Language Selection

English French German Italian Portuguese Spanish

Canonical Patches Two Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

Filed under
Security
Ubuntu

Just a few moments ago, Canonical has announced that a new kernel update is available for its current long-term supported Ubuntu Linux operating system, Ubuntu 14.04 LTS (Trusty Tahr), patching two critical issues discovered by various developers.

Read more

More in Tux Machines

Raspberry Pi 4's Vulkan Driver and More

  • Alejandro Piñeiro: v3dv status update 2020-07-01

    Input attachment is one of the main sub-features for Vulkan multipass, and we’ve gained support since the announcement. On Vulkan the support for multipass is more tightly supported by the API. Renderpasses can have multiple subpasses. These can have dependencies between each other, and each subpass define a subset of “attachments”. One attachment that is easy to understand is the color attachment: This is where a given subpass writes a given color. Another, input attachment, is an attachment that was updated in a previous subpass (for example, it was the color attachment on such previous subpass), and you get as a input on following subpasses. From the shader POV, you interact with it as a texture, with some restrictions. One important restriction is that you can only read the input attachment at the current pixel location. The main reason for this restriction is because on tile-based GPUs (like rpi4) all primitives are batched on tiles and fragment processing is rendered one tile at a time. In general, if you can live with those restrictions, Vulkan multipass and input attachment will provide better performance than traditional multipass solutions. If you are interested in reading more details on this, you can check out ARM’s very nice presentation “Vulkan Multipass mobile deferred done right”, or Sascha Willems’ post “Vulkan input attachments and sub passes”. The latter also includes information about how to use them and code snippets of one of his demos. For reference, this is how the input attachment demos looks on the rpi4...

  • Raspberry Pi 4's Vulkan Driver Is Now More Usable - Supporting More Features

    The "V3DV" Vulkan driver being developed by Igalia under contract with the Raspberry Pi Foundation has offered a status update on this official driver for the Raspberry Pi 4. The V3DV effort is the modern, official Vulkan driver for the Raspberry Pi 4 and not to be confused with the third-party Vulkan driver for pre-RPi4 hardware or the former Raspberry Pi 4 Vulkan effort. This is the new driver being developed and what ultimately will be the official driver option moving forward.

  • Code Jetpac’s rocket building action | Wireframe #40

Free/Libre/Open Source Software Leftovers

  • Copyright enforcement with Dr. Miriam Ballhausen

    We invited Dr. Miriam Ballhausen to talk with us about copyright enforcement. She is a German lawyer with the focus on software, data protection, copyright law and specifically Free Software copyright. This is the sixth regular episode of the Software Freedom Podcast for which we invite experts from our community. In this sixth episode of the Software Freedom Podcast we talk about Free Software copyright enforcement with our guest Dr. Miriam Ballhausen. Dr. Miriam Ballhausen is a German laywer and is specialised in Free Software copyright questions. Together we cover the basics about Free Software licensing and discuss, how Free Software copyright can be enforced, what are the steps to enforce it and why it is often enforced in Germany. We also explore how the REUSE project could help with being in compliance with Free Software licenses.

  • IBM Has Open Sourced Its Edge Device Platform and Wishes AWS and Microsoft Got On Board

    IBM's Open Horizon is meant to make it easier to manage thousands of IoT devices as edge computing nodes.

  • Open-source contact tracing, part 1

    The main goal of COVID-19 tracing applications is to notify users if they have been recently in contact with an infected person, so that they can isolate themselves or seek out testing. The creation of the applications is usually supported by governments, with the development performed by health authorities and research institutions. The Wikipedia page for COVID-19 apps lists (as of early June 2020) at least 38 countries with such applications in use or under development, and at least eight framework initiatives. The applications trace the people that the user has had contact with for a significant period (for example, 15 minutes) with close physical proximity (a distance around one meter). The complete tracing system usually consists of an application for mobile phones and the server software. For the distance measurement and detecting the presence of other users, GPS and Bluetooth are the technical solutions used in practice. GPS only appears in a small number of projects because it does not have enough precision, especially inside buildings. It also does not work in enclosed spaces like underground parking and subways. Most countries have chosen to develop a distance measurement using Bluetooth, generally the Bluetooth Low Energy (BLE) variant, which uses less energy than the classical version. This is important as the distance measurement is done by mobile phones, and so Bluetooth will need to be active most of the time. The Bluetooth protocol was not designed for these kinds of tasks, though, so research has been done on ways to measure distance accurately. A report [PDF] from the Pan-European Privacy-Preserving Proximity Tracing project shows that it is possible to measure distance using BLE signal strength, specifically received signal strength indication (RSSI). In a contact-tracing system using Bluetooth, the distance measurement is made by the two phones communicating using a specific message format. Since the formats differ between applications, communication is only guaranteed to work if both phones are using the same application.

  • More alternatives to Google Analytics

    Last week, we introduced the privacy concerns with using Google Analytics (GA) and presented two lightweight open-source options: GoatCounter and Plausible. Those tools are useful for site owners who need relatively basic metrics. In this second article, we present several heavier-weight GA replacements for those who need more detailed analytics. We also look at some tools that produce analytics data based on web-server-access logs, GoAccess, in particular.

  • GNU Taler news: Exchange independent security audit report published

    We received a grant from NLnet foundation to pay for an external security audit of the GNU Taler exchange cryptography, code and documentation. CodeBlau now concluded their audit. You can find the final report here. We have compiled a preliminary response detailing what changes we have already made and which changes we are still planning to make in the future. We thank CodeBlau for their work, and NLnet and the European Commission's Horizion 2020 NGI initiative for funding this work.

Linux Foundation and Standards/Consortia

  • Linux Foundation To Boost Open Software Standards With Community Specification
  • New Community Specification Process Facilitates Open Standards

    The Linux Foundation has announced Community Specification, which aims to facilitate and accelerate the creation of open standards. “Open Standards are best defined as specifications made available to the public, developed, and maintained via an inclusive, collaborative, transparent, and consensus-driven process. Open standards facilitate interoperability and data exchange among different products or services and are intended for widespread adoption,” according to a recent post on the Linux Foundation website.

  • Driving Compatibility with Code and Specifications through Conformance Trademark Programs

    A key goal of some open collaboration efforts — whether source code or specification oriented — is to prevent technical ‘drift’ away from a core set of functions or interfaces. Projects seek a means to communicate — and know — that if a downstream product or open source project is held out as compatible with the project’s deliverable, that product or component is, in fact, compatible. Such compatibility strengthens the ecosystem by providing end-users with confidence that data and solutions from one environment can work in another conformant environment with minimal friction. It also provides product and solution providers a stable set of known interfaces they can depend on for their commercially supported offerings. A trademark conformance program, which is one supporting program that the LF offers its projects, can be used to encourage conformance with the project’s code base or interfaces. Anyone can use the open source project code however they want — subject to the applicable open source license — but if a downstream solution wants to describe itself as conformant using the project’s conformance trademark, it must meet the project’s definition of “conformant.” Some communities choose to use words other than “conformant” including “certified”, “ready”, or “powered by” in association with commercial uses of the open source codebase. This is the approach that some Linux Foundation projects take to maintain compatibility and reduce fragmentation of code and interfaces. Through this approach, we enable our projects to create flexible, custom-tailored conformance programs to meet the needs of their respective communities. In fact, our conformance programs can operate as open source projects themselves (see, for example, https://cncf.io/ck ). They incorporate a balance of interests from vendors, end-users, and contributors to the project and enable the community to define how the commercial ecosystem participants can leverage the use of the community’s mark.

  • Google's AMP, the Canonical Web, and the Importance of Web Standards

    Have you ever clicked on a link after googling something, only to find that Google didn’t take you to the actual webpage but to some weird Google-fied version of it? Instead of the web address being the source of the article, it still says “google” in the address bar on your phone? That’s what’s known as Google Accelerated Mobile Pages (AMP), and now Google has announced that AMP has graduated from the OpenJS Foundation Incubation Program. The OpenJS Foundation is a merged effort between major projects in the JavaScript ecosystem, such as NodeJS and jQuery, whose stated mission is “to support the healthy growth of the JavaScript and web ecosystem”. But instead of a standard starting with the web community, a giant company is coming to the community after they’ve already built a large part of the mobile web and are asking for a rubber stamp. Web community discussion should be the first step of making web standards, and not just a last-minute hurdle for Google to clear.

    This Google-backed, stripped down HTML framework was created with the promises of creating faster web pages for a better user experience. Cutting out slower loading content, like those developed with JavaScript. At a high level, AMP works by fast loading stripped down versions of full web pages for mobile viewing.

  • Open Standards Everywhere: How the Kolkata Chapter Got a Perfect Score

    In early May 2020, the Open Standards Everywhere (OSE) project held a series of virtual training sessions for Internet Society Chapters. Over 70 Chapter representatives from around the world learned, in English, French, or Spanish, how to improve the overall security and availability of their Chapter’s websites and web servers by enabling IPv6, HTTP/2, TLS, and DNSSEC.

Changing Language

  • Tech Companies Take Steps to Change Exclusionary Language

    In an article on The New Stack in June, Jennifer Riggins discussed recent decisions by some tech companies to phase out the use of exclusionary language. For example, Android and GitHub have announced that they will switch from the use of “master” to “main,” and other organizations and projects are following suit. These steps stem in part from efforts to show tangible support for Black Lives Matter. At times, however, Riggins said, “it is virtue signaling, a relatively easy way to show a company supports the movement. In still other cases, employees have been long wanting to make a change to the outdated language, and now is the perfect time to appeal to decision-makers about this.”

  • Red Hat making open source code more inclusive by eradicating ‘problematic language’

    Open source has always been about differing voices coming together to share ideas, iterate, challenge the status quo, solve problems, and innovate quickly. That ethos is rooted in inclusion and the opportunity for everyone to meaningfully contribute, and open source technology is better because of the diverse perspectives and experiences that are represented in its communities. Red Hat is fortunate to be able to see the impact of this collaboration daily, and this is why our business has also always been rooted in these values.

  • Words Matter: Finally, Tech Looks at Removing Exclusionary Language

    This month the tech industry’s lexicon is seeing a small but significant shift: Common technical phrases, most notably “Master/Slave” and “Whitelist/Blacklist” that have been red-flagged as offensive, or even racist, sometimes for decades, are getting updates. Android and GitHub announced this week that it is starting to changing “master” designation to “main,” alongside Android, Gitlab and Splunk. Many orgs are also looking at replacing the concept of “whitelist” in both its documentation and in its APIs. Other companies and open source projects are following suit. This work is in part to take another semantic and moral stand that Black Lives Matter. And, at times, it is virtue signaling, a relatively easy way to show a company supports the movement. In still other cases, employees have been long wanting to make a change to the outdated language, and now is the perfect time to appeal to decision-makers about this.