suso writes "A design flaw in the VTE library was published this week. The VTE library provides the terminal widget and manages the scrollback buffer in many popular terminal emulators including gnome-terminal, xfce4-terminal, terminator and guake. Due to this flaw, your scrollback buffer ends up on your /tmp filesystem over time and can be viewed by anyone who gets ahold of your hard drive. Including data passed back through an SSH connection. A demonstration video was also made to make the problem more obvious. Anyone using these terminals or others based on libVTE should be aware of this issue as it even writes data passed back through an SSH connection to your local disk. Instructions are also included for how to properly deal with the leaked data on your hard drive. You are either encouraged to switch terminals and/or start using tmpfs for your /tmp partition until the library is fixed."
Have you META-MODERATED today? Sign up for the Slashdot Daily Newsletter! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. ×
Norsefire writes "NVIDIA is joining the Linux Foundation, along with three other to-be-announced companies. From the article: 'As one of the three big makers of graphics chips for PCs--the other two are Intel and AMD, both of which are longtime Linux Foundation members--Nvidia's increased participation in Linux could be big news for users of the free and open source operating system. Nvidia has long taken a closed approach to Linux drivers for its graphics cards, offering only a proprietary one and declining to participate in the open source Nouveau driver project, which has depended instead on reverse engineering.'"
Thinkcloud writes "The Linux From Scratch (LFS) project has published version 7.1 of its manual for building a custom Linux installation. The new release of the step-by-step instructions is 345 pages long and uses more up-to-date components than previous versions – for example, the 3.2.6 Linux kernel and version 4.6.2 of the GNU Compiler Collection (GCC). The update also includes fixes to bootscripts and corrections to the text, as well as updates to 20 packages."
Riskable writes "As a follow-up to my previous Slashdot story, Gate One is now out of beta. Packages can be downloaded here. There's also a live demo: press the ESC key on this page to have a terminal running lynx drop into view, Quake-style! I've also posted a video overview and the documentation can be found here. Some pertinent changes since the beta: Added the ability display images inline within terminals, key-based SSH authentication, a WebSockets authentication API (for secure embedding), dramatically improved terminal emulation, an overhauled bookmark manager, support for international keyboard layouts, and a web-based log viewer that lets you export logs to self-contained HTML playback files."
paxcoder writes "Contrary to earlier analyses that predicted a decline of copyleft software share to as little as 50% this year, John Sullivan, the executive director of the Free Software Foundation, claims the opposite has happened: In his talk at FOSDEM 2012 titled 'Is Copyleft Being Framed?,' Sullivan presented evidence (PDF) of a consistent increase of usage of copyleft licenses in relation to the usage of permissive licenses in free software projects over the past few years. Using publicly available package information provided by the Debian project, his study showed that the number of packages using the GPL family in that distribution this year reached a share of 93% of all packages with (L)GPLv3 usage rising 400% between the last two Debian versions."
MBtronics writes "I work at an embedded hardware/software company and we are currently moving all our products for Windows CE to Linux. Our core development team already uses their favorite distro for development, but the rest of the developers are still working on Windows. We are going to give a series of Linux lessons (from 'what is Linux' to installing, using and developing) for everybody in the company who is interested (including non-developers). They will be allowed to choose their own distro, but we will certainly get requests for recommendations. My question to the Slashdot crowd: what distro (and window manager) do you think is the best to teach Linux to the generic public? We are currently thinking of Ubuntu, Fedora or Mint."
donadony writes with news about what will become the next LTS release of Ubuntu. From the article: "It's time to take another look at what is happening with the development of Ubuntu 12.04. As it stands, the first Beta of Ubuntu 12.04 LTS Precise Pangolin has been released. I just updated my own system. What changed since Alpha? Not much, really. In fact, there's really nothing groundbreaking or any new features added. Unity has been updated to version 5.4.0 which also sees the introduction of the new HUD feature. HUD still apparently has many outstanding bugs, but developers maintain that all bugs will be ironed out before Ubuntu 12.04 goes gold. Also added were recommendations to Ubuntu software center, and a new tool called 'privacy' and other small new features."
jfruh writes "The balance between security and ease of use is always a tricky one to strike, and Linux distros tend to err on the side of caution. But no less a luminary than Linus Torvalds thinks openSUSE has gone too far. When his kid needed to call from school for the root password just so he could add a printer to a laptop, that's when Linus decided things had gone off the rails."
Raspberry Pi project leader Eben Upton talks about the state of Raspberry Pi, and tells us that yes -- finally -- they now have distributors in the U.S. and other countries instead trying to ship every unit from the U.K. Even better, instead of buying a batch of boards, selling them, and only then ordering another batch, the new distribution agreements mean they can keep a steady flow of orders coming in and going out. One slight downer is that people who have donated to the project may not get their Pi(s) right away; the distributors have spoken for all of the current order. Eben talks about this, and about how Raspberry Pi is going to take care of contributors, starting at about 4:15 in the video. You can also look at an in-person interview Tim did with Eben in January -- or wait until the end of today's video for a list of other Raspberry Pi videos.
An anonymous reader writes "I've been the server admin at a university for the past five years. Recently, I was given the chance to move from servers to networking, and I jumped at it. I now find myself typing up all my open-ended projects, removing certain scripts and stopping others. What would the community recommend as best practices for passing on administration of some servers? I am trying to avoid a phone call that results in me having to remote in, explain something, jog to the other side of campus to access the machine, etc. Essentially, I'm trying to cover all my bases so any excuse my replacement has to call me is seen as nothing but laziness or incompetence. I am required to give him a day of training to show him where everything is on the servers (web and database), and during that day I'm going to have him change all the passwords. But aside from locking myself out and knowing what is where, what else should I be doing?"
New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."
An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.
nk497 writes "Canonical has revealed Ubuntu running on a smartphone — but the open source developer hasn't squashed the full desktop onto a tiny screen. Instead, the Ubuntu for Android system runs both OSes side by side, picking which to surface depending on the form factor. When a device — in the demo, it was a Motorola Atrix — is being used as a smartphone, it uses Android. When it's docked into a laptop or desktop setup, the full version of Ubuntu is used. Files, apps and other functionality such as voice calls and texting are shared between the two — for example, if a text message is sent to the phone when it's docked, the SMS pops up in Ubuntu, while calls can be received or made from the desktop." ZDnet has pictures; ExtremeTech has a story, too, including some words from Canonical CEO Jane Silber.
CUPS is the popular open-source printing system that many projects have used successfully as a core, for desktop printing and as the basis of dedicated print servers. Reader donadony writes with word that Apple "has chosen to abandon certain Linux exclusive features, [while] continuing with popular Mac OS X features. The changeover is being attempted by Apple to set new printing standards that will not require 'drivers' in the future." However, as this message from Tim Waugh at Red Hat points out, all is not lost: "Where they are of use for the Linux environment, those orphaned features will continue to be maintained at OpenPrinting as a separate project."