Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All) (Two Column)

LinuxSecurity - Security Advisories







LWN.net

  • [$] Possible changes to Debian's decision-making processes
    The name Debian brings to mind a Linuxdistribution, but the Debian project is far more than that; it is anongoing experiment in democratic project governance. Debian's processescan result in a lot of public squabbling; one should not lose track,though, of the fact that those processes have enabled a large community tomaintain and grow a complex distribution for decades without the benefit ofan overseeing corporate overlord. Processes can be improved, though; arecent proposalfrom Russ Allbery gives an interesting picture of where the pain pointsare and what can be made better.


  • Security updates for Friday
    Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).


  • Ubuntu 21.10 (Impish Indri) released
    The latest release of the Ubuntu Linux distribution is out: Ubuntu 21.10, code named "Impish Indri". The release notes fills in all of the details for the new features in this version, but the announcement lists some as well:Ubuntu Desktop 21.10 makes wayland sessions available while using the Nvidia proprietary driver. PulseAudio 15 introduces support for BluetoothLDAC and AptX codecs, as well as HFP Bluetooth profiles providing betteraudio quality. The recovery key feature at installation time has beenimproved, with the recovery key now optional, stronger and editable.Ubuntu Desktop 21.10 includes GNOME version 40, with a new andimproved Activities Overview design. Workspaces are now arrangedhorizontally, and the overview and app grid are accessed vertically.Each direction has accompanying keyboard shortcuts, touchpad gesturesand mouse actions.
    Ubuntu Server 21.10 integrates recent innovations from key openinfrastructure projects like OpenStack Xena, QEMU 6.0, PHP8, libvirt 7.6,Kubernetes, and Ceph with advanced life-cycle management tools formulti-cloud and on-prem operations from bare metal, VMWare andOpenStack, to every major public cloud.


  • Devuan 4.0 (Chimaera) released
    Version 4.0 of the Devuan distribution has been released; it is code-namedChimaera. This release is based on Debian Bullseye, has improved desktopsupport, and benefits from more accessibility work. See therelease notes for details.


  • [$] A viable solution for Python concurrency
    Concerns over the performance of programs written in Python are oftenoverstated — for some use cases, at least. But there is no getting aroundthe problem imposed by the infamous global interpreter lock (GIL), whichseverely limits the concurrency of multi-threaded Python code. Variousefforts to remove the GIL have been madeover the years, but none have come anywhere near the point where they wouldbe considered for inclusion into the CPython interpreter. Now, though, SamGross has enteredthe arena with a proof-of-concept implementation that may solve theproblem for real.


  • Plasma 25th Anniversary Edition released
    The KDE project is celebrating its 25th anniversary with a special releaseof the Plasma desktop.
    This time around, Plasma renews its looks and, not only do you get a new wallpaper, but also a gust of fresh air from an updated theme: Breeze - Blue Ocean. The new Breeze theme makes KDE apps and tools not only more attractive, but also easier to use both on the desktop and your phone and tablet.
    Of course, looks are not the only you can expect from Plasma 25AE: extra speed, increased reliability and new features have also found their way into the app launcher, the software manager, the Wayland implementation, and most other Plasma tools and utilities.
    Lots of details can be found in thechangelog.


  • Security updates for Thursday
    Security updates have been issued by Mageia (golang, grilo, mediawiki, plib, python-flask-restx, python-mpmath, thunderbird, and xstream/xmlpull/mxparser), Oracle (389-ds-base, grafana, httpd:2.4, kernel, libxml2, and openssl), Red Hat (httpd), and SUSE (kernel).



  • [$] Scrutinizing bugs found by syzbot
    The syzbotkernel-fuzzing system finds an enormous number of bugs, but, since many of them may seem to be of a relatively low severity, they have a lower prioritywhen contending for the attention of developers. A talkat the recent Linux Security Summit North America reported on some research thatdug further into the bugs that syzbot hasfound; the results are rather worrisome. Rather than a pile ofdifficult- or impossible-to-exploit bugs, there are numerous, more seriousproblems lurking within.


  • Four stable kernels
    Stable kernels 5.14.12, 5.10.73, 5.4.153, and 4.19.211 have been released with importantfixes. Users of those series should upgrade.


  • [$] Digging into Julia's package system
    We recently looked atsome of the changes and new features arriving with the upcomingversion 1.7 release of the Julia programming language.The package system provided by the language makes it easier toexplore new language versions, while still preserving multiple versions of various parts of the ecosystem. This flexible systemtakes care of dependency management, both for writing exploratory code in the REPL and fordeveloping projects or libraries.


  • Security updates for Wednesday
    Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).


  • [$] A QEMU case study in grappling with software complexity
    There are many barriers to producing software that is reliable andmaintainable over the long term. One of those is software complexity. Atthe recently concluded 2021 KVMForum, Paolo Bonziniexploredthis topic, using QEMU, the open source emulatorand virtualizer, as a case study. Drawing on his experience asa maintainer of several QEMU subsystems, he made some concretesuggestions on how to defend against undesirable complexity. Bonziniused QEMU as a running example throughout the talk, hoping to make iteasier for future contributors to modify QEMU. However, thelessons he shared are equally applicable to many other projects.


  • Security updates for Tuesday
    Security updates have been issued by Debian (firefox-esr, hiredis, and icu), Fedora (kernel), Mageia (libreoffice), openSUSE (chromium, firefox, git, go1.16, kernel, mbedtls, mupdf, and nodejs8), Oracle (firefox and kernel), Red Hat (firefox, grafana, kernel, kpatch-patch, and rh-mysql80-mysql), and SUSE (apache2, containerd, docker, runc, curl, firefox, kernel, libqt5-qtsvg, and squid).


  • A study of data collection by Android devices
    A group of researchers at Trinity College in Dublin has released theresults of a study into the data collected by a number of Androidvariants. There are few surprises here, but the picture is stilldiscouraging.
    We find that the Samsung, Xiaomi, Huawei and Realme Android variants all transmit a substantial volume of data to the OS developer (i.e. Samsung etc) and to third-party parties that have pre-installed system apps (including Google, Microsoft, Heytap, LinkedIn, Facebook). LineageOS sends similar volumes of data to Google as these proprietary Android variants, but we do not observe the LineageOS developers themselves collecting data nor pre-installed system apps other than those of Google. Notably, /e/OS sends no information to Google or other third parties and sends essentially no information to the /e/OS developers.


LXer Linux News

  • How to Install OpenLiteSpeed on AlmaLinux 8
    OpenLiteSpeed is a free, open-source web server that you can use for administering and serving websites. This tutorial will show you how to install OpenLiteSpeed web server on Alma Linux 8.


  • My Fedora Linux home network part 1 – the data server
    The following article is the first of a series about how I’ve used the Fedora Linux operating system to create a home network. My goal is to demonstrate a few ways that Fedora Linux can be useful to a home user or a Small Office / Home Office (SOHO) user and to encourage more people to test, implement and use Fedora Linux. There is also demand in the workforce for Information Technology (IT) professionals who are ready to step into duties that require familiarity with Linux. With Linux, you can start without big investments. You can use what equipment you have and grow with your ideas.



  • How to Install Apache Spark on Debian 11
    Apache Spark is a free, open-source, general-purpose, and distributed computational framework that is created to provide faster computational results. In this tutorial, we will show you how to install Apache Spark on Debian 11.







  • 3 ways to manage RPG character sheets with open source
    It's that time of year again for gamers everywhere. Tomorrow is Free RPG Day, a day when publishers across the tabletop role-playing game industry release games for players both new and experienced, and they're all completely free. Although Free RPG Day was canceled in 2020, it's back this year as a live event with some virtual support by way of free RPG sampler downloads from Dungeon Crawl Classics and Paizo. And if the event's virtual offerings aren't enough, you might check out my list of open source tabletop RPGs.





  • Citrix has built a browser, and lost a CEO
    Chrome, Edge, and Opera can rest easy – this one's designed just to run virtual apps Citrix already manages. Citrix has created a web browser and lost its CEO. According to a regulatory filing, in early October, the company's board appointed Robert M. Calderoni as interim CEO, after David Henshall stepped down from the role. The change was sudden and unexpected but appears to have been amicable as Henshall continues as an advisor to Calderoni. The company is hunting for a new CEO.



  • Devuan debuts version 4.0 – as usual without a hint of the hated systemd
    The team of self-described "veteran Unix admins" who opposed Debian's adoption of systemd instead of sysvinit init, have released a fourth version of their alternative Linux distro, "Devuan". Devuan Chimaera 4.0 is based on Debian 11.1, and version 5.10 of the Linux Kernel. That version of the kernel enjoys long-term support until 2026, and Debian 11.1 will also be tended to until that year. Devuan's devs are clearly thinking long-term!




  • Microsoft releases Linux version of the Windows Sysmon tool
    Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity. For those not familiar with Sysmon (aka System Monitor), it is a Sysinternals tool that monitors a system for malicious activity and then logs any detected behavior into system log files. Sysmon's versatility comes from the ability to create custom configuration files that administrators can use to monitor for specific system events that may indicate malicious activity is occurring on the system.


  • Hacked! Unravelling a data breach
    This is a story about paying a steep price for a pair of cheap socks. The first loose thread in June One Tuesday morning as I was having my coffee and toast before kicking off the work day, I got a text from my credit card company alerting me to a suspected fraud charge.


Error: It's not possible to reach RSS file http://services.digg.com/2.0/story.getTopNews?type=rss&topic=technology ...

Slashdot

  • American Bumblebees Have Disappeared From 8 States and Could Face Extinction
    Long-time Slashdot reader phalse phace quotes USA Today:  The dwindling populations of the American bumblebee and their complete disappearance from eight states has led to a call for the bee to be placed under the Endangered Species Act before they face extinction.   Maine, Rhode Island, New Hampshire, Vermont, Idaho, North Dakota, Wyoming, and Oregon each have zero or close to zero American bumblebees left, according to a petition by the Center for Biological Diversity and Bombus Pollinators Association of Law Students...   Over the last two decades, the American bumblebee population has decreased by 89% across the U.S. New York had a decline of 99% and they disappeared from the northern part of Illinois that has seen a 74% decrease in population since 2004, the petition said. Climate change, pesticides, disease, habitat loss and competition from honey bees are listed as driving the bee to extinction...  The loss of the insect could cause serious repercussions to the environment and crop production due to them being essential pollinators in agriculture. If the American bumblebee is added to the endangered species list, it will join the rusty-patched bumblebee, and If granted federal protection, anyone found to have killed or harmed the bee could face up to $13,000 in fines.
          

    Read more of this story at Slashdot.


  • Former 'Donkey Kong' Record Holder Billy Mitchell May Now Sue Twin Galaxies
    "Billy Mitchell always has a plan," said Billy Mitchell in the 2007 documentary about Donkey Kong high scores, The King of Kong.   And he tweeted the phrase again Wednesday. GameSpot explains why. "Billy Mitchell, the professional gamer and hot sauce purveyor who rose to fame for setting several retro video game high scores, is preparing for a return to court."   As reported by Axios, the U.S. appeals court gave Mitchell permission to proceed with his defamation suit against Twin Galaxies, the online video game leaderboard website. In case you missed the legal tussle, the whole saga began when Twin Galaxies and Guinness World Records stripped Mitchell of his several of world records for Pac-Man and Donkey Kong after he was accused of using emulation devices to earn his scores instead of authentic arcade machines, as was required for these world record attempts. While Guinness would later reverse its decision, Twin Galaxies has so far refused to reinstate Mitchell's records.   Mitchell would file a defamation suit against Twin Galaxies in 2019, while the site itself fought back with an "anti-strategic lawsuit against public participation" — more commonly known as a SLAPP motion — response, a legal move designed to have frivolous lawsuits dismissed from court and prevent parties from being silenced, as spotted by Kotaku. This week's ruling by the State of California's Second court has stated that Mitchell and his legal team have enough material to continue the lawsuit.   Whether Mitchell and his team actually stand a chance of winning the case is another matter entirely...   Mitchell also tweeted the exact wording of the court's decision, starting with the words "Because Mitchell showed a probability of prevailing on his claims, the trial court properly denied the anti-SLAPP motion."
          

    Read more of this story at Slashdot.


  • Study Discovers Workers Maintained the Same Productivity With Shorter Work Weeks
    Bloomberg reports:  Even as the Covid-19 pandemic forced companies around the world to reimagine the workplace, researchers in Iceland were already conducting two trials of a shorter work week that involved about 2,500 workers — more than 1% of the country's working population. They found that the experiment was an "overwhelming success" — workers were able to work less, get paid the same, while maintaining productivity and improving personal well-being.   The Iceland research has been one of the few large, formal studies on the subject...   [Workers] were helped by their organizations which took concerted steps like introducing formal training programs on time-management to teach them how to reduce their hours while maintaining productivity. The trials also worked because both employees and employers were flexible, willing to experiment and make changes when something didn't work. In some cases, employers had to add a few hours back after cutting them too much...  Participants in the Iceland study reduced their hours by three to five hours per week without losing pay.
          

    Read more of this story at Slashdot.


  • Proposed Change Could Speed Python Dramatically
    "One of Python's long-standing weaknesses, its inability to scale well in multithreaded environments, is the target of a new proposal among the core developers of the popular programming language," reports InfoWorld: Developer Sam Gross has proposed a major change to the Global Interpreter Lock, or GIL — a key component in CPython, the reference implementation of Python. If accepted, Gross's proposal would rewrite the way Python serializes access to objects in its runtime from multiple threads, and would boost multithreaded performance significantly... The new proposal makes changes to the way reference counting works for Python objects, so that references from the thread that owns an object are handled differently from those coming from other threads.   The overall effect of this change, and a number of others with it, actually boosts single-threaded performance slightly — by around 10%, according to some benchmarks performed on a forked version of the interpreter versus the mainline CPython 3.9 interpreter. Multithreaded performance, on some benchmarks, scales almost linearly with each new thread in the best case — e.g., when using 20 threads, an 18.1x speedup on one benchmark and a 19.8x speedup on another.
          

    Read more of this story at Slashdot.


  • Bitcoin Tops $60,000, Rising 50% in 24 Days
    Less than a month ago Bitcoin's price was $40,683. Last night it reached $61,369 — a gain of more than 50% in just 24 days.   CNN attributes the October surge to "hopes that the Securities and Exchange Commission will soon approve a bitcoin futures exchange-traded fund." Bitcoin prices, which rose to nearly $62,000 Friday, are now only about 5% below their all-time high of just under $65,000 that they hit earlier this year. Investors are hoping that, in addition to approving a bitcoin ETF, U.S. financial agencies will continue to take a more measured approach to regulating cryptocurrencies. Federal Reserve chair Jerome Powell and SEC chief Gary Gensler have suggested that the US won't crack down on crypto as severely as China has done. "With recent confirmation from both the Fed's Powell and SEC's Gensler that although regulations are coming, there is no China style clampdown envisioned, this will provide comfort to the broader institutional market that [bitcoin] is here to stay," said Seamus Donoghue, vice president of strategic alliances at METACO, a digital asset infrastructure provider.
          

    Read more of this story at Slashdot.


  • Amazon's Ring Doorbell Can Violate Your Neighbor's Privacy, a UK Judge Rules
    An anonymous reader quotes a report from Gizmodo: A judge in the U.K. has ruled that a man infringed on his neighbor's privacy by using Amazon's Ring doorbell without prior consent. According to The Guardian, Jon Woodard had installed a Ring doorbell camera on the front of his home and another security camera facing the side yard to help deter burglars after a string of car break-ins. However, Woodard failed to disclose the cameras to his neighbor, Dr. Mary Fairhurst. Fairhurst reported being "alarmed and appalled" when she realized Woodard had recordings featuring her and her voice available on his smartphone. Fairhurst eventually moved out of her home after the two had altercations about the cameras.   Judge Melissa Clarke of Oxford county court ruled that Woodard had violated UK General Data Protection Regulation rules and the Data Protection Act of 2018, which states that "owners and residents of domestic premises must be consulted if domestic premises border the intended area to be viewed." Clarke also ruled that the video and audio captured by the Ring doorbell and cameras were Fairhurst's data and that the security devices contributed to harassment. On his part, Woodard maintained his only intention behind installing the cameras was to ward off would-be burglars. His overall fine could be up to [...] nearly $137,000. "Amazon told the Guardian that it strongly encourages its customers to respect their neighbor's privacy and 'comply with any applicable laws' when using a Ring product," adds Gizmodo. "As a general courtesy, if your cameras are pointed outwards toward someone else's property -- enough that your neighbor's faces and car license plates are occasionally in the frame -- you should let them know."
          

    Read more of this story at Slashdot.


  • China Launches 6-Month Crewed Mission, Cements Position as Global Space Power
    "China launched a three-person crew into space in the early hours of Saturday," reports CNN, calling it "a major step for the country's young space program, which is rapidly becoming one of the world's most advanced..."  They will dock at China's new space station, Tiangong (which means Heavenly Palace), six and a half hours after launch. They will live and work at the station for 183 days, or just about six months... "This will certainly be their longest mission, which is quite impressive when you consider how early it is in their human spaceflight regimen," said Dean Cheng, senior research fellow at the Davis Institute for National Security and Foreign Policy.   This is the second crewed mission during the construction of the space station, which China plans to have fully crewed and operational by December 2022. The first crewed mission, a three-month stay by three other astronauts, was completed last month. Six more missions have been scheduled before the end of next year, including two crewed missions, two laboratory modules and two cargo missions. "For the Chinese, this is still early in their human spaceflight effort as they've been doing this for less than 20 years ... and for fewer than 10 missions," Cheng added. "In the past, the Chinese put up a crewed flight only once every two to three years. Now, they're sending them up every few months."  "If the Chinese maintain this pace ... it reflects a major shift in the mission tempo for their human spaceflight efforts...."   China successfully landed an exploratory rover on the moon last December and one on Mars in May. The first module of the Tiangong space station launched in April. Just last week, an international team of scientists released their findings from the moon rocks China brought back to Earth... "The European Space Agency, Russia, India, and Israel have suffered Moon or Mars probe failures in recent years; China succeeded with both on the first tries," David Burbach, associate professor of national security affairs at the US Naval War College, told CNN via email. Though the US still has the world's leading space program, he said, "there's no doubt that China is the world's Number 2 space power today."   China's ambitions span years into the future, with grand plans for space exploration, research and commercialization. One of the biggest ventures will be building a joint China-Russia research station on the moon's south pole by 2035 — a facility that will be open to international participation... Chinese astronauts have long been locked out of the International Space Station due to US political objections and legislative restrictions — which is why it has been a long-standing goal of China's to build a station of its own...   One reason space research cannot be divorced from terrestrial politics, and why the issue is so complicated, is because "the Chinese space program is heavily influenced, and its human and lunar programs are overseen, by the Chinese military," Cheng said. "Cooperating with China in space means cooperating with the Chinese military."
          

    Read more of this story at Slashdot.


  • Russian Spacecraft's Thrusters Tilt the International Space Station - Again
    "Unplanned thruster firings by a Russian spacecraft briefly knocked the International Space Station off-kilter Friday, the second such incident in less than three months," reports Space.com:  The spacecraft involved today was the Soyuz MS-18, which is scheduled to bring cosmonaut Oleg Novitskiy, film director Klim Shipenko and actor Yulia Peresild back to Earth early Sunday morning (Oct. 17)... "Within 30 minutes, flight controllers regained attitude control of the space station, which is now in a stable configuration," NASA officials wrote in an update this afternoon. "The crew was awake at the time of the event and was not in any danger."   The orbiting lab briefly tilted from its normal orientation this morning by 57 degrees, according to the Russian news agency Interfax, which cited communications between Novitskiy and Vladimir Solovyov, the flight director of the station's Russian segment.   Space station managers don't yet know what caused the anomalously long firing... It's also unclear why the MS-18's thrusters stopped firing, though the station's handlers have some ideas. "We think — and we haven't got confirmation — we think the thrusters stopped firing because they reached their prop[ellant] limit," NASA flight director Timothy Creamer told agency astronauts shortly after the thrusters shut down, according to The New York Times. "Moscow is checking into it and doing their data analysis."
          

    Read more of this story at Slashdot.


  • Epic Says It's 'Open' To Blockchain Games After Steam Bans Them
    Epic tells The Verge that it's "open to games that support cryptocurrency or blockchain-based assets" on its game store, unlike its competitor Valve which has banned games that feature blockchain technology or NFTs from Steam. From the report: When we asked about allowing games that featured NFTs, Epic told us there'd be some limitations, but that it's willing to work with "early developers" in the "new field." Epic says that the games would have to comply with financial laws, make it clear how the blockchain is used, and have appropriate age ratings. It also says that developers won't be able to use Epic's payment service to accept crypto; they would have to use their own payment systems instead. Epic's CEO Tim Sweeney has said that the company isn't interested in touching NFTs, but that statement now appears to only apply to its own games. Epic tells The Verge that it will clarify the rules as it works with developers to understand how they plan to use blockchain tech in their games.
          

    Read more of this story at Slashdot.


  • Astronomers Spot First Known Exoplanet To Survive Its Dying Star
    "In our new paper, published in Nature, we report the discovery of the first known exoplanet to survive the death of its star without having its orbit altered by other planets moving around -- circling a distance comparable to those between the Sun and the Solar System planets," writes one of the study's authors, Dimitri Veras, in an article for The Conversation. From the report: This new exoplanet, which we discovered with the Keck Observatory in Hawaii, is particularly similar to Jupiter in both mass and orbital separation, and provides us with a crucial snapshot into planetary survivors around dying stars. A star's transformation into a white dwarf involves a violent phase in which it becomes a bloated "red giant," also known as a "giant branch" star, hundreds of times bigger than before. We believe that this exoplanet only just survived: if it was initially closer to its parent star, it would have been engulfed by the star's expansion. When the Sun eventually becomes a red giant, its radius will actually reach outwards to Earth's current orbit. That means the Sun will (probably) engulf Mercury and Venus, and possibly the Earth -- but we are not sure.   Jupiter, and its moons, have been expected to survive, although we previously didn't know for sure. But with our discovery of this new exoplanet, we can now be more certain that Jupiter really will make it. Moreover, the margin of error in the position of this exoplanet could mean that it is almost half as close to the white dwarf as Jupiter currently is to the Sun. If so, that is additional evidence for assuming that Jupiter, and Mars, will make it. So could any life survive this transformation? A white dwarf could power life on moons or planets that end up being very close to it (about one-tenth the distance between the Sun and Mercury) for the first few billion years. After that, there wouldn't be enough radiation to sustain anything. [...]   The new white dwarf exoplanet was found with what is known as the microlensing detection method. This looks at how light bends due to a strong gravitational field, which happens when a star momentarily aligns with a more distant star, as seen from Earth. The gravity from the foreground star magnifies the light from the star behind it. Any planets orbiting the star in the foreground will bend and warp this magnified light, which is how we can detect them. The white dwarf we investigated is one-quarter of the way towards the centre of the Milky Way galaxy, or about 6,500 light years away from our Solar System, and the more distant star is in the centre of the galaxy.
          

    Read more of this story at Slashdot.


  • Drones Have Now Been Used To Deliver Lungs For Medical Transplant
    An anonymous reader quotes a report from ExtremeTech: The world's first drone delivery of lungs has gone down in history as a success. Unither Bioelectronique, a bioengineering firm focused on organ transportation, recently completed a "proof-of-concept" flight in which a pair of human lungs were shipped via drone to the transplant site in about six minutes. The lungs were flown from the Toronto Western Hospital to Toronto General Hospital, where Dr. Shaf Keshavjee, surgeon-in-chief of Canada's University Health Network, received the cargo at about 1 a.m. He needed the lungs for a transplant he was performing that very day on a male engineer who'd soon become the first transplant patient to receive his "new" lungs by drone.   Though the circumstances of the trip were urgent, the trip itself was 18 months in the making. Organs have been shipped by drone before, but lungs are particularly sensitive to environmental shifts during transport, with a majority of donated lungs rendered unusable by insufficient oxygenation. In order to make the trip worthwhile, engineers at Unither Bioelectronique had to design a lightweight carbon fiber shipping container that could withstand vibrations and in-flight changes in elevation and barometric pressure. Preparation involved practice flights and drop tests using simulation lung packages. The drone and its container counterpart were fitted with a parachute and an advanced GPS system, as the drone would fly through the air unmanned. "This innovation in the transportation of organs has the potential to significantly increase the transfer efficiency between donors and recipients, especially in congested urban areas," Unither Bioelectronique says of the trip on their website. "Through this project, we have established an important stepping stone for future organ delivery that ultimately will open the door for large-scale adoption of larger fully autonomous, electrically-powered, environmentally-friendly drones... for transplant across trans-continental distances."
          

    Read more of this story at Slashdot.


  • Researchers Show Facebook's Ad Tools Can Target a Single User
    A new research paper written by a team of academics and computer scientists from Spain and Austria has demonstrated that it's possible to use Facebook's targeting tools to deliver an ad exclusively to a single individual if you know enough about the interests Facebook's platform assigns them. TechCrunch reports: The paper -- entitled "Unique on Facebook: Formulation and Evidence of (Nano)targeting Individual Users with non-PII Data" -- describes a "data-driven model" that defines a metric showing the probability a Facebook user can be uniquely identified based on interests attached to them by the ad platform. The researchers demonstrate that they were able to use Facebook's Custom Audience tool to target a number of ads in such a way that each ad only reached a single, intended Facebook user.   The research raises fresh questions about potentially harmful uses of Facebook's ad targeting tools, and -- more broadly -- questions about the legality of the tech giant's personal data processing empire given that the information it collects on people can be used to uniquely identify individuals, picking them out of the crowd of others on its platform even purely based on their interests. The findings could increase pressure on lawmakers to ban or phase out behavioral advertising -- which has been under attack for years, over concerns it poses a smorgasbord of individual and societal harms. And, at the least, the paper seems likely to drive calls for robust checks and balances on how such invasive tools can be used. The findings also underscore the importance of independent research being able to interrogate algorithmic adtech -- and should increase pressure on platforms not to close down researchers' access.
          

    Read more of this story at Slashdot.


  • Former Boeing 737 MAX Chief Technical Pilot Indicted For Fraud
    Mark Forkner, Boeing's 737 Max chief technical pilot during the aircraft's development, has been charged with misleading aviation regulators about safety issues blamed for two fatal crashes of the 737 Max. According to the U.S. Department of Justice, "he faces a maximum penalty of 20 years in prison on each count of wire fraud and 10 years in prison on each count of fraud involving aircraft parts in interstate commerce." Slashdot reader McGruber shares an excerpt from the press release: A federal grand jury in the Northern District of Texas returned an indictment charging Mark A. Forkner, former Chief Technical Pilot for The Boeing Company (Boeing), with deceiving the Federal Aviation Administration's Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG's evaluation of Boeing's 737 MAX airplane, and scheming to defraud Boeing's U.S.based airline customers to obtain tens of millions of dollars for Boeing.  As alleged in the indictment, Forkner provided the agency with materially false, inaccurate, and incomplete information about a new part of the flight controls for the Boeing 737 MAX called the Maneuvering Characteristics Augmentation System (MCAS). Because of his alleged deception, a key document published by the FAA AEG lacked any reference to MCAS. In turn, airplane manuals and pilot-training materials for U.S.-based airlines lacked any reference to MCAS -- and Boeing's U.S.-based airline customers were deprived of important information when making and finalizing their decisions to pay Boeing tens of millions of dollars for 737 MAX airplanes. On or about Oct. 29, 2018, after the FAA AEG learned that Lion Air Flight 610 -- a 737 MAX -- had crashed near Jakarta, Indonesia, shortly after takeoff and that MCAS was operating in the moments before the crash, the FAA AEG discovered the information about the important change to MCAS that Forkner had withheld. Having discovered this information, the FAA AEG began reviewing and evaluating MCAS. On or about March 10, 2019, while the FAA AEG was still reviewing MCAS, the FAA AEG learned that Ethiopian Airlines Flight 302 -- a 737 MAX -- had crashed near Ejere, Ethiopia, shortly after takeoff and that MCAS was operating in the moments before the crash. Shortly after that crash, all 737 MAX airplanes were grounded in the United States.
          

    Read more of this story at Slashdot.


  • Jack Dorsey Says Square May Build Open-Source Bitcoin Mining System
    Square CEO Jack Dorsey says the company is starting a "deep technical investigation" to create an open-source Bitcoin mining system. It comes as the price of Bitcoin passed $62,000 while threatening to pass the all-time high of $65,000. The Independent reports: Mr Dorsey said Bitcoin mining isn't currently accessible to everyone, but it should be as easy as plugging into a power source. "Silicon design is too concentrated into a few companies. This means supply is likely overly constrained. Silicon development is very expensive, requires long term investment, and is best coupled tightly with software and system design," Mr Dorsey said in a tweet. "If we do this, we'd follow our hardware wallet model: build in the open in collaboration with the community," he added.   The company's hardware lead building the wallet, Jesse Dorogusker, is also starting the technical investigation required to take on the mining project, Mr Dorsey said. While announcing Square is considering getting into the mining business, Mr Dorsey said the process needs to be more energy-efficient and more distributed. "The core job of a miner is to securely settle transactions without the need for trusted 3rd parties. This is critical well after the last bitcoin is mined. The more decentralized this is, the more resilient the Bitcoin network becomes," he said. "There isn't enough incentive today for individuals to overcome the complexity of running a miner for themselves," he added.
          

    Read more of this story at Slashdot.


  • Tether Fined $41 Million For Lying About Fiat Currency Backing
    An anonymous reader quotes a report from Bloomberg: Tether will pay $41 million to settle allegations it lied in claiming its digital tokens were fully backed by fiat currencies, putting a major compliance headache behind the world's biggest issuer of stablecoins even as regulatory scrutiny intensifies. For years, Tether told customers and the broader cryptocurrency market that it had $1 in reserve to back every token, the Commodity Futures Trading Commission said in a Friday statement. That claim was wildly misleading, according to the agency. For instance, from June to September 2017, there was never more than $61.5 million backing Tether, even as roughly 442 million coins were circulating at one point.   "This case highlights the expectation of honesty and transparency in the rapidly growing and developing digital assets marketplace," said acting CFTC Chairman Rostin Behnam. In its enforcement action, the CFTC said Tether failed to disclose that it held unsecured receivables and non-fiat assets as part of its reserves, and falsely told investors it would undergo routine, professional audits to demonstrate that it maintained "100% reserves at all times." In fact, Tether reserves weren't audited, the agency said. Until at least 2018, Tether manually kept tabs on its reserve levels, a process that wasn't updated in real time, the CFTC said. Tether didn't admit or deny the CFTC's allegations. "Tether agreed to resolve this matter in order to move forward and focus on the future," the company said in a statement posted on its website. The CFTC also announced that Bitfinex, a crypto exchange affiliated with Tether, was fined $1.5 million for permitting retail transactions by American residents.
          

    Read more of this story at Slashdot.


The Register

  • Bank manager tricked into handing $35m to scammers using fake 'deep voice' tech
    Plus: Microsoft Translator machine learning software now supports over 100 languages
    In brief Authorities in the United Arab Emirates have requested the US Department of Justice's help in probing a case involving a bank manager who was swindled into transferring $35m to criminals by someone using a fake AI-generated voice.…


  • Amazon textbook rental service scammed for $1.5m
    Michigan man arrested for borrowing costly textbooks and selling them
    A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them.…


  • Computer scientists at University of Edinburgh contemplate courses without 'Alice' and 'Bob'
    Academics advised to consider excluding certain terminology for the sake of inclusivity
    A working group in the School of Informatics at the University of Edinburgh in Scotland has proposed a series of steps to "decolonize" the Informatics curriculum, which includes trying "to avoid using predominantly Western names such as Alice/Bob (as is common in the computer security literature)."…





  • Microsoft 365 has your back. But who’s got your data?
    This webcast will help you comply
    WEBCAST So, it can be a bit of a shock for Microsoft 365 customers to find out that the platform’s native security and data protection tools can be somewhat … lacking. Oh, and inconsistent, with different apps having different retention periods.…





  • Space boffins: Exoplanet survived hydrogen-death of its host star
    Hope extended to gas giants across the universe... well, it is Friday
    Those of us fatalistically counting down the minutes until the Earth is engulfed by the dying embers of the Sun in approximately 5 billion years might be offered a glimmer of hope by the news that planets – or at least gas giants – can survive the collapse of their host star.…













  • Devuan debuts version 4.0 – as usual without a hint of the hated systemd
    Three bootloaders offered – natch – plus lots of desktop love, and a warning of some exim oddities
    The team of self-described "veteran Unix admins" who opposed Debian's adoption of systemd instead of sysvinit init, have released a fourth version of their alternative Linux distro, "Devuan".…






  • WhatsApp's got your back(ups) with encryption for stored messages
    Global messaging giant extends security and privacy to Google Drive and Apple iCloud
    Facebook's WhatsApp on Thursday began a global rollout of end-to-end (E2E) encryption for message backups, which offers Android and iOS users with the ability to protect WhatsApp messages stored in Google Drive and Apple iCloud.…













  • Mind your Ps and queues: Bork makes a visit to the A&E
    Thanks Windows! Now this is the kind of hospital data-sharing we like to see...
    Bork!Bork!Bork! There may be no better place for Windows to seek comfort in desperate times than the UK's National Health Service (NHS) – and sure enough a good old fashioned blue screen of death has popped up an A&E waiting room.…







  • Indian government promises One Portal To Rule Them all in support of colossal infrastructure build
    What could possibly go wrong on a project with vast scope, many stakeholders with different agendas, and an assumption of prompt data sharing?
    India's government yesterday announced a massive new wave of infrastructure investment, and a portal it says will ensure co-ordination among multiple government departments so that new builds avoid overlap with other plans and contribute to a national modernisation drive.…


  • Apple warns sideloading iOS apps will ruin everything
    Opening the iOS ecosystem to competition would harm security and privacy, company says
    Analysis Apple, besieged by regulators and rivals challenging its exclusive control over its iOS App Store, has published a 31-page defense of its ostensibly benevolent monopoly that warns of disastrous consequences if Cupertino is forced to allow competition.…





Phoronix



  • KDE's Plasma Wayland Session Continues Seeing More Crash Fixes
    This week marked the release of Plasma 5.23 in celebrating 25 years of the KDE desktop project while celebrations didn't last long with developers already hard at work on the Plasma 5.23.1 point release, feature work for Plasma 5.24, and also improvements to the KDE Applications and KDE Frameworks...










  • AMD Finally Enabling PSR By Default For Newer Hardware With Linux 5.16
    With it getting late into the Linux 5.15 kernel cycle, the focus is shifting by the Direct Rendering Driver maintainers from new feature work targeting the next cycle (5.16) to instead on bug fixes. AMD sent out a pull request of new AMDGPU Linux 5.16 material this week that is primarily delivering bug fixes but one notable addition is finally enabling PSR by default for newer GPUs...


  • The "What If" Performance Cost To Kernel Page Table Isolation On AMD CPUs
    Made public this week by CPU security researchers at Graz University of Technology and CISPA Helmholtz Center for Information Security was the research paper published "AMD Prefetch Attacks through Power and Time". The paper points to AMD CPUs suffering from a side-channel leakage vulnerability through timing and power variations of the PREFETCH instruction. The paper argues that AMD CPUs should activate stronger page table isolation by default. AMD has now published their security response where they are not recommending any mitigation changes at this time. But what if Kernel Page Table Isolation (KPTI/PTI) proves necessary for AMD CPUs? Here are some initial benchmarks showing what that performance impact could look like.







  • 9-Way H2'2021 Linux OS Performance Comparison On Intel Xeon Scalable Ice Lake
    While we recently looked at autumn 2021 Linux distributions on Intel Tiger Lake for seeing how these various latest distributions are competing on client platforms, in today's article is a look at how well the latest Linux distributions perform when using the latest-generation Intel Xeon Scalable 3rd Gen "Ice Lake" server hardware with two Xeon Platinum 8380 processors. AlmaLinux, Arch Linux, CentOS Stream, Clear Linux, Debian, Fedora, openSUSE, and Ubuntu were battling it out on this Intel reference server.









  • AMD Radeon RX 6600 Linux Performance
    Today AMD is officially launching the Radeon RX 6600 graphics card as a trimmed down model from the Radeon RX 6600 XT that launched back in August. This new (non-XT) model has a suggested price of $329 USD and here is a look at how well this RDNA2 graphics card is performing under Linux.


  • Vulkan 1.2.196 Introduces H.265 Encode Extension
    Arriving back in April were the initial Vulkan Video extensions that included support for video decode of H.264 and H.265 while the initial video encode support was limited to H.264. Out today with Vulkan 1.2.196 is the new extension allowing for H.265 encoding with this new industry-standard video API...



  • Loongson Volleys Latest Patches For LoongArch Linux Support
    Chinese vendor Loongson continues working on their Linux kernel patches enabling the LoongArch processor ISA as their fork from MIPS. While early on when copying existing MIPS open-source code they were quick to call their new ISA "not MIPS", in these later patch series they continue to refer to their ISA as "a bit like MIPS or RISC-V."..


  • DAMON Extended To Offer Physical Memory Address Space Monitoring
    One of many exciting additions with the forthcoming Linux 5.15 kernel is DAMON landed as a data access monitoring framework. DAMON opens up new possibilities around proactive reclamation of system memory and other interesting features. Currently though it's limited to monitoring the virtual address space of the kernel but a new set of patches out allow for physical address space monitoring as well...


  • Red Hat Is Hiring Another Linux Developer To Work On GPU Hardware Enablement
    Red Hat already employs numerous open-source graphics driver developers from DRM subsystem maintainer David Airlie to numerous others on his team working on areas from Mesa OpenCL support to Heterogeneous Memory Management to other user and kernel-space improvements for open-source Linux graphics. Red Hat has now put out a call to hire yet another experienced Linux GPU driver developer...


Polish Linux

  • Security: Why Linux Is Better Than Windows Or Mac OS
    Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]


  • Essential Software That Are Not Available On Linux OS
    An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]


  • Things You Never Knew About Your Operating System
    The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]


  • How To Fully Optimize Your Operating System
    Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]


  • The Top Problems With Major Operating Systems
    There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]


  • 8 Benefits Of Linux OS
    Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]


  • Things Linux OS Can Do That Other OS Can’t
    What Is Linux OS?  Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]


  • Packagekit Interview
    Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]


  • What’s New in Ubuntu?
    What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]


  • Ext3 Reiserfs Xfs In Windows With Regards To Colinux
    The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the  official site or from the  sourceforge site. Edit the connection to “TAP Win32 Adapter [0]


OSnews

  • Ubuntu 21.10 released
    Ubuntu 21.10 brings a wide variety of improvements, most notably on the desktop side switching to GNOME Shell 40 and offering many improvements there including some theme refinements. There are also many underlying improvements to enjoy with Ubuntu 21.10, like what gets us excited about kernel and compiler upgrades along with other notable package version bumps. Adding Wayland support for NVIDIA drivers is a big improvement, as is the addition of PipeWire. Theres also a big regression in that Ubuntu has moved its Firefox package from deb to a Snap package, something Id sure manually fix if I were an Ubuntu user.


  • OpenBSD 7.0 released
    OpenBSD 7.0 has been released, and it seems a big focus for this release was improving ARM64 support, and adding support for RISC-V. Theres a long list or other improvements and fixes, too, of course. Downloads are where they always are.


  • How Microsoft reduced Windows 11 update size by 40%
    Microsoft delivers the latest Windows security and user experiences updates monthly. Updates are modular meaning that, regardless of which update you currently have installed, you only need the most recent quality update to get your machine up to date. With the fast pace of Windows security and quality fixes, distributing this large amount of updated content takes up substantial bandwidth. Reducing this network transfer is critical for a great experience. Moreover, users on slower networks can struggle to keep their machines up to date with the latest security fixes if they cannot download the package. This is the kind of grunt work that doesnt get flashy slides in a presentation or a mention in a commercial, but its awesome work nonetheless.


  • First Windows 11 patch tuesday makes Ryzen L3 cache latency worse, AMD puts out fix dates
    Shortly after Windows 11 launch, AMD and Microsoft jointly discovered that Windows 11 is poorly optimized for AMD Ryzen processors, which see significantly increased L3 cache latency, and the UEFI-CPPC2 (preferred cores mechanism) rendered not working. In our own testing, a Ryzen 7 2700X Pinnacle Ridge! processor, which typically posts an L3 cache latency of 10 ns, was tested to show a latency of 17 ns. This was made much worse with the October 12 patch Tuesday! update, driving up the latency to 31.9 ns. Thats one hell of a regression. It seems fixes are incoming soon, though.


  • DragonFly 6.0.1 released
    6.0.1 is tagged and available. The major reason for this update is an expired Let’s Encrypt certificate that would cause problems when downloading dpkg binaries. A list of 6.0.1 commits is available. Not a whole lot going on in this release, but still a major bug fix.


  • The 100 MHz 6502
    The 6502 was the CPU in my first computer (an Apple II plus), as well as many other popular home computers of the late 1970s and 80s. It lived on well into the 1990s in game consoles and chess computers, mostly in its updated “65C02” CMOS version. Here’s a re-implementation of the 65C02 in an FPGA, in a pin-compatible format that lets you upgrade those old computers and games to 100 MHz clock rate! Interesting project.


  • Haiku monthly activity report for September
    Another month has passed, so time for another monthly update from the Haiku team. This time around, we get two for the price of one. First, the regular monthly activity report, where we can read that work on the ARM64 and RISC-V ports continues, and while these ports are nowhere near complete, they serve an important function both in discovering bugs and issues, as well as in getting Haiku ready for future architecture transitions. Tracker also received thumbnail support, but this is disabled by default for now, and of course, theres a lot of low-level work being done, too. The second update comes from waddlesplash, Haiku Inc.s actual paid full-time developer. In his report, he details his work on fixing two Haiku bugs that caused frequent crashes in WebKit, as well as extensive work on the USB stack  more specifically, improving USB 3.0 support. On top of that, he also details a lot of his low-level work over the month of September.


  • The insane innovation of TI calculator hobbyists
    In the mid-to-late 2000s, you either knew, or were, that kid in grade school. You know. The one who could put games on your graphing calculator. You may be surprised to learn that some of these people didn’t exist totally in a vacuum. There was in fact a thriving scene of hackers who had bent these calculators to their will, writing games, math software, and more generally hacking on the platform just for the sake of it. True to my interests, it’s all deeply embedded, pushing the limits of platforms that were obsolete when they were released. I’ll take you through some of the highlights of Texas Instruments calculator hacking done over the past two and a half decades, along with an explanation of why these projects are so technically impressive. A friend of mine and I at high school bought the data transfer cable for our graphing calculators so we could play multiplayer Bomberman on them in class. Good times.


  • Google’s Fuchsia is expanding to ‘additional smart devices and other form factors’
    In the years leading up to that launch, we’ve uncovered signs of the Fuchsia team developing support for a variety of Google devices, including the Nest Hub Max, 2021’s second-gen Nest Hub, and more. Now, it seems, Google is ready to make its next steps more public, in a series of job listings posted this week, some of which reference a “Fuchsia Devices” team. The job listings even make references to working with partners using Fuchsia, so theres definitely more afoot for Googles new operating system.


  • Shareholders pressure Microsoft into expanding its right-to-repair efforts
    Microsofts Xbox and Surface hardware may be getting easier to repair, according to a press release from shareholder advocacy nonprofit As You Sow. According to the announcement, Microsoft has agreed to evaluate and expand the repair options for its products by the end of 2022.! The promises are a bit vague for now, but hopefully this will have a real-world impact.



  • Introduction to generating and running OS/360 on Hercules
    This is an introduction to getting IBMs OS/360 operating system loaded and running on the Hercules emulator for the System/370, ESA/390, and z/Architecture systems. It assumes you have some familiarity with the 370, and with OS; in particular, you need to have some understanding of JCL, and of OS/360 (or later versions, like MVS or OS/390) usage and operation. It does not purport to be an introduction to the world of the 370. This is a bit more complicated to set up than just about any other emulator or VM out there. A great weekend project for people with the right skill set and inclination.


  • The best part of Windows 11 is a revamped Windows Subsystem for Linux
    For years now, Windows 10s Windows Subsystem for Linux has been making life easier for developers, sysadmins, and hobbyists who have one foot in the Windows world and one foot in the Linux world. But WSL, handy as it is, has been hobbled by several things it could not do. Installing WSL has never been as easy as it should be—and getting graphical apps to work has historically been possible but also a pain in the butt that required some fairly obscure third-party software. Windows 11 finally fixes both of those problems. The Windows Subsystem for Linux isnt perfect on Windows 11, but its a huge improvement over what came before. Microsoft is doing a decent job making Windows a good platform for Linux system administrators, but is WSL really comparable to the real thing?


  • The Ampere Altra Max review: pushing it to 128 cores per socket
    On the competitive landscape, Ampere is carving out its niche for the moment, but what happens once AMD or Intel increase their core counts as well? A 50% increase in core counts for next-gen Genoa should be sufficient for AMD to catch up with the M128 in raw throughput, and technologies such as V-cache should make sure the HPC segment is fully covered as well, a segment Ampere appears to have no interest in. Intel now has an extremely impressive smaller core in the form of Gracemont, and they could easily make a large-core count server chip to attack the very segment Ampere is focusing on. Only time will tell if Ampere’s gamble on hyper-focusing on certain workloads and market segments pays out. For now, the new Altra Max is an interesting and very competent chip, but it’s certainly not for everyone. Admit it. You too want a 128-core ARM processor on your desk.


  • Atari ST in daily use since 1985
    This Atari 1040ST is still in use after 36 years! Frans Bos bought this Atari in 1985 to run his camp site (Camping Böhmerwald). He wrote his own software over the years to manage his camp site, as well as reservations and the registration of the guests. He really likes the speed of the machine compared to newer computers. And 6 months every year the machine is on day and night.


Linux Journal - The Original Magazine of the Linux Community

  • 7 Important Linux Commands for Every Linux User
    by Suparna Ganguly    Linux might sound scary for first-time Linux users, but actually, it isn’t. Linux is a bunch of open-source Unix operating systems based on Linux Kernel. These operating systems are called Linux distributions, such as Fedora, Debian, Ubuntu, and Mint.
    Since its inception in 1991, Linux has garnered popularity for being open-source. People can modify and redistribute Linux under their own brand. When using a Linux OS, you need a shell to access the services provided. Also, it’s recommended to run your Linux OS through a CLI or command-line interface. CLI makes time-consuming processes quicker.
    This article presents a guide to 7 important Linux commands for every Linux user to know. So, let’s begin.
    cat Command  cat is the shortened form of “concatenate”. It’s a frequently used multi-purpose Linux command. This command is used to create, display, and copy a file content on the standard output.
    Syntax   cat [OPTION]... [FILE]..  To create a file, type:
     cat >   // Enter file content  To save the file created, press Ctrl+D. And to display the file content, execute:
     cat   cd Command  The cd command is used to navigate through the directories and files in Linux. It needs either the entire path or the directory name depending on the current directory.
    Syntax   cd [Options] [Directory]  Suppose you’re in /home/username/Documents. You want to navigate to a subdirectory of Documents which is Photos. To do that, execute:
     cd Photos  To move to an entirely different directory, type cd and then the directory’s absolute path.
     cd /home/username/Movies  The above command will switch to /home/username/Movies. Apart from this, the commands, cd.., cd, and cd- are used to move one directory up, to go to the home folder, and to go to the previous directory respectively.
    Reminder: Linux’s shell is case-sensitive. So, make sure you type the name’s directory as it is.
    echo Command  The echo command displays a line of text or string passed as an argument. It’s used for the purpose of debugging shell programs in the Linux terminal.
    Syntax   echo [Option] [String]  Other examples of the echo command are:
      echo "String": This displays the string within the quotes.
        echo -e "Learn \nBy \nDoing": Here the ‘-e’ tag allows the echo command to understand the backslash escape sequences in the argument.
        Go to Full Article          


  • In PuTTY, Scripted Passwords are Exposed Passwords
    by Charles Fisher   
    PuTTY is one of the oldest and most popular SSH clients, originally for Windows, but now available on several platforms. It has won corporate support and endorsement, and is prepared and bundled within several third-party repositories.

    Unfortunately, the 0.74 stable PuTTY release does not safely guard plain-text passwords provided to it via the -pw command line option for the psftp, pscp, and plink utilities as the documentation clearly warns. There is evidence within the source code that the authors are aware of the problem, but the exposure is confirmed on Microsoft Windows, Oracle Linux, and the package prepared by the OpenBSD project.

    After discussions with the original author of PuTTY, Simon Tatham developed a new -pwfile option, which will read an SSH password from a file, removing it from the command line. This feature can be backported into the current 0.76 stable release. Full instructions for applying the backport and a .netrc wrapper for psftp are presented, also implemented in Windows under Busybox.

    While the -pw option is attractive for SSH users who are required to use passwords (and forbidden from using keys) for scripting activities, the exposure risk should be understood for any use of the feature. Users with security concerns should obtain the -pwfile functionality, either by applying a patch to the 0.76 stable release, or using a snapshot release found on the PuTTY website.
    Vulnerability
    The psftp, pscp, and plink utilities are able to accept a password on the command line, as their usage output describes:
        Go to Full Article          


  • How To Pick a Linux Distribution for Non-Techies
    by Ujjwal Anand    I have suffered from distrohopping. Now that I have settled for the last two years, here are some tips to save your time.
      All distros run the same operating system at their core, Linux. They are more similar than different. Hence, the marginal cost (time) of looking for a better distro is much more than the marginal benefit of it.
        Say no to distributions made for specific purposes like Kali, CentOS, and OpenSuse. OpenSuse is great, but it is made for enterprise use. An everyday user won't ever need most of its features. To maintain it would be a waste of time. The same goes for the RedHat family.
        Instead of trimming Suse, you better pick a distro made for everyday people, such as AntiX and SolusOS. Read their descriptions and target users on Distrowatch.
        Avoid technical distributions like arch, its forks, and Gentoo. They are for the programmer types. If you are not one, you will likely break it. Updates tend to be massive and very frequent. And you can't install a new package without updating first. You don't want to deal with this. If you want it only for AUR, just learn to compile a little bit.
        Say no to most desktop environments (DEs) besides LXDE and LXQT. Prefer window managers (WMs) for maximum performance. DEs can be buggy and cause distraction. They increase boot time and update size. It may be reasonable to rule out all distros that don't come with a window manager so you don't have to do the work post-installation. Know the rule; the less stuff you have, the fewer things you can break, the fewer problems you will face. Keep it minimal. Don't allow the bling-bling to distract you.
        Try out different Init systems. Ever since systemd was adopted, Linux has started to feel like Windows, complex and out of hand. I do have it on Manjaro (but I did have to mask a couple of unneeded services to lower the boot time). A particular init system might work better on your specific hardware. Try some isos on a virtual machine.
        Avoid forks because they simply are not different enough. In addition, they tend to carry their parent distro's issues on top of their own issues. Developers can do only so much about it. Independent distributions can fix issues more quickly because they can. Prefer original and independent distros.
        Don't worry about software availability. Every distro hosts tools to help you install packages not present in their repos. Furthermore, package managers like Appimage and Flatpak allow you to install packages on all distros. Avoid snap. It slows down bootup and doesn't allow you to control app updates. This may change in the future though.
        Go to Full Article          


  • What’s New in Debian 11 “Bullseye”?
    Image      
    Debian is a preferred choice of millions of Linux users for some of the most popular and powerful operating systems, like Ubuntu and its derivatives are based on Debian.
    Debian 11has finally been released, finally, after a long development work of two years. Bullseye – that’s the name given to this latest Debian Linux distro. So what are the updates and upgrades? In this article, let’s check out what’s new in Debian 11.
    Debian 11’s Architecture  Debian supports a good range of hardware architectures. 
    Supported Architectures
    ARM EABI (armel)  ARMv7 (EABI hard-float ABI and armhf)  64-bit ARM (arm64)  32-bit PC (i386)  64-bit PC (amd64)  Little-endian MIPS (mipsel)  64-bit little-endian PowerPC  64-bit little-endian MIPS  IBM System z (s390x) Not Supported Hardware
    Old MIPS 32-bit CPUs Linux Kernel Information  Debian 11 supports the Linux Kernel 5.10 LTS. Debian 10 Buster, the earlier version to Debian 11, used Linux Kernel 4.19 while released. A newer kernel means a new set of bug fixes, new hardware support, and improved performance.
    This is the perfect kernel for Debian bullseye considering the Debian lifecycle.   
    Supports exFAT  exFAT is the shortened form of the Extensible File Allocation Table. It’s a filesystem used for flash memory, such as SD cards and USB flash drives.
    Now Debian 11 provides support for the exFAT. For mounting the exFAT filesystem, you don’t need the filesystem-in-userspace implementation provided by the exfat-fuse package additionally anymore. Thanks to kernel 5.10! exFAT comes in handy with it. Tools for checking and creating an exFAT are given in the exfatprogs package.
    Bauhaus Movement Inspired Theme & Wallpaper  Debian features cool wallpapers and a default theme for each of the major releases. Debian 11’s theme is inspired by the Bauhaus movement. Bauhaus means “building house” and it was an art and design movement from 20th century Germany. The Bauhaus movement revolved around abstract, geometric style featuring little emotion or sentiments. 
    Its modern aesthetic still is immensely influential for designers, architects, and artists. You can see this theme all through Debian 11 whether it’s the installer, login window, or the Grub menu.
    Newer Desktop Environment Versions  Debian 11 offers newer desktop environment versions. Desktop flavors you get here are, KDE Plasma 5.20, GNOME 3.38, LXDE 11, LXQt 0.16, Xfce 4.16, and MATE 1.24. Debian prefers stability and it’s quite clear from the desktop environments. You might not get the latest cutting-edge distributions like Fedora or Arch/Manjaro.
    Updated Packages  Debian 11 consists of more than 11,294 new packages out of 59,551 packages. It also reduced over 9,519 “obsolete” packages and removed 42,821 that were updated. A total of 5,434 packages remained as they were.
    A good number of software applications and package updates are included in Debian bullseye, such as Apache 2.4.48, Calligra 3.2, Emacs 27.1, LibreOffice 7.0, Inkscape 1.0.2, Linux kernel 5.10 series, Perl 5.32, PHP 7.4, Vim 8.2, PostgreSQL 13, and the list goes on. All these ready-to-use software packages are built with over 30,000 source packages.
    With this huge selection of packages and wide architecture support, Debian has always stayed committed to its aim of being The Universal Operating System.
    Improved Printer and Scanner Features  Debian 11 presents a new ipp-usb package. It is built with a vendor-neutral IPP-over-USB protocol that is supported by many latest printers. So, many modern-day printers will be supported now by Debian. And you won’t need the drivers for that.
    SANE driverless backend lets you use scanners without any trouble.
    Endnotes  Want to try Debian Bullseye? Get it from here. You can also check “bullseye” with Live Images without installing it on your PC. This will load and run the entire OS in read-only mode. These live images are available for the i386 and amd64 architectures in the form of USB sticks, DVDs, and netboot setups. Debian Live has a standard image. So you can try a basic Debian without any GUIs.
    And that’s the ending of this article. Hope you find our Debian 11 guide helpful.
          #Linux  Debian  News                   


  • Privacy-focused Linux Distributions to Secure Your Online Presence in 2021
    by Suparna Ganguly   
    Linux distros are usually more secure than their Windows and Mac counterparts. Linux Operating Systems being open-source leaves very less scope of unauthorized access to its core. However, with the advancement of technologies, incidentsof attacks are not rare.
    Are you in a fix with the coming reports of Linux systems targeted malware attacks? Worried about your online presence? Then maybe it’s time to go for a secure, privacy-focused Linux distro. This article presents a guide to 3 privacy-oriented Linux distributions that respect your privacy online.
    Why You Need a Privacy-focused Linux Distro  But before jumping into that, let’s have a brief overview regarding the importance of a secure Linux Operating System. You may know that the Operating System is the core software of your computer. It helps maintain communication across all the hardware, software, memory, and processor of the system. It also manages the hardware parts.
    If your computer isn’t secure enough to use, then hackers can get easy access to the OS and can exploit it to view your files and track your presence on the internet. Privacy-focused Linux distributions offer a lot of good choices packed with the most reliable features to select from.
    5 Privacy-focused Linux Distributions  Now let’s take a look at the most privacy-focused Linux distros that allow staying secure.
    Septor Linux  Septor Linuxis an OS created by the project called Serbian Linux. Serbian Linux also produces Serbian language-based general general-purpose Linux distribution. Septor implements theKDE Plasma desktopenvironment and is a newcomer among all other distros.
    The Septor operating system offers a stable and reliable user experience. It’s suitable for a vast range of computers because it is built upon Debian GNU/Linux. So, a solid privacy level is what you can expect. The distro routes all of the internet traffic through Tornetwork to earn privacy credentials. The distro used to use a launcher script to pick up the latest Tor, however, now Tor comes in bundles with it by default.
        Go to Full Article          


  • A Guide to 5 Fair Selections of Open Source Ticketing Tools for Linux
    by Suparna Ganguly    Are you in search of open-source ticketing tools for Linux? Well, this article brings a guide to 5 fair selections of open source ticketing software to provide uninterrupted customer support.
    Why You Need Ticketing Tools  A customer trouble ticketing (help desk) is an assistance resource to solve a customer query. Companies often provide customer support using email, website, and/or telephone. The importance of ticketing software is a crucial part for any business to be successful.
    Your business can’t run properly without a satisfied client base. Increased customer retention is what businesses need. Right ticketing tools help ensure the best customer service for any business. 
    Linux makes sure enterprises get the best possible customer service software for their businesses to have sustainable growth. Because a powerful set of ticketing software provides undivided support that the businesses deserve.
    5 Best Ticketing Tools for Linux  This section takes you through 5 different ticketing software to be downloaded on Linux and why you should use them. So let’s begin!
    osTicket  For all the newly started businesses, osTicketwould be a viable open source ticketing tool. It’s a lightweight and efficient support ticket software used by a good number of companies. If you run an enterprise or a non-profit and are not ready for paid ticketing tools just yet, osTicket is a must-try.
    osTicket provides a simple and intuitive web interface to integrate customer queries via phone, email, and web forms. Worried of spam emails? osTicket helps reduce spam enabling captcha filling and auto-refreshing techniques.
    You can work on a priority basis through this ticketing tool and get the issues solved in the lowest possible time.
    PHD Help Desk  PHD Help Desk is a PHP+Javascript+MySQL-based open source ticketing tool and is used in the registry. PHD helps follow-up incidents in an organization. PHD has a user base all across the world. The latest version of the PHD Help Desk is 2.12.
    This ticketing tool works in various ways. Using PHD, incidents can be classified and registered into multiple levels, such as the state of incident, type, sub-type, priority, description of Incident, historical factors, to name a few. 
    The database is consulted in a particular format depending on the user requirements. The data is then processed on a tallying sheet. Some of the advanced features of PHD Help Desk are the ability to export tickets into excel format, a PHPMailer Library to configure emails, and new password creation.
        Go to Full Article          


  • In Search of Linux Laptops? Check these 6 Places to Get Your Laptop in 2021
    by Suparna Ganguly    Are you in search of Linux laptops? This article takes you through 6 different places that offer the best Linux laptops. So get prepared to choose your Linux laptop in 2021.
    Dell  When it comes to laptops, the first name that comes to my mind is Dell. For over 20 years Dell has been selling high-end Linux laptops. In a Dell store, you can get Ubuntu and Redhat Enterprise Linux laptops. These laptops are built to meet the needs of developers, businesses, and sysadmins.
    For developers, who travel a lot, XPS 13 Developer Edition would be the confirmed best choice. Dell XPS comes at an expensive cost of around $1,000. So, if you’re in search of something less expensive, you can check Dell Inspiron laptops. Dell’s Precision workstationswith RHEL or Ubuntu are designed for small business owners or CG professionals.
    Side Note: Dell doesn’t have a separate section for Linux laptops. Type Ubuntu in the search to get a view of all its laptops with Linux preinstalled.
    Slimbook  Slimbook is well known for its thin, rigid, and light durable laptops starting at a reasonable price of €930 (approx $1,075). These come with a nice screen, solid battery life, powerful CPU, and very good speakers.
    This brand is from Spain. Slimbook came ahead of its competitors launching the first KDE laptops.
    Slimbook brings laptops with a good variety of popular Linux distros, such as KDE Neon, Ubuntu, Ubuntu MATE, Linux Mint, Kubuntu. Additionally, their laptops have two Spanish Linux distros – Max and Lliurex. You can choose Windows OS as well with their laptops, but for that, additional costs are there.
    Slimbook offers desktop systems too. So, if you ever need desktops, check it here
    System76   System76s Linux laptops are very well built, powerful, and extremely portable. If you are a software developer, you travel a lot, and you’re in search of a laptop with 32G RAM and 1T SSD, then go for System76.
    System76 laptops used to be Ubuntu-powered, initially. Later on, in 2017, this US-based company released their own Linux distro, called the Pop! OS. Pop OS is designed using Ubuntu. After that, Pop became the default OS with Ubuntu being still available.
        Go to Full Article          


  • Q&A trip to Linux’s Black Hole - /dev/null
    by Nawaz Abbasi    As per NASA, “A black hole is a place in space where gravity pulls so much that even light can not get out”. Something similar exists in the Linux universe as well - it discards anything written to it and when read, just returns an EOF (end-of-file). It’s a special file which is also referred to as null device - /dev/null
    So, it’s just a file?  Yes and most of the things in Linux is a file but /dev/null is not a regular file – lets dig deeper.

    c in crw-rw-rw- tells us that it's a character special file, which means it processes data character by character. This can be checked using test -c as well:

    What are the contents of the file?  Let’s check that using the cat command:

    As stated earlier, it just returns an EOF (end-of-file) when read. So, it's empty!
    What more can we know about the file?  Let’s find out using the stat command:

    This tells us that its size is 0. Also, it’s good to note that the file’s read and write permission is enabled for everyone but it doesn't require execute permission. 
    What happens to the file’s size when we write data to it?  Let’s try that:

    The cat command returned nothing and as per the stat command, its size did not change.
    As stated earlier, it discards anything written to it. You may write any amount of data to it, which will be immediately discarded, so its size will always remain 0 – Singularity?
    In other words, you cannot change /dev/null
        Go to Full Article          


  • Download These 7 Cool Apps on Your Linux Machine to Make Life Easier
    by Suparna Ganguly    Not only the Linux distros are open-source but the apps for Linux are also free. Though some business apps come with a cost, most of the apps created for individuals don’t have any charges.
    Want to know about some of the cool apps to download on your Linux machine?
    This article walks you through 7 apps to download on Linux to make your life easier. Head over to the next section!  
    Ulauncher  Before downloading any other application on Linux, we recommend getting Ulauncher. That’s because you can launch any application via Ulauncher just by using the keyboard.
    Try adding Ulaucher extensions to get the most of this app inspired by Alfred for Mac. You can extend capabilities with the extensions, such as looking up dictionary definitions, launching web searches, finding and copying emojis to a clipboard, and lots more.
    Ulaucher runs smoothly and allows searching files and apps using hotkeys. Ulaucher features include built-in themes, customizable shortcuts, Fuzzy search, a wide variety of plugins, searching on Google, Stack Overflow, and Wikipedia.
    Thunderbird  Thunderbirdby Mozilla is an open-source email client. Some Linux distros offer Thunderbird installed. If it’s not, hop onto your App Center or Software Center and get it installed. You can download the app from their website as well.
    The setup wizard guides you through the process of creating your own email address. Thunderbird provides email settings for most of the common email application providers. So, an existing email account can be added too. Attach multiple email accounts as per your needs.
    Want to make Thunderbird look cool? Add-ons, such as themes, Lightning extension, sorting out Mail folders, are some of the features to try out.
    Steam  Looking for gaming clients on Linux? Use Steam from Valve. Steam is, admittedly, the best games distribution store for top OSs like Linux.
    From Shadow of the Tomb Raiderto DiRT 4, and from DOTA 2 to Warhammer – Steam boasts many thousands of indie hits, retro-flavored, and AAA titled games for Linux
        Go to Full Article          


  • Improve The CrowdSec Multi-Server Installation With HTTPS Between Agents
    by Manuel Sabban    Prerequisites  This article is a follow-up from the Crowdsec multi-server setup. It applies to a configuration with at least two servers (referred to as server-1 and one of server-2 or server-3).
    Goals  To address security issues posed by clear http communication in our previous crowdsec multi-server installation, we propose solutions to achieve communication between Crowdsec agents over encrypted channels. On top of that, the third solution allows server-2 or server-3 to trust server-1 identity, and avoid man-in -the -middle attacks.
    Using self-signed certificates  Create the certificate  First we have to create a certificate. This can be achieved with the following one-liner.
     openssl req -x509 -newkey rsa:4096 -keyout encrypted-key.pem -out cert.pem -days 365 -addext "subjectAltName = IP:172.31.100.242"  For now crowdsec is not able to ask for the passphrase of the private key when starting.  Thus we have the choice to decipher by hand the private key each time we start or reload crowdsec or store the key unencrypted. In any way to strip the passphrase one can do:
     openssl rsa -in encrypted-key.pem -out key.pem  Then, the unencrypted key file can be safely deleted after Crowdsec is started.
    Configure crowdsec for using a self-signed certificate  On server-1 we have to tell crowdsec to use the generated certificate. Hence, the  tls.cert_file and tls.key_file option in the api.server section of the following /etc/crowdec/config.yaml excerpt set to the generated certificate file.
     api:   server:   log_level: info   listen_uri: 10.0.0.1:8080   profiles_path: /etc/crowdsec/profiles.yaml   online_client: # Crowdsec API credentials (to push signals and receive bad    tls:   cert_file: /etc/crowdsec/ssl/cert.pem   key_file: /etc/crowdsec/ssl/key.pem  On the client side configuration changes happen in two files. First we have to modify /etc/crowdec/config.yaml to accept self-signed certificates by setting the insecure_skip_verify to true.
    We have to change http for https in the  /etc/crowdsec/local_api_credentials.yaml file too in order to reflect the changes. This small change has to be done on all three servers (server-1, server-2 and server-3).
        Go to Full Article          


Page last modified on November 02, 2011, at 10:01 PM