Language Selection

English French German Italian Portuguese Spanish

Open Source for Vertical Apps:

Filed under
OSS




More in Tux Machines

XFS / EXT4 / Btrfs / F2FS / NILFS2 Performance On Linux 5.8

Given the reignited discussions this week over Btrfs file-system performance stemming from a proposal to switch Fedora on the desktop to using Btrfs, here are some fresh benchmarks of not only Btrfs but alongside XFS, EXT4, F2FS, and for kicks NILFS2 was also tossed into the mix for these mainline file-system tests off the in-development Linux 5.8 kernel. With the yet-to-be-approved proposal specifically to use Btrfs for desktop installations, for this testing a single NVMe solid-state drive was used for testing in jiving with conventional desktop use-cases rather than any elaborate RAID setups, etc. Each of the tested file-systems were carried out with the default mount options in an out-of-the-box manner. Read more

Proprietary Software Leftovers

  • Ransomware Gangs Don’t Need PR Help

    Overall, I’ve tried to use each story to call attention to key failures that frequently give rise to ransomware infections, and to offer information about how other companies can avoid a similar fate.

    But simply parroting what professional extortionists have posted on their blog about victims of cybercrime smacks of providing aid and comfort to an enemy that needs and deserves neither.

  • Ransomware gangs are doing their homework before encrypting corporate data

    In the last three months, the criminal hackers behind the Maze ransomware have attacked two big IT service providers, one of which is a Fortune 500 company. Other ransomware gangs have hit big corporate targets, and in so doing are first locking computer systems and then publicly shaming companies that don’t pay up by dumping their data.

    For corporations that do pay the ransom, the pain sometimes isn’t over. There is no guarantee that the decryption key handed over by the attacker works, said Wendi Whitmore, global lead at IBM Security X-Force.

  • Zoom Will Offer End-To-End Encryption To All Its Users [Ed: But no. You cannot trust proprietary software to do what it claims to do.]

    The pandemic has moved more activities online--and specifically onto Zoom--than ever before. For an enterprise tool like Zoom, that means new users that the company never expected and did not design for, and all the unanticipated security and privacy problems that come with that sudden growth. Zoom's decision to offer end-to-end encryption more widely is especially important because the people who cannot afford enterprise subscriptions are often the ones who need strong security and privacy protections the most. For example, many activists rely on Zoom as an organizing tool, including the Black-led movement against police violence. To use Zoom's end-to-end encryption, free users will have to provide additional information, like a phone number, to authenticate. As Zoom notes, this is a common method for mitigating abuse, but phone numbers were never designed to be persistent all-purpose individual identifiers, and using them as such creates new risks for users. In different contexts, Signal, Facebook, and Twitter have all encountered disclosure and abuse problems with user phone numbers. At the very least, the phone numbers that users give Zoom should be used only for authentication, and only by Zoom. Zoom should not use these phone numbers for any other purpose, and should never require users to reveal them to other parties.

  • Desklab Portable USB-C Monitor

    I bought a mini-DisplayPort to HDMI adapter and for my first test ran it from my laptop, it was seen as a 1920*1080 DisplayPort monitor. The adaptor is specified as supporting 4K so I don’t know why I didn’t get 4K to work, my laptop has done 4K with other monitors. The next thing I plan to get is a VGA to HDMI converter so I can use this on servers, it can be a real pain getting a monitor and power cable to a rack mounted server and this portable monitor can be powered by one of the USB ports in the server. A quick search indicates that such devices start at about $12US. The Desklab monitor has no markings to indicate what resolution it supports, no part number, and no serial number. The only documentation I could find about how to recognise the difference between the FullHD and 4K versions is that the FullHD version supposedly draws 2A and the 4K version draws 4A. I connected my USB Ammeter and it reported that between 0.6 and 1.0A were drawn. If they meant to say 2W and 4W instead of 2A and 4A (I’ve seen worse errors in manuals) then the current drawn would indicate the 4K version. Otherwise the stated current requirements don’t come close to matching what I’ve measured.

Raspberry Pi 4's Vulkan Driver and More

  • Alejandro Piñeiro: v3dv status update 2020-07-01

    Input attachment is one of the main sub-features for Vulkan multipass, and we’ve gained support since the announcement. On Vulkan the support for multipass is more tightly supported by the API. Renderpasses can have multiple subpasses. These can have dependencies between each other, and each subpass define a subset of “attachments”. One attachment that is easy to understand is the color attachment: This is where a given subpass writes a given color. Another, input attachment, is an attachment that was updated in a previous subpass (for example, it was the color attachment on such previous subpass), and you get as a input on following subpasses. From the shader POV, you interact with it as a texture, with some restrictions. One important restriction is that you can only read the input attachment at the current pixel location. The main reason for this restriction is because on tile-based GPUs (like rpi4) all primitives are batched on tiles and fragment processing is rendered one tile at a time. In general, if you can live with those restrictions, Vulkan multipass and input attachment will provide better performance than traditional multipass solutions. If you are interested in reading more details on this, you can check out ARM’s very nice presentation “Vulkan Multipass mobile deferred done right”, or Sascha Willems’ post “Vulkan input attachments and sub passes”. The latter also includes information about how to use them and code snippets of one of his demos. For reference, this is how the input attachment demos looks on the rpi4...

  • Raspberry Pi 4's Vulkan Driver Is Now More Usable - Supporting More Features

    The "V3DV" Vulkan driver being developed by Igalia under contract with the Raspberry Pi Foundation has offered a status update on this official driver for the Raspberry Pi 4. The V3DV effort is the modern, official Vulkan driver for the Raspberry Pi 4 and not to be confused with the third-party Vulkan driver for pre-RPi4 hardware or the former Raspberry Pi 4 Vulkan effort. This is the new driver being developed and what ultimately will be the official driver option moving forward.

  • Code Jetpac’s rocket building action | Wireframe #40

Free/Libre/Open Source Software Leftovers

  • Copyright enforcement with Dr. Miriam Ballhausen

    We invited Dr. Miriam Ballhausen to talk with us about copyright enforcement. She is a German lawyer with the focus on software, data protection, copyright law and specifically Free Software copyright. This is the sixth regular episode of the Software Freedom Podcast for which we invite experts from our community. In this sixth episode of the Software Freedom Podcast we talk about Free Software copyright enforcement with our guest Dr. Miriam Ballhausen. Dr. Miriam Ballhausen is a German laywer and is specialised in Free Software copyright questions. Together we cover the basics about Free Software licensing and discuss, how Free Software copyright can be enforced, what are the steps to enforce it and why it is often enforced in Germany. We also explore how the REUSE project could help with being in compliance with Free Software licenses.

  • IBM Has Open Sourced Its Edge Device Platform and Wishes AWS and Microsoft Got On Board

    IBM's Open Horizon is meant to make it easier to manage thousands of IoT devices as edge computing nodes.

  • Open-source contact tracing, part 1

    The main goal of COVID-19 tracing applications is to notify users if they have been recently in contact with an infected person, so that they can isolate themselves or seek out testing. The creation of the applications is usually supported by governments, with the development performed by health authorities and research institutions. The Wikipedia page for COVID-19 apps lists (as of early June 2020) at least 38 countries with such applications in use or under development, and at least eight framework initiatives. The applications trace the people that the user has had contact with for a significant period (for example, 15 minutes) with close physical proximity (a distance around one meter). The complete tracing system usually consists of an application for mobile phones and the server software. For the distance measurement and detecting the presence of other users, GPS and Bluetooth are the technical solutions used in practice. GPS only appears in a small number of projects because it does not have enough precision, especially inside buildings. It also does not work in enclosed spaces like underground parking and subways. Most countries have chosen to develop a distance measurement using Bluetooth, generally the Bluetooth Low Energy (BLE) variant, which uses less energy than the classical version. This is important as the distance measurement is done by mobile phones, and so Bluetooth will need to be active most of the time. The Bluetooth protocol was not designed for these kinds of tasks, though, so research has been done on ways to measure distance accurately. A report [PDF] from the Pan-European Privacy-Preserving Proximity Tracing project shows that it is possible to measure distance using BLE signal strength, specifically received signal strength indication (RSSI). In a contact-tracing system using Bluetooth, the distance measurement is made by the two phones communicating using a specific message format. Since the formats differ between applications, communication is only guaranteed to work if both phones are using the same application.

  • More alternatives to Google Analytics

    Last week, we introduced the privacy concerns with using Google Analytics (GA) and presented two lightweight open-source options: GoatCounter and Plausible. Those tools are useful for site owners who need relatively basic metrics. In this second article, we present several heavier-weight GA replacements for those who need more detailed analytics. We also look at some tools that produce analytics data based on web-server-access logs, GoAccess, in particular.

  • GNU Taler news: Exchange independent security audit report published

    We received a grant from NLnet foundation to pay for an external security audit of the GNU Taler exchange cryptography, code and documentation. CodeBlau now concluded their audit. You can find the final report here. We have compiled a preliminary response detailing what changes we have already made and which changes we are still planning to make in the future. We thank CodeBlau for their work, and NLnet and the European Commission's Horizion 2020 NGI initiative for funding this work.