Skip to main content

Feed aggregator

Keep Smart Assistants from Spying on You with Alias, Security Advisory for Old scp Clients, Major Metasploit Framework Release, Mozilla Working on a New Browser for Android and VirtualBox 6.0.2 Is Out

Linux Journal - Wed, 01/16/2019 - 07:30

News briefs for January 16, 2019.

A new open-source hardware project called Alias will keep Amazon and Google smart assistants from spying on you. According to the project's GitHub page, "Alias is a teachable 'parasite' that is designed to give users more control over their smart assistants, both when it comes to customisation and privacy. Through a simple app the user can train Alias to react on a custom wake-word/sound, and once trained, Alias can take control over your home assistant by activating it for you."

A security advisory from Harry Sintonen was issued this week concerning the scp clients in OpenSSH, PuTTY and more. LWN quotes the advisory: "Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output."

A new major release of the open-source Metasploit Framework is now available. According to the Rapid7 blog post, version 5.0 of the penetration-testing tool is the first milestone update since version 4.0 came out in 2011. Along with a new release cadence, "Metasploit's new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and ease-of-use lay the groundwork for better teamwork capabilities, tool integration, and exploitation at scale."

Mozilla is working on a new Android browser called Fenix. According to ZDNet, this "new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'." In addition, mockups suggest that Fenix developers are "currently toying with the idea of putting the URL bar and home button down at the bottom of user interface."

VirtualBox 6.0.2 was released yesterday, the first maintenance release of the 6.0 series. This release fixed a conflict between Debian and oracle build desktop files, fixed building drivers on SLES 12.4, fixed building shared folder driver with older kernels and much more. See the changelog for all the details.

News Security Metasploit Mozilla Android Fenix VirtualBox Privacy Alias
Categories: Linux News

Bash's Built-in printf Function

Linux Journal - Wed, 01/16/2019 - 07:30
by Mitch Frazier

 

Even if you're already familiar with the printf command, if you got your information via "man printf" you may be missing a couple of useful features that are provided by bash's built-in version of the standard printf(1) command.

Go to Full Article
Categories: Linux News

Where There's No Distance or Gravity

Linux Journal - Tue, 01/15/2019 - 08:00
by Doc Searls

The more digital we become, the less human we remain.

I had been in Los Angeles only a few times in my life before the October day in 1987 when I drove down from our home in the Bay Area with my teenage son to visit family. The air was unusually clear as we started our drive back north, and soon the San Gabriel Mountains—Los Angeles' own Alps (you can ski there!)—loomed over the region like a crenelated battlement, as if protecting its inhabitants from cultures and climates that might invade from the north. So, on impulse, I decided to drive up to Mount Wilson, the only crest in the range with a paved road to the top.

I could see from the maps I had already studied that the drive was an easy one. Our destination also was easily spotted from below: a long, almost flat ridge topped by the white domes of Mount Wilson Observatory (where Hubble observed the universe expanding) and a bristle of towers radiating nearly all the area's FM and TV signals. The site was legendary among broadcast engineering geeks, and I had longed to visit it ever since I was a ham radio operator as a boy in New Jersey.

After checking out the observatory and the towers, my son and I stood on a promontory next to a parking lot and surveyed the vast spread of civilization below. Soon four visiting golfers from New York came over and started asking me questions about what was where.

I answered like a veteran docent, pointing out the Rose Bowl, Palos Verdes Peninsula, Santa Catalina and other Channel Islands, the Hollywood Hills, the San Fernando Valley, the Jet Propulsion Laboratory, Santa Anita Park and more. When they asked where the Whittier Narrows earthquake had happened a few days before, I pointed at the Puente Hills, off to the southeast, and filled them in on what I knew about the geology there as well.

After a few minutes of this, they asked me how long I had lived there. I said all this stuff was almost as new to me as it was to them. "Then how do you know so much about it?", they asked. I told them I had studied maps of the area and refreshed my knowledge over lunch just before driving up there. They were flabbergasted. "Really?", one guy said. "You study maps?"

Indeed, I did. I had maps of all kinds and sizes at home, and the door pockets of my car bulged with AAA maps of everywhere I might drive in California. I also added local and regional Southern California maps to my mobile inventory before driving down.

Go to Full Article
Categories: Linux News

Participate in Fedora Test Day Today, Netrunner Announces Netrunner 19.01 Blackbird, Security Patch for GNOME Bluetooth Tools in Ubuntu 18.04, New Giant Board SBC from Groboard and Linspire Posts Development Roadmap for 2019-2020

Linux Journal - Tue, 01/15/2019 - 07:30

News briefs for January 15, 2019.

Today is Fedora Test Day for kernel 4.20. To participate, you just need to be able to download the test materials (which include some large files) and read and follow directions. See the wiki page for more information on how to participate.

Netrunner yesterday announced the release of Netrunner 19.01 Blackbird. This desktop distro is based on Debian Testing, and updates with this version include KDE Plasma 5.14.3, KDE Frameworks 5.51, KDE Applications 18.08, Qt 5.11.3 and many more. It also sports a new look and feel called "Netrunner Black" among other changes. You can get the Netrunner 19.01 ISO from here.

Canonical yesterday released a security patch for the GNOME Bluetooth tools to address a security vulnerability with Ubuntu 18.04. Softpedia News reports that security researcher Chris Marchesi discovered the vulnerability in the BlueZ Linux Bluetooth stack, "which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices." All Ubuntu 18.04 LTS users should update immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages from the official repos. See the wiki for detailed instructions.

Groboards has launched a new "tiny, Adafruit Feather form-factor 'Giant Board' SBC that runs Linux on Microchip's SiP implementation of its Cortex-A5-based SAMA5D SoC and offers 128MB RAM, micro-USB, microSD and I/O including ADC and PWM", Linux Gizmos reports. There's no pricing or availability information yet, but see the OSH Park blog and the Groboards site for specs and more info.

Linspire recently posted its development roadmap for Linspire and Freespire releases for 2019 and 2020. The Linspire CE 8.0 Office 365 Edition is planned for February 21, 2019, with Linspire Server on April 14, 2019. Freespire 4.5 is planned for May 5, 2019 and Freespire 5.0 is scheduled for November 15, 2019.

News Fedora Netrunner Distributions Canonical Security GNOME Ubuntu SBCs Linspire Freespire
Categories: Linux News

Linux Thursday - Jan 13, 2019 - Lingering Cough Edition

Linux Journal - Mon, 01/14/2019 - 14:26

Please support Linux Journal by subscribing or becoming a patron.

Categories: Linux News

Purism Announces Version 4 of Its Laptops, KDE Frameworks 5.54.0 Now Available, Debian 10 Default Theme Chosen, Linux Kernel 5.0-rc2 Is Out and Mozilla to Disable Flash in Firefox 69

Linux Journal - Mon, 01/14/2019 - 10:53

News briefs for January 14, 2019.

Purism announced the fourth version of its Librem laptops today. The Librem 13 and 15 will be "now be upgraded with a 7th Gen Intel Core i7-7500U Processor with integrated HD Graphics that still works with coreboot. In addition, the Librem 15 display will be upgraded to 4K resolution. Upgraded models are available now for purchase whether you pick Librem 13: the road warrior or Librem 15: the desktop replacement." Note that the base cost will remain the same despite these updates (the Librem 15 is $1599, and the Librem 13 is $1399).

KDE announced the release of KDE Frameworks 5.54.0. This release is part of a series of planned releases for the 80 addon libraries for Qt that make up KDE Frameworks. See the announcement for the full list of changes/fixes and download links.

The Debian team announced that "futurePrototype" by Alex Makas will be the default theme for Debian 10 "Buster". The theme was selected via survey from 11 submitted themes; 3,646 people participated in the voting.

Linux kernel 5.0-rc2 is out. Linus wrote, "Were there some missing commits that missed the merge window? Yes. But no more than usual. Things look pretty normal." For the full message, see the LKML.

Mozilla plans to disable Adobe Flash Player in Firefox 69, which should launch in September 2019. According to Softpedia, "The next step for Mozilla is then to remove support for Flash Player entirely, so starting with early 2020, consumer versions of Firefox would no longer work with Adobe's plugin."

News Purism Librem Laptops KDE KDE Frameworks Debian kernel Mozilla Firefox Flash
Categories: Linux News

Python Testing with pytest: Fixtures and Coverage

Linux Journal - Mon, 01/14/2019 - 07:30
by Reuven M. Lerner

Improve your Python testing even more.

In my last two articles, I introduced pytest, a library for testing Python code (see "Testing Your Code with Python's pytest" Part I and Part II). pytest has become quite popular, in no small part because it's so easy to write tests and integrate those tests into your software development process. I've become a big fan, mostly because after years of saying I should get better about testing my software, pytest finally has made it possible.

So in this article, I review two features of pytest that I haven't had a chance to cover yet: fixtures and code coverage, which will (I hope) convince you that pytest is worth exploring and incorporating into your work.

Fixtures

When you're writing tests, you're rarely going to write just one or two. Rather, you're going to write an entire "test suite", with each test aiming to check a different path through your code. In many cases, this means you'll have a few tests with similar characteristics, something that pytest handles with "parametrized tests".

But in other cases, things are a bit more complex. You'll want to have some objects available to all of your tests. Those objects might contain data you want to share across tests, or they might involve the network or filesystem. These are often known as "fixtures" in the testing world, and they take a variety of different forms.

In pytest, you define fixtures using a combination of the pytest.fixture decorator, along with a function definition. For example, say you have a file that returns a list of lines from a file, in which each line is reversed:

def reverse_lines(f): return [one_line.rstrip()[::-1] + '\n' for one_line in f]

Note that in order to avoid the newline character from being placed at the start of the line, you remove it from the string before reversing and then add a '\n' in each returned string. Also note that although it probably would be a good idea to use a generator expression rather than a list comprehension, I'm trying to keep things relatively simple here.

If you're going to test this function, you'll need to pass it a file-like object. In my last article, I showed how you could use a StringIO object for such a thing, and that remains the case. But rather than defining global variables in your test file, you can create a fixture that'll provide your test with the appropriate object at the right time.

Here's how that looks in pytest:

Go to Full Article
Categories: Linux News

Weekend Reading: All Things Bash

Linux Journal - Sat, 01/12/2019 - 08:45
by Carlie Fairchild

Bash is a shell and command language. It is distributed widely as the default login shell for most Linux distributions. We've rounded up some of the most popular Bash-related articles for your weekend reading.

 

Writing More Compact Bash Code

By Mitch Frazier

In most programming languages, non-scripting ones at least, you want to avoid uninitialized variables. In bash, using uninitialized variables can often simplify your code.

 

Normalizing Filenames and Data with Bash

By Dave Taylor

URLify: convert letter sequences into safe URLs with hex equivalents.

 

Roman Numerals and Bash

By Dave Taylor

Fun with retro-coding a Roman numeral converter—Dave heads back to his college years and solves homework anew! 

Also read Dave's followup article, More Roman Numerals and Bash.

 

Create Dynamic Wallpaper with a Bash Script

By Patrick Wheelan

Harness the power of bash and learn how to scrape websites for exciting new images every morning.

 

Developing Console Applications with Bash

By Andy Carlson

Bring the power of the Linux command line into your application development process.

 

Parsing an RSS News Feed with a Bash Script

By Jim Hall

I can automate an hourly job to retrieve a copy of an RSS feed, parse it, and save the news items to a local file that the website can incorporate. That reduces complexity on the website, with only a little extra work by parsing the RSS news feed with a Bash script.

 

Hacking a Safe with Bash

By Adam Kosmin

Being a minimalist, I have little interest in dealing with GUI applications that slow down my work flow or application-specific solutions (such as browser password vaults) that are applicable only toward a subset of my sensitive data. Working with text files affords greater flexibility over how my data is structured and provides the ability to leverage standard tools I can expect to find most anywhere.

 

Graph Any Data with Cacti!

By Shawn Powers

Go to Full Article
Categories: Linux News

Episode 12: Vendor Lock-in

Linux Journal - Fri, 01/11/2019 - 12:05
Your browser does not support the audio element. Reality 2.0 - Episode 12: Vendor Lock-in

Katherine Druckman and Doc Searls talk to Linux Journal's Technical Editor, Kyle Rankin, about vendor lock-in.

Links mentioned:

Lessons in Vendor Lock-in: Shaving

Lessons in Vendor Lock-in: Messaging

Categories: Linux News

Keeping Your Episodic Contributors to Open-Source Projects Happy

Linux Journal - Fri, 01/11/2019 - 09:08
by Ann Barcomb

Community managers have long been advised to nurture top contributors, but it is also important to consider infrequent and casual (episodic) contributors. There are more potential episodic contributors than habitual ones, and getting the most out of your episodic contributors can require reconsidering your strategies for retaining and incorporating contributors.

There are several reasons you should care about episodic contributors, other than just numbers. Getting more people involved can help more people learn about a project, and new people also bring new ideas. Furthermore, many tasks can be done effectively by episodic contributors, freeing habitual contributors to perform other work. Smaller communities might benefit from contributions to documentation or translations, while communities of all sizes can use extra temporary help when running an event.

Greater benefits are realized when the contributors know something about the community and the work because of their previous engagement, and thus require less time to understand their role. An upcoming scientific study looked at what factors are associated with episodic contributors continuing to return to a community to participate (the article will be available starting in February 2019; see the Resources section at the end of this article). This article describes the key findings of the research.

The Design

Five factors were expected to positively influence an episodic contributor's intention to continue participating, as shown in Figure 1.

Figure 1. Proposed Model of Factors Associated with Retention

Contributor Benefit Motivations

Contributor benefit motivations describes contributor motives that benefit the contributor, such as learning new skills, having fun and improving job prospects. In free and open-source software, these motivations are generally linked to retention.

Social Norms

Social norms describes how the people the participant interacts with on a daily basis—friends, family, co-workers and neighbors—view contributing to free software and open-source software projects. Earlier work found this factor to be relevant for people volunteering for a number of non-profit organizations.

Psychological Sense of Community

Psychological sense of community describes the motivation stemming from the affinity a person experiences when meeting and engaging with a group. Previous research has shown that this factor is relevant for both habitual and episodic participants.

Satisfaction

Go to Full Article
Categories: Linux News

Systemd Security Holes Discovered, GNOME 3.31.4 Released, Mozilla Launches Flexbox Inspector, Timesys Announces New Version of TimeStorm IDE and Clonezilla Live (2.6.0-37) Now Available

Linux Journal - Fri, 01/11/2019 - 08:00

News briefs for January 11, 2019.

Three new security holes recently were discovered in Systemd by the Qualys security company. From ZDNet: "With any of these a local user can gain root privileges. Worse still, Qualys reports that 'To the best of our knowledge, all systemd-based Linux distributions are vulnerable.' Actually, that's not quite true, even Qualys admits. 'SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.'" Red Hat has already released patches for 16864 and 16865.

GNOME 3.31.4 was released this week. This release marks the first development release of 2019, so folks are encouraged to try it and test it. You can get the official BuildStream snapshot here and the source packages here. For the list of updates and changes, go here.

Mozilla announces the launch of Flexbox Inspector: "The new Flexbox Inspector, created by Firefox DevTools, helps developers understand the sizing, positioning, and nesting of Flexbox elements. You can try it out now in Firefox DevEdition or join us for its official launch in Firefox 65 on January 29th."

Timesys Corporation recently announced a new release of TimeStorm Integrated Development Environment. Timesys TimeStorm 5.3.2 IDE "is designed to streamline, simplify, and accelerate the creation of secure Internet of Things (IoT) and embedded Linux applications." According to the announcement, the new IDE also features "support for Windows 10 and a Timesys-built Windows installer. The Eclipse-based TimeStorm IDE provides Windows 10 OS users with an already familiar development environment, making it easy to create embedded Linux products within a Windows environment."

Clonezilla live (2.6.0-37) is now available. This new release for the partition and disk imaging/cloning program features major enhancements and bug fixes. The underlying GNU/Linux OS is now updated and based on Debian Sid and the kernel updated to 4.19.13-1. See the announcement for details.

News Security systemd GNOME Mozilla Timesys Clonezilla Embedded Linux
Categories: Linux News

Minim Debuted the Minim Labs Free Router Security Platform, AWS Launched DocumentDB, Firefox CTO Eric Rescorla Awarded Levchin Prize, Red Hat Ansible Tower 3.4 Now Available and IoT DevCon 2019 Call for Papers

Linux Journal - Thu, 01/10/2019 - 09:23

News briefs for January 10, 2019.

Minim debuted Minim Labs at CES this week. This free version of the Minim router security platform has an open-source Linux-based "Unum" agent for protecting home automation devices, and it runs on Raspbian and OpenWrt Linux devices. See this LinuxGizmos post and the Minim Labs website for more information.

AWS launched DocumentDB yesterday, a "fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools". TechCrunch reports that AWS felt customers found MongoDB difficult to use, so the company built "its own document database, but made it compatible with theApache 2.0 open source MongoDB 3.6 API".

Firefox CTO Eric Rescorla was awarded the Levchin Prize for "significant contributions to solving global, real-world cryptography issues that make the internet safer at scale" yesterday, which was announced at the 2019 Real-World Crypto Conference. According to the Mozilla Blog, Rescorla was chosen for his "involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, and was completed in August and already secures 10% of sites."

Red Hat yesterday announced the availability of Red Hat Ansible Tower 3.4. This new release features "workflow enhancements including nested workflows and workflow convergence, designed to simplify challenges inherent in managing complex hybrid cloud infrastructure". In addition this version boasts increased scalability and enhanced security. The press release quotes Vice President, Management at Red Hat, Joe Fitzgerald: "With the new features available in Red Hat Ansible Tower 3.4 organizations are able to increase the scale and scope of their automation activities together with increased control and visibility."

IoT DevCon 2019's call for papers is now open. If you're interested in presenting at the Internet of Things Developers Conference, submission of titles and abstracts deadline is February 28, 2019. The conference will "focus on technologies ranging from ultra-low power microcontrollers to multicore-enabled aggregation hubs and from software strategies to security solutions as well as techniques required to monitor and manage the enormous loads of device-generated data. We are looking for experts to address the audience of managers, developers, engineers and makers". The conference will be held in Santa Clara, California, June 5–6, 2019.

News Minim Labs Security IOT AWS MongoDB Firefox
Categories: Linux News

Non-Child Process Exit Notification Support

Linux Journal - Thu, 01/10/2019 - 07:30
by Zack Brown

Daniel Colascione submitted some code to support processes knowing when others have terminated. Normally a process can tell when its own child processes have ended, but not unrelated processes, or at least not trivially. Daniel's patch created a new file in the /proc directory entry for each process—a file called "exithand" that is readable by any other process. If the target process is still running, attempts to read() its exithand file will simply block, forcing the querying process to wait. When the target process ends, the read() operation will complete, and the querying process will thereby know that the target process has ended.

It may not be immediately obvious why such a thing would be useful. After all, non-child processes are by definition unrelated. Why would the kernel want to support them keeping tabs on each other? Daniel gave a concrete example, saying:

Android's lmkd kills processes in order to free memory in response to various memory pressure signals. It's desirable to wait until a killed process actually exits before moving on (if needed) to killing the next process. Since the processes that lmkd kills are not lmkd's children, lmkd currently lacks a way to wait for a process to actually die after being sent SIGKILL.

Daniel explained that on Android, the lmkd process currently would simply keep checking the proc directory for the existence of each process it tried to kill. By implementing this new interface, instead of continually polling the process, lmkd could simply wait until the read() operation completed, thus saving the CPU cycles needed for continuous polling.

And more generally, Daniel said in a later email:

I want to get polling loops out of the system. Polling loops are bad for wakeup attribution, bad for power, bad for priority inheritance, and bad for latency. There's no right answer to the question "How long should I wait before checking $CONDITION again?". If we can have an explicit waitqueue interface to something, we should. Besides, PID polling is vulnerable to PID reuse, whereas this mechanism (just like anything based on struct pid) is immune to it.

Joel Fernandes suggested, as an alternative, using ptrace() to get the process exit notifications, instead of creating a whole new file under /proc. Daniel explained:

Go to Full Article
Categories: Linux News

Qubes OS 4.0.1 Released, Plasma 5.14.15 Is Out, Software Freedom Conservancy Fundraiser, ClearCube Launches C3xPi Thin Client for RPi 3 Model B+ and Ubuntu Touch Announces OTA-7

Linux Journal - Wed, 01/09/2019 - 09:02

News briefs for January 9, 2019.

Qubes OS 4.0.1 was released today, marking the first stable point release in the 4.0 series. Updates include all 4.0 dom0 updates, Fedora 29 TemplateVM, Debian 9 Template VM, Whonix 14 Gateway and Workstation TemplateVMs, and Linux kernel 4.14. You can get Qubes 4.0.1 from the Downloads Page.

KDE yesterday announced Plasma 5.14.5, the fifth and final point release to the Plasma 5.14 desktop environment series. According to Softpedia News, besides some small but important bug fixes, this release "contains a total of 61 changes across various components like Plasma Workspace, Plasma NetworkManager, Breeze GTK, Plasma Discover, and Plasma Desktop". Plasma 5.15, the start of the next major series, is scheduled to be released on February 12, 2019.

The Software Freedom Conservancy has six more days to collect the remaining $13,369 of the fundraiser that will be matched by Private Internet Access and a group of generous donors. Go here to become an official supporter.

ClearCube recently launched a C3xPi Thin Client for the Raspberry Pi 3 Model B+, LinuxGizmos reports. The C3xPi is $179.95, and ClearCube says it's the "only low-cost, virus-proof, single-case dual monitor thin client in the market". Go to the product page for all the details.

Ubuntu Touch announced its OTA-7 release yesterday. With this release, users now can change the keyboard color scheme; a keyboard layout for Lithuanian was added; the Morph browser received many improvements; and more. See the post for the full changelog and instructions on how to get OTA-7.

News Qubes Security KDE Plasma Software Freedom Conservancy Raspberry Pi ClearCube Ubuntu Touch
Categories: Linux News

If Your Privacy Is in the Hands of Others Alone, You Don’t Have Any

Linux Journal - Wed, 01/09/2019 - 08:00
by Doc Searls

If you think regulations are going to protect your privacy, you’re wrong. In fact they can make things worse, especially if they start with the assumption that your privacy is provided only by other parties, most of whom are incentivized to violate it.

Exhibit A for how much worse things can get is the EU’s GDPR (General Data Protection Regulation). As soon as the GDPR went into full effect last May, damn near every corporate entity on the Web put up a “cookie notice” requiring acceptance of terms and privacy policies that allow them to continue with business as usual, harvesting and sharing your personal data, and data about you.

For websites and services in that harvesting business (a population that rounds to the whole commercial web), these notices provide a one-click way to adhere to the letter of the GDPR while violating its spirit.

There’s also big business in the friction that produces. To see how big, look up GDPR+compliance on Google. You’ll get 190 million results (give or take a few dozen million).

None of those results are for you, even though you are who the GDPR is supposed to protect. See, to the GDPR, you are a mere “data subject” and not an independent and fully functional participant in the technical, social and economic ecosystem the internet supports by design. All privacy protections around your data are the burden of other parties.

Or at least that’s the interpretation that nearly every lawmaker, regulatory bureaucrat, lawyer and service provider goes by. (One exception is Elizabeth Renieris @hackylawyer. Her collection of Medium postings are required reading on the GDPR and much else.)  Same goes for those selling GDPR compliance services, comprising most of those 190 million GDPR+compliance search results.

The clients of those services include nearly every website and service on Earth that harvests personal data. These entities have no economic incentive to stop harvesting, sharing and selling personal data the usual ways, beyond fear that the GDPR might actually be enforced, which so far (with few exceptions), it hasn’t been. (See Without enforcement, the GDPR is a fail.)

Go to Full Article
Categories: Linux News

GitHub Announces that Free Accounts Now Can Create Private Repositories, Bash-5.0 Released, iPhone Apps Linked to Golduck Malware, Godot Game Engine Reaches 3.1 Beta, NSA to Open-Source Its GHIDRA Reverse-Engineering Tool

Linux Journal - Tue, 01/08/2019 - 09:35

News briefs for January 8, 2019.

GitHub's CEO Nat Friedman yesterday announced that free accounts now can create private repositories (previously only paid accounts could have private repositories). Ars Technica reports that "Now every GitHub account can create an unlimited number of private repositories. These are still restricted—only three people can collaborate on these repositories—but a great many of those projects that once had no option but to be opened up might now be marked as private." The Ars Technica article also expresses concern that one possibility with this change is that "programs that would previously have been published as open source will now be closed up forever".

Bash-5.0 was released yesterday. This release fixes several bugs and introduces many new features. From the release announcement: "The most notable new features are several new shell variables: BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME. The `history' builtin can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is an option to allow local variables to inherit the value of a variable with the same name at a preceding scope. There is a new shell option that, when enabled, causes the shell to attempt to expand associative array subscripts only once (this is an issue when they are used in arithmetic expressions). The `globasciiranges' shell option is now enabled by default; it can be set to off by default at configuration time."

Security researchers at Wandera recently discovered "more than a dozen iPhone apps covertly communicating with a server associated with Golduck, a historically Android-focused malware that infects popular classic game apps." According to TechCrunch, the malware was discovered more than a year ago and affected retro-style games on Google Play "by embedding backdoor code that allowed malicious payloads to be silently pushed to the device". See the post for more details.

Godot, the open-source, cross-platform game engine, announced it has entered the beta phase for Godot 3.1. New features include the OpenGL ES 2.0 renderer, visual shader editor, improved animation editor, WebSockets support and much more. See the Changelog for the full list. Note that this is a beta build and not intended for use in production.

The NSA plans to open-source its GHIDRA reverse-engineering tool. It's FOSS reports that senior NSA advisor Robert Joyce wrote in his session description for the March RSA Conference 2019, "NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHISDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed. and will be released for free public use at RSA."

News GitHub Bash Programming Security Android Mobile gaming NSA open source
Categories: Linux News

Back to Basics: Sort and Uniq

Linux Journal - Tue, 01/08/2019 - 08:00
by Kyle Rankin

Learn the fundamentals of sorting and de-duplicating text on the command line.

If you've been using the command line for a long time, it's easy to take the commands you use every day for granted. But, if you're new to the Linux command line, there are several commands that make your life easier that you may not stumble upon automatically. In this article, I cover the basics of two commands that are essential in anyone's arsenal: sort and uniq.

The sort command does exactly what it says: it takes text data as input and outputs sorted data. There are many scenarios on the command line when you may need to sort output, such as the output from a command that doesn't offer sorting options of its own (or the sort arguments are obscure enough that you just use the sort command instead). In other cases, you may have a text file full of data (perhaps generated with some other script), and you need a quick way to view it in a sorted form.

Let's start with a file named "test" that contains three lines:

Foo Bar Baz

sort can operate either on STDIN redirection, the input from a pipe, or, in the case of a file, you also can just specify the file on the command. So, the three following commands all accomplish the same thing:

cat test | sort sort < test sort test

And the output that you get from all of these commands is:

Bar Baz Foo Sorting Numerical Output

Now, let's complicate the file by adding three more lines:

Foo Bar Baz 1. ZZZ 2. YYY 11. XXX

If you run one of the above sort commands again, this time, you'll see different output:

11. XXX 1. ZZZ 2. YYY Bar Baz Foo

This is likely not the output you wanted, but it points out an important fact about sort. By default, it sorts alphabetically, not numerically. This means that a line that starts with "11." is sorted above a line that starts with "1.", and all of the lines that start with numbers are sorted above lines that start with letters.

To sort numerically, pass sort the -n option:

sort -n test Bar Baz Foo 1. ZZZ 2. YYY 11. XXX Find the Largest Directories on a Filesystem

Numerical sorting comes in handy for a lot of command-line output—in particular, when your command contains a tally of some kind, and you want to see the largest or smallest in the tally. For instance, if you want to find out what files are using the most space in a particular directory and you want to dig down recursively, you would run a command like this:

Go to Full Article
Categories: Linux News

Linux Thursday - Jan 4, 2019 - New Year Edition

Linux Journal - Mon, 01/07/2019 - 14:00

Please support Linux Journal by subscribing or becoming a patron.

Categories: Linux News

Linux 5.0-rc1 Released, Scratch 3 and Raspberry Pi, Phoronix Test Suite 8.6-Spydeberg Milestone 1 Is Now Available, Elteria Adventures Coming to Linux and Chromium Now Supports VAAPI in Fedora

Linux Journal - Mon, 01/07/2019 - 09:27

News briefs for January 7, 2019.

Linux 5.0-rc1 was released yesterday. Linus Torvalds wrote: "The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0. There's no nice git object numerology this time (we're _about_ 6.5M objects in the git repo), and there isn't any major particular feature that made for the release numbering either. Of course, depending on your particular interests, some people might well find a feature _they_ like so much that they think it can do as a reason for incrementing the major number. So go wild. Make up your own reason for why it's 5.0."

MIT recently released Scratch 3, the latest version of its visual programming language. The Raspberry Pi blog announced it has upgraded to make this a smooth transition for those who use its free project resources, "whether that be at a Code Club, CoderDojo, Raspberry Jam, or at home, so we've been busy upgrading our resources to work with Scratch 3". In addition, "Scratch 3 versions of all projects in the Code Club Scratch Modules 1–3 and the CoderDojo Scratch Sushi Cards are already live!" See the post for more details related to Scratch 3 on RPi.

Phoronix Test Suite 8.6-Spydeberg Milestone 1 is out. This is the first development snapshot for the "open-source, cross-platform benchmarking software release due out later in Q1". New features for the Phoronix Test Suite include updates for Microsoft Windows Server 2019 (and it'll be a fully supported platform as well), a new "new phoronix-test-suite compare-results-to-baseline sub-command for comparing two result files with treating the first argument as the performance baseline and providing various statistics off that", a "new ShowPostRunStatistics user configuration" and more. You can get the first development snapshot of Phoronix Test Suite 8.6 at GitHub.

Elteria Adventures is "an open-world RPG MMO with world-building features and it's coming to Linux". GamingOnLinux reports that the developer confirmed it will run on Linux, simply saying ""Yes it will. Also on Mac :)" Evidently the Steam page doesn't give many details on what the game will be like, but GamingOnLinux says "it sounds a bit like Minecraft mixed with an RPG and it has a bunch of platforming as the world is built across many floating islands".

The Chromium web browser in Fedora now has Video Acceleration API (VAAPI) support, making "video playback much smoother while using significantly less resources". Fedora is now the second distribution to include the VAAPI patch in its official Chromium package. See the Fedora Magazine post for more info.

News kernel Programming Scratch Raspberry Pi Phoronix gaming Chromium Fedora
Categories: Linux News

IBM Began Buying Red Hat 20 Years Ago

Linux Journal - Mon, 01/07/2019 - 07:30
by Glyn Moody

How Big Blue became an open-source company.

News that IBM is buying Red Hat is, of course, a significant moment for the world of free software. It's further proof, as if any were needed, that open source has won, and that even the mighty Big Blue must make its obeisance. Admittedly, the company is not quite the behemoth it was back in the 20th century, when "nobody ever got fired for buying IBM". But it remains a benchmark for serious, mainstream—and yes, slightly boring—computing. Its acquisition of Red Hat for the not inconsiderable sum of $34 billion, therefore, proves that selling free stuff is now regarded as a completely normal business model, acknowledged by even the most conservative corporations.

Many interesting analyses have been and will be written about why IBM bought Red Hat, and what it means for open source, Red Hat, Ubuntu, cloud computing, IBM, Microsoft and Amazon, amongst other things. But one aspect of the deal people may have missed is that in an important sense, IBM actually began buying Red Hat 20 years ago. After all, $34 billion acquisitions do not spring fully formed out of nowhere. Reaching the point where IBM's management agreed it was the right thing to do required a journey. And, it was a particularly drawn-out and difficult journey, given IBM's starting point not just as the embodiment of traditional proprietary computing, but its very inventor.

Even the longest journey begins with a single step, and for IBM, it was taken on June 22, 1998. On that day, IBM announced it would ship the Apache web server with the IBM WebSphere Application Server, a key component of its WebSphere product family. Moreover, in an unprecedented move for the company, it would offer "commercial, enterprise-level support" for that free software.

When I was writing my book Rebel Code: inside Linux and the open source revolution in 2000, I had the good fortune to interview the key IBM employees who made that happen. The events of two years before still were fresh in their minds, and they explained to me why they decided to push IBM toward the bold strategy of adopting free software, which ultimately led to the company buying Red Hat 20 years later.

Go to Full Article
Categories: Linux News
Syndicate content