Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 20 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story HP's CEO Search srlinuxx 11/04/2005 - 3:24am
Story IBM Surpassed Dell in Sales? srlinuxx 11/04/2005 - 3:23am
Story This Week at the Movies: Million Dollar Baby & Constantine srlinuxx 11/04/2005 - 3:23am
Story Microsoft signs on Alcatel for IPTV srlinuxx 11/04/2005 - 3:22am
Story HP Printer Cartridges Die Before Use srlinuxx 11/04/2005 - 3:23am
Story IBM furthers Linux While Gates Signs Contract srlinuxx 11/04/2005 - 3:22am
Story rm -rf Contest Interest Wanes? srlinuxx 11/04/2005 - 3:22am
Story Lose Phone = Lose Friends srlinuxx 11/04/2005 - 3:21am
Story Big Bullies srlinuxx 11/04/2005 - 3:20am
Story Mini Mozilla marches on Windows mobiles srlinuxx 11/04/2005 - 3:21am

Kernel: Retpoline, VirtualBox, Linux 4.15 Next Weekend, and Linux Storage, Filesystem, and Memory-Management Summit

Filed under
Linux
  • Retpoline Is Still Being Improved Upon For Intel Skylake/Kabylake

    While initial support for Retpoline was merged into the Linux 4.15 Git kernel last week and is now being backported to some supported Linux kernel series, there is still additional work ongoing for properly mitigating Spectre v2 on Intel Skylake CPUs and newer.

    It turns out Skylake CPUs and newer require additional patches to fully mitigate against the Spectre Variant Two vulnerability. These newer CPUs can fallback to a potentially poisoned indirect branch predictor when a return buffer underflows. Andi Kleen of Intel has sent out a new patch series dubbed "RETPOLINE_UNDERFLOW" that gets enabled by default for Skylake CPUs and newer.

  • VirtualBox Guest Driver Being Mainlined With Linux 4.16

    The upcoming Linux 4.16 kernel cycle will be mainlining the VirtualBox Guest "vboxguest" kernel driver.

    As part of an effort led by Red Hat, the VirtualBox guest drivers are finally working towards mainline in the Linux kernel and with 4.16 there is the vboxguest driver as a notable step following the VirtualBox DRM/KMS driver in Linux 4.13.

  • Linus Torvalds Is Hopeful for a January 21 Release of the Linux 4.15 Kernel

    The eighth and probably the last RC (Release Candidate) of the upcoming Linux 4.15 kernel series has been announced by Linus Torvalds over the weekend and it's now ready for public testing.

    Coming a week after the seventh RC, Linux kernel 4.15 Release Candidate 8 is here with more patches against the Meltdown and Spectre security vulnerabilities publicly disclosed earlier this month. Most specifically, it brings x86 "retpoline" support, a solution developed by Google and other security researchers to not allow speculation on the CPU.

  • LSFMM 2018 call for proposals

    The 2018 Linux Storage, Filesystem, and Memory-Management Summit will be held April 23-25 in Park City, Utah. The call for proposals has just gone out with a tight deadline: they need to be received by January 31.

Red Hat and Fedora

Filed under
Red Hat

Security: Updates, Secure Contexts, RubyMiner, ZAP, Transmission, AMD

Filed under
Security
  • Security updates for Monday
  • Secure Contexts Everywhere

    Since Let’s Encrypt launched, the Secure Contexts specification has become much more mature. We have witnessed the successful restriction of existing, as well as new features to secure contexts. The W3C TAG is about to drastically raise the bar to ship features on insecure contexts. All the building blocks are now in place to quicken the adoption of HTTPS and secure contexts, and follow through on our intent to deprecate non-secure HTTP.

  • Linux and Windows Servers Targeted with RubyMiner Malware

    Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers.

    According to research published by Check Point and Certego, and information received by Bleeping Computer from Ixia, attacks started on January 9-10, last week.

  • Virtual currency miners target web servers with malware
  • ZAP provides automated security tests in continuous integration pipelines

    Commonly, a mixture of open source and expensive proprietary tools are shoehorned into a pipeline to perform tests on nightly as well as ad hoc builds. However, anyone who has used such tests soon realizes that the maturity of a smaller number of time-honored tests is sometimes much more valuable than the extra detail you get by shoehorning too many tests into the pipe then waiting three hours for a nightly build to complete. The maturity of your battle-hardened tests is key.

  • BitTorrent users beware: Flaw lets hackers control your computer

    There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.

    [...]

    Among the things an attacker can do is change the Torrent download directory to the user's home directory. The attacker could then command Transmission to download a Torrent called ".bashrc" which would automatically be executed the next time the user opened a bash shell. Attackers could also remotely reconfigure Transmission to run any command of their choosing after a download has completed. Ormandy said the exploit is of "relatively low complexity, which is why I'm eager to make sure everyone is patched."

  • AMD Releases Linux and Windows Patches for Two Variants of Spectre Vulnerability

    AMD has published a press announcement on Thursday to inform its customers that it released patches for two variants of the Spectre security vulnerability disclosed to the public earlier this month.

  • 'Shift Left': Codifying Intuition into Secure DevOps

    Continuous delivery (CD) is becoming the cornerstone of modern software development, enabling organizations to ship — in small increments — new features and functionality to customers faster to meet market demands. CD is achieved by applying DevOps practices and principles (continuous integration and continuous deployment) from development to operations. There is no continuous delivery without implementing DevOps practices and principles. By that, I mean strong communication and collaboration across teams, and automation across testing, build, and deployment pipelines. But often achieving continuous delivery to meet market demands presents numerous challenges for security.

Applications: GIMP, Partclone, Samba, Tidal

Filed under
Software
  • 6 Cheap Alternatives to Adobe Photoshop

    Adobe Photoshop is easily the industry standard when it comes to graphic and photo editing. We don’t just edit a photo these days, but we ‘photoshop’ it—but ‘shopping things with the real deal isn’t cheap.

    Working on a subscription plan basis, it’ll cost you from $9.99 a month, depending on the package you select. Crucially, you’re renting the product—you’ll never actually own a Photoshop license.

    [...]

    For many years, GIMP has been touted as the ideal free alternative to Photoshop. There’s a good reason for that—it offers very similar functionality to Adobe’s behemoth.

    Providing many professional level features, it includes layers, customizable brushes, filters, and automatic image enhancement tools for those short on time. It further expands its potential through a huge number of plugins, thanks to its very active community. Effectively, it’s in constant development. New features are commonplace, while bugs are few and far between.

    The downside? There’s no native support for RAW files—a key component in photo editing—you have to install an additional plugin straight away for such functionality. Also, GIMP’s highly customizable interface can be intimidating for novice users. While Photoshop is instantly accessible, GIMP requires a little tweaking and manipulation to get things how you like them to look, although recent updates have made it look more like its main competition.

    It’s worth sticking with, of course, given it’s entirely free to use, but for the novice user, it might take a little time to gel.

  • Partclone – A Versatile Free Software for Partition Imaging and Cloning

    Partclone is a free and open-source tool for creating and cloning partition images brought to you by the developers of Clonezilla. In fact, Partclone is one of the tools that Clonezilla is based on.

    It provides users with the tools required to backup and restores used partition blocks along with high compatibility with several file systems thanks to its ability to use existing libraries like e2fslibs to read and write partitions e.g. ext2.

  • Samba 4.8 RC1 Released, Samba 4.9 In Development On Git

    The first release candidate of Samba 4.8 is now available for this popular open-source project implementing the SMB/CIFS protocols.

  • Listen to Tidal Music from the Command Line

    Tidal subscribers have a new way to listen to the high-fidelity music streaming service while using the Linux desktop. The Spotify rival touts better sound quality and bigger royalty cheques for artists, but it doesn’t provide a desktop Tidal music app for Linux.

Security: Patching of GNU/Linux Distros

Filed under
GNU
Linux
Security

16-Way GPU Comparison With NVIDIA GPUs Going Back To Kepler

Filed under
Graphics/Benchmarks

Last week I provided a fresh look at the NVIDIA GeForce vs. AMD Radeon Linux gaming performance using the latest drivers at the start of 2018. That testing included the latest NVIDIA and AMD GPUs, but for those curious how these numbers compare for older NVIDIA GPUs, here's a look with the Kepler and Maxwell graphics cards added to the comparison.

Read more

Ubuntu 18.04 LTS Wallpaper Contest Welcomes Talented Photographers and Artists

Filed under
Ubuntu

Announced today by Ubuntu member Nathan Haines, Ubuntu Free Culture Showcase for Ubuntu 18.04 LTS is now officially open for submissions, and since Ubuntu 18.04 it's an LTS (Long-Term Support) version, which Canonical will support for the next five years with software and security updates, it's more than a wallpaper contest.

Well, of course, it's not a contest, because you won't win any prize besides the fact that your work will be showcased to millions of Ubuntu users worldwide. This time, besides wallpapers, Ubuntu Free Culture Showcase also looks for new video and music files that will be available in the Examples folder of Ubuntu 18.04 LTS' live installation medium.

Read more

KDE Plasma 5.12 LTS Enters Beta, Brings Unified Look and Phone Integration

Filed under
KDE

Designed as the next long-term support (LTS) version of the popular desktop environment, replacing the KDE Plasma 5.8 LTS on users' computers when it will be out early next month, KDE Plasma 5.12 is an important milestone that introduces numerous stability and reliability improvements, along with a bunch of new and long-anticipated features.

One of the most important changes in KDE Plasma 5.12 LTS is the greatly improved support for the next-generation Wayland display server, with a long-term support promise as the KDE Project will continue to patch bugs and other issues until the end of life of the desktop environment next year.

Read more

Also: KDE Plasma 5.12 Reaches Beta With Faster Start-Up Time, Better Wayland Support

How To Create Or Increase Swap Space In Linux

Filed under
Linux

The operating system makes use of swap space when its available physical memory (RAM) is running out due to ever demanding applications. In this situation, the operating system moves the inactive pages in physical memory to swap space.

Read<br />
more

Flatpak Support Getting More Mature in KDE Plasma's Discover Package Manager

Filed under
KDE

Those interesting in installing Flatpak universal Linux apps on their KDE Plasma-based GNU/Linux distros, should know that Flatpak support in the Plasma Discover package manager is now more mature and ready for production. It can handle multiple Flatpak repos, as well as installing of packages from the Flathub repository.

With the upcoming KDE Plasma 5.12 LTS desktop environment, Plasma Discover will support different backends, including Flatpak and Snappy, allowing users to search, download and install Flatpak and Snap apps. However, such a backend doesn't come installed by default, so you'll have to add it manually.

Read more

KDE Frameworks 5.42 Open-Source Software Suite Released for KDE Plasma 5.12 LTS

Filed under
KDE
OSS

KDE Frameworks 5.42.0 is out now just in time for the soon-to-be-released KDE Plasma 5.12 LTS Beta desktop environment, and includes numerous improvements and bug fixes for various components like Baloo, Breeze icons, KActivities, KCoreAddons, KDeclarative, KDED, KDBusAddons, KConfig, KDocTools, KHTML, KEmoticons, KFileMetaData, KI18n, KIO, KInit, Kirigami, and KJobWidgets.

It also improves things like KNewStuff, KNotification, KRunner, KWayland, KTextEditor, KWallet Framework, KWidgetsAddons, KXMLGUI, NetworkManagerQt, Plasma Framework, Prison, QQC2StyleBridge, Sonnet, syntax highlighting, KPackage Framework, as well as KDELibs 4 support and extra CMake modules. The complete changelog is available below for more details on the new fixes.

Read more

Retpoline Backported and a New Benchmark

Filed under
Graphics/Benchmarks
Linux
  • Retpoline Backported To Linux 4.9, Linux 4.14 Kernels

    Retpoline support for mitigating the Spectre vulnerabilities will soon be present in the Linux 4.9 and 4.14 stable kernels.

    Greg Kroah-Hartman has sent out the latest patches for the Linux 4.9 and 4.14 point releases, which now include the Retpoline support.

  • ADATA XPG SX6000: Benchmarking A ~$50 USD 128GB NVMe SSD On Linux

    While solid-state drives have generally been quite reliable in recent years and even with all the benchmarking I put them through have had less than a handful fail out of dozens, whenever there's a bargain on NVMe SSDs, it's hard to resist. The speed of NVMe SSDs has generally been great and while it's not a key focus on Phoronix (and thus generally not receiving review samples of them), I upgrade some of the server room test systems when finding a deal. The latest is trying an ADATA XPG SX6000 NVMe SSD I managed to get for $49.99 USD.

New Raspberry Pi: Zero

Filed under
Linux
Hardware

Debugging and Compiling

Filed under
Development
GNU
  • How debuggers really work

    A debugger is one of those pieces of software that most, if not every, developer uses at least once during their software engineering career, but how many of you know how they actually work? During my talk at linux.conf.au 2018 in Sydney, I will be talking about writing a debugger from scratch... in Rust!

    In this article, the terms debugger/tracer are interchangeably. "Tracee" refers to the process being traced by the tracer.

  • GCC 8.0 Moves On To Only Regression/Documentation Fixes

    The GCC 8 compiler is on to its last stage of development

Security: Meltdown and Spectre, GPG and SSH, Mageia Updates

Filed under
Security
  • Beware! Fake Spectre & Meltdown Patches Are Infecting PCs With “Smoke Loader” Malware [Ed: Welcome to Microsoft Windows]

    One of the most common tactics employed by notorious cybercriminals involves taking advantage of the popular trends and creating fraudulent websites/apps to trick users. It looks like some of the players have tried to exploit the confusion surrounding Meltdown and Sprectre CPU bugs.

    Forget buggy updates which are causing numerous problems to the users, Malwarebytes has spotted a fake update package that installs malware on your computer. The firm has identified a new domain that’s full of material on how Meltdown and Spectre affect CPUs.

    [...]

    The fake file in the archive is Intel-AMD-SecurityPatch-10-1-v1.exe.

  • An update on ongoing Meltdown and Spectre work

    Last week, a series of critical vulnerabilities called Spectre and Meltdown were announced. Because of the nature of these issues, the solutions are complex and requires fixing delicate code. The fixes for Meltdown are mostly underway. The Meltdown fix for x86 is KPTI. KPTI has been merged into the mainline Linux tree and many stable trees, including the ones Fedora uses. Fixes for other arches are close to being done and should be available soon. Fixing Spectre is more difficult and requires fixes across multiple areas.

    Similarly to Meltdown, Spectre takes advantage of speculation done by CPUs. Part of the fix for Spectre is disallowing the CPU to speculate in particular vulnerable sequences. One solution developed by Google and others is to introduce “retpolines” which do not allow speculation. A sequence of code that might allow dangerous speculation is replaced with a “retpoline” which will not speculate. The difficult part of this solution is that the compiler needs to be aware of where to place a retpoline. This means a complete solution involves the compiler as well.

  • CPU microcode update code for amd64
  • Using a Yubikey for GPG and SSH
  • Inspect curl’s TLS traffic

    Since a long time back, the venerable network analyzer tool Wireshark (screenshot above) has provided a way to decrypt and inspect TLS traffic when sent and received by Firefox and Chrome.

  • Mageia Weekly Roundup 2018 – Week 2

    The year is definitely under way, with an astonishing 412 packages coming through commits – mostly for cauldron, but a few are the last remaining updates for Mageia 5, as well as important security updates for Mageia 6.

    Among those updates are all the kernel and microcode updates – our thanks to tmb and our untiring devs for these – to begin hitting Meltdown and Spectre on the head.

    A big hand for the upstream kernel team, as well as our own packagers, QA testers and everyone else that was involved in getting this tested and released.

Games: CRYENGINE, Epic Car Factory, Godot, Depth of Extinction, Yuzu, GPD

Filed under
Gaming

Graphics: Mir, Vulkan, Mesa

Filed under
Graphics/Benchmarks
  • Experimental XDG-Shell Support For Mir's Wayland Support

    Mir's Wayland support continues being hacked on and now being tackled is support for the XDG-Shell protocol.

    A proof of concept implementation for the XDG Shell protocol has been posted for Mir. The XDG-Shell protocol as a reminder is used for managing surfaces under Wayland compositors for dealing with window dragging, resizing, stacking, and other actions.

  • Vulkan 1.0.68 Published

    Coming just over one week since Vulkan 1.0.67 is now the Vulkan 1.0.68 graphics/compute programming specification update.

    Given the short time from Vulkan 1.0.67 to 1.0.68, this updated version does not introduce any new extensions. Vulkan 1.0.68 just has documentation fixes: correcting some typos and making other clarifications for helping developers understand expected behavior of some elements of Vulkan.

  • Intel's Mesa Driver Is A Step Closer To ARB_gl_spirv Support

    Igalia has sent out the fourth version of their patches for wiring in ARB_gl_spirv support into the Mesa OpenGL driver. This extension is the last main blocker from Intel having OpenGL 4.6 support and allows for SPIR-V ingestion support for better interoperability between OpenGL and Vulkan.

  • Mesa Gets Patches For EGL_ANDROID_blob_cache

    An Intel open-source developer has sent out a set of patches implementing the EGL ANDROID_blob_cache extension for Mesa.

Best Linux desktop of 2018

Filed under
GNU
Linux
  • Best Linux desktop of 2018

    The desktop is a critical aspect of your Linux experience, providing you with a user-friendly way to interact with your computer. Unlike Windows or Mac, Linux doesn't tie you to a single desktop. Switching desktop environments is incredibly straightforward – just install a new one, log out and choose it from the login screen. You can install as many desktop environments as you like, although you can only use one at a time.

    In this guide, we've rounded up seven of the most popular desktops, highlighting their strengths and weaknesses. Before you dive in, however, take some time to think about what you want from your desktop.

    A desktop environment is more than the wallpaper which appears when you log in. It also includes a window manager and usually a set of utilities. It may come in the form of a pre-assembled package, such as Gnome or KDE, or it may be assembled by the distro maintainer, such as CrunchBang++'s Openbox or Puppy's JWM.

  • Best Linux distros 2018: the finest open source operating systems around

    Linux is widely-regarded as the discerning techie's operating system of choice, and with good reason. The open source OS has an awful lot to recommend it, and it's every bit as capable as Windows or macOS.

    One of the reasons Linux has proved to be so popular with developers, engineers and technical professionals is that it's almost infinitely versatile, with a wealth of customisation options. It's also got a reputation as being extremely secure.

    Linux doesn't just cater to traditional desktop PCs, either. There are also distros designed to run enterprise-grade applications and servers as well as desktop clients.

Syndicate content

More in Tux Machines

Linux Gaming For Older/Lower-End Graphics Cards In 2018

A request came in this week to look at how low-end and older graphics cards are performing with current generation Linux games on OpenGL and Vulkan. With ten older/lower-end NVIDIA GeForce and AMD Radeon graphics cards, here is a look at their performance with a variety of native Linux games atop Ubuntu using the latest Radeon and NVIDIA drivers. Read more Also: Wine 3.0 open-source compatibility layer now available

Red Hat Patch Warning

  • We Didn't Pull CPU Microcode Update to Pass the Buck
  • Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Android Leftovers

Security: Updates, SOS Fund, IR, ME, and WPA

  • Security updates for Friday
  • Seeking SOS Fund Projects
    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.
  • Strong Incident Response Starts with Careful Preparation
    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.
  • The Intel Management Engine: an attack on computer users' freedom
    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.
  • What Is WPA3, and When Will I Get It On My Wi-Fi?
    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.