Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 16 Jul 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Blog entry slashdot effect srlinuxx 1 19/03/2005 - 6:00am
Page Applications list srlinuxx 19/03/2005 - 6:01pm
Story unix motorcycle srlinuxx 1 19/03/2005 - 6:30pm
Story Computer Addiction or Healthy Enthusiam? srlinuxx 2 20/03/2005 - 6:02pm
Blog entry A Peak at MDK 10.2-b2 AMD64 srlinuxx 2 20/03/2005 - 6:21pm
Page Thank You For Completing Our Survey srlinuxx 21/03/2005 - 4:07am
CA survey srlinuxx 21/03/2005 - 4:13am
Blog entry Re-install Texstar 2 22/03/2005 - 2:41am
Story Dell welcomes back Muslim workers srlinuxx 1 22/03/2005 - 4:27pm
Story My workstation OS: PCLinuxOS Preview 8 Texstar 2 26/03/2005 - 11:17pm

today's leftovers

Filed under
Misc
  • Top 10 Reasons Why Desktop Linux Failed

    1) Linux isn't pre-installed - No matter how much we may debate it, having Windows pre-installed on PCs means that's what people are likely to end up using. In order for someone to move over to Linux on the desktop, there must be a clear reason to do so. There is the problem. The only time I've personally seen users make the switch over to Linux from Windows comes down to frustration with Windows or a desire to advance their skills into an IT field.

    My own Linux story, for example, was a mixture of the two examples above. First off, I was just done with Windows. I had already been dabbling with Linux at the time I completely switched, but I become disenfranchised with the Microsoft way of doing things. So for me, the switch to Linux was based out of frustration.

    Had I not experienced any frustrations with Windows, I might not have ever thought to jump ship over to an alternative. Even when I built my own PCs myself, the OS offered at computer stores was Windows only. This is a huge hurdle for Linux adoption on the desktop.

    2) Linux freedom vs convenience - It's been my experience that people expect a user experience that's consistent and convenience. How one defines this depends on the individual user. For some, it's a matter of familiarity or perceived dependability. For more advanced PC users, a consistent convenience may mean a preferred workflow or specific applications.

    The greater takeaway is that when people are aware of other operating systems, they will usually stick with that they've used the longest. This presents a problem when getting people to try Linux. When using a desktop platform for a long time, you develop habits and expectations that don't lend themselves well to change.

  • How to be efficient and cost effective (or not)

    It's the mid-1990s, and this big corporation is working on a major development project to replace most of its critical systems, says a Unix admin pilot fish working there.

  • [Podcast] PodCTL #41 – Dissecting Kubernetes Surveys

    In a world of open source projects, privately funded companies, one-off cloud services and a mix of public companies, it can often be difficult to determine hype from trends from real usage.

  • PodCTL Podcast #38 – A Beginner’s Guide to Kubernetes
  • Optimizing a Python application with C++ code

    I’ve been working lately in a command line application called Bard which is a music manager for your local music collection. Bard does an acoustic fingerprinting of your songs (using acoustid) and stores all song metadata in a sqlite database. With this, you can do queries and find song duplicates easily even if the songs are not correctly tagged. I’ll talk in another post more about Bard and its features, but here I wanted to talk about the algorithm to find song duplicates and how I optimized it to run around 8000 times faster.

    [...]

    An obvious improvement I didn’t do yet was replacing the map with a vector so I don’t have to convert it before each for_each call. Also, vectors allow to reserve space in advance, and since I know the final size the vector will have at the end of the whole algorithm, I changed to code to use reserve wisely.

    This commit gave the last increase of speed, to 7998x, 36680 songs/second and would fully process a music collection of 1000 songs in just 13 seconds..

  • How A KDE Developer Used C++17 & Boost.Python For About A 8,000x Speed-Up

    Open-source developer Antonio Larrosa who contributes to KDE and openSUSE has been developing a command-line music manager called Bard. He's written an interesting post about how he sped up some of his operations by around eight-thousand times faster.

    In particular, Antonio was focused on speeding up the process of finding song/music duplicates in the user's local music collection. What started out as Python code was morphed into optimized C++ code. Little surprise, the C++ code once tuned was immensely faster than Python -- but the blog post is interesting for those curious about the impact of the various steps he took for tuning this implementation.

  • GLib 2.58 Is Looking Good With Portability Improvements, Efficient Process Launching

    The GLib low-level GNOME library while being quite mature is seeing a significant update with its version 2.58 release due out this September for GNOME 3.30.

    Two of the biggest GLib 2.58 changes we have covered up to now on Phoronix has been the new generic reference counting API and more efficient app launching. The reference counting API has been in the works for 6+ years to help GLib's bindings/integration with languages utilizing automatic memory management / garbage collection. The more efficient process launching via the use of posix_nspawn() is also exciting for better performance, particularly on systems suffering from memory pressure.

  • Taiwan Travel Blog - Day 2 & 3

    My Taiwan Travel blog continues! I was expecting the weather to go bad on July 10th, but the typhoon arrived late and the rain only started around 20:00. I'm pretty happy because that means I got to enjoy another beautiful day of hiking in Taroko National Park.

    I couldn't find time on the 10th to sit down and blog about my trip, so this blog will also include what I did on the 11th.

  • Canonical Releases Minimal Ubuntu, Optimised for Multicloud

    Canonical, the company behind popular Linux system Ubuntu, has released Minimal Ubuntu, a pared-back, significantly faster iteration of its server operating system (OS).

  • Nokia signs billion-euro network tech deal with China Mobile

     

    Nokia said over the one-year framework agreement it will deliver mobile radio access, fixed access, IP routing and optical transport systems as well as other services to the Chinese mobile operator.  

  •  

Software and Games: Wego, Cockpit, Samba, Podman, Humble Store's Square Enix Publisher Week and GOG

Filed under
Software
Gaming
  • wego – ASCII weather app for the terminal

    I spend an inordinate amount of time at the command line. I almost live on the command line because of its convenience. It’s probably because I love terminal apps.

    wego is another gem of a terminal application. It’s open source weather software written in the Go programming language and designed for the terminal. It displays the weather in a variety of visually attractive ways. It’s a lightweight way to keep an eye on the weather without requiring a web browser. The information is SSL-encrypted for transmission to the local computer.

    You may have been using the software without knowing it. wttr.in is a web frontend for wego that you can access using curl to provide weather information from a terminal. If you’ve already got curl on your system, there’s nothing to install. It’s got lots of options; you can find out about them from curl wttr.in/:help

  • Cockpit 172

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 172.

  • Samba 4.9 Is Working On Many Improvements, New Features

    Developers behind Samba, the open-source SMB/CIFS implementation for providing integration with the Windows Server Domain and Windows clients, is preparing for their next 4.9 release.

    In stepping towards their first preview release of Samba 4.9, their news file has been getting filled in over the past couple days to reflect all of the changes that have been staged in Samba Git since the Samba 4.9 branching at the beginning of the year.

  • Using podman for containers

    Podman is one of the newer tool in the container world, it can help you to run OCI containers in pods. It uses Buildah to build containers, and runc or any other OCI compliant runtime. Podman is being actively developed.

    I have moved the two major bots we use for dgplug summer training (named batul and tenida) under podman and they are running well for the last few days.

  • The Humble Store 'Square Enix Publisher Week' has some great Linux games on offer

    For those after some of the bigger Linux games, you should take a look at Humble Store's Square Enix Publisher Week.

  • The updated release of 'Desperados: Wanted Dead or Alive' that has Linux support is now on GOG

    As a reminder, the updated release from THQ Nordic doesn't just add Linux support. It also adds language support for French, German, Spanish, Italian, Russian and English to the main game. It also adds in the lost demo level, with more limited language support.

Linux Kernel, Linux Foundation and Graphics

Filed under
Graphics/Benchmarks
Linux
  • The final step for huge-page swapping

    For many years, Linux system administrators have gone out of their way to avoid swapping. The advent of nonvolatile memory is changing the equation, though, and swapping is starting to look interesting again — if it can perform well enough. That is not the case in current kernels, but a longstanding project to allow the swapping of transparent huge pages promises to improve that situation considerably. That work is reaching its final stage and might just enter the mainline soon.

    The use of huge pages can improve the performance of the system significantly, so the kernel works hard to make them available. The transparent huge pages mechanism collects application data into huge pages behind the scenes, and the memory-management subsystem as a whole works hard to ensure that appropriately sized pages are available. When it comes time to swap out a process's pages, though, all of that work is discarded, and a huge page is split back into hundreds of normal pages to be written out. When swapping was slow and generally avoided, that didn't matter much, but it is a bigger problem if one wants to swap to a fast device and maintain performance.

  • Revisiting the MAP_SHARED_VALIDATE hack

    One of the the most commonly repeated mistakes in system-call design is a failure to check for unknown flags wherever flags are accepted. If there is ever a point where callers can get away with setting unknown flags, then adding new flags becomes a hazardous act. In the case of mmap(), though, developers found a clever way around this problem. A recent discussion has briefly called that approach into question, though, and raised the issue of what constitutes a kernel regression. No changes are forthcoming as a result, but the discussion does provide an opportunity to look at both the specific hack and how the kernel community decides whether a change is a regression or not.

    Back in 2017, several developers were trying to figure out a way to safely allow direct user-space access to files stored on nonvolatile memory devices. The hardware allows this memory to be addressed directly by the processor, but any changes could go astray if the filesystem were to move blocks around at the same time. The solution that arose was a new mmap() flag called MAP_SYNC. When a file is mapped with this flag set (and the file is stored on a nonvolatile memory device), the kernel will take extra care to ensure that access to the mapping and filesystem-level changes will not conflict with each other. As far as applications are concerned, using this flag solves the problem.

  • Take Our Survey on Open Source Programs

    Please take eight minutes to complete this survey. The results will be shared publicly on The New Stack, and The Linux Foundation’s GitHub page.

  • Mesa 18.1.4 release candidate

    Mesa 18.1.4 is planned for release this Friday, July 13th, at or around 10 AM PDT.

  • Mesa 18.1.4 Being Prepared With Intel Fixes & A Couple For Radeon

    Another routine Mesa 18.1. point release is being prepared while waiting for the August debut of the Mesa 18.2 feature update.

    Dylan Baker, the Mesa 18.1 release manager and his first stab at the task, has announced the Mesa 18.1.4 release candidate today. In its current form, Mesa 18.1.4 is comprised of just over two dozen patches.

  • Pre-AMDGPU xf86-video-ati X.Org Driver Sees A Round Of Improvements

    It's rare in recent years to have anything to report on xf86-video-ati, the X.Org driver for the display/2D experience for pre-GCN Radeon graphics cards. But this week has been a large batch of fixes and improvements for those using this DDX driver with pre-HD7000 series hardware.

    Longtime Radeon Linux driver developer Michel Dänzer has landed a number of commits already this week of various fixes/cleanups, some of which were inspired by the xf86-video-amdgpu DDX driver that is used for current-generation hardware with the AMDGPU kernel driver (unless using xf86-video-modesetting...).

Red Hat News, Scientific Linux, and Fedora 29 Dropping GCC From Their Default Build Root

Filed under
Red Hat
  • Red Hat OpenStack platform adopted by Fujitsu

    Red Hat recently announced that Fujitsu has adopted Red Hat OpenStack Platform as an Infrastructure-as-a-Service (IaaS) component of Fujitsu Cloud Service for OSS, its global hybrid cloud service offering.

    As a backbone for an open hybrid cloud, Fujitsu Cloud Service for OSS is designed to help enterprises more quickly develop cloud-native and traditional applications and services in an environment built from innovative, more reliable, and more secure open technologies.

    This announcement shows the continued, long-standing collaboration between Red Hat and Fujitsu to offer hybrid cloud solutions based on open source.

  • Fujitsu Adopts Red Hat OpenStack Platform for Fujitsu Cloud Service for OSS
  • Entando Announces OEM Agreement with Red Hat on Modern Applications

    Entando, a leader in open source Digital Experience Platforms, today announced that Red Hat has agreed to include access to a set of Entando’s open source low-code tools as part of Red Hat’s newly launched Red Hat Process Automation Manager. Entando has optimized the tools to run effectively on Red Hat Process Automation Manager. Together, these technologies offer customers expanded next-generation business process automation capabilities native to Red Hat OpenShift Container Platform and a user experience (UX) designed to help them create cloud-native applications faster.

  • STT Connect builds webscale private cloud infrastructure on Red Hat

    To build its cloud on a flexible, supported open source platform, STT Connect partnered with Red Hat to deploy Red Hat OpenStack Platform, Red Hat Ansible Tower, and other enterprise Red Hat software.

    These solutions helped the company create an agile and efficient — yet secure — webscale cloud infrastructure. STT Connect became the first cloud company in Singapore to achieve the highest level Multi-Tier Cloud Security (MTCS) certification with an OpenStack private cloud.

  • The Final Build of Scientific Linux 6.10 Legacy Branch Released

    Scientific Linux has announced that the 6.10 release will be the final build of their legacy branch based on Red Hat 6.10. It will only receive security updates and major bug fixes and will be supported until November 2020.

    Fermi National Accelerator Laboratory (Fermilab) and European Organization for Nuclear Research (CERN) co-develop Scientific Linux with the aim of creating a stable operating system that is supplied with packages and applications that support scientific research. They also list using “the free exchange of ideas, designs, and implementations to prepare a computing platform for the next generation of scientific computing” as one of their goals.

  • ISVs in APAC Showcase Increased Red Hat OpenShift Adoption Across Verticals
  • Should You Buy Red Hat, Inc. (RHT) or Marsh & McLennan Companies, Inc. (MMC)?
  • Red Hat, Inc. (RHT) P/E ratio is noted at 62.01
  • Is this stock Risky for You?: Red Hat, Inc. (RHT)
  • Analyst Buzz: Red Hat, Inc. (NYSE:RHT)
  • Red Hat: Ready For Multiple Expansion
  • Fedora 29 Dropping GCC From Their Default Build Root Has Been Causing A Heated Debate

    One of the surprisingly controversial changes being implemented for Fedora 29 is dropping GCC and GCC-C++ from the default BuildRoot for assembling Fedora packages with Koji and Mock.

    Up to now it's always just been implied that GCC (including the GCC C++ compiler) is there by default with every build-root. But these days with more packages being written in languages like Go, Rust, Python, Node.js, and other modern languages, the proportion of C/C++ applications is decreasing. As such, the GCC C/C++ support is no longer being implied with the default build environments in Koji/Mock, which in turn should help package build times for non-C/C++ packages as they will no longer need to pull in the gcc/gcc-c++ packages and in turn a cleaner buildroot environment too.

OSS Leftovers

Filed under
OSS
  • Open Source GraphQL Engine Launched

    An open source GraphQL Engine has been launched that can be used with applications based on Postgres without the need for backend GraphQL processing code.

    The new GraphQL as a service can be used by front-end developers to build scaleable GraphQL apps on Postgres.

    Hasura’s GraphQL Engine automates the implementation and linking of databases to the graph. The APIs can be used to choose tables from new or existing database for use with GraphQL and link those existing tables into a graph. The engine has built-in authorization and authentication with granular authentication and a dynamic access control system that integrates with existing authentication systems such as Auth0 or custom implementations. The engine is also lightweight, consuming only 50MB of RAM even while serving more than a thousand requests per second.

  • Hasura Launches Open Source GraphQL Engine That Provides Instant GraphQL-as-a-Service on Any Existing Postgres Application
  • R3 has commercially launched its open-source blockchain platform

    Blockchain consortium R3 has commercially rolled out its open-source blockchain platform, dubbed Corda Enterprise, which aims to enable more businesses to leverage blockchain technologies. This comes after R3 launched version 1.0 of the platform in October 2017.

  • Algo Development 2.0 Looks to Open Source, Cloud & Big Data

    While the financial services industry was an early adopter of open source software going back to the Linux operating system in 1991 and the FIX Protocol in the late 1990s, financial firms may have restrictions on contributing code back to the wider open source community.

    “When it comes to trading algorithms there is a secret sauce embedded there that I don’t think people ever want to open source,” said Bill Harts, senior advisor to the Modern Markets Initiative, who moderated the panel. Harts, who has been an early adopter of algorithmic trading at Citi, Goldman Sachs and Bank of America, said: “That’s how they make money. Where do you draw the line?” asked Harts.

  • 5 open source principles that help DevOps teams excel

    While open source has more than a decade head start on DevOps, the two have steadily converged over time. As a CIO, you can support the use of some key open source cultural values to empower your organization’s DevOps team and ensure maximum success.  

  • Open source hasn't made tech more open

    Democratic ideals have given way to governments and corporate giants.

  • Event management with Indico

    There are many things to love about the Linux Plumbers Conference (LPC), but the event's web site has not often been considered one of them. This year, your editor took on the task of finding a new system to handle proposal submission, review, and scheduling, despite his own poor track record when it comes to creating attractive web sites. The search finally settled on a system called Indico; read on for some impressions of this interesting free event-management system.

    There are a number of free systems out there for handling the needs of conferences. Among the others that were considered are Symposion, which is used by linux.conf.au, and OSEM, the openSUSE event-management system. Both are capable systems, but neither seems to have been developed with the idea that others might want to pick it up and run it. In particular, every Symposion installation seems to require a fair amount of low-level customization. The installation documentation for both is, to put it charitably, a bit scant. Indico, instead, comes with a nice installation manual that makes the task something that is, if not actually easy, at least achievable without having to actually learn the entire code base first. 

    [...]

     Events in Indico have most of the features needed to track their life cycle. Each event has a home page with a reasonable degree of customization; pages of information can be attached to the home page. There is an elaborate mechanism for proposal submission and review. Events can be split into tracks and sessions, with a different coordinator for each session; the schedule for the whole thing can be managed in a reasonably straightforward way. For those who need it, Indico also offers a registration system, though LPC is not using it.

  •  

Codecs and Patents

Filed under
Moz/FF
OSS
Legal
  • An Invisible Tax on the Web: Video Codecs

    Here’s a surprising fact: It costs money to watch video online, even on free sites like YouTube. That’s because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec.

    A codec is a piece of software that lets engineers shrink large media files and transmit them quickly over the internet. In browsers, codecs decode video files so we can play them on our phones, tablets, computers, and TVs. As web users, we take this performance for granted. But the truth is, companies pay millions of dollars in licensing fees to bring us free video.

    It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.

  • AV1, Opportunity or Threat for POWER and ARM Servers?

    While I haven’t seen an official announcement, Phoronix reported that the AV1 git repository was tagged 1.0, so the launch announcement is imminent. If you haven’t heard about it already, AOMedia Video 1 (AV1) is an open, royalty-free video coding format by the Alliance for Open Media.

  • VP9 & AV1 Have More Room To Improve For POWER & ARM Architectures

    Luc Trudeau, a video compression wizard and co-author of the AV1 royalty-free video format, has written a piece about the optimization state for video formats like VP9 and AV1 on POWER and ARM CPU architectures.

Open Hardware: RISC-V FUD and DIY Guns

Filed under
Hardware
  • ARM Takes Down Boneheaded Website Attacking Open-Source Rival

    ARM, the incredibly successful developer of CPU designs, appears to be getting a little nervous about an open-source rival that’s gaining traction. At the end of June, ARM launched a website outlining why it’s better than its competitor’s offerings and it quickly blew up in its face. Realizing the site was a bad look, ARM has now taken it down.

    For the uninitiated, ARM Holdings designs various architectures and cores that it licenses to major chipmakers around the world. Its tech can be found in over 100 billion chips manufactured by huge names like Apple and Nvidia as well as many other lesser-known players in the low-power market. If ARM is Windows, you can think of RISC-V as an early Linux. Like ARM, it’s an architecture based on reduced instruction set computing (RISC), but it’s free to use and open to anyone to contribute or modify. While ARM has been around since 1991, RISC-V just got started in 2010 but it’s gaining a lot of ground and ARM’s pitiful website could easily be seen as a legitimizing moment for the tech.

  • A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

     

    Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First.

     

    "If code is speech, the constitutional contradictions are evident," Wilson explained to WIRED when he first launched the lawsuit in 2015. "So what if this code is a gun?”

Programming: Rust and Python

Filed under
Development
  • This Week in Rust 242

    Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

  • Kindness and open-source projects

    Brett Cannon is a longtime Python core developer and member of the open-source community. He got to check off one of his bucket-list items when he gave a keynote [YouTube video] at PyCon 2018. That keynote was a rather personal look at what he sees as some problem areas in the expectations of the users of open-source software with respect to those who produce it. While there is lots to be happy for in the open-source world, there are some sharp edges (and worse) that need filing down.

    He started with his background as a way to show that he has the experience to give this talk. He is the development lead on the Python extension for Visual Studio Code, which is Microsoft's cross-platform open-source code editor. He noted that the two qualifiers for the editor are probably shocking to some. It was originally a community open-source project; Microsoft hired the developer behind it and it is now "corporate open source", Cannon said. That means there is a company backstopping the project; if the community fell away, the project would continue.

    He has been a Python core developer since April 2003; he got the commit bit shortly after attending the first PyCon (and he has attended every PyCon since as well). In contrast, Python is community open source; if the community disappeared, the project "would probably collapse within a month". He has contributed to over 80 open-source projects along the way; many of those were simply typo fixes of various sorts, but it has given him exposure to a lot of different development processes. "I've been lucky enough to have a broad range of exposure to open source overall."

  • Python and the web

    Dan Callahan is a developer advocate at Mozilla and no stranger to PyCon (we covered a talk of his at PyCon 2013). He was also the champion at Mozilla for the grant that helped revamp the Python Package Index (PyPI). At PyCon 2018, he gave a keynote talk [YouTube video] that focused on platforms of various sorts—and where Python fits into the platforms of the future.

    He began with a slide showing the IBM PCjr, which was the first computer IBM made for the home market. It was released in 1984 and immediately drew a bad reaction from the public and the press (Time magazine called it "one of the biggest flops in the history of computing"). Commercially and even objectively, the PCjr was a bad platform, he said.

    But when he was old enough to become interested in computers, that was the computer that was available to him—his father had bought one during the roughly one year they were available. He learned BASIC as his first language because the PCjr came with BASIC. He didn't think about it at the time, but his first language was chosen for him; he didn't get to consider what features he wanted or how the language's community was. His platform had determined the tool he would use.

    Fast-forward a few years to when he was in high school and had his own computer; even though he had access to Linux, PHP, and Perl, he still found himself programming in BASIC. This was the pre-smartphone era, so when he was bored in class, he had to find some other way to distract himself; he and his friends turned to TI-82 graphing calculators. Those were programmable in BASIC, so even though he had more sophisticated tools available to him, if he wanted to share something with his friends, it would have to be written in BASIC for the TI-82. That platform also dictated the tool that he would use.

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

Mozilla: Privacy Laws, WebVR/XR, Funding, Privacy in Thunderbird and More

Filed under
Moz/FF
  • Mozilla applauds passage of Brazilian data protection law

    Mozilla’s previous statement supporting the Brazilian Data Protection Bill can be found here. The bill will now go to Brazilian President Michel Temer for his signature.

  • My Journey to Tech Speaking about WebVR/XR

    Ever since a close encounter with burning out (thankfully, I didn't quite get there) forced me to leave my job with Mozilla more than two years ago, I have been looking for a place and role that feels good for me in the Mozilla community. I immediately signed up to join Tech Speakers as I always loved talking about Mozilla tech topics and after all breaking down complicated content and communicating it to different groups is probably my biggest strength - but finding the topics I want to present at conferences and other events has been a somewhat harder journey.

  • Mozilla Funds Top Research Projects

    We are very happy to announce the results of the 2018H1 Mozilla Research Grants. This was an extremely competitive process, with over 115 applicants. We selected a total of eight proposals, ranging from tools to fight online harassment to systems for generating speech. All these projects support Mozilla’s mission to make the Internet safer, more empowering, and more accessible.

    The Mozilla Research Grants program is part of Mozilla’s Emerging Technologies commitment to being a world-class example of inclusive innovation and impact culture-and reflects Mozilla’s commitment to open innovation, continuously exploring new possibilities with and for diverse communities. We will open the 2018H2 round in Fall of 2018: see our Research Grant webpage for more details and to sign up to be notified when applications open.

  • 4 add-ons to improve your privacy on Thunderbird

    Thunderbird is a popular free email client developed by Mozilla. Similar to Firefox, Thunderbird offers a large choice of add-ons for extra features and customization. This article focuses on four add-ons to improve your privacy.

  • Mozilla’s Test Pilot Program For Mobile Apps: Launches “Lockbox” and “Notes” App

Chrome 67 to Counter Spectre on Mac, Windows, Linux, Chrome OS via Site Isolation

Filed under
Google
Security
  • Chrome 67 to Counter Spectre on Mac, Windows, Linux, Chrome OS via Site Isolation

    The Spectre and Meltdown vulnerabilities, discovered earlier this year, caught everyone off guard including hardware and software companies. Since then, several vendors have patched them, and today, Google Chrome implemented measures to protect the browser against Spectre. The exploit uses the a feature found in most CPUs to access parts of memory that should be off-limits to a piece of code and potentially discover the values stored in that memory. Effectively, this means that untrustworthy code may be able to read any memory in its process’s address space. In theory, a website could use such an attack to steal information from other websites via malicious JavaScript code. Google Chrome is implementing a technique known as site isolation to prevent any future Spectre-based attacks from leaking data.

  • Google Chrome is getting a Material Design revamp – here’s how to test the new features

    Google has been promising a Material Design revamp of its desktop Chrome web browser for quite some time – and now we have our first look.

    An update to the experimental Chrome Canary browser on Windows, Linux and Mac, offers a preview of what we can expect when Google builds the changes into the main browser later this year.

  • Google Chrome Gets A Big Material Design Makeover, Here's How To Try It On Windows, Linux And macOS

    Google's dominate Chrome web browser is set to receive a big Material Design makeover later this year. However, if you want to give a try right now, you can do so by downloading the latest build of Chrome Canary. For those not in the know, Canary is the developmental branch of Chrome where new features are tested before they roll out widely to the public.

    As you can see in the image below, this is a total revamp of the browser, with a completely new address bar and look for the tabs interface. Tabs have a more rounded shape and colors have been refreshed through the UI.

  • Chrome 67 features Site Isolation to counter Spectre on Mac, Windows, Linux, Chrome OS

    Following the disclosure of Spectre and Meltdown CPU vulnerabilities earlier this year, the entire tech industry has been working to secure devices. In the current stable version of Chrome, Google has widely rolled out a security feature called Site Isolation to protect desktop browsers against Spectre.

Hiding the Fedora boot menu

Filed under
Red Hat

The venerable Linux boot menu has made its appearance at boot time since the days when LILO was the standard boot loader, through the days of GRUB, and onward to today's GRUB 2 and others. It is sometimes configured out by distributions as something that will potentially confuse less-technical users, but it has been a mainstay of Fedora for many releases. A recent proposal to hide the menu, starting in Fedora 29, has met a mixed reaction, but those who are not in favor are also those most able to revert to the existing behavior.

Hans de Goede raised the issue back at the end of May. He suggested that Fedora had at one time hidden the boot menu, but changed. As a longtime Fedora user, I don't remember that switch, but my memory is faulty and that may be the case here. In any case, De Goede's idea is to not have the distribution print any confusing messages at boot time: "the end goal being a user pressing the on button and then going to the graphical login manager without him seeing any text messages / menus filled with technical jargon."

The response was somewhat mixed, as might be expected. Stephen Gallagher was concerned about boots that failed and gave the user no alternatives to try. De Goede said that the plan was to detect failed boots and then show the boot menu on the next boot. He muddied the waters somewhat by mentioning a "fastboot" feature that he is planning for Fedora 30. It would effectively provide no way for a user sitting at the console to override the boot sequence (with a key press, say) and get the boot menu once the system has started booting.

Read more

Also: Fedora tackles Southeast Linux Fest 2018

GNOME: GUADEC and News From GLib 2.58

Filed under
GNOME
  • GUADEC 2018: BoF Days

    Monday went with engagement BoF. I worked with Rosanna to finalize the annual report. Please help us proofread it! I have also started collecting information for the GNOME 3.30 release video. If you are a developer and you have exciting features for GNOME 3.30, please add them to the wiki. The sooner you do it, the happier I am.

  • GNOME Foundation opens recruitment for further expansion

    Today, July 6th 2018, the GNOME Foundation has announced a number of positions it is recruiting for to help drive the GNOME project and Free Software on the desktop. As previously announced, this has been made possible thanks to a generous grant that the Foundation has received, enabling us to accelerate this expansion.

  • Emmanuele Bassi: News from GLib 2.58

    Next September, GLib will hit version 2.58. There have been a few changes during the past two development cycles, most notably the improvement of the Meson build, which in turn led to an improved portability of GLib to platforms such as Windows, macOS, and Android. It is time to take stock of the current status of GLib, and to highlight some of the changes that will impact GLib-based code.

Stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140 and 3.18.115

Filed under
Linux

CAN-based passive telematics software hitches ride on the Raspberry Pi

Filed under
Linux

On Indiegogo, Network Sorcery is pitching “UCAN” software for a CAN-equipped Raspberry Pi board that enables passive, real-time decoding of automotive telematics data over the CAN Bus. UCAN initially supports GM, Infiniti, and Nissan cars.

San Diego based Network Sorcery, which publishes information about network communication protocols, including the RFC Sourcebook, has gone to Indiegogo to launch a telematics program that runs on a Raspberry Pi 3 equipped with a CAN adapter board. The Linux-based UCAN software passively extracts and decodes telematics data in real time via the CAN Bus, offering “more detail and up to 50 times the volume of data than OBD2 (or OBD-II) based systems can provide,” says Network Sorcery.

Read more

Oracle wants to improve Linux load balancing and failover

Filed under
Linux

Oracle reckons Linux remote direct memory access (RDMA) implementations need features like high availability and load balancing, and hopes to sling code into the kernel to do exactly that.

The problem, as Oracle Linux kernel developer Sudhakar Dindukurti explained in this post, is that performance and security considerations mean RDMA adapters tie hardware to a “specific port and path”.

A standard network interface card, on the other hand, can choose which netdev (network device) to use to send a packet. Failover and load balancing is native.

Read more

Syndicate content

More in Tux Machines

OSS: Apache Cassandra, Jib,WSO2 and More

  • Apache Cassandra at 10: Making a community believe in NoSQL
    Ten years ago this month, when Lehman Brothers was still just about in business and the term NoSQL wasn't even widely known, let alone an irritant, Facebook engineers open-sourced a distributed database system named Cassandra. Back then, the idea that huge numbers of companies would need a scalable database was almost laughable – and that grip of traditional relational database systems is reflected in the mythical moniker given to what would become one of the first of many databases designed to run on a cluster of machines. Named after the Greek figure who was cursed to utter the truth but was never believed, Cassandra might seem an odd choice for a system whose raison d'être is believability – but it delivered a nice dig at the stalwarts of the RDBMS world… and their trust in a false Oracle.
  • Google Launches Jib, Automated Container Packaging for Java Apps
    Google has released software that could automate the packaging of a Java program so that it can be run in the cloud-native environment. Jib is an open-source Java “containerizer,” one that handles all the steps of packaging your application into a container image, according to Appu Goundan and Qingyang Chen, two Google engineers who co-wrote a blog post announcing the new technology. Created over two decades ago at Sun Microsystems, Java was introduced as a “write once, run anywhere” programming language, where all the code would be packaged in a JAR file, and run by a Java Virtual Machine on any platform. The requirements for running code anywhere have expanded with the introduction of containerization, however. Few shops are Java-only these days, and many are turning to containerization for true application portability,
  • WSO2 Summer 2018 Release Brings Agility to Secure Microservices Integration
  • New Operations in Mexico Extend WSO2’s Reach Across Latin America
  • How Open Source Became The Default Business Model For Software
  • 10 Best Kodi Addons You Should Install In 2018 | Legal Addons
    Kodi is one of the most popular media player software which enables you to access videos, music, and pictures via the internet or local storage on a host of platforms. Managed by XBMC foundation, Kodi is an open source software. However, its reputation has been soiled by labeling it as a piracy bearer, and that is why many ask “Is Kodi legal?” You can read more about Kodi and whether it is legal or not here.
  • Summer of Code: Plan for the grand finale
    To get that done, I have to polish up my smack-openpgp branch which has grown to a size of 7000 loc. There are still some minor quirks, but Florian recommended to focus on the big picture instead of spending too much time on small details and edge cases. I also have to release pgpainless to maven central and establish some kind of release cycle. It will be a future challenge for me personally to synchronize the releases of smack-openpgp and pgpainless.
  • Collaborative World Shaping: Why Open-Source Tech Matters in a For-Impact Future
    How many lives could be saved if there was a way to vastly cut down inefficiency and through bureaucracy, by problem solving at a global scale? Could technology help us reach more individuals in need more meaningfully, substantially helping people affected by disasters – in less time? The technology is already out there – but not enough people know about it. In 2017, Hurricane Irma—the strongest hurricane ever recorded in the Atlantic Ocean—made landfall; with widespread, “catastrophic” damage, disaster relief organizations were overwhelmed. “A lot of traditional means of crisis response are very top down, and they didn’t really kick in — we saw headlines about how the Red Cross didn’t show up to shelters,” said Greg Bloom, a community organizer and civic hacker who knew he had to step in to assist.
  • The First Open-Source Smart Contract Platform to be Started by Rootstock
    RSK Labs, formerly known as Rootstock, an Argentinian startup building the first open-source smart contract platform with a 2-way peg to Bitcoin.RSK Labs CEO Diego Gutiérrez Zaldívar on Bitcoin Smart Contracts Sidechain and Crypto Industry Challenges. Even though at this point of time the 2-way peg security of the RSK blockchain is still relying on a group of third parties called ‘Federation’, in the future the developers promise to bring a “trustless” automatic peg. How fast this happens to some degree depends on the overall miners support. The company says its goal is to add value and functionality to the Bitcoin ecosystem by enabling Ethereum-like smart-contracts, near instant payments and higher-scalability, and this past January after almost two years of development its mainnet dubbed Bamboo was finally launched.
  • Creality’s Ender 3 3D Printer is Now Fully Open Source
    Creality3D, founded in 2014, is a 3D printer manufacturer based in China, offering more than 20 products. Their popular Ender 3 was recently voted “Best 3D Printer Under $200” by All3DP (review here). Now, the company is making their most popular 3D printer, the Ender 3, completely open source. This makes it the first Open Source Hardware Association certified 3D printer in China. This means not just a few files have been shared, but all hardware, CAD files, board schematics and firmware files are available. You can find the updated versions on the company’s GitHub page.
  • Charité's researchers integrate open-source platform into the 'Human Brain Project'
    Universitätsmedizin Berlin and the Berlin Institute of Health (BIH) are pleased to announce that 'The Virtual Brain' neuroinformatics platform has joined the EU's Flagship 'Human Brain Project'. With financial support from the EU's Horizon 2020 research and innovation program, Charité's researchers are now integrating their open-source platform into the 'Human Brain Project'. This will provide participating researchers with a research infrastructure that promotes efficiency and reproducibility. The researchers will focus on refining the theoretical underpinnings of the computer models used, developing efficient simulation technology, and working on neuroinformatics solutions that enhance the reproducibility of studies.

Kernel and Graphics: PDS, VKMS and Nouveau

  • PDS 0.98s release
    PDS 0.98s is released with the following changes 1. Fix compilation issue on raspberry pi. 2. Minor rework and optimization on balance code path. 3. Fix wrong nr_max_tries in migrate_pending_tasks. This is mainly a bug fix and minor optimization release for 4.17. The rework of balance code doesn't go well, it actually make more overhead than current implement. Another rework which based on current implement is still on going, hopefully be included in next release.
  • PDS-MQ CPU Scheduler Revised For The Linux 4.17 Kernel With Minor Optimizations
    Alfred Chen announced this week the release of PDS-mq 0.98s, his latest patch-set of this CPU scheduler against the Linux 4.17 upstream code-base and includes minor optimization work and bug fixes. The PDS scheduler stands for the "Priority and Deadline based Skiplist multiple queue scheduler" that is derived from Con Kolivas' former BFS scheduler with Variable Run Queue (VRQ) support. PDS design principles are to be a simple CPU process scheduler yet efficient and scalable. PDS-mq differs from Con Kolivas' current MuQSS scheduler.
  • Add infrastructure for Vblank and page flip events in vkms simulated by hrtimer
    Since the beginning of May 2018, I have been diving into the DRM subsystem. In the beginning, nothing made sense to me, and I had to fight hard to understand how things work. Fortunately, I was not alone, and I had great support from Gustavo Padovan, Daniel Vetter, Haneen Mohammed, and the entire community. Recently, I finally delivered a new feature for VKMS: the infrastructure for Vblank and page flip events. At this moment, VKMS have regular Vblank events simulated through hrtimers (see drm-misc-next), which is a feature required by VKMS to mimic real hardware [6]. The development approach was entirely driven by the tests provided by IGT, more specifically the kms_flip. I modified IGT to read a module name via command line and force the use of it, instead of using only the modules defined in the code (patch submitted to IGT, see [1]). With this modification in the IGT, my development process to add a Vblank infrastructure to VKMS had three main steps as Figure 1 describes.
  • The State Of The VKMS Driver, Preparations For vBlank & Page Flip Events
    One of the exciting additions to look forward to with the upcoming Linux 4.19 kernel cycle is the virtual "VKMS" kernel mode-setting driver. The driver is still a work-in-progress, but multiple developers are working on it.
  • NIR Continues To Be Prepped For OpenCL Support
    Longtime Nouveau contributor Karol Herbst who joined Red Hat several months ago has been working on Nouveau NIR support as stepping towards SPIR-V/compute support and this summer the work very much remains an active target.
  • Nouveau Gallium3D Moves Closer Towards OpenGL 4.5 Compliance
    While the RadeonSI and Intel i965 Mesa drivers have been at OpenGL 4.5 compliance for a while now, the Nouveau "NVC0" Gallium3D driver has been bound to OpenGL 4.3 officially. This Nouveau Gallium3D driver for NVIDIA "Fermi" graphics hardware and newer has effectively supported all of the OpenGL 4.4/4.5 extensions, but not officially. Originally the NVC0 problem for OpenGL 4.4 and newer was the requirement of passing the OpenGL Conformance Test Suite (CTS), which at first wasn't open-source. But now The Khronos Group has made it available to everyone as open-source. Additionally, the proper legal wrangling is in place so the Nouveau driver could become a conforming Khronos adopter under the X.Org Foundation without any associated costs/fees with Nouveau being purely open-source and primarily considered a community driver.

DistroWatch The Best Website For Distro Hoppers

The DistroWatch features release announcements of new versions of hundreds of Linux and other distributions. It does host reviews of distros, podcasts, and newsletters. DistroWatch first published by Ladislav Bodnar, the founder, and maintainer, on May 31, 2001. DistroWatch initially focused on Linux distributions. But later based on user requests, it went on adding different flavors of operating systems like BSD family, Android x86, Oracle Solaris, MINIX, and Haiku etc. The DistroWatch presents detailed information at one place in a very convenient manner. At the time of writing this article, the DistroWatch hosted information of more than 300 active distributions (referring the list of distros populated under drop-down feature on the first page of the DistroWatch) and more than hundred in queue. It is said that the DistroWatch lives out of advertising and donation. LinuxCD.org is the first to advertise on the DistroWatch site. Read more

Ubuntu 18.04 LTS and 16.04 LTS Amazon Linux AMIs Now Support Amazon's SSM Agent

As of July 2018, Amazon's Linux AMIs (Amazon Machine Images) that are based on either the Ubuntu 16.04 LTS (Xenial Xerus) or Ubuntu 18.04 LTS (Bionic Beaver) operating systems now come pre-installed with the AWS Systems Manager Agent (SSM Agent), an Amazon software designed to run on hybrid or Amazon EC2 instances in public and private clouds on AWS (Amazon Web Services). "With this new feature release, AWS Systems Manager Agent is installed by default on all instances launched or built from Ubuntu 16.04 LTS (2018.07 and later) and 18.04 LTS (all versions) AMIs," said Amazon. "By having the agent pre-installed, you can quickly start using AWS Systems Manager features such as Run Command, State Manager, Inventory and Patch Manager." Read more