Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 14 Nov 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Thermostats, Locks and Extension Add-ons – WebThings Gateway 0.10

Filed under
Moz/FF

Happy Things Thursday! Today we are releasing WebThings Gateway 0.10. If you have a gateway using our Raspberry Pi builds then it should already have automatically updated itself.

This new release comes with support for thermostats and smart locks, as well as an updated add-ons system including extension add-ons, which enable developers to extend the gateway user interface. We’ve also added localisation settings so that you can choose your country, language, time zone and unit preferences. From today you’ll be able to use the gateway in American English or Italian, but we’re already receiving contributions of translations in different languages!

Read more

A technical comparison between the snap and the Flatpak formats

Filed under
GNU
Linux
Ubuntu

Since we’ve already discussed the snap layout and architecture in greater details in the previous weeks, let’s start with a quick overview of Flatpak. Much like snaps, Flatpak packages come with necessary components contained inside standalone archives, so they can be deployed and maintained with simplicity on a range of Linux distributions. Runtime and image components are bundled into a single file using the OCI format.

In general, Flatpak applications are built against runtimes, but they can also contain additional libraries inside their own bundles. A Linux system with the Flatpak binary (primary command) installed and configured can then run Flatpak applications. At the moment, there are 21 distributions that offer Flatpak support.

Furthermore, applications are sandboxed using Bubblewrap, which utilises kernel security and namespace features to set up unprivileged containers. Communication outside the sandbox is possible through a mechanism of portals, which allows granular access to system resources.

Flatpak packages are available to end users primarily through Flathub, an app store and build service that is (semi)-officially associated with the Flatpak project. Submissions to Flathub are done as pull requests through GitHub, and require approval from the store admins. Similarly, publishers of proprietary software have to manually request inclusion of their applications. Flatpak applications are also sometimes available as manual download links. There is no automatic update mechanism available by default.

Read more

Zorin OS vs Linux Mint

Filed under
GNU
Linux

There are some specific linux distros out there that specially target the new and casual Linux users, most notably, Linux Mint and Zorin OS. In this article we will compare them.

Zorin OS vs Linux Mint

Both of these distros have earned a solid reputation from the community for being two of the most user-friendly distros of all. Both of them use Ubuntu as the core. Thus, both of them offer similar functionality at the core. However, the real magic is how each of them builds up on top of it. Both Linux Mint and Zorin OS comes up with different feel and vibe.

While both of them are extremely user-friendly and robust, there are some key differences between them. That’s the beauty of Linux.

Read more

Top GIF Recorders For Linux

Filed under
Software

Whether you pronounce it as ‘gif’ or ‘jif’, it’s still a no-brainer that the Graphics Interchange Format is the most widely used image format there is today, gaining in popularity exponentially. This surging bitmap image format is used for a number of purposes, most of which include producing eye-catching animations to improve digital marketing. However, due to its convenience of storing multiple images in the same file while retaining file compression, it is also now considered a popular alternative to screen recording.

While there’s a lot of support for GIFs on Windows and other operating systems like Android, they can also readily be produced on Linux with a lot of flexibility and in the best quality. Let’s look at some of the most popular GIF recorder tools used to produce GIFs on Linux.

Read more

Why Kali Linux is loved by penetration testers [Q&A]

Filed under
Linux
HowTos

Penetration testing is an essential tool for organizations to make sure their systems are safe and secure. It probes systems by attacking them in the way that a hacker would.

But for many, the concept of pentesting is something of a dark art, and the tools used to carry it out shaded in obscurity. One of the most popular tools among testers is Kali Linux but you could be forgiven for never having heard of it.

We spoke to Jim O'Gorman of testing training specialist Offensive Security, which maintains the Kali Linux project, to discover more about what Kali Linux is and why pen testers love it so much.

Read more

Debian Project Releases Linux Security Updates to Patch Latest Intel CPU Flaws

Filed under
Linux
Security
Debian

As reported earlier this week, four new security vulnerabilities have been discovered in the Linux kernel and with an impact on Intel CPUs, namely CVE-2019-11135, CVE-2018-12207, CVE-2019-0154 and CVE-2019-0155, which may lead to privilege escalation, information leak, as well as denial of service.

Following on the footsteps of Canonical and Red Hat, Debian Project has also released new Linux kernel security patches, along with new intel-microcode updates to mitigate all these new vulnerabilities in the Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 10 "Buster" operating systems.

Read more

Canonical Enhances the Reliability of Its Kubernetes for IoT, Multi-Cloud & Edge

Filed under
Ubuntu

MicroK8s is an upstream Kubernetes deployment certified by the Cloud Native Computing Foundation (CNCF) and developed entirely by Canonical to run offline on your workstation or edge device for all your development, prototyping, and testing needs. MicroK8s is delivered as a snap, which makes it possible to run all Kubernetes services natively and comes bundled with all the libraries and binaries required.

The latest MicroK8s 1.16 release adds high-availability clustering by integrating enterprise SQL database through Canonical's in-house built Dqlite distributed SQL engine to enable rapid deployment of highly standardized small K8s clusters. Dqlite is designed to reduce memory footprint of the cluster in MicroK8s by embedding the database inside Kubernetes itself.

Read more

Zombieload V2 TAA Performance Impact Benchmarks On Cascade Lake

Filed under
Graphics/Benchmarks

While this week we have posted a number of benchmarks on the JCC Erratum and its CPU microcode workaround that introduces new possible performance hits, also being announced this week as part of Intel's security disclosures was "Zombieload Variant Two" as the TSX Async Abort vulnerability that received same-day Linux kernel mitigations. I've been benchmarking the TAA mitigations to the Linux kernel since the moment they hit the public Git tree and here are those initial benchmark results on an Intel Cascade Lake server.

Read more

today's leftovers

Filed under
Misc
  • Could Linux help overcome blockchain's usability challenge

    Android, developed on Linux, is the biggest mobile operating system by far, used by 85 percent of users. Given its credentials as an extremely popular open-source and free operating system, Linux could provide the most powerful opportunity to build a bridge between blockchain and the real world.

    Although it’s not widely used as a desktop operating system, Linux has been released for more hardware platforms than any OS in history. The chances are you’re already using it in some format, as Linux is embedded into hardware such as TVs, game consoles, routers, smartwatches, and more.

  • How to Download and Install KaOS linux on VirtualBox
  • MX Linux 19: The Best XFCE Distro?

    MX Linux is taking the industry by storm, is MX Linux 19 worth all the hype? In this video, I'll show off this new version of the mega-popular Linux distribution and you'll see it in action, installed on real hardware. Is MX Linux 19 the best XFCE distro available today?

  • Insider 2019-11: logging to Elasticsearch; PE 6 to 7 upgrade; Elastic 7; in-list(); off-line deb; Splunk conf;

    This is the 76th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

  • WordPress introduces a new way for bloggers to get paid

    WordPress, one of the internet’s leading purveyors of blog infrastructure and hosting, has taken a step toward making blogging more sustainable by allowing sites to easily accept recurring payments. Think: subscriptions. The tool will be available to anyone with a paid WordPress site and to sites that use the company’s Jetpack toolkit.

  • Digging for license information with FOSSology

    For a number of years FOSSology was distributed and maintained by HP, until it became an LF project in 2015. It is easier for companies to collaborate on software in a project at an organization like the LF, he said, it makes for a safer harbor for competitors to work together—in Germany, at least. He works for Siemens AG, which is a rather large Germany company.

    Breaking up archive files into their constituent files—some of which may need to be unpacked themselves—then scanning the individual source and other files for their licenses is the basic task of FOSSology. It has a powerful license scanner, he said. Its web-based interface can then give an overview of the contents—which licenses apply to various parts of the tree, for example—and allow users to drill down into the file hierarchy to the individual files to see their copyrights and license-relevant text. When looking at the file, FOSSology highlights that license-relevant text and shows a comparison with the reference text of the license it has determined for the file.

    Determining the license that applies to a file is challenging, however. Files have a wide variety of license-relevant text in them, some of which is ambiguous. It depends on the kind of source code you are working with, but the scanner is unable to decide on a license for up to 30% of files it sees, so it is up to a human reviewer to tag the right license. It is then important to also track what reviewers decide on files in the FOSSology database.

    The Software Package Data Exchange (SPDX) format is used to describe various things in a package, including licensing information. FOSSology can both import and export SPDX information, which allows exchanging information between two FOSSology users to share analysis work. FOSSology is one of a few tools that can consume SPDX information; it can be used to review what another party has concluded about the licensing of a code base. In addition, when a package gets updated, the previous analysis can be used as a starting point; the new dependencies and other changes can be incorporated into that rather than starting from scratch.

    [...]

    Huber handed the microphone back to Jaeger to wrap up the presentation. He said that FOSSology participated in the Google Summer of Code (GSoC) for 2019; the project had three GSoC participants working on various projects. FOSSology has been working on integrating with three different open-source projects as well. Software Heritage is a repository of published software, while ClearlyDefined is a repository of metadata about published software. In both cases, FOSSology has plans to interact with them via their REST APIs. The third project is not as well known, he said. Atarashi takes a new approach in scanning for licenses. Instead of using regular expressions and rules, it uses text statistics and information-retrieval techniques.

    Another initiative that the project has undertaken is FOSSology Slides, which is a site for gathering slides that can be used to talk and teach about FOSSology. They are all licensed under CC BY-SA 4.0 (as are the slides [PDF] from the OSS EU talk). They can be used as is, or adapted for other uses; he encouraged anyone to contribute their FOSSology slides as well. One nice outcome of that is that some Japanese FOSSology users translated slides from FOSSology Slides to that language and contributed them back, Jaeger said. Other translations would be welcome for those who want to contribute to the project but are not software developers.

    A FOSSology user in the audience pointed out that the tool is only able to analyze the code it is given, so package dependencies have to be figured out separately. Jaeger agreed, noting that FOSSology is focused on understanding the licenses in the code it is given; there are other tools that can help figure out what the dependencies are and there are no plans to add that to FOSSology. He suggested the OSS Review Toolkit (ORT) as one possibility.

Open Hardware: Zigbee and Arduino

Filed under
Hardware
OSS
  • Philips Hue Bridge v2.1

    I recently bought a Hue Bridge to experiment a bit with Zigbee and 802.15.4. Following two posts for the hardware version 2.0 and some comments about the differences to version 2.1 I was able to get shell access on my 2.1 hardware.

    As there is up to now no complete guide I describe here, what I did:

    Opening the case is straigth forward. Just remove the two lower nubsis at the bottom and unscrew the two torx screws; then carefully unclip the bottom.

  • $10 HelTec CubeCell LoRa Board Features Cypress PSoC 4 MCU

    The board can be controlled with AT command, but it also supports Arduino programming in Windows, Mac OS, and Linux. You’ll find documentation and code samples on Github, as well as on Heltec’s own website.

    The company provides an example of battery life considering a connection with the LoRa gateway every 15 minutes. In this case, an 80mAh/3.7V battery would last for 3 months, but they did not mention in which mode they performed the calculation.

mesa 19.2.4

Filed under
Graphics/Benchmarks
Linux

Hi list,

I'd like to announce mesa-19.2.4, which is available immediately. This is an
emergency release, to fix a critical bug found in the 19.2.3 release which
causes incomplete rendering on all mesa drivers. This release contains a single
patch to fix that bug, anyone using 19.2.3 should immediately upgrade to 19.2.4
or downgrade to 19.2.2.

Dylan

Read more

Also: Mesa 19.2.4 Released As Emergency Update After 19.2.3 Broke All OpenGL Drivers

The Secrets of Docker Secrets

Filed under
Server
HowTos

Most web apps need login information of some kind, and it is a bad idea to put them in your source code where it gets saved to a git repository that everyone can see. Usually these are handled by environment variables, but Docker has come up with what they call Docker secrets. The idea is deceptively simple in retrospect. While you figure it out it is arcane and difficult to parse what is going on.

Essentially the secrets function create in memory files in the docker image that contain the secret data. The data can come from files, or a Docker swarm.

The first thing to know is that the application running in the docker image needs to be written to take advantage of the Docker secrets function. Instead of getting the password from an environment variable, it would get the password from the file system at /run/secrets/secretname. Not all images available use this functionality. If they don't describe how to use Docker secrets, the won't work. The files will be created in the image, but the application won't read them.

Read more

fwupd and bolt power struggles

Filed under
GNU
Linux

As readers of this blog might remember, there is a mode where the firmware (BIOS) is responsible for powering the Thunderbolt controller. This means that if no device is connected to the USB type C port the controller will be physically powered down. The obvious upside is battery savings. The downside is that, for a system in that state, we cannot tell if it has a Thunderbolt controller, nor determine any of its properties, like firmware version. Luckily, there is an interface to tell the firmware (BIOS) to "force-power" the controller. The interface is a write only sysfs attribute. The writes are not reference counted, i.e. two separate commands to enable the force-power state followed by a single disable, will indeed disable the controller. For some time boltd and the firmware update daemon both directly poked that interface. This lead to some interference, leading in turn to strange timing bugs. The canonical example goes like this: fwupd force-powers the controller, uevents will be triggered and Thunderbolt entries appear in sysfs. The boltd daemon will be started via udev+systemd activation. The daemon initializes itself and starts enumerating and probing the Thunderbolt controller. Meanwhile fwupd is done with its thing and cuts the power to the controller. That makes boltd and the controller sad because they were still in the middle of getting to know each other.

Read more

Development and Documentation at Mozilla, SUSE, R, Vim an More

Filed under
Development
  • Firefox Nightly: These Weeks in Firefox: Issue 68

    The “Omniscient” Browser Toolbox will be enabled by default in the coming days

  • The Brains Behind the Books – Part VII: Alexandra Settle

    The content of this article has been contributed by Alexandra Settle, Technical Writer at the SUSE Documentation Team.

    It is part of a series of articles focusing on SUSE Documentation and the great minds that create the manuals, guides, quick starts, and many more helpful documents.

  • The 20 Best R Machine Learning Packages in 2019

    Almost all novice data scientists and machine learning developers are being confused about picking a programming language. They always ask which programming language will be best for their machine learning and data science project. Either we will go for python, R, or MatLab. Well, the choice of a programming language depends on developers’ preference and system requirements. Among other programming languages, R is one of the most potential and splendid programming languages that have several R machine learning packages for both ML, AI, and data science projects.

    [...]

    R is an open-source language so people can contribute from anywhere in the world. You can use a Black Box in your code, which is written by someone else. In R, this Black Box is refereed to as a package. The package is nothing but a pre-written code that can be used repeatedly by anyone. Below, we are showcasing the top 20 best R machine learning packages.

  • 8 Excellent Free Books to Learn Vim

    Vim is an open source configurable and powerful text editor. It’s an improved version of the vi editor, with development dating back to 1976. This software can be used to write any kind of text.

    Vim sports a minimalistic interface to help the writer focus on the task at hand. It’s popular among developers given that it’s inherently modal (you go into command modes where you cannot edit), efficient, extensible, fast, and terminal friendly.

    When getting started with Vim, users face a steep learning curve. It’s true the software is simple. It’s simple in the sense that its minimal interface focuses the user on their main task. But Vim is very powerful.

  • RelStorage 3.0

    We're happy to announce the release of RelStorage 3.0, the relational storage engine for ZODB. Compared to RelStorage 2, highlights include a 30% reduction in memory usage, and up to 98% faster performance! (Ok, yes, that's from one specific benchmark and not everything is 98% faster, but improved performance was a major goal.)

    RelStorage 3.0 is a major release of RelStorage with a focus on performance and scalability. It's the result of a concentrated development effort spanning six months, with each pre-release being in production usage with large databases.

  • Introduction to ZODB Data Storage

    ZODB is a powerful native object database for Python, widely known for its use in the Zope web framework and the Plone content management system. By enabling transparent object graph persistence with no need to predefine schemas, ZODB enables extremely flexible application development. With pluggable storage engines such as FileStorage, ZEO, and RelStorage, it also provides flexible ways to store data.

    [...]

    In addition, ZODB provides a transactional view of these objects with snapshot isolation. Any given connection to the database sees a consistent view of all the objects in the database (whether it reads or writes to any particular object or not) as-of the moment it began. When adding or updating objects, no changes are published and made visible to other connections until the writing connection commits its transaction, at which point either all the changes are made visible or none of them are. Existing connections that continue reading (or even writing!) will still not see those changes; they're "stuck" at the snapshot view of the objects they started with. (The ability for readers to continue to be able to retrieve old data that's been replaced in newer transactions is known as multi-version concurrency control, or MVCC.)

    Many connections may be reading and writing to the database at once. ZODB uses optimistic concurrency control. Readers don't block other readers or writers, and writers are allowed to proceed as if they were the only one making changes right up until they commit. Writes are defined to occur in a strict order. If a writer discovers that an earlier transaction had modified objects that it too wants to modify, a conflict occurs. Instead of just rolling back the writing transaction and forcing it to start over, taking the modified object into account, ZODB gives the application the chance to resolve the conflict using a three-way merge between the object as it existed when the transaction began, the object that the connection wants to commit, and the object that was committed by the other writer. Only if it cannot do so is the transaction rolled back.

New version of LibreOffice Impress Remote for Android

Filed under
Android
LibO

We often talk about the desktop version of LibreOffice on this blog, but our community is working on mobile tools as well. For instance, the LibreOffice Impress Remote lets you interact with your slideshow presentation from your Android device – including slide previews, speaker notes, and more.

Read more

Red Hat: Fedora BoF at Ohio LinuxFest 2019, Technical Projects and More

Filed under
Red Hat
  • Fedora BoF at Ohio LinuxFest 2019

    I held a Fedora Birds-of-a-Feather (BoF) session at Ohio LinuxFest in Columbus, Ohio on November 1. Ohio LinuxFest is a regional conference for free and open source software professionals and enthusiasts. Since it’s just a few hours drive from my house, it seemed like an obvious event for me to attend. We had a great turnout and a lively conversation of the course of an hour.

    The session started a little slowly as many people were still in the keynote. But a few minutes later, the room was nearly full. I didn’t take a count, but at the peak, we probably had about two dozen attendees. Some were existing Fedora users and some were there to learn more about Fedora.

    I didn’t plan any particular content, since I wanted to let the group drive the discussion based on what was interesting to them. We ended up talking about documentation a fair amount. Two of the attendees created a FAS account that weekend so they can start contributing to the docs! Several more claimed the OLF BoF badge, and I sent them all a follow-up email directing them to the Join SIG’s Welcome page.

    In addition to docs, we talked about the general Fedora release process—how we determine our schedule and how we decide when to release. I brought some USB sticks with Fedora 31 Workstation for people to try. And of course I had stickers, pens, and pins to give away.

  • Java Applications Go Cloud-Native with Project Quarkus

    Getting Java applications to run well in a cloud-native environment hasn't always been easy, but that could soon change thanks to the open-source Quarkus framework.

  • Open Liberty Java runtime now available to Red Hat Runtimes subscribers

    Open Liberty is a lightweight, production-ready Java runtime for containerizing and deploying microservices to the cloud, and is now available as part of a Red Hat Runtimes subscription. If you are a Red Hat Runtimes subscriber, you can write your Eclipse MicroProfile and Jakarta EE apps on Open Liberty and then run them in containers on Red Hat OpenShift, with commercial support from Red Hat and IBM.

  • Tracing Kubernetes applications with Jaeger and Eclipse Che

    Developing distributed applications is complicated. You can wait to monitor for performance issues once you launch the application on your test or staging servers, or in production if you’re feeling lucky, but why not track performance as you develop? This allows you to identify improvement opportunities before rolling out changes to a test or production environment. This article demonstrates how two tools can work together to integrate performance monitoring into your development environment: Eclipse Che and Jaeger.

  • 3 key strategies for becoming a diversity and inclusion leader

    Issues of inclusivity also make workplaces challenging for underrepresented developers. Women are 45% more likely to leave their jobs in the first year than men. While some point to factors outside the workplace to account for this, we know that women tend to leave their roles because of feelings of isolation and poor sponsorship. This exacerbates the $16 billion-a-year problem the tech industry faces in hiring and retraining costs.

  • How to contribute to Kubernetes if you have a fulltime job

    I started contributing to Kubernetes (K8s) in October 2018, when I was working on the Product Security Incident Response Team at IBM. I was drawn to distributed systems, but I couldn't work with them in my day job, so my mentor, Lin Sun, suggested I contribute to open source distributed systems in my spare time. I became interested in K8s and have never looked back!

Darktable 3.0 RC1 Released With Greater Undo/Redo Support, More SSE Optimizations

Filed under
Software

Darktable 3.0 RC1 is out today and represents around three thousand commits made to Darktable since the 2.6 series. The Darktable 3.0 is a big release with reworking its GTK user-interface code, undo/redo being supported for more operations, 4K/5K display improvements, 3D RGT LUT transformation support, some SSE optimizations, OpenMP 4.0 requirement when wanting OpenMP threading, more camera support, and a lot more.

Read more

Syndicate content