Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 18 Jul 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Linux Kernel Security is Lacking? srlinuxx 10/04/2005 - 11:42pm
Story Did SCO end up helping Linux? srlinuxx 10/04/2005 - 11:42pm
Story Night that the Lights went Out in TN srlinuxx 11/04/2005 - 12:46am
Story More Summit Notes srlinuxx 10/04/2005 - 11:43pm
Story New Slack is Out srlinuxx 11/04/2005 - 5:01pm
Story New O'Reilly Security Book Released srlinuxx 10/04/2005 - 11:53pm
Story 97 bugs found in MySQL srlinuxx 10/04/2005 - 11:54pm
Story Intel Has Been Busy Busy Busy srlinuxx 10/04/2005 - 11:54pm
Story On the Redmond Front srlinuxx 10/04/2005 - 11:55pm
Story M$ Continues its Attack srlinuxx 10/04/2005 - 11:56pm

Mozilla News and Microsoft's Antitrust Push Against Linux/Android

Filed under
Android
Microsoft
Moz/FF
  • Biggest Mistakes with CSS Grid

    It’s easy to make lots of mistakes with a new technology, especially something that’s as big of a change from the past as CSS Grid. In this video, I explain the 9 Biggest Mistakes people are making, with advice and tips for avoiding these pitfalls and breaking old habits.

  • In loving memory of Abbackar DIOMANDE

    It brings us great sadness to share with you the recent news about one of our dear Rep we will so fondly remember. Abbackar DIOMANDE from Ivory Coast is unfortunately no longer with us.

    Diomande, was a Mozillian from Bouake, Ivory Coast and was contributing in various Mozilla projects including SUMO and L10n.
    He was a local community builder, that helped to build a healthy local community in his country while lately he had also taken the role of a Resources Rep, helping his fellow Mozillians on organizing local initiatives.

  • Mozilla Partners with Women Who Tech to Offer Startup Challenge Europe Award for Privacy, Transparency & Accountability

    The Women Startup Challenge Europe will connect women technology innovators from cities across Europe to compete for $60,000 in cash grants. In addition to the funding, all finalists will also receive: pitch coaching, one on one meetings with investors the day after the Women Startup Challenge, and other crucial startup friendly services. The Startup Challenge, co-hosted by the Office of Paris Mayor Anne Hidalgo, will feature 10 finalists pitching their ventures before a panel of judges on October 25, 2018 at Paris Hôtel de Ville.

    Women Who Tech is a nonprofit organization on a mission to close the funding gap and disrupt a culture and economy that has made it incredibly difficult for women entrepreneurs to raise capital. At Mozilla, we are committed to an internet that catalyzes collaboration among diverse communities working together for the common good. Promoting diversity and inclusion is core to our mission, so working with organizations like Women Who Tech furthers our commitment to create more diversity in innovation.

  • This Week in Rust 243

    Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

  • Mozilla Responds to European Commission’s Google Android Decision

    For Mozilla, these issues of innovation, openness, and competition speak to our history. Twenty years ago, we made Firefox to combat the vertical integration of Microsoft Windows and Internet Explorer. Today, we are again witnessing vertical integration concerns on a larger scale, with powerful players at all parts of the internet ecosystem. Mozilla’s 2018 Internet Health Report identified decentralization as a major goal to promote a healthy internet.

    Targeted, effective interventions can strengthen technology markets and are necessary to advance consumer welfare. Mozilla will continue to build competitive products and to advocate for effective policies and approaches to build a competitive and open technology ecosystem.

  • Google Fined A Record $5 Billion For Abusing Its Dominance in Android Ecosystem

    The European regulators have slapped Google with a record-breaking fine of $5 billion for breaking antitrust laws revolving around its Android operating system.

  • EU fines Google $5 billion over Android antitrust abuse

    European Union regulators have slapped Alphabet-owned Google with a record 4.34 billion euro ($5 billion) antitrust fine for abusing the dominance of its Android mobile operating system, which is by far the most popular smartphone OS in the world.

Red Hat and CentOS Fix Kernel Bug in Latest OS Versions, Urge Users to Update

Filed under
OS
Red Hat
Security

It would appear the there was a bug in the previous Linux kernel update for the Red Hat Enterprise Linux 7.5 and CentOS Linux 7.5 releases, which was released to address the Spectre V4 security vulnerability, making connection tracking information to not function correctly, which could lead to connectivity loss and leaking of configuration properties related to the respective connection tracking into other namespaces.

"Previously, the connection tracking information was not cleared properly for packets forwarded to another network namespace," said Red Hat in an advisory. "Packets that were marked with the "NOTRACK" target in one namespace were excluded from connection tracking even in the new namespace. Consequently, a loss of connectivity occasionally occurred, depending on the packet filtering ruleset of the other network namespaces."

Read more

Also: Red Hat Open-Sources Scanner That Checks Linux Binaries For Spectre V1 Potential

Red Hat Continues Driving Wonderful Innovations In Fedora Workstation

Greg Kroah-Hartman on Linux, Security, and Making Connections at Open Source Summit

Filed under
Linux
Interviews

People might not think about the Linux kernel all that much when talking about containers, serverless, and other hot technologies, but none of them would be possible without Linux as a solid base to build on, says Greg Kroah-Hartman. He should know. Kroah-Hartman maintains the stable branch of the Linux kernel along with several subsystems. He is also co-author of the Linux Kernel Development Report, a Fellow at The Linux Foundation, and he serves on the program committee for Open Source Summit.

In this article, we talk with Kroah-Hartman about his long involvement with Linux, the importance of community interaction, and the upcoming Open Source Summit.

Read more

today's leftovers

Filed under
Misc
  • The 6th gen Lenovo ThinkPad X1 Carbon on Linux is facing sleep mode issues, unofficial patch available for a while [Ed: typical Lenovo.]

    A problem that has been spotted in early March has resurfaced on Twitter this week, and Lenovo pointed the troubled customer to the official forum. Sadly, the 18-page discussion about the X1 Carbon's inability to use deep sleep on Linux also reveals that Lenovo's machines are unable to use LTE and the fingerprint reader when running this operating system.

  • Chrome OS' Files App Redesigned to Support Viewing of Android and Linux Files

    Chromium evangelist at Google François Beaufort announced today that the Files app of the Chrome OS operating system was recently redesigned to accommodate viewing of Android and Linux files.

    Apparently, Google's Chrome OS team is working on redesigning the Files app of the Linux-based Chrome OS operating system for Chromebooks with a new "My Files" section that promises to help you better organize your local files, including those from any Android and Linux apps you might have installed.

    As you can see in the attached screenshot, the new "My Files" section will include the Recent, Takeout, Shortcuts, My Files (Downloads, Google Play/Android Files, and Linux Files), External or Mounted Volumes, Images, Videos, Audio, Google Drive (My Drive, Shared with me, and Offline), as well as Add new services entries.

  • Arrcus Launches New Networking Operating System Platform

    "We are taking advantage of legacy, while simultaneously eliminating the superfluous functionality and/or capabilities that are no longer relevant in a modern networking construct," Garg said.

    On the Northbound interfaces, what ArcOS has it an open standard based programmable API, that enables organization sto harmonize different operating conditions. On the south side with the interfaces that connect with the underlying hardware, Garg said taht Arrcus takes advantage of the Linux kernel. Arrcus adds its own Data Plane Adaptation Layer (DPAL), which is an intelligent hardware abstraction layer, which allows ArcOS to interface into the underlying merchant silicon.

    "We are a control plane solution and what that means is our product runs on the microprocessor that is contained in the switch or router hardware," Garg said. "The majority of those processors are Intel based, but our architecture also supports ARM, we're hardware agnostic at the system level we're also hardware agnostic at the component level."

  • Slackware turns 25

    On July 16th, 1993, Slackware Linux distribution was officially released. Based entirely on the Softlanding Linux System (SLS) system, it was designed for the machines with a 3.5" boot floppy.

  • Slackware, The Oldest Active Linux Distro, Turns 25

    On July 16th, 1993, Slackware Linux distribution was officially released. Based entirely on the Softlanding Linux System (SLS) system, it was designed for the machines with a 3.5” boot floppy. Over the past 25 years, Slackware has turned out to be one of the most influential Linux distros around.

    The very first releases of SUSE Linux and other open source pioneers were based on Slackware; its effect is also seen on other operating systems with “do it yourself” motto.

  • PGP Clean Room Beta

    This summer I’m working on the PGP Clean Room Live CD project. The goal of this project is to make it easy to create and maintain an offline GPG key. It creates and backs up your GPG key to USB drives which can be stored in a safe place, and exports subkeys for you to use, either via an export USB or a PGP smartcard. It also allows you to sign other people’s keys, revoke your own keys, and change your keys expiration dates. The live system is built on

  • Get productive on the Linux desktop with 7 essential apps

    The Linux desktop is not just for people who like to mess with computers. With a wide range of enterprise class productivity and collaboration tools Linux users can enjoy computing parity with their peers and colleagues running other popular desktop computing platforms. Here are 7 apps that will boost your productivity and you’ll also find an additional 20 bonus apps mentioned throughout this article for you to discover.

  • How to Manage Multi-Cloud Services with Juju

    Managing a service with deployments in multi-cloud environments can be a challenge in terms of troubleshooting and scalability due to the complexity of dealing with different public cloud providers. An effective way to manage services deployed cross-cloud is to use tools that allow you to define your service once and deploy anywhere: in the cloud, on bare metal, or locally inside containers. In this blog post I am going to describe how the Canonical SRE team has achieved this, the tools that we use and the way we apply them to manage the Ubuntu Archive Mirror service.

  • Dell XPS 13: Windows 10 vs. Linux Distribution Benchmarks

    Recently I have published benchmarks looking at Windows Server and FreeBSD against eight Linux distributions as well as a 9-way Linux desktop OS benchmark comparison while the latest in this string of fresh Linux distribution benchmarks is looking at the Linux laptop performance impact, if any, between these operating systems. Up for this benchmarking dance was Microsoft Windows 10, Windows 10 when running Ubuntu 18.04 via WSL, Ubuntu 18.04 itself, Fedora Workstation 28, openSUSE Tumbleweed, and Clear Linux.

Software, howtos and GNOME

Filed under
Software
GNOME
HowTos
  • whowatch – Monitor Linux Users and Processes in Real Time

    whowatch is a simple, easy-to-use interactive who-like command line program for monitoring processes and users on a Linux system. It shows who is logged on to your system and what they are doing, in a similar fashion as the w command in real-time.

    It shows total number of users on the system and number of users per connection type (local, telnet, ssh and others). whowatch also shows system uptime and displays information such as user’s login name, tty, host, processes as well as the type of the connection.

  • Notes/Domino is alive! Second beta of version 10 is imminent

    IBM’s effort to make its Notes/Domino platform relevant for the future kicks up a gear this week, as the company prepares a second beta of a new version 10.

    Notes combined messaging and an application development environment, which set hearts a-fluttering in the early-to-mid 1990s. IBM laid out a then-record $3bn to acquire Lotus, which invented Notes, and drove the product to great prominence. IBM re-branded Notes’ back end as Domino and kept the Notes name for the client. But once Microsoft launched Outlook, bound it to Exchange and web-based development took off, both faded.

    And faded and faded until October 2017 when IBM decided it had had enough and did a deal with HCL that saw the latter company pledge to take on future development work.

  • Curse of the CSV monster
  • Curl Command Examples
  • How to Install and Use GIMP 2.10 on Ubuntu 18.04 LTS
  • What is Hostname in Linux and How Can You Change It?
  • How to install Ubuntu Minimal Server
  • Five-or-More Modernisation - Progress Report

    Over the course of the past couple of months, I was able to achieve a promising progress in modernising Five or More, although I would have to say there is a fair share of aspects to tackle yet.

    I opted for rewriting the code module by module, without combining C and Vala code. There was was an old attempt to port Five or More to Vala, but I chose not to use it due to the fact that the partial port was 4 years old and it definitely needed an update, which might have taken quite some time, and might have produced some nasty bugs. While doing so, I paid extra attention to keep things nicely separated: all of the currently ported modules separate the game logic from the drawing logic and the UI.

    I also managed to port the app menu and the preferences window. However, due to the new design gudelines, which are currently only in the state of a proposal, the app menu might require future alterations.

  • GUADEC18 Developer Center BoF Part 2: Possible Audiences

    This is Part 2 of a blog post series summarizing the Developer Center BoF. See also Part 1: The Developer Experience.

    Hi Again! As promised I will now cover our discussion of possible audiences at the GUADEC Developer Center BoF.

Red Hat Leftovers

Filed under
Red Hat

Games: HITMAN and Atari VCS

Filed under
Gaming

More Android Leftovers

Filed under
Android
  • A Look at Google's Project Fi

    Project Fi is a play on the term "WiFi" and is pronounced "Project Fye", as opposed to "Project Fee", which is what I called it at first. Several features set Project Fi apart from other cell-phone plans.

    First, Project Fi uses towers from three carriers: T-Mobile, US Cellular and Sprint. When using supported hardware, Project Fi constantly monitors signal strength and seamlessly transitions between the various towers. Depending on where you live, this can mean constant access to the fastest network or a better chance of having any coverage at all. (I'm in the latter group, as I live in a rural area.)

  • OnePlus 5 and 5T's latest OxygenOS Open Beta bring Google Lens support

    While the last OxygenOS Open Beta update for the OnePlus 5 and OnePlus 5T was a significant upgrade bringing support for Project Treble, the latest versions for both devices offer smaller changes.

  • Google EU fine over Android likely this week

     

    The European Commission, the executive arm of the EU, normally makes such announcements on a Wednesday.

  • Moment of truth for Google as record EU antitrust fine looms

     

    It comes just over a year after the Commission slapped a landmark 2.4-billion-euro ($2.8 billion) penalty on Google, a unit of Alphabet Inc, for favoring its shopping service over those of competitors.
     

    The EU penalty is likely to exceed the 2017 fine because of the broader scope of the Android case, sources familiar with the matter have told Reuters.  

OSS Leftovers

Filed under
OSS
  • Medellín WordPress User Group Celebrates Open Source CMS Platform’s 15th Anniversary

    Medellín is well known for its innovative technology scene, with many active software and information technology user groups. One of those is the user group centered around open source content management software WordPress. A year ago the user group hosted Colombia’s first Wordcamp function, supported by the global WordPress community, and the user group recently gathered to celebrate the 15th anniversary of the first WordPress open source software release that took place May 27, 2003.

    WordPress is an free, open source software platform that allows amateur and professional users to create websites without writing programming code. Over the years it has grown into a powerful platform robust enough to run enterprise websites in many cases. For example, Finance Colombia runs on WordPress software.

  • Training: Embedded Linux and Security training day – Reading

    Providing detailed hands-on training, it is targeted at embedded engineers looking for an introduction to key embedded Linux and Security topics.

  • Amazing solar panel device that could change the world goes open source

    An innovative and simple solar panel efficiency device has just gone open source in order to get renewable energy to those who need it most.

    When you picture solar power, you might think of the enormous Ivanpah solar power plant in California (the largest in the world) or huge tracts of land in other sun-drenched parts of the globe.

    But not everyone has access to such enormous grids and particularly in remote villages in developing nations, there is only a need for a single or small group of solar panels that could maintain maximum efficiency to sustain a family or the village itself.

  • Meet the man in charge of Arduino

    I went to visit the Interaction Design Institute of Ivrea – a school that was started just six months before I went to visit them – and they asked me if I knew someone who could teach electronics to designers and to ask this question to my colleagues at the Politecnico.

    I went back and they said “No! Teaching electronics to designers? For us?” Those were guys working on highly sophisticated FGPAs, so they didn’t care about designers. I thought about Massimo – he had a real passion for electronics and he worked as a CTO for an internet provider at that point in time. I said, “Massimo, you could be the right person for this type of engagement – they’re designers, you love design, and you know electronics.” I introduced Massimo to the school and they hired him. That’s how the story started. When he was teaching at the Design Institute of Ivrea, they started the Arduino project as a way to standardise the electronics projects the students were doing. I introduced Massimo to the school and they invented Arduino, so I’m sort of the great-grandfather to some extent.

  • pinp 0.0.6: Two new options

    A small feature release of our pinp package for snazzier one or two column vignettes get onto CRAN a little earlier.

    It offers two new options. Saghir Bashir addressed a longer-standing help needed! issue and contributed code to select papersize options via the YAML header. And I added support for the collapse option of knitr, also via YAML header selection.

    A screenshot of the package vignette can be seen below. Additional screenshots of are at the pinp page.

  • OpenMP 5.0 Public Draft Released

    The public draft of the OpenMP 5.0 SMP programming standard is now available for review ahead of the specification's expected stable release before the end of 2018.

    OpenMP 5.0 is expected to succeed the OpenMP 4.5 parallel programming standard in Q4'2018, but for ironing out any last minute issues and allowing more compiler developers to begin implementing the standard, the public draft is now available.

FUD, EEE, and Openwashing

Filed under
Microsoft
OSS

Kubernetes News

Filed under
Server
OSS
  • When Does Kubernetes Become Invisible And Ubiquitous?

    The sign of a mature technology is not just how pervasive it is, but in how invisible and easy to use it is. No one thinks about wall sockets any more – unless you happen to need one to charge your phone and can’t find one – and that is but one example of a slew of technologies that are part of every day life.

    Since Google first open sourced the Kubernetes container controller, inspired by its Borg and Omega internal cluster and container management systems, more than four years ago, we have been betting that it would become the dominant way of managing containers on clouds both public and private. The irony is that the people in charge of Google’s infrastructure were not initially all that enthusiastic in giving away such intellectual property, but the Kubernetes and open source enthusiasts correctly predicted that Google would get tremendous cred with the open source community and help create a Google-alike containerized private cloud environment and also possibly spread Google’s approach to rival clouds as well as helping its own Cloud Platform expansion by giving Kubernetes to the world.

  • Crictl Vs Podman

    As people continue to adopt CRI-O as a new container runtime for Kubernetes I am hearing questions from administrators who are confused whether they should use Crictl or Podman to diagnose and understand what is going on in a Kubernetes node. This is not one or the other — these tools are complementary, and this article attempts to explain the tools and examine when it is best to use each of these tools. If you take away one thing from this post, remember that Crictl checks the front entrance, while Podman examines the foundation.

    First things first. For those people who aren’t familiar with it, CRI-O is a lightweight, Open Container Initiative (OCI) compliant, container runtime for Kubernetes. It is designed to run any OCI-based container, it is optimized for Kubernetes and committed to being stable and conformant with the Kubernetes container runtime interface with each Kubernetes release. CRI-O is also now fully supported in OpenShift, Red Hat’s enterprise Kubernetes container platform. For more information on CRI-O check out the CRI-O community web site and blog.

  • BlueData Announces BlueK8s Open Source Kubernetes Initiative

    Kubernetes (aka K8s) is now the de facto standard for container orchestration. Kubernetes adoption is accelerating for stateless applications and microservices, and the community is beginning to evolve and mature the capabilities required for stateful applications. But large-scale distributed stateful applications – including analytics, data science, machine learning (ML), and deep learning (DL) applications for AI and Big Data use cases – are still complex and challenging to deploy with Kubernetes.

RPM And Yum Are A Big Deal For IBM i. Here’s Why

Filed under
Red Hat
Server

By now you’ve probably heard about Yum and RPM, the new processes that IBM will use to deliver open source software to IBM i customers. But you may have questions about how the process works, and what the benefits will be. IT Jungle talked with IBM’s open source guru Jesse Gorzinski to get the low down on why the new tech is so important to the platform.

RPM, which stands for Red Hat Package Manager, is a piece of software created more than 20 years that allows customers in that Linux community to more easily distribute and install the various pieces of software required to create a working Linux environment. Over the years, RPM use has migrated beyond the Red Hat community to other Linux and Unix environments (including AIX), and has essentially become a de facto standard for distributing software in the open source world.

Read more

Also: Red Hat Announces Ansible Engine 2.6 with Simplified Connections to Network APIs and Automation across Windows & Cloud

New Facilities for System76

Filed under
GNU
Linux
  • System76 Linux computer maker offers a sneak peek into its new manufacturing facility

    System76 has long been a Linux computer seller, but recently, it has transitioned into a Linux computer maker. What's the difference, you ask? Well, currently, the company doesn't really make its own computers. System76's laptops, for instance, are made by other manufacturers, which it re-brands as its own.

    No, System76 doesn't just slap its name on other company's laptops and ship them out the door. Actually, it works closely with the manufacturers, tweaks firmware, and verifies that both Ubuntu and its Ubuntu-based Pop!_OS will work well on the hardware. System76 then offers top-notch support too. In other words, the company isn't just selling a computer, but an experience too.

  • System76 New Manufacturing Facility
  • System76 Moves Ahead With Preparing To Manufacture Their Own Desktop Linux PCs

    Back in April 2017 was the announcement that System76 would begin designing and manufacturing their own systems beginning with desktops and to be followed at a later date by their own laptops, rather than relying upon whitebox designs that they currently retail with their Ubuntu/Pop!_OS-loaded PCs. The Colorado-based company is inching closer to fully realizing their goal.

    For a while now the System76 folks have been posting various pictures of their in-progress manufacturing facility while today they have shared more images on their blog.

Linux Development, Graphics and Linux Foundation

Filed under
Graphics/Benchmarks
Linux
  • Fedora Gets An Unofficial Kernel Based On Clear Linux

    While the kernel configuration is just one part of Intel's Clear Linux optimizations for their performance-oriented distribution, a Fedora user has taken the liberty of spinning a Fedora kernel build based upon Clear Linux's kernel configuration.

  • An Idle Injection Framework Queued For Linux 4.19

    Another one of the new frameworks slated for the Linux 4.19 kernel cycle kicking off in August is for idle injection.

    Right now drivers like Intel PowerClamp and the AMD CPU cooling code insert idle CPU cycles when needed on their own, in order to keep below an intended power envelope or thermal threshold. Rather than drivers implementing idle injections on their own, the idle injection code within the Linux kernel has moved into a dedicated framework to make it easier for other kernel users to deploy.

  • IT87 Linux Driver For Supporting Many Motherboard Sensors Is Facing Death

    While Linux hardware support for desktop PCs has advanced a great deal over the years, one area that continues to struggle is support for fan/thermal/power sensors on many of today's motherboards. This area has struggled with not enough public documentation / data-sheets from ASIC vendors as well as not enough upstream Linux kernel developers being interested in the hwmon subsystem. The IT87 Linux driver for many common Super I/O chips found on countless motherboards is unfortunately facing a downfall.

  • Mesa 18.2 Gets Extra Two Weeks Of Development Time

    Serving as the Mesa 18.2 release manager is Andres Gomez of Igalia. He's now pushed back the release plan by two weeks, although Mesa 18.2.0 still should end up shipping in August.

    Rather than branching Mesa 18.2 by week's end, which begins the release candidate phase and marks the feature freeze, that deadline will be pushed back to 1 August. That means there are an extra two weeks of developers to land any desired changes into this next quarterly Mesa feature update.

  • Tips for Success with Open Source Certification

    In today’s technology arena, open source is pervasive. The 2018 Open Source Jobs Report found that hiring open source talent is a priority for 83 percent of hiring managers, and half are looking for candidates holding certifications. And yet, 87 percent of hiring managers also cite difficulty in finding the right open source skills and expertise. This article is the second in a weekly series on the growing importance of open source certification.

    In the first article, we focused on why certification matters now more than ever. Here, we’ll focus on the kinds of certifications that are making a difference, and what is involved in completing necessary training and passing the performance-based exams that lead to certification, with tips from Clyde Seepersad, General Manager of Training and Certification at The Linux Foundation.

  • Xen Project Hypervisor Power Management: Suspend-to-RAM on Arm Architectures

    About a year ago, we started a project to lay the foundation for full-scale power management for applications involving the Xen Project Hypervisor on Arm architectures. We intend to make Xen on Arm's power management the open source reference design for other Arm hypervisors in need of power management capabilities.

A Proposal To Allow Python Scripting Within The GCC Compiler, Replacing AWK

Filed under
Development
GNU

A SUSE developer is seeking feedback and interest on the possibility of allowing a scripting language -- most likely Python -- to be used within the GCC compiler code-base. This would primarily be used for replacing existing AWK scripts.

GCC developer Martin Liška at SUSE is seeking comments on the possibility of adding Python as an accepted language within the GCC code-base. This isn't anything along the likes of replacing existing GCC C compiler code into a scripting language or anything to that effect, but is targeting at replacing current AWK scripts that are hard to maintain.

Read more

GNU: The GNU C Library, IRC Break, and GNUstep

Filed under
GNU
  • Intel CET With Indirect Branch Tracking & Shadow Stack Land In Glibc

    Landing yesterday in Glibc for Intel's Control-flow Enforcement Technology (CET) were the instructions for Indirect Branch Tracking (IBT) and Shadow Stack (SHSTK).

    These Intel CET bits for the GNU C Library amount to a fair amount of code being added. The commit message explains some of the CET steps taken. The Control-flow Enforcement Technology behavior can be changed for SHSTK/IBT at run-time through the "GLIBC_TUNABLES" environment variable.

  • No Friday Free Software Directory IRC meetup on Friday July 20th

    No meeting will be taking place this week due to travel, but meetings will return to our regular schedule starting on Friday, July 27th.

  • Graphos GNUstep and Tablet interface

    I have acquired a Thinkpad X41 Tablet and worked quite a bit on it making it usable and then installing Linux and of course GNUstep on it. The original battery was dead and the compatible replacement I got is bigger, it works very well, but makes the device unbalanced.

    Anyway, my interest about it how usable GNUstep applications would be and especially Graphos, its (and my) drawing application.

    Using the interface in Tablet mode is different: the stylus is very precise and allows clicking by pointing the tip and a second button is also possible. However, contrary to the mouse use, the keyboard is folded so no keyboard modifiers are possible. Furthermore GNUstep has no on-screen keyboard so typing is not possible.

Oracle Solaris 11.3 and Solaris 11.4

Filed under
OS
  • Oracle Solaris 11.3 SRU 34 Brings GCC 7.3, Other Package Updates

    While Solaris 11.4 is still in the oven being baked at Oracle, the thirty-fourth stable release update of Solaris 11.3 is now available.

  • Oracle Solaris 11.3 SRU 34 released

    Full details of this SRU can be found in My Oracle Support Doc 2421850.1. For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1).

  • Oracle Solaris 11.4 Open Beta Refresh 2

    As we continue to work toward release of Oracle Solaris 11.4, we present to you our third release of Oracle Solaris 11.4 open beta.

  • Oracle Solaris 11.4 Public Beta Updated With KPTI For Addressing Meltdown

    In addition to sending down a new SRU for Solaris 11.3, the Oracle developers left maintaining Solaris have issued their second beta of the upcoming Solaris 11.4.

    Oracle Solaris 11.4 Open Beta Refresh 2 is an updated version of their public beta of Solaris 11.4 originally introduced in January. They say this is the last planned public beta with the general availability release now nearing availability.

Security: Back Doors in Voting Machines, Two-Factor Authentication, Introduction to Cybersecurity, and Reproducible Builds

Filed under
Security
  • Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

    The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

    In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

    The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

  • PSA: Make Sure You Have a Backup for Two-Factor Authentication
  • An Introduction to Cybersecurity: The First Five Steps

    You read all these headlines about the latest data breaches, and you worry your organization could be next.

    After all, if TalkTalk, Target, and Equifax can’t keep their data safe, what chance do you have?

    Well, thankfully, most organizations aren’t quite as high profile as those household names, and probably don’t receive quite so much attention from cybercriminals. At the same time, though, no organization is so small or insignificant that it can afford to neglect to take sensible security measures.

    If you’re just starting to take cybersecurity seriously, here are five steps you can take to secure your organization more effectively than 99 percent of your competitors.

  • Reproducible Builds: Weekly report #168
Syndicate content

More in Tux Machines

Today in Techrights

Security: SSL, Microsoft Windows TCO, Security Breach Detection and SIM Hijackers

  • Why Does Google Chrome Say Websites Are “Not Secure”?
    Starting with Chrome 68, Google Chrome labels all non-HTTPS websites as “Not Secure.” Nothing else has changed—HTTP websites are just as secure as they’ve always been—but Google is giving the entire web a shove towards secure, encrypted connections.
  • Biggest Voting Machine Maker Admits -- Ooops -- That It Installed Remote Access Software After First Denying It [Ed: Microsoft Windows TCO]
    We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ. What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago.
  • Bringing cybersecurity to the DNC [Ed: Microsoft Windows TCO. Microsoft Exchange was used.]
    When Raffi Krikorian joined the Democratic National Committee (DNC) as chief technology officer, the party was still reeling from its devastating loss in 2016 — and the stunning cyberattacks that resulted in high-level officials’ emails being embarrassingly leaked online.
  • Getting Started with Successful Security Breach Detection
    Organizations historically believed that security software and tools were effective at protecting them from hackers. Today, this is no longer the case, as modern businesses are now connected in a digital global supply ecosystem with a web of connections to customers and suppliers. Often, organizations are attacked as part of a larger attack on one of their customers or suppliers. They represent low hanging fruit for hackers, as many organizations have not invested in operationalizing security breach detection. As this new reality takes hold in the marketplace, many will be tempted to invest in new technology tools to plug the perceived security hole and move on with their current activities. However, this approach is doomed to fail. Security is not a "set it and forget it" type of thing. Defending an organization from a breach requires a careful balance of tools and operational practices -- operational practices being the more important element.
  • The SIM Hijackers

    By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

GNU/Linux Desktops/Laptops and Windows Spying

  • Changes [Pop!_OS]

    For the last 12 years, my main development machine has been a Mac. As of last week, it’s a Dell XPS 13 running Pop!_OS 18.04.

    [...]

    Take note: this is the first operating system I’ve used that is simpler, more elegant, and does certain things better than macOS.

  • System76 Opens Manufacturing Facility to Build Linux Laptops
    As it turns out, System76 is making the transition from a Linux-based computer seller, into a complete Linux-based computer manufacturer. The Twitter photos are from their new manufacturing facility. This means that System76 will no longer be slapping their logo on other company’s laptops and shipping them out, but making their own in-house laptops for consumers.
  • Extension adding Windows Timeline support to third-party browsers should have raised more privacy questions
    Windows Timeline is a unified activity history explorer that received a prominent placement next to the Start menu button in Windows 10 earlier this year. You can see all your activities including your web browser history and app activity across all your Windows devices in one place; and pickup and resume activities you were doing on other devices. This is a useful and cool feature, but it’s also a privacy nightmare. You may have read about a cool new browser extension that adds your web browsing history from third-party web browsers — including Firefox, Google Chrome, Vivaldi, and others — to Windows Timeline. The extension attracted some media attention from outlets like MSPoweruser, Neowin, The Verge, and Windows Central.

Public money, public code? FSFE spearheads open-source initiative

Last September, the non-profit Free Software Foundation Europe (FSFE) launched a new campaign that calls for EU-wide legislation that requires publicly financed software developed for the public sector to be made publicly available under a free and open-source software license. According to the ‘Public Money, Public Code’ open letter, free and open-source software in the public sector would enable anyone to “use, study, share, and improve applications used on a daily basis”. The initiative, says the non-profit, would provide safeguards against public sector organizations being locked into services from specific companies that use “restrictive licenses” to hinder competition. The FSFE also says the open-source model would help improve security in the public sector, as it would allow backdoors and other vulnerabilities to fixed quickly, without depending on one single service provider. Since its launch, the Public Money, Public Code initiative has gained the support of 150 organizations, including WordPress Foundation, Wikimedia Foundation, and Tor, along with nearly 18,000 individuals. With the initiative now approaching its first anniversary, The Daily Swig caught up with FSFE spokesperson Paul Brown, who discussed the campaign’s progress. Read more