Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 23 May 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Vim 8.1 is available! Roy Schestowitz 18/05/2018 - 7:51pm
Story Android Leftovers Rianne Schestowitz 18/05/2018 - 6:48pm
Story Ubuntu 18.10 Features: New Theme, Android Integration, Better Power Consumption Rianne Schestowitz 18/05/2018 - 6:07pm
Story System76’s Oryx Pro Laptop Targets AI Developers itsfoss 18/05/2018 - 5:39pm
Story Security: Updates, EFAIL, DHCP, Ubuntu’s Snap Store Roy Schestowitz 18/05/2018 - 5:33pm
Story SD Times Open Source Project of the Week: Bazel Roy Schestowitz 18/05/2018 - 5:16pm
Story OSS Leftovers Roy Schestowitz 18/05/2018 - 5:12pm
Story Starting With GNU/Linux and GNU/Linux on Chromebooks Roy Schestowitz 18/05/2018 - 5:08pm
Story More Coverage of AsteroidOS 1.0 Roy Schestowitz 18/05/2018 - 5:07pm
Story Plasma 5.13 Beta Rianne Schestowitz 18/05/2018 - 4:53pm

Security: EFAIL Hype, Kubernetes, 'Smart' Things and More

Filed under
Security
  • Serious vulnerabilities with OpenPGP and S/MIME

    The efail.de site describes a set of vulnerabilities in the implementation of PGP and MIME that can cause the disclosure of encrypted communications, including old messages. "In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs."

  • How the Kubernetes Security Response Team Works

    The open-source Kubernetes container orchestration is an increasingly deployed platform that is now supported across all three major public cloud providers (Google, AWS and Azure) as well as enterprise private clouds.

    Container security is a big issue these days, and keeping Kubernetes secure involves multiple aspects. One of those aspects is the security of the Kubernetes code itself, which has had its share of vulnerabilities that have been reported in the past year. Among those vulnerabilities is CVE-2017-1002101, which was patched in the Kubernetes 1.10 release that became generally available on March 26.

  • Ring doorbell flaw lets others watch after password changes (updated)

    The issue, as you might guess, is that the window exists in the first place. Someone with a still-valid login could not only spy on whatever's happening, but download videos. The same incident that prompted the change also included phantom rings in the middle of the night.

  • Security Innovation Supports Open Source Community with Free Security Tools to Identify and Mitigate Software Vulnerabilities

OSS: Healthcare, China, XRP Symbol and FUD

Filed under
OSS
  • Healthcare Open Source Projects Speed Up Technology Adoption

    Organizations are currently faced with an onslaught of advancing HIT infrastructure technology that needs to be developed to meet each organization’s unique needs. Healthcare open source projects are essential to developing and deploying new and innovative technology.

    Open source software makes its code freely accessible to anyone. Users can access and modify source code under a licensing agreement and modify it to meet their needs. This modified code can then be shared back with the community so it can be used by others to help improve other infrastructure tools.

    Open standards encourage competing implementations of the same standard, rather than creating competing platforms. This can benefit consumers, according to a report published by the Journal of Medical Internet Research.

  • Tencent unveils China's first open source Go AI, made on spare WeChat server processing power

    Tencent has unveiled its Go-playing AI program, “PhoenixGo,” on Github, making its source code and training model available on the open source platform (in Chinese). The program, developed by WeChat’s translation unit, is the first open source Go AI project in China. A team of WeChat engineers focusing on the development of machine translation decided to use the spare processing power of WeChat’s servers to train the PhoenixGo program, which implemented AlphaGo Zero, the latest version of DeepMind’s champion-defeating AlphaGo, and increased its training efficiency. PhoenixGo’s source code and training model can run on a single GPU chip and perform at the same level as a professional Go play.er.

  • XRP Symbol: An Open-Source Project Initiated for Finding New Logo For the XRP Tokens

    The XRP digital currency commonly referred to as the Ripple cryptocurrency in the global community looks to be set for an image makeover of its own. In a bid to assign a new logo for the XRP tokens, Alexavier Guzman has unveiled an open-source platform called XRP Symbol. Under this new initiative, Ripple token or XRP will also be assigned a Unicode-compliant currency sign.

    One of the major reasons for Guzman to start this initiative was that he realized that XRP doesn’t have a Unicode Standard symbol, but instead an ISO 4217 currency code (XRP).

  • Open Source Pitfalls At The Biotechnology-High Technology Crossover [Ed: Windows site having a rant at FOSS, neglecting to mention that there are far greater risks associated with proprietary software (licensing, security etc.)]

    Software is eating the biotechnology world. Managers in the traditional biotechnology sector may not be familiar with open source software and related compliance issues, but these issues are bound to come up as they develop technology solutions to the problems of biotechnology.

    Many computer programmers like to incorporate code from open source software into software products because there is no point in reinventing the wheel for standard, simple or common software functionalities.

Wine 3.0.1 and Various Games

Filed under
Gaming

Linux Foundation LFCS & LFCE: Maja Kraljič

Filed under
Linux
Interviews

A couple of years ago I decided to start using Linux because I didn't want to support corporations any more -- especially where open source solutions are available. So I bought a computer just for that purpose, installed the current version of Ubuntu (Ubuntu 16.04 at the time), and took the Introduction to Linux course on edX.org which opened a new world of possibilities for me.

Read more

Linux 4.17-rc5

Filed under
Linux

Things continue to look fairly normal. About half the rc5 release is driver
updates, with amdgpu standing out but mainly because everything else is
really pretty small, not because the amdgpu patches are all that big.

Outside of drivers, there's a random collection of changes all over: some
filesystems (ceph and cifs), some networking, some core kernel, some small
arch updates, and some tooling.

There's a fair number of changes in there (shortlog appended as usual), but
a lot of them really are one- or two-liners.

Read more

Also: Linux 4.17-rc5 Released As Another Normal Weekly Test Release

Review: Fedora 28

Filed under
Reviews

For this review I used Fedora Workstation with a vanilla GNOME desktop environment, and I tried to use native GNOME applications as much as possible. I found vanilla GNOME to be a mixed bag. There were many aspects I really liked but there also a few things that made me cringe.

Let's start with the positives. The documentation is quite good - it is well written and covers all the basics. I also quite like how GNOME handles notifications; they are displayed underneath the clock and clicking on the clock brings up a menu that shows recent notifications. The notification area is also used to display calendar appointments and what music is playing. At first I saw the notification area as an ugly, humongous monster but I grew to like it.

Most GNOME applications are pretty, and the absence of toolbars and buttons encouraged me to learn various keyboard shortcuts. After a few hours I no longer missed the minimise button on windows - using the Super-H shortcut is quicker and easier than clicking with the mouse on a minimise button. GNOME applications also use a pleasantly consistent work flow. For instance, applications such as Files, Music and Photos all give you the option to mark items as a "favourite", which in effect is a handy bookmarking system. Similarly, to perform a search in applications such as Files, Web and Software you simply start typing. It takes a little time to get used to but it soon becomes second nature. Having to use the Ctrl-F keyboard combination to do a search now feels a little slow.

That said, I don't buy into the "distraction-free" philosophy. The GNOME desktop certainly looks very clean - there is just one panel with a few items. Personally, though, I like to be able to open applications with the click of a button, and I like to see what applications I have got open at all times (whether via a dock or task bar). I can't get used to constantly opening the "Activities overview" to access applications, work spaces and the search menu. It feels like I am using a mobile phone desktop environment on a PC.

My main gripe with GNOME, though, are applications such as Photos. In Shotwell, I can instantly see how many photos I have. I can easily find images by browsing to the relevant directory. I can choose which directories photos are imported from, and if Shotwell's toolbars become too overwhelming I can simply hide them. GNOME Photos has stripped all these functions and assumes that I am happy to spend hours organising my photo collection in a new way, by adding them to albums. And then Photos doesn't even find images in the directory it is supposed to automatically retrieve images from.

Of course, this is my personal opinion, and it is more about GNOME than it is about Fedora. As I mentioned in the introduction, I like Fedora for its release cycle, package manager and because it is at the forefront of many new technologies. I work in a web hosting environment with many CentOS and CloudLinux servers, and Fedora seems a natural fit. Plus: GNOME can be tweaked.

As for Fedora itself (sans-GNOME), it seems Fedora 28 is another solid release. I upgraded one my PCs from version 27 to 28 without any issues. SELinux hasn't thrown any mysterious alerts at me yet. Updates are applied quickly and cleanly and just about all software I want to use is available. It is a pleasantly boring experience.

I also like where Fedora is going with the third party repositories. Fedora's project leader, Matthew Miller, recently talked on the Late Night Linux podcast about how Fedora is trying to find the right balance between software freedom and providing a functional system. He was unapologetic about the third party repos: "[...] being a theoretical, pure freedom distribution that doesn't actually work on anybody's hardware doesn't help anybody." I very much agree and hope Fedora will add more third party repositories. At the same time I would like to see better integration of Flatpak repositories and applications.

Finally, I should mention that there are various Fedora spins. If you don't like GNOME, you have the option to install Fedora with the KDE, Xfce, LXQt, LXDE, MATE, Cinnamon or Sugar on a Stick desktops.

Read more

Akademy-es in Valencia and Debian Women in Curitiba

Filed under
KDE
Debian
  • A weekend at Akademy-es in Valencia

    This past weekend I travelled to Valencia, the third biggest city in Spain, located by the Mediterranean sea, to attend to Akademy-es, the annual meeting of the KDE community in Spain. At this event we also hold the KDE Spain annual assembly.

    KDE España is the legal entity behind the KDE community in Spain and legally represents KDE in my country. We are about 30 members and it was founded in 2009 although Akademy-es started a few years earlier.

  • Renata D'Avila: Debian Women in Curitiba

    At MiniDebConf Curitiba last year, few women attended. And, as I mentioned on a previous post, there was not even a single women speaking at MiniDebConf last year.

    I didn't want MiniDebConf Curitiba 2018 to be a repeat of last year. Why? In part, because I have involved in other tech communities and I know it doesn't have to be like that (unless, of course, the community insists in being mysoginistic...).

    So I came up with the idea of having a meeting for women in Curitiba one month before MiniDebConf. The main goal was to create a good enviroment for women to talk about Debian, whether they had used GNU/Linux before or not, whether they were programmers or not.

    Miriam and Kira, two other women from the state of Parana interested in Debian, came along and helped out with planning. We used a collaborative pad to organize the tasks and activities and to create the text for the folder about Debian we had printed (based on Debian's documentation).

Critical PGP Security Issue

Filed under
Security
  • Attention PGP Users: New Vulnerabilities Require You To Take Action Now

    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

  • Disabling PGP in Thunderbird with Enigmail

today's leftovers

Filed under
Misc
  • Following Microsoft’s lead, Google makes it easy to run Linux apps on ChromeOS [Ed: A Microsoft propaganda site spreads lies. I guess that author never heard of Crouton (which a Google employee developed a long time ago). Never mind cygwin on Windows, which goes nearly 2 decades back and wasn't the work of Microsoft. This is what happens when one drinks Microsoft Kool-Aid.]
  • InvoicePrinter 1.2

    A new version of my Ruby gem for generating PDF invoices InvoicePrinter is out! This time bringing in a bundled server that can be handy for applications not running on Ruby.

    Not every app out there is a Ruby application and I wanted for people on different stacks to be able to benefit from super simple PDF invoicing that InvoicePrinter enable. This is the reason why I implemented JSON support and a command line in version 1.1 and why am I adding the server in 1.2. You can run it as a standalone server or mount it in any Rack application and use its JSON API to generate the documents.

  •  

  • How to Fix 503 Service Unavailable Error in WordPress
  • GSoC 2018 with KDE – Community bonding period

    The community bonding period ends today and the coding period begins.

    Community bonding period had been quite hectic for me with respect to learning new things and thinking of good ways to implement them. I didn’t know much about piano or other musical instruments (as I had never played them before) and was unaware of many notations and usages, but thanks to my mentor Emmanuel Charruau (allon on IRC) who suported me a lot and always cleared even my very silly doubts (as I myself was learning various elements of piano and its notations for the first time). He provided me all the resources step-by-step and helped me learn so much about the project in such less time.

    It was quite fun exploring new things and learn them which I would never had.

  • IWD: the new WPA-Supplicant Replacement

    IWD comes with a more secure approach. It doesn't use OpenSSL or GnuTLS. Instead it uses different Kernel functions for cryptographic operations.

  • Sky’s the limit as Cathay Pacific deploys Red Hat cloud

    Cathay Pacific has deployed Red Hat solutions and services to drive customer experience across the airline, transforming legacy infrastructure into a modern hybrid cloud architecture.

    Specifically, the carrier leveraged the vendor’s OpenStack Platform and OpenShift Container Platform offerings, in a bid to improve end-user experience through digital technologies.

    Based in Hong Kong, Cathay Pacific is an international airline offering passenger and cargo services to 200 destinations in 52 countries and territories worldwide.

  • Xilinx Virtex 7 FPGA bitstream reverse engineered

    While my article on HN is getting no traction I might as well post on here some fantastic news: The Xilinx Virtex 7 FPGA bitstream has been reverse engineered by Clifford Wolf.

    For some context this is a very popular and cheap series of FPGA devices. For example you can buy the Arty board which has one of these FPGAs for $99, or the slightly more advanced Nexys 4 DDR for $265.

Games: Smoke and Sacrifice and Pillars of Eternity II

Filed under
Gaming

Graphics Leftovers

Filed under
Graphics/Benchmarks
  • RADV Lands VK_PIPELINE_CREATE_DISABLE_OPTIMIZATION_BIT

    The RADV Vulkan driver within Mesa has landed its VK_PIPELINE_CREATE_DISABLE_OPTIMIZATION_BIT support so applications/games can opt to disable optimizations when compiling a Vulkan pipeline. This is notably what was just covered the other day for helping to reduce stuttering with DXVK.

  • DXVK 0.51 Brings Fixes & Asynchronous Pipeline Compilation Support

    DXVK 0.51 is now available as the latest version of this library for running Direct3D 11 games under Wine via the Vulkan graphics API.

    The DXVK 0.51 release most notable adds asynchronous pipeline compilation support for Vulkan drivers making use of VK_PIPELINE_CREATE_DISABLE_OPTIMIZATION_BIT. This is the feature for reducing stuttering for games on DXVK and as of this morning is now supported by the RADV driver. We'll see how long it will take until the NVIDIA Vulkan driver and others support this feature. For now though DXVK ships with this support disabled and requires using the DXVK_USE_PIPECOMPILER=1 environment variable as this feature can cause hangs for Prey and potentially other titles.

  • VK9 Gets Better Support For Shaders, 64-bit Fixes

    While the rapidly maturing DXVK library has been capturing much of the limelight when it comes to piping Direct3D over Vulkan, the VK9 project targeting Direct3D 9 on top of Vulkan continues making progress.

  • Intel's Mesa Driver Prepares To Kill Off The Blitter

    Jason Ekstrand has spent some time away from the Intel ANV Vulkan driver to kill the hardware blitter usage within the i965 Mesa OpenGL driver.

    With a set of patches posted on Friday, the Intel Mesa driver eliminates its hardware blitter usage for Intel Sandy Bridge hardware and newer. Ekstrand explained that the graphics hardware blitter has been degraded on recent generations of Intel graphics, "On Sandy Bridge, the blitter was moved to another ring and so using it incurs noticable synchronization overhead and, at the same time, that synchronization is an endless source of GPU hangs on SNB. Some time around the Ivy Bridge time frame, we suspect that the blitter ended up with somewhat slower paths to memory than the 3D engine so it's slower in general. To make matters worse, the blitter does not understand any sort of compression at all and so using it frequently means having to do some sort of resolve operation."

  • Latest Intel ARB_gl_spirv Patches Published By Igalia

    It's almost one year since the release of OpenGL 4.6 and while there is support outside of the Mesa tree, mainline Mesa still doesn't support this latest OpenGL revision due to the holdups around SPIR-V ingestion support.

    Intel's i965 and AMD's RadeonSI drivers would have supported OpenGL 4.6 with mainline Mesa months ago, but they've been held up on the ARB_gl_spirv extension and the related ARB_spirv_extensions support. This work allows for SPIR-V modules to be used by OpenGL complementary to GLSL and allows for GLSL to also to be used as a source language for creating SPIR-V modules for OpenGL consumption. This is basically all about better interoperability between OpenGL and Vulkan -- not an easy task to implement.

  • RADV Adding New Bit To Help Avoid Stuttering With DXVK

    The RADV Vulkan driver will soon have VK_PIPELINE_CREATE_DISABLE_OPTIMIZATION_BIT to help avoid stuttering with DXVK for running Direct3D 11 games on Wine over Vulkan.

    While DXVK performance is already quite compelling and handling a surprising number of D3D11 games rendered via Vulkan considering how young this project is, DXVK and potentially the other Vulkan Linux drivers may soon see less stuttering.

  • Vulkan layer for Direct3D 11 & Wine 'DXVK' updated with fixes for Dark Souls 3, Overwatch & more

    DXVK [GitHub] is such an incredible project to bring Direct3D 11 support to Wine using Vulkan and another exciting release is now out.

Ubuntu: 32-bit Elimination and 11 Years of Ubuntu Membership

Filed under
Ubuntu
  • 32-bit ARM Is Also On The Chopping Block For Ubuntu

    Not only are developers talking about dropping Ubuntu 32-bit x86 support but the ARMHF support might also be cut as well for 32-bit ARM boards.

    With ARMv8 ushering in 64-bit ARM has been common now for years, Ubuntu developers are also considering dropping the Ubuntu ARM hard-float port for ARMv7 support. This is a tiny bit surprising considering the wide number of 32-bit ARM SBCs out in the wild, including some ARMv7 boards still being peddled by different vendors. But then again it's not too often we see ARM SBCs support Ubuntu releases outside of the LTS cycles: Ubuntu 18.04 will remain available with armhf and by the time of Ubuntu 20.04 LTS, hopefully many of these other boards will have been phased out from any production purposes. There are still occasional ARM SBC reference images I come across even using the aging Ubuntu 14.04 and many of the older 32-bit ARM boards currently using 16.04 probably won't see updates to 18.04.

  • 11 years of Ubuntu membership

    It's been 11 years and 1 month since I was awarded with official Ubuntu membership. I will never forget that day: as a kid I had to write about myself on IRC, in front of the Community Council members and answer their questions in a language that was not my primary one. I must confess that I was a bit scared that evening, but once I made it, it felt so good. It felt good not just because of the award itself, but rather because that was the recognition that I did something that mattered. I did something useful that other people could benefit from. And for me, that meant a lot.

Fedora: Fedora 28, FLISoL 2018 Mexico, New PHP RCs

Filed under
Red Hat

OSS Leftovers

Filed under
OSS
  • Join the Orvium Innovation, first open source and decentralized framework for managing scholarly publications

    Knowledge is power. This phrase holds the truest form when it comes to publication of knowledge. One of the most lucrative markets in the world, the publication houses work in a manner that where the cost of publishing is on the publisher’s end. Work submitted by authors is selected carefully, the basis being relevancy, the interest of the readers and the commercial viability. Authors are then compensated for their works. Publication houses pay more to their content submitters if they have a higher quality of work, while another may agree to print an article easily, but with limited reader reach, it will pay out much less.

    [...]

    The ORV token is used in the Orvium platform for the exchange of monetary matters, such as payment for reviews, publications, copyrights etc. The ORV’s ICO is yet to be announced. A total of 379 million ORVs will be available for the public through its ICOs.

  • HP Elitebook 8770w Ported To Coreboot, But Need To Disassemble The Laptop For Flashing

    If you happen to have an HP Elitebook 8770w laying around from Intel's Ivy Bridge era, that Hewlett Packard laptop has now been freed by Coreboot.

    This Intel Ivy Bridge quad-core laptop with SO-DIMM memory modules and using MXM 3.0b graphics cards can now work with Coreboot Git. Though if you have this laptop, for performing the initial port you first need to disassemble the laptop down to the motherboard. But at least when the initial Coreboot flash is done, subsequent flashes can be done using the Flashrom software.

  • Terratest - an Open Source Go Library for Automated Infrastructure Testing

    Gruntwork open sourced their Go framework Terratest which can be used to write automated tests for testing infrastructure. The library comes with support for Terraform and Packer.

    Terratest was developed internally at Gruntwork to maintain their Infrastructure as Code (IAC) library, a repository of tools based on Terraform, Python, Go and bash for managing infrastructure on AWS. IAC is available to paying Gruntwork users.

    Writing tests in Terratest involves using Go's inbuilt package testing mechanism. A test run creates real infrastructure components like servers, deploys applications on them and validates the expected behaviour using Terratest tools. At the end of the test, Terratest can undeploy the apps and cleanup resources using Go's defer mechanism, similar to JUnit's teardown method. Can Terratest run against an existing infrastructure deployment instead of creating it from scratch each time? The tool wiki recommends against this as it might create undesirable changes in the environment. However, this can be difficult to follow for some teams who have complex infrastructure topologies and do not wish to create an entirely new setup to run the tests. A feature called namespacing can isolate resources by using unique identifiers. Note that namespacing here does not translate to the generally understood term of isolating components by tagging them with labels, but rather to ensuring unique identifiers for resources and using only those resources for testing which have the identifiers generated in the test framework.

  • Fractal Hackfest

    This week, I was able to attend to the Fractal Hackfest. My train from Paris arrived at Strasbourg at 12:45, so I missed the beginning of the Hackfest in the morning but I could be there for the afternoon. I stayed until the middle of Saturday’s afternoon.

    On Thursday, I wasn’t there on the morning but there was a sum up of the important part of the morning’s discussions.

    There can be two main use cases for Matrix: one for friends, family and other small group discussions, where there are a low volume of messages and you care about all of them; and another for huge and noisy rooms in which there is a lot going on and you don’t necessarily care about most of it (for instance, you would want to be able to focus on the messages mentioning you). Both of these use cases could motivate to split Fractal in two apps: “Barbecue” (for the first use case) and “Banquet” (for the second one).

  • Mozilla Officially Unveils Firefox 60 Quantum Web Browser as the Next ESR Series

    Mozilla officially announced today the release of its Firefox 60 web browser as the next ESR (Extended Support Release) series for all supported platforms on the desktop, including Linux, Mac, Windows, and Android.

    Firefox 60 "Quantum" was launched today as the next ESR (Extended Support Release) series of the widely-used open-source and cross-platform web browser, ready for deployments in enterprise environments thanks to a new policy engine, as well as Group Policy support that helps IT professionals easily configure the browser using a cross-platform JSON file or Windows Group Policy.

  • Important: Pale Moon users and NoScript support (Parody)

    Yesterday our readers discovered problems with the Pale Moon web browser, which according to the NoScript website has either security, compatibility or usability issues when using popular add-ons like NoScript:

    One reader who uses NoScript found the plugin was displaying the above window and offering to disable the Pale Moon browser, rather than have it cause users any further trouble.

  • CVE-2018-8897
  • shutil module in Python

    File Management and Handling file objects are considered to be one of the most tricky tasks in all programming languages. Some programming languages provide us with some tools which abstract away the difficult parts of File Handling with easy to use functions and interfaces. This is exactly what Python‘s shutil module does as well.

Security: Malware Found In The Ubuntu Snap Store, Google/Android Patches, ATMs with Windows, Oracle WebLogic Holes, USBGuard, Valve

Filed under
Security

Linux 4.17 Reaches RC5

Filed under
Linux
  • Linux 4.17-rc5

    Things continue to look fairly normal. About half the rc5 release is driver
    updates, with amdgpu standing out but mainly because everything else is
    really pretty small, not because the amdgpu patches are all that big.

    Outside of drivers, there's a random collection of changes all over: some
    filesystems (ceph and cifs), some networking, some core kernel, some small
    arch updates, and some tooling.

    There's a fair number of changes in there (shortlog appended as usual), but
    a lot of them really are one- or two-liners.

    So I think we're in pretty good shape. Please go keep testing, though, to
    make sure we're not missing anything.

    Linus

  • Linux 4.17-rc5 Released As Another Normal Weekly Test Release

    Linus Torvalds has done a Mother's Day release of the Linux 4.17-rc5 kernel.

    Linus notes that this latest Linux 4.17 release candidate continues looking "fairly normal" with about half of the changes being driver updates and then a random collection of other changes. He notes that so far they are in fairly good shape.

  • Linux 4.17 Gets More Spectre V1 Fixes

    Thomas Gleixner this morning sent in the latest batch of x86/pti updates for containing the latest mitigation improvements around Meltdown and Spectre CPU vulnerabilities.

    This latest pull request has several fixes, including a possible deadlock fix. There have also been a number of Spectre Variant One access restrictions.

Syndicate content

More in Tux Machines

Android Leftovers

Security Leftovers

  • efail: Outdated Crypto Standards are to blame
    I have a lot of thoughts about the recently published efail vulnerability, so I thought I'd start to writeup some of them. I'd like to skip all the public outrage about the disclosure process for now, as I mainly wanted to get into the technical issues, explain what I think went wrong and how things can become more secure in the future. I read lots of wrong statements that "it's only the mail clients" and the underlying crypto standards are fine, so I'll start by explaining why I believe the OpenPGP and S/MIME standards are broken and why we still see these kinds of bugs in 2018. I plan to do a second writeup that will be titled "efail: HTML mails are to blame". I assume most will have heard of efail by now, but the quick version is this: By combining a weakness in cryptographic modes along with HTML emails a team of researchers was able to figure out a variety of ways in which mail clients can be tricked into exfiltrating the content of encrypted e-mails. Not all of the attack scenarios involve crypto, but those that do exploit a property of encryption modes that is called malleability. It means that under certain circumstances you can do controlled changes of the content of an encrypted message. [...] Properly using authenticated encryption modes can prevent a lot of problems. It's been a known issue in OpenPGP, but until know it wasn't pressing enough to fix it. The good news is that with minor modifications OpenPGP can still be used safely. And having a future OpenPGP standard with proper authenticated encryption is definitely possible. For S/MIME the situation is much more dire and it's probably best to just give up on it. It was never a good idea in the first place to have competing standards for e-mail encryption. For other crypto protocols there's a lesson to be learned as well: Stop using unauthenticated encryption modes. If anything efail should make that abundantly clear.
  • Comcast Leaked Customer Wi-Fi Logins in Plaintext, Change Your Passcode Now
    A Comcast Xfinity website was leaking Wi-Fi names and passwords, meaning now is a good time to change your Wi-Fi passcode. The site, intended to help new customers set up new routers, could easily be fooled into revealing the location of and password for any customer’s Wi-Fi network. A customer ID and a house or apartment number was all would-be attackers needed to get full access to your network, along with your full address.
  • Update Fedora Linux using terminal for latest software patches
  • Patch for New Spectre-Like CPU Bug Could Affect Your Performance
  • container_t versus svirt_lxc_net_t

today's howtos

Red Hat News

  • “Ultimate Private Cloud” Demo, Under The Hood!
    At the recent Red Hat Summit in San Francisco, and more recently the OpenStack Summit in Vancouver, the OpenStack engineering team worked on some interesting demos for the keynote talks. I’ve been directly involved with the deployment of Red Hat OpenShift Platform on bare metal using the Red Hat OpenStack Platform director deployment/management tool, integrated with openshift-ansible. I’ll give some details of this demo, the upstream TripleO features related to this work, and insight around the potential use-cases.
  • Discover the possibilities of hybrid cloud during a joint virtual event with Red Hat & Microsoft [Ed: [Ed: When Red Hat pus Microsoft executives at top positions inside Red Hat...]
  • Red Hat OpenStack Customer Survey 2018: containers, technical support top of mind
    In 2016, we surveyed our customer base on their use of OpenStack in production, getting a pulse-check on the top considerations, expectations, and benefits of a Red Hat OpenStack Platform deployment. With 2018 marking five years of Red Hat OpenStack Platform, we checked back in with our customers to see if their experiences or expectations of OpenStack have changed. Our survey found:
  • Red Hat CEO Jim Whitehurst On How He Plans To Win The Container Market
  • Juniper, Red Hat Tighten Integration to Fend Off VMware
    Juniper Networks and Red Hat have tightened their integration efforts in a move to help ease enterprise adoption of cloud-native platforms and bolster their own offerings against the likes of VMware and Cisco. The latest platform integration includes the Red Hat OpenStack Platform; Red Hat’s OpenShift Container Platform running as a platform-as-a-service (PaaS) on top of or next to the OpenStack platform depending on deployment architecture; and Juniper’s Contrail Enterprise Multi-Cloud platform running as the networking and security layer to unify those together. This integration is designed as a managed system to help deploy and run applications and services on any virtual machine (VM), container platform, and any cloud environment.
  • Red Hat OpenStack HCI Targets Telco Hybrid Cloud, 5G Deployments
    Red Hat today rolled out a hyperconverged infrastructure (HCI) platform based on OpenStack compute and Ceph storage. The new product targets service providers looking to deploy virtual network functions (VNFs) and 5G technologies on top of open source software. Launched at this week’s OpenStack Summit, the Red Hat Hyperconverged Infrastructure for Cloud combines Red Hat OpenStack Platform 13 and Red Hat Ceph Storage 3 into one product. Red Hat says it is the largest contributor to both open source projects.
  • Red Hat Hyperconverged Infrastructure for Cloud Bridges Datacenters and Edge Deployments
  • GSoC 2018: Week 1
    This time, I am working on improving the Fedora Community App with the Fedora project. It’s been a week since we started off our coding on may 14. The Fedora App is a central location for Fedora users and innovators to stay updated on The Fedora Project. News updates, social posts, Ask Fedora, as well as articles from Fedora Magazine are all held under this app.