Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Ray Tracing Gets Its First Open-Source, Cross-Platform Implementation

    Khronos, the consortium responsible for many open standards in the gaming/graphics world, has released a beta ray tracing API, making it the first cross-platform implementation of real-time ray tracing. NVIDIA also released new beta drivers that support it.

    If you don’t know what I’m talking about; ray tracing is a CGI technique that is used to create photorealistic images.

    It renders objects by simulating the way actual rays of lights work in the real world and “tracing” them from the eye of the viewer, hence the name.

    Practically speaking, it gives us better shadows, reflections, translucence, refraction and a myriad of other improvements over the techniques that our consoles are currently deploying.

  • Glue42 releases open source platform

    Glue42, the company that delivers integrated desktop experiences to financial institutions globally, today announced it has released Glue42 Core, an open-source, fully functional platform for web application interoperability.

    The solution is available immediately to all in the financial services industry and those in other sectors.

  • 01 Communique Invites Email Users to Try IronCAP X Personal Usage Email Platform After April 23rd Launch

    01 Communique Laboratory Inc. (the "Company", "01 Communique") (ONE.V) invites all email users to try out their new IronCAP X personal usage email encryption product as it will be free to personal users after the April 23rd product launch. The Company's IronCAP X email encryption technology is designed to be safe against future attack from quantum computer. Therefore, it has a higher protection level than current GPG, or GNU Privacy Guard public key cryptography implementation platforms, and at the same time, easier for non-technical users.

    [...]

    Andrew Cheung, President of 01 Communique stated, "The IT community likes the current GPG email/file encryption package as it works well but there is always a catch. Most non-technical users cannot appreciate what it can do and how to install it. IronCAP X technology has addressed all of that as it wraps friendly packing around GPG." Mr. Cheung continued, "On April 23rd, we are launching IronCAP X which is easy to install and use, and protects against the quantum computing threat. Best of all, it will be free for personal users."

  • Richard Stallman: Don’t watch TV coverage of Covid-19!

    Don't watch TV coverage of Covid-19! (Or "social media"; the details are different.) Watching repetitive coverage of something frightening can interfere with clear thinking, even traumatize people.

    TV news coverage of a crisis struggles to fill 24 hours a day with "information", notwithstanding the fact that the actual flow of new information about the crisis is nowhere near sufficient to fill that time. What do they do? They repeat. They present tangential and minor details. They make the same points in different ways. They belabor the obvious. They repeat.

    If your goal is to be informed, you don't need to dwell on the crisis for hours every day. Not even one hour a day. Getting your news in this inefficient matter will waste a lot of time — and worse.

    In addition, it will make you more and more anxious. Someone I knew in 2001, who lived in California. spent all day on Sep 11 and following days watching the TV coverage. Afterward perse was afraid to go outside, watching for terrorist airplanes. TV made it possible for per to be traumatized by events 3000 miles away.

    That was an unusually strong case. Most people did not get so traumatized as that. That does not imply it did not affect them. I suspect that the TV coverage may have shifted millions of people's perceptions, so that they overestimated the danger of terrorism while downplaying the danger of laws that take away freedom. This would have smoothed the path for careless passage of the dangerous USA PAT RIOT Act and its massive surveillance.

    In any a good, general textual news site, you can read the things you really want to know about Covid-19 in 10 or 20 minutes a day. Then you won't fall behind on your work, and you won't be brainwashed into panic.

    Keep calm and carry on!

  • Microsoft Team's bad arrogance on (Fedora) Linux

    As you might suspect, this isn't the only thing that the postinstall script does. It also adds an enabled Microsoft package repository to your system (requiring signatures, at least, which is why they have to add their key). It's not documented that they'll do this, they certainly don't ask, all of this is done on the fly so the relevant yum.repos.d file isn't in the RPM's manifest, and I don't believe they restrict what packages can be installed from their repository (although from its URL it appears to be specific to Teams).

    (Another fun thing that the RPM does is that it puts the actual Teams binary and its shared library .so files in /usr/share/teams. I do not know how to break it to Microsoft, but that is not what goes in /usr/share. Also, it is of course an Electron app.)

  • Oracle teases prospect of playing nicely with open-source Java in update to WebLogic application server

    Oracle has chosen this week of all weeks to foist on the world an update of its application server WebLogic, festooned with new features addressing Java EE 8, Kubernetes and JSON.

    But the most eye-catching prospect is compatibility with the Eclipse Foundation's fully open-source Java development environment, Jakarta EE 8.

    Back in Sepember when the Java EE specs were made public, Mark Little, Red Hat's JBoss CTO, said: "Existing Java EE 8 applications and developers can be confident they can move their applications seamlessly to the Eclipse Foundation effort." And Tom Snyder, veep of Oracle Software Development, promised application server support would follow. "This represents the culmination of a great deal of work by the entire Jakarta EE community, including Oracle. Oracle is working on delivery of a Java EE 8 and Jakarta EE 8 compatible WebLogic Server implementation, and we are looking forward to working with the community to evolve Jakarta EE for the future."

  • Jakub Steiner: Art vs Design

    So what was the situation twitter was praising? Let’s count on how many GNOME applications shipped a custom nighly icon. Umm, how about zero?

    A pretty picture an artist spends hours on, modelling, texturing, lighting, adjusting for low resolution screens is not a visual framework nor a reasonable thing to ask app developers to do.

More in Tux Machines

Security and FUD

  • Security updates for Thursday

    Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound).

  • 5 Kernel Live Patching Tools That Will Help To Run Linux Servers Without Reboots

    Within IT organizations, there are processes and practices so routine that they are invisible. It doesn’t matter if such processes and practices are flawed, or if there exists a better way: if something has worked for a few years, people stop looking for alternatives. This perfectly describes current approaches to kernel patching. Right now, most organizations patch the servers by planning reboot cycles. Because rebooting the server fleet is a headache that causes downtime, people put it off for as long as they can. Which means patches aren’t applied as early as possible. This gap between patch issue and its application means risk, malpractice and may cause non-compliance. This standard approach to kernel patching exposes servers to malicious intent by threat actors on multiple attack vectors, putting IT organizations at risk of major security issues. Anyone tasked with keeping their organization safe from cyber attacks should be seeking a better way to run Linux servers without reboots (ideally, for years). In this article you will learn what is live patching, how it ensures the uptime, what 5 tools are available to help you run servers for years – without reboots and what are the advantages and drawbacks of each tool.

  • USB systems may have some serious security flaws - especially on Linux [Ed: ZDNet's FUD is going places; the tests were mostly done on Linux, so it's hardly shocking that the bugs found were in Linux. But it's presented as Linux being particularly bad.]

    Academics have developed a new tool that allowed them to discover 26 previously unidentified vulnerabilities in the USB driver stack used by many popular operating systems including Linux, macOS, Windows and FreeBSD.

  • New fuzzing tool picks up insecure USB driver code

    Matthias Payer at the federal polytechnic school in Lausanne, Switzerland, and Hui Peng at Purdue University, United States, said [pdf] that they leveraged open-source components such as QEMU processor emulator to design a tool that's low-cost and hardware independent, called USBFuzz.

  • New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows

    With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. “USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems (USB core, USB sound, and network), one bug in FreeBSD, three in macOS (two resulting in an unplanned reboot and one freezing the system), and four in Windows 8 and Windows 10 (resulting in Blue Screens of Death), and one bug in the Linux USB host controller driver and another one in a USB camera driver,” Hui Peng and Mathias Payer explained.

  • NSA: Russian agents have been hacking major email program

    The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. The timing of the agency's advisory Thursday was unusual considering that the critical vulnerability in the Exim Mail Transfer Agent — which mostly runs on Unix-type operating systems — was identified 11 months ago, when a patch was issued. Exim is so widely used — though far less known than such commercial alternatives as Microsoft's proprietary Exchange — that some companies and government agencies that run it may still not have patched the vulnerability, said Jake Williams, president of Rendition Infosec and a former U.S. government hacker.

KDE: Akademy 2020 and GSoC 2020

  • Send your talks for Akademy 2020 *now*

    The Call for Participation is still open for two weeks more, but please make us a favour and send yours *now*. This way we don't have to panic thinking if we are going to need to go chasing people or not, or if we're going to have too few or too many proposals. Also if you ask the talks committee for review, we can review your talk early, give you feedback and improve it, so it's a win-win.

  • Status report: Community Bonding

    I’m checking in today to let you know what I did in my GSoC project these past weeks. This Community Bonding period was really wonderful; although I’ve been more or less involved with the project since 2016, I’ve acquainted myself with the efforts of each of the members, and so far it’s been a wonderful experience. During these past weeks, I’ve been preparing for the coding period by talking with Boudewijn and Wolthera about the particulars of Krita’s file format and build system. The objectives for the past two meetings were:

  • GSoC'20 with KDE

    About the Project The project involves improving KDE Web Infrastructure. KDE has a lot of websites and some of them like the main website could use an update. The first part of the project involves porting kde.org to use Hugo- A go based static site generator. kde.org is very old and thus contains a lot of pages. This project would involve porting most of the pages to markdown so as to make the website faster and easier to develop. The second part of the project involves updating Season of KDE website. The goal is to use more modern tooling and add some new features. This project is a part of the transition of KDE websites from LDAP to OAuth based authentication. OAuth is a much more modern approach to authentication and would solve some headaches with the current authentication system.

Screencasts/Audiocasts/Shows: Ubuntu MATE 20.04 LTS, BSD Now and More

  • Ubuntu MATE 20.04 LTS overview | For a retrospective future.

    In this video, I am going to show an overview of Ubuntu MATE 20.04 LTS and some of the applications pre-installed.

  • BSD Now 352: Introducing Randomness

    A brief introduction to randomness, logs grinding netatalk to a hault, NetBSD core team changes, Using qemu guest agent on OpenBSD kvm/qemu guests, WireGuard patchset for OpenBSD, FreeBSD 12.1 on a laptop, and more.

  • Bad Voltage 3×05: This Podcast Will Self Destruct

    Stuart Langridge, Jono Bacon, and Jeremy Garcia present Bad Voltage, in which we are rendered with one meelion triangles.

  • Bread and Butter Django - Building SaaS #58

    In this episode, I worked on a views and templates. There are a number of core pages that are required to flesh out the minimal interface for the app. We’re building them. I began by showing the page that we were going to work on. I outlined the changes I planned to make, then we started. The first thing we added was data about the school year, the main model on display in the page. I showed how to mock in the elements before adding real data.

Quarkus, a Kubernetes-native Java runtime, now fully supported by Red Hat

  • Quarkus, a Kubernetes-native Java runtime, now fully supported by Red Hat

    Java was introduced 25 years ago, and to this day, remains one of the most popular programming languages among developers. However, Java has developed a reputation for not being a good fit for cloud-native applications. Developers look for (and often choose) alternative frameworks such as Go and Node.js to support their cloud-native development requirements. Why learn another language when you can use your existing skills? Quarkus allows Java developers to leverage their expertise to develop cloud-native, event-driven, reactive, and serverless applications. Quarkus provides a cohesive Java platform that feels familiar but new at the same time. Not only does it leverage existing Java standards, but it also provides a number of features that optimize developer joy, including live coding, unified configuration, IDE plugins, and more.

  • Red Hat Tosses Its Weight Behind Quarkus

    Following recent announcements, Red Hat is now ready in fully supporting Quarkus to enhance its Kubernetes support. Quarkus is a Kubernetes-native Java stack to make the language more appealing in cloud-native use-cases. Quarkus optimizes the Java experience for containers and serverless environments.

  • Red Hat Delivers Quarkus As A Fully Supported Framework In Red Hat Runtimes

    By adding Quarkus as a supported runtime, Red Hat is helping to bring Java into the modern, cloud-native application development landscape and to approaches like microservices, containers and serverless, and enabling Java developers to continue working in the language they know and love.

  • Red Hat Runtimes adds Kubernetes-native Quarkus Java stack

    Red Hat’s Quarkus, a Kubernetes-native Java stack, is now supported on the Red Hat Runtimes platform for developing cloud-native applications. A build of Quarkus is now part of Red Hat Runtimes middleware and integrates with the Red Hat OpenShift Kubernetes container platform for managing cloud deployments, Red Hat said this week.