Language Selection

English French German Italian Portuguese Spanish

LXSession 0.5.5 released.

Filed under
GNU
Linux

The time to update the LXDE main session manager has come. Again, no new features but bugs fixing, and some translations updates, of course. We all hope it’s better than previous one was.

Read more

More in Tux Machines

Security Leftovers

  • New malware hides as legit nginx process on e-commerce servers

    eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. The threat received the name NginRAT, a combination of the application it targets and the remote access capabilities it provides and is being used in server-side attacks to steal payment card data from online stores.

  • Testing Phone-Sized Faraday Bags

    Back in the not-so-distant past, if you were patient and knowledgeable enough, you could reverse engineer the behavior of almost any electronic device simply by inspecting it carefully and understanding the circuitry. But those days are rapidly ending. Today, virtually every aspect of complex electronic hardware is controlled by microprocessors and software, and while that's generally good news for functionality, it's also bad news for security (and for having any chance of being sure what, exactly, your gadgets are doing, for that matter). For devices like smartphones, software runs almost every aspect of the user interface, including how and when it's powered on and off, and, for that matter, what being "off" actually means. Complex software is, to put it mildly, hard to get right (for details, see almost any other posting on this or any other security blog). Especially for gadgets that are rich with microphones, cameras, location and environmental sensors, and communication links (such as, you know, smartphones), errors and security vulnerabilities in the software that controls them can have serious privacy implications. The difficulty of reliably turning software-based devices completely off is no longer merely a hypothetical issue. Some vendors have even recognized it as a marketable feature. For example, certain Apple iPhones will continue to transmit "Find My Device" tracking beacons even after they've ostensibly been powered off. Misbehaving or malicious software could enable similar behavior even on devices that don't "officially" support it, creating the potential for malware that turns your phone into a permanently on surreptitious tracking device, no matter whether you think you've turned it off. Compounding these risks are the non-removable batteries used in many of the latest smartphones.

  • Netgear router vulnerabilities affecting SME products fixed • The Register

    Two arbitrary code execution vulnerabilities affecting a number of Netgear routers aimed at small businesses have been patched following research by Immersive Labs. The vulns rely on authenticated access to affected devices so aren't an immediate threat. They do, however, allow someone with remote access to the router to pwn the device's underlying OS, threatening the security of data passing through the router. Helpfully, Netgear itself publishes default login credentials for "most" of its products on its website. If you haven't been into your Netgear router's admin panel and changed these default creds, you're at increased risk.

  • Netgear vulnerabilities could put small business routers at risk

    Netgear has released a set of updated firmware for multiple devices to resolve a number of security vulnerabilities responsibly disclosed by researchers at Immersive Labs. These could lead to unauthorized access to devices or modification of the internal filesystem that can be abused to affect traffic passing through the device.

today's howtos

  1. DHCP client configuration for Linux, Windows and macOS

    IP addresses serve as one of the primary ways of identifying nodes on the network. Administrators use these logical addresses to place devices on the network in specific segments, control access to the devices via routers and firewalls, and map network devices for client machines.

  2. Install a graphical package manager on Kali Linux 2021.3 – LinuxBSDos.com

    If you used my last tutorial to install Kali Linux 2021.3 on your MacBook Air in dual-boot fashion with Ubuntu 20.04, I’m sure you noticed that there’s no graphical package manager installed by default on Kali Linux. I noticed that too, but GNOME Software, the first one I installed and the default graphical package manager for the GNOME desktop, is broken. Couldn’t get it to find me anything. Its image is what you see in the featured image above.

  3. K3XEC | Transmitting BPSK symbols (Part 2/5)

    This post is part of a series called "PACKRAT". If this is the first post you've found, it'd be worth reading the intro post first and then looking over all posts in the series. In the last post, we worked through what IQ is, and different formats that it may be sent or received in. Let’s take that and move on to Transmitting BPSK using IQ data! When we transmit and receive information through RF using an SDR, data is traditionally encoded into a stream of symbols which are then used by a program to modulate the IQ stream, and sent over the airwaves.

  4. Chromium and Raspberry PI 4: Increase Performances with Cache on RAM Disk

    With the new Raspberry PI computer models having much more RAM, improving Chromium performance can be a core goal for people using it as Desktop computer. To achieve this, a good practice is moving cache on a RAMDisk In this tutorial, I’m going to show you how to move Chromium cache into a new RAM disk partition with Raspberry PI 4 and OS Desktop.

  5. Quick video editing on Linux with Flowblade | Opensource.com

    Do you have videos you need to cut together but find video editing applications too complex? Flowblade is a minimal video editing application designed to enable you to assemble a cut of your video quickly and easily. Video editing can be challenging. There's a lot to think about, lots of footage to review, a story you want to tell, and there's the software you have to learn on top of everything else. However, there's a common conundrum at play here: Most people only need about 80% of what's possible in video editing applications, and you can implement that 80% of everyday editing tasks with about 50% of the resources a big "professional" editor uses. That's where Flowblade really excels. It's a simple editor that can do all the basic tasks you need, plus quite a bit more. However, it focuses on the essentials so you can get started editing right away, and you're never likely to be overwhelmed by menu selections you may never use, much less understand.

Infrastructure living the ideals of software freedom

Can organisations with limited resources be digitally sovereign and still provide modern services? It is not trivial, but the FSFE proves it's possible. Take a deep dive with us into our infrastructure to learn how we run all the different services within the FSFE and cope with numerous challenges. A story non only for techies. Charity, non-profit organisations run into limits every day: personnel, budget, time, and the pressing question how to use donations most efficiently. When it comes to technical infrastructure, many organisations unfortunately decide to outsource and use proprietary, non-free services. By this, they give up software freedom and thereby digital sovereignty and independence. Since its founding more than 20 years ago, the FSFE has been pursuing the opposite way. Right from the start, we have relied on Free Software although it sometimes meant not being able to use and offer trendy services. Also, given the limited resources, we constantly have to choose between useful features and maintainability. Read more

Ubuntu Frame - A picture is worth a thousand snaps

The development of graphical applications intended for use on IoT devices isn’t trivial. The complexity goes beyond the usual challenges that exist in the classic desktop and server domains. One, the IoT world is much less mature. Two, developers need to take into consideration various edge cases that do not apply to hands-on devices like laptops, for instance. Kiosks, industrial displays and digital signage devices require additional focus and rigor. Ubuntu Frame is a solution designed to simplify and streamline the build and development of products that need graphical output. On a technical level, it is a fullscreen shell, based on Wayland, intended for interactive usage applications. On a product level, Ubuntu Frame bundles communication protocols, input protocols and security policies into a single kit, which can then be used in IoT devices. You can test it today. Read more