TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 56 min 29 sec ago

Security News

Wed, 2016-07-20 13:07
  • Security advisories for Tuesday
  • BlackBerry Inks Software Deal With U.S. Senate
  • BlackBerry inks security software deals, shares slip
  • BlackBerry Announces String of Small Security Software Deals
  • BlackBerry inks U.S. government software deals; shares slip
  • Carbanak Gang Tied to Russian Security Firm?

    Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity.

    The Carbanak gang derives its name from the banking malware used in countless high-dollar cyberheists. The gang is perhaps best known for hacking directly into bank networks using poisoned Microsoft Office files, and then using that access to force bank ATMs into dispensing cash. Russian security firm Kaspersky Lab estimates that the Carbanak Gang has likely stolen upwards of USD $1 billion — but mostly from Russian banks.

  • Now you can ask Twitter directly to verify your account

    Do you have an army of imposters online pretending to be you? Probably not, but now you can still request for a verified Twitter account.

    On Tuesday, Twitter launched an official application process so that any account can be verified and receive a blue checkmark badge next to its username. Twitter users interested in applying should have a verified phone number and email address, as well as a profile photo that reflects the person or company branding.

    Verified accounts get to filter their mentions to only see those from other verified accounts. But that seems to be the only real feature or perk that comes from having a blue badge–aside from bragging rights, of course. Additionally, verified accounts can’t be private, and the username must remain the same or you will have to seek verification all over again. If you are rejected, you can reapply after 30 days. Previously, the verification process was never clear-cut, and it seemed to require a direct connection to a Twitter rep.

  • Software flaw puts mobile phones and networks at risk of complete takeover [Ed: proprietary software]

    A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday.

    The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One.

read more

Results of the EU-FOSSA survey

Wed, 2016-07-20 13:06

Between 17 June and 8 July, you sent the EU-Fossa project 3282 answers, to help us choose which open source software to audit.

First, thank you very much for the many interesting and encouraging comments!

read more

Learn an instrument with this open source music teacher

Wed, 2016-07-20 12:55

Playing musical scores is a heavy kind of art. The Nootka app will help you understand the basics of music notation reading, and help you improve by practicing various kinds of exercises. Nootka gives real-time feedback, has multiple difficulty levels, and is customizable.

read more

libinput is done

Wed, 2016-07-20 12:43

Don't panic. Of course it isn't. Stop typing that angry letter to the editor and read on. I just picked that title because it's clickbait and these days that's all that matters, right?

With the release of libinput 1.4 and the newest feature to add tablet pad mode switching, we've now finished the TODO list we had when libinput was first conceived. Let's see what we have in libinput right now.

read more

$5 Linux-equipped Omega2 IoT module launches on Kickstarter

Wed, 2016-07-20 12:39

Onion launched an “Omega2” module on Kickstarter, featuring a faster CPU, options for double the RAM and flash, and lower pricing than last year’s Omega.

Last year, Onion launched an extremely successful Kickstarter campaign for the original Omega module, with packages starting at $25. That campaign won $267,851 from 4,459 backers. Today, the company returned to the Kickstarter well seeking support for a version 2 follow-on to the Omega, appropriately dubbed Omega2. The new project has already reached more than 90 percent of its $15,000 funding goal — a modest feat, in light of the quarter of a million dollars last year’s project earned.

read more

Fedora News

Wed, 2016-07-20 12:35
  • Fedora's answer to Snap Packages only begs more questions

    The universal package is the future of Linux and both Canonical and Red Hat have their own take. Which is the better solution? Or should there be a third?

  • Korora 24 (Sheldon) is Now Available

    The Korora Project has released version 24 (codename "Sheldon") which is now available for download.

  • 2016 July Elections: Interviews

    The 2016 July cycle of Elections is in full swing. Voting officially began on Tuesday, July 19, and ends Monday, July 25th at 23:59 UTC. Voting takes place on the Voting application website. As part of the Elections coverage on the Community Blog, most of the candidates running for seats published their interviews and established their platforms here. Are you getting ready to vote and looking for this information? You can find the full list of candidates and links to their interviews below.

read more

Four Alternatives to Raspbian and Ubuntu MATE

Wed, 2016-07-20 12:31

It seems like every article one reads about the Raspberry Pi always makes a reference to Raspbian. If not, then the writer will probably write about how wonderful Ubuntu MATE is on the Raspberry Pi. Which begs the question: Are there any other OS options for the Raspberry Pi? While there’s nothing wrong with either distro, we should remember that the main appeal of using Linux is the freedom and amount of choice that is offered to the user. With that being said, here are four other distros that offer a great user experience on the Raspberry Pi.

read more

Korora 24 & OpenMandriva 3.0 RC1 Released, Dell XPS 13

Wed, 2016-07-20 12:30

Jim Dean today announced the release of Fedora-based Korora 24, following just one day after their EOL announcement for version 22. Kate Lebedeff announced the release of OpenMandriva Lx 3.0 RC1 today with Linux 4.6.4, Xorg 1.18.3, and KDE 5.6.5. Two reviews of the 2016 Dell XPS 13 landed today praising the newest Ubuntu laptop and Sandra Henry-Stocker continued celebrating Linux' 25th birthday with a fairly tough quiz.

read more

Linux and Graphics

Wed, 2016-07-20 09:58

read more

Leftovers: Software

Wed, 2016-07-20 04:59

read more

GNOME News

Wed, 2016-07-20 04:57
  • Cosimo in BJGUG

    Last Month Cosimo came Beijing, and we had a meet up with Beijing GNOME User Group and Beijing Linux User Group in SUSE Office, Cosimo introduced ‘Looking ahead to GNOME 3.22 and beyond’, the flatpak bring lots of attention. Here I just shared some photos. Thanks for Cosimo’s coming!

  • GUADEC Flatpak contest
  • Automatic decompression of archives

    With extraction support in Nautilus, the next feature that I’ve implemented as part of my project is automatic decompression. While the name is a bit fancy, this feature is just about extracting archives instead of opening them in an archive manager. From the UI perspective, this only means a little change in the context menu:

  • Nautilus Is Adding Native Archive Extraction

    Nautilus, the GNOME file manager, is to improve support for extracting zips, tars and other compressed archives.

read more

Security News

Wed, 2016-07-20 03:49
  • Ubuntu forum breach traced to neglected plugin
  • Canonical warns users after Ubuntu forum data breach
  • Flaw in vBulletin add-on leads to Ubuntu Forums database breach
  • CrypTech — Internet Engineers’ New Open Source Weapon Against ‘Creepy’ Governments

    The CrypTech project is an independent security hardware development effort that consists of an international team. CrypTech Alpha is an open source crypto-vault that stores the private/public keys and separates the digital certificates from the software using them. It has been developed as a hardware secure module (HSM) to make the implementation of strong cryptography easier.

  • Entrepreneur in £10m swoop for hacking team

    One of the northwest’s best-known entrepreneurs has splashed out about £10m on a cyber-security venture that helps businesses repel hackers.

    Lawrence Jones, who runs the Manchester-based internet hosting and cloud computing specialist UKFast, has bought Pentest, an “ethical hacking” firm whose staff help detect flaws in clients’ cyber-defences.

    Jones, 47, will merge Pentest’s 45 staff into his own cyber-security outfit, Secarma. “It’s become obvious that there is a massive need to put emphasis on cyber-security,” said the internet tycoon, whose wealth is calculated by The Sunday Times Rich List as £275m.

  • Guilt by ASN: Compiler's bad memory bug could sting mobes, cell towers

    A vulnerability in a widely used ASN.1 compiler isn't a good thing: it means a bunch of downstream systems – including mobile phones and cell towers – will inherit the bug.

    And an ASN.1 bug is what the Sadosky Foundation in Argentina has turned up, in Objective Systems' software.

    The research group's Lucas Molas says Objective's ASN1C compiler for C/C++ version 7.0.0 (other builds are probably affected) generates code that suffers from heap memory corruption. This could be potentially exploited to run malware on machines and devices that run the vulnerable compiler output or interfere with their operation.

read more

OSS Leftovers

Wed, 2016-07-20 03:16
  • What is DevOps? Gareth Rushgrove Explains

    Gareth Rushgrove is known by many people as the creator and editor of the popular DevOps Weekly email newsletter, and he spent several years working for the U.K. Government Digital Service (GDS) on GOV.UK and other projects. As Senior Software Engineer at Puppet, you can find him building some of the latest infrastructure automation products when he isn't speaking at events on a wide variety of DevOps and related topics.

  • Coffee Shop DevOps: Clearly defining and communicating team goals

    Last month I interviewed the Cockpit team about team practices. We had an interesting conversation from many different angles, but most notable were the themes we kept returning to: understanding goals, the importance of feedback loops, and committing to open and transparent communication. I found I could easily correlate each of these back to other teams I have worked with in the past. When you inspect the behaviors and inner workings of a team, these themes seem to be remarkably central to team conflict.

  • Google's Magenta Seeks to Leverage TensorFlow for Art and Music

    As we've noted, artificial intelligence and machine learning are going through aamini-renaissance right now. Google recently made a possibly hugely influential contribution to the field of machine learning. It has open sourced a program called TensorFlow that is freely available. It’s based on the same internal toolset that Google has spent years developing to support its AI software and other predictive and analytics programs.

    In a related open project from the Google Brain team, dubbed Magenta, Google is calling for efforts to leverage TensorFlow and machine learning to create compelling art and music. Some of the early examples from this effort are eye-opening.

  • Nintendo NX Spec Rumors Say The Console's Games May Support Open-Source Virtual Reality

    Nintendo NX spec rumors keep coming, and the latest chatter suggests that the console may support open-source virtual reality for certain games. This would allow the 2017 machine to compete with the likes of Oculus Rift and PlayStation VR.

    The news comes to Design & Trend via Chinatimes as referenced by the sometimes-accurate Digitimes. The report should be taken with a grain of salt, but it's certainly interesting.

    As indicated by the secondary source, Nintendo allegedly has a production partnership with a certain chipmaker called Pixart. While the outfit is most known for its heart-rate monitoring hardware, mentions are also made to "tape-out chips supporting VR technology by the end of 2016." These chips "will support next-generation Nintendo NX game machines."

  • Apache Hadoop at 10 - Doug Cutting, Chief Architect, Cloudera
  • Report Shows Hadoop Growing at 53.7% CAGR, But Complexity Remains an Issue

    The latest in a string of market research reports has arrived forecasting huge growth for big data analytics platform Hadoop, but not everyone agrees that Hadoop adoption is going so smoothly. According to researchers at Stratistics MRC, the global hadoop market is expected to grow at a CAGR of 53.7% over the forecast period 2015 to 2022. " Increasing investments in data management, rising amount of structured and unstructured data, hasty growth in consumer data and rapidly increasing demand for big data analytics are the factors influencing the market growth," the study's authors report.

    Here are some of the details, and some of the warning signs coming in pointing to too much complexity required in deploying Hadoop.

  • 5 Stages of Cloud Adoption

read more

The Importance of Following Community-Oriented Principles in GPL Enforcement Work

Wed, 2016-07-20 02:52

The GNU General Public License (GPL) was designed to grant clear permissions for sharing software and to defend that freedom for users. GPL'd code now appears in so many devices that it is fundamental to modern technology. While we believe that following the GPL's requirements is neither burdensome nor unreasonable, many fail to do so. GPL enforcement — the process to encourage those who fail to correct problems and join our open software development community — is difficult diplomacy.

read more

Games for GNU/Linux

Wed, 2016-07-20 02:49

read more

Linux and Graphics

Wed, 2016-07-20 02:46

read more

Pages