Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • A Diatribe Concerning My Experiences With Gopher

    This is an article that will collect my opinions concerning Gopher experiences and practices, primarily those I dislike, with regards to conventions I've encountered and whatnot. I'll update this article as I have more to write of and feel the want.

  • A Look at the Open-Source Tools Behind Today’s State-of-the-Art Visual Effects

    Today, Software Defined Visualization (SDVis) is the ultimate in the world of visualization, allowing the best-of-the-best to emerge. It’s hardly a secret in the world of scientific visualization, digital animation, and computer graphics (CG). Go to any hit movie these days, and the results of SDVis will be present to help make the incredible believable.

  • Arturo Borrero González: Netfilter workshop 2019 Malaga summary

    This week we had the annual Netfilter Workshop. This time the venue was in Malaga (Spain). We had the hotel right in the Malaga downtown and the meeting room was in University ETSII Malaga. We had plenty of talks, sessions, discussions and debates, and I will try to summarice in this post what it was about.

    Florian Westphal, Linux kernel hacker, Netfilter coreteam member and engineer from Red Hat, started with a talk related the some works being done in the core of the Netfilter code in the kernel to convert packet processing to lists. He shared an overview of current problems and challenges. Processing in a list rather than per packet seems to have several benefits: code can be smarter and faster, so this seems like a good improvement. On the other hand, Florian thinks some of the pain to refactor all the code may not worth it. Other approaches may be considered to introduce even more fast forwarding paths (apart from the flow table mechanisms for example which is already available).

    Florian also followed up with the next topic: testing. We are starting to have a lot of duplicated code to do testing. Suggestion by Pablo is to introduce some dedicated tools to ease in maintenance and testing itself. Special mentions to nfqueue and tproxy, 2 mechanisms that requires quite a bit of code to be well tested (and could be hard to setup anyway).

    [...]

    After lunch, Pablo followed up with a status update on hardware flow offload capabilities for nftables. He started with an overview of the current status of ethtool_rx and tc offloads, capabilities and limitations. It should be possible for most commodity hardware to support some variable amount of offload capabilities, but apparently the code was not in very good shape. The new flow block API should improve this situation, while also giving support for nftables offload. Related article in LWN: https://lwn.net/Articles/793080/

    Next talk was by Phil, engineer at Red Hat. He commented on user-defined strings in nftables, which presents some challenges. Some debate happened, mostly to get to an agreement on how to proceed.

  • QMO: Firefox Nightly 70 Testday, July 19th

    We are happy to let you know that Friday, July 19th, we are organizing Firefox Nightly 70 Testday. We’ll be focusing our testing on: Fission.

  • This free open-source tool can help game developers make procedural ivy [Ed: Mono is a problem]

    This is a tool specifically for games being made in Unity, an engine which has been used to make plenty of games people don't associate with it—games like Hearthstone, Cities: Skylines, Wasteland 2, Beat Saber, and Cuphead, for instance, were all made in Unity.

  • Popular licenses in OpenAPI

    Note: Before you start complaining, I realise this is probably a very sub-optimal solution code-wise, but it worked for me. In my defence, I did open up my copy of the Sed & Awk Pocket Reference before my eyes went all glassy and I hacked up the following ugly method. Also note that the shell scripts are in Fish shell and may not work directly in a 100% POSIX shell.

    First, I needed to get a data set to work on. Hat-tip to Mike Ralphson for pointing me to APIs Guru as a good resource. I analysed their APIs-guru/openapi-directory repository1, where in the APIs folder they keep a big collection of public APIs. Most of them following the OpenAPI (previously Swagger) specification.

  • Infinite work is less work
    The first task of last week's Perl Weekly Challenge was to print the
    first ten strong and weak primes. A prime pn is "strong" if it's larger
    than the average of its two neighbouring primes (i.e. pn > (pn-1+pn+1)/2).
    A prime is "weak" if it's smaller than the average of its two neighbours.
    
    Of course, this challenge would be trivial if we happened to have a list
    of all the prime numbers. Then we'd just filter out the first ten that
    are strong, and the first ten that are weak. In fact, it would be even
    easier if we happened to have a list of all the strong primes, and a
    list of all the weak ones. Then we'd just print the first ten of each.
    
    But there are an infinite number of primes and of weak primes (and
    possibly of strong primes too, though that's still only conjectured),
    so building a complete list of the various subspecies of primes 
    is impractical in most programming languages.
    
    
    

More in Tux Machines

Ubuntu/Debian: Comparison of Memory Usages, Ubuntu 18.10 (Cosmic Cuttlefish) End of Life and More

  • Comparison of Memory Usages of Ubuntu 19.04 and Flavors in 2019

    Continuing my previous Mem. Comparison 2018, here's my 2019 comparison with all editions of Ubuntu 19.04 "Disco Dingo". The operating system editions I use here are the eight: Ubuntu Desktop, Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Ubuntu Studio, Ubuntu Kylin, and Ubuntu Budgie. I installed every one of them on my laptop and (immediately at first login) took screenshot of the System Monitor (or Task Manager) without doing anything else. I present here the screenshots along with each variant's list of processes at the time I took them. And, you can download the ODS file I used to create the chart below. Finally, I hope this comparison helps all of you and next time somebody can make better comparisons.

  • Ubuntu 18.10 (Cosmic Cuttlefish) End of Life reached on July 18 2019
    This is a follow-up to the End of Life warning sent earlier this month
    to confirm that as of today (July 18, 2019), Ubuntu 18.10 is no longer
    supported.  No more package updates will be accepted to 18.10, and
    it will be archived to old-releases.ubuntu.com in the coming weeks.
    
    
    
    
    The original End of Life warning follows, with upgrade instructions:
    
    
    
    
    Ubuntu announced its 18.10 (Cosmic Cuttlefish) release almost 9 months
    ago, on October 18, 2018.  As a non-LTS release, 18.10 has a 9-month
    support cycle and, as such, the support period is now nearing its
    end and Ubuntu 18.10 will reach end of life on Thursday, July 18th.
    
    
    
    
    At that time, Ubuntu Security Notices will no longer include
    information or updated packages for Ubuntu 18.10.
    
    
    
    
    The supported upgrade path from Ubuntu 18.10 is via Ubuntu 19.04.
    Instructions and caveats for the upgrade may be found at:
    
    
    
    
    https://help.ubuntu.com/community/DiscoUpgrades
    
    
    
    
    Ubuntu 19.04 continues to be actively supported with security updates
    and select high-impact bug fixes.  Announcements of security updates
    for Ubuntu releases are sent to the ubuntu-security-announce mailing
    list, information about which may be found at:
    
    
    
    
    https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
    
    
    
    Since its launch in October 2004 Ubuntu has become one of the most
    highly regarded Linux distributions with millions of users in homes,
    schools, businesses and governments around the world. Ubuntu is Open
    Source software, costs nothing to download, and users are free to
    customise or alter their software in order to meet their needs.
    
    
    
    
    On behalf of the Ubuntu Release Team,
    
    
    
    
    Adam Conrad
    
  • CMake leverages the Snapcraft Summit with Travis CI to build snaps

    CMake is an open-source, cross-platform family of tools designed to build, test and package software. It is used to control the software compilation process and generate native makefiles and workspaces that can be used in any compiler environment.  While some users of CMake want to stay up to date with the latest release, others want to be able to stay with a known version and choose when to move forward to newer releases, picking up just the minor bug fixes for the feature release they are tracking. Users may also occasionally need to roll back to an earlier feature release, such as when a bug or a change introduced in a newer CMake version exposes problems within their project. Craig Scott, one of the co-maintainers of CMake, sees snaps as an excellent solution to these needs. Snaps’ ability to support separate tracks for each feature release in addition to giving users the choice of following official releases, release candidates or bleeding edge builds are an ideal fit. When he received an invitation to the 2019 Snapcraft Summit, he was keen to work directly with those at the pointy end of developing and supporting the snap system. 

  • Ubuntu's Zsys Client/Daemon For ZFS On Linux Continues Maturing For Eoan

    Looking ahead to Ubuntu 19.10 as the cycle before Ubuntu 20.04 LTS, one of the areas exciting us with the work being done by Canonical is (besides the great upstream GNOME performance work) easily comes down to the work they are pursuing on better ZFS On Linux integration with even aiming to offer ZFS as a file-system option from their desktop installer. A big role in their ZoL play is also the new "Zsys" component they have been developing. 

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, June 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

European Events: Apache and GStreamer

  • ApacheCon Europe 2019 Schedule Revealed by The Apache Software Foundation

    If you’ve been following Apache Software Foundation (ASF) announcements for ApacheCon 2019, you must be aware of the conference in Las Vegas (ApacheCon North America) from September 9 to September 12. And, recently, they announced their plans for ApacheCon Europe 2019 to be held on 22-24 October 2019 at the iconic Kulturbrauerei in Berlin, Germany. It is going to be one of the major events by ASF this year. In this article, we shall take a look at the details revealed as of yet.

  • GStreamer in Oslo

    Aaron discussed various ways to record RTSP streams when used with playbin and brought up some of his pending merge requests around the closed captioning renderer and Active Format Description (AFD) support, with a discussion about redoing the renderer properly, and in Rust. George discussed a major re-work of the gst-omx bufferpool code that he has been doing and then moved his focus on Qt/Android support. He mostly focused on the missing bits, discussing builds and infrastructure issues with Nirbheek and myself, and going through his old patches.

Latest Openwashing: Amazon, RedMonk/Microsoft/GitHub, Linux Foundation Energy, B2B on Red Hat/IBM Site

Security, DRM and Privacy

  • Security updates for Thursday

    Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

  • EvilGnomes Linux malware record activities & spy on users [Ed: This is something the user actually installs, harming his/her machine. Original post here.]]

    Dubbed EvilGnomes by researchers; the malware was found masquerading as a Gnome shell extension targeting Linux’s desktop users.

  • Mike Driscoll: New Malicious Python Libraries Found Targeting Linux

    They were written by a user named ruri12. These packages were removed by the PyPI team on July 9, 2019. However they were available since November 2017 and had been downloaded fairly regularly. See the original article for more details. As always, when using a package that you aren’t familiar with, be sure to do your own thorough vetting to be sure you are not installing malware accidentally.

  • Latest Huawei 'Smoking Gun' Still Doesn't Prove Global Blackball Effort's Primary Justification

    We've noted a few times now how the protectionist assault against Huawei hasn't been supported by much in the way of public evidence. As in, despite widespread allegations that Huawei helps China spy on Americans wholesale, nobody has actually been able to provide any hard public evidence proving that claim. That's a bit of a problem when you're talking about a global blackballing effort. Especially when previous investigations as long as 18 months couldn't find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don't want to compete with cheaper Chinese kit. That said, a new report (you can find the full thing here) dug through the CVs of many Huawei executives and employees, and found that a small number of "key mid-level technical personnel employed by Huawei have strong backgrounds in work closely associated with intelligence gathering and military activities."

  • No love lost between security specialists and developers

    Unless you've been under a rock, you've noticed hardly a day goes by without another serious security foul-up. While there's plenty of blame to go around for these endless security problems, some of it goes to developers who write bad code. That makes sense. But when GitLab, a DevOps company, surveyed over 4,000 developers and operators, they found 68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes.

  • GitLab Survey Surfaces Major DevSecOps Challenges Ahead

    A report based on a survey of 4,071 software professionals published this week by GitLab, a provider of a continuous integration and continuous deployment (CI/CD) platform, found that while appreciation of the potential value of DevSecOps best practices is high, the ability to implement those practices is uneven at best.

  • GitLab Survey Reveals Disconnect Between Developer And Security Teams

    In a survey conducted by GitLab, software professionals recognize the need for security to be baked into the development lifecycle, but the survey showed long-standing friction between security and development teams remain. While 69% of developers say they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel fewer than half of developers are able to spot security vulnerabilities later in the lifecycle.

  • Cook: security things in Linux v5.2

    Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2.

  • Doctorow's novella "Unauthorized Bread" explains why we have to fight DRM today to avoid a grim future

    Salima has a problem: her Boulangism toaster is locked down with software that ensures that it will only toast bread sold to her by the Boulangism company… and as Boulangism has gone out of business, there's no way to buy authorized bread. Thus, Salima can no longer have toast. This sneakily familiar scenario sends our resourceful heroine down a rabbit hole into the world of hacking appliances, but it also puts her in danger of losing her home -- and prosecution under the draconian terms of the Digital Millennium Copyright Act (DMCA). Her story, told in the novella “Unauthorized Bread,” which opens Cory Doctorow’s recent book Radicalized, guides readers through a process of discovering what Digital Restrictions Management (DRM) is, and how the future can look mightily grim if we don’t join forces to stop DRM now. “Unauthorized Bread” takes place in the near future, maybe five or ten years at most, and the steady creep of technology that takes away more than it gives has simply advanced a few degrees. Salima and her friends and neighbors are refugees, and they live precariously in low-income housing equipped with high-tech, networked appliances. These gizmos and gadgets may seem nifty on the surface, but immediately begin to exact an unacceptable price, since they require residents to purchase the expensive approved bread for the toaster, the expensive approved dishes for the dishwasher, and so on. And just as Microsoft can whisk away ebooks that people “own” by closing down its ebook service, the vagaries of the business world cause Boulangism to whisk away Salima’s ability to use her own toaster.

  • New Linux Malware Called EvilGnome Discovered; First Preview of Fedora CoreOS Now Available; Germany Bans Schools from Using Microsoft, Google and Apple; VirtualBox 6.0.10 Released; and Sparky 5.8 Has New Live/Install Media for Download

    Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."

  • Microsoft, Google and Apple clouds banned in Germany’s schools

    Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple. The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned. The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.

  • Microsoft, Google and Apple clouds banned in Germanys schools

    Did you know that Germany just banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple? The tech giants aren’t satisfying its privacy requirements with their cloud offerings, it warned. What are your thoughts? The Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) made the statement following a review of Microsoft Office 365’s suitability for schools.