Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Debian

All Packages Needed For FreedomBox Now In Debian 54

Posted by Unknown Lamer
from the i-think-you-mean-gnu-slash-freedom dept.
Eben Moglen's FreedomBox concept (personal servers for everyone to enable private communication) is getting closer to being an easy-to-install reality: all packages needed for FreedomBox are now in Debian's unstable branch, and should be migrating to testing in a week or two. Quoting Petter Reinholdtsen: "Today, the last of the packages currently used by the project to created the system images were accepted into Debian Unstable. It was the freedombox-setup package, which is used to configure the images during build and on the first boot. Now all one need to get going is the build code from the freedom-maker git repository and packages from Debian. And once the freedombox-setup package enter testing, we can build everything directly from Debian. :) Some key packages used by Freedombox are freedombox-setup, plinth, pagekite, tor, privoxy, owncloud, and dnsmasq. There are plans to integrate more packages into the setup. User documentation is maintained on the Debian wiki." You can create your own image with only three commands, at least if you have a DreamPlug or Raspberry Pi (you could also help port it to other platforms).
Security

Heartbleed Disclosure Timeline Revealed 62

Posted by samzenpus
from the when-did-you-know dept.
bennyboy64 (1437419) writes "Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 3. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL."
Security

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks 303

Posted by Unknown Lamer
from the check-your-bounds dept.
Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.
Debian

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros 144

Posted by timothy
from the holes-to-plug dept.
According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.
Debian

Interview: Ask Bruce Perens What You Will 129

Posted by samzenpus
from the go-ahead-and-ask dept.
Bruce Perens is a computer programmer and one of the most important advocates for the open source community. He co-founded the Open Source Initiative with ESR and has worked towards reforms of national and international technology policies. He is an amateur radio enthusiast, and has pushed for open radio communication standards. He is also our interview guest today. As usual, ask as many questions as you'd like, but please, one per post.
Programming

Ask Slashdot: Moving From Tech Support To Development? 133

Posted by timothy
from the which-flavor-of-ice-cream? dept.
An anonymous reader writes "My eastern European tech-support job will be outsourced in 6 months to a nearby country. I do not wish to move, having relationship and roots here, and as such I stand at a crossroads. I could take my current hobby more seriously and focus on Java development. I have no degree, no professional experience in the field, and as such, I do not hold much market value for an employer. However, I find joy in the creative problem solving that programming provides. Seeing the cogs finally turn after hours invested gives me pleasures my mundane work could never do. The second option is Linux system administration with a specialization in VMware virtualisation. I have no certificates, but I have been around enterprise environments (with limited support of VMware) for 21 months now, so at the end of my contract with 27 months under my belt, I could convince a company to hire me based on willingness to learn and improve. All the literature is freely available, and I've been playing with VDIs in Debian already.

My situation is as follows: all living expenses except food, luxuries and entertainment is covered by the wage of my girlfriend. That would leave me in a situation where we would be financially alright, but not well off, if I were to earn significantly less than I do now. I am convinced that I would be able to make it in system administration, however, that is not my passion. I am at an age where children are not a concern, and risks seem to be, at first sight, easier to take. I would like to hear the opinion and experience of fellow readers who might have been in a similar situation."
Debian

Debian Considering Long Term Support for Squeeze 46

Posted by Unknown Lamer
from the thank-gnu dept.
Via Bits from Debian, comes news that the security team is considering adding a Long Term Support suite for Squeeze (Debian 6) after Jessie (Debian 8) is released sometime next year. From the mailing list post: "At the moment it seems likely that an extended security support timespan for squeeze is possible. The plan is to go ahead, sort out the details as as it happens, and see how this works out and whether it is going to be continued with wheezy. The rough draft is that updates will be delivered via a separate suite (e.g. squeeze-lts), where everyone in the Debian keyring can upload in order to minimise bottlenecks and allow contributions by all interested parties. Some packages will be exempted upfront due to their volatile nature (e.g. some web applications) and others might be expected to see important changes. The LTS suite will be limited to amd64 and i386. The exact procedures will be sorted out soon and announced in a separate mail. ... It needs to be pointed out that for this effort to be sustainable actual contributions by interested parties are required. squeeze-lts is not something that will magically fall from the sky. If you're dependent/interested in extended security support you should make an effort to contribute." If successful, the LTS idea would possibly be carried over to Wheezy. With all of the changes coming in Jessie and its aggressive release schedule, this sysadmin really likes the idea of having a bit more breathing room for updating infrastructure between releases. The email also contains a bunch of other info on changes coming to the security process.

In related news, the Debian Installer team announced the first alpha of debian-installer for Jessie. Just the installer, not the distro as a whole (Jessie will be frozen in November). XFCE remains the default desktop, ia64 was kicked out of the archive, and a few new ARM variants are supported.
Linux

Ask Slashdot: Linux For Grandma? 287

Posted by Unknown Lamer
from the gnu-slash-grandma dept.
First time accepted submitter BlazeMiskulin writes "With XP approaching end-of-life, I find myself in a situation that I'm guessing is common: What to do with Mom's machine (or 'grandma's machine' for the younger of you). Since a change has to be made, this seems like a good time to move to a Linux distro. My mother (82) uses her computer for e-mail and web-browsing only. I know that any distro will be able to handle her needs. I've been using Linux (Ubuntu, CentOS, and Redhat--usually with KDE interface) for about 10 years now, but I know that my preferences are quite different from hers.

I have my own ideas, but I'm curious what others think: What combination of distro and UI would you recommend for an old, basic-level user who is accustomed to the XP interface and adverse to change?"
My Grandmother seems happy running KDE on Debian.
Debian

Experimental Port of Debian To OpenRISC 56

Posted by Unknown Lamer
from the building-rms-a-new-laptop dept.
Via Phoronix comes news that Debian has been ported to the OpenRISC architecture by Christian Svensson. Quoting his mailing list post: "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! ... If anyone want to try this on real hardware (would be very cool to see how this runs IRL), ping me on IRC [#openrisc on freenode] and I'll set you up with instructions how to use debootstrap - just point to a repo with the debs and you're all set, the wonders of binary distributions." For those who don't know, OpenRISC is the completely open source RISC processor intended as the crown jewel of the Opencores project. A working port of glibc and a GNU/Linux distribution is a huge step toward making use of OpenRISC practical. There's a screencast of the system in action, and source on Github (at posting time, it was a month out of date from the looks of it). Christian Svensson's Github account also has repos for the rest of the toolchain.
Education

Why We Need To Teach Hacking In High School 124

Posted by Unknown Lamer
from the rms-teaches-programming dept.
An anonymous reader writes "Following one of the best descriptions ever of a hacker I've ever seen, Pete Herzog, creator of the 'security testing' (professional hacking) manual OSSTMM outlines compelling reasons why the traits of the hacker should be taught in school to make better students and better people. It starts out with 'Whatever you may have heard about hackers, the truth is they do something really, really well: discover.' and it covers open education, teaching kids to think for themselves, and promoting hacking as a tool for progress." A good read, despite confusing hacker and hacker a bit. I remember getting to set up Debian on a scrap machine in high school, only to have county IT kill the project because of the horrible danger experimentation could have proven to the network...
Ubuntu

Ubuntu To Switch To systemd 279

Posted by Soulskill
from the follow-the-leader dept.
GuerillaRadio writes "Following the decision for Debian to switch to the systemd init system, Ubuntu founder and SABDFL Mark Shuttleworth has posted a blog entry indicating that Ubuntu will now follow in this decision. 'Nevertheless, the decision is for systemd, and given that Ubuntu is quite centrally a member of the Debian family, that's a decision we support. I will ask members of the Ubuntu community to help to implement this decision efficiently, bringing systemd into both Debian and Ubuntu safely and expeditiously.'"
Cloud

Ask Slashdot: Local Sync Options For Android Mobile To PC? 146

Posted by Unknown Lamer
from the rsync-of-course dept.
Bucc5062 writes "A previous mobile phone of mine, a Motorola Razr, had a very nice program call Motocast. With it any pictures and videos would be automatically uploaded to a local/home PC running something akin to a 'cloud' service. This was great tool for I did not want to store files in the greater 'cloud'. the Razr moved on and I currently have two phones at home, neither of which have the same ability to push files to a local PC automatically. I did some research and did not find any good substitute for local cloud type backup so I am putting this out to one of the most diverse crowds I know, Slashdot readers. Zumocast did not look like it did the trick (I don't want streaming to my mobile device) and Delite studios had local cloud, but they make no reference to automatically pushing files to the server. I have people at home who are not tech savvy and would never remember to do it manually. Rolling my one is a long term option though it would require me learning the APIs for Android and I guess Windows. Is there something out that that works as good as Motocast?" ownCloud seems like a reasonable contender (installation on Debian, at least in the case of a few users and sqlite, is pretty easy). Their Android app has an option to automatically sync videos and photos as they are taken. But are there other options that are easier to install for folks uncomfortable with the idea of running Apache and an SQL server?
GNU is Not Unix

GNU Hurd Gets Improvements: User-Space Driver Support and More 163

Posted by samzenpus
from the now-even-better dept.
jones_supa writes "At FOSDEM 2014 some recent developments of GNU Hurd were discussed (PDF slides). In the name of freedom, GNU Hurd has now the ability to run device drivers from user-space via the project's DDE layer. Among the mentioned use-cases for the GNU Hurd DDE are allowing VPN traffic to just one application, mounting one's own files, redirecting a user's audio, and more flexible hardware support. You can also run Linux kernel drivers in Hurd's user-space. Hurd developers also have working IDE support, X.Org / graphics support, an AHCI driver for Serial ATA, and a Xen PV DomU. Besides the 64-bit support not being in a usable state, USB and sound support is still missing. As some other good news for GNU Hurd, around 79% of the Debian archive is now building for GNU Hurd, including the Xfce desktop (GNOME and KDE soon) and Firefox web browser."
Music

Ask Slashdot: An Open Source PC Music Studio? 299

Posted by Unknown Lamer
from the make-some-noise dept.
enharmonix writes "I have a big decision to make. I am probably going to buy a laptop that I will primarily use for music. I would prefer an OEM distro so I don't need to install the OS myself (not that I mind), but I have no preference between open- and closed-source software as an end-user; I just care about the quality of the product. There are two applications that I absolutely must have: 1) a standard notation transcription program with quality auditioning (i.e., playback with quality sound fonts or something similar, better than your standard MIDI patches) that can also accept recorded audio in lieu of MIDI playback, and 2) a capable synthesizer (the more options, the better). If there's software out there that does both 1 and 2 in the same app, that's even better. I've played with some of Ubuntu's offerings for music a few years ago and some are very good, though not all of them are self-explanatory and the last time I checked, none of them really met my needs. I am not so worried about number 2 because I think I could pretty easily develop my own in .NET/Mono, which I think would be a fun project (which would be open source, of course). I am a Gnome fan so if I go with Linux, I will almost certainly go with standard Ubuntu over Kubuntu, but Gnome seems to rule out Rosegarden which was the best FOSS transcription software out there the last time I checked. The other solution I've thought of is to just shell out the $600 for Finale, which I'm more than willing to do, but I'm not so sure I want Windows 8 and I'm just not sure I can afford to go with a Mac on top of the $600 for Finale. I don't intend to put more than one OS on my laptop, either. Any slashdotters out there dabble in composing/recording, using MIDI, sound fonts, recorded audio, and/or synthesizers? What setup of hardware/OS/software works for you? Can FOSS music software compete with their pricier closed source competitors?" The KXStudio apps installed over Debian or Ubuntu tend to be pretty nice (better session handling that gladish provides at least).
Debian

Valve Offers Free Subscription To Debian Developers: Paying It Forward 205

Posted by samzenpus
from the a-little-something-for-you dept.
sfcrazy writes "Valve Software, the makers of Steam OS, is already winning praise from the larger free and open source community – mainly because of their pro-community approach. Now the company is 'giving back' to Debian by offering free subscription to Debian developers. This subscription will offer full access to current and future games produced by Valve. Since Steam OS is based on Debian GNU/Linux it's a nice way for Valve to say 'thank you' to Debian developers."
Programming

Real-Time Face Substitution in Javascript 63

Posted by Unknown Lamer
from the ever-growing-mask dept.
An anonymous reader writes with news of an interesting demo for clmtrackr (a Javascript library for tracking of facial features) that hides your face using 3D masks overlayed on the video from your webcam using WebGL. The effect is kind of neat, and a bit creepy. The demo works in Chromium here, but not in Firefox (Debian unstable). There are a couple other demos; the facial deformation demo is reminiscent of the intro screen to Mario 64.
Games

Developing Games On and For Linux/SteamOS 145

Posted by Soulskill
from the year-of-linux-on-the-console dept.
An anonymous reader writes "With the release of SteamOS, developing video game engines for Linux is a subject with increasing interest. This article is an initiation guide on the tools used to develop games, and it discusses the pros and cons of Linux as a platform for developing game engines. It goes over OpenGL and drivers, CPU and GPU profiling, compilers, build systems, IDEs, debuggers, platform abstraction layers and other tools."

Help me, I'm a prisoner in a Fortune cookie file!

Working...