Language Selection

English French German Italian Portuguese Spanish

Linuxinsight

Syndicate content
LinuxInsight - aggregated feeds
Updated: 2 min 4 sec ago

TuxMachines: Security: WebAssembly, HTTP Tokens and More

Friday 17th of August 2018 08:56:05 AM
  • The Problems and Promise of WebAssembly

    WebAssembly is a format that allows code written in assembly-like instructions to be run from JavaScript. It has recently been implemented in all four major browsers. We reviewed each browser’s WebAssembly implementation and found three vulnerabilities. This blog post gives an overview of the features and attack surface of WebAssembly, as well as the vulnerabilities we found.

    [...]

    Overall, the majority of the bugs we found in WebAssembly were related to the parsing of WebAssembly binaries, and this has been mirrored in vulnerabilities reported by other parties. Also, compared to other recent browser features, surprisingly few vulnerabilities have been reported in it. This is likely due to the simplicity of the current design, especially with regards to memory management.

    There are two emerging features of WebAssembly that are likely to have a security impact. One is threading. Currently, WebAssembly only supports concurrency via JavaScript workers, but this is likely to change. Since JavaScript is designed assuming that this is the only concurrency model, WebAssembly threading has the potential to require a lot of code to be thread safe that did not previously need to be, and this could lead to security problems.

    WebAssembly GC is another potential feature of WebAssembly that could lead to security problems. Currently, some uses of WebAssembly have performance problems due to the lack of higher-level memory management in WebAssembly. For example, it is difficult to implement a performant Java Virtual Machine in WebAssembly. If WebAssembly GC is implemented, it will increase the number of applications that WebAssembly can be used for, but it will also make it more likely that vulnerabilities related to memory management will occur in both WebAssembly engines and applications written in WebAssembly.

  • Detecting Bomb And Guns Using Normal WiFi: Researchers Find A New Way

    The test was able to give out accurate results on 15 different objects ranging in there different categories — Metal, liquid, and non-dangerous items.

    While it’s not clear whether the government will adopt and use the newly developed tracking method in public places, this certainly looks like the best way to stop guns and bombs get into school premises.

  • What OpenShift Online customers should know about L1TF OpenShift SRE Security

    On Aug. 14, 2018, information was released about another set of “speculative execution” issues with Intel microprocessor hardware known as “L1 Terminal Fault”. As with earlier issues like Spectre and Meltdown, this information was coordinated with the release of updated software solutions to help mitigate the issue.

    At the time the embargo was lifted, the OpenShift SRE team worked to begin remediation (detailed below) on all OpenShift Online clusters. All Pro clusters finished remediation shortly before 18h00 EDT August 14, 2018. All Starter clusters were patched as of 23h30 EDT August 14, 2018.

  • L1TF (AKA Foreshadow) Explained in 3 Minutes from Red Hat
  • Google bod wants cookies to crumble and be remade into something more secure

    A key member of the Google Chrome security team has proposed the death of cookies to be replaced with secure HTTP tokens.

    This week Mike West posted his "not-fully-baked" idea on GitHub and asked for comments. "This isn't a proposal that's well thought out, and stamped solidly with the Google Seal of Approval," he warns. "It's a collection of interesting ideas for discussion, nothing more, nothing less."

    So far, people are largely receptive to the idea while pointing to the complexities that exist in trying to replace something that has become an everyday part of online interaction.

  • Mozilla Recommend a Privacy Extension That Is Tracking Your Web History

    Web Security, a Firefox extension with over 200,000 current users, tracks every website users visit and stores that information on a German web server.

    The extension was recommended by Mozilla in a blog post last week about add-ons that improve users’ privacy. Mozilla has since edited the post, removing Web Security.

read more

TuxMachines: Programming: Perl, Python, CRAN

Friday 17th of August 2018 08:52:04 AM
  • Garbage collection in Perl 6

    In the first article in this series on migrating Perl 5 code to Perl 6, we looked into some of the issues you might encounter when porting your code. In this second article, we’ll get into how garbage collection differs in Perl 6.

    There is no timely destruction of objects in Perl 6. This revelation usually comes as quite a shock to people used to the semantics of object destruction in Perl 5. But worry not, there are other ways in Perl 6 to get the same behavior, albeit requiring a little more thought by the developer. Let’s first examine a little background on the situation in Perl 5.

  • An introduction to the Django Python web app framework

    In the first three articles of this four-part series comparing different Python web frameworks, we covered the Pyramid, Flask, and Tornado web frameworks. We've built the same app three times and have finally made our way to Django. Django is, by and large, the major web framework for Python developers these days and it's not too hard to see why. It excels in hiding a lot of the configuration logic and letting you focus on being able to build big, quickly.

    That said, when it comes to small projects, like our To-Do List app, Django can be a bit like bringing a firehose to a water gun fight. Let's see how it all comes together.

  • Dirk Eddelbuettel: RcppArmadillo 0.9.100.5.0

    A new RcppArmadillo release 0.9.100.5.0, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian.

    It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.

read more

LXer: Rugged, Linux-friendly embedded PC plugs you into the CANBus

Friday 17th of August 2018 07:59:41 AM
IEI announced an IP40-protected “DRPC-130-AL” DIN-rail computer with an Atom x5-E3930, CANBus, SATA, eMMC, 4x USB 3.0, dual HDMI and GbE, extended temperature support, and shock and vibration resistance. IEI’s fanless DRPC-130-AL may be the quintessential compact industrial embedded PC.

TuxMachines: Cloudgizer: An introduction to a new open source web development tool

Friday 17th of August 2018 07:58:29 AM

Cloudgizer is a free open source tool for building web applications. It combines the ease of scripting languages with the performance of C, helping manage the development effort and run-time resources for cloud applications.

Cloudgizer works on Red Hat/CentOS Linux with the Apache web server and MariaDB database. It is licensed under Apache License version 2.

read more

LXer: Happy 25th Birthday, Debian!

Friday 17th of August 2018 06:45:21 AM
Today, August 16, 2018, the Debian Project celebrates its 25th anniversary since the late Ian Murdock announced the Debian Linux Release, which is now known as the Debian Project.

LXer: What is your favorite Linux window manager?

Friday 17th of August 2018 05:31:01 AM
While many Linux users have a strong preference for a window manager of choice, for those just making their way over from Windows or Mac, it may be hard to understand what a window manager is, or that it's even something you have a choice in. A window manager is the part of your system that dictates how individual application windows look, and how you can interact with, control, and arrange them.read more

Reddit: how to improve battery life on openSUSE 15?

Friday 17th of August 2018 05:12:17 AM

Hi all, I have a msi GP63 and I'd really want to improve the battery life of this laptop, it last like an hour just writing, or using chrome. Maybe it's the i7 8750H that is consuming too much? is not always at full speed though. I don't use the gtx1060 so I want to disable it and use the intel instead (if it's not already running).

I tried powertop and tlp but didn't change that much.

I use the laptop on battery to write documents, give presentations and browsing, is not that I need the whole CPU or GPU at max to make those things. So any tips/recommendations with openSUSE?, if not which distro do you recommend to maximize the battery life?

submitted by /u/yiyo999
[link] [comments]

Reddit: [suggestions / advice] Using a graphics tablet with Linux

Friday 17th of August 2018 05:05:26 AM

So, my SO was looking for a graphics tablet for her new system! I recently introduced her to Linux, and has regained her passion for digital art. Anyone got any good suggestions for tablets about 50$ or less that has good native Linux support? If not plug and play, one with drivers that aren't bad? I appreciate it, mates.

submitted by /u/Nocturn_Adrift
[link] [comments]

TuxMachines: James Bottomley on Linux, Containers, and the Leading Edge

Friday 17th of August 2018 04:56:23 AM

It’s no secret that Linux is basically the operating system of containers, and containers are the future of the cloud, says James Bottomley, Distinguished Engineer at IBM Research and Linux kernel developer. Bottomley, who can often be seen at open source events in his signature bow tie, is focused these days on security systems like the Trusted Platform Module and the fundamentals of container technology.

read more

TuxMachines: TransmogrifAI From Salesforce

Friday 17th of August 2018 04:48:57 AM
  • Salesforce plans to open-source the technology behind its Einstein machine-learning services

    Salesforce is open-sourcing the method it has developed for using machine-learning techniques at scale — without mixing valuable customer data — in hopes other companies struggling with data science problems can benefit from its work.

    The company plans to announce Thursday that TransmogrifAI, which is a key part of the Einstein machine-learning services that it believes are the future of its flagship Sales Cloud and related services, will be available for anyone to use in their software-as-a-service applications. Consisting of less than 10 lines of code written on top of the widely used Apache Spark open-source project, it is the result of years of work on training machine-learning models to predict customer behavior without dumping all of that data into a common training ground, said Shubha Nabar, senior director of data science for Salesforce Einstein.

  • Salesforce open-sources TransmogrifAI, the machine learning library that powers Einstein

    Machine learning models — artificial intelligence (AI) that identifies relationships among hundreds, thousands, or even millions of data points — are rarely easy to architect. Data scientists spend weeks and months not only preprocessing the data on which the models are to be trained, but extracting useful features (i.e., the data types) from that data, narrowing down algorithms, and ultimately building (or attempting to build) a system that performs well not just within the confines of a lab, but in the real world.

read more

TuxMachines: Windows Games On Linux and Linux Gaming Performance

Friday 17th of August 2018 04:46:27 AM
  • Windows Games On Linux? Valve May Be Working On New “Steam Play” Tool

    Even though there are quite a few Linux-based distro options for gamers, hardcore gamers often go back to Windows to play the games they love. SteamOS from Valve, the most popular gaming Linux distro, seems to be making headlines from time-to-time, but things have been quiet for some time.

  • A Look At Linux Gaming Performance Scaling On The Threadripper 2950X

    On Monday when the launch embargo expired on the Threadripper 2950X and Threadripper 2990WX I hadn't run any gaming benchmarks since, well, most games even on Windows can't scale out to 32 threads let alone 64 threads... Especially on Linux. It's far more practical getting these Threadripper 2 processors if you want to compile with 32 or 64 make jobs -- among many other common multi-threaded Linux workloads -- versus using this $899 or $1799 processor for a Linux gaming system. But if you are curious how Linux games scale with the Threadripper 2950X, here are some benchmark results when testing both AMD Radeon and NVIDIA GeForce graphics.

read more

TuxMachines: Kernel: Linux 4.19 and Security Aspects

Friday 17th of August 2018 04:42:50 AM
  • Some Of The Smaller Features Hitting The Linux 4.19 Kernel This Week

    Here is a look at some of the smaller features landing in the Linux 4.19 kernel this week in a variety of different subsystems.

  • Linux Kernel Diverts Question To Distros: Trust CPU Hardware Random Number Generators?

    In a controversial move, the Linux kernel will be pushing the question off to distribution vendors on whether to put trust in CPU hardware random number generators.

    Google's Ted Ts'o sent out the random subsystem updates this week for the Linux 4.19 kernel merge window. In addition to the recent change of better protecting entropy sent in from user-space, the decision on whether to trust the CPU hardware random number generators like Intel's RdRand will now be left up to the Linux distribution vendors or end-users having the final say in overriding that decision.

  • L1TF / Foreshadow Mitigations Land In Linux 4.18 / 4.17 / 4.14 / 4.9 / 4.4 Kernel Update

    Linux stable maintainer Greg Kroah-Hartman has released new updates across the Linux 4.18, 4.17, 4.14, 4.9, and 4.4 kernel channels to address the recently exposed L1 Terminal Fault "L1TF" / Foreshadow Meltdown-like CPU vulnerability affecting Intel processors.

    Linux 4.4.148, 4.9.120, 4.14.63, 4.17.15, and 4.18.1 are all out this morning with their principal changes in these patch releases being the inclusion of L1TF/Foreshadow mitigation. As covered already, the default behavior is to carry out conditional L1D flushes on VMENTER, but there are kernel knobs available for always forcing L1 cache flushes on VMENTER and the full protection of disabling SMP/HT support.

  • Linux 4.19 Goes Ahead And Makes Lazy TLB Mode Lazier For Small Performance Benefit

    Last month I wrote about lazy TLB mode improvements on the way to the mainline kernel and this week the changes were indeed merged for the in-development Linux 4.19 kernel.

read more

TuxMachines: ASUS Begins Offering Linux-Based Endless OS On Select Laptops

Friday 17th of August 2018 04:38:58 AM

It has been a while since ASUS last offered any Linux options for laptops, but they appear to have a new effort underway with Endless OS.

For those that remember Eee PC from a decade ago, ASUS used to offer some Linux laptops/netbook options that back was using Xandros Linux during the netbook fad...

read more

LXer: MongoDB installation & configuration on RHEL/CentOS

Friday 17th of August 2018 04:16:40 AM
MongoDB is one of the famous , free & open source document oriented No-SQL database server. MongoDB uses JSON like document format to store data in database, rather than using rows & columns, as...

TuxMachines: Games: Fell Seal: Arbiter's Mark, Orwell, Megaquarium, Moonlighter

Friday 17th of August 2018 03:52:50 AM

read more

More in Tux Machines

GNOME: NVMe Firmware and GSConnect

  • Richard Hughes: NVMe Firmware: I Need Your Data
    In a recent Google Plus post I asked what kind of hardware was most interesting to be focusing on next. UEFI updating is now working well with a large number of vendors, and the LVFS “onboarding” process is well established now. On that topic we’ll hopefully have some more announcements soon. Anyway, back to the topic in hand: The overwhelming result from the poll was that people wanted NVMe hardware supported, so that you can trivially update the firmware of your SSD. Firmware updates for SSDs are important, as most either address data consistency issues or provide nice performance fixes.
  • Gnome Shell Android Integration Extension GSConnect V12 Released
    GSConnect v12 was released yesterday with changes like more resilient sshfs connections (which should make browsing your Android device from the desktop more reliable), fixed extension icon alignment, along with other improvements. GSConnect is a Gnome Shell extension that integrates your Android device(s) with the desktop. The tool makes use of the KDE Connect protocol but without using any KDE dependencies, keeping your desktop clean of unwanted packages.
  • Linux Release Roundup: Communitheme, Cantata & VS Code
    GSconnect is a magical GNOME extension that lets your Android phone integrate with your Linux desktop. So good, in fact, that Ubuntu devs want to ship it as part of the upcoming Ubuntu 18.10 release (though last I heard it probably just end up in the repos instead). Anyway, a new version of GSconnect popped out this week. GSconnect v12 adds a nifty new features or two, as well as a few fixes here, and a few UI tweaks there.

Red Hat Leftovers

  • Red Hat Advances Container Storage
    Red Hat has moved to make storage a standard element of a container platform with the release of version 3.1 of Red Hat OpenShift Container Storage (OCS), previously known as Red Hat Container Native Storage. Irshad Raihan, senior manager for product marketing for Red Hat Storage, says Red Hat decided to rebrand its container storage offering to better reflect its tight integration with the Red Hat OpenShift platform. In addition, the term “container native” continues to lose relevance given all the different flavors of container storage that now exist, adds Raihan. The latest version of the container storage software from Red Hat adds arbiter volume support to enable high availability with efficient storage utilization and better performance, enhanced storage monitoring and configuration via the Red Hat implementation of the Prometheus container monitoring framework, and block-backed persistent volumes (PVs) that can be applied to both general application workloads and Red Hat OpenShift Container Platform (OCP) infrastructure workloads. Support for PVs is especially critical because to in the case of Red Hat OCS organizations can deploy more than 1,000 PVs per cluster, which helps to reduce cluster sprawl within the IT environment, says Raihan.
  • Is Red Hat Inc’s (NYSE:RHT) ROE Of 20.72% Sustainable?
  • FPgM report: 2018-33

OSS Leftovers

  • Infineon enables open source TSS ESAPI layer
    This is the first open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the Trusted Computing Group . “The ease of integration on Linux and other embedded platforms that comes with the release of the TPM 2.0 ESAPI stack speeds up the adoption of TPM 2.0 in embedded systems such as network equipment and industrial systems,” says Gordon Muehl, Global CTO Security at Huawei.
  • Open source RDBMS uses spurred by lower costs, cloud options
    As the volumes of data generated by organizations get larger and larger, data professionals face a dilemma: Must database bills get bigger in the process? And, increasingly, IT shops with an eye on costs are looking to open source RDBMS platforms as a potential alternative to proprietary relational database technologies.
  • Progress open sources ABL code in Spark Toolkit
    New England headquartered application development company Progress is flexing its programmer credentials this month. The Massachusetts-HQ’d firm has now come forward with its Progress Spark Toolkit… but what is it? The Progress Spark Toolkit is a set of open source ABL code combined with some recommended best-practices.
  • Mixing software development roles produces great results
    Most open source communities don’t have a lot of formal roles. There are certainly people who help with sysadmin tasks, testing, writing documentation, and translating or developing code. But people in open source communities typically move among different roles, often fulfilling several at once. In contrast, team members at most traditional companies have defined roles, working on documentation, support, QA, and in other areas. Why do open source communities take a shared-role approach, and more importantly, how does this way of collaborating affect products and customers? Nextcloud has adopted this community-style practice of mixing roles, and we see large benefits for our customers and our users.
  • FOSS Project Spotlight: SIT (Serverless Information Tracker)
    In the past decade or so, we've learned to equate the ability to collaborate with the need to be online. The advent of SaaS clearly marked the departure from a decentralized collaboration model to a heavily centralized one. While on the surface this is a very convenient delivery model, it simply doesn't fit a number of scenarios well. As somebody once said, "you can't FTP to Mars", but we don't need to go as far. There are plenty of use cases here on Earth that are less than perfectly suited for this "online world". Lower power chips and sensors, vessel/offshore collaboration, disaster recovery, remote areas, sporadically reshaping groups—all these make use of central online services a challenge. Another challenge with centralization is somewhat less thought of—building software that can handle a lot of concurrent users and that stores and processes a lot of information and never goes down is challenging and expensive, and we, as consumers, pay dearly for that effort. And not least important, software in the cloud removes our ability to adapt it perfectly for use cases beyond its owner's vision, scope and profitability considerations. Convenience isn't free, and this goes way beyond the price tag.
  • ProtonMail's open source encryption library, OpenPGPjs, passes independent audit
    ProtonMail, the secure email provider, has just had its credentials re-affirmed after its encryption library, OpenPGPjs, passed an independent security audit. The audit was carried out by the respected security firm, Cure53, after the developer community commissioned a review following the release of OpenPGPjs 3.0 back in March.
  • Uber Announces Open Source Fusion.js Framework
    Uber Announces Fusion.js, an open source "Plugin-based Universal Web Framework." In the announcement, Uber senior software engineer Leo Horie explains that Uber builds hundreds of web-based applications, and with web technologies changing quickly and best practices continually evolving, it is a challenge to have hundreds of web engineers leverage modern language features while staying current with the dynamic nature of the web platform. Fusion.js is Uber's solution to this problem.
  •  
  • ASAN And LSAN Work In rr
    AddressSanitizer has worked in rr for a while. I just found that LeakSanitizer wasn't working and landed a fix for that. This means you can record an ASAN build and if there's an ASAN error, or LSAN finds a leak, you can replay it in rr knowing the exact addresses of the data that leaked — along with the usual rr goodness of reverse execution, watchpoints, etc. Well, hopefully. Report an issue if you find more problems.
  • Oracle Open-Sources GraphPipe to Support ML Development
    Oracle on Wednesday announced that it has open-sourced GraphPipe to enhance machine learning applications. The project's goal is to improve deployment results for machine learning models, noted Project Leader Vish Abrams. That process includes creating an open standard. The company has a questionable relationship with open source developers, so its decision to open-source GraphPipe might not receive a flood of interest. Oracle hopes developers will rally behind the project to simplify and standardize the deployment of machine learning models. GraphPipe consists of a set of libraries and tools for following a deployment standard.
  • OERu makes a college education affordable
    Open, higher education courses are a boon to adults who don’t have the time, money, or confidence to enroll in traditional college courses but want to further their education for work or personal satisfaction. OERu is a great option for these learners. It allows people to take courses assembled by accredited colleges and universities for free, using open textbooks, and pay for assessment only when (and if) they want to apply for formal academic credit. I spoke with Dave Lane, open source technologist at the Open Education Resource Foundation, which is OERu’s parent organization, to learn more about the program. The OER Foundation is a nonprofit organization hosted by Otago Polytechnic in Dunedin, New Zealand. It partners with organizations around the globe to provide leadership, networking, and support to help advance open education principles.
  • Tomu Is A Tiny, Open Source Computer That Easily Fits In Your USB Port
    There are a number of USB stick computers available in the market at varying prices. One of them that really stands out is Tomu — a teeny weeny ARM processor that can entirely fit inside your computer’s USB port. Tomu is based on Silicon Labs Happy Gecko EFM32HG309 Arm Cortex-M0+ microcontroller that runs at 25 MHz. It sports 8 kb of RAM and 60 kb of flash onboard. In spite of the small size, it supports two LEDs and two capacitance touch buttons.
  • RcppArmadillo 0.9.100.5.0
    A new RcppArmadillo release 0.9.100.5.0, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian. It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.
  • PHP version 7.1.21 and 7.2.9
    RPM of PHP version 7.2.9 are available in remi repository for Fedora 28 and in remi-php72 repository for Fedora 25-27 and Enterprise Linux ≥ 6 (RHEL, CentOS). RPM of PHP version 7.1.21 are available in remi repository for Fedora 26-27 and in remi-php71 repository for Fedora 25 and Enterprise Linux (RHEL, CentOS).

GNU/Linux on Laptops and Desktops

  • Endless OS and Asus, Update on L1TF Exploit, Free Red Hat DevConf.US in Boston, Linux 4.19 Kernel Update
    Some of us may recall a time when ASUS used to ship a stripped down version of Xandros Linux with their line of Eee PC netbooks. Last week, the same company announced that Endless OS will be supporting non-OS offerings of their product. However it comes with a big disclaimer stating that ASUS will not officially support the operating system's compatibility issues.
  • The Chromebook Grows Up
    What started out as a project to provide a cheap, functional, secure and fast laptop experience has become so much more. Chromebooks in general have suffered from a lack of street-cred acceptance. Yes, they did a great job of doing the everyday basics—web browsing and...well, that was about it. Today, with the integration of Android apps, all new and recently built Chrome OS devices do much more offline—nearly as much as a conventional laptop or desktop, be it video editing, photo editing or a way to switch to a Linux desktop for developers or those who just like to do that sort of thing.
  • Windows 10 Linux Distribution Overload? We have just the thing [Ed: Microsoft is still striving to control and master GNU/Linux through malware, Vista 10]
  • What Dropbox dropping Linux support says
    You've probably already heard by now that Dropbox is nixing support for all Linux file systems but unencrypted ext4. When this was announced, much of the open source crowd was up in arms—and rightfully so. Dropbox has supported Linux for a long time, so this move came as a massive surprise.
  • Winds Beautifully Combines Feed Reader and Podcast Player in One Single App
    Billboard top 50 playlist is great for commuting. But I’m a nerd so I mostly prefer podcasts. Day after day, listening to podcasts on my phone has turned into a habit for the better and now, I crave my favorite podcasts even when I’m home, sitting in front of my computer. Thus began, my hunt for the perfect podcast app for Linux. Desktop Linux doesn’t have a huge selection of dedicated podcast applications. Of course, you can use Rhythmbox music player or VLC Media player to download podcasts (is there anything VLC can’t do?). There are even some great command line tools to download podcasts if you want to go down that road.
  • VirtualBox 5.2.18 Maintenance Update fixed VM process termination on RDP client disconnect
    Virtualbox developers released a maintenance update for virtualization solution on the 14th of August, 2018. The latest update raised the version of VirtualBox to 5.2.18. The improvements and additions have been welcomed by several users as it makes the virtualization product even more convenient to use.