Purism team members attended Akademy 2018 in Vienna. This conference facilitated further discussions with KDE developers and it was nice to meet everyone in person!

  • [FreeBSD] .. in with the New

    So except for the Qt version, we’re keeping up reasonably well with the modern stuff. And we’ve finally joined most of the Linux distributions in deprecating KDE4 software. For KDE4-using ports that are not “ours”, we’re encouraging other ports maintainers to update them (e.g. to KF5-enabled versions) or follow in deprecating the software.

  • NetworkManager Picks Up Support For Dealing With LLMNR

    The latest merged feature work for NetworkManager is for supporting LLMNR (Link-Local Multicast Name Resolution) in conjunction with systemd-resolved.

    LLMNR is based on DNS and supports IPv4 and IPv6 to perform name resolution for hosts using the same local link. LLMNR is most practical for ad-hoc network scenarios but there is the potential for some network vulnerabilities around Link-Local Multicast Name Resolution.

  • Federico Mena-Quintero: My gdk-pixbuf braindump

    This where the calling program feeds chunks of bytes to the library, and at the end a fully-formed GdkPixbuf comes out, instead of having a single "read a whole file" operation.

    We conflated this with a way to get updates on how the image area gets modified as the data gets parsed. I think we wanted to support the case of a web browser, which downloads images slowly over the network, and gradually displays them as they are downloaded. In 1998, images downloading slowly over the network was a real concern!

    It took a lot of very careful work to convert the image loaders, which parsed a whole file at a time, into loaders that could maintain some state between each time that they got handed an extra bit of buffer.

    It also sounded easy to implement the progressive updating API by simply emitting a signal that said, "this rectangular area got updated from the last read". It could handle the case of reading whole scanlines, or a few pixels, or even area-based updates for progressive JPEGs and PNGs.

    The internal API for the image format loaders still keeps a distinction between the "load a whole file" API and the "load an image in chunks". Not all loaders got redone to simply just use the second one: io-jpeg.c still implements loading whole files by calling the corresponding libjpeg functions. I think it could remove that code and use the progressive loading functions instead.

read more

Open Source Summit and 2018 Linux Plumbers Conference

Fri, 2018-09-07 07:23
  • Open Source Summit: Innovation, Allies, and Open Development

    August was an exciting month for Linux and open source, with the release of Linux kernel 4.18, a new ebook offering practical advice for enterprise open source, and the formation of the Academy Software Foundation. And, to cap it off, we ended the month with a successful Open Source Summit event highlighting open source innovation at every level and featuring keynote presentations from Linus Torvalds, Van Jones, Jim Zemlin, Jennifer Cloer, and many others.

    In his welcoming address in Vancouver, The Linux Foundation’s Executive Director, Jim Zemlin, explained that The Foundation’s job is to create engines of innovation and enable the gears of those engines to spin faster.

  • LSS/OSS NA 2018 [Ed: Microsoft bought a keynote from the Linux Foundation. Yesterday the Foundation linked to 3 Microsoft promotional things. One was a month old, the other 3 months old. Makes one wonder if some Microsoft people now have editorial control at there too.]

    There was a talk on security in Zephyr and Fuchsia. While the focus of the conference is Linux, there's a growing interest in running Linux in conjunction with processors running other operating systems. Zephyr is an open source RTOS targeted at processors with a smaller footprint than Linux. Most of the security improvements have been adding features to take advantage of the MMU/MPU. One of those features was userspace support, which is always a bit of a surprise to hear as a new feature. Fuchsia is Google's new microkernel operating system. There's some argument that microkernels offer more security than Linux since more parts can run in userspace. Much of the talk was about the resource and namespace model. There's been a good deal of work put into this but it was noted much of this is still likely to be reworked.

    [...]

    Someone from Microsoft talked about Azure Sphere. Azure Sphere is Microsoft's attempt at an IoT based microprocessor that runs Linux. The real challenge is that the device has 4MB. The talk focused on what kinds of optimizations they had to do to get it to run in that space. There's been similar attempts before but 4MB is still incredibly impressive. I'll be keeping an eye out when the patches go upstream (and maybe buy a device).

  • Devicetree Microconference Accepted into 2018 Linux Plumbers Conference

    We are pleased to announce the the Devicetree Microconference has been accepted into the 2018 Linux Plumbers Conference!

    [...]

    Additional possible issues to be discussed may include potential changes to the Flattened Device Tree (FDT) format, reducing the Devicetree memory and storage size in the Linux kernel, creating new architecture to provide solutions to current problems, updating the Devicetree Specification, and using devicetrees in constrained contexts.

read more

Mozilla: Privacy, Testing Firefox 63 Beta 6 and Firefox 62 Tools Cool for School

Fri, 2018-09-07 07:18
  • On leveling the playing field and online tracking

    Over the years, browsers have spent significant efforts to restrict the attempts that these third-parties that are present on the Web today can do. However, these basic foundational problems have remained unsolved in most browsers. As a result, third-parties have been engaged in activities like collecting the user’s browsing history, personal data, information about their device, and so on, which is a subversion of the built-in protections that browsers provide to prevent the “straightforward” ways of getting this data from the third-party’s own website (aka, their own users). Safari is the notable exception in at least the area of exposure of global data to third-parties. I think they got the right defaults from the beginning which was hugely advantageous for both Safari and the browser community at large — for the latter since it showed that the “holy grail” of exposing no global data to third-parties is achievable, not some far-into-the-future dream which will never happen.

  • Firefox 63 Beta 6 Testday, September 14th

    We are happy to let you know that Friday, September 14th, we are organizing Firefox 63 Beta 6 Testday. We’ll be focusing our testing on Devtools Doorhanger menu, Web Compatibility features and PDF actions. We will also have fixed bugs verification and unconfirmed bugs triage ongoing.

    Check out the detailed instructions via this etherpad.

  • Firefox 62 – Tools Cool for School!

    Hello there! It’s been six-odd weeks, and the march of progress continues to, uh… march… progressingly. That means we have a brand new Firefox to share, with an abundance of bug fixes, performance improvements, and (in particular) sweet developer tool treats! So tuck in your napkin and enjoy this tasting menu of some of what’s new in Firefox 62.

read more

Compact thin client runs on Raspberry Pi 3 B+

Fri, 2018-09-07 06:59

Clientron has launched an “S-Cube Pi 3 B+ Thin Client” built around the Raspberry Pi 3 B+ SBC with Citrix XenDesktop, Microsoft RDP, and VMware Horizon View support.

The S-Cube Pi 3 B+ Thin Client is the first thin client we’ve seen built around the new Raspberry Pi 3 B+ SBC. This is Clientron’s first Arm-based thin client, as well as its smallest and most power efficient model to date, running on less than 5 Watts.

read more

Games: My Brother Rabbit, Europa Universalis IV: Dharma, Fantasy Strike, Life is Strange

Fri, 2018-09-07 06:51
  • My Brother Rabbit, the incredible looking adventure from Artifex Mundi is releasing on September 21st

    Artifex Mundi's latest beautiful game, My Brother Rabbit, is now set for release along with Linux support on September 21st. Their games always have some amazing art and this latest title certainly continues that tradition.

  • Europa Universalis IV: Dharma is now available, some thoughts

    The latest EU IV DLC focuses on South Asia and comes alongside a significant patch. I fought with elephants, braved the monsoons and have a few thoughts to share about the experience.

  • Fighting game 'Fantasy Strike' is now out on Linux, needs a quick fix

    After we speculated about it coming, Fantasy Strike the fighting game from Sirlin Games is now officially available for Linux.

    It's currently in Early Access, with a full release scheduled for "Q1 of 2019", they've also confirmed that online play is compatible with Windows and Mac.

  • Life is Strange: Before the Storm Is Coming to Linux and macOS on September 13

    UK-based video games publisher Feral Interactive announced today that it would release the Linux and macOS port of the Life is Strange: Before the Storm adventure video game on September 13, 2018.

    Developed by Deck Nine and published by Square Enix, Life is Strange: Before the Storm continues the acclaimed episodic graphic adventure video game series with an all-new three-part standalone story set three years before the events of the first Life is Strange game, with Chloe Price as the main character.

    "Return to Arcadia Bay in Before the Storm, a three-part standalone adventure set before the first game in the BAFTA award-winning series," said Feral Interactive in today's announcement. "Visit the minisite for snapshots and videos of the memorable characters in Before the Storm, then pre-order the game on the Feral Store."

read more

Security: Updates and Flaws, Google Titan Key Bundle

Fri, 2018-09-07 06:35
  • Security updates for Thursday
  • DoS Vulnerability found in the New Contact Name Field of Microsoft’s People Application

    Microsoft has its own centralized address book that combines all your social calls, communications, and connections into one place under the umbrella of its People app. A denial of service vulnerability has been found in the Microsoft people version 10.1807.2131.0 by LORD on the 4th of September, 2018. This vulnerability was detected and tested on Microsoft’s Windows 10 operating system.

    The Microsoft People application on the Windows 8 and 10 desktop operating systems is essentially a contact management database platform dubbed address book. It unites several email accounts and other platforms’ contacts in one place for one click easy access. It incorporates your Apple accounts, Microsoft accounts, Xbox accounts, Google accounts, Skype, and much more all in one place so that you can connect to the people you want to instantly.

  • CSRF Vulnerability in phpMyAdmin 4.7.x Lets Attackers Delete Records through malicious URLs [Ed: This is not a serious vulnerability. 1) requires you're logged in as admin; 2) requires someone knows, e.g., your E-mail address; 3) requires they trick you into clicking; 4) attacker needs to know the target URL/backend]

    A Cross-Site Request Forgery (CSRF) vulnerability has been found in the phpMyAdmin version 4.7.x (before version 4.7.7) through which malicious attackers are able to perform fundamental database operations by tricking users into clicking on maliciously crafted URLs. This vulnerability has been combined under the CVE identification label CVE-2017-1000499 which was assigned to previous CSRF vulnerabilities in phpMyAdmin as well.

    There are four latest additions under the CVE-2017-1000499 CSRF vulnerability umbrella. These four include a current user password modification vulnerability, an arbitrary file writing vulnerability, a data retrieval over the DNS communication chains vulnerability, and an empty all rows from all tables vulnerability. As phpMyAdmin deals with the administration side of MySQL, these four vulnerabilities put the entire database at high risk, allowing a malicious user to change passwords, access data, delete data, and carry out other commands through code execution.

  • How to Set Up and Use the Google Titan Key Bundle

    Google recently released a set of two-factor authentication (2FA) security keys called the Titan Security Bundle. This set includes a traditional USB-based Universal Second Factor (U2F) key for use on a computer and a combination Bluetooth/USB key for mobile. Here’s how to get it all set up.

  • Local Privilege Escalation Vulnerability found in Go Pro Fusion Studio v1.2

    A local privilege escalation vulnerability exists in the Go Pro Fusion Studio version 1.2. Go Pro Fusion Studio is a specially designed editing software that incorporates all footage editing and modifying features specifically for media created using the Go Pro camera range. Both the Go Pro cameras and the Go Pro Fusion Studio are products of Go Pro, Inc. The editing platform can be downloaded from the vendor’s website and installed on Microsoft’s Windows operating system and Apple’s MacOSX.

read more

My Linux Desktop Manifesto

Fri, 2018-09-07 06:08

It’s time.

27 years after the creation of Linux, I firmly believe, we are finally at a point of quality usability for the Linux desktop. “The year of the Linux Desktop” has been a joke for a long time, as the fractured FLOSS community has struggled to gain a footing on the average desktop.

There’s a reason.

The community has always prided itself in its choice. Don’t like something? Replace it. Want to change something? Fork it. Choice is great, and a free individual certainly appreciates it. But, it hinders development. Let’s be honest, there aren’t a ton of us working on the desktop. What small community has been hard at work over all of these years, has always been split. Just in desktop environments we have GNOME, KDE, XFCE, LXDE, MATE, Cinnamon, Unity, Budgie, Pantheon, Deepin, etc. And that’s not listing off all of the dead projects over the years. Same goes for the applications, we have two or three or four relatively popular applications that fill the same needs, in every area. We rebase, refactor, rewrite, rebuild, replace, rework. We duplicate efforts endlessly.

But, even with this fracturing and duplication of work, we finally have a solid base to use. I’ve been using Linux for 15+ years, all of them as a desktop. I’ve witnessed its evolution, its hardships, its victories. 2018 is the year I’ve finally witnessed the Linux Desktop “just work”. The installers are easy, the applications are mature, the desktop environments are capable and stable. Drivers auto-detect, configuration auto-define, graphics auto-adjust. Networked printers of all things, automatically detect and install. It’s all quite impressive.

We need to consolidate and focus.

read more

3 Best Free Photoshop Alternatives for Ubuntu, Linux

Thu, 2018-09-06 22:49

Photoshop is a raster graphics image editor and manipulator developed by Adobe. This decade old software is a de facto standard for the photographic industry. However, it is a paid product and doesn't run on Linux. Here are three free amazing softwares which can act as an alternative to photo editing software Photoshop.

read more

today's leftovers

Thu, 2018-09-06 21:51

read more

Pages