Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 25 Apr 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

What's New in Ubuntu 18.04 LTS Bionic Beaver

Filed under
Ubuntu

Have a look at the new features coming to Ubuntu 18.04 LTS.
Read more

today's leftovers

Filed under
Misc
  • Google looks set to offer Linux on Chromebooks in the next few months

    If that wasn't enough, a new commit in the parent Chromium OS offers "new device policy to allow Linux VMs on Chrome OS." Which about seals it.

    Read the accompanying Gerrit documentation and you get further confirmation: "At this time, in order for Linux VMs to run, the Finch experiment also needs to be enabled. After this feature is fully launched, the Finch control logic will be removed."

  • xorg-server 1.19.99.905

    More bugfixes, and streams support for Xwayland. This will almost certainly be the last RC.

  • X.Org Server 1.20 RC5 Released, Adds EGLStreams To Let NVIDIA Work With XWayland

    Adam Jackson of Red Hat today announced the X.Org Server 1.20 Release Candidate 5, which he believes will be the last test release before going gold. Most excitingly about this new release candidate is the merged support for allowing the NVIDIA proprietary driver to work with XWayland.

  • Darktable Receives Support for Fujifilm X-H1 and Sony Alpha A7 Mark III Cameras

    darktable, the open-source and cross-platform RAW image editor supporting GNU/Linux, macOS, and Windows operating systems, has been updated today to version 2.4.3.

    darktable 2.4.3 is a maintenance update that brings support for new digital cameras, including the recently released Fujifilm X-H1 and Sony Alpha A7 Mark III (includes noise profiles and white balance presets), as well as the Kodak EOS DCS 3, Olympus PEN E-PL9, Panasonic Lumix DC-GX9, and Sony Cyber-shot DSC-RX1R II cameras.

    The update also brings noise profiles for the Canon PowerShot G1 X Mark III and Nikon D7500 digital cameras, and a bunch of new features like support for ratings and tags in the watermark module, a script to help users convert .dtyle files to the .xmp format, and support for building and installing noise tools.

  •  

  • Compact action-RPG 'The Swords of Ditto' is out with day-1 Linux support

    The Swords of Ditto is the new compact action-RPG from developer onebitbeyond and publisher Devolver Digital and it just released, although it has a big flaw right now on Linux. Sadly, Devolver Digital didn't respond to our review request. Thankfully, the Linux heroes over at GOG sent over a copy for me.

  • Q4OS Centaurus 3.2 - new testing release

    A new updated image of the Q4OS Centaurus testing live media has been just released, its core is based on the latest Debian Buster testing and Trinity Desktop 14.0.5 testing versions.

  • Ubuntu Touch lives on in Purism's Librem 5 smartphone

    Not quite five years ago, Canonical tried to challenge Apple iOS and Google Android with Ubuntu Touch, an alternative smartphone Linux. Users, phone carriers, and the open-source community failed to support it, so Ubuntu founder Mark Shuttleworth closed the door on Ubuntu Touch development. But, in open source, programs don't die until its last developer gives up on it. Purism and UBports have partnered to offer Ubuntu Touch on Purism's Librem 5 smartphone.

  • Saying Something in April 2018

    Being able to bang on (that is to say, percussively test) Bionic Beaver has been a blast. I haven't done ISO testing this round. Instead, I've been using my Xubuntu desktop daily watching things break and have been watching apport file bugs. Doing so makes me realize that, frankly, I am not normal in terms of installed packages or workflow. I have quite a bit of LaTeX installed due to church work. I have many ham radio-related things installed. Audio production and video production packages are installed too. Yes, sometimes I break down and even use LibreOffice. I don't have the whole package archive installed but I have a visible chunk of it in place as I use many things in many ways.

  • “Unpatchable” Nintendo Switch Bug Lets Hackers Fullfill Their Wild Dreams
  • Spectral Monitoring for Drone Defense Applications

    The USRP Embedded Series platform uses the OpenEmbedded framework to create custom Linux distributions tailored to application specific needs. The default operating system is pre-installed with the UHD software API and a variety of third party development tools such as GNU Radio. Support for the RFNoC FPGA development framework enables deterministic computations for real-time and wideband signal processing.

  • How To Make Your Phone Look Like Android P
  • Friday Free Software Directory IRC meetup time: April 27th starting at 12:00 p.m. EDT/16:00 UTC
  • PyRoMine uses NSA exploits to mine Monero and disable security features [Ed: NSA back doors in Microsoft Windows is a gift that keeps giving... to crackers]

    In an age where cryptomining software is beating out ransomware as the go-to for most hackers, a Python-based Monero miner is using stolen NSA exploits to gain an edge.

    In 2016 the Shadow Brokers leaked several hacking tools and zero-day exploits including ETERNALBLUE and ETERNALROMANCE  that targeted versions of Windows XP/Vista/8.1/7/10 and Windows Server 2003/2008/2012/2016 and took advantage of CVE-2017-0144 and CVE-2017-0145.

    Fortinet researchers spotted a malware dubbed “PyRoMine” which uses the ETERNALROMANCE exploit to spread to vulnerable Windows machines, according to an April 24 blog post. The malware isn't the first to mine cryptocurrency that uses previously leaked NSA exploits the malware is still a threat as it leaves machines vulnerable to future attacks because it starts RDP services and disables security services.

OSS Conferences and Funding

Filed under
OSS

Mozilla: Rust, Security, Things Gateway, Firefox and More

Filed under
Moz/FF
  • Rust pattern: Precise closure capture clauses

    This is the second in a series of posts about Rust compiler errors. Each one will talk about a particular error that I got recently and try to explain (a) why I am getting it and (Cool how I fixed it. The purpose of this series of posts is partly to explain Rust, but partly just to gain data for myself. I may also write posts about errors I’m not getting – basically places where I anticipated an error, and used a pattern to avoid it. I hope that after writing enough of these posts, I or others will be able to synthesize some of these facts to make intermediate Rust material, or perhaps to improve the language itself.

  • This Week in Rust
  • Mozilla publishes recommendations on government vulnerability disclosure in Europe

    As we’ve argued on many occasions, effective government vulnerability disclosure (GVD) review processes can greatly enhance cybersecurity for governments, citizens, and companies, and help mitigate risk in an ever-broadening cyber threat landscape. In Europe, the EU is currently discussing a new legislative proposal to enhance cybersecurity across the bloc, the so-called ‘EU Cybersecurity Act’. In that context, we’ve just published our policy recommendations for lawmakers, in which we call on the EU to seize the opportunity to set a global policy norm for government vulnerability disclosure.

  • Testing Strategies for React and Redux
  • K Lars Lohn: Things Gateway - a Virtual Weather Station
  • Firefox DevEdition 60 Beta 14 Testday Results

    As you may already know, last Friday – April 20th – we held a new Testday event, for Firefox DevEdition 60 Beta 14.

    Thank you all for helping us make Mozilla a better place: gaby2300, micde, Jarrod Michell, Thomas Brooks.

  • Supporting Same-Site Cookies in Firefox 60

    Firefox 60 will introduce support for the same-site cookie attribute, which allows developers to gain more control over cookies. Since browsers will include cookies with every request to a website, most sites rely on this mechanism to determine whether users are logged in.

    Attackers can abuse the fact that cookies are automatically sent with every request to force a user to perform unwanted actions on the site where they are currently logged in. Such attacks, known as cross-site request forgeries (CSRF), allow attackers who control third-party code to perform fraudulent actions on the user’s behalf. Unfortunately current web architecture does not allow web applications to reliably distinguish between actions initiated by the user and those that are initiated by any of the third-party gadgets or scripts that they rely on.

  • Enterprise Policy Support in Firefox

    Last year, Mozilla ran a survey to find out top enterprise requirements for Firefox. Policy management (especially Windows Group Policy) was at the top of that list.

    For the past few months we’ve been working to build that support into Firefox in the form of a policy engine. The policy engine adds desktop configuration and customization features for enterprise users to Firefox. It works with any tool that wants to set policies including Windows Group Policy.

  • any.js

    Thanks to Ms2ger web-platform-tests is now even more awesome (not in the American sense). To avoid writing HTML boilerplate, web-platform-tests supports .window.js, .worker.js, and .any.js resources, for writing JavaScript that needs to run in a window, dedicated worker, or both at once. I very much recommend using these resource formats as they ease writing and reviewing tests and ensure APIs get tested across globals.

  • Alex Gibson: My fifth year working at Mozilla

    Today marks my fifth year working for Mozilla! This past year has been both fun and frantic, and overall was a really good year for both Mozilla and Firefox. Here’s a run down a few of the things I got to work on.

Fedora Workstation 28 Coming Soon

Filed under
Red Hat
  • Warming up for Fedora Workstation 28

    Been some time now since my last update on what is happening in Fedora Workstation and with current plans to release Fedora Workstation 28 in early May I thought this could be a good time to write something. As usual this is just a small subset of what the team has been doing and I always end up feeling a bit bad for not talking about the avalanche of general fixes and improvements the team adds to each release.

  • Fedora Workstation 28 Is Shaping Up To Be Another Terrific Update

    Fedora Workstation 28 is shaping up to be another compelling update for those that are fans of this bleeding-edge Red Hat sponsored Linux distribution. I've been running Fedora Workstation 28 snapshots on a few laptops and test machines here and am quite happy with how it's shaped up as another Fedora release that delivers not only the latest features, but doing so in a seemingly sane and stable manner: I haven't encountered any problems unlike some of the past notorious Fedora releases from years ago. Overall, I am quite excited for next month's Fedora 28 release and will be upgrading my main production system to it.

Configuring local storage in Linux with Stratis

Filed under
Linux

Configuring local storage is something desktop Linux users do very infrequently—maybe only once, during installation. Linux storage tech moves slowly, and many storage tools used 20 years ago are still used regularly today. But some things have improved since then. Why aren't people taking advantage of these new capabilities?

This article is about Stratis, a new project that aims to bring storage advances to all Linux users, from the simple laptop single SSD to a hundred-disk array. Linux has the capabilities, but its lack of an easy-to-use solution has hindered widespread adoption. Stratis's goal is to make Linux's advanced storage features accessible.

Read more

5 top Blender video tutorials for beginners

Filed under
OSS

Blender is a complex piece of software that is capable of producing extremely high-quality visuals for all manner of visual art purposes, from video games to product visualization. Of course, that power needs to be wielded by a controlled hand. Otherwise, you'll end up with a mush of digital geometry that makes no sense at all.

These days, video tutorials are the educational tool of choice for most people. I'm going to give you five of the best free beginner video tutorials for Blender currently available. I recommend you watch all of them. They all cover a lot of the same information. However, every instructor has a different way of presenting. Stick with the one that clicks with you.

Read more

Cinnamon 3.8 Desktop Environment Released with Python 3 Support, Improvements

Filed under
Linux

Scheduled to ship with the upcoming Linux Mint 19 "Tara" operating system series this summer, the Cinnamon 3.8 desktop environment is now available for download and it's a major release that brings numerous improvements, new features, and lots of Python 3 ports for a bunch of components.

Among the components that got ported to Python 3 in the Cinnamon 3.8 release, we can mention cinnamon-settings, cinnamon-menu-editor, cinnamon-desktop-editor, cinnamon-settings-users, melange, background slideshow, the switch editor and screensaver lock dialogs, desktop file generation scripts, as well as all the utilities.

Read more

Canonical Releases Kernel Security Updates for Ubuntu 17.10 and Ubuntu 16.04 LTS

Filed under
Security
Ubuntu

For Ubuntu 17.10 (Artful Aardvark) users, today's security update addresses a bug (CVE-2018-8043) in Linux kernel's Broadcom UniMAC MDIO bus controller driver, which improperly validated device resources, allowing a local attacker to crash the vulnerable system by causing a denial of service (DoS attack).

For Ubuntu 16.04 LTS (Xenial Xerus) users, the security patch fixes a buffer overread vulnerability (CVE-2017-13305) in Linux kernel's keyring subsystem and an information disclosure vulnerability (CVE-2018-5750) in the SMBus driver for ACPI Embedded Controllers. Both issues could allow a local attacker to expose sensitive information.

Read more

Security: Updates, Reproducible Builds, Match.com and More

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #156
  • A Match.com glitch reactivated a bunch of old profiles, raising concerns about user data

    A Match Group spokesperson confirmed that a “limited number” of old accounts had been accidentally reactivated recently and that any account affected received a password reset. Match.com’s current privacy statement, which was last updated in 2016, says that the company can “retain certain information associated with your account” even after you close it. But that Match Group spokesperson also told The Verge that the company plans to roll out a new privacy policy “in the next month or so,” in order to comply with the EU’s General Data Protection Regulation (GDPR); under the new policy, all those years-old accounts will be deleted. The Verge has requested clarification on which accounts will qualify for deletion, and what “deletion” will specifically entail, but has not received a response as of press time.

  • New hacks siphon private cryptocurrency keys from airgapped wallets

    Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren't connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.

  • New hacker group targets US health-care industry, researchers say

    The group, which Symantec has named “Orangeworm,” has been installing backdoors in large international corporations based in the U.S., Europe and Asia that operate in the health-care sector.

    Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations.

Graphics: VC4 and AMDVLK Driver

Filed under
Graphics/Benchmarks
  • VC4 display, VC5 kernel submitted

    For VC5, I renamed the kernel driver to “v3d” and submitted it to the kernel. Daniel Vetter came back right away with a bunch of useful feedback, and next week I’m resolving that feedback and continuing to work on the GMP support.

    On the vc4 front, I did the investigation of the HDL to determine that the OLED matrix applies before the gamma tables, so we can expose it in the DRM for Android’s color correction. Stefan was also interested in reworking his fencing patches to use syncobjs, so hopefully we can merge those and get DRM HWC support in mainline soon. I also pushed Gustavo’s patch for using the new core DRM infrastructure for async cursor updates. This doesn’t simplify our code much yet, but Boris has a series he’s working on that gets rid of a lot of custom vc4 display code by switching more code over to the new async support.

  • V3D DRM Driver Revised As It Works To Get Into The Mainline Kernel

    Eric Anholt of Broadcom has sent out his revised patches for the "V3D" DRM driver, which up until last week was known as the VC5 DRM driver.

    As explained last week, the VC5 driver components are being renamed to V3D since it ends up supporting more than just VC5 with Broadcom VC6 hardware already being supported too. Eric is making preparations to get this VideoCore driver into the mainline Linux kernel and he will then also rename the VC5 Gallium3D driver to V3D Gallium3D.

  • AMDVLK Driver Gets Fixed For Rise of the Tomb Raider Using Application Profiles

    With last week's release of Rise of the Tomb Raider on Linux ported by Feral Interactive, when it came to Radeon GPU support for this Vulkan-only Linux game port the Mesa RADV driver was supported while the official AMDVLK driver would lead to GPU hangs. That's now been fixed.

    With the latest AMDVLK/XGL source code as of today, the GPU hang issue for Rise of the Tomb Raider should now be resolved.

AMD Ryzen 7 2700X Linux Performance Boosted By Updated BIOS/AGESA

Filed under
Graphics/Benchmarks
Hardware

With last week's initial launch-day Linux benchmarks of the Ryzen 5 2600X / Ryzen 7 2700X some found the Linux performance to be lower than Windows. While the root cause is undetermined, a BIOS/AGESA update does appear to help the Linux performance significantly at least with the motherboard where I've been doing most of my tests with the Ryzen 7 2700X. Here are the latest benchmark numbers.

Read more

GNU: The GNU C Library 2.28 and Guix on Android

Filed under
GNU
  • Glibc 2.28 Upstream Will Build/Run Cleanly On GNU Hurd

    While Linux distributions are still migrating to Glibc 2.27, in the two months since the release changes have continued building up for what will eventually become the GNU C Library 2.28.

    The Glibc 2.28 work queued thus far isn't nearly as exciting as all the performance optimizations and more introduced with Glibc 2.27, but it's a start. Most notable at this point for Glibc 2.28 is that it will now build and run cleanly on GNU/Hurd without requiring any out-of-tree patches. There has been a ton of Hurd-related commits to Glibc over the past month.

  • Guix on Android!

    Last year I thought to myself: since my phone is just a computer running an operating system called Android (or Replicant!), and that Android is based on a Linux kernel, it's just another foreign distribution I could install GNU Guix on, right? It turned out it was absolutely the case. Today I was reminded on IRC of my attempt last year at installing GNU Guix on my phone. Hence this blog post. I'll try to give you all the knowledge and commands required to install it on your own Android device.

  • GNU Guix Wrangled To Run On Android

    The GNU Guix transactional package manager can be made to run on Android smartphones/tablets, but not without lots of hoops to jump through first.

Node.js 10.9 and npm milestone

Filed under
Development
  • Open Source Node.js Hits v10, with Better Security, Performance, More

    Speaking of which, the brand-new Node.js 10.0 is expected to soon support npm version 6 (currently Node.js ships with npm 5.7.x). The company npm Inc., which maintains the npm software package management application, today announced that major update, called npm@6. The npm company said its JavaScript software installer tool includes new security features for developers working with open source code.

  • Announcing npm@6

    In coordination with today’s announcement of Node.js v10, we’re excited to announce npm@6. This major update to npm includes powerful new security features for every developer who works with open source code. Read on to understand why this matters.

Voyage/Open Autonomous Safety (OAS) Now on GitHub

Filed under
OSS
  • Voyage open-sources autonomous driving safety practices

    Dubbed Open Autonomous Safety, the initiative aims to help autonomous driving startups implement better safety-testing practices. Companies looking to access the documents, safety procedures and test code can do so via a GitHub repository.

  • Open-Sourcing Our Approach to Autonomous Safety

    Without a driver to help identify and mitigate failures, autonomous vehicle systems need incredibly robust safety requirements and an equally comprehensive and well-defined process for analyzing risks and assessing capabilities. Voyage models its safety approach after the ISO 26262 standard for automotive safety, taking the best practices from the automotive industry and applying them to autonomous technology. The automotive industry continues to reach for new levels of safety in manufacturing vehicles, and we are inspired by that approach.

  • Startup Voyage Wants to Open Source Self-Driving Car Safety

    Under what the company calls its Open Autonomous Safety initiative, Voyage is publishing information on its safety procedures, materials, and test code in a series of releases. The goal is to create an open-source library of safety procedures that multiple companies can use as a standard, a Voyage blog post said.

  • This startup’s CEO wants to open-source self-driving car safety testing

    The initial release, which Voyage calls Open Autonomous Safety (OAS), will take the form of a GitHub repository containing documents and code. The functional safety requirements are Voyage's interpretation of the ISO 26262 standard for automotive safety, updated for autonomous vehicles. "This is our internal driving test for any particular software build," says Cameron. "It lets us evaluate our designs and look for the different ways they can fail in the real world."

Programming: Qt 5.9.5 and Jakarta EE

Filed under
Development
Syndicate content

More in Tux Machines

OSS Conferences and Funding

Mozilla: Rust, Security, Things Gateway, Firefox and More

  • Rust pattern: Precise closure capture clauses
    This is the second in a series of posts about Rust compiler errors. Each one will talk about a particular error that I got recently and try to explain (a) why I am getting it and (b) how I fixed it. The purpose of this series of posts is partly to explain Rust, but partly just to gain data for myself. I may also write posts about errors I’m not getting – basically places where I anticipated an error, and used a pattern to avoid it. I hope that after writing enough of these posts, I or others will be able to synthesize some of these facts to make intermediate Rust material, or perhaps to improve the language itself.
  • This Week in Rust
  • Mozilla publishes recommendations on government vulnerability disclosure in Europe
    As we’ve argued on many occasions, effective government vulnerability disclosure (GVD) review processes can greatly enhance cybersecurity for governments, citizens, and companies, and help mitigate risk in an ever-broadening cyber threat landscape. In Europe, the EU is currently discussing a new legislative proposal to enhance cybersecurity across the bloc, the so-called ‘EU Cybersecurity Act’. In that context, we’ve just published our policy recommendations for lawmakers, in which we call on the EU to seize the opportunity to set a global policy norm for government vulnerability disclosure.
  • Testing Strategies for React and Redux
  • K Lars Lohn: Things Gateway - a Virtual Weather Station
  • Firefox DevEdition 60 Beta 14 Testday Results
    As you may already know, last Friday – April 20th – we held a new Testday event, for Firefox DevEdition 60 Beta 14. Thank you all for helping us make Mozilla a better place: gaby2300, micde, Jarrod Michell, Thomas Brooks.
  • Supporting Same-Site Cookies in Firefox 60
    Firefox 60 will introduce support for the same-site cookie attribute, which allows developers to gain more control over cookies. Since browsers will include cookies with every request to a website, most sites rely on this mechanism to determine whether users are logged in. Attackers can abuse the fact that cookies are automatically sent with every request to force a user to perform unwanted actions on the site where they are currently logged in. Such attacks, known as cross-site request forgeries (CSRF), allow attackers who control third-party code to perform fraudulent actions on the user’s behalf. Unfortunately current web architecture does not allow web applications to reliably distinguish between actions initiated by the user and those that are initiated by any of the third-party gadgets or scripts that they rely on.
  • Enterprise Policy Support in Firefox
    Last year, Mozilla ran a survey to find out top enterprise requirements for Firefox. Policy management (especially Windows Group Policy) was at the top of that list. For the past few months we’ve been working to build that support into Firefox in the form of a policy engine. The policy engine adds desktop configuration and customization features for enterprise users to Firefox. It works with any tool that wants to set policies including Windows Group Policy.
  • any.js
    Thanks to Ms2ger web-platform-tests is now even more awesome (not in the American sense). To avoid writing HTML boilerplate, web-platform-tests supports .window.js, .worker.js, and .any.js resources, for writing JavaScript that needs to run in a window, dedicated worker, or both at once. I very much recommend using these resource formats as they ease writing and reviewing tests and ensure APIs get tested across globals.
  • Alex Gibson: My fifth year working at Mozilla
    Today marks my fifth year working for Mozilla! This past year has been both fun and frantic, and overall was a really good year for both Mozilla and Firefox. Here’s a run down a few of the things I got to work on.

Fedora Workstation 28 Coming Soon

  • Warming up for Fedora Workstation 28
    Been some time now since my last update on what is happening in Fedora Workstation and with current plans to release Fedora Workstation 28 in early May I thought this could be a good time to write something. As usual this is just a small subset of what the team has been doing and I always end up feeling a bit bad for not talking about the avalanche of general fixes and improvements the team adds to each release.
  • Fedora Workstation 28 Is Shaping Up To Be Another Terrific Update
    Fedora Workstation 28 is shaping up to be another compelling update for those that are fans of this bleeding-edge Red Hat sponsored Linux distribution. I've been running Fedora Workstation 28 snapshots on a few laptops and test machines here and am quite happy with how it's shaped up as another Fedora release that delivers not only the latest features, but doing so in a seemingly sane and stable manner: I haven't encountered any problems unlike some of the past notorious Fedora releases from years ago. Overall, I am quite excited for next month's Fedora 28 release and will be upgrading my main production system to it.

Android Leftovers