By the looks of it, this year, KDE users will have a bunch of awesome and powerful tools, all of them ported to the next-generation Qt 5 UI toolkit, and this is also the case of the famous digiKam image editor.
digiKam is an open-source, cross-platform and free image editor software piece, as well as a versatile image viewer and browser tool that is usually shipped by default with most KDE desktop environments setups on several important Linux kernel-based operating systems… (read more)
The developers of Simplicity Linux have announced the release of their Puppy-based distribution which uses LXDE as the default desktop interface. The new version, Simplicity Linux 16.01, ships with the Chrome web browser and DotVPN in place of the Tor Browser. The distribution is available in two editions,….
NayuOS is a new operating system built by Nexedi that aims to provide users with a Chrome OS free alternative.
There are a few Chrome OS alternatives out there, so NayuOS is not exactly arriving without any kind of candidates. The team doesn’t change anything at the base of the system, meaning that it’s a Gentoo and Chromium OS-based project, but the developers have made modifications to the default apps and to the settings.
There is always room for another Linux distrib… (read more)
A few images showing the Meizu Pro 5 running Ubuntu Touch have been spotted online, but it’s a confirmation that a new phone from Meizu is getting Ubuntu.
Only one device from Meizu got Ubuntu, the MX4, and that one is not even available for sale right now. The online store for Europe has been closed and the device is not even listed on the official website. From what we can tell, either it was a limited edition or the Chinese company simply dropped the phone.
This is re… (read more)
Welcome back to the GPG series, where we are exploring how to make use of GPG with other applications to secure and protect your data.This installment will cover key creation, key revocation certificate creation, and sending the public key to a key server. The second part of key management will cover exporting, revoking, adding and removing keys.
In Fedora, you have the option to use Seahorse or the command line to create a key. In this series, we will cover both.
GPG in the GUI: Seahorse
To start Seahorse, switch to the Activities overview and search for ‘seahorse‘ or ‘keys‘.
Open Seahorse (also named Passwords and Keys depending on your desktop environment).
Then select File > New…
Then select PGP Key and Continue.
Fill out the basic options with your name and email. The advanced options allow you to choose an encryption type, key strength, and expiration date. It is recommended that you use RSA and a key strength of 4096 bits. Choosing an expiration date is also highly recommended for security reasons. Some combinations of algorithm and key length are not secure, so stick with this recommendation unless you know what you are doing.
Recommendations for expiration dates range between two and five years. GPG gives you the ability to modify and extend key expiration dates later. An expiration date ensures helps keep your key secure. If you have multiple addresses, do not worry about which one to choose, because you can add extra email addresses after the key is created.
GPG in the command line
In Fedora, there are two commands for working with GPG: gpg and gpg2. If you are using GPG on the graphical desktop, use gpg2, because the resulting keyring and files integrate with desktop applications like Evolution and Seahorse.
To generate a key, use gpg2 –full-gen-key to choose all the key creation options.
$ gpg2 --full-gen-key gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection?
Select option 1 to generate an RSA key for signing and encryption.
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096
You will then be prompted to select a key length. The default is currently 2048, but the maximum length is recommended. As computing capabilities increase, shorter keys will become insecure to use. A longer key is likely to be secure for a longer time. While you can migrate to a new key, the process is a bit tedious.
Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2 Key expires at Tue 26 Jan 2016 09:44:43 AM EST Is this correct? (y/N)
When selecting a key expiration, ensure that you add the value for weeks, months, or years. As you can see from the example above, if you fail to do so, GPG defaults to days. As recommended with Seahorse, choose an expiration between two and five years.
GnuPG needs to construct a user ID to identify your key. Real name: charles profitt Email address: email@example.com Comment: You selected this USER-ID: "charles profitt <firstname.lastname@example.org>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You are now prompted to enter values so GPG can construct a user ID. Enter your real name and email address. You can add extra email addresses after the key is created. After entering these values, GPG prompts you to check your entries and optionally change the values, accept them, or quit.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: key 5D50C86C marked as ultimately trusted gpg: directory '/home/cprofitt/.gnupg/openpgp-revocs.d' created public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2016-01-26 pub rsa4096/5D50C86C 2016-01-24 [expires: 2016-01-26] Key fingerprint = 647D B957 0E03 4247 8C30 6852 1462 A582 5D50 C86C uid [ultimate] charles profitt <email@example.com> sub rsa4096/8D8FF075 2016-01-24 [expires: 2016-01-26]
Entropy is equally important to key length. Entropy generally means disorder. In key generation, it means disordered, random data that is virtually impossible to regenerate. If your key is not generated with enough entropy. it will be more vulnerable to attack. When the system gains enough entropy, it will generate your key with the options you selected.
It may take some time for your system to generate entropy. To assist the random number generator with this process, open other programs or move the mouse around. GPG will also prompt you to enter a passphrase for your key.
When you want to use either your public or private key, you will be prompted for your passphrase, so make sure you remember it! This makes the passphrase very important. Someone with your passphrase has the ability to assume your identity or decrypt your data. So make sure you use a strong passphrase. (Search Google for other ideas on making strong passphrases.) Do not use the same password used to log in to your account or the root account, or a password you use on any other system.
Sending a key to a key server
Now that you have a key pair, you need to send the public key to a keyserver so other people can find and use it. Your public key is used by others to verify messages you sign, or to decrypt a message sent with your private key. As we discussed in the first part of the series, keyservers on the internet collect and advertise public keys to make data exchange easier. They help you share a public key as widely as possible.
Remember that your public key is just one half of the key pair used in the asymmetric process of encrypting a message or file. A message encrypted with the public key can be decrypted only by the private key, and vice versa. This process will be discussed in greater details later in the series.
Open Seahorse and navigate to your PGP keys. Then select Remote > Sync and publish keys…
The Sync button will be grayed out until you select a keyserver. To do this, click the Key Servers button.
The two default servers are both acceptable. In addition, the Fedora Project also provides a keyserver. To add this key server click the Add button. Enter the address keys.fedoraproject.org. Then select a server for publishing your public key in the drop-down menu below the list of keys. Finally, close the dialog box and the Sync button will be enabled.
To send your key to a keyserver, you must know your key identifier. To find your key identifier, use this command:
$ gpg2 --list-keys /home/cprofitt/.gnupg/pubring.kbx --------------------------------- pub rsa4096/5D50C86C 2016-01-24 [expires: 2016-01-26] uid [ultimate] charles profitt <firstname.lastname@example.org> sub rsa4096/8D8FF075 2016-01-24 [expires: 2016-01-26]
The key you want to send is your public key. This is the key on the first line starting with pub.
$ gpg2 --keyserver keys.fedoraproject.org --send-key 5D50C86C gpg: sending key 5D50C86C to hkp server keys.fedoraproject.org
The key is now sent to the selected keyserver. With your public key available to others, you are ready to start using GPG to keep your communications authentic and secure.
When you created your key, GPG also created a revocation certificate. When you use the command line, this is more obvious, but Seahorse also creates a revocation certificate. In both cases, the certificate is located in ~/home/.gnupg/openpgp-revocs.d/.
A revocation certificate allows you to tell the world your key pair is no longer valid. You would use this certificate if your private key is stolen, compromised, or lost. You should also use the revocation certificate if you forget your passphrase and can no longer use your key pair. You should store your revocation certificate and private key in the most secure storage possible. You should also store your revocation certificate in a different location than the private key.
Many users put their private key and revocation certificates on two flash drives and store them in a lock box or safe. If your revocation certificate is not secure, a malicious actor could revoke your key pair, and cause a major disruption for you as well as those who use your public key.
One of the designers working on elementary forked the elementary icon and GTK themes to create an old-school version that resembles the orange artwork used in previous Ubuntu OSes.
The Ubuntu designers are changing the current orange color used in their distro to another kind of orange. It’s not a big modification, but it prompted one of the elementary designers to make a special theme for elementary OS that gives the feeling of running an old Ubuntu 8.04.
Ubuntu used to… (read more)
Discussions about making Ubuntu a rolling release distro have been going on for a few years now, but a decision wasn’t made. It turns out that it might happen anyway when Ubuntu running Unity 8 and Mir become mainstream.
Canonical already has a rolling release Ubuntu distribution right now, and it’s the one running on the phone. It’s running Unity 8 and Mir, and the same underlying code will be used for the desktop edition as well.
If we also remember that Canonical want… (read more)
The development team behind the Sabayon Linux computer operating system has made a habit of publishing new ISO builds of the OS at the end of a month for the one preceding it.
And so, today being the first day of February, we’re happily informing our readers of the release of the Sabayon 16.02 Live ISO images that were published on the project’s FTP servers last week, on January 28, 2016.
What’s new? Mostly updates to many of the core components and applications, as Saba… (read more)
It’s still Sunday in the US, so Linus Torvalds has just made his weekly announcement about the release and immediate availability for download and testing of a new RC (Release Candidate) build of the upcoming Linux 4.5 kernel.
According to Mr. Torvalds, Linux kernel 4.5 RC2 is a pretty big one, at least when compared with last week’s first Release Candidate build, and it includes architecture and driver updates, some fixes for the Btrfs file system, perf improvements, as we… (read more)
The developers of the Simplicity Linux computer operating system have had the great pleasure of announcing the release and immediate availability for download of Simplicity Linux 16.01.
Simplicity Linux is an open-source GNU/Linux distribution based on the LXPup OS and built around the lightweight LXDE desktop environment. The latest release, Simplicity Linux 16.01, comes as Desktop and Netbook flavors and includes the latest version of the Google Chrome web browser with th… (read more)
Jerry Bezencon has been extremely proud to announce today, February 1, 2016, the release and immediate availability for download of his Ubuntu-based Linux Lite 2.8 computer operating system.
Linux Lite 2.8 is the last point release in the 2.0 series of the distribution, and it has been dedicated to the memory of Ian Murdock, the creator of the well-known Debian Project and the Debian GNU/Linux operating system, who sadly passed away on December 28, 2015. Linux Lite 2.8 is m… (read more)
Renowned kernel maintainer Greg Kroah-Hartman reported at the end of January on the release and immediate availability for download of the ninety-sixth maintenance build of the Linux 3.10 long-term supported kernel series.
Looking at the appended shortlog for Linux 3.10.96, we can notice that the new point release changes a total of 56 files, with 333 insertions and 153 deletions, bringing various improvements to the PowerPC (PPC), x86, ARM64 (AArch64), OpenRISC, and MN1030… (read more)
This week in DistroWatch Weekly: Review: Experiences with deepin 15 News: Mint plans X-Apps, FreeBSD to support boot environments, Debian provides updated media, Canonical shows off new convergence designs and openSUSE rolls out new build servers Questions and answers: Logging into the desktop as root Torrent corner: BackBox,….
Seek out the rewards of the Zodiac and discover Invention-themed cosmetics this week.
Ex-Kubuntu maintainer Jonathan Riddell had the great pleasure of announcing yesterday, January 30, during the FOSDEM (Free and Open Source Software Developers’ European Meeting) 2016 event, the KDE Neon project.
Jerry Bezencon has announced the launch of a new version of Linux Lite, a user friendly distribution based on packages found in the Ubuntu repositories. The new version, Linux Lite 2.8, introduces a number of features, including better hardware support, a help manual that is accessible from the….
The Sabayon project, which produces a Gentoo-based distribution that provides a great deal of functionality out of the box, has released Sabayon 16.02. The new release mostly features updates to the distribution’s utilities and desktop environments. The new version also introduces initial support for the ARM architecture. “We….
Spotify’s new video content section, dubbed Shows, hit Android devices this week. And though the feature wasn’t supposed to make it to iOS devices until sometime next week, there is a way for you to access it right now. You won’t be able to access it from the Browse page, as you would on an Android. Instead, iOS users will need to first navigate to the Your Library page and look for the Shows listing under Playlists. That’s it. Once you’re in the Shows page, you’ll be able to browse and search through video content from more than a dozen providers including the BBC, Comedy Central and ESPN.
The OpenELEC team has published an update to the project’s 6.0.x series. The new version, OpenELEC 6.0.1, focuses on bug fixes and minor adjustments to the embedded media distribution. “OpenELEC 6.0.1 is a maintenance release so there are no new features. The main fixes are: libCEC has been….
The Document Foundation (TDF), the charitable entity behind the world’s leading free office suite LibreOffice, seeks a
Quality Assurance Engineer
to start work as soon as possible.
The role, which is scheduled for 20 hours a week, includes amongst other items: