Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

Google's Chromebook Pixel is quite versatile after all. I can run Chrome OS and Linux at the same time, and switch between the two, allowing me to use Skype and other third party apps!

Некоторые пользователи, которые используют метод хинтинга "hintfull", могли заметить, что при переходе с версии Pango 1.43 на 1.44 отображение некоторых семейств шрифтов ухудшилось или полностью сломалось.

Ever tried to install Metatrader 4 under Linux but just ended up with a crash? Read on for a Howto install Metatrader 4 under Linux.

LPI (Linux Professional Institute), a Global Leader in International Linux Certification for Open Source Professionals, Enters the Vietnamese Market

An update system for the Linux operating system and a method thereof are disclosed. In the system and method, an update program can be obtained via distributed clients, to reduce a server's loading. When updating the operating system, allocation data on a user data sector is backed up and restored, so as to complete the update for the operating system. With the present technical features, the technical effect of backing up and restoring the allocation data on the user data sector, and reducing the loading of the server can be achieved.

Prepare for the LPI Linux Essentials (010-160) certification exam. This course covers the five domains of this popular Linux exam, so that you can earn your certification and expand your career options as a Linux professional. Learn the fundamentals of the operating system, get introduced to numerous Linux distributions, and gain experience in the configuration, management, and usage of common open-source software applications. Instructor Jason Dion also reviews commands and scripting, process management, networking, user management, and permissions. In addition to theory, you get step-by-step demonstrations in practical labs and really learn how to use and configure key features and functionality. By the end of the course, you should start to feel like a true Linux professional.

This course was created by Jason Dion. We are pleased to offer this training in our library.

Linux is the operating system of choice for enterprises that need a stable, agile, and open-source platform, and it's only getting more popular. Qualified system administrators are in demand. If you've been anticipating a transition to Linux for your company or your career, or thinking about using Linux at home, this series presents a great opportunity to explore it—one tip at a time. Instructor covers a wide range of topics relevant to anyone interested in broadening their knowledge of Linux core concepts, including virtualization, the Linux file system, file management, file transfer, process management, multitasking, networking, and security. Plus, learn about compatible hardware and the Linux desktop experience. Tune in each week to get a new tip, and keep learning Linux all year long.

Dan Lynch (filling in for Karen) and Bradley play and discuss Matthew Garrett's talk GPL Violations: What Are We Doing? (aka Linux License Violations) from the Linux Collaboration Summit 2011.

If you want to listen to only the off-topic parts of this oggcast, please download the FaiF 0x10 Off-Topic Remix.

Show Notes:

Segment 0 (00:34)

• FaiF Producer Dan Lynch is filling in for Karen as co-host this week. (00:43)
• Karen got married on the day Dan and Bradley recorded the oggcast. (01:03)
• Dan is also known as the co-host of Linux Outlaws, host of Rat Hole Radio, and occasional co-host of FLOSS Weekly. (02:05)
• Bradley mentioned Dick Van Dyke's admission (06:56)

Segment 1 (08:05)

• This segment is Matthew Garrett's talk GPL Violations: What Are We Doing? (aka Linux License Violations) from the Linux Collaboration Summit 2011.
• Matthew Garrett released the slides from his talk which you can follow along with during the talk.

Segment 2 (51:29)

• Bradley mentioned that Matthew is particularly interested in the GPL violations on Android/Linux devices that he's found. (52:57)
• Bradley mentioned Greg Kroah-Hartman's GPL enforcement against Microsoft, which Bradley also blogged about a few years ago. (55:51)
• Dan asked Bradley about DMCA usage in GPL enforcement. Bradley explained that there is a process called DMCA takedown that Matthew was discussing. (57:30)
• Dan and Bradley discussed the Linux Foundation Open Compliance Program. (1:05:05)
• Bradley mentions that he is completely opposed to criminal penalties for copyright infringement, and mentioned his ACTA commenting blog post. (1:12:13)
• Bradley and Dan discussed the Sony DVD rootkit. (1:15:17)
• Karen's wedding invitation got some press since it was a working record player. (1:16:58)
• Karen and Mike's wedding song is at the end of the oggcast, but you can also download the song from the wedding website. (1:21:08)

Send feedback and comments on the cast to <oggcast@faif.us>. You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter.

Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums.

The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

Karen and Bradley play and discuss Richard Fontana's Linux Collaboration Summit 2012 talk, The Decline of the GPL, and What To Do About It.

Show Notes:

Segment 0 (00:36)

Karen mentioned a legal summit where Richard and Karen spoke; the same event where the organizers said having Bradley speak would be the same as having the caterers speak.

Segment 1 (04:46)

Fontana's slides for this talk are available on Fontana's website.

Note that this talk is a longer version of Ricahrd Fontana's FOSDEM 2012 talk, The (possible) decline of the GPL, and what to do about it from the FOSDEM 2012 Legal and Policy Issues DevRoom.

Segment 2 (57:24)

Bradley and Karen discuss Fontana's talk.

Send feedback and comments on the cast to <oggcast@faif.us>. You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter.

Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums.

The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

Karen and Bradley play and discuss Matthew Garrett's talk, Linux in a UEFI Secure Boot World talk from LinuxCon North America 2012.

Show Notes:

Segment 0 (00:34)

• Bradley mentioned that people at LinuxCon North America 2012 were talking about this article, wherein it states 51% of survey respondents believe [bad] weather can impact cloud computing. Bradley and Karen pointed out all the many ways that it can, such as if your services come via satellite links. (02:10)
• Bradley mentioned Matthew's talk might be best listened to before our earlier FaiFCast 0x2d about UEFI and Restricted Boot, as Matthew's talk is a very good introduction to that material (07:01)

Segment 1 (08:43)

The slides from Matthew Garrett's LinuxCon North America 2012 talk, Linux in a UEFI Secure Boot World are available.

Segment 2 (51:35)

• Karen song a part of one of the OpenBSD songs, E-Railed (OpenBSD Mix). (01:00:35)
• Bradley mentioned Theo de Raadt's comments regarding restricted boot. (01:00:44)

Send feedback and comments on the cast to <oggcast@faif.us>. You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter.

Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums.

The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

Karen and Bradley play and discuss Richard Fontana's LinuxCon North America 2012 talk, The Tragedy of the Commons Gatekeepers.

Show Notes:

Segment 0 (00:33)

Bradley and Karen introduce Richard Fontana's talk.

Segment 1 (02:48)

Richard Fontana's slides are available online, and there is also a well-written summary of the talk available on LWN.

Segment 2 (47:15)

Karen and Bradley discuss Fontana's talk.

Send feedback and comments on the cast to <oggcast@faif.us>. You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter.

Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums.

The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

Bradley and Karen discuss and critique the new initiative by the Linux Foundation called CommunityBridge. The podcast includes various analysis that expands upon their blog post about Linux Foundation's CommunityBridge.

Show Notes:

Segment 0 (00:36)

• Conservancy helped Free Software Foundation and GNOME Foundation begin fiscal sponsorship work. (07:50)
• Conservancy has always been very coordinated with Software in the Public Interest, which is a FOSS fiscal sponsor that predates Conservancy. (08:26)
• Conservancy helped NumFocus get started as a fiscal sponsor by providing advice. (08:53)
• The above are all 501(c)(3) charities, but there are also 501(c)(6) fiscal sponsors, such as Linux Foundation and Eclipse Foundation. (10:00)
• Bradley mentioned that projects that are forks can end up in different fiscal sponsors, such as Hudson being in Eclipse Foundation, and Jenkins being associated with a Linux Foundation sub-org. (10:30)
• Bradley mentioned that any project — be it SourceForge, GitHub, or Community Bridge — that attempts to convince FOSS developers to use proprietary software for their projects is immediately suspect (12:00)
• Open Collective, a for-profit company seeking to do fiscal sponsorship (but attempting to release their code for it) is likely under the worst “competitive” threat from this initiative. (19:50)

Segment 1 (21:23)

• Projects that use CommunityBridge are required to act in the common business interest of the Linux Foundation members. (27:30)
• Board of Directors seats at the Linux Foundation are for sale, according to their by-laws. (28:50)
• Bradley advises that you should not put anything copylefted into CommunityBridge — given Linux Foundation's position on copyleft and citing the ArduPilot/DroneCode example. (29:50)
• CommunityBridge appears to only allow governance based on the “benevolent dictator for life model” (31:40), at least with regard to who controls the money (34:30)
• Bradley mentioned the LWN article about Community Bridge. (33:22)

Segment 2 (36:54)

• Karen mentioned that CommunityBridge also purports to address diversity and security issues for FOSS projects. (37:00)
• Bradley mentioned the code hosted on k.sfconservancy.org and also the Reimbursenator project that PSU students wrote. (42:00)

Segment 3 (42:44)

Bradley and Karen discuss (or, possibly don't) discuss what's coming up on the next episode. Fact of the matter is that this announcement wasn't written yet when we recorded this episode and we weren't sure if 0x65 would be released before or after that announcement was released. We'll be discussing that topic on 0x66.

Send feedback and comments on the cast to <oggcast@faif.us>. You can keep in touch with Free as in Freedom on our IRC channel, #faif on irc.freenode.net, and by following Conservancy on on Twitter and and FaiF on Twitter.

Free as in Freedom is produced by Dan Lynch of danlynch.org. Theme music written and performed by Mike Tarantino with Charlie Paxson on drums.

The content of this audcast, and the accompanying show notes and music are licensed under the Creative Commons Attribution-Share-Alike 4.0 license (CC BY-SA 4.0).

IBM Db2 Server 11.5 for Linux on AMD64 and Intel EM64T systems (x64) Multilingual

IBM DB2 Advanced Workgroup Server Edition Restricted Use Activation V11.1 for Linux, UNIX and Windows Multilingual

This article explains how you can perform or enable parallel Linux OS installation on IBM PowerVM logical partitions.

In early July, the Linux Foundation announced new licensing terms for IAccessible2 (IA2) and the availability of AccProbe, a new desktop application testing tool for the development community.

IBM today announced that according to results from International Data Corporation (IDC) Worldwide Quarterly Server Tracker®(June, 2017) IBM has achieved market growth by 3x compared with the total Linux server market which grew at +6 percent. The improved performance are the result of success across IBM Power Systems including IBM’s OpenPOWER LC servers and IBM Power Systems running SAP HANA as well as the OpenPOWER-Ready servers developed through the OpenPOWER Foundation.

IBM (NYSE: IBM) reveló hoy una serie de nuevos servidores diseñados para potenciar las cargas de trabajo cognitivas y elevar la eficiencia en el centro de cómputo. Con un nuevo chip, la línea basada en Linux incorpora innovaciones de la comunidad OpenPOWER que ofrecen mayores niveles de desempeño y mayor eficiencia de cómputo que los disponibles en cualquier servidor basado sobre x86.

Guest Post: Learn how to use Linux command line to investigate suspicious processes trying to masquerade as kernel threads.

After a weekend behind Terminology windows tracking down package conflicts with EFL, Moksha, and the Bodhi package sets in relation to Ubuntu 18.04 I have something I am moderately happy to share. For those...

These discs address the issues with the default network manager configuration as well as an issue with Bodhi Builder not adding the Bodhi 5 repos by default on installed systems. Bodhi 5.0.0 Beta Disc...

Today I am very pleased to share the hard work of the Bodhi Team with our latest 5.0.0 pre-release disc which we are tagging as a “Release Candidate”. These disc images have no major...

Today I am very pleased to share the hard work of the Bodhi Team which has resulted in the second release candidate for our fifth major release. This will be the last pre-release build before...

Today I am very pleased to share the hard work of the Bodhi Team which has resulted in our fifth major release. It has been quiet the journey since our first stable release a little...

For a reasonable and fair review of our latest release, be sure to check out Jesse Smith’s review on Distro Watch here.

Today I am pleased to announce the release of Bodhi Linux 5.1.0. This is my first official release and is somewhat delayed from our original plans. Hopefully, this delay is worth it to our...

oscon: Watch our free #opensource webcast series coming in June- #python #linux #raspberrypi #go + more http://t.co/ru0LVl20gq #oscon

EndeavourOS is a rolling release Arch Linux-based distribution with some handy new features that improve the user experience. This latest version comes with graphical install options and preconfigured desktop environments. Several new in-house utilities improve package management and error reporting. There are lots of installation tips with the Calamares installer, which has a new look and feel.

The Linux Foundation will host ToIP, a cross-industry effort to ensure more secure data handling over the Internet. This new foundation is an independent project enabling trustworthy exchange and verification of data between any two parties on the Internet. The ToIP Foundation will provide a robust common standard to instill confidence that data is coming from a trusted source.

If you are looking for a well-designed Linux distro that is far from mainstream, loaded with performance features not found elsewhere, check out the 2020 upgrade of the MakuluLinux Core distro. It could change your perspective on what a daily computing driver should offer. Developer Jacque Montague Raymer recently released the 2020 edition of MakuluLinux Core OS.