Wednesday, November 30, 2016

Canonical Releases New Kernel Live Patch Security Update for Ubuntu 16.04 LTS

On November 30, 2016, after publishing new kernel updates for all of its supported Ubuntu Linux releases, Canonical, through Luis Henriques, announced the availability of the second kernel live patch security update to Ubuntu 16.04 LTS.

If you're using the Canonical Livepatch Service on your 64-bit Ubuntu 16.04 LTS (Xenial Xerus) machine, you can now the kernel packages using this rebootless technology. The latest update patches a total of four kernel vulnerabilities discovered recently by various hackers and security researchers.

The first security issue, CVE-2016-7042, was discovered by Ondrej Kozina in Linux kernel's keyring interface as a buf... (read more)

from Softpedia News / Linux http://ift.tt/2gNGPX7
via IFTTT

November’s Top Ten

Top 10 FOSS Force articles

These are the ten most read articles on FOSS Force for the month of November, 2016.

1. Linux Foundation ‘Fails’ Linux Mint: Suggests Upgrade to Windows or Mac by Christine Hall. Published November 7, 2016. Those using Linux to register for a Linux Foundation webinar are told to try using Windows or OS X instead.

2. Malware Found on New Windows Computers (Not What You Think) by Christine Hall. Published November 23, 2016. An investigative team for a Seattle television station discovered that finding malware on clean computers to be an everyday practice at Office Depot.

3. Kicking the Tires on Arch Based Antergos by Christine Hall. Published May 30, 2016. We decided to take the Arch Linux based distribution Antergos out for a test drive. Here’s how it handled, out in traffic and on the track.

4. In Search of a Linux Calendar by Christine Hall. Published January 7, 2016. “It was time to do some calendar hunting. And because I’d saved myself from Google’s always-at-the-ready suite of online tools, I started my search with…well, Google.”

5. Mickey Mouse Open Source, Close Call at WordPress, and More… by Christine Hall. Published November 25, 2016. Also included: FBI hacks 8,000 with single warrant, new Cinnamon desktop release, “government-backed attackers” after journalists, and FOSS Force adds beef to newsfeed.

6. David Graham: Your FOSS Rep in the Canadian Parliament by Robin “Roblimo” Miller. Published November 3, 2016. Linux and open source has a friend in the “Great White North,” and we don’t mean one of the McKenzie brothers. As an MP, this friend works to bring awareness of open source to Ottawa as he serves the interests of the people of his district in Quebec.

7. Our First Look at Linux Mint 18 Cinnamon by Christine Hall. Published July 25, 2016. It’s been almost a month since Linux Mint 18 “Sarah” was released, so we decided to take it for a spin and have our first ever look at the Cinnamon desktop.

8. A Loopy Non-Interview With Linux Advocate Marcel Gagné by Robin “Roblimo” Miller. Published November 10, 2016. Roblimo again takes another virtual trip up to the Great White North, that would be Canada for the benefit of the NSA and those of you taking notes at home, and has way too much fun hanging out with Linux advocate Marcel Gagné.

9. San Francisco’s Muni Hacked by FOSS Force Staff. Published November 28, 2016. Muni, San Francisco’s transit system, is back to normal after being hit by hackers who reportedly sought a $73,000 ransom.

10. A Down and Dirty Look at Xubuntu 16.04 by Christine Hall. Published May 2, 2016. In our look at Xubuntu 16.04, we find it to be stable, quick and intuitive. It’s a distro that makes our short list of recommendations for those wishing to move from Windows to GNU/Linux.

The post November’s Top Ten appeared first on FOSS Force.



from FOSS Force http://ift.tt/2gNzBCx
via IFTTT

Securing SourceForge With HTTPS

SourceForge

SourceForge says, “With a single click, projects can opt-in to switch their web hosting from HTTP to HTTPS.”

SourceForge has added a feature that gives project websites the opportunity to opt-in to using SSL HTTPS encryption. Project admins can find this option in the Admin page under “HTTPS.”

Opting-in will also trigger a domain name change, from http://ift.tt/2fRBfFl to http://ift.tt/2gy9ShV. Visitors using the old domain will automatically redirect to the new domain.

This is the latest of several changes that BIZX, LLC has made since acquiring the site, along with Slashdot, in January.

The changes started with the ending of the controversial and unpopular DevShare monetization program as a “first order of business.” That program, which bundled third party proprietary software offers with Windows downloads, had prompted several high profile open source projects — including GIMP and phpMyAdmin — to leave to find other solutions.

In May, SourceForge added security scanning to find adware, viruses, and any unwanted applications that may be intentionally or inadvertently included in the software package hosted on the site. Then in July, a free onsite HTML5-based Speed Test was added. Included in the test are “latency/ping” (the time it takes for a packet to make a round trip to a remote computer), “download speed,” “upload speed”, and “packet loss.” The test also looks at “jitter and “buffer bloat.”

“This is just one step of many in our continued effort to improve security throughout SourceForge,” the company says in their announcement of the HTTPS project. “See our Site News section for a comprehensive list of SourceForge improvements including recent past announcements about multifactor authentication, virus scanning, and more.”

The post Securing SourceForge With HTTPS appeared first on FOSS Force.



from FOSS Force http://ift.tt/2gnF8T7
via IFTTT

Mozilla Patches SVG Animation Remote Code Execution in Firefox and Thunderbird

If you're reading the news lately, you might have stumbled on an article that talked about a 0-day vulnerability in the Mozilla Firefox web browser, which could be used to attack Tor users running Tor Browser on Windows systems.

The vulnerability was, in fact, an use-after-free in Firefox's SVG Animation code, but it looks like security researchers recently discovered that an exploit could have been built on this security flaw to target Windows users using either Mozilla Firefox or Tor Browser web browsers on the anonymous Tor network.

"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows," reads Mozilla Foundation Security Advisory 2016-92, and the issue has been documented by Mozilla as CVE... (read more)

from Softpedia News / Linux http://ift.tt/2fH2eFb
via IFTTT

Raspberry Pi Foundation Disables SSH in Raspbian PIXEL's Latest Security Update

Raspberry Pi Foundation, through Simon Long announces that a security update is now available for the PIXEL desktop environment of the company's Debian-based Raspbian operating system for Raspberry Pi single-board computers.

You probably remember PIXEL, the work of Raspberry Pi Foundation's Simon Long during the past two years, which is now used by default in the latest images of the Raspbian distribution, instead of the old-school LXDE desktop environment, on which PIXEL is in fact based. Well, it now looks like Raspbian PIXEL was updated to version 1.1 with various bug fixes and security patches

"With any major release of the OS, we usually find a few small bugs and other issues as soon as the wider community start using it, a... (read more)

from Softpedia News / Linux http://ift.tt/2gXnO8u
via IFTTT

Amazon Lightsail: The private server killer

Amazon is going after hosting and virtual private server companies with its latest low-end cloud offering.

from ZDNet | open-source RSS http://ift.tt/2gKl6k3
via IFTTT

Four New Kernel Vulnerabilities Patched in All Supported Ubuntu OSes, Update Now

On the last day of November 2016, Canonical, the company behind the popular Ubuntu Linux operating system, published a bunch of new security advisories to inform the community about the availability of new kernel versions for its supported OSes.

The company pushed patched variants of the kernel packages in Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) to the stable software repositories, addressing a total of four vulnerabilities discovered recently by various hackers and security researchers.

The most common security flaw, CVE-2016-7425, was discovered by Marco Grassi in Linux kernel's Areca RAID Controllers driver, which was not capable of properly validating control messages, thus allowing a local attacker to crash the system or gain administrative privileges. The issue affects Ubuntu 16.10, 16.04 LTS, 1... (read more)

from Softpedia News / Linux http://ift.tt/2gN1fzz
via IFTTT

Distribution Release: Raspbian 2016-11-25

Simon Long has announced the release of Raspbian 2016-11-25, a security update of the Debian-based distribution for the Raspberry Pi single-board computers: "The more observant among you may have spotted that we've recently updated the Raspbian-with-PIXEL image. With any major release of the OS, we usually find a....

from DistroWatch.com: News http://ift.tt/2gMlTzu
via IFTTT

Ubuntu-Based Trisquel GNU/Linux 8.0 "Flidas" Enters Development with MATE 1.12.1

The development team behind Trisquel GNU/Linux, a 100% libre distribution based on the Ubuntu Linux operating system, announced the availability of the first Alpha images for the upcoming Trisquel GNU/Linux 8.0 release.

Dubbed Flidas, Trisquel GNU/Linux 8.0 is powered by a Linux-Libre 4.4 based kernel and built around the lightweight MATE 1.12.1 desktop environment. The inclusion of MATE, which is a fork of the old GNOME 2 desktop, should enchant many of the old-school Trisquel users, and it looks like the team also did some polishing job to both the control center and file manager components.

"This decision comes from the current editions of GNOME requiring 3D acceleration even in fallback mode, a requirement that in many cases forces the user to choose between a degraded user experience and performance, or the usage of non-free graphics drivers. Instead, we aim to provide a fully functional, highly performing desktop for all users," reads the read more)

from Softpedia News / Linux http://ift.tt/2fMGN0s
via IFTTT

Make Q4OS Look Like Windows With XPQ4

Introduction

When I wrote a review about Q4OS last year I was emailed about a package called XPQ4 which makes it possible to make Q4OS look like other versions of Windows such as Windows XP.

I therefore set about reviewing XPQ4 and the results were very good indeed.

Shortly after I had posted my review of the latest version of Q4OS I received another email asking me to take another look of XPQ4 because there had been a number of updates.

If you wish to use a Linux operating system but you want it to look like Windows then XPQ4 is definitely what you are looking for.

How To Get XPQ4

You can get XPQ4 from http://ift.tt/1LLJ21d


















There are 2 versions of XPQ4 available:
  • Full
  • Free
The full version uses proprietary images and icons etc whereas the free version does not. Neither will cost you any money.

The webpage has installation instructions but basically all you have to do is this:

  • Click on the download link for the version you wish to install
  • Double click on the downloaded file

  • When the welcome screen appears click "Next"

  • When the license agreement appears make sure the "I Agree" checkbox is ticked and click "Install".

The User Interface























An icon for XPQ4 will appear on the desktop and when clicked the above screen will be displayed.

You can choose between 6 themes:

  • Windows 2000
  • Windows XP classic
  • Windows XP luna
  • Windows 7
  • Windows 8
  • Windows 10

The Themes

The screenshots basically speak for themselves:
Windows 2000 Theme - XPQ4
Windows 7 Theme - XPQ4
Windows 8 Theme - XPQ4
Windows 10 Theme - XPQ4
Windows XP Luna Theme - XPQ4e

The Windows XP Luna theme is astounding. I reckon this could fool many people into thinking they are using Windows XP.

Some Linux purists would ask what the point is but I've never claimed to be a purist and I think the work performed by the XPQ4 team is brilliant.

The Windows XP, 2000 and Windows 7 themes are very close to the real thing. 

Windows 8 doesn't really look like Windows 8 although an attempt has been made to make it authentic by pulling the menu in from the right and having a search bar in the top right corner. To be honest though how many people really want to use a system like Windows 8. It was horrific.

The Windows 10 theme looks good and although the menu doesn't really look like a Windows 10 menu the theme does make Q4OS look modern.

For pure style the XP Luna theme is my favourite. 

Summary

Many Linux distributions over the years have tried to look like Windows including Lindows, to a certain extent Linux Mint and of course Zorin OS.

Q4OS with the XPQ4 theme is definitely the one that has achieved the best results.

Zorin OS looks to be moving in a slightly different direction now and I have just installed version 12 as a dual boot to Q4OS so a review will be coming shortly.

I could have made my experience with XPQ4 better by installing the ttf-mscorefonts-installer package from Synaptic.























from Everyday Linux User http://ift.tt/2gLoJVw
via IFTTT

SUSE acquires HPE OpenStack and Cloud Foundry assets

SUSE has become not only HPE's Linux of choice, but it's now its chief cloud developer as well.

from ZDNet | open-source RSS http://ift.tt/2gGEbpL
via IFTTT

An Everyday Linux User Review Of Q4OS - Part 2

Introduction

In my review of Q4OS 1.8.1 I mentioned that I would be using the system over the course of the month to see how well it works over a period of time.

I am happy to say that I am well in to week 2 and I am yet to have any major challenges.

This update is looking at the hardware support within Q4OS and it also looks at Steam.

Printing

Over the weekend I decided to connect this laptop which is running Q4OS to my Epson Workforce inkjet printer.


















You can get to the main printer set up page in various ways. 

One way is to bring up the menu and navigate to the "Control Panel". From the "Control Panel" you will see an option called "Peripherals" and then you will see an option called "TDE Print".

You will at this stage see the screen shown in the image above.

Another way to get to this screen is to type "print" into the search bar within the menu and click on the "Print System" icon when it appears.

To add a new printer click on "Add Printer".


















As you can see the "Discovered Network Printers" section highlights 2 printers both of which are the same name as my printer. 

I left the default printer checked and clicked "Continue".


















The third screen lets you choose whether to share the printer and you can enter a location and give the printer a name and description.


















The penultimate step is to choose the model of the printer.


















Finally you have to set the media type, grayscale and media size.

Your printer is now set up.

I followed this process and printed a few test pages and it works well.

You can use the TDE Print tool to manage printers and see the queue. You can also find a printer job viewer by typing "print" into the search bar within the menu and choosing "Print Job (kJobViewer)".

USB, Hard Drives And NAS Drives

I tested Q4OS with my WD MyCloud device and I was able to see the device and access the files on the drive.

I can also access files and folders on USB drives and portable hard drives.

My phone was also found straight away and I could access the files using a file manager and Shotwell photo manager.


Steam

I used Synaptic to install Steam:


After the installation I was able to run Steam and the usual update started to download.


There were no errors and I was able to login to Steam.


NVidia Drivers

A comment was left within my previous review regarding the availability of NVidia drivers.

You can use the Q4OS software centre to install many popular applications and the NVidia drivers are listed as one of the items you may wish to download and install.


Summary

So now I have all the software I need installed, all hardware setup and running and I am using Q4OS on a daily basis.

As an operating system I am finding the performance is extremely good and everything is extremely stable.



from Everyday Linux User http://ift.tt/2gLjWDI
via IFTTT

Development Release: Trisquel 8.0 Alpha

The Trisquel GNU/Linux project, a distribution which takes a hard stance in providing free and open source software exclusively, has released a new development snapshot: Trisquel GNU/Linux 8.0 Alpha. The new alpha carries the code name "Flidas" and switches the default desktop environment from GNOME 2 to MATE.....

from DistroWatch.com: News http://ift.tt/2gKO0z7
via IFTTT

Christmas Gift Ideas For Linux Fans

lubuntu ibookCrikey, folks: it’s December. Already. You probably don’t need yet another reminder that Christmas is nearly up on us. ‘Tis the season of compulsory cheer and merriment, and all that. If you’re struggling to come up with Linux gift ideas this Christmas, we’ve got you covered. Below is a short but sweet concise guide to Linux-y gift ideas for Linux loving user in your life. […]

This post, Christmas Gift Ideas For Linux Fans, was written by Joey-Elijah Sneddon and first appeared on OMG! Ubuntu!.



from OMG! Ubuntu! http://ift.tt/2gGzEU0
via IFTTT

What Malware Is on Your Router?

router

Mirai is exposing a serious security issue with the Internet of Things that absolutely must be quickly handled.

Until a few days ago, I had been seriously considering replacing the 1999 model Apple Airport wireless router I’ve been using since it was gifted to me in 2007. It still works fine, but I have a philosophy that any hardware that’s more than old enough to drive probably needs replacing. I’ve been planning on taking the 35 mile drive to the nearest Best Buy outlet on Saturday to see what I could get that’s within my price range.

After the news of this week, that trip is now on hold. For the time being I’ve decided to wait until I can be reasonably sure that any router I purchase won’t be hanging out a red light to attract the IoT exploit-of-the-week.

It’s not just routers. I’m also seriously considering installing the low-tech sliding door devices that were handed out as swag at this year’s All Things Open to block the all-seeing-eye of the web cams on my laptops. And I’m becoming worried about the $10 Vonage VoIP modem that keeps my office phone up and running. Thank goodness I don’t have a need for a baby monitor and I don’t own a digital camera, other than what’s on my burner phone.

In case you don’t know, Internet of Things security sucks so much it appears as if the IoT folks have taken a time machine back to 1998 to implement Microsoft’s best practices of that era.

The threat of the week — this one actually goes back to early September — is Mirai, which infects network facing devices to form massive botnets. It also seems to be having new capabilities added as we speak. When Brian Krebs was knocked offline in September, followed by the taking down of many of the largest sites on the web in October, Mirai was infecting IoT devices the easy way — by “guessing” passwords, most of which were still set to the device’s default. Now the black hats have morphed the malware to take advantage of security vulnerabilities in specific devices.

Yesterday we learned that just shy of a million Deutsche Telekom subscribers had been taken offline after their routers were infected by Mirai. Today’s news is that the attack has spread to include routers in the UK, Brazil, Iran, Thailand and elsewhere. So far they’re only attacking routers made by Zyxel, taking advantage of a SOAP vulnerability, but there will be other vulnerabilities to exploit in other routers — and webcams, cameras, thermostats, baby monitors, and ironically, home security devices.

“What we see right now is more or less just a tip of the iceberg,” Johannes Ullrich, dean of research at the SANS Institute, has said. “By adding this exploit, Mirai gained access to many more devices then it already had.”

My guess is that there are many more compromised IoT devices than we imagine. We only know about this latest round of attacks against Zyxel due to a screw up in the black hats’ code that knocked exploited routers offline.

Today, InfoWorld quotes Craig Young, a security researcher at Tripwire, as saying: “The malware may have been too demanding on the routers, and overloaded them, so they wouldn’t be able to operate. Someone will fix the bugs in the code. People will also incorporate more exploits related to routers.”

Obviously, Mirai won’t be the last weapon to be added to the script kiddies IoT arsenal. We need to do something and do it quickly unless we want to see the Internet become as reliable as the electricity supply in Port-au-Prince.

This could all be solved with a little regulation on the marketing end. We could codify some “best practices” for software and patching processes, and require that source code for software in any IoT device be submitted and approved before an IoT device can be brought to market. This would protect the home inventor or hobbyist from having to jump through a mountain of red tape before hooking a DIY SBC-based device to the Internet, while making sure that the likes of Cisco, Cannon and Carrier don’t unleash tens of millions of devices on an already overburdened Internet.

Meanwhile, I’ll stick with my old 1999 Airport for as long as it continues to work, since I can’t guarantee that a new router would be any safer. It’s a crap shoot, and I don’t gamble.

The post What Malware Is on Your Router? appeared first on FOSS Force.



from FOSS Force http://ift.tt/2gGJ9CA
via IFTTT

Stepping into Science

In past articles, I've looked at several libraries or specialist applications that can be used to model some physical process or another. Sometimes though you want to be able to model several different processes at the same time and in an interactive mode. more>>



from Linux Journal - The Original Magazine of the Linux Community http://ift.tt/2g7apXu
via IFTTT

Playing Grand Theft Auto Inside A Neural Network’s Hallucination? It’s Possible!

Ever imagined what a Neural Network's hallucination would look like? The post Playing Grand Theft Auto Inside A Neural Network’s Halluc...