Language Selection

English French German Italian Portuguese Spanish

December 2019

What is GNU/Linux?

Filed under
GNU
Linux

Most consumers can, with a little effort, name two desktop and laptop operating systems: Microsoft Windows and Apple's macOS. Few have ever considered any of the open-source alternatives found under the umbrella of GNU/Linux, though some may have done so without even knowing it—Google's Chrome OS uses the Linux kernel. To be honest, aside from the Chromebook platform, GNU/Linux systems are typically not best for people who rely on big-name software or don't like dabbling with a customizable, hands-on interface. However, if you're looking for a change of pace, don't want to pay for your software, and don't mind rolling up your sleeves, switching to GNU/Linux may not only be worthwhile, but make you a convert for life. This guide for nontechnical users will show you how.

Before diving headfirst into the wonky world of GNU/Linux systems, it's important to understand how they came about and some of the terms you may encounter while researching and using them. I'll start with a brief history of the big three: UNIX, Linux, and GNU.

UNIX is a proprietary, command-line-based operating system originally developed by Dennis Ritchie and Ken Thompson (among others) at AT&T's Bell Labs in the late 1960s and early 1970s. UNIX is coded almost entirely in the C programming language (also invented by Ritchie) and was originally intended to be used as a portable and convenient OS for programmers and researchers. As a result of a long and complicated legal history involving AT&T, Bell Labs, and the federal government, UNIX and UNIX-like operating systems grew in popularity, as did Thompson's influential philosophy of a modular, minimalist approach to software design.

Read more

Making Slackware 14.1 Works with GLIM Multiboot USB

Filed under
GNU
Linux
HowTos

This tutorial explains the configuration files for Slackware 14.1 DVD 64-bit to work in LiveUSB multiboot mode with GLIM. This way you can have one flash drive containing multiple GNU/Linux OS installers including Slackware64 among them. This is my first time to ship Slackware USB ever and I am happy finally I could make it with GLIM. This is the result of my shipment to Sulawesi, Indonesia at December 2019. Happy hacking!

Read more

Stable kernels 5.4.7, 4.19.92, and 4.14.161

  • Linux 5.4.7

    I'm announcing the release of the 5.4.7 kernel.

    All users of the 5.4 kernel series must upgrade.

    The updated 5.4.y git tree can be found at:
    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y
    and can be browsed at the normal kernel.org git web browser:
    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

  • Linux 4.19.92
  • Linux 4.14.161

Programming: KDE at Congress, Java, C and Python

Filed under
Development
  • 36C3 Impressions

    I was given the opportunity to present our work on KDE Itinerary on the WikipakaWG stage (part of the joint presence of Wikimedia and the Open Knowledge Foundation). A big thanks for that again!

    The slides are here. At this point there is no released video recording yet, until that’s available you should still find the relive stream.

    Besides showing overall what we are doing and have built so far, and why this matters, we managed to have a few sneak preview screenshots of the latest developments that haven’t been shown anywhere before yet. Another such preview could be spotted in a presentation of another project at the event. So stay tuned for announcements in January Smile

    Following that I got a large amount of input and positive feedback, people seem to like the idea of a privacy first digital travel assistant. This also lead to a number of interesting contacts for possible collaborations in 2020, let’s see what comes out of this.

    KDE at Congress

    There were only very few KDE people at 36C3, and only very few talks covering KDE projects. I did spot a very well attended talk about Linux-based mobile platforms covering Plasma Mobile by someone I didn’t know yet, so there definitely seems to be interest in KDE’s work there.

    I mainly focused on mobility or open transport data topics for KDE Itinerary, that left little time to cover other things highly relevant for KDE like free mobile platforms, environmental impact of software, Free Software in public administration, or let alone the enormous field of privacy related topics.

    I’d therefore suggest KDE to attend with a larger team next time, not necessarily with a stationary presence, but with more people to present our work and to connect with others with overlapping interests.

  • Java retrospective #3 – most important thing for the community in 2019

    As 2019 draws to a close, we got in touch with some prominent members of the Java community to gather their thoughts on the events of the last year. In this five part series, we will look at what they had to say. In this third part, we asked what the most important thing for the Java community was in 2019.

  • Ringing In 2020 By Clang'ing The Linux 5.5 Kernel - Benchmarks Of GCC vs. Clang Built Kernels

    The main issue encountered when Clang'ing Linux 5.3 was the AMDGPU driver running into build problems. Fortunately, that was since resolved and with Linux 5.5 tests I recently did when building the kernel with Clang 9.0, the AMDGPU driver has worked out fine. With that resolved and no new Clang kernel compatibility problems introduced, it was a pleasant experience building Linux 5.5 with Clang simply by adjusting the CC environment variable.

  • Area of sinc and jinc function lobes

    The lobes are the regions between crossings of the x-axis. For the sinc function, the lobe in the middle runs from -π to π, and for n > 0 the nth lobe runs from nπ to (n+1)π. The zeros of Bessel functions are not uniformly spaced like the zeros of the sine function, but they come up in application frequently and so it’s easy to find software to compute their locations.

  • Sorting Data With Python

    All programmers will have to write code to sort items or data at some point. Sorting can be critical to the user experience in your application, whether it’s ordering a user’s most recent activity by timestamp, or putting a list of email recipients in alphabetical order by last name. Python sorting functionality offers robust features to do basic sorting or customize ordering at a granular level.

    In this course, you’ll learn how to sort various types of data in different data structures, customize the order, and work with two different methods of sorting in Python.

Security Leftovers

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (intel-microcode and libbsd), openSUSE (chromium, LibreOffice, and spectre-meltdown-checker), and SUSE (mozilla-nspr, mozilla-nss and python-azure-agent).

  • How AI and Cybersecurity Will Intersect in 2020

    So much of the discussion about cybersecurity's relationship with artificial intelligence and machine learning (AI/ML) revolves around how AI and ML can improve security product functionality. However, that is actually only one dimension of a much broader collision between cybersecurity and AI.

  • Best of TechBeacon 2019: Security is in the hot seat with privacy laws

    New laws such as the California Consumer Privacy Act (CCPA) and the European Union's General Data Privacy Regulation (GDPR) have put substantial pressure on organizations to bolster their security practices this year. Adding to the urgency were the near-constant reports of data breaches, an ever-evolving threat landscape, and a growing volume of attacks.

Applications: Scrapyard, NAS Software, GnuCash and Clementine

Filed under
Software
  • Scrapyard is an advanced bookmarks manager for Firefox

    Scrapyard is an open source extension for the Firefox web browser designed to improve bookmarking in Firefox in multiple ways. Firefox users may use it to bookmark pages but also content on pages, and store the data locally.

    Firefox's default bookmarks functionality is quite basic. Users may bookmark webpages or sites, add tags to bookmarks, use folders to sort bookmarks, and use Firefox's synchronization feature to sync bookmarks across devices.

    Firefox users who require more functionality need to rely on add-ons for that. Bookmarks Organizer is a handy extension to find dead or redirecting bookmarks.

  • 4 Best Open Source NAS Software for DIY server in 2020

    Before listing Linux or FreeBSD distros for creating network Attached storage OS, I would like to say there is no “best operating system” either for NAS or computer. The choice of an operating system depends heavily on what you are going to do with the NAS server. In this guide, we focus on software that understands a NAS server primarily as a system for the provision of data in your office or home. With the operating systems we mention in this article, you can copy data back and forth, perform backups, along with some advanced tasks (such as establishing a VPN connection or installing a mail server) including plugins to extend OS capabilities.

    Here we are about to list some best NAS solutions to help you if you are planning to data management using open-source software in 2020.

  • GnuCash 3.8

    GnuCash is a personal and small business finance application, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows. It’s designed to be easy to use, yet powerful and flexible. GnuCash allows you to track your income and expenses, reconcile bank accounts, monitor stock portfolios and manage your small business finances. It is based on professional accounting principles to ensure balanced books and accurate reports.

    GnuCash can keep track of your personal finances in as much detail as you prefer. If you are just starting out, use GnuCash to keep track of your checkbook. You may then decide to track cash as well as credit card purchases to better determine where your money is being spent. When you start investing, you can use GnuCash to help monitor your portfolio. Buying a vehicle or a home? GnuCash will help you plan the investment and track loan payments. If your financial records span the globe, GnuCash provides all the multiple-currency support you need.

  • Clementine Music Player 1.3.9 Released for Testing (How to Install)

    Clementine, an open-source audio player inspired by Amarok 1.4, released version 1.3.9 (then 1.3.92) a few days ago. Here’s how to install it in Ubuntu.

    Though the last version 1.3.1 was released more than 3 years ago, Clementine player is still in active development, and version 1.3.9 (as well as 1.3.92) was released in recent days as the test release. However, there’s no announcement, no change-log so far. They seem to be the development releases for the next major release.

My Linux Experience in 2019

Filed under
GNU
Linux

In summary, I can say that my experience with Linux during 2019 has been extremely satisfactory. I mean, my computers have been working great and the distros have been more stable than ever.

Read more

More in Tux Machines

Security and Proprietary Issues

  • Surprise Capital One court decision spells trouble for incident response

    Break in case of emergency: Language is everything. Delineate clearly in all written comms between a ‘potential incident’ - and an actual one. Don’t start turning one of the hundreds of security events you see into a ‘security incident’ before the most essential facts are understood. Halpert’s threshold for incidents that need to be covered by legal privilege are: a) An incident that gives rise to an obligation to notify a regulator, or a contractual obligation to notify a business partner; or b) An incident that exposed trade secrets or otherwise would affect the share price of a company; or c) An incident that would cause significant reputational hit to the company; or d) An incident in which a crime is committed.

  • Judge rules Capital One must hand over Mandiant's forensic data breach report

    It’s a significant ruling that effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. It’s common for Fortune 500 companies to keep incident response firms like Mandiant on retainer, though it’s rare for those firms’ insights on high profile breaches to be made public. Similar rulings in the future could provide aggrieved customers with ammunition to seek higher pay-outs in court.

  • Retrotech: The Novell NetWare Experience

    In the simplest terms possible, NetWare was a dedicated network operating system. It was designed around fast and reliable network operations at the expense of almost everything else. Novell had invested massive amounts of research in figuring out how to do fast I/O and minimizing any delays from hardware related sources. The end result was a very lean system that remained stable and performant with a large number of clients attached. As networking was Novell's bread and butter, NetWare had excellent support for everything: clients were available for DOS, Windows, UNIX, Macintosh, OS/2 and probably other platforms I've never even heard of.

    The early history of NetWare is very muddled, and pre-2.0 versions have been lost to time. This compounded with poor documentation has made it very difficult to trace the early history of the product. However, while NetWare was not the first (or only) network product for IBM PCs, it quickly became the largest, displacing IBM's PC Network, and laughed at Microsoft's LAN Manager, and IBM OS/2 LAN Server.

    While NetWare did compete on UNIX, Sun had already gotten their foot in the door by porting NFS and making it the de-facto solution for all UNIXs of the era, as well as Linux. Meanwhile, Apple held onto AppleTalk which itself survived well into the early 2000s when NetWare had already disappeared into the aether. The explosion of Wintel PCs throughout the 90s had given NetWare a market position that should have been very difficult to dislodge.

    The full story of NetWare's fall from grace is a story for another time, but I do want to go into the more technical aspects that were both the boon and bane of NetWare. Much of NetWare's success can be attributed to its own IPX protocol which made networking plug and play and drastically lowered latencies compared to NetBIOS or even TCP/IP.

  • Polish malspam pushes ZLoader malware

    When enabling macros on the malicious Excel spreadsheet, the victim host retrieved the ZLoader DLL as shown in the previous section, saved the DLL to the victim's Documents folder, and ran it using rundll32.exe.

  • Microsoft Defender SmartScreen is hurting independent developers

    But what is SmartScreen?

    SmartScreen collects installation data from all Windows users in order to establish “reputation”. If the program does not have an established good reputation, you get this big warning message. By this time most users have deleted the .exe already thinking it is a malware, but SmartScreen can be bypassed by clicking on “More info” then “Run anyway”.

    The digital signature racket

    But let’s say you bite the bullet, you buy yourself an overpriced piece of prime numbers generated by a computer, sign your code and re-publish your application. You can now start getting users to install your app right? Wrong.

    But how do you build reputation? First of all, Microsoft needs to be able to gather information on who has published the app, and this is done by a code signing certificate. The most obvious implication is that unsigned apps will always trigger SmartScreen. The more insidious implication is that acquiring a code signing certificate is a big expense for an individual developer. There is currently no “Let’s Encrypt” equivalent to code signing certificates; so you have to purchase it from trusted authorities. The price range is wide but a certificate only valid for a year will typically go for about $100.

  • #Privacy: Michigan State University struck by ransomware attack

    It remains unclear as to how and when the attack happened, and what the ransom demand is.

    NetWalker is one of twelve ransomware gangs who threaten to publish data in revenge if organisations refuse to pay the ransom demand.

    MSU have not official disclosed the incident, however, an MSU spokesperson, Dan Olsen shared the following statement to EdScoop: “We are aware of a possible intrusion and we are actively looking into it.”

  • MSU: We won't pay [attacker] demanding ransom, threatening university over records

    University officials believe the latest breach occurred on Memorial Day and took relevant computer systems offline within hours of the intrusion, according to a news release. It compromised data associated with the Department of Physics and Astronomy, and information technology teams are coordinating with law enforcement to understand the scope of the breach. Investigators are notifying and providing support to affected MSU affiliates as they are identified.

    The cybersecurity breach, known as a ransomware attack, first became public May 27 when a [cr]acker-affiliated blog posted screenshots of files allegedly belonging to MSU affiliates. Images circulating on social media include a redacted passport and a list of transactions related to physics and astronomy projects. They also show a countdown clock that warns of “secret data publication” less than one week from when the screenshots were taken.

  • Michigan State target of ransomware attack threatening to release university data

    The ransom demanded was not specified, but the ransomware gang is prepared to release the university's documents.

    The NetWalker, a newer form of ransomeware sometimes labeled as Mailto, blog post threatened publication of 'secret' documents dated with a countdown clock with close to a week remaining.

  • Malware Team NetWalker Launches Ransomware Attack Against Weiz

    The Malware team NetWalker launched a new ransomware attack against the Austrian village of Weiz which affected the public service system and leaked a lot of the stolen data from building applications as we are about to read more in the following latest cryptocurrency news.

    According to the cybersecurity firm Panda Security, the Malware team managed to enter the town’s public network through phishing emails related to the Coronavirus pandemic. The subject of the emails which was ‘’information about the coronavirus’’ was used to bait the employees of the public infrastructure of the city into clicking on malicious links which triggered the ransomware.

    Panda Security claims that the ransomware attack belongs to a new version of a ransomware family that spreads by using VBScripts. If the infection is successful, it will spread through the entire windows network to which the infected machine is related. The report details that the ransomware terminates and services under Windows which encrypts files on all available disks thus eliminating the backups.

  • Inside a ransomware gang’s attack toolbox

    The crooks deployed a pirated copy of the Virtual Box virtual machine (VM) software to every computer on the victim’s network, plus a VM file containing a pirated copy of Windows XP, just to have a “walled garden” for their ransomware to sit inside while it did its cryptographic scrambling.

    But that’s far from everything that today’s crooks bring along for a typical attack, as SophosLabs was able to document recently when it stumbled upon a cache of tools belonging to a ransomware gang known as Netwalker.

  • Researchers Dive Into Evolution of Malicious Excel 4.0 Macros

    For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 (XL4) macros, observing the fast pace at which malware authors change them to stay ahead of security tools.

    A central part of many organizations’ productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.

    During their five-month research, Lastline observed thousands of malicious samples, clustered into waves that provide a comprehensive picture of how the threat has evolved in both sophistication and evasiveness.

  • MSU won't pay ransom to [cr]acker who stole financial documents, personal information

    EdScoop reported the ransomware attack on May 27 and provided screenshots from a blog on the dark web, showing what appear to be a student's passport, MSU financial documents and files from the MSU network, as well as a countdown that had about one week remaining as of May 27.

  • Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

    Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

    The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress file directories and contains websites’ database credentials and connection information, in addition to authentication unique keys and salts. By downloading the sites’ configuration files, an attacker would gain access to the site’s database, where site content and credentials are stored, said researchers with Wordfence who spotted the attack.

    Between May 29 and May 31, researchers observed (and were able to block) over 130 million attacks targeting 1.3 million sites.

  • Denial of service attacks against advocacy groups skyrocket

    Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S.

    In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically.

Reading about open source in French

English speakers have so many wonderful open source resources that it's easy to forget that communications in English aren't accessible to everyone everywhere. Therefore, I've been looking for great open source resources in Spanish and French, so I can recommend them when the need arises. One I've been looking at recently is LinuxFr.org, which seems to be a fine "agora" for all sorts of interesting conversations in French about open source specifically and open everything else as well. Read more

Open Source Password Manager Bitwarden Introduces Two New Useful Features: Trash Bin & Vault Timeout

Bitwarden is unquestionably one of the best password managers available for Linux. It’s also a cross-platform solution — so you can use it almost anywhere you like. You can also read our review of Bitwarden if you want to explore more about it. Now, coming back to the news. Recently, Bitwarden introduced two new major features that makes it even better. Read more

6 Kubernetes Security Best Practices Every Linux Administrator Should Know

Kubernetes is a popular container orchestration platform used by many professionals around the world. It’s an open-source platform that enables you to manage containerization, providing you with feature-rich controls. However, Kubernetes is not easy to learn and maintain. To properly secure Kubernetes operations, you need to adopt certain best practices. Read more