Slashdot Mirror

sombragris writes: Slackware, the oldest GNU/Linux distribution which is still actively maintained, turned 25 this week. The latest stable version, Slackware 14.2, was released two years ago, but the development version (-current) is updated on a fast pace. Today the development version offers kernel 4.14.55, gcc 8.1.1, glibc 2.27. mesa 18.1.4, xorg 1.20, and the Xfce and KDE desktop environments as default, with many more available as third-party packages. Other points of note are that Slackware is systemd-free, opting instead for a simple BSD-style init.

Since its first release ever, this has been a distro with a strong following due to its hallmarks of simplicity, speed, ease of maintenance and configuration. Happy birthday Slackware!

Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes: Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.

etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".

In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.

To celebrate Linux's 26th anniversary, the Linux Foundation tweeted a picture of Tux on a birthday cake, and linked to an essay on OpenSource.com by FreeDOS founder Jim Hall: My first Linux distribution was Softlanding Linux System (SLS) 1.03, with Linux kernel 0.99 alpha patch level 11. That required a whopping 2MB of RAM, or 4MB if you wanted to compile programs, and 8MB to run X windows... To celebrate, I reinstalled SLS 1.05 to remind myself what the Linux 1.0 kernel was like and to recognize how far Linux has come since the 1990s.
"Getting X windows to perform was not exactly easy..." Hall writes, adding "the concept of a desktop didn't exist yet." Meanwhile Phoronix celebrated by republishing that fateful email Linus Torvalds sent on August 25, 1991. And Fossbytes shared the most recent statistics about modern-day Linux's 20 million lines of code from the Linux Foundation: During the period between the 3.19 and 4.7 releases, the kernel community was merging changes at an average rate of 7.8 patches per hour; that is a slight increase from the 7.71 patches per hour seen in the previous version of this report, and a continuation of the longterm trend toward higher patch volumes.

An anonymous reader quotes Fossbytes: It was last year when, John McAfee, the co-founder of an antivirus company that's now owned by Intel, took Intel to the court over the right to use his name for commercial purposes... According to a Reuters report, the US District Judge Paul Oetken has dismissed the 2016 case and the counter lawsuit filed by Intel. The two parties have settled upon a mutual agreement which allows John Mcafee to use his name for promotions, presentations, and advertisements. He can't link his name to any product or service related to cyber security and security.
McAfee told the BBC that he can't directly name a company after himself, adding "I can live with that. That certainly beats having to live with 'The Entrepreneur Formerly known as McAfee.'"

Johnny Depp is still scheduled to play McAfee in a movie called "King of the Jungle," which will focus on the period of his life when McAfee fled a police investigation in Belize.

Long-time Slashdot reader tsu doh nimh writes: Brian Krebs has an interesting piece this week on one reason that so many talented hackers (malicious and benign) seem to come from Russia and the former Soviet States: It's the education, stupid. Krebs's report doesn't look at the socioeconomic reasons, but instead compares how the U.S. and Russia educate students from K-12 in subjects which lend themselves to a mastery in coding and computers -- most notably computer science. The story shows that the Russians have for the past 30 years been teaching kids about computer science and then testing them on it starting in elementary school and through high school. The piece also looks at how kids in the U.S. vs. Russia are tested on what they are supposed to have learned.
Fossbytes also reports that Russia claimed the top spot in this year's Computer Programming Olympics -- their fourth win in six years -- adding that "the top 9 positions out of 14 were occupied by Russian or Chinese schools." The only two U.S. schools in the top 20 were the University of Central Florida (#13) and MIT (#20).

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

"We are very excited about contributions from the community," announced Alphabet's DeepMind, open sourcing a new library to make it easier to build complex TensorFlow neural networks. An anonymous reader writes: "DeepMind foresees Sonnet to be used by the community as a research propellant," reports FossBytes. "Also, it would allow easy sharing of other models created by DeepMind with the community." Sonnet uses an object-oriented approach, a recent blog post explained, pointing to more details on GitHub. "The main principle of 'Sonnet' is to first construct Python objects which represent some part of a neural network, and then separately connect these objects into the TensorFlow computation graph."

DeepMind sees this as part of their broader commitment to open source AI research. "In recent months we've also open-sourced our flagship platform DeepMind Lab, and are currently working with Blizzard to develop an open source API that supports AI research in StarCraft II."

A research team led by John Goodenough at the Cockrell School of Engineering (Yes, this is a legitimate story) has created a new fast charging solid-state battery. Decades ago, American physicist John Goodenough co-invented the lithium-ion battery, which is now omnipresent in today's technology. The team has published a research paper in the journal Energy and Environmental Science. Fossbytes reports: The design limitations of lithium batteries containing liquid electrolytes don't allow them to charge quickly. If done forcefully, it would lead to the formation of metal whiskers (dendrites). Eventually, a short circuit would happen, or the battery would explode. However, that's not the problem with the solid-state batteries. The researchers have used a solid glass electrolyte in place of the liquid one. The glass electrolyte allows the researchers to use the alkali metal anode (negative side) which increases the charge density of the battery and prevents the formation of dendrites. Also, the glass electrolyte enables a battery to operate in extreme temperatures of -20-degree celsius. You can read more via The University of Texas at Austin.

"In 2014, many film studios teamed up to force the Swedish ISP Bredbandsbolaget to block the popular torrent website The Pirate Bay," reports Fossbytes. "It was also said that ISPs should be blocked if they refused to block copyright infringing websites." Now, a Swedish Patent and Market Court of Appeal has ordered The Pirate Bay and streaming portal Swefilmer to be blocked by Bredbandsbolaget for the next three years. Fossbytes reports: The court overruled the earlier ruling of the District Court, ordering the ISP to employ some technical measures to stop its customers from accessing the website and its different URLs. The court said that a blocking injunction would be proportional "in the light of EU law." Notably, under the EU law, it's possible for the copyright owners to get an injunction against the ISPs whose services are used to pirate content. This verdict is the first of its kind in Sweden, but similar injunctions have been announced in the past in other European nations. This ruling also opens new doorways for the copyright holders to target more torrent websites in the near future. Pirate Bay spokesperson Peter Sunde said in a statement to TorrentFreak: "The fight is not about TPB -- the users of TPB can just bypass this blockade easily. It's about the slippery slope it brings."

An anonymous reader writes: "Nim compiles and runs fast, delivers tiny executables on several platforms, and borrows great ideas from numerous other languages," according to InfoWorld. After six years, they write, Nim is finally "making a case as a mix of the best of many worlds: The compilation speed and cross-platform targeting of Go, the safe-by-default behaviors of Rust, the readability and ease of development of Python, and even the metaprogramming facilities of the Lisp family..."

Fossbytes adds that Nim's syntax "might remind you of Python as it uses indented code blocks and similar syntax at some occasions. Just like Rust and Go, it uses strong types and first class functions... Talking about the benchmarks, it's comparable to C. Nim compiler produces C code by default. With the help of different compiler back-ends, one can also get JavaScript, C++, or Objective-C.
There's an improved output system in the newest release, and both its compiler and library are MIT licensed. Share your thoughts and opinions in the comments. Is anybody excited about writing code in Nim?

An anonymous reader writes: "Running Linux binaries natively on Windows... that sounds awesome indeed," writes Hannes Kuhnemund, the senior product manager for SUSE Linux Enterprise. He's written a blog post describing how to run openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2 on Windows 10, according to Fossbytes, which reports that currently users have two options -- openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2. Currently it's Ubuntu that's enabled by default in the Windows Subsystem for Linux, although there's already a project on GitHub that also lets you install Arch Linux. "It's quite unfortunate that Microsoft enabled the wrong Linux (that's my personal opinion) by default within the Windows Subsystem for Linux (WSL)," writes Kuhnemund, "and it is time to change it to the real stuff.

HandBrake, popular open source video transcoder, has finally hit version 1.0.0 affter spending roughly more than 13 years in development. HandBrake 1.0.0 brings tons of new presets and support for more devices and file types. From a report: HandBrake 1.0.0 comes with new web and MKV presets. The official presets from HandBrake 0.10.x can be found under 'Legacy.' New Jason-based preset system, including command line support, has been added. The additional features of HandBrake are title/chapter selection, queuing up multiple encodes, chapter markers, subtitles, different video filters, and video preview. Just in case you have a compatible Skylake or later CPU, Intel QuickSync Video H.265/HEVC encoder support brings performance improvements. HandBrake 1.0.0 also brings along new online documentation beta. It's written in a simple and easy-to-understand language.You can download it here.

An anonymous reader quotes a report from Fossbytes: Kaspersky Lab, a Russian cybersecurity and antivirus company, has announced their new operating system which was in development for the last 14 years. Dubbed as Kaspersky OS, it has made its debut on a Kraftway Layer 3 Switch. Not many details have been revealed by the CEO Eugene Kaspersky in his blog post. The GUI-less OS -- as it appears in the image -- has been designed from scratch and Eugene said it doesn't have "even the slightest smell of Linux." He actually tagged "Kaspersky OS being non-Linux" as one of the three main distinctive features he mentioned. The other two features he briefly described are rather fascinating. The first feature is that the Kaspersky OS is based on microkernel architecture, which basically means using the minimum amount of ingredients to bake your own operating system. The OS can be custom-designed as per requirements by using different modification blocks. The second distinctive feature is the inbuilt security system which can control application behavior and OS modules. It touts Kaspersky OS as practically unhackable, unless a cyber-baddie has a quantum computer -- which will be required to crack the digital signature of the platform -- at his disposal.

After four years of development there's a major new release of Emacs, the 40-year-old libre text editor with over 2,000 built-in commands. An anonymous Slashdot reader writes: Emacs 25.1 now lets you embed GTK+ user interface widgets, including WebKitGTK+, "a full-featured WebKit port that can allow you to browse the internet and watch YouTube inside Emacs." And it can also load shared/dynamic modules, meaning it can import the extra functionality seen in Emacs Lisp programs. This version also includes enhanced the network security, experimental support for Cairo drawing, and a new "switch-to-buffer-in-dedicated-window" mode.
Emacs 25.1 is available at the GNU FTP server, and since it's the 40th anniversary of Emacs, maybe it's a good time for a discussion about text editors in general. So leave your best tips in the comments -- along with your favorite stories about Emacs, Vim, or the text editor of your choice. What comes to your mind on the 40th anniversary of Emacs?

An anonymous Slashdot reader quotes a report from fossBytes: Linux Mint 18 'Sarah' KDE Edition Beta is now available for download and testing. This release is based on the long-term supported Linux 4.4 kernel and KDE Plasma 5.6 desktop environment. The final release of this widely popular distro is expected to arrive in September... Just like MATE, Cinnamon, and Xfce releases, the KDE release is a long term release that will remain supported until 2021.

Linux Mint 18 'Sarah' KDE Edition ships with Mozilla Firefox as default web browser and LibreOffice as the default office suite. The Linux distro also features a wide range of popular KDE apps like Kontact, Dolphin, Gwenview, KMail, digiKam, KTorrent, Skanlite, Konversation, K3b, Konsole, Amarok, Ark, Kate, Okular, and Dragon Player.
"Unlike other Linux Mint editions, the KDE edition will ship with the SDDM display manager," reports the Linux Mint blog. Distrowatch notes that it's based on Ubuntu 16.04, and suggests "Mint's 'KDE' flavour might turn out to be the most interesting of the bunch, especially if the project's usually excellent quality assurance is applied to this edition in the same manner as in its 'MATE' and 'Cinnamon' variants."

An anonymous Slashdot reader quotes a report from fossBytes: Microsoft has released a security update that has patched a backdoor in Windows RT operating system [that] allowed users to install non-Redmond approved operating systems like Linux and Android on Windows RT tablets. This vulnerability in ARM-powered, locked-down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, one was able to boot operating systems of his/her choice, including Android or GNU/Linux.
The Register points out that since Windows RT is "a dead-end operating system" which Microsoft has announced they'll stop developing, "mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms is highly sought."

Microsoft is now promising that their Microsoft Store employees "will give you a free Dell laptop if the staff can't do a same-day upgrade on your eligible PC by close of business," reports new Slashdot submitter Pritam Dash. To be eligible for the Dell Inspiron 15, the PC must meet Microsoft's upgrade requirements -- and be checked in by noon -- and in a further effort to boost adoption for their of the Windows 10 operating system, Microsoft is also announcing that "If your PC isn't compatible with Windows 10, we'll recycle it and give you $150 toward the purchase of a new PC." (This second offer is limited to PCs already running Windows 8). Both offers are valid until July 29th, "while supplies last."

Meanwhile, the U.S. army is "half a year behind the January 2017 deadline to adopt Windows 10 set by Defense Department Chief Information Officer Terry Halvorsen," and has hired Microsoft engineers to assess their 1.1 million devices and legacy systems.