Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 20 Jan 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Security: Jenkins, Polyverse, Rootkits, Cryptojacking and Kali Linux

Filed under
Security

Server Side Public License (SSPL) Fallout

Filed under
Red Hat
Server
OSS
  • Red Hat drops MongoDB over concerns related to its Server Side Public License (SSPL)

    It was last year in October when MongoDB announced that it’s switching to Server Side Public License (SSPL). Now, the news of Red Hat removing MongoDB from its Red Hat Enterprise Linux and Fedora over its SSPL license has been gaining attention.

  • The Need for Sustainable Open Source Projects

    The point of the article is a lot of companies that support open source projects, like RedisDB, are moving to more closed source solutions to survive. The cloud providers are called out as a source of a lot of problems in this article, as they consume a lot of open source software, but do not really spend a lot of time or effort in supporting it. Open source, in this situation, becomes a sort of tragedy of the commons, where everyone thinks someone else is going to do the hard work of making a piece of software viable, so no-one does any of the work. Things are made worse because the open source version of the software is often "good enough" to solve 80% of the problems users need solved, so there is little incentive to purchase anything from the companies that do the bulk of the work in the community.

  • MongoDB’s licensing changes led Red Hat to drop the database from the latest version of its server OS

    After MongoDB decided last year that it was changing the license for its open-source database to a more restrictive version, Red Hat decided it would no longer include MongoDB in the latest version of its flagship Red Hat Enterprise Linux operating system.

    The change apparently went unnoticed until a Hacker News thread took off earlier today, but it was included in the release notes for RHEL 8.0, which was released in beta last November. In those notes, Red Hat states “note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL).”

MariaDB Platform X3

Filed under
Server
OSS
  • Unlock Hybrid Everything with MariaDB Platform X3

    As customers, we expect businesses to provide us with useful information. And as our expectations rise, so too must the usefulness of the information. For example, it’s useful to know a product is on sale. It’s more useful to know that it will be sold-out within hours. It’s also useful to know the balance on my credit card. But it’s even more useful to know if it’s going be higher than the automated payment I scheduled.

  • MariaDB Platform X3 combines transaction processing and analytics

    With MariaDB Platform X3, an organization may use a single database both for conventional customer-facing workloads (transactional, or OLTP) and internal business-intelligence workloads (analytical, or OLAP). The same data is available for either kind of work and is kept automatically in sync between the two sides.

    MariaDB Platform is priced at a flat per-node cost, regardless of whether nodes are OLTP or OLAP. This allows for more flexible deployments, where the number of nodes in a given deployment can be moved freely between OLTP and OLAP workloads as demand changes.

Open Source Startup ‘Tidelift’ raises $25m in series B funding

Filed under
News

Open Source startups are also booming with the rise of open source usage in the enterprise world. Tidelift is one such startup making it big with multi-million dollar fundings.
Read more

Facebook, Instagram, WhatsApp pose privacy risks, warns free software guru Richard Stallman

Filed under
GNU

Think twice before posting anyone’s photo on Facebook, WhatsApp or Instagram, says free software guru Richard Stallman. As a few among the strongest centralised surveillance mechanisms in the world, even with a picture of the back of head, they would be able to track where you go and what you do, he added.
The software guru’s lecture titled Education Freedom Day lecture, organised by International Centre for Free and Open Source Software and Society for Promotion of Alternate Computing and Employment (SPACE) in Thiruvananthapuram, had first bewildered information technology professionals and academicians when he asked them to “switch-off the geo-location feature of your smartphone, if you are taking my photos”.
He said that 90% of the 1,000 free applications in Google Play stores can spy, according to the latest studies and asked why should the fleshlight application be linked to the server. Even the data on the sex toy go to the server, with its thermometer readings sharing the time of contact. He argued that owners of the firms who spy on a user’s personal data should be jailed. Richard Matthew Stallman, according to Wikipedia, “is an Amercian freedom activist and a computer programmer. He campaigns for software to be distributed in such a manner that a user receiving it, likewise receives with it the freedom to use, study, distribute and modify that software”.

Read more

Security: Updates, Leaks, Kubernetes and Let's Encrypt

Filed under
Security
  • Security updates for Thursday
  • Oracle Releases First Critical Patch Update of 2019, Red Hat Enterprise Linux and Fedora to Drop MongoDB, The Linux Foundation Announces Its 2019 Event Lineup, Firefox Closing Its Test Pilot Program and GoDaddy to Support AdoptOpenJDK

    Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

  • Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised

    Good morning! A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history. Here’s how to make sure your information is still safe.

    This collection of email address and passwords—dubbed “Collection #1”—groups together several smaller breaches into a larger master file of sorts. This huge collection of data comes from several different sites, so your personal info may have been compromised from multiple different sources. That means your information could’ve been compromised multiple times—the same email address with different passwords.

  • Kubernetes security: 4 tips to manage risks

    Kubernetes has one of the liveliest (if not the liveliest) communities around. Getting involved is one of the best ways to get up to speed and stay abreast of best security practices. That community values the same thing you’re seeking: Making the most of Kubernetes’ power while minimizing any risks that come with its increasing adoption.

    “This community clearly cares deeply about security, and it emphasizes education and inclusion, so security staff can look forward to a helpful, educational community from whom they can learn,” Dang says.

    “Get educated and follow industry best practices, like the CIS Kubernetes Benchmark,” advises Amir Jerbi, CTO at Aqua Security. “Kubernetes is a complex system with many configuration options, any of which, if done wrong, could leave clusters open to attacks.”

    Plugging into the vibrant Kubernetes community is a great step toward ensuring your organization’s implementation isn’t creating unnecessary vulnerabilities.

  • Protect Your Websites with Let's Encrypt

    Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let's Encrypt for free, and the whole thing takes just a few minutes.

Programming: Django, PHP, Polonius and More

Filed under
Development
  • Django 2.2 alpha 1 released

    Django 2.2 alpha 1 is now available. It represents the first stage in the 2.2 release cycle and is an opportunity for you to try out the changes coming in Django 2.2.

    Django 2.2 has a salmagundi of new features which you can read about in the in-development 2.2 release notes.

  • Eliminating PHP polyfills

    The Symfony project has recently created a set of pure-PHP polyfills for both PHP extensions and newer language features. It allows developers to add requirements upon those functions or language additions without increasing the system requirements upon end users. For the most part, I think this is a good thing, and valuable to have. We've done similar things inside MediaWiki as well for CDB support, Memcached, and internationalization, just to name a few.

    But the downside is that on platforms where it is possible to install the missing PHP extensions or upgrade PHP itself, we're shipping empty code. MediaWiki requires both the ctypes and mbstring PHP extensions, and our servers have those, so there's no use in deploying polyfills for those, because they'll never be used. In September, Reedy and I replaced the polyfills with "unpolyfills" that simply provide the correct package, so the polyfill is skipped by composer. That removed about 3,700 lines of code from what we're committing, reviewing, and deploying - a big win.

  • Polonius and region errors

    Now that NLL has been shipped, I’ve been doing some work revisiting the Polonius project. Polonius is the project that implements the “alias-based formulation” described in my older blogpost. Polonius has come a long way since that post; it’s now quite fast and also experimentally integrated into rustc, where it passes the full test suite.

  • Serious Python released!

    Well, Serious Python is the the new name of The Hacker's Guide to Python — the first book I published. Serious Python is the 4th update of that book — but with a brand a new name and a new editor!

Ditching Out-of-Date Documentation Infrastructure

Filed under
Linux

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out."

He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel.

Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now.

Read more

Mozilla: Rust 1.32.0, Privacy, UX and Firefox Nightly

Filed under
Moz/FF
  • Announcing Rust 1.32.0

    The Rust team is happy to announce a new version of Rust, 1.32.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  • Rust 1.32 Released With New Debugger Macro, Jemalloc Disabled By Default

    For fans of Rustlang, it's time to fire up rustup: Rust 1.32 is out today as the latest feature update for this increasingly popular programming language.

    The Rust 1.32 release brings dbg!() as a new debug macro to print the value of a variable as well as its file/line-number and it works with more than just variables but also commands.

  • Julien Vehent: Maybe don't throw away your VPN just yet...

    At Mozilla, we've long adopted single sign on, first using SAML, nowadays using OpenID Connect (OIDC). Most of our applications, both public facing and internal, require SSO to protect access to privileged resources. We never trust the network and always require strong authentication. And yet, we continue to maintain VPNs to protect our most sensitive admin panels.

    "How uncool", I hear you object, "and here we thought you were all about DevOps and shit". And you would be correct, but I'm also pragmatic, and I can't count the number of times we've had authentication bugs that let our red team or security auditors bypass authentication. The truth is, even highly experienced programmers and operators make mistakes and will let a bug disable or fail to protect part of that one super sensitive page you never want to leave open to the internet. And I never blame them because SSO/OAuth/OIDC are massively complex protocols that require huge libraries that fail in weird and unexpected ways. I've never reached the point where I fully trust our SSO, because we find one of those auth bypass every other month. Here's the catch: they never lead to major security incidents because we put all our admin panels behind a good old VPN.

  • Reflections on a co-design workshop

    Co-design workshops help designers learn first-hand the language of the people who use their products, in addition to their pain points, workflows, and motivations. With co-design methods [1] participants are no longer passive recipients of products. Rather, they are involved in the envisioning and re-imagination of them. Participants show us what they need and want through sketching and design exercises. The purpose of a co-design workshop is not to have a pixel-perfect design to implement, rather it’s to learn more about the people who use or will use the product, and to involve them in generating ideas about what to design.

    We ran a co-design workshop at Mozilla to inform our product design, and we’d like to share our experience with you.

    [...]

    Our UX team was tasked with improving the Firefox browser extension experience. When people create browser extensions, they use a form to submit their creations. They submit their code and all the metadata about the extension (name, description, icon, etc.). The metadata provided in the submission form is used to populate the extension’s product page on addons.mozilla.org.

  • Firefox Nightly: These Weeks in Firefox: Issue 51

Mesa 18.3.2

Filed under
Graphics/Benchmarks

Mesa 18.3.2 is now available.

In this release candidate we have added more PCI IDs for AMD Vega devices and
a number of fixes for the RADV Vulkan drivers.

On the Intel side we have a selection ranging from quad swizzles support for
ICL to compiler fixes.

The nine state tracker has also seen some love as do the Broadcom drivers.

To top it all up, we have a healthy mount of build system fixes.

Alex Deucher (3):
pci_ids: add new vega10 pci ids
pci_ids: add new vega20 pci id
pci_ids: add new VegaM pci id

Alexander von Gluck IV (1):
egl/haiku: Fix reference to disp vs dpy

Andres Gomez (2):
glsl: correct typo in GLSL compilation error message
glsl/linker: specify proper direction in location aliasing error

Axel Davy (3):
st/nine: Fix volumetexture dtor on ctor failure
st/nine: Bind src not dst in nine_context_box_upload
st/nine: Add src reference to nine_context_range_upload

Bas Nieuwenhuizen (5):
radv: Do a cache flush if needed before reading predicates.
radv: Implement buffer stores with less than 4 components.
anv/android: Do not reject storage images.
radv: Fix rasterization precision bits.
spirv: Fix matrix parameters in function calls.

Caio Marcelo de Oliveira Filho (3):
nir: properly clear the entry sources in copy_prop_vars
nir: properly find the entry to keep in copy_prop_vars
nir: remove dead code from copy_prop_vars

Dave Airlie (2):
radv/xfb: fix counter buffer bounds checks.
virgl/vtest: fix front buffer flush with protocol version 0.

Dylan Baker (6):
meson: Fix ppc64 little endian detection
meson: Add support for gnu hurd
meson: Add toggle for glx-direct
meson: Override C++ standard to gnu++11 when building with altivec on ppc64
meson: Error out if building nouveau and using LLVM without rtti
autotools: Remove tegra vdpau driver

Emil Velikov (13):
docs: add sha256 checksums for 18.3.1
bin/get-pick-list.sh: rework handing of sha nominations
bin/get-pick-list.sh: warn when commit lists invalid sha
cherry-ignore: meson: libfreedreno depends upon libdrm (for fence support)
glx: mandate xf86vidmode only for "drm" dri platforms
meson: don't require glx/egl/gbm with gallium drivers
pipe-loader: meson: reference correct library
TODO: glx: meson: build dri based glx tests, only with -Dglx=dri
glx: meson: drop includes from a link-only library
glx: meson: wire up the dispatch-index-check test
glx/test: meson: assorted include fixes
Update version to 18.3.2
docs: add release notes for 18.3.2

Eric Anholt (6):
v3d: Fix a leak of the transfer helper on screen destroy.
vc4: Fix a leak of the transfer helper on screen destroy.
v3d: Fix a leak of the disassembled instruction string during debug dumps.
v3d: Make sure that a thrsw doesn't split a multop from its umul24.
v3d: Add missing flagging of SYNCB as a TSY op.
gallium/ttn: Fix setup of outputs_written.

Erik Faye-Lund (2):
virgl: wrap vertex element state in a struct
virgl: work around bad assumptions in virglrenderer

Francisco Jerez (5):
intel/fs: Handle source modifiers in lower_integer_multiplication().
intel/fs: Implement quad swizzles on ICL+.
intel/fs: Fix bug in lower_simd_width while splitting an instruction which was already split.
intel/eu/gen7: Fix brw_MOV() with DF destination and strided source.
intel/fs: Respect CHV/BXT regioning restrictions in copy propagation pass.

Ian Romanick (2):
i965/vec4/dce: Don't narrow the write mask if the flags are used
Revert "nir/lower_indirect: Bail early if modes == 0"

Jan Vesely (1):
clover: Fix build after clang r348827

Jason Ekstrand (6):
nir/constant_folding: Fix source bit size logic
intel/blorp: Be more conservative about copying clear colors
spirv: Handle any bit size in vector_insert/extract
anv/apply_pipeline_layout: Set the cursor in lower_res_reindex_intrinsic
spirv: Sign-extend array indices
intel/peephole_ffma: Fix swizzle propagation

Karol Herbst (1):
nv50/ir: fix use-after-free in ConstantFolding::visit

Kirill Burtsev (1):
loader: free error state, when checking the drawable type

Lionel Landwerlin (5):
anv: don't do partial resolve on layer > 0
i965: include draw_params/derived_draw_params for VF cache workaround
i965: add CS stall on VF invalidation workaround
anv: explictly specify format for blorp ccs/mcs op
anv: flush fast clear colors into compressed surfaces

Marek Olšák (1):
st/mesa: don't leak pipe_surface if pipe_context is not current

Mario Kleiner (1):
radeonsi: Fix use of 1- or 2- component GL_DOUBLE vbo's.

Nicolai Hähnle (1):
meson: link LLVM 'native' component when LLVM is available

Rhys Perry (3):
radv: don't set surf_index for stencil-only images
ac/nir,radv,radeonsi/nir: use correct indices for interpolation intrinsics
ac: split 16-bit ssbo loads that may not be dword aligned

Rob Clark (2):
freedreno/drm: fix memory leak
mesa/st/nir: fix missing nir_compact_varyings

Samuel Pitoiset (1):
radv: switch on EOP when primitive restart is enabled with triangle strips

Timothy Arceri (2):
tgsi/scan: fix loop exit point in tgsi_scan_tess_ctrl()
tgsi/scan: correctly walk instructions in tgsi_scan_tess_ctrl()

Vinson Lee (2):
meson: Fix typo.
meson: Fix libsensors detection.

Read more

Also: Mesa 18.3.2 Released With Many Fixes As Users Encouraged To Upgrade

Games: Valve, Gravel, Meeple Station

Filed under
Gaming

Uploading 15 GB of new Slackware Live Edition ISO images

Filed under
Slack

The squashfs modules in the XFCE ISOs are compressed with ‘xz’ to keep them as small as possible (so they will fit on a CDROM medium). All of the other ISOs are compressed with ‘zstd’ which gives the Live OS a speed boost of ~20% at the cost of 10% increase in the ISO size.

Read more

Purism Announces PureOS App Store for Its Upcoming Librem 5 Linux Phone

Filed under
OS
Linux

Envisioned as a hub for delivering apps to both mobile and desktop ecosystems in a secure manner, Purism’s upcoming PureOS Store promises to respect the privacy and freedom of users while make it easier for them to download well-tested software on their Librem laptops, as well as the Librem 5 privacy-focused mobile phone that the company plans to release worldwide in April 2019.

“We envision PureOS Store as the primary community interface for app developers to contribute to the wider ecosystem, without having to understand the underlying technology like packaging or the mechanism of pushing apps upstream. We want to incentivize developers to create software that meets community values with the ultimate goal of incorporation into PureOS itself,” said Purism.

Read more

Inkscape 1.0 Open-Source Vector Graphics Editor Is Finally Coming After 15 Years

Filed under
OSS

Inkscape is quality SVG editor that runs on Linux, Mac, and Windows systems and can be used to create or edit vector graphics like logos, diagrams, illustrations, charts, and anything else in between. InkScape 1.0 is a major release that all fans of the open source software have expected for so long, and it finally brings long-anticipated features and improvements.

Highlights of Inkscape 1.0 include an updated user interface that offers better support for 4K/HiDPI screens and theming support, the ability to rotate and mirror canvases, new options for exporting to the PNG image format, variable fonts (requires pango 1.41.1 or higher), as well as much faster path operations and deselection of a large amounts of paths.

Read more

Mesa 19.0 RADV vs. AMDVLK 2019.Q1.2 vs. Radeon Software 18.50 Linux Vulkan Performance

Filed under
Graphics/Benchmarks

With the latest AMDVLK Vulkan driver improvements back to coming out on a weekly basis by AMD and Mesa 19.0 development progressing ahead of its feature freeze later this month, here is a fresh Linux gaming benchmark comparison of the AMD Radeon Vulkan driver options on Linux. Tested this round with a Radeon RX 590 and RX Vega 64 was the latest Mesa 19.0 development state for RADV, this week's new AMDVLK 2019.Q1.2 driver snapshot, and the Radeon Software 18.50 proprietary driver while running a slew of Vulkan-powered Linux games and DXVK.

Read more

Servers: Puppet on DevOps, Docker and Kubernetes, SUSE server (SLES) and More

Filed under
Server
  • Puppet on DevOps: practitioners (not managers) are the new champions

    With a foundation in open source, Puppet is championing a world of what it calls ‘unconstrained software change’… presumably an even more intense version of Continuous Integration (CI) and Continuous Delivery (CD).

  • Architectural learning curve for the private cloud

    Just about everybody is familiar with Docker; about half as many know Kubernetes. But how about Istio? Docker and Kubernetes may be the foundation of your private cloud, but it turns out they might not be enough.

    Here are some very interesting and easily accessible numbers from Twitter: Docker has 304,000 followers and Kubernetes has 121,000. On the other hand, Helm, Istio and Prometheus Monitoring have fewer than 15,000 followers each.

  • SUSE Server for Arm Becomes Generally Available

    The SUSE server (SLES) for Arm processors is now available directly from SUSE with a new price structure that counts cores and sockets.

  • The curious case of the Raspberry Pi in the network closet

    I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote). I have worked on many Raspberry Pi projects and I felt confident I could find out what it does.

    At this point nobody thought it was going to be malicious, more like one of our staffers was playing around with something.

Desktop: Google Chromebook, Distros, Coin Mining and What We Should Expect From Linux in 2019

Filed under
GNU
Linux
  • What is a Google Chromebook?

    You’ve probably seen the term Chromebook mentioned on the internet, and you might be wondering what they are, and how they differ from regular laptops.

    In this guide we’ll explain what a Chromebook is, list the pros and cons of the devices, and help you decide whether or not a Chromebook is right for you.

    If you’re after in-depth buying advice on specific models, check out our Should I Buy a Chromebook? and Best Chromebook guides.

  • What's your favorite desktop Linux distribution?

    So, for our annual poll, we pulled the top 15 distributions according to DistroWatch over the past 12 months. It's not scientific—but it's something to start with, and we had to cull it down somehow.

    Did your favorite distribution fall short of the cut-off point? Let us know what it is in the comments. And no matter what distro you choose, be sure to let us know why it's your favorite. What's so great that makes it your distribution of choice?

  • The Top 4 Ways Your Linux Computer Can Earn You Money

    Computers, whether they run Linux or not, as a rule, don't tend to be cheap. However, what if I was to tell you that you can offset at least some of that cost by using the machine itself? Well, you can, and below you can find out exactly how to do this.

  • What Should We Expect from Linux in 2019?

    There are a lot more questions about what the open source community will do this year like would Ubuntu finally have stable support for fractional scaling? Will snap apps finally blend in perfectly with the UI of the distros they run on by default? Which distros will be the most innovative?

    Which features will you like to see any Linux distros and open source apps this year? Do you have any hints or inside information on the cool improvements to come? Tell us all about it below in the comments section.

Syndicate content

More in Tux Machines

Audiocasts: Full Circle Weekly News, mintCast and GNU World Order

KDE: Usability & Productivity Report From Nate Graham

  • This week in Usability & Productivity, part 54
    This week in KDE’s Usability & Productivity initiative, something big landed: virtual desktop support on Wayland, accompanied by a shiny new user interface for the X11 version too. Eike Hein has been working on this literally for months and I think he deserves a round of applause! It was a truly enormous amount of work, but now we can benefit for years to come.
  • KDE Now Has Virtual Desktop Support On Wayland
    KDE landing virtual desktop support on Wayland this week is certainly quite exciting while also a new UI was added for the X11 virtual desktop support too. Some of the other KDE improvements that landed this week and relayed by Nate Graham include the digital clock widget now allowing adjustments to the date formatting, the KDE Information Center's USB devices section will now actually display all USB devices, wallpaper chooser view improvements, and various other improvements.

Screenshots/Screencasts: Robolinux 10.4 LXDE, deepin 15.9, and Parrot OS 4.5 KDE

Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

With the Linux 5.1 kernel cycle that should get underway in just over one month's time, there will now be the long in development work (it's been through 15+ rounds of public code review!) for supporting atomic replace and cumulative patches. Read more