Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 10 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

today's leftovers

Filed under
Misc
  • Ubuntu Weekly Newsletter Issue 608

    Welcome to the Ubuntu Weekly Newsletter, Issue 608 for the week of December 1 – 7, 2019. The full version of this issue is available here.

  • Developers shouldn't distribute their own software

    Thankfully, each distro includes its own set of volunteers dedicated to this specific job: packaging software for the distribution and making sure it conforms to the norms of the target environment. This model also adds a set of checks and balances to the system, in which the distro maintainers can audit each other’s work for bugs and examine the software being packaged for anti-features like telemetry or advertisements, patching it out as necessary. These systems keep malware out of the repositories, handle distribution of updates, cryptographically verifying signatures, scaling the distribution out across many mirrors - it’s a robust system with decades of refinement.

  • attention please: host's IP stack behavior got changed slightly

    Your laptops, desktops and servers now check packet destination address with IP address bound to interface, where such packet is received on. If there will be mismatch the packet will be discarded and 'wrongif' counter will be bumped. You can use 'netstat -s|grep wrongif' to display the counter value.

  • Trusted Recursive Resolvers – Protecting Your Privacy with Policy and Technology

    In keeping with a longstanding commitment to privacy and online security, this year Mozilla has launched products and features that ensure privacy is respected and is the default. We recognize that technology alone isn’t enough to protect your privacy. To build a product that truly protects people, you need strong data policies.

    An example of our work here is the U.S. deployment of DNS over HTTPS (DoH), a new protocol to keep people’s browsing activity safe from being intercepted or tampered with, and our Trusted Recursive Resolver program (TRR). Connecting the right technology with strict operational requirements will make it harder for malicious actors to spy on or tamper with users’ browsing activity, and will protect users from DNS providers, including internet service providers (ISPs), that can abuse their data.

    DoH’s ability to encrypt DNS data addresses only half the problem we are trying to solve. The second half is requiring that companies with the ability to see and store your browsing history change their data handling practices. This is what the TRR program is for. With these two initiatives, we’re helping close data leaks that have been part of the Internet since the DNS was created 35 years ago.

  • Mozilla Privacy Blog: Mozilla comments on CCPA regulations

    Around the globe, Mozilla has been a supporter of data privacy laws that empower people – including the California Consumer Protection Act (CCPA). For the last few weeks, we’ve been considering the draft regulations, released in October, from Attorney General Becerra. Today, we submitted comments to help California effectively and meaningfully implement CCPA.

    We all know that people deserve more control over their online data. And we take care to provide people protection and control by baking privacy and the same principles we want to see in legislation into the Firefox browser.

  • Linux is junk, but GPL is for ever

    Once in a while people used to say that the lovely programs they used becomes obsolete. Then talk about its nostalgia.

    What will be the status of linux kernel after 100 years? Lets say 50 years? Will it be there supporting the new technologies of that time? I don’t think so.

    Linux like all other technologies may not able to adapt to those new environments.

    Where as GPL is eternal. As far as there is software, the rules of GPL will be valid.

  • AGL Announces CES 2020 Demos by 18 Members

    Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, will be at CES 2020 demonstrating open source infotainment and instrument cluster applications along with 20+ connected car demonstrations developed by AGL members.

    The AGL Booth in the Westgate Hotel Pavilion #1815 will feature a 2020 Toyota RAV4 with an AGL-based multimedia system that is currently in production, a 2020 Mazda CX-30 showcasing a proof of concept (POC) demo using new AGL reference hardware, and automotive technology demonstrations by: AISIN AW, DENSO, DENSO TEN, Igalia, IoT.bzh, LG Electronics, Mazda, Microchip, NTT DATA MSE, OpenSynergy, Panasonic, Renesas, SafeRide Technologies, Suzuki, SYSGO, Tuxera and VNC Automotive. The booth will be open to the public during CES show hours from January 7-10, 2020.

    “Instrument Cluster has been a big focus over the past year, and we look forward to demonstrating the amazing work being done by our members to optimize the AGL platform for use in lower performance processors and low-cost vehicles, including motorcycles,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We are proud to be showing vehicles from Toyota and Mazda and we will also have 20+ open source demos in our booth, a small sampling of some of the AGL-based products and services that automakers and suppliers continue to bring to market.”

  •                    

  • You can now email your emails in Gmail [iophk: they begin to close the protocol]

                         

                           

    Fervent emailers can attach as many emails, which will appear as an .eml file, as they like. Users who love to have multiple tabs open may also be pleased to hear that the attachment will open in a new window.

  •                    

  • More than half of NHS devices are still running Windows 7 [iophk: Why is Canonical not spinning this into gold?]

                         

                           

    As per the FoI, 52 per cent of the total 447,000+ devices being used in the NHS, including desktops, laptops, and tablets, are still running Windows 7, which reaches end-of-life status on 14 January 2020.

                           

    That's despite the fact that the Department of Health and Social Care (DHSC) last year announced a £150m plan to upgrade all NHS systems to Windows 10 by the time that Windows 7 reaches the digital graveyard. However, it's worth noting that the NHS is an E5 licence holder, which means it'll get an extra year of Windows 7 support for free.

  • LHS Episode #316: GridTracker Deep Dive Part 2

    Welcome to the 316th installment of Linux in the Ham Shack. In this episode, we have Stephen "Tag" Loomis, N0TTL, back for a second episode on GridTracker. In this episode, the hosts discuss updates, additions and bug fixes to the application since the last time and then dive into its most complex and powerful feature, the Callable Roster. Then there is information about the myriad updates to statistical analysis that will be available in the next release. Thank you for listening and we hope you enjoy this episode and your time using GridTracker.

Comparing Linux distributions: Red Hat vs. Ubuntu

Filed under
Red Hat
Ubuntu

Red Hat Enterprise Linux and Ubuntu are easily two of the most popular Linux distributions used in the enterprise. Even so, there are some key differences between these two Linux flavors. Features, user experience, licensing and documentation are the key components to evaluate when comparing Linux distributions.

Red Hat Enterprise Linux (RHEL) can support nearly any application server or infrastructure role. In its latest version, Red Hat seems to focus heavily on security and compliance. The company has introduced systemwide cryptographic policies, advanced auditing capabilities and updated protocols. These include Transport Layer Security, IPsec, Domain Name System Security Extensions and Kerberos.

Red Hat has also reduced the complexity of RHEL's latest version. RHEL 8 is designed to provide a consistent user experience by using the same administrative tools, regardless of whether the server is running in the cloud, in a VM or on a bare-metal server

Read more

Devs: Open Source Is Growing Despite Challenges

Filed under
OSS

Optimism about the future of open source is high among software developers worldwide. However, a growing number of devs worry that a lack of funding and corporate support threatens its sustainability.

That is one of the key takeaways from DigitalOcean's second annual open source survey, published in its "Currents, Open Source 2019," seasonal report last week.

The online survey provides a snapshot of the state of open source, as well as a gauge of the inclusivity and friendliness of contributors. More than 5,800 developers from around the world participated.

Because developers may work as individuals or in small teams, the survey was not sent to specific companies. Respondents self-identified and shared the size of the company/team they worked with, said Eddie Zaneski, manager of developer relations at DigitalOcean. The company reached out to the developer community primarily through social media and email campaigns from late August to early October.

Read more

Open Hardware: RISC-V and Raspberry Pi’s 8th Birthday

Filed under
GNU
Linux
Hardware
  • SiFive Learn Inventor is a Wireless RISC-V Development Kit Inspired by BBC Micro:bit

    SiFive Learn Inventor is a RISC-V educational board partially inspired by BBC Micro:bit board with the same crocodile clip-friendly edge connector, and an LED matrix.

  • Hex Five Announces General Availability of MultiZone Security for Linux - The First Commercial Enclave for RISC-V processors

    Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five Security Inc. announces the general availability of MultiZone™ Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone™ Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem. Support for additional RISC-V processors to be announced later in 2020.

  • Celebrate the Raspberry Pi’s 8th birthday at a Raspberry Jam

    On 29 February 2020, the Raspberry Pi Foundation will celebrate the eighth birthday of the Raspberry Pi computer (or its second birthday, depending on how strict you are about counting leap years).

Programming: JavaScript, Go, Perl and Python

Filed under
Development
  • Excellent Free Tutorials to Learn JavaScript

    JavaScript is possibly one of the easiest language to get up and running with. But to truly master the language requires a firm foundation of its intricacies.

    JavaScript is an interpreted, prototype-based, scripting computer programming language. It came to popular attention as a simple client-side scripting tool, interacting with the user using forms and controlling the web browser, and remains a front-end language for web applications.

    JavaScript features dynamic types, it’s weakly typed, supports the structured programming syntax from C, uses prototypes instead of classes for inheritance, and copies many names and naming conventions from Java. It also borrows design principles from Scheme and Self, as well as concepts and syntax idioms such as C-style procedural roots.

  • Lessons learned from programming in Go

    When you are working with complex distributed systems, you will likely come across the need for concurrent processing. At Mode.net, we deal daily with real-time, fast and resilient software. Building a global private network that dynamically routes packets at the millisecond scale wouldn’t be possible without a highly concurrent system. This dynamic routing is based on the state of the network and, while there are many parameters to consider here, our focus is on link metrics. In our context, link metrics can be anything related to the status or current properties of a network link (e.g.: link latency).

  •                    

  • Add address of FreeBSD iocage jails to PF table

                         

                           

    I started mucking about with PF, but that’s not my department … and so the jails table remained empty which meant the jail could not access anything beyond the host.

                           

    After a bit of searching I found iocage supports most jail(8) parameters, so I did this: [...]

  •                    

         

  • 2019.49 Almost Starring

           

             

    Patrick Spek has made the first release candidate of Rakudo Star 2019.11 available for download. If you are working with Raku from Rakudo Star distributions, then this is the moment to test the distribution so that you can be sure that nothing was missed! So please, download and test it! Which of course you can also do if you’re not generally a user of Rakudo Star

  • Python 3.8.1rc1

    The Python 3.8 series is the newest major release of the Python programming language, and it contains many new features and optimizations.

  • Python 3.8.1rc1 is now available for testing

    Python 3.8.1rc1 is the release candidate of the first maintenance release of Python 3.8.

    The Python 3.8 series is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.1rc1 here:
    https://www.python.org/downloads/release/python-381rc1/

    Assuming no critical problems are found prior to 2019-12-16, the scheduled release date for 3.8.1 as well as Ned Deily's birthday, no code changes are planned between this release candidate and the final release.

    That being said, please keep in mind that this is a pre-release of 3.8.1 and as such its main purpose is testing.

    See the “What’s New in Python 3.8” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.0 can be found in its change log.

    Maintenance releases for the 3.8 series will continue at regular bi-monthly intervals, with 3.8.2 planned for February 2020.

  • Python Docstrings

    In this tutorial, we will learn about Python docstrings. More specifically, we will learn how and why docstrings are used with the help of examples.
    Python docstrings (documentation strings) are the string literals that appear right after the definition of a function, method, class, or module. Let's take an example.

  • Python Comments

    Comments are descriptions that help programmers better understand the intent and functionality of the program.

    They are completely ignored by the Python interpreter.

  • 3 easy steps to update your apps to Python 3

    The 2.x series of Python is officially over, but converting code to Python 3 is easier than you think. Over the weekend, I spent an evening converting the frontend code of a 3D renderer (and its corresponding PySide version) to Python 3, and it was surprisingly simple in retrospect, although it seemed relatively hopeless during the refactoring process.

New: Collabora Office for Android

Filed under
Android
LibO

We are excited to announce a complete new version of Collabora Office for Android, available now in Google Play, with the following main improvements:

- A great looking interface, easy to use with just one hand on your phone
- Editing of complex office documents, not just viewing
- Now re-uses the same technology as Collabora Online.

In common with other Collabora Productivity products, this new Android release enables people to edit their documents without compromising on privacy. There is no longer a reason to hand over your data to get rich mobile editing.
The new release marks the end of a period of rewriting important parts of the application. We now share much of the code and user experience from Collabora Online’s collaborative editor as well as Collabora Office 6.2 for displaying the documents.

Read more

Upstream Graphics: Too Little, Too Late

Filed under
Graphics/Benchmarks

Unlike the tradition of my past few talks at Linux Plumbers or Kernel conferences, this time around in Lisboa I did not start out with a rant proposing to change everything. Instead I celebrated roughly 10 years of upstream graphics progress and finally achieving paradise. But that was all just prelude to a few bait-and-switches later fulfill expectations on what’s broken this time around in upstream, totally, and what needs to be fixed and changed, maybe.

The LPC video recording is now released, slides are uploaded. If neither of that is to your taste, read below the break for the written summary.

Mission Accomplished

10 or so years ago upstream graphics was essentially a proof of concept for the promised to come. Kernel display modeset just landed, finally bringing a somewhat modern display driver userspace API to linux. And GEM, the graphics execution manager landed, bringing proper GPU memory management and multi client rendering. Realistically a lot needed to be done still, from rendering drivers for all the various SoC, to an atomic display API that can expose all the features, not just what was needed to light up a linux desktop back in the days. And lots of work to improve the codebase and make it much easier and quicker to write drivers.

There’s obviously still a lot to do, but I think we’ve achieved that - for full details, check out my ELCE talk about everything great for upstream graphics.

[...]

Also, there just isn’t a single LTS kernel. Even upstream has multiple, plus every distro has their own flavour, plus customers love to grow their own variety trees too. Often they’re not even coordinated on the same upstream release. Cheapest way to support this entire madness is to completely ignore upstream and just write your own subsystem. Or at least not use any of the helper libraries provided by kernel subsystems, completely defeating the supposed benefit of upstreaming code.

No matter the strategy, they all boil down to paying twice - if you want to upstream your code. And there’s no added return for the doubled bill. In conclusion, upstream first needs a business case, like the open source graphics stack in general. And that business case is very much real, except for upstreaming, it’s only real in userspace.

In the kernel, “upstream first” is a sham, at least for graphics drivers.

Thanks to Alex Deucher for reading and commenting on drafts of this text.

Read more

Graphics News With Focus on Vulkan

  • The Open-Source Qualcomm "TURNIP" Vulkan Driver Adds Important Performance Feature

    The TURNIP Mesa Vulkan driver providing support for recent Qualcomm Adreno graphics processors and akin to the Freedreno Gallium3D driver has added an important performance-boosting feature.

    Thanks to Jonathan Marek who has been driving much of the TURNIP driver advancements in recent time is now hardware binning support. The nearly 400 lines of code implement hardware binning as an important performance sensitive feature.

  • ChamferWM Still Appears To Be The Most Capable Vulkan-Powered X11 Tiling Window Manager

    While we are approaching 2020 and the four year anniversary since the Vulkan 1.0 launch, one aspect that has been a bit disappointing has been the lack of not seeing quicker uptake by various Linux window managers / compositors in at least offering a Vulkan code path. One of the best examples of a Vulkan-powered compositor with that has been the independent ChamferWM.

  • Intel Jasper Lake Support Added To Mesa 20.0 OpenGL / Vulkan Drivers

    With Intel Jasper Lake graphics support making it as one of the prominent hardware support additions for Linux 5.5, the user-space OpenGL/Vulkan driver support is now found within Mesa 20.0-devel.

    Commits today added the Intel Jasper Lake support for Mesa 20.0. Though with Jasper Lake being "Gen 11" graphics like existing Ice Lake as well as Elkhart Lake, the Jasper Lake addition primarily comes down to adding the new PCI IDs and then following the same driver code paths as Elkhart Lake.

Fedora and Red Hat: Fedora Women’s Day Report, LoRaWAN, Red Hat's Mission Statement and Kubernetes With OpenShift

Filed under
Red Hat
  • Fedora Women’s Day Report (Bhubaneswar)

    For the very first time, Fedora Women’s Day was celebrated in Bhubaneswar, India. The event happened on 26th November 2019 at the College of Engineering and Technology, Bhubaneswar. My aim as an organiser was to have a session on “Getting started with OpenSource” which includes understanding the opportunities Fedora Project provides as an Open-source community as well as getting to know what open source is.
    Since I had a diverse audience of students from different years, I had to plan the event in favour of both. So, the session was divided into 2 parts, with the first part being What is Open Source and how to get started with it and the second part which introduced Fedora Project as an open-source community. A huge crowd of students showed up, which consists of both genders. I was accompanied by @amitosh (Amitosh Swain Mohapatra), another community member of Fedora. The session was for 2 hours. 

    I started introducing what is open source, what are the perks of doing open source. I spoke about Git and Github and how they are so important in the life of an aspired developer. Followed which I moved on to explain to them about different internship programs like Outreachy, GSoC, GSSoc, RGSoC etc.
    A closed overview of the following internship included talking about their community, stipend and perks. Then I shared my experience as an Outreachy intern with Fedora and my experience at Flock 2019.

  • LoRaWAN setup at the EclipseCon IoT playground

    At the recent EclipseCon Europe in Ludwigsburg, Germany, we had a big dashboard in the IoT playground area showing graphs of the number of WiFi devices, the temperature, and air quality, all transmitted via LoRaWAN. We worked on this project during the community day and kept the setup throughout the conference, where we showed it and played with it even further. This article describes the architecture of the setup and gives pointers to replicate it.

  • Italian job: Translating our mission statement in the open

    A few months ago, I noticed a post on our company's internal collaboration platform that seemed to be calling my name. Colleagues from around the world were leaving comments on translated versions of one particular (and very important) corporate message: the company's mission statement. And they had questions about the Italian translation.

    So I joined the conversation with no hesitation, assuming I'd engage in a quick exchange of opinions and reach a conclusion about the best way to translate Red Hat's mission statement:

    To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.

    That's a single sentence consisting of less than 20 words. Translating it into another language should be a no-brainer, right? If anything, the work should take no longer than a few minutes: Read it out loud, spot room for improvement, swap a word for a more effective synonym, maybe rephrase a bit, and you're done!

    As a matter of fact, that's not always the case.

    Translations of the mission statement in a few languages were already available, but comments from colleagues reflected a need for some review. And as more Red Hatters from different parts of the globe joined the discussion and shared their perspectives, I began to see many possibilities for solving this translation problem—and the challenges that come with this abundance of ideas.

  • Explore Kubernetes with OpenShift in a workshop near you

    The Kubernetes with OpenShift World Tour is a series of in-person workshops around the globe that help you build the skills you need to quickly modernize your applications. This World Tour provides a hands-on experience and teaches the basics of working with the hybrid-cloud, enterprise container platform Red Hat® OpenShift® on IBM Cloud™. You learn coding skills in the world of containerized, cloud-native development with expert developer advocates, who have deep technical experience building cloud microservices and applications with Red Hat OpenShift.

Games: Humble Store, itch.io, Dying Light, Atari and NES Emulators

Filed under
Gaming
  • The Indie Hits Sale over on Humble Store went live with some great Linux deals

    Humble are now celebrating Indie games, with a big sale going on some really great Indie games and a lot of good deals for Linux gamers on the lookout for something new.

    We're certainly not short on indie games, something Linux has thankfully done reasonably well with getting ports and official support from developers. Some of my all time favourite games are indie too, the variation you can find even in a single genre is often amazing.

  • Chooseco are getting indie games using 'choose your own adventure' taken down on itch.io

    The creator of indie store itch.io has issued a warning to game developers, as Chooseco appear to be trying to take down anything using the 'choose your own adventure' phrase.

    Not surprising it's happening though, Chooseco went after Netflix for using the same phrase with Black Mirror: Bandersnatch.

  • Dying Light is doing a Chivalry crossover event with new weapons and an outfit

    Things are getting a bit medieval in Dying Light, with a new Chivalry crossover event that's arrived with some new free goodies to grab.

    Running until December 16, this event has some new random encounters available as you travel through either the Slums or Old Town. One of the event quests needs you to take two airdrops from Rais' men, this will reward you with a Agatha Medieval Shield. The other new event quest will require you to save some helpless people from monsters and bandits, help some survivors in their fight against the undead (both parts need doing twice) and that will reward you with a Zweihänder Sword.

  • Atari VCS going through 'Engineering Validation Testing' on the road to release

    Another update on the Linux-powered little console the Atari VCS, which is now going through Engineering Validation Testing (EVT) as it's on the road to release next year.

    In the last update we posted last month, the Atari VCS was going through pre-production. Something that stuck out, was the actual units looking seriously cheap and shiny.

  • The 15 Best NES Emulator Apps for Android Device in 2020

    Did you ever hear about NES Emulator? Well, NES Emulator is a system that helps you to play old days games in your Android device. The word NES stands for the Nintendo Entertainment System. It is a kind of iconic gaming console. The main task of this console is to make you eligible to play those classic games. However, if you are nostalgic, want to have the experience of playing those exotic games, you can install an NES app from PlayStore. Here, I have added some useful NES Emulator apps for Android that you can find for free to use and enjoy those classic games.

Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws

Filed under
Linux
Interviews
Security

Schlaeger told us he's responsible "for the lowest layer of the software stack that runs on almost all the servers. We work on things like the Linux kernel, various hypervisors, Xen, KVM, Firecracker if you want to include the VMM [Virtual Machine Manager] as well. And we are heavily involved in the definition of the EC2 [Elastic Compute Cloud] instance types, especially for the accelerated platform."

A couple of months ago, Linux kernel maintainer Greg Kroah-Hartman told us that the infamous Spectre, Meltdown and other MDS (Microarchitectural Data Sampling) bugs would be "with us for a long time," as "more and more of the same types of problems" are discovered.

Read more

China to ditch all Windows PCs by 2022 – could this be Linux’s time to shine?

Filed under
Linux
Microsoft

In a major blow to Microsoft, the Chinese government will be replacing all PCs that run Windows by 2022, and could instead use a Chinese-created Linux distro, such as Kylin Linux.

The order comes from the Chinese Communist Party Central Office, and is part of a drive to replace any computer that runs non-Chinese software, partly in response to the US government’s blacklisting of Chinese hardware.

Microsoft gave a recent Windows 10 update to the wrong users
These are the best Windows 10 laptops out there
And the best Windows 10 antivirus apps of 2019

Chinese government services have been ordered to replace 30% of Windows PCs by the end of 2020, a further 50% in 2021 and the final 20% by the end of 2022.

Read more

Customize your Linux desktop with FVWM

Filed under
Linux

The FVWM window manager started out as modifications to TWM, back in 1993. After several years of iteration, what emerged is an extremely customizable environment where any behavior, action, or event is configurable. It has support for custom key bindings, mouse gestures, theming, scripting, and much more.

While FVWM is usable immediately after installation, its default distribution provides only the absolute minimum configuration. It's a great foundation to start your own custom desktop environment, but if you just want to use it as a desktop, then you probably want to install a full configuration distributed by another user. There are a few different distributions of FVWM, including FVWM95, which mimics Windows 95 (at least in appearance and layout). I tried FVWM-Crystal, a modern-looking theme with some common Linux desktop conventions.

Read more

Best Linux Distributions that Look Like MacOS

Filed under
Linux

The Linux world is filled with several distributions born of the desire to solve a specified problem using unique design and build approaches. There are distros created for chemists, astrologers, music producers, and there are ones created to emulate macOS.

Do you miss the UI/UX of your old Mac? Or do you want to turn up your computing experience by giving your laptop a shiny new look with an appearance difficult to distinguish from macOS? Today’s list is of the best Linux distributions that look like macOS.

Read more

Daniel Stenberg: Mr Robot curl

Filed under
Software
Movies

Vasilis Lourdas reported that he did a “curl sighting” in the show and very well I took a closer peek and what do we see some 37 minutes 36 seconds into episode 8 season 4…

(I haven’t followed the show since at some point in season two so I cannot speak for what actually has happened in the plot up to this point. I’m only looking at and talking about what’s on the screenshots here.)

Elliot writes Python. In this Python program, we can see two curl invokes, both unfortunately a blurry on the right side so it’s hard to see them exactly (the blur is really there in the source and I couldn’t see/catch a single frame without it). Fortunately, I think we get some additional clues later on in episode 10, see below.

He invokes curl with -i to see the response header coming back but then he makes some questionable choices. The -k option is the short version of --insecure. It truly makes a HTTPS connection insecure since it completely switches off the CA cert verification. We all know no serious hacker would do that in a real world use.

Perhaps the biggest problem for me is however the following -X POST. In itself it doesn’t have to be bad, but when taking the second shot from episode 10 into account we see that he really does combine this with the use of -d and thus the -X is totally superfluous or perhaps even wrong. The show technician who wrote this copied a bad example…

Read more

Ampere's Arm-based eMAG CPU is now available in a workstation

Filed under
GNU
Linux
Hardware

Avantek offers the workstation with a few graphics cards options including the AMD FirePro W2100 2GB, a Radeon Pro WX 5100 8GB, and the Nvidia Quadro GV100 32GB. The workstation is only offered running Linux with a few different flavors including Ubuntu, centOS and Linux SUSE / openSUSE.

Read more

It's Not A VPN-busting Bug, It's A Social Media Enhancer For UNIX Users

Filed under
OS
Linux
Security
BSD

Kidding aside, this vulnerability applies to most UNIX based OSes, with most Linux distros, Android, iOS, macOS, FreeBSD, and OpenBSD all affected. The attacker needs to be able to intercept your data, which means they need to already be on the same network span as your machine or by having control of the router or other exit point, but if they do they can use this flaw to determine the exact SEQ and ACK numbers in your encrypted session.

That information can be used to successfully inject data, hijack the connection and possibly redirect your VPN session to imposter pages or other places on the web you really don’t want to go to. Not all VPNs are vulnerable, the researches quoted at The Register tested this on OpenVPN, WireGuard, and IKEv2/IPSe.

Read more

Syndicate content

More in Tux Machines

Open Hardware: RISC-V and Raspberry Pi’s 8th Birthday

  • SiFive Learn Inventor is a Wireless RISC-V Development Kit Inspired by BBC Micro:bit

    SiFive Learn Inventor is a RISC-V educational board partially inspired by BBC Micro:bit board with the same crocodile clip-friendly edge connector, and an LED matrix.

  • Hex Five Announces General Availability of MultiZone Security for Linux - The First Commercial Enclave for RISC-V processors

    Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five Security Inc. announces the general availability of MultiZone™ Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone™ Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem. Support for additional RISC-V processors to be announced later in 2020.

  • Celebrate the Raspberry Pi’s 8th birthday at a Raspberry Jam

    On 29 February 2020, the Raspberry Pi Foundation will celebrate the eighth birthday of the Raspberry Pi computer (or its second birthday, depending on how strict you are about counting leap years).

Programming: JavaScript, Go, Perl and Python

  • Excellent Free Tutorials to Learn JavaScript

    JavaScript is possibly one of the easiest language to get up and running with. But to truly master the language requires a firm foundation of its intricacies. JavaScript is an interpreted, prototype-based, scripting computer programming language. It came to popular attention as a simple client-side scripting tool, interacting with the user using forms and controlling the web browser, and remains a front-end language for web applications. JavaScript features dynamic types, it’s weakly typed, supports the structured programming syntax from C, uses prototypes instead of classes for inheritance, and copies many names and naming conventions from Java. It also borrows design principles from Scheme and Self, as well as concepts and syntax idioms such as C-style procedural roots.

  • Lessons learned from programming in Go

    When you are working with complex distributed systems, you will likely come across the need for concurrent processing. At Mode.net, we deal daily with real-time, fast and resilient software. Building a global private network that dynamically routes packets at the millisecond scale wouldn’t be possible without a highly concurrent system. This dynamic routing is based on the state of the network and, while there are many parameters to consider here, our focus is on link metrics. In our context, link metrics can be anything related to the status or current properties of a network link (e.g.: link latency).

  •                    
  • Add address of FreeBSD iocage jails to PF table
                         
                           

    I started mucking about with PF, but that’s not my department … and so the jails table remained empty which meant the jail could not access anything beyond the host.

                           

    After a bit of searching I found iocage supports most jail(8) parameters, so I did this: [...]

  •                          
  • 2019.49 Almost Starring
           
             

    Patrick Spek has made the first release candidate of Rakudo Star 2019.11 available for download. If you are working with Raku from Rakudo Star distributions, then this is the moment to test the distribution so that you can be sure that nothing was missed! So please, download and test it! Which of course you can also do if you’re not generally a user of Rakudo Star

  • Python 3.8.1rc1

    The Python 3.8 series is the newest major release of the Python programming language, and it contains many new features and optimizations.

  • Python 3.8.1rc1 is now available for testing

    Python 3.8.1rc1 is the release candidate of the first maintenance release of Python 3.8. The Python 3.8 series is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.1rc1 here: https://www.python.org/downloads/release/python-381rc1/ Assuming no critical problems are found prior to 2019-12-16, the scheduled release date for 3.8.1 as well as Ned Deily's birthday, no code changes are planned between this release candidate and the final release. That being said, please keep in mind that this is a pre-release of 3.8.1 and as such its main purpose is testing. See the “What’s New in Python 3.8” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.0 can be found in its change log. Maintenance releases for the 3.8 series will continue at regular bi-monthly intervals, with 3.8.2 planned for February 2020.

  • Python Docstrings

    In this tutorial, we will learn about Python docstrings. More specifically, we will learn how and why docstrings are used with the help of examples. Python docstrings (documentation strings) are the string literals that appear right after the definition of a function, method, class, or module. Let's take an example.

  • Python Comments

    Comments are descriptions that help programmers better understand the intent and functionality of the program. They are completely ignored by the Python interpreter.

  • 3 easy steps to update your apps to Python 3

    The 2.x series of Python is officially over, but converting code to Python 3 is easier than you think. Over the weekend, I spent an evening converting the frontend code of a 3D renderer (and its corresponding PySide version) to Python 3, and it was surprisingly simple in retrospect, although it seemed relatively hopeless during the refactoring process.

New: Collabora Office for Android

We are excited to announce a complete new version of Collabora Office for Android, available now in Google Play, with the following main improvements: - A great looking interface, easy to use with just one hand on your phone - Editing of complex office documents, not just viewing - Now re-uses the same technology as Collabora Online. In common with other Collabora Productivity products, this new Android release enables people to edit their documents without compromising on privacy. There is no longer a reason to hand over your data to get rich mobile editing. The new release marks the end of a period of rewriting important parts of the application. We now share much of the code and user experience from Collabora Online’s collaborative editor as well as Collabora Office 6.2 for displaying the documents. Read more

today's howtos