Recent Changes - Search:

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column) - Security Advisories

  • RIP Robin "Roblimo" Miller (Linux Journal)
    Linux Journal reportsthat Robin "Roblimo" Miller has passed away. "Miller was perhaps best known by the community for his roll as Editor in Chief of Open Source Technology Group, the company that owned Slashdot,, freshmeat,, NewsForge, and ThinkGeek from 2000 to 2008."

  • [$] Easier container security with entitlements
    During KubeCon+ CloudNativeCon Europe 2018, Justin Cormack and Nassim Eddequiouaq presenteda proposal to simplify the setting of security parameters for containerizedapplications. Containers depend on a large set of intricate security primitives that canhave weird interactions. Because they are so hard to use, people often justturn the whole thing off. The goal of the proposal is to make thosecontrols easier to understand and use; it is partly inspired by mobile appson iOS and Android platforms, an idea that trickled back into Microsoft andApple desktops. The time seems ripe to improve the field ofcontainer security, which is in desperate need of simpler controls.

  • Security updates for Thursday
    Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol).

  • [$] An update on bcachefs
    The bcachefs filesystem has been underdevelopment for a number of years now; according to lead developer KentOverstreet, it is time to start talking about getting the code upstream.He came to the 2018 Linux Storage, Filesystem, and Memory-Management Summit(LSFMM) to discuss that in a combined filesystem and storagesession. Bcachefs grew out of bcache, which is a block layercache that was merged into Linux 3.10 in mid-2013.

  • [$] What's coming in OpenLDAP 2.5
    If pressed, I will admit to thinking that, if NIS was good enough for Charles Babbage, it'sgood enough for me. I am therefore not a huge fan of LDAP; I feel I can detect in it the heavy hand of the ITU,which seems to wish to apply X.500 toeverything. Nevertheless, for secure, distributed, multi-platform identitymanagement it's quite hard to beat. If you decide to run an LDAP serveron Unix, one of the major free implementations is slapd, the coreengine of the OpenLDAP project.Howard Chu is the chief architect of the project,and spoke at FLOSS 2018 about the upcoming 2.5 release. Any rumorsthat he might have passed the time while the room filled up by givinga short but nicely rendered fiddle recital are completely true.

  • [$] Shortening the Python release schedule
    The Python release cycle has an 18-month cadence; a new major release (e.g.Python 3.7) ismade roughly on that schedule. But Łukasz Langa, who is the releasemanager for Python 3.8 and 3.9, would like to see things movemore quickly—perhaps on a yearly cadence. In the first session after lunchat the 2018 Python Language Summit, Langa wanted to discuss that idea.

  • Security updates for Wednesday
    Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Slackware (kernel, mozilla, and procps), SUSE (ghostscript-library, kernel, mariadb, python, qemu, and wget), and Ubuntu (linux-raspi2 and linux-raspi2, linux-snapdragon).

  • [$] Case-insensitive filesystem lookups
    Case-insensitive file name lookups are a feature that is fairly frequentlyraised at the Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). At the 2018summit, Gabriel Krisman Bertazi proposed a new way to supportthe feature, though it met with a rather skeptical reception—with onenotable exception. Ted Ts'o seemed favorably disposed to the idea, in partbecause it would potentially be a way to get rid of some longstanding Android ugliness:wrapfs.

  • Kata Containers 1.0
    Kata Containers 1.0 has been released. "This first release of Kata Containers completes the merger of Intel’s Clear Containers and Hyper’s runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes."

LXer Linux News

    ERR_SSL_VERSION_OR_CIPHER_MISMATCH error shows in your web browser when the browser cannot establish secure connection with the web server. Today we will show you how to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

  • Bitwarden Password Manager Adds Command Line Vault
    Bitwarden, the secure, open source password manager we talked about recently, added a command line tool to its list of apps you can use to access your passwords. Bitwarden CLI is currently in public beta testing, and according to its documentation, it includes all the features available in other Bitwarden client applications, like the desktop or browser extension.

  • 4 Easy Ways to Get Out of a Ubuntu Crash
    On Ubuntu, there are several ways to escape crashes and recover from them when they occur. Find out how to save your Ubuntu computer when the unexpected strikes.

  • 4 Markdown-powered slide generators
    Imagine you[he]#039[/he]ve been tapped to give a presentation. As you[he]#039[/he]re preparing your talk, you think, "I should whip up a few slides."Maybe you prefer the simplicity of plain text, or maybe you think software like LibreOffice Writer is overkill for what you need to do. Or perhaps you just want to embrace your inner geek.

  • KDE’s New Elisa Music Player: So Close, Yet So Far Away
    With the rise of streaming services bringing easy access to media, owning your own music and movies is at a seemingly all-time low. In my case, it wasn’t until recently that I started recollecting local music files again once I started caring more about the quality of music that I was listening to.

  • Linux sum Command Tutorial for Beginners (with Examples)
    As you start spending more and more time working on the Linux command line, you tend to learn utilities that aren't very frequently used. Once such tool is sum, which only offers two features: display checksum and block count for input files. In this short tutorial, we will quickly discuss the basics of sum using some easy to understand examples.


	Copyright 2018|Linux Insider"LinuxInsider"]]
  • WhiteSource Rolls Out New Open Source Security Detector
    WhiteSource has launched its next-generation software composition analysis technology, dubbed "Effective Usage Analysis," with the promise that it can reduce open source vulnerability alerts by 70 percent. The newly developed technology provides details beyond which components are present in the application. It provides actionable insights into how components are being used.

  • Cinnamon Desktop Spices Up RoboLinux Raptor
    RoboLinux is a unique distro that focuses on incorporating Windows versions XP through 10 within a fully functional Linux operating system. You might never need the Stealth VM features that let you easily install and run Microsoft Windows within most any Linux distro. Still, RoboLinux is a topnotch general purpose Linux computing platform that comes with a choice of leading desktop environments.

  • Open Source Is Everywhere and So Are Vulnerabilities, Says Black Duck Report
    Black Duck by Synopsys has released the 2018 Open Source Security and Risk Analysis report, which details new concerns about software vulnerabilities amid a surge in the use of open source components in both proprietary and open source software. The report provides an in-depth look at the state of open source security, license compliance and code-quality risk in commercial software.

  • OpenShift Brings Full Cross-Platform Flexibility to Azure Cloud
    Microsoft and Red Hat introduced OpenShift on Azure at Red Hat Summit 2018 in San Francisco. This release is the first fully managed, easy-to-use version of OpenShift in the cloud, the companies said. The fully managed integration of OpenShift on Azure means that Microsoft and Red Hat will join to engineer, operate and support the platform. That combined support will keep it up-to-date.

  • Android P Tackles Phone Addiction, Distraction
    Google has revealed some major new features in the next version of its Android operating system for mobile devices. Now in public beta, the OS known as "Android P" includes features designed to address growing concerns about phone addiction and distraction. For example, a dashboard will show users how often, when and for how long they use each application on their phone.

  • Ubuntu Budgie Whistles Up a Better Remix
    If you have yet to try the Budgie desktop, the latest release of Ubuntu Budgie is a perfect opportunity to experience a classy and user-friendly computing platform. Budgie is one of the first home-grown Linux distros to release its latest version based on Ubuntu 18.04. The independent developer announced Ubuntu Budgie 18.04 last week, coinciding with Canonical's release of Ubuntu 18.04 LTS.

  • Fedora 28 Comes With New Software Options
    The Fedora Project has announced the general availability of Fedora 28, which introduces a new software delivery system based on a modular repository. The new system provides alternative versions of the software and updates that come with the default release, according to Fedora Project Leader Matthew Miller. It enables users to update specific components at the speed that meets their needs.

  • Shuttleworth on Ubuntu 18.04: Multicloud Is the New Normal
    Canonical has released the Ubuntu 18.04 LTS platform for desktop, server, cloud and Internet of Things use. Its debut followed a two-year development phase that led to innovations in cloud solutions for enterprises, as well as smoother integrations with private and public cloud services, and new tools for container and virtual machine operations.

  • New Ubuntu Rethinks Desktop Ecosystem
    Canonical on Thursday released Ubuntu Linux 18.04, which utilizes live patching and a new metric data collection system. Notably missing is the Unity desktop that had distinguished the distro but was poorly received. Canonical last year made the switch from Unity 7 to upstream GNOME as Ubuntu's default desktop environment. Unity is not an option in Ubuntu 18.04 and will not be available in desktop offerings moving forward.

  • Microsoft Calls On Linux for Its New IoT Security Platform
    Microsoft has opted to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere solution for securely connecting Internet of Things devices. Microsoft introduced Azure Sphere last week at the RSA security conference in San Francisco. Azure Sphere is a platform that connects microcontroller units, or MCUs, embedded in cloud-connected devices.


  • Some Low-Cost Android Phones Shipped With Malware Built In
    More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said. From a report: The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

    Read more of this story at Slashdot.

  • T-Mobile Bug Let Anyone See Any Customer's Account Details
    An anonymous reader writes: A bug in T-Mobile's website let anyone access the personal account details of any customer with just their cell phone number, ZDNet reported Thursday. The flaw, since fixed, could have been exploited by anyone who knew where to look -- a little-known T-Mobile subdomain that staff use as a customer care portal to access the company's internal tools. The subdomain --, which can be easily found on search engines -- contained a hidden API that would return T-Mobile customer data simply by adding the customer's cell phone number to the end of the web address. Although the API is understood to be used by T-Mobile staff to look up account details, it wasn't protected with a password and could be easily used by anyone. The returned data included a customer's full name, postal address, billing account number, and in some cases information about tax identification numbers. The data also included customers' account information, such as if a bill is past-due or if the customer had their service suspended.

    Read more of this story at Slashdot.

  • About $1.2 Billion in Cryptocurrency Stolen Since 2017
    Criminals have stolen about $1.2 billion in cryptocurrencies since the beginning of 2017, as bitcoin's popularity and the emergence of more than 1,500 digital tokens have put the spotlight on the unregulated sector, according to estimates from the Anti-Phishing Working Group released on Thursday. From a report: The estimates were part of the non-profit group's research on cryptocurrency and include reported and unreported theft. "One problem that we're seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys," Dave Jevans, chief executive officer of cryptocurrency security firm CipherTrace, told Reuters in an interview.

    Read more of this story at Slashdot.

  • Internal Documents Show Apple Knew the iPhone 6 Would Bend
    In 2014, multiple users reported that their iPhone 6 and 6 Plus handsets were bending under pressure, such as when they were kept in a pocket. As a byproduct of this issue, the touchscreen's internal hardware was also susceptible to losing its connection to the phone's logic board. It turns out, Apple was aware that this could happen. Motherboard: Apple's internal tests found that the iPhone 6 and iPhone 6 Plus are significantly more likely to bend than the iPhone 5S, according to information made public in a recent court filing obtained by Motherboard. Publicly, Apple has never said that the phones have a bending problem, and maintains that position, despite these models commonly being plagued with "touch disease," a flaw that causes the touchscreen to work intermittently that the repair community say is a result of bending associated with normal use. The information is contained in internal Apple documents filed under seal in a class-action lawsuit that alleges Apple misled customers about touch disease. The documents remain under seal, but US District Court judge Lucy Koh made some of the information from them public in a recent opinion in the case. The company found that the iPhone 6 is 3.3 times more likely to bend than the iPhone 5s, and the iPhone 6 Plus is 7.2 times more likely to bend than the iPhone 5s, according to the documents. Koh wrote that "one of the major concerns Apple identified prior to launching the iPhones was that they were 'likely to bend more easily when compared to previous generations.'"

    Read more of this story at Slashdot.

  • Robin "Roblimo" Miller, a Long-Time Voice of the Linux Community, Has Passed Away
    Reader rootmon writes: Our thoughts/prayers are with the family and friends of long time open source writer/journalist Robin "Roblimo" Miller who passed away this morning. Robin "Roblimo" Miller (born October 30, 1952) served as the Editor-in-Chief of Open Source Technology Group, the company which owned Slashdot,, Freshmeat,, NewsForge, and ThinkGeek between 2000 to 2008. Miller formerly owned Robin's Limousine, a small limo company based in Elkridge, Maryland, the origin of his online nickname. Miller is best known for his involvement with Slashdot, where he was not only the corporate editorial overseer but also Interview Editor. As a freelancer, Miller wrote for a number of print and online publications including, Baltimore City Paper, American Medical News, Innkeeping World, Machine Design, The Baltimore Sun, and Miller is the author of three books: The Online Rules of Successful Companies, Point -- Click Linux!, and Point -- Click, all published by Prentice Hall. His most recent ventures revolved around Internet-delivered video, including video software "tours" and tutorials on and his recent "side" venture, Internet Video Promotion, Inc. Miller has been a judge for the Lulu Blooker Prize and is on the online advisory board of the Online Journalism Review of the Annenberg Center for Communication at the University of Southern California. (Biographical Info Quoted in Part from Wikipedia) Further reading: Linux Journal: RIP Robin "Roblimo" Miller. Remembering Miller, ZDNet journalist S. Vaughan-Nichols wrote, "He was funny, bright, quick with a quip, caring, and wise. I, and many others who had the pleasure of knowing him, will miss him enormously." Paul Jones, Clinical Professor at the School of Information & Library Science, and Director of, wrote, "Robin taught me many things, besides the immense gift of his friendship, including 'the way to make money on the internet is to take on more than you spend.' Both funny and accurate in context and very much true to roblimo." Writer and engineer Emmett Initiative said, "He was my editor, which means he was my best friend and worst enemy. He was a kind and thoughtful man that made every writer around him at least 300% better. I already miss him."

    Read more of this story at Slashdot.

  • Massachusetts Gains Foothold in Offshore Wind Power, Long Ignored in US
    New Bedford hopes to soon be the operations center for the first major offshore wind farm in the United States, bringing billions of dollars of investment and thousands of jobs to the town and other ports on the East Coast. The New York Times: On Wednesday, that effort took a major step forward as the State of Massachusetts, after holding an auction, selected a group made up of a Danish investment firm and a Spanish utility to erect giant turbines on the ocean bottom, beginning about 15 miles off Martha's Vineyard. This initial project will generate 800 megawatts of electricity, roughly enough to power a half a million homes. At the same time, Rhode Island announced it would award a 400-megawatt offshore wind project to another bidder in the auction. The groups must now work out the details of their contracts with the states' utilities. "We see this not just as a project but as the beginning of an industry," Lars Thaaning Pedersen, the chief executive of Vineyard Wind, which was awarded the Massachusetts contract, said in an interview. Offshore wind farms have increasingly become mainstream sources of power in Northern Europe, and are fast becoming among the cheapest sources of electricity in countries like Britain and Germany. Those power sources in those two countries already account for more than 12 gigawatts of electricity generation capacity.

    Read more of this story at Slashdot.

  • Woman Says Alexa Device Recorded Her Private Conversation and Sent It To Random Contact; Amazon Confirms the Incident
    Gary Horcher, reporting for KIRO7: A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list. "My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name. Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system. But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. '"You're being hacked.'" That person was one of her husband's employees, calling from Seattle. "We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too. In a statement, an Amazon spokesperson said, "Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future." Further reading: Amazon Admits Its AI Alexa is Creepily Laughing at People.

    Read more of this story at Slashdot.

  • Missing Climate Goals Could Cost the World $20 Trillion
    An anonymous reader shares a report: There are trillions of reasons for the world to prevent temperatures from rising more than 1.5C, the aspirational target laid out in the Paris climate agreement, according to a new study. If nations took the necessary actions to meet that goal, rather than the increasingly discussed 2C objective, there's a 60 percent chance it would save the world more than $20 trillion, according to new work published this week in Nature by scientists at Stanford. That figure is far higher than what most experts think it will cost to cut emissions enough to achieve the 1.5C target. Indeed, one study put the price tag in the hundreds of billions of dollars. If temperatures rise by 3C, it will knock out an additional 5 percent of GDP. That's the entire planet's GDP.

    Read more of this story at Slashdot.

  • Pornhub Launches VPNhub, Its Own Virtual Private Network App
    "Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.

    Read more of this story at Slashdot.

  • US Launches Criminal Probe Into Bitcoin Price Manipulation
    The Justice Department has opened a criminal probe into whether traders are manipulating the price of Bitcoin and other digital currencies, dramatically ratcheting up U.S. scrutiny of red-hot markets that critics say are rife with misconduct, Bloomberg reported Thursday, citing people familiar with the matter. From the report: The investigation is focused on illegal practices that can influence prices -- such as spoofing, or flooding the market with fake orders to trick other traders into buying or selling, said the people, who asked not to be identified because the review is private. Federal prosecutors are working with the Commodity Futures Trading Commission, a financial regulator that oversees derivatives tied to Bitcoin, the people said. Authorities worry that virtual currencies are susceptible to fraud for multiple reasons: skepticism that all exchanges are actively pursuing cheaters, wild price swings that could make it easy to push valuations around and a lack of regulations like the ones that govern stocks and other assets.

    Read more of this story at Slashdot.

The Register

  • Brit doctors surgery fined £35k over medical data fumble
    Left patient records, prescriptions in former surgery premises for 18 months
    Bayswater Medical Centre (BMC) in London is licking its wounds after taking a not insignificant punch to the wallet for discarding highly sensitive medical information in an empty building for a year and a half.… offline for now


  • XWayland Gets Patches For Better EGLStreams Handling
    While the recently released X.Org Server 1.20 has initial support for XWayland with EGLStreams so X11 applications/games on Wayland can still benefit from hardware acceleration, in its current state it doesn't integrate too well with Wayland desktop compositors wishing to support it. That's changing with a new patch series...

  • Mesa Begins Its Transition To Gitlab
    Following the news from earlier this month that would move its infrastructure to Gitlab, the Mesa3D project has begun the process of adopting this Git-centered software...

Engadget"Engadget RSS Feed"

  • Instapaper temporarily shuts down in Europe to comply with GDPR

    Every company that does business in the EU is sending out notifications of their compliance with the General Data Protection Regulation (GDPR) rules that reach their final compliance date March 25th. Instapaper, however, is taking different approach, notifying its customers in the UK that its service would be temporarily unavailable for European residents.

    The email, shared on Twitter by @smithsam and noted by privacy policy, which he said hasn't been changed in years. He is, he tweeted, "actively working on resolving it."

    When reached for comment, a Pinterest spokesperson said, "Instapaper is temporarily unavailable for users in Europe as we make some changes for GDPR. We plan to bring the service back online as soon as possible, and will keep our users informed of any updates."

    Via: TechCrunch

    Source: Sam Smith / Twitter

  • Wirecutter's best deals: Save $90 on a Microsoft Xbox One X console

    This post was done in partnership with Microsoft Xbox One X 1TB

    Street price: $500; Deal price: $410

    If you're a gamer that favors the Xbox game catalogue and you're looking to play compatible games in 4K, the Xbox One X, one of the two higher-end consoles we recommend, is your best option. Right now, you can get the One X 1TB console and one wireless controller for $410 via the eBay Newegg storefront, a very nice discount. While we've seen a number of other sales recently, most have bundled extra games or controllers and been closer to $500. With this sale, you can decide which accessories you'd want after you make your purchase.

    The Microsoft Xbox One X is an upgrade pick in our guide to the best game consoles. Thorin Klosowski wrote, "Since the Xbox One S can already output 4K for video but not for games, you should consider the Xbox One X only if you want to play games in 4K and you don't mind spending twice as much money to do so. Xbox One games need an update to output in 4K, and only some games support it. Updated games might also get other incremental improvements, such as improved frame rates, more detailed textures, or faster load times, but none of those minor improvements are worth the high price of the Xbox One X on their own. If you must game in 4K, the Xbox One X is worth considering, but that's the only reason."
    Denon AVR-S730H Receiver

    Street price: $350; Deal price: $300

    At $300, this feature-rich receiver is a great value. We've seen the Denon AVR-S730H drop in street price recently from prices in the mid $400s to around $350, but this sale takes it even lower, providing the lowest price we've seen and a great option to those seeking a comparatively affordable upgrade for their AV setup.

    The Denon AVR-S730H is our top pick in our guide to the best receiver. Chris Heinonen wrote, "We picked the Denon AVR-S730H as the best receiver for most people because it's the easiest to set up and has every feature most people will need (and many that are nice to have). These include built-in Wi-Fi, room correction, support for seven channels, both Dolby Atmos and DTS:X 3D audio support, and six HDMI 2.0 inputs. It consistently sounded very good during our listening tests and didn't distort, even at high volume levels. It supports important wireless streaming standards and has enough inputs for most people. Denon has made small improvements over last year's model by adding support for more streaming services and upcoming Alexa compatibility."
    Acton Blink Lite Electric Skateboard

    Street price: $250; Deal price: $200

    Down to $200 from prices largely in the neighborhood of $250, this is a nice deal on this recommended electric skateboard, which our testers loved for its compact shape and nimble handling. If you're a sub-180 pound rider that isn't looking to spend a ton, this is a nice opportunity to save some cash.

    The Acton Blink Lite Electric Skateboard is our budget pick in our guide to the best electric skateboard. Jack Smith wrote, "The Acton Blink Lite isn't the most powerful board around, nor does it have the longest range or the fastest top speed. But at its affordable price, who cares about all that? The Blink Lite is the perfect entry-level electric board for people who just want to have some fun with a skateboard they don't have to push around. It's a great choice for parents buying gifts for their kids, students wanting to zip around campus, and core skaters looking for a cheap way to see what this whole electric thing is all about. Just note that it can hold riders up to only 180 pounds; if you weigh more than that, consider our top pick instead."
    Amazon Echo (2nd Generation) – (refurbished)

    Street price: $85; Deal price: $70

    This Echo deal is notable for one reason - it's the lowest price we've seen for the 2nd gen Amazon Echo at $70. All available models are certified refurbished with the deal price available for the charcoal and sandstone fabric finishes. While this isn't the first and won't be the last great deal we've seen for the Echo 2nd gen, if you're looking to add a smart speaker to your home or office, this is the best price available so far.

    The Amazon Echo (2nd Gen) is our pick in our guide to Alexa and Amazon's Echo speaker line. Grant Clauser wrote, "If you want music without hooking up any additional speakers, the second-generation Echo offers the complete range of functions, minus the screen features of the Show and Spot. As a speaker, it's good for kitchens, offices, dens, bedrooms, and other places where convenience and size (it's about the size of a Foster's beer can) is more important than audio performance. The speaker is designed for 360-degree dispersion, so placing it in the middle of the room will give you sound in all four corners."

    Because great deals don't just happen on Thursday, 'sign up for our daily deals email' and we'll send you the best deals we find every weekday. Also, deals change all the time, and some of these may have expired. To see an updated list of current deals, 'please go here'.

  • Twitter initiates its new campaign ad policy

    Social media became a battleground in the 2016 election with bot accounts pushing fake news and tons of advertising trying to influence US voters. In the lead-up to the 2018 midterms, platforms have announced new rules to improve transparency. Today, just as Facebook implemented its own political advertising disclosures, Twitter has adopted changes to how it handles campaign advertisements to vet buyers.

    The new advertising policies, introduced back in fall, require anyone wanting to run an ad to certify that they live in the US, as the platform now prohibits foreign nationals from targeting US residents with political ads. Candidates and committees must provide their FEC number, while groups unregistered with the election commission will have to validate their identities through a notarized document. Then, Twitter will send letters -- via snail mail -- to confirm identities and locations of the aspiring advertisers.

    Twitter handles used to campaign with political advertising have more rigid appearance requirements. The account's profile photo, header photo and website must all be consistent with their online presence, and the site linked in their bio needs working contact information.

    The disclaimers identifying political campaign ads, who paid for them and if they were authorized by particular candidates will be coming in the near future. So too will the election labels that will soon be attached to accounts for candidates running for state Governor, the Senate or House of Representatives that Twitter announced yesterday.

    Twitter will begin enforcing this policy later in the summer, according to a blog post, and from then on, only certified advertisers will be able to run political ads. (The platform has set up a site for aspiring ad buyers to get certified.) The platform will also bring a transparency center online in the upcoming season to detail spending and demographics targeted by political ads. Issue advertisements, on the other hand, will be subject to a different upcoming policy.

    Source: Twitter blog

  • Driving an EV means changing the way you think about “refueling”

    You've finally taken the EV plunge. You're "one of the good ones," you think to yourself. It's all about reducing your impact on the planet and moving further away from fossil fuels. Here's to a cleaner, brighter tomorrow and maybe saving a few bucks on gas.

    Then you pull up to your first charging station and you realize that shiny future is kind of a pain in the ass. At least initially.

    Unlike your local gas station where you pull up, swipe your credit card and fill your tank, some EV charging stations will typically have users download an app, sign up for a service, then pay. Or you can call the number on the charger and talk to a customer service rep into sharing the electricity flowing to your new whip. During my time reviewing electric and plug-in hybrid vehicles I've seen the same scenario play out over and over again. A person pulls up to a station, looks at the instructions, curses under their breath and pulls out their phone. Five minutes later they start charging.

    Before you close the order tab for your new Chevy Bolt, Nissan Leaf or other EV, it's important to realize that while it's initially weird to use an app to charge a car when the gas station just wants your credit card number, when you go electric you're entering an entirely new way of interacting with your car.

    For example, you can't just hook your gas car up to a petrol pump at home and wake up to a full tank. With an EV, you just plug it into the wall. It's also unlikely that your employer will top off your car while you're doing whatever it is you do. Again, all you need is an outlet or dedicated charger near a parking spot. Oh, and your boss' permission.

    One of the companies putting up stations to keep your EV topped off, ChargePoint notes that 80 percent of charging is done at home and at work. Charging stations are more of a destination than a necessity for those with a garage just tooling about town or commuting. But there are times when you need or just want to charge while out in the world.

    If you want to use one of ChargePoint's stations you can either download the app and register or call customer support and they'll charge your card and start the process. The first time, sure it's a pain, but after that, you're going to want to use that app to find places to get juiced up.

    More and more of these stations are in retail parking lots. Target, Whole Foods, Walmart and a host of malls are now seeing EV owners as customers that show up and stick around longer than maybe they would have in the past because they can charge up the cars of those patrons.

    There are a finite amount of spaces at those locations. That's where the apps for these stations come into play. At a gas station, a car might occupy a pump for five to 10 minutes. At the mall, a vehicle could be in a stall sucking down electrons for hours. Pulling up the app from charge-station companies like ChargePoint, EVgo and Blink can tell a driver what spots are available.

    It's not perfect, someone could swoop in and take your spot before you get there, but it's better than going in totally blind.

    While ChargePoint and Blink don't offer a quick credit-card way to charge a car, EVgo does and it's not that popular. "A majority of our drivers currently use the RFID card, a smaller but growing portion use the app, and very low single digits use a credit card." Jonathan Levy EVgo vice president of strategic initiatives told Engadget.

    Those RFID car users are probably using the app to find stations, then doing a quick swipe to get the charging started.

    Of course, there's still the issue of having to sign up for multiple accounts to make sure you're good to go no matter what service you end up using. That's still a pain. Maybe in the future, there will be industry interoperability. You could potentially sign up for one service and still charge using the station of another.

    So, when you take delivery of that new EV, pull your phone and start setting up accounts. Do it before you hit up the location charging spot. Because sometimes living on the cutting edge of technology can be frustrating, but once you've figured it out, you're going to be way happier about your new greener lifestyle.

  • Elon Musk may have violated US labor laws during tweet storm

    When Elon Musk had a twitter meltdown a few days ago in response to bad press about Tesla factory safety, he may have actually said something illegal. According to May 21, 2018
    According to Tesla, said Bloomberg, the tweet was meant to point out that members of the union who work for other automakers don't receive stock options. Former National Labor Relations Board chair Wilma Liebman said that the tweet could be interpreted differently, however. "The employee is going to hear it as, 'If I vote to unionize, stock options will no longer be an option,'" she told Bloomberg.

    Source: Bloomberg

  • Vevo goes all-in on YouTube music videos

    Raise your hand if you used Vevo's apps instead of watching music videos on YouTube. Anybody? That's what we thought. Despite Vevo's effort to grow its brand through apps and its website, nothing quite clicked -- so it's killing them to re-focus on YouTube. tuned recommendations based on your watch history and likes, and sought to grab viewers' attention by getting artists and music bloggers to curate playlists. Vevo even had a strange Watch Party feature (which let you talk with your pals as you watched videos together) before trying a aimed to roll out subscription plans too, but that didn't get off the ground.

    The app closures follow an exodus of top figures at Vevo over the last six months, including its CEO, CTO and head of product, along with several product and engineering employees. It seems music video programming, advertising (which Vevo will keep selling alongside YouTube's own ads) and original content are the focus areas for the time being. The strategy shift comes just as the paid YouTube Music service launched this week, with YouTube seeking to gain ground in the music streaming space. Going forward, it may be better for Vevo to get a piece of that subscription pie.

    Source: Vevo, Variety

  • Google will always do evil

    One day in late April or early May, Google removed the phrase "don't be evil" from its code of conduct. After 18 years as the company's motto, those three words and chunks of their accompanying corporate clauses were unceremoniously deleted from the record, save for a solitary, uncontextualized mention in the document's final sentence.

    Google didn't advertise this change. In fact, the code of conduct states it was last updated on April 5th. The "don't be evil" exorcism clearly took place well after that date.

    Google has chosen to actively distance itself from the uncontroversial, totally accepted tenet of not being evil, and it's doing so in a shady (and therefore completely fitting) way. After nearly two decades of trying to live up to its motto, it looks like Google is ready to face reality.

    In order for Google to be Google, it has to do evil.

    This is true for every major technology company. Apple, Facebook, Amazon, Tesla, Microsoft, Sony, Twitter, Samsung, Nintendo, Dell, HP, Toshiba -- every one of these organizations can't compete in the market without engaging in unethical, inhumane and invasive practices. It's a sliding scale: The larger the company, the more integrated it is in our everyday lives, the more evil it can be.

    Take Facebook for example. CEO Mark Zuckerberg will stand onstage at F8 and wax poetic about the beauty of connecting billions of people across the globe, while at the same time patenting technologies to determine users' social classes and enable discrimination in the lending process, and allowing housing advertisers to exclude racial and ethnic groups, or families with women and children, from their listings.

    That's not even mentioning the Cambridge Analytica scandal and the 85 million Facebook users whose personal information ended up, without permission, in the hands of an overseas political group during the contentious 2016 presidential election.

    And then there's Apple, the largest public company in the world. It's also one of the most secretive, but even so, it's been caught engaging in evil. Apple is one of the most notorious tech names when it comes to child labor and inhumane working conditions. It's been tied to child labor in Africa, and the Chinese factories where its phones are assembled are frequently cited over illegal and lethal practices. At least nine workers at Apple's key factory partner, Foxconn Technology Group, committed suicide in 2010, prompting international outrage. Yet just this year, the AP reported more than 200 workers from a single Samsung production line had died or fallen seriously ill, many being diagnosed with leukemia, lymphoma and MS, despite being relatively young -- in their 20s and early 30s. Samsung has denied any involvement in the lethal trend.

    There's a simple reason major tech companies often look the other way after these scandals, brushing concerns aside as they continue to work with factories known for employing children and operating in barbaric ways. It's necessity. In order to remain competitive, Apple needs 200 million new iPhones with each updated model, and the most profitable way to make that happen is to partner with Foxconn or Catcher. In Apple's math, the bottom line outweighs the well-being of workers on the assembly line.

    The people who actually work at Apple or any major tech company are not monsters. Ask any Apple employee about child labor in iPhone factories and they'll assuredly express disgust and outrage -- but the company itself is far more powerful than its individualized workforce.

    Which brings us back to Google. Earlier this month, roughly a dozen employees quit over the company's involvement in Project Maven, a military program that aims to use AI systems to analyze drone footage. Though Google insists the technology will be applied to "non-offensive uses only," some employees are concerned about its potential use in drone strikes. On top of those who quit, nearly 4,000 Google employees have signed a petition demanding the company pull out of Project Maven and refuse to work with the military in the future.
    The chances of Google actually cutting ties with the US military are miniscule.
    The chances of Google actually cutting ties with the US military are miniscule. Besides, quitting wouldn't stop Project Maven from moving forward; it would only cut Google out of the process, passing the future of AI drone technology to another company. At least with Google, there's the underlying promise that these systems won't be evil.

    Well. That was true until just a few weeks ago.

    The reason major technology companies have so much power to be evil is because many of them have found ways to do good in our lives. These organizations are big for a reason -- Google is the backbone of the internet; Apple is a leader in gadget design and ecosystems; Samsung produces a vast range of devices for a wide swath of people; Facebook truly does connect the world. But as a tech company's propensity to do good grows, so too does its ability to do terrible things. That's why Google's motto -- "don't be evil" -- was such a poignant reminder of the humanity necessary to keep these companies in check. Emphasis on the was.

    Images: Getty (Google building); pestoverde / Flickr (Mark Zuckerberg); Bobby Yip / Reuters (Foxconn factory)


  • Microsoft extends GDPR's rights to all of its customers
    Microsoft is extending the GDPR's rights to all of its customers across the world.
    That's why today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.
    Good move, but these controls and options should've been there from the start. Goes to show that corporations are terrible at self-regulation - something everybody should know by now. In any event, I'll be spending some time this weekend digging through all the data Google, Apple, and Microsoft have on me.

  • Today Mac OS X is as old as the Classic Mac OS
    Here's a bit of numerology for you. Today marks 17 years, one month, and 29 days since Mac OS X 10.0 was released on March 24, 2001. That's a strangely odd number - 6269 days - but it also happens to be the exactly length of time between January 24, 1984 (the launch of the original Macintosh) and March 24, 2001.  In other words, today the Mac's second operating system era, powered by Mac OS X (now macOS) has been in existence as long as the first era was.
    Time is a weird thing, and it truly doesn't feel like OS X is that old.

  • The history of the Philips CD-i, failed PlayStation ancestor
    Behold the Philips CD-i! It's got Mario! Zelda! Movies on CD! Uh… interactive encyclopedias! What could go wrong? Apparently, everything.  Born out of the same aborted efforts to create a CD-based console for Nintendo that would eventually produce the Sony Playstation, the CD-i was an ambitious attempt to create a multi-purpose home entertainment console. However, instead of kickstarting the trend of CD-based gaming, the CD-i turned into one of the great failures of the video game industry, reportedly costing Philips near a billion dollars by the time it was discontinued.  Nonetheless, it did end up fostering some amazingly idiosyncratic (and widely reviled) pieces of video game history.
    Since I'm Dutch and have lived in The Netherlands my whole life, I feel like the CD-i is a much greater part of my memory than of people in other countries. Philips is a Dutch company, after all, and I vaguely recall the CD-i being hyped into the stratosphere over here. I wanted one when the hype started, but I never did even see one in real life.

  • Hackintosh before hackintosh: when Mac fans skinned Windows
    There's something about the macOS operating system that kind of drives people wild. (Heck, even the original Mac OS has its strong partisans.) In the 17 years since Apple first launched the first iteration of the operating system based on its Darwin Unix variant, something fairly curious started to happen: People without Macs suddenly wanted the operating system, if not the hardware it ran on. This phenomenon is somewhat common today - I personally just set up a Hackintosh of my own recently - but I'd like to highlight a different kind of "Hackintosh", the kind that played dress-up with Windows. Today's Tedium talks about the phenomenon of Mac skinning, specifically on Windows. Hide your computer's true colors under the hood.
    I used to do this back in the early 2000s (goodness, I've been here way too long!). It was a fun thing to do, since you could never make it quite good enough - there was always something to improve. Good times.

  • Apple launches new privacy portal due to GDPR
    Apple has today launched its new Data and Privacy website, allowing Apple users to download everything that Apple personally associates with your account, from Apple ID info, App Store activity, AppleCare history to data stored in iCloud like photos and documents. This is currently only available for European Union accounts, to comply with GDPR, and will roll out worldwide in the coming months.  There are also simple shortcuts to updating your info, temporarily deactivating your account and options to permanently delete it.
    It's almost like all the people whining about suddenly having to care about their users' personal data were wrong, and the GDPR is actually doing what it's supposed to do: force accountability onto data holders.

  • More evidence for Microsoft's foldable device in latest SDK
    Twitter user WalkingCat, famous for finding and sharing this kind of information, has discovered files in the SDK mentioning an "Andromeda device" and "Andromeda OS". As previously reported, Andromeda OS is just one variant of the upcoming Windows Core OS the company has been working on. WalkingCat has found mention of Polaris as well - the version of Windows Core OS targeted at more traditional PCs.  Windows Core OS is a new, "modern" version of Microsoft's flagship OS, which strips out most of the legacy compatibility and software, making the operating system lighter and more flexible. Core OS is said to adapt its interface to all different kinds of devices thanks to the new CShell UI.
    Eventually, the hammer's gonna drop: all new laptops and PCs will ship with a Win32-less version of Windows. The signs are clear for anyone to see, and as a Windows developer, you'd do good by preparing yourself.

  • Judge rules Trump can't block users on Twitter
    A federal district court judge on Wednesday ruled that President Trump can't block people from viewing his Twitter feed over their political views. Judge Naomi Reice Buchwald, of the U.S. District Court for the Southern District of New York, said President Trump's Twitter account is a public forum and blocking people who reply to his tweets with differing opinions constitutes viewpoint discrimination, which violates the First Amendment.
    I'm sure an autocrat like Trump will respect the wishes of a court. I mean, it's not like he has a history of attacking courts and judges, right?

  • Eudora source code released
    Computer History Museum (CHM), the world's leading institution exploring the history of computing and its impact on the human experience, today announced the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm.
    The source code for both the Mac and Windows versions are released, and there's a post on Medium with more details about this latest work by the Computer History Museum.

    I've never used Eudora in any serious manner, so I don't have the kind of connection with it that some others have. Still, I am always happy when 'dead' software's source code is released as open source, so that it effectively never dies.

  • A gorgeous guide to the first wave of personal computers

    Photographer James Ball (aka Docubyte) knows what a computer is. He's spent part of career lovingly photographing the machines of yesteryear, from the giant mainframes of the '50s and '60s to the first wave of personal computers in the late '70s and '80s. When he saw Apple's iPad pro advertisement that ended with a young girl asking "What's a computer?" as she typed away on her tablet, it provoked him.

    "I'm not some old technophobe, and I get the whole post-computing cloud/device blah blah thing," Ball told Motherboard via email. "But I wanted to pick up an old Mac and say 'Hey! Remember this? This is a computer. The era of crazy shaped beige boxes and clunky clicking keyboards, for me and a lot of other people, that is a computer."

    To honor those machines, Ball has created a series of high resolution animated gifs honoring 16 machines from the era of the birth of the personal computer. He calls the project 'I Am a Computer: Icons of Beige.'

    These are gorgeous.

Linux Journal - The Original Magazine of the Linux Community

  • RIP Robin "Roblimo" Miller
        by Carlie Fairchild   
    Linux Journal has learned fellow journalist and long-time voice of the Linux community Robin "Roblimo" Miller has passed away. Miller was perhaps best known by the community for his roll as Editor in Chief of Open Source Technology Group, the company that owned Slashdot,, freshmeat,, NewsForge, and ThinkGeek from 2000 to 2008. He went on to write and do video interviews for FOSS Force?, penned articles for several publications, and authored three books, The Online Rules of Successful Companies, Point & Click Linux!, and Point & Click, all published by Prentice Hall.

    As Marcel Gagne so perfectly summarized, "Robin was one of those people who could make you laugh while teaching you a thing or two."

    Roblimo, you will be missed. 
        Go to Full Article          

  • An FUQ for the GDPR
        by Doc Searls   
    Today is Privmas Eve: the day before Privmas, aka GDPR Day: the one marked red on the calendars of every company in the world holding an asset the GDPR has suddenly made toxic: personal data. The same day—25 May—should be marked green for everyone who has hated the simple fact that harvesting personal data from everybody on the internet has been too damned easy for too damned long for too damned many companies, and governments too.

    Whether you like the GDPR or not (and there are reasons for both, which we'll get into shortly), one thing it has done for sure is turn privacy into Very Big Deal. This is good, because we've had damned little of it on the internet and now we're going to get a lot more. That's worth celebrating, everybody. Merry Privmas! 

    To help with that, and because 99.99x% of GDPR coverage is about what it means for the fattest regulatory targets (Facebook, Google, et al.), here's an FUQ: Frequently Unasked (or Unanswered) Questions about the GDPR and what it means for you, me and everybody else who wants to keep personal data personal—or to get back personal data those data farmers have already harvested. (The GDPR respects both.)

    A note before we begin: this is a work in progress. It's what we know about what's now possible in a world changed by the GDPR. And "we" includes everybody. If you want to help, weigh in. Here goes...

    Bottom line, what does the GDPR mean for the "natural persons" it also calls "data subjects"?

    It means we're in charge now: at least of ourselves—and of our sides of relationships with the corporate entities we deal with.

    No, the GDPR doesn't say that specifically, but both the letterand the spirit of the GDPR respect privacy as a fundamental human right. Since rights are something we exercise as individuals, and not just a something good corporate behavior allows us to enjoy, we should be able to provide it for ourselves as well.

    Don't we have enough privacy tools already with crypto, onion routing, VPNs and so on?

    No, we don't.

    Those are all forms of protection against exploitation by others. We need tools that create private spaces around us on the net, much as clothing (the original privacy tech) does for us in the natural world. We need ways to signal to others what's okay and what's not okay, and to know easily when those signals are being respected and when they are not. We need ways to move about the net anonymously, and to submit identifiers only on a need to know basis, and then in ways we control.
        Go to Full Article          

  • Parrot 4.0 Now Available, Eudora Email Code Open-Sourced, Firefox Now Offers Two-Step Authentication and More

    News briefs for May 24, 2018.

    Parrot 4.0 is now available for download. Parrot is a "GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while surfing the net." New features of this "milestone"  version include netinstall images, Docker templates, Linux kernel 4.16 and several other bugfixes and  changes. See the release notes for more information.

    Historic Eudora email code has been open-sourced by the Computer History Museum, The Register reports: "it fell into neglect after Qualcomm stopped selling it in 2006, and a follow-up version was poorly received in 2007. Under this latest deal, Qualcomm is to donate all IP—copyright code, trademarks and domain names—over to the museum."

    Mozilla began offering two-step authentication for Firefox this week. If you enable it, you'll need to use an additional security code to log in. Mozilla is using the authentication standard TOTP (Time-based One-Time Password) to implement this feature. If you don't see a "Two-step authentication" panel in your Preferences, see this page for further instructions on how to enable it.

    Kata Containers 1.0 was released this week. This first release "completes the merger of Intel's Clear Containers and Hyper's runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes." Visit the Kata Containers page for more info and links to the GitHub and install guide.
          News  Security  Distributions  open source  Firefox  Mozilla  Containers  Docker  Kubernetes                   

  • Visualizing Molecules with EasyChem
        by Joey Bernard   
    Introducing EasyChem, a program that generates publication-quality images of molecular structures.

    Chemistry is one of the heavy hitters in computational science. This has been true since the beginning, and it's no less true today. Because of this, several software packages specifically target this user group. Most of these software packages focus on calculating things within chemistry, like bond energies or protein folding structures. But, once you've done the science portion, you need to be able to communicate your results, usually in the form of papers published in journals. And, part of the information you'll need to disseminate is imagery of the molecules from your work. And, that's where EasyChem, this article's subject, comes into play.

    EasyChem helps generate publication-quality images of molecular structures. It should be available in the package management repositories for most distributions. In Debian-based distributions, you can install it with the following command:
      sudo apt-get installed easychem  
    Once it's installed, you can start it either from your GUI's menu system or from the command prompt. When it first starts, you get a blank canvas within which to start your project.
    Figure 1. You get a blank workspace when you first start EasyChem.
    One of the first things you'll want to check is whether the option to have helpful messages is turned on. You can check this by clicking Options→Learning messages. With this selected, you'll get helpful information in the bottom bar of the EasyChem window.

    Let's start with a simple molecule like benzene. Benzene is a ring of six carbon atoms, with every other bond a double bond. You can create this structure by using the options at the bottom of the draw window. Making sure that the "Add bonds" option is selected, select the "Simple" bond from the drop-down of "Bond type". If you now place the mouse pointer somewhere in the window and click and drag, you'll get a single bond drawn. To get a ring, you need to hold down the Ctrl key, and then click and drag. This will draw a ring structure for you.

    You can set the number of atoms to use in the ring with the "Ring size" option in the bottom left of the window. The default is six, which is what you'll want for your benzene ring.

    To get the alternating bond types, select the "Edit" option at the bottom, and then you'll be able to select individual bonds and change their types. When you select one of the bonds, you'll see a new pop-up window where you can change the details, such as the type of bond, along with the color and the relative width if it is a multiple bond.
        Go to Full Article          

  • VPNFilter Malware Attacks Routers, Mitigations for Spectre Variant 4, OnePlus 6 Phone and More

    News briefs for May 23, 2018.

    There's a new type of malware called VPNFilter, which has "has infected at least half a million home and small business routers including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices". This code is intended to "serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities". See the story on security announcement for more info, and update now.

    Also yesterday, Greg Kroah-Hartman released updates for the Linux 4.9.102, 4.14.43, and 4.16.11 kernels for Spectre Variant 4 mitigation. Update now. (Source: Phoronix.)

    Mark Shuttleworth created a stir this week with his keynote at the OpenStack Summit in Vancouver due to his competitive comments about VMware and Red Hat. See the ServerWatch story for details.

    The OnePlus 6 unlocked phone is now available for $529. See Android Central for specification and a review of the new phone.
          News  Security  Spectre  Android  Mobile  OpenStack  Canonical  kernel                   

  • Tor Hidden Services
        by Kyle Rankin   
     Why should clients get all the privacy? Give your servers some privacy too!

    When people write privacy guides, for the most part they are written from the perspective of the client. Whether you are using HTTPS, blocking tracking cookies or going so far as to browse the internet over Tor, those privacy guides focus on helping end users protect themselves from the potentially malicious and spying web. Since many people who read Linux Journal sit on the other side of that equation—they run the servers that host those privacy-defeating services—system administrators also should step up and do their part to help user privacy. Although part of that just means making sure your services support TLS, in this article, I describe how to go one step further and make it possible for your users to use your services completely anonymously via Tor hidden services.
     How It Works
    I'm not going to dive into the details of how Tor itself works so you can use the web anonymously—for those details, check out Tor hidden services work within the Tor network and allow you to register an internal, Tor-only service that gets its own .onion hostname. When visitors connect to the Tor network, Tor resolves those .onion addresses and directs you to the anonymous service sitting behind that name. Unlike with other services though, hidden services provide two-way anonymity. The server doesn't know the IP of the client, like with any service you access over Tor, but the client also doesn't know the IP of the server. This provides the ultimate in privacy since it's being protected on both sides.
     Warnings and Planning
    As with setting up a Tor node itself, some planning is involved if you want to set up a Tor hidden service so you don't defeat Tor's anonymity via some operational mistake. There are a lot of rules both from an operational and security standpoint, so I recommend you read this excellent guide to find the latest best practices all in one place.

    Without diving into all of those steps, I do want to list a few general-purpose guidelines here. First, you'll want to make sure that whatever service you are hosting is listening only on localhost ( and isn't viewable via the regular internet. Otherwise, someone may be able to correlate your hidden service with the public one. Next, go through whatever service you are running and try to scrub specific identifying information from it. That means if you are hosting a web service, modify your web server so it doesn't report its software type or version, and if you are running a dynamic site, make sure whatever web applications you use don't report their versions either.
        Go to Full Article          

  • Examining Data Using Pandas
        by Reuven M. Lerner   
    You don't need to be a data scientist to use Pandas for some basic analysis.

    Traditionally, people who program in Python use the data types that come with the language, such as integers, strings, lists, tuples and dictionaries. Sure, you can create objects in Python, but those objects typically are built out of those fundamental data structures.

    If you're a data scientist working with Pandas though, most of your time is spent with NumPy. NumPy might feel like a Python data structure, but it acts differently in many ways. That's not just because all of its operations work via vectors, but also because the underlying data is actually a C-style array. This makes NumPy extremely fast and efficient, consuming far less memory for a given array of numbers than traditional Python objects would do.

    The thing is, NumPy is designed to be fast, but it's also a bit low level for some people. To get more functionality and a more flexible interface, many people use Pandas, a Python package that provides two basic wrappers around NumPy arrays: one-dimensional Series objects and two-dimensional Data Frame objects.

    I often describe Pandas as "Excel within Python", in that you can perform all sorts of calculations as well as sort data, search through it and plot it.

    For all of these reasons, it's no surprise that Pandas is a darling of the data science community. But here's the thing: you don't need to be a data scientist to enjoy Pandas. It has a lot of excellent functionality that's good for Python developers who otherwise would spend their time wrestling with lists, tuples and dictionaries.

    So in this article, I describe some basic analysis that everyone can do with Pandas, regardless of whether you're a data scientist. If you ever work with CSV files (and you probably do), I definitely recommend thinking about using Pandas to open, read, analyze and even write to them. And although I don't cover it in this article, Pandas handles JSON and Excel very well too.
     Creating Data Frames
    Although it's possible to create a data frame from scratch using Python data structures or NumPy arrays, it's more common in my experience to do so from a file. Fortunately, Pandas can load data from a variety of file formats.

    Before you can do anything with Pandas, you have to load it. In a Jupyter notebook, do:
      %pylab inline import pandas as pd  
    For example, Python comes with a csv module that knows how to handle files in CSV (comma-separated value) format. But, then you need to iterate over the file and do something with each of those lines/rows. I often find it easier to use Pandas to work with such files. For example, here's a CSV file:
      a,b,c,d e,f,g,h "i,j",k,l,m n,o.p,q  
    You can turn this into a data frame with:
        Go to Full Article          

  • Last Call for Purism's Librem 5 Dev Kits, Git Protocol Version 2 Released, LXQt Version 0.13.0 Now Available and More

    Purism announces last call for its Librem 5 dev kits. If you're interested in the hardware that will be the platform for the Librem 5 privacy-focused phones, place your order by June 1, 2018. The dev kit is $399, and it includes "screen, touchscreen, development mainboard, cabling, power supply and various sensors (free worldwide shipping)".

    The Google Open Source Blog recently announced the release of Git protocol version 2. This release brings improvements to server-side reference filtering, easy extensibility for new features and simplified client handling of the http transport. See the full list of changes here.

    The LXQt team yesterday announced the release of version 0.13.0 of its Lightweight Qt Desktop Environment. Highlights include "all packages are ready for Qt 5.11, out-of-source builds are now mandatory, libfm-qt is made more self-sufficient" and more.

    Red Hat announced this morning its collaboration with Juniper Networks to combine Juniper's Contrail Enterprise Multicloud and Red Hat's OpenShift Container and OpenStack Platforms to "deliver an open-source based, multicloud alternative to proprietary platforms".

    The Debian Project announced recently that "regular security support for Debian GNU/Linux 8 (code name "jessie") will be terminated on the 17th of June".

    The Khronos Group yesterday announced "its engagement of Au-Zone Technologies to enable the NNEF (Neural Network Exchange Format) standard files to be used with leading machine learning training frameworks". See the Press Release for all the details on the Khronos Group and Au-Zone's development of open-source TensorFlow and Caffe2 Converters for NNEF.
          News  Purism  Git  LXQt  Desktop  Red Hat  Cloud  Containers  Debian  Machine Learning                   

  • Cookies That Go the Other Way
        by Doc Searls   
    The web—or at least the one we know today—got off on the wrong hoofs. Specifically, I mean with client-server, a distributed application structure that shouldn't subordinate one party to an other, but ended up doing exactly that, which is why the web today looks like this:

    Clients come to servers for the milk of HTML, and get cookies as well.

    The original cookie allowed the server to remember the client when it showed up again. Later the cookie would remember other stuff: for example, that the client was a known customer with a shopping cart.

    Cookies also came to remember fancier things, such as that a client has agreed to the server's terms of use.

    In the last decade, cookies also arrived from third parties, some for site analytics but mostly so clients could be spied on as they went about their business elsewhere on the web. The original purpose was so those clients could be given "relevant" and "interest-based" advertising. What matters is that it was still spying and a breach of personal privacy, no matter how well its perpetrators rationalize it. Simply put, websites and advertisers' interests end at a browser's front door. (Bonus link: The Castle Doctrine.)

    Thanks to the EU's General Data Protection Regulation (GDPR), which comes into full force this Friday, that kind of spying is starting to look illegal. (Though loopholes will be found.) Since there is a world of fear about that, 99.x% of GDPR coverageis about how the new regulation affects the sites and services, and what they can do to avoid risking massive finesfor doing what many (or most) of them shouldn't have been doing in the first place.

    But the problem remains structural. As long as we're just "users" and "consumers," we're stuck as calves.

    But we don't have to be. The web's underlying protocol, HTTP, is distributed and collaborative. It doesn't say we need to be subordinate to websites, always consenting to those sites' terms and policies. It doesn't even say we have to be calves to the websites' cows. Consent can go the other way.

    And so can cookies. So let's bake some.
        Go to Full Article          

Linux Magazine » Channels

  • Extended File Attributes Rock!
    Worldwide, data is growing at a tremendous rate. However, one recent study has pointed out that the size of files is not necessarily growing at the same rate; meaning the number of files is growing rapidly. How do we manage all of this data and files? While the answer to that question is complex, one place we can start is with Extended File Attributes. Continue reading

  • Checksumming Files to Find Bit-Rot
    In a previous article extended file attributes were presented. These are additional bits of metadata that are tied to the file and can be used in a variety of ways. One of these ways is to add checksums to the file so that corrupted data can be detected. Let's take a look at how we can do this including some simple Python examples. Continue reading

  • What’s an inode?
    As you might have noticed, we love talking about file systems. In these discussions the term "inode" is often thrown about. But what is an inode and how does it relate to a file system? Glad you asked. Continue reading

  • Emailing HPC
    Email is not unlike MPI. The similarities may help non-geeks understand parallel computers a little better. Continue reading

Page last modified on October 08, 2013, at 07:08 PM