Language Selection

English French German Italian Portuguese Spanish

April 2017

today's leftovers

Filed under
Misc

Leftovers: Software

Filed under
Software
  • The Atom Editor

    I didn’t set out to write a blog post about a text editor. I was going to write about one of the other awesome projects that the Ops team is doing here at Wombat. Along the way I decided to give Atom a chance again and I’m glad I did. I enjoyed it enough that I thought I would defer my post about automating my “Ops Environment” on a mac (I promise, I’ll do that one soon-ish) in favor of this.

  • Quick Update: ClipGrab and PlayOnLinux Applications Are Now Available For ALL Ubuntu Versions

    ClipGrab is fairly popular application to download video from famous sites of the Internet. It allows you to search video with in application and select to download the video or other way you can copy and paste the video URL to the application to download the video. Since famous video sites are supported by this application, if some site isn't officially supported, you may still be able to download the videos from it.

  • aTunes Enriched Audio Player Now Available For All Current Ubuntu/Linux Mint Versions

    There are wide variety of audio players available for Linux and you may have your favorite one installed on your system. aTunes is not new audio player but its initial release was way back in 2006 and the most recent version was released in June, 2014. In almost two years there is no news on the website or release from developers, well it is open-source released under GPL-V2 license and we don't see any other to carry on the development of this great application. It is written in Java programming language and it's cross-platform available for Linux, Unix, Windows and Mac. It uses Mplayer as its playback engine and supports wide variety of known formats such as: MP3, Ogg Vorbis, FLAC, WMA and other formats.

QNX 7 Can Be Fitted With A Qt5 Desktop

Filed under
OS
  • QNX 7 Can Be Fitted With A Qt5 Desktop

    While QNX remains targeted as an operating system for mobile/embedded solutions, a BlackBerry developer in his spare time has fitted QNX 7 with a Qt5 desktop.

    QNX 6 and prior had a desktop option, but was removed in QNX 7, which was released this past March. QNX 7.0 also brought support for 64-bit (and maintaining 32-bit) Intel x86 and ARM platforms along with C++14 support. For those wanting to experiment with QNX 7, a BlackBerry kernel developer has been working on making this operating system more desktop friendly.

  • Building a BlackBerry QNX 7 Desktop

    Having Qt allowed me to port one of my favourite applications, SpeedCrunch. It was a simple matter of running ‘qmake’ followed by ‘make’. Next, I ported the QTermWidget library so that I could have terminal windows.

Kernel Space/Linux

Filed under
Linux
  • Kernel explained
  • [Older] [Video] Audio on Linux: The End of a Golden Age?
  • State of Sway April 2017

    Development on Sway continues. I thought we would have slowed down a lot more by now, but every release still comes with new features - Sway 0.12 added redshift support and binary space partitioning layouts. Sway 0.13.0 is coming soon and includes, among other things, nvidia proprietary driver support. We already have some interesting features slated for Sway 0.14.0, too!

    Today Sway has 21,446 lines of C (and 4,261 lines of header files) written by 81 authors across 2,263 commits. These were written through 653 pull requests and 529 issues. Sway packages are available today in the official repos of pretty much every distribution except for Debian derivatives, and a PPA is available for those guys.

Supporting Burning Platforms

Filed under
GNU
Linux
Microsoft
  • Surface revenue does a U-boat, and dives

    Revenue generated by Microsoft's Surface hardware during the March quarter was down 26% from the same period the year before, the company said yesterday as it briefed Wall Street.

    For the quarter, Surface produced $831 million, some $285 million less than the March quarter of 2016, for the largest year-over-year dollar decline ever.

  • Acer said to me: "do not use our products with Linux. Find another manufacturer"

    Last year, I bought an Acer notebook and it came with Windows 10.

    As I didn't want spyware neither bloatware, I got Linux installed and asked for a refund of the OEM license. After a little of talking, they were wanting to charge me US$100 (to remove the license, which I already had wiped, as I got FDE Linux installed) to refund US$70 of the OEM license.

    This year, wondering to buy a new Acer notebook, I asked them again if they would refund me the OEM license without all the hassle (as they did pay me the US$70, without me having to pay the US$100).

Leftovers: OSS

Filed under
OSS
  • LibreOffice the better Office, really?
  • A serious bug in GCC

    This post is to inform you about a bug in GCC that may cause memory (or other resource) leaks in your valid C++ programs.

  • [Older] Supporting Bangladesh’s software industry with Indian cooperation

    It’s worth noting that the word “free” in free/open-source software implies not just free of cost, but also freedom from commercial dependence upon multi-national software vendors.

    To emphasise this, the biography of Richard Stallman, the founder of the free software movement which ultimately produced the Linux operating system, is titled Free as in Freedom.

    In fact, it is impossible to run a modern government without computers; so it should not be acceptable that sovereign nations like Bangladesh be forever dependent on foreign IT vendors, especially when the Linux alternative offers both freedom and zero-cost.

Security Leftovers

Filed under
Security
  • Is there any way to truly secure Docker container contents?

    All this adds up to a lot of work, which is not taken care of for you by default in Docker. It is no surprise that many Docker images are insecure, given this picture. The unfortunate reality is that many Docker containers are running with known vulnerabilities that have known fixes, but just aren’t, and that’s sad.

  • Compromise recovery on Qubes OS

    Occasionally fuckups happen, even with Qubes (although not as often as some think).

    What should we – users or admins – do in such a situation? Patch, obviously. But is that really enough? What good is patching your system if it might have already been compromised a week earlier, before the patch was released, when an adversary may have learned of the bug and exploited it?

    That’s an inconvenient question for many of us – computer security professionals – to answer. Usually we would mutter something about Raising the Bar(TM), the high costs of targeted attacks, attackers not wanting to burn 0-days, or only nation state actors being able to afford such attacks, and that in case one is on their list of targets, the game is over anyway and no point in fighting. Plus some classic cartoon.

    While the above line of defense might work (temporarily), it really doesn’t provide for much comfort, long term, I think. We need better answers and better solutions. This post, together with a recently introduced feature in Qubes OS 3.2 and (upcoming) 4.0, is an attempt to offer such a solution.

  • Top 5 Kali Linux Pentest tools for WiFi/network and exploits
  • Linux/Shishiga Malware Brute-Forces SSH Credentials

    A new strain of Linux malware has been detected. Dubbed Linux/Shishiga, the malware could transform into a dangerous piece of malware. Linux/Shishiga was officially discovered and examined by researchers at Eset.

  • Cybercriminals have taken notice of leaked government spying techniques
  • Microsoft Closes Word/Wordpad Hole—6 Months after Report
  • [Older] The Pentagon’s Bug Bounty Program Should Be Expanded to Bases, DOD Official Says [iophk: "any version of Windows at all is inappropriate"]

    “About 75 percent of the devices that are control systems are on Windows XP or other nonsupported operating systems,” said Daryl Haegley, program manager for the Office of the Assistant Secretary of Defense for Energy, Installations and Environment.

    [...]

    “A lot of these systems are still Windows 95 or 98, and that’s OK—if they’re not connected to the internet,” Haegley added.

  • Don’t Info Op Until You See The Whites of Their Eyes
  • CFP P70

    This is the official CFP for P70.

  • VM escape - QEMU Case Study

    In this paper, we provide a in-depth analysis of CVE-2015-5165 (a memory-leak vulnerability) and CVE-2015-7504 (a heap-based overflow vulnerability), along with working exploits. The combination of these two exploits allows to break out from a VM and execute code on the target host. We discuss the technical details to exploit the vulnerabilities on QEMU's network card device emulation, and provide generic techniques that could be re-used to exploit future bugs in QEMU.

  • CIA’s anti-leaking tool leaked as ‘whistleblowers watch the watchers’

    Former MI5 intelligence officer Annie Machon and retired US Army Colonel Ann Wright, who is also a retired US State Department official, shared their views on these and other questions with RT.

    On Friday, WikiLeaks released a series of documentations on a US Central Intelligence Agency (CIA) project known as ‘Scribbles,’ which was allegedly created to allow ‘web beacon’ tags to be embedded “into documents that are likely to be copied.”

    WikiLeaks began publishing a huge cache of secret documents on the CIA named ‘Vault 7’ in March.

  • Vault 7: CIA tool to track people through Word docs released

    The documentation says: "Scribbles (SCRIB) is a document watermarking tool that can be used to batch process a number of documents in a pre-seeded input directory. It generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document."

    It says the tool was successfully tested on Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work!) and documents that are not locked forms, encrypted, or password-protected.

    There is a limitation to the Scribbles system: if a document that has the watermarks in it and is opened in OpenOffice, LibreOffice the watermark images and URLs may become visible.

  • The US Takes On the World in NATO’s Cyber War Games

    Last year, Capt. Sean Ruddy and his team of operator-soldiers from the US Cyber Brigade entered a Locked Shields, a NATO-organized cyber-defense war game that pits teams from dozens of countries against “live-fire” attacks. It was their first time. And of the 19 countries represented, the US finished dead last. This week, they got their shot at redemption.

Anbox Runs Android In Your Linux Without Emulation

Filed under
Linux

​In a recent article, we talked about android emulators for Ubuntu or Linux in general. Most of the time we need to play a game or try some applications on android or even when we don’t have a smartphone we opt to use an emulator to try applications. A fan on facebook let us know about Anbox and asked for the tutorial on Anbox installation in Linux. So here you have how to install Anbox in Linux.

Read<br />
more

More in Tux Machines

KMyMoney 5.0.6 released

The KMyMoney development team today announces the immediate availability of version 5.0.6 of its open source Personal Finance Manager. Another maintenance release is ready: KMyMoney 5.0.6 comes with some important bugfixes. As usual, problems have been reported by our users and the development team fixed some of them in the meantime. The result of this effort is the brand new KMyMoney 5.0.6 release. Despite even more testing we understand that some bugs may have slipped past our best efforts. If you find one of them, please forgive us, and be sure to report it, either to the mailing list or on bugs.kde.org. Read more

Games: Don't Starve Together, Cthulhu Saves the World, EVERSPACE 2 and Stadia

  • Don't Starve Together has a big free update adding in boats and a strange island

    Klei Entertainment have given the gift of new features to their co-op survival game Don't Starve Together, with the Turn of Tides update now available. Taking a little inspiration from the Shipwrecked DLC available for the single-player version Don't Starve, this new free update enables you to build a boat to carry you and other survivors across the sea. Turn of Tides is the first part of a larger update chain they're calling Return of Them, so I'm excited to see what else is going to come to DST.

  • Cthulhu Saves the World has an unofficial Linux port available

    In response to an announcement to a sequel to Cthulhu Saves the World, Ethan Lee AKA flibitijibibo has made a unofficial port for the original and a few other previously Windows-only games. As a quick reminder FNA is a reimplementation of the proprietary XNA API created by Micrsosoft and quite a few games were made with that technology. We’ve gotten several ports thanks to FNA over the years though Ethan himself has mostly moved on to other projects like working on FAudio and Steam Play.

  • EVERSPACE 2 announced, with more of a focus on exploration and it will release for Linux

    EVERSPACE is probably one of my absolute favourite space shooters from the last few years, so I'm extremely excited to see EVERSPACE 2 be announced and confirmed for Linux. For the Linux confirmation, I reached out on Twitter where the developer replied with "#Linux support scheduled for full release in 2021!".

  • Google reveal more games with the latest Stadia Connect, including Cyberpunk 2077

    Today, Google went back to YouTube to show off an impressive list of games coming to their Stadia game streaming service, which we already know is powered by Debian Linux and Vulkan. As a reminder, Google said not to see Stadia as if it was the "Netflix of games", as it's clearly not. Stadia Base requires you to buy all your games as normal, with Stadia Pro ($9.99 monthly) giving you a trickle of free games to access on top of 4K and surround sound support.

Programming: WebAssembly, Mozilla GFX, Qt and Python

  • WebAssembly for speed and code reuse

    Imagine translating a non-web application, written in a high-level language, into a binary module ready for the web. This translation could be done without any change whatsoever to the non-web application's source code. A browser can download the newly translated module efficiently and execute the module in the sandbox. The executing web module can interact seamlessly with other web technologies—with JavaScript (JS) in particular. Welcome to WebAssembly. As befits a language with assembly in the name, WebAssembly is low-level. But this low-level character encourages optimization: the just-in-time (JIT) compiler of the browser's virtual machine can translate portable WebAssembly code into fast, platform-specific machine code. A WebAssembly module thereby becomes an executable suited for compute-bound tasks such as number crunching. Which high-level languages compile into WebAssembly? The list is growing, but the original candidates were C, C++, and Rust. Let's call these three the systems languages, as they are meant for systems programming and high-performance applications programming. The systems languages share two features that suit them for compilation into WebAssembly. The next section gets into the details, which sets up full code examples (in C and TypeScript) together with samples from WebAssembly's own text format language.

  • Mozilla GFX: moz://gfx newsletter #47

    Hi there! Time for another mozilla graphics newsletter. In the comments section of the previous newsletter, Michael asked about the relation between WebRender and WebGL, I’ll try give a short answer here. Both WebRender and WebGL need access to the GPU to do their work. At the moment both of them use the OpenGL API, either directly or through ANGLE which emulates OpenGL on top of D3D11. They, however, each work with their own OpenGL context. Frames produced with WebGL are sent to WebRender as texture handles. WebRender, at the API level, has a single entry point for images, video frames, canvases, in short for every grid of pixels in some flavor of RGB format, be them CPU-side buffers or already in GPU memory as is normally the case for WebGL. In order to share textures between separate OpenGL contexts we rely on platform-specific APIs such as EGLImage and DXGI. Beyond that there isn’t any fancy interaction between WebGL and WebRender. The latter sees the former as a image producer just like 2D canvases, video decoders and plain static images.

  • The Titler Revamp: QML Producer in the making

    At the beginning of this month, I started testing out the new producer as I had a good, rough structure for the producer code, and was only facing a few minor problems. Initially, I was unclear about how exactly the producer is going to be used by the titler so I took a small step back and spent some time figuring out how kdenlivetitle worked, which is the producer in use. Initially, I faced integration problems (which are the ones you’d normally expect) when I tried to make use of the QmlRenderer library for rendering and loading QML templates – and most of them were resolved by a simple refactoring of the QmlRenderer library source code. To give an example, the producer traditionally stores the QML template in global variables which is taken as a character pointer argument (which is, again, traditional C) The QmlRenderer lib takes a QUrl as its parameters for loading the Qml file, so to solve this problem all I had to do was to overload the loadQml() method with one which could accommodate the producer’s needs – which worked perfectly fine. As a consequence, I also had to compartmentalise (further) the rendering process so now we have 3 methods which go sequentially when we want to render something using the library ( initialiseRenderParams( ) -> prepareRenderer( ) -> renderQml( ) ) [...] The problem was resolved (thank you JB) finally and it was not due to OpenGL but it was simply because I hadn’t created an QApplication for the producer (which is necessary for qt producers). The whole month’s been a steep curve, definitely not easy, but, I enjoyed it! Right now, I have a producer which is, now, almost complete and with a little more tweaking, will be put to use, hopefully. I’m still facing a few minor issues which I hope to resolve soon and get a working producer. Once we get that, I can start work on the Kdenlive side. Let’s hope for the best!

  • How to Make a Discord Bot in Python

    In a world where video games are so important to so many people, communication and community around games are vital. Discord offers both of those and more in one well-designed package. In this tutorial, you’ll learn how to make a Discord bot in Python so that you can make the most of this fantastic platform.

  • Qt Visual Studio Tools 2.4 RC Released

    The Visual Studio Project System is widely used as the build system of choice for C++ projects in VS. Under the hood, MSBuild provides the project file format and build framework. The Qt VS Tools make use of the extensibility of MSBuild to provide design-time and build-time integration of Qt in VS projects — toward the end of the post we have a closer look at how that integration works and what changed in the new release. Up to this point, the Qt VS Tools extension managed its own project settings in an isolated manner. This approach prevented the integration of Qt in Visual Studio to fully benefit from the features of VS projects and MSBuild. Significantly, it was not possible to have Qt settings vary according to the build configuration (e.g. having a different list of selected Qt modules for different configurations), including Qt itself: only one version/build of Qt could be selected and would apply to all configurations, a significant drawback in the case of multi-platform projects. Another important limitation that users of the Qt VS Tools have reported is the lack of support for importing Qt-related settings from shared property sheet files. This feature allows settings in VS projects to be shared within a team or organization, thus providing a single source for that information. Up to now, this was not possible to do with settings managed by the Qt VS Tools.

Screenshots/Screencasts: 10 GNU/Linux Distros (Screenshots) and New Screencast/Video of Endeavour OS 2019.08.17

  • 10 Linux distros: From different to dangerous

    One of the great benefits of Linux is the ability to roll your own. Throughout the years, individuals, organizations, and even nation states have done just that. In this gallery, we're going to showcase some of those distros. Be careful, though. You may not want to load these, or if you do, put them in isolated VMs. We're not kidding when we say they could be dangerous.

  • Endeavour OS 2019.08.17 Run Through

    In this video, we are looking at Endeavour OS 2019.08.17.