unix
Latest
One of Linux's most important commands had a glaring security flaw
If you've used the command line in Linux or a Unix-based platform like macOS, you're probably familiar with the "sudo" command -- it lets you run tasks with different (usually elevated) permissions than you'd otherwise have. It's powerful, but it was apparently too powerful until now. Developers have fixed a flaw in sudo that let you claim root-level access even if the configuration explicitly forbids it. So long as an intruder had enough access to run sudo in the first place, they could perform any action they wanted on a given machine.
National Inventors Hall of Fame honors creators of Unix, power drills and more
The National Inventors Hall of Fame (NIHF) joined Engadget on stage today at CES to announce its 2019 class of inductees. While the official induction ceremony won't actually happen until May 2nd at the National Building Museum in DC, we can tell you that 19 separate innovators representing 12 different inventions will be honored. The group ranges from relatively obscure creators of a programming language used by engineers and scientists, to house hold names like S. Duncan Black and Alonzo G. Decker -- or Black & Decker -- the inventors of the first portable handheld drill. The festivities will be hosted by Danica McKellar, best known as Winnie Cooper from the Wonder Years, but also an accomplished academic and mathematician.
OS X is now macOS
After 15 years of large cats and a few California landmarks, Apple's OS X is getting a new name that's actually an old name. Apple's senior VP of software engineering, Craig Federighi announced that, henceforth, the operating system on desktop and laptops will be called macOS.
Linux command-line tools are coming to Windows 10
Now here's something you likely didn't expect at Microsoft's Build developer conference: A staple feature of Linux (and Unix) is coming to Windows 10. The company is integrating the Bash command-line shell and support for Ubuntu Linux binaries into Windows 10's Anniversary Update. This is, of course, big news for developers who want to use command-line tools while creating apps, but it's also important for power users who'd otherwise be tempted to install either third-party tools (like Cygwin) or a virtual machine.
'46 years' Facebook glitch is a New Year's gift from Unix
Don't worry, you're not living out a 13 Going on 30 scenario -- you're only "celebrating" 46 years of Facebook friendship with someone right now because of a glitch. A Unix-based glitch, that is. (That said, sorry to burst your bubble if you woke up thinking you've suddenly become younger.) Let's back up a bit and talk about what happened first, because it seems like only really old accounts are experiencing the issue. The largest social network on the planet has sent out messages congratulating users for 46 years of friendship with people in their list. Problem is, even if you have been friends with someone for almost half a century, Facebook itself is only 11 years old.
Attackers hit Yahoo using the Shellshock bug, but your data is safe
Looks like it didn't take long for the Shellshock security flaw to claim its first major victim. Yahoo has confirmed to both Future South Technologies and SecurityWeek that hackers used the command line exploit to breach at least two of its servers. Future South's Jonathan Hall found that the Romania-based intruders were using Shellshock to slowly hijack servers (including those of other companies) and build up an "arsenal" for hitting increasingly valuable targets, particularly Yahoo Games.
Apple updates OS X to protect 'advanced UNIX users' from Shellshock
Although OS X is among the systems listed as vulnerable to the recently-uncovered Shellshock / Bash security flaw (still not sure what that is? Let us explain.), Apple has said it isn't a problem for most users. For those potentially vulnerable due to enabling certain UNIX services, 9to5Mac reveals the company has just pushed patches for the Mavericks, Lion and Mountain Lion versions of its desktop operating system. You can download the updates from Apple's website now, and it should be available via software update soon. [Image credit: Robert Graham, Twitter]
The Shellshock command security flaw isn't really fixed yet
Don't get too comfy just because companies are rolling out patches for the Shellshock security bug -- as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren't covered by existing safeguards. You can use a common variable like "cat" (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don't have much reason to worry about your home Mac or Linux PC, but it's now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks. [Image credit: Robert Graham, Twitter]
What is the Shellshock Bash bug and why does it matter?
By now you may have heard about a new bug found in the Bash shell. And unless you're a programmer or security expert, you're probably wondering if you should really worry. The short answer is: Don't panic, but you should definitely learn more about it, because you may be in contact with vulnerable devices. This bug, baptized "Shellshock" by Security Researchers, affects the Unix command shell "Bash," which happens to be one of the most common applications in those systems. That includes any machine running Mac OS X or Linux. The "shell" or "command prompt" is a piece of software that allows a computer to interact with the outside (you) by interpreting text. This vulnerability affects the shell known as Bash (Bourne Again SHell), which is installed not only on computers, but also on many devices (smart locks, cameras, storage and multimedia appliances, etc.) that use a subset of Linux.
'Bash' command flaw leaves Linux, OS X and more open to attack
Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example.
Betty helps you conquer the console by translating English to Unix commands
If you've got a smartphone in your pocket, chances are you've got a digital assistant in there too (or you will very soon). For all her smarts, though, Siri can't help much when you hunker down in front of a UNIX shell, so former Google engineer Jeff Pickhardt set out to make the sort of digital assistant that could. "Her" name is Betty and (sadly) you can't verbally rattle off your Unix commands at her. No, she's all text-based, and more of an assistant than a transcriber anyway -- her raison d'etre is all about dutifully converting your typed whims from plain ol' English to the proper (and often arcane) command line syntax.
I tried this one crazy trick for a translucent Mavericks dock and it worked
I love OS customization. Don't you? Ever since OS X Mavericks debuted, I've been complaining about the nearly solid dock. Finally, I stumbled across a system setting that enabled me to restore my dock to its pre-Mavericks more-translucent look. As with many tweaks, the solution depended on a Unix command-line directive to the defaults (that's Mac for "settings") system. You enter this at the Terminal (/Applications/Utilities/Terminal), specifically: defaults write com.apple.dock hide-mirror -bool true After updating the defaults database, you need to restart the Dock: killall Dock The screenshots on the right of this post show the results. Using the normal settings, you can barely see through the dock at all. Once you apply the mirror hiding override, the dock becomes far more translucent, enabling you to see more of the desktop below it.
OS X vulnerability allows superuser access to hackers
Another vulnerability has popped up in OS X, and this time it's not Java-related. The developers of Metasploit, a software utility that makes it easier for people to abuse vulnerabilities in OSes for security-testing purposes, have added a new Unix Sudo vulnerability to their software. As OS X runs a modified version of Unix, this means it is vulnerable. As Arstechnica reports: The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. While the program is designed to require a password before granting "super user" privileges such as access to other users' files, the bug makes it possible to obtain that sensitive access by resetting the computer clock to January 1, 1970. That date is known in computing circles as the Unix epoch, and it represents the beginning of time as measured by the operating system and most of the applications that run on it. By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password. Apple has not commented on the bug, but the company is usually pretty quick to issue a fix once it is aware of them.
YouTube celebrates Geek Week with Unix overhaul, eyes flinch universally
To celebrate its upcoming Geek Week event, YouTube has started an Easter egg hunt on its Twitter feed. If you wanna see just what the video giant has planned but can't decipher its cryptic 140 character clues, we've got you covered. Simply (spoiler alert) enter "/ geekweek" minus the quotation marks into the site's search field for a Unix terminal-style conversion and gawk away. Fair warning: Your eyes might hate you for what you'll see.
Timed command-line screenshots
A TUAW staffer recently asked if there were a way to snapshot the exact same region of the screen over and over at timed intervals without buying third-party software. There is, but it depends on your comfort with the command line. If you're experienced in Unix scripting, read on. If not, you may want to investigate standalone screen-capture apps instead. I pointed him to /usr/sbin/screencapture. This built-in OS X utility allows you to specify a screen region to capture. For example, to capture a 50x200 rectangle starting at the point 200, 200, you'd say: % /usr/sbin/screencapture -R"200,200,50,200" ~/Desktop/foo.png You can easily apply a Unix shell script to create numbered output files. Unix commands will also enable you to sleep and repeat the capture requests over time. The utility is Retina-ready. Since it captures in points (and not pixels), the results are twice as big in each dimension when run on Retina systems.
The benefits of fast user switching
I've never used fast user switching on my Mac, but Rob Griffiths of Macworld presents several compelling reasons why enabling this Unix-based feature makes sense. He points out that working in a multiuser environment lets you troubleshoot issues without mucking up your current system setup. When trouble arises, just hop over to your test environment and tweak to your heart's content. Business users can create a presentation profile that lets them give a presentation using their Mac without worrying about their co-workers seeing photos from their weekend getaway. You can read Griffiths' full article on Macworld's website. There are applicable tips there for the average user, business users and even gamers.
KDE 4.10 released with leaner Air theme, more love for mobile devices
There are plenty of Linux desktop environments to choose from, but if KDE has a special place in your heartware, you'll be pleased to know its first 2013 update is out. Making the jump from 4.9 to 4.10 brings various tweaks to Plasma Workspaces, including upped support for high-res displays, a streamlining of the default Air theme, and plenty of behind the scenes adjustments. All running software can now be controlled through a common menu system, search indexes happen faster, and the new Nepomuk Cleaner will help rid those clogged drives of unnecessary data. In addition, printer management has been improved, and the enhanced Dolphin file manager communicates more freely with mobile devices. A thorough, lovingly crafted changelog is available at the source link below, but if you're particularly fond of surprises, then head straight for the download. Happy upgrading!
NVIDIA to offer up documentation for Tegra graphics core to prove its commitment to open-source (video)
There's nothing like a little smack talk to light the fire under certain derrieres. It's been a few months since Linus Torvalds got verbal about NVIDIA's support for the semi-eponymous OS, prompting the chip-maker to say "supporting Linux is important to us." Proving that its word is good, NVIDIA will be releasing programming documentation for its Tegra architecture graphics core. The news comes from a talk given by Lucas Stach of the Nouveau project (who develop free drivers for the NVIDIA platform) at the XDC2012 conference. The focus will initially be on Tegra's 2D rendering engine, but it's hopes the 3D will soon follow. So, while Torvalds' approach might have been a little bit brusque, you can't fault its effectiveness. Video of the XDC talk after the break.
Meet your desktop's ancestors: AT&T exhumes footage of the Bell Blit (video)
AT&T's video archives are rich seams of juicy historical tidbits, and today's offering is a fine example. It's sharing footage of the Bell Blit, a graphic interface that Bell Labs developed after being inspired by the Xerox Alto. Originally named the Jerq, it was created by Rob Pike and Bart Locanthi to have the same usability as the Alto, but with "the processing power of a 1981 computer." Watch, as the narrator marvels at being able to use multiple windows at once, playing Asteroids while his debugging software runs in the background on that futuristic green-and-black display. The next time we get annoyed that Crysis isn't running as fast as you'd like it to, just remember how bad the geeks of yesteryear had it.
KDE 4.9 arrives, wants to show off its stability
While its austere naming structure may not endear itself to alliteration fans, KDE 4.9 has arrived with a raft of improvements designed to impress Linux users. It's the first release since the formation of the KDE Quality team, tasked with improving the overall slickness of the desktop environment. You'll find changes to Plasma Workspaces, the application stack, the Dolphin file manager and Okular, which can now save and print PDF files. If you're eager to upgrade, the source code is available at the source link and is dedicated to Claire Lotion -- a KDE contributor who passed away earlier this year.
