TechNews

Sabtu, 19 Maret 2016

GNOME Software Now Correctly Shows Ubuntu-Specific App Reviews

GNOME Applications Software a recent is updated as part of the upcoming GNOME 3.20 Release Candidate (19.03.92), brings some improvements and bug fixes.

GNOME Software 3.20 RC (Release Candidate) is now available, and it will be distributed later this week as part of the GNOME 3.20 RC desktop environment. As usual, we've managed to get our hands on the internal changelog to share with you some of the improvements and fixes introduced by the developers through patches.

Among these, we can mention the fact that all plugin functions are now allowed to fail gracefully, the limits of the text of application reviews are lower, and the kudos details panel can now be automatically hidden for non-desktop components. Additionally, several language translations have been updated.

Furthermore, reviews of Ubuntu-specific apps are now correctly displayed, only one modal dialog is displayed at a time, and the right icon size is now being fetched during installation of bundles on HiDPI displays. Moreover, star ratings are no longer displayed on the category app tiles, and app reviews/ratings will no longer be shown for certain components.

GNOME Software Release Candidate of 3.20, which will be included by default in the upcoming Ubuntu 16.04 LTS (Xenial Xerus) operating system, can be downloaded now via the official website. However, try to remember that this is a pre-release version and may contain bugs. more details in the changelog attached below.

GNOME Software 3.20 Changes

Slackware 14.2 Release Candidate 1 Run on Linux Kernel 4.4.6 LTS, Update Or Download Now!

Slackware Logo [image: slackware.com]

The day after tomorrow, precisely on march 17 2016 Slackware maintainer and lead developer Patrick Volkerding has announced the release and immediate availability for testing of the first RC (Release Candidate) build of the upcoming Slackware 14.2 operating system.

Slackware 14.2 RC1 comes one and a half months after the release of the second Beta build on February 4, 2016, during which Mr. Volkerding managed to update as many core components and applications as possible. For example, Slackware 14.2 Release Candidate 1 is powered by the recently announced Linux 4.4.6 LTS kernel.

Among other updated components, we can mention Nmap 7.10, Mozilla Firefox 45.0.1, TigerVNC 1.6.0, Git 2.7.4, SeaMonkey 2.40, Gnuplot 5.0.3, sudo 1.8.15, grep 2.24, X.Org Server 1.18.2, M2Crypto 0.23.0, xine-lib 1.2.6, Vim 7.4.1530, OpenSSH 7.2p2, Calligra 2.9.11, perl 5.22.1, bash-completion 2.2, hexchat 2.12.0, mozilla-thunderbird 38.7.

"Let's call this Slackware 14.2 Release Candidate 1. We still have a bit of work to do before this is fully ready to go, but we're done doing every little upgrade that comes along. Well, mostly," said Patrick Volkerding, Slackware maintainer, in the official changelog for Slackware Current.

Slackware 14.2 RC1 ready for public testing now

The weekend is here, and if you're planning on taking the Release Candidate of Slackware 14.2 for a test drive, we have some good news for you, as the 32-bit and 64-bit ISO images, which have been labeled as "Slackware Current," are now available for order to official Slackware website https://store.slackware.com/cgi-bin/store or you can download with local repository. This a little list repo slackware:

http://repo.ukdw.ac.id/slackware/ (indonesian repository)
http://mirrors.kernel.org/slackware/
http://slackware.osuosl.org/

The final release of Slackware 14.2 should arrive sometime in summer 2016, and it looks like it will be shipping with Linux kernel 4.5. Please keep in mind, though, that this is still a pre-release version and it might contain bugs.
So for Slacker's get update soon, and if you're linux users besides Slackware Linux can trying and download. Thanks!

With Encryption Debate Raging On, Google Opens Up Data on HTTPS Usage

Google [image: howtogeek.com]

Good news for bloggers, it turns out Google has announced the use of data and google https tell 70% of its service use https. If you use blogger platform must be know that google has provide use https for blogspot.

Google was announced that its regular Transparency Report that provides an insight into how the company works and interacts with users, governments, and third-parties, will from now on feature a special section dedicated to HTTPS and encryption usage.

The new HTTPS section will provide details on the state of HTTPS support for Google products, which the company has started moving a few years back, reaching 77% coverage at this particular moment.

Out of all its major services, Gmail has 100% coverage, while Google engineers are still working to bring Drive, Maps, Advertising and the rest up to par.

Google says that the reasons that prevent it from achieving 100% coverage for all of its products have to do with older hardware and software that don't support modern encryption, countries that intentionally degrade HTTPS traffic, and products like Blogger where certificate management can be tricky when users add a custom domain to their blog.

Monitoring HTTPS Usage on Alexa Top 100 Sites
But the report won't include data only on its products. Since encryption has become such a big deal today, Google will be periodically assessing the state of HTTPS support on Alexa Top 100 sites as well, including the results in its periodical reports.

Google will be scanning if these top sites support HTTPS, if they use a modern TLS configuration, and if they use HTTPS by default on their service.

In Google's first HTTPS Transparency Report, only 21 sites got a perfect score for these criteria, a short list that includes services such as Yahoo, Facebook, Twitter, Tumblr, Reddit, Pinterest, Yandex, Wikipedia, and WhatsApp.

Why the focus on Alexa Top 100 sites? Because these 100 sites make up for around 25% of all the Internet traffic today, and if they realize that encryption is crucial for their users, then smaller sites will soon follow.

As a bonus, Google's Transparency Report also includes a Certificate Transparency checker that will allow users to verify the validity of an SSL/TLS certificate that an HTTPS website is using. The train of thought behind this feature is to show that if HTTPS is present, it doesn't automatically mean it's good quality HTTPS.

Cannot Add SDK Javascript Into Blogger [Add Facebook Like Button]

Facebook [screenshot: arief-jr.blogspot.com]

This post will shared about "Error parsing XML : The reference to entity “version” must end with the ';' delimiter". Since 5 hours ago, i'll trying to put facebook like button or box into my blog, then what happen? on my blog show notification message error parsing xml.

And i try to add this code like this;

<div id="fb-root"></div>
<script>
/* <![CDATA[ */
    (function(d, s, id) {
        var js, fjs = d.getElementsByTagName(s)[0];
        if (d.getElementById(id)) return;
        js = d.createElement(s); js.id = id;
        js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.5";
        fjs.parentNode.insertBefore(js, fjs);
    }(document, 'script', 'facebook-jssdk'));
/* ]]> */
</script>

note: for fixing error parsing xml, add this code which i block with red colour.

And see again your blog,

If you want add facebook like box, you must copy paste the above code and put into tag </body> and also put this script:

<div class="fb-like" data-href="https://facebook.com/ALittleNotes/" data-layout="standard" data-action="like" data-show-faces="false" data-share="true"></div>

note: For script which i coloured with blue, change your url facebook.

And now my facebook like button has showing under my blog post.

Thanks, Have fun!

Jumat, 18 Maret 2016

Ubuntu Touch OTA-10 Now in Feature Freeze, Will Bring a Lot of Goodies

Ubuntu Touch (image: sysads.co.uk)

The good news, ubuntu users can get update your ubuntu touch phone using OTA (Over The Air). Yep this OTA-10, as reported ubuntu touch developer.
We've been asked by our readers about what is going on with the development of the Ubuntu mobile OS, as no news has been published lately on our website about the upcoming OTA-10 update for phones and tablets.

Well, first of all, not much has happened in the Ubuntu Touch world lately, as it is currently in Feature Freeze, which means that no new features or major changes will be added to the OTA-10 build with the exception of critical bugs.

Second of all, Canonical's Łukasz Zemczak, who usually posts daily reports of the latest landings for Ubuntu Touch had some personal problems, but today he's back with some interesting news on the progress of the OTA-10 software update.

"Let's take a look at some of the landings happening this week. We had a new big Android release for the device bits for flo, mako, and the emulator," said Łukasz Zemczak, Ubuntu Foundations. "Exciting times in overall."

Ubuntu Touch developers are pretty busy with OTA-10 work
Besides the major Android release, the Ubuntu Touch developers also managed to update several important components, such as ubuntu-system-settings, which brings improvements to the system update status tracking, and the system-image client, which now allows for 3G update download and offers better OTA notifications.

Moreover, the Dialer app now lets users copy and paste numbers to/from the keypad entry, the Oxide-Qt video player received various improvements, there's a new version of the Indicator Sound, bringing microphone controls when an external mic is connected, and the Unity 8 interface received numerous attractive features, such as new side-stage for tablets, tutorial redesigns, etc.

So, as you can see, the Ubuntu Touch developers are pretty busy with OTA-10 work. Expect some more related news soon! For Ubuntu touch users should be patient and get the latest version of OTA-10's.

GNU Linux-libre Kernel 4.5 Officially Released for 100% Freedom

Linux (image: mintguide.org)

Not long ago I wore the 4.4.5 kernel in my slackware machine, kernel 4.5 was released but there i don't want trying because i have no time for built kernel from source in my slackware machine.

But Free Software Foundation Latin America (FSFLA) announced on March 14, 2016, the release and availability for download of their Linux-libre 4.5 kernel, for those who want 100% freedom.

The release of the GNU Linux-libre 4.5 kernel arrives two days after Linus Torvalds' announcement for Linux kernel 4.5, a release that introduces a bunch of new attractive features, updated drivers, and many under-the-hood improvements.

GNU Linux-libre kernel 4.4 is, of course, based on the upstream freely distributed sources of the Linux 4.5 kernel, but deblobbing some of the included drivers, such as Qualcomm WCNSS SOC, qat_c62x, qat_c3xxx, goodix touchscreen, and adf7242.

Furthermore, the deblobbing of Nouveau, Radeon, Skylake sound, and XHCI rcar drivers has been updated, and various adjustments were applied to parts of code from the upstream kernel, in particular in the wireless networking drivers area.

Who is the GNU Linux-libre 4.5 kernel for?

The GNU Linux-libre project was created a long time ago with the intention of giving people a 100% free version of the upstream Linux kernel, suitable for use in operating systems that follow Free Software Foundation's GNU Free System Distribution Guidelines.

By default, the GNU Linux-libre kernel is designed from the offset to be compatible with the GNU Operating System, but you're free to use it with your GNU/Linux operating system, whether you are a developer creating a new Linux kernel-based OS or a user who wants total freedom.

If you are interested in the GNU Linux-libre project and you want to deploy it on your operating system, our suggestion is to read the official Wiki found at http://linuxlibre.org, and download the source package of GNU Linux-libre kernel 4.5 right now via our website.

How you are interested to try it on your operating system? If you want to make sure to try to understand how to built kernel from source, and don't forget to take a snack, coffee or your favorite food for waiting the process.

Kamis, 17 Maret 2016

Tor Users Can Be Tracked Based on Their Mouse Movements

tor browser can tracking, fingerprinting, tor browser, anonymous, deanonymous, software, security, arief-jr.blogspot.com

Tor Browser Fingerprinting (image: arief-jr.blogspot.com)

It turns out tor browser user can tracking like treatment of suspicious users which can perform malicious activity.

Yep, Independent security researcher Jose Carlos Norte has discovered a set of new methods of fingerprinting Tor users, which can be used to deanonymize them later on during abusive law enforcement investigations or cyber-surveillance campaigns.

The process of "user fingerprinting" refers to ways of tracking non-standard operations and details about a user's behavior. While analytics services track a bunch of such details, the Tor Browser provides protection against some of these actions in order to keep the user's identity a secret.

Fingerprinting is especially dangerous to Tor users because data recorded while they surf the Web via Tor browsers can then be compared to data logged while the user was surfing the same website with their regular browser.

The data that is usually logged in fingerprinting schemes is not 100% reliable or accurate for that matter, but it provides a starting point for future investigations.

If a user who has legitimate reasons to keep their anonymity online is unmasked by an oppressive regime, the consequences of fingerprinting techniques can be more dangerous than just having your name and online identity attached to a database entry in an analytics service.

Mouse movements give you away

Mr. Norte has published on his blog a series of fingerprinting techniques that are effective against Tor Browser users, along with a page demonstrating his research.

The first technique that he identified refers to the speed at which users scroll through a page using their mouse wheel. Even if for all mice the scroll speed is the same, an attacker could still identify patterns in the scroll events based on each individual's idiosyncrasies.

Additionally, attackers can log the speed at which users move the mouse cursor across a page. Since each user has their own OS mouse sensitivity preferences and their set of gestures when using the device, this technique is more accurate than the previous one.

If the user is using a trackpad to navigate the page, the fingerprinting technique is even more precise, adding accurate speed metrics to the already-recorded scrolling and movement patterns.

Damn you, JavaScript! Damn you forever!

The researcher also discovered that he could fingerprint a user's machine, not just the person. By running a CPU-intensive JavaScript operation in the browser, he could record the time needed to execute the task and use this information later on to pin suspects to a certain computer from where a Tor browser has been used.

Another low-level technique also uses the getClientRects JavaScript function, which returns details about a DOM element's rectangular box. The details that this function returns have a different value and accuracy level based on the user's screen resolution, font configuration, and various other settings. This technique can be used to identify users by their hardware and software settings.

The researcher says that all these methods depend on the attacker's ability to measure time in a Tor Browser at the 1-millisecond level.

The Tor Browser includes protection against such scenarios, limiting the Date.getTime() JavaScript function to measurements no smaller than 100ms.

Mr. Norte says that there are two methods of getting around this limitation, which, apparently, the Tor Project had been notified of ten months ago.

In another similar study conducted a few weeks earlier, Mr. Norte also discovered that some misconfigured Apache servers could leak the general location of a Tor user if the server is running under a certain configuration.

So what is your response as this browser tor??