Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 21 Feb 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Mozilla News: Performance, Marnie Pasciuto-Wood, Tracking Protection, CSS Grid, Firefox 59 Beta 10 Testday Today

Filed under
Moz/FF
  • Firefox Performance Update #1

    In an attempt to fill the shoes of Ehsan’s excellent Quantum Flow Newsletters1, I’ve started to keep track of interesting performance bugs that have been tackled over the past little while.

    I don’t expect I’ll be able to put together such excellent essays on performance issues in Firefox, but I can certainly try to help to raise the profile of folks helping to make Firefox faster.

  • Welcome Marnie to the Test Pilot Team!

    Late last year, the Test Pilot team welcomed a new engineering program manager, Marnie Pasciuto-Wood. In this post, Marnie talks about what it’s been like joining Mozilla and what keeps her busy and inspired outside of work.

  • A Perspective: Firefox Quantum’s Tracking Protection Gives Users The Right To Be Curious

    In the physical world, we don’t wear our ID on our foreheads. This is convenient because we can walk around with a reasonable expectation of privacy and let our curiosity take us to interesting places. That shoe store you sauntered into because they had a pair that caught your eye has no idea who you are, where you live, or anything about you. More importantly, any attempt by that shoe store to have an employee follow you around would not only be impractical, but would be met with some serious side-eye from potential customers.

  • CSS Grid for UI Layouts

    CSS Grid is a great layout tool for content-driven websites that include long passages of text, and it has tremendous value for a variety of traditional UI layouts as well. In this article I’ll show you how to use CSS Grid to improve application layouts that need to respond and adapt to user interactions and changing conditions, and always have your panels scroll properly.

  • Firefox 59 Beta 10 Testday, February 16th

    We are happy to let you know that Friday, February 16th, we are organizing Firefox 59 Beta 10 Testday. We’ll be focusing our testing on Find Toolbar and Search Suggestions.

AMD Ryzen 3 2200G + Ryzen 5 2400G Linux CPU Performance, 21-Way Intel/AMD Comparison

Filed under
Graphics/Benchmarks

Yesterday I posted some initial Linux benchmarks of the Ryzen 5 2400G Raven Ridge APU when looking at the Vega 11 graphics, but for those curious about the CPU performance potential of the Ryzen 5 2400G and its ~$100 Ryzen 3 2200G sibling, here are our first CPU benchmarks of these long-awaited AMD APUs. These two current Raven Ridge desktop APUs are compared to a total of 21 different Intel and AMD processors dating back to older Kaveri APUs and FX CPUs and Ivy Bridge on the Intel side.

Read more

Also: Phoronix Test Suite 7.8 Officially Released For Open-Source, Cross-OS Benchmarking

Jupyter and Junior Developers

Filed under
Development
  • Jupyter: notebooks for education and collaboration

    The popular interpreted language Python shares a mode of interaction with many other languages, from Lisp to APL to Julia: the REPL (read-eval-print-loop) allows the user to experiment with and explore their code, while maintaining a workspace of global variables and functions. This is in contrast with languages such as Fortran and C, which must be compiled and run as complete programs (a mode of operation available to the REPL-enabled languages as well). But using a REPL is a solitary task; one can write a program to share based on their explorations, but the REPL session itself not easily shareable. So REPLs have gotten more sophisticated over time, evolving into shareable notebooks, such as what IPython, and its more recent descendant, Jupyter, have. Here we look at Jupyter: its history, notebooks, and how it enables better collaboration in languages well beyond its Python roots.

  • Who Killed The Junior Developer?

    I’m not sure what the industry-wide solution is. I’m not sure whether companies that lack junior devs are unbalanced or smart. The reality is that most software developers don’t stay one place very long, so maybe it doesn’t make sense to invest a lot in training someone? Or maybe the industry should ask itself why people keep hopping jobs? Maybe it’s because a lot of them suck, or for a lot of us it’s the only way to advance our salary. I can either wait for a stupid, meaningless yearly “performance review” to bump me up 1% or take my resume and interview elsewhere and get 10% or more.

    It’s not just a sign that an individual company is broken, it’s a sign the entire industry is broken.

Security: Salon 'Malware', Georgia's Plan, Let's Encrypt, USB, and Hardware Bugs

Filed under
Security
  • Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency

    As we've been discussing, the rise of stealth cryptocurrency miners embedded on websites has become a notable problem. In some instances, websites are being hacked and embedded with stealth cryptocurrency miners that quickly gobble up visitors' CPU cycles without their knowledge. That's what happened to Showtime recently when two different domains were found to be utilizing the Coinhive miner to hijack visitor broswers without users being informed. Recent reports indicate that thousands of government websites have also been hijacked and repurposed in this fashion via malware.

    But numerous websites are also now exploring such miners voluntarily as an alternative revenue stream. One major problem however: many aren't telling site visitors this is even happening. And since some implementations of such miners can hijack massive amounts of CPU processing power while sipping a non-insubstantial amount of electricity, that's a problem.

  • Georgia Senate Thinks It Can Fix Its Election Security Issues By Criminalizing Password Sharing, Security Research

    When bad things happen, bad laws are sure to follow. The state of Georgia has been through some tumultuous times, electorally-speaking. After a presidential election plagued with hacking allegations, the Georgia Secretary of State plunged ahead with allegations of his own. He accused the DHS of performing ad hoc penetration testing on his office's firewall. At no point was he informed the DHS might try to breach his system and the DHS, for its part, was less than responsive when questioned about its activities. It promised to get back to the Secretary of State but did not confirm or deny hacking attempts the state had previously opted out of.

    To make matter worse, there appeared to be evidence the state's voting systems had been compromised. A misconfigured server left voter records exposed, resulting in a lawsuit against state election officials. Somehow, due to malice or stupidity, a server containing key evidence needed in the lawsuit was mysteriously wiped clean, just days after the lawsuit was filed.

  • Let's Encrypt Hits 50 Million Active Certificates and Counting

    In yet another milestone on the path to encrypting the web, Let’s Encrypt has now issued over 50 million active certificates. Depending on your definition of “website,” this suggests that Let’s Encrypt is protecting between about 23 million and 66 million websites with HTTPS (more on that below). Whatever the number, it’s growing every day as more and more webmasters and hosting providers use Let’s Encrypt to provide HTTPS on their websites by default.

  • Linux systems can still be hacked via USB sticks

    Linux systems could be a risk from malware on USB memory sticks, according to security researchers.

    The bug affects users running the KDE Plasma desktop environment, which is widely used in GNU/Linux distributions. The issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0.

  • Spectre & KPTI Get More Fixes In Linux 4.16, Offsets Some KVM Performance Losses

    While we are past the Linux 4.16 merge window, more Spectre and Meltdown related improvements and changes are still being allowed into the kernel, similar to all the KPTI/Retpoline work that landed late in Linux 4.15. On Wednesday was another big batch of KPTI and Spectre work that has already been merged.

  • Kali Linux Ethical Hacking OS Getting Fix for Meltdown & Spectre with Linux 4.15

IPFire 2.19 - Core Update 118 released

Filed under
GNU
Linux
Security

this is the official release announcement for IPFire 2.19 – Core Update 118. It comes with a number of security and bug fixes as well as some new features. Please note the that we are dropping support for some add-ons.

Read more

Min: An Open Source Web Browser for Minimalists

Filed under
Software

Min is an open source web browser with a clean UI and minimalist look. Despite being minimal, Min packs enough features for a standard web browsing experience.
Read more

Servers? We don't need no stinkin' servers!

Filed under
Server

OK, so we'll always need some servers.

But with the rise of virtual machines (VM)s and container technologies such as Docker, combined with DevOps and cloud orchestration to automatically manage ever-larger numbers of server applications, serverless computing is becoming real.

Read more

Understanding SELinux labels for container runtimes

Filed under
Linux
Server

SELinux provides great filesystem separation for your container runtimes, but you need to be careful when running multiple container runtimes on the same machine at the same time, and also careful to clean up any content left on a host when you remove a container.

Read more

Canonical Wants to Collect Some Data from Ubuntu Users to Improve New Releases

Filed under
Ubuntu

The information Canonical's Ubuntu Desktop engineers need to improve certain aspects of the Linux-based operating system about includes users' setups, installed software, Ubuntu flavor and version, network connectivity, CPU family, RAM, disk size, screen resolution, GPU vendor and model, as well as OEM manufacturer.

In addition, the company says that it needs to know your location, yet it promises to not store IP addresses of users. Other information that would be collected includes total installation time, automatic login info, selected disk layout, LivePatch enablement, and if you choose to install updates or third-party software during installation.

Read more

Also: Canonical Plans to Release Ubuntu 16.04.4 LTS (Xenial Xerus) on March 1, 2018

Ubuntu 16.04.4 LTS Planned For Release 1 March

Ubuntu Wants To Collect Data About Your System–Starting From 18.04 LTS

Solus 4 Is Coming Soon with Experimental Wayland Session for GNOME, Linux 4.15

Filed under
Linux
GNOME

Solus Project's Joshua Strobl posted today more details about the upcoming Solus 4 desktop operating system and some of the new features that will be integrated. These include a revamped Software Center with the latest Linux Driver Management for better hardware driver support, Hotspot support, Budgie 10.4.1, MATE 1.20, and an experimental Wayland session for the GNOME edition.

"Wayland will not be the default for Solus Budgie or Solus GNOME, however GNOME users will be able to install a separate session package if they wish to test and experiment with Wayland support," says Joshua Strobl. "During my testing, I have not found the quality of the GNOME + Wayland to be sufficient enough to be provided as a default experience for our users."

Read more

A look at Linux Mint 18.3 KDE – The Last KDE Linux Mint

Filed under
KDE
Linux

I wrote an article a while ago about how KDE was being removed as an official flavour of Linux Mint past 18.3, and so I thought perhaps a quick review of 18.3 KDE was in order. Linux Mint 18.3 KDE is based on Ubuntu 16.06 LTS.

Read more

i.MX6 UL based COM/SBC hybrid has FPGA with programmable ZPU core

Filed under
Linux
Debian
Ubuntu

Technologic’s rugged, open-spec “TS-4100” COM/SBC hybrid runs Linux on an i.MX6 UL, and offers a microSD slot, 4GB eMMC, a micro-USB OTG port, optional WiFi/BT and baseboard, and an FPGA with a programmable ZPU core for offloading real-time tasks.

Technologic Systems has begun sampling its first i.MX6 UL (UltraLite) based board, which is also its first computer-on-module that can double as an SBC. The 75 x 55mm TS-4100 module features a microSD slot, onboard eMMC, a micro-USB OTG port with power support, and optional WiFi and Bluetooth. Like most Technologic boards, such as the popular, i.MX6-based TS-4900 module, it offers long-term support and -40 to 85°C support, and ships with schematics and open source Linux images (Ubuntu 16.04 and Debian Jesse).

Read more

Security: Windows, Salon, Fraud. Skype and More

Filed under
Security
  • Critical Telegram flaw under attack disguised malware as benign images [Ed: Windows]

    The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

  • Salon to ad blockers: Can we use your browser to mine cryptocurrency?

    Salon explains what's going on in a new FAQ. "How does Salon make money by using my processing power?" the FAQ says. "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution, and innovation. For our beta program, we'll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies."

  • Why children are now prime targets for identity theft [sic] [iophk: "the real name for this is "fraud" and there are already existing laws on it"]

    SSA believed this change would make it more difficult for thieves to “guess” someone’s SSN by looking at other public information available for that person. However, now that an SSN is not tied to additional data points, such as a location or year of birth, it becomes harder for financial institutions, health care providers, and others to verify that the person using the SSN is in fact the person to whom it was issued.

    In other words: Thieves now target SSNs issued after this change as they know your 6-year-old niece or your 4-year-old son will not have an established credit file.

  • Microsoft won't plug a huge zero-day in Skype because it'd be too much work

    The bug in the automatic updater (turd polisher) for the Windows desktop app has a ruddy great hole in it that will let dodgy DLLs through.

  • ‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories

    The bug itself didn’t expose anything too sensitive. No passwords, social security numbers, or credit card data was exposed. But it did expose customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers, standardized unique number that identifies subscribers. Just by knowing (or guessing) customer’s phone numbers, hackers could get their target’s data.

    Once they had that, they could impersonate them with T-Mobile’s customer support staff and steal their phone numbers. This is how it works: a criminal calls T-Mobile, pretends to be you, convinces the customer rep to issue a new SIM card for your number, the criminal activates it, and they take control of your number.

AMD Vega 8 Graphics Performance On Linux With The Ryzen 3 2200G

Filed under
Graphics/Benchmarks

Yesterday I posted the initial Ryzen 5 2400G Vega 11 Linux graphics benchmarks while for your viewing please today -- as well as this morning's 21-way Intel/AMD CPU Linux comparison that featured these new Raven Ridge APUs -- the results now completed are initial OpenGL and Vulkan performance figures for the Vega 8 graphics found on the Ryzen 3 2200G.

Read more

Better Late Than Never: GNOME 3.28 Beta Desktop Arrives for Valentine's Day

Filed under
GNOME

GNOME 3.28 is the next major update to the widely-used Linux desktop environment, which is now used by default in the popular Ubuntu operating system. It promises many new features, as well as a wide range of enhancements, especially under the hood as most of the components were ported to the Meson build system.

Most importantly, the beta was delayed because the GNOME 3.28 desktop environment is now using BuildStream project's build sandbox, which ensures a reliable build process regardless of the dependencies you might have installed on your GNU/Linux operating system.

Read more

Also: GNOME 3.28 Beta Released With Many Improvements

Plasma 5.12.1 bugfix update lands in backports PPA for Artful 17.10

Filed under
KDE
Security

After the initial release of Plasma 5.12 was made available for Artful 17.10 via our backports PPA last week, we are pleased to say the the PPA has now been updated to the 1st bugfix release 5.12.1.

The full changelog for 5.12.1 can be found here.

Including fixes and polish for Discover and the desktop.

Also included is an update to the latest KDE Frameworks 5.43.

Upgrade instructions and caveats are as per last week’s blog post, which can be found here.

The Kubuntu team wishes users a happy experience with the excellent 5.12 LTS desktop, and thanks the KDE/Plasma team for such a wonderful desktop to package.

Read more

today's leftovers

Filed under
Misc
  • Is it an upgrade, or a sidegrade?

    I went to a nearby store, looked at the offers... And, in part due to the attitude of the salesguy, I decided not to (installing Linux will void any warranty, WTF‽ In 2018‽). Came back home, and... My Acer works again!

  • How To Install KDE Plasma Mobile On Your Android Smartphone?

    New Linux-based mobile operating systems and hardware projects have been making numerous headlines in the recent months. Projects like postmarketOS, Plasma Mobile, Librem 5, etc., have managed to gain momentum and support of open source community.

    To give you a rough idea of how things are going on the Plasma Mobile land, its developers have shared two methods (Via: Softpedia) to test Plasma Mobile on an actual Android smartphone. In a previous post, they also shared virtual machine images of the OS.

  • A KDE Love Story: Translating Kalzium into Chinese

    When I was a high school student, chemistry was not my cup of tea. My grades in chemistry were not bad either, but I hated memorizing those organic compounds. Then, I decided to major in computer science at university, and from that moment, destiny tightly bonded me and Free and Open Source Software.

  • Last week in Kube
  • fwupd now tells you about known issues

    That one little URL for the user to click on is the result of a rule engine being added to the LVFS. Of course, firmware updates shouldn’t ever fail, but in the real world they do, because distros don’t create /boot/efi correctly (cough, Arch Linux) or just because some people are running old versions of efivar, a broken git snapshot of libfwupdate or because a vendor firmware updater doesn’t work with secure boot turned on (urgh). Of all the failures logged on the LVFS, 95% fall into about 3 or 4 different failure causes, and if we know hundreds of people are hitting an issue we already understand we can provide them with some help.

  • I love free software… and Gentoo does! #ilovefs

    Some people care if software is free of cost or if it has the best features, above everything else. I don’t. I care that I can legally inspect its inner workings, modify and share modified versions. That’s why I happily avoid macOS, Windows, Skype, Photoshop.

  • Multiplexing Input or Output on a Raspberry Pi Part 1: Shift Registers

    A Raspberry Pi doesn't have that many GPIO pins, and neither does an Arduino Uno. An Arduino Mega does, but buying a Mega to go between the Pi and the keyboard kind of misses the point of scavenging a $3 keyboard; I might as well just buy an I2C or MIDI keyboard. So I needed some sort of I/O multiplexer that would let me read 31 keys using a lot fewer pins.

    There are a bunch of different approaches to multiplexing. A lot of keyboards use a matrix approach, but that makes more sense when you're wiring up all the buttons from scratch, not starting with a pre-wired keyboard like this. The two approaches I'll discuss here are shift registers and multiplexer chips.

  • Fanless, Linux-friendly Kaby Lake mini-tower drives seven 4K displays

    Compulab’s rugged “Airtop2” mini-tower runs Linux Mint or Win 10 on a Xeon E3-1275 or Core i7-7700 CPU with optional Nvidia Quadro P4000 graphics plus up to 64GB DDR4, a 6-drive NVMe/SATA subsystem, up to 7x display ports, and optional M.2 and FACE modules.

OSS Leftovers

Filed under
OSS
Syndicate content

More in Tux Machines

Android Leftovers

Living The Linux Laptop Lifestyle

Another great advantage of open source software: you can run it off of a flash drive before installing it. And I have to admit that I loved Linux Lite's out-of-the-box feel, so much so that I reconsidered installing my number two selection: LXLE, which is designed for underpowered older machines. According to a label on the bottom of my Toughbook, this pre-Linux laptop was decommissioned in 2005, making it well over ten years old. And so I replaced the RAM, installed Linux Lite, and after a short period, I was back to living a Linux laptop lifestyle while waiting for my charger. Read more

Mentor Embedded Linux gains cloud-based IoT platform

Mentor announced a “Mentor Embedded IoT Framework” platform that builds on top of Mentor Embedded Linux with cloud-based IoT cloud services ranging from device authentication and provisioning to monitoring and diagnostics. Mentor’s Mentor Embedded IoT Framework (MEIF) extends its Yocto Project based Mentor Embedded Linux (MEL) and Nucleus RTOS development platforms to provide cloud services for IoT device management. The platform mediates between these platforms and cloud service backends, including Amazon Web Services (AWS), Eclipse IoT, Microsoft Azure, and Siemens MindSphere. Read more

Bang & Olufsen’s RPi add-on brings digital life to old speakers

B&O and HiFiBerry have launched an open source, DIY “Beocreate 4” add-on for the Raspberry Pi that turns vintage speakers into digitally amplified, wireless-enabled smart speakers with the help of a 180-Watt 4-channel amplifier, a DSP, and a DAC. Bang & Olufsen has collaborated with HiFiBerry to create the open source, $189 Beocreate 4 channel amplifier kit. The 180 x 140 x 30mm DSP/DAC/amplifier board pairs with your BYO Raspberry Pi 3 with a goal of upcycling vintage passive speakers. Read more