Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 27 Jun 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney
  • 10/01/2017 - 11:53pm
    jennipurne
  • 10/01/2017 - 11:50pm
    relativ7

5 tiny Linux distros to try before you die

Filed under
Linux

There are plenty of Linux distributions out there to choose from when you're deciding what to run on a daily basis, yet some are so small that they get little notice. But tiny Linux distributions are powerful innovations: having an entire operating system drive a computer with less than 1GB of storage and half as much RAM is the ultimate software hack.

Tiny distros have many uses, such as...

Read more

today's leftovers

Filed under
Misc
  • Krita Interview with Chris Tallerås

    My name is Chris Tallerås and I’m a 23 year old dude from the Olympic city of Lillehammer in Norway and I do political activism traveling the country to fight the climate crisis and to advocate free culture/free, libre & opensource software in our kingdom.

    [...]

    Maybe later in 2017. I was getting tired of Windows and wanted to get into Linux...

  • IPFire 2.23 - Core Update 134 ready for testing

    The Linux kernel was vulnerable for two DoS attacks against its TCP stack. The first one made it possible for a remote attacker to panic the kernel and a second one could trick the system into transmitting very small packets so that a data transfer would have used the whole bandwidth but filled mainly with packet overhead.

    The IPFire kernel is now based on Linux 4.14.129, which fixes this vulnerability and fixes various other bugs.

  • Kiwi TCMS: Kiwi TCMS is OpenAwards 2019 Best Tech Community Winner

    Kiwi TCMS is the winner at OpenAwards'19 category Best Tech Community! Big thanks to the jury, our contributors and core-team and the larger open source and quality assurance communities who voted for us and supported the project during all of those years.

  • The need of US OSS for the programs [Ed: What an awful article. Original? Plagiarism? Even the encoding is all wrong.]

    A wide range of sorts of OSS licenses exist. In any case, there are basic traits among most OSS licenses. Two of the principle normal qualities are that: (1) beneficiaries can uninhibitedly utilize, change and convey the product; and (2) the source code (for example the comprehensible code) is made accessible to empower the activity of these rights. This recognizes OSS from restrictive programming. With exclusive programming licenses, ordinarily duplicating, altering or redistributing is disallowed and just the item code (i.e., the machine meaningful code or 'gathered structure') is circulated. The centrality of this is to adequately adjust the product, an engineer commonly would need access to the source code.

  • Certified Kubernetes Administrator (CKA) Exam and Courses Are Now Offered Onsite in China in Local Language

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today is announcing the availability of Certified Kubernetes Administrator (CKA) exam and corresponding Kubernetes Fundamentals course as in-country, instructor-led programs taught in Chinese.

    According to a Cloud Native Computing Foundation survey, 44 percent of Mandarin respondents are deploying Kubernetes. There is great demand in China and the overall Asia/Pac region for training courses that will help developers accelerate their work with Kubernetes and associated technologies.

    Since launching in 2017, the CKA exam has been taken by nearly 10,000 professionals around the world. Now it will be easier for Chinese users to take advantage of this offering with in-person instructors and in their local language. To register for the exam and courses, please visit: http://training.linuxfoundation.cn/

    “The Kubernetes administrator courses and certified exam are among the most popular training courses we offer,” said Clyde Seepersad, general manager, Linux Foundation training. “We’re now able to make the courses and exam available in Chinese with in-country exam delivery and instructors, which we hope will increase access and opportunity to learn and apply one of today’s most relevant and pervasive open source technologies.”

  • Harnessing hybrid cloud for HPC

    As a grizzled veteran of the IT industry, I have been involved in many high performance computing (HPC) projects over the years, both from a hardware and software perspective. I have always found them to be intensely interesting mainly because the projects were deeply scientific in nature, whether it be decoding the human genome, designing better, more efficient vehicles or even deep space research.
    What’s different now is the emergence of HPC into the mainstream. Instead of it just being the preserve of academics, scientists and other boffins, normal commercial organisations are trying to harness the power of HPC to solve their business issues, notably through its application to AI and Machine Learning.
    As today’s technology creates vast hordes of unstructured data, unlocking the business value therein has become a key competitive advantage and almost the Holy Grail of Digital Transformation for many organisations. HPC has a key part to play in this as deriving insight from large data sets has been a major component of scientific research for many years.

  • Building Nonstop Data Access

    The traditional way we think of data is as something that’s stored and then used later, like electricity in batteries. But today, data is always flowing, and constantly in use, much more like the electricity you pull from a grid than the energy you store in a battery. In the old days, you could wait a day, even a week, to get ahold of data. Today, it needs to be there at the flip of a switch.

  • Asteroids, SUSE and Protecting the Planet

    Asteroid Day is a global awareness campaign where people from around the world come together to learn about asteroids, the impact hazard they may pose, and what we can do to protect our planet, families, communities and future generations from future asteroid impacts. Asteroid Day takes place on June 30, the anniversary of the largest impact in recent history, the 1908 Tunguska event in Siberia. That asteroid decimated about 800 square miles (to put that in perspective, greater London is about 600 square miles). It’s estimated that a Tunguska-level “city-killer” asteroid hits the Earth every 500 years. So, while there is nothing to lose sleep over, it’s imperative that we are aware and have a plan.

  • Microsoft bans its employees from using Slack, Google Docs, and more

    Keeping your company's data safe can be tricky when your competitors are begging you to put all your conversations, projects, and hard work right into the palms of their hands.

    To make sure its competitors aren't able to look behind its tightly drawn curtains, Microsoft has a list of online services that it forbids its workforce to use, according to a report from GeekWire. They're familiar names for most modern professionals: Slack, Google Docs, and Amazon Web Services (among others).

    Despite the popularity of some of these services that allow for easy communication between employees and data storing and sharing, Microsoft wants to make sure everybody is keeping all their information in-house with its own programs. Actually, not even all of its own programs are safe, as the Microsoft-owned GitHub is also off limits.

  • What are you working on this summer?

    Tell us about your summer project by taking our poll. Plus, read what our writers are working on.

  • [Mozilla] Emily Dunham: More on Mentorship

    Last year, I wrote about some of the aspirations which motivated my move from Mozilla Research to the CloudOps team. At the recent Mozilla All Hands in Whistler, I had the “how’s the new team going?” conversation with many old and new friends, and that repetition helped me reify some ideas about what I really meant by “I’d like better mentorship”.

Proprietary Software and Games: OnlyOffice, Total War: THREE KINGDOMS and Underspace From Pastaspace

Filed under
Software
Gaming
  • OnlyOffice Desktop Editors review - A challenger appears

    OnlyOffice Desktop Editors is definitely an interesting office suite. Unique, fairly stylish, with reasonably good Microsoft format compatibility - I'm not sure about the background image transparency, whether it's a glitch, a bug or a PEBKAC. I also like the UI - minimalistic yet useful. Plugins are another nice feature, and you will find lots of small, elegant touches everywhere. With a free price tag, this is a rather solid contender for home use.

    But there were some problems, too. The initial startup, that's a big one for newbies. Styles can be better sorted out, document loading is too slow, the UI suffers from over-simplification here and there, and the fonts need to be sharper and with more contrast, the whole new-age gray-on-gray is bad. Maybe some of these missing options are actually there in the business editions, and I'm inclined to take those for a spin, too. So far, I wouldn't call this an outright replacement for Microsoft Office, but I'm definitely intrigued, and do intend to continue and expand my testing of OnlyOffice. Very neat. I suggest you grab the program for a spin, I think you'll be pleasantly surprised.

  • Oaths, coalitions and betrayal — some thoughts on Total War: THREE KINGDOMS

    Total War: THREE KINGDOMS was released in its all-caps glory about a month ago and saw a same-day Linux release thanks to porters Feral Interactive. The action this time around is centered in China during its fractious Three Kingdoms period of history that saw the end of the Han dynasty and warlords and coalitions battle it out for supremacy. More specifically, this Total War title also takes inspiration from the Romance of the Three Kingdoms novel and its larger-than-life heroes and villains. Developer Creative Assembly has put in plenty of time and effort to capture the feeling of both novel and the historical conflict.

    At the heart of this design philosophy is the option to play the turn-based campaign in Romance mode. Veteran players that have played other Total War titles such as the Warhammer entries may be familiar with the prominence that hero units and leaders have come to take in the series. Romance mode continues this trend by making it so the commanders of retinues are key to warfare. They lead troops, use abilities to buff allies and hamper enemies, can stand up to dozens of regular troops and fight duels with enemy commanders. A more classic mode, where regular troops feature more prominently, is also available but I spent the majority of my time with the game playing in Romance mode.

  • Open-world space arcade-action game "Underspace" is on Kickstarter with a Linux demo

    Oh goodie, more space action goodness! Underspace from Pastaspace Interactive is on Kickstarter looking for funding and it seems like quite a promising game.

Ubuntu/Debian Leftovers

Filed under
Debian
Ubuntu

Programming Leftovers

Filed under
Development
  • Intel Is Working On A New ‘Data Parallel C++’ Programming Language

    ntel has been working on its OneAPI project for quite some time. The company has now shared more details of the software project — including the launch of a new programming language called “Data Parallel C++ (DPC++).”

  • 6 Best Data Science and Machine Learning Courses for Beginners

    Many programmers are moving towards data science and machine learning hoping for better pay and career opportunities --- and there is a reason for it. The Data scientist has been ranked the number one job on Glassdoor for last a couple of years and the average salary of a data scientist is over** $120,000** in the United States according to Indeed.

    Data science is not only a rewarding career in terms of money but it also provides the opportunity for you to solve some of the world's most interesting problems. IMHO, that's the main motivation many good programmers are moving towards data science, machine learning and artificial intelligence.

  • Find the smallest number within a list with python

    In this example, we will create a python function which will take in a list of numbers and then return the smallest value. The solution to this problem is first to create a place holder for the first number within the list, then compares that number with other numbers within the same list in the loop. If the program found a number which is smaller than the one in the place holder, then the smaller number will be assigned to that place holder.

  • Basic Input, Output, and String Formatting in Python

    To be useful, a program usually needs to communicate with the outside world by obtaining input data from the user and displaying result data back to the user. This tutorial will introduce you to Python input and output.

    Input may come directly from the user via the keyboard, or from some external source like a file or database. Output can be displayed directly to the console or IDE, to the screen via a Graphical User Interface (GUI), or again to an external source.

  • Want to level up your Python? Join Weekly Python Exercise, starting July 2nd

    Let’s face it: Stack Overflow has made developers’ lives easier. Almost every time I have a question, I find that someone on Stack Overflow has asked it, and that people have answered it, often in great detail.

    I’m thus not against Stack Overflow, not by a long shot. But I have found that many Python developers visit there 10 or even 20 times a day, to find answers (and even code) that they can use to solve their problems.

  • Introducing pytest-elk-reporter

    Few years back I’ve wrote a post about how I’ve connected python based test to ELK setup - “ELK is fun”, it was using an xunit xml, parsing it and sending it via Logstash.

    Over time I’ve learn a lot about ElasticSearch and it’s friend Kibana, using them as a tool to handle logs. and also as a backend for a search component on my previous job.

    So now I know logstash isn’t needed for reporting test result, posting straight into elasticsearch is easier and gives you better control, ES is doing anything “automagiclly” anyhow nowadays.

Graphics: Weston 6.0.1, GPUs in OpenStack, Panfrost and Vulkan

Filed under
Graphics/Benchmarks
  • weston 6.0.1
    Weston 6.0.1 is released with build system fixes to smooth the
    transition to Meson. Other miscellaneous bugfixes are also included.
    
    Note that the PGP signing key has changed to 0FDE7BE0E88F5E48.
    
    - (1):
          zunitc: Fix undeclared identifier 'NULL'
    
    Alexandros Frantzis (1):
          clients/simple-dmabuf-egl: Properly check for error in gbm_bo_get_handle_for_plane
    
    Antonio Borneo (2):
          clients: close unused keymap fd
          log: remove "%m" from format strings by using strerror(errno)
    
    Daniel Stone (2):
          weston: Properly test for output-creation failure
          compositor: Don't ignore --use-pixman for Wayland backend
    
    Fabrice Fontaine (1):
          Fix build with kernel < 4.4
    
    Harish Krupo (4):
          meson.build: Fix warning for configure_file
          window.c: Don't assume registry advertisement order
          data-device: send INVALID_FINISH when operation != dnd
          Fix: clients/window: Premature finish request when copy-pasting
    
    Kamal Pandey (1):
          FIX: weston: clients: typo in simple-dmabuf-egl.c
    
    Luca Weiss (1):
          Fix incorrect include
    
    Marius Vlad (3):
          meson.build/libweston: Fix clang warning for export-dynamic
          compositor: Fix invalid view numbering in scene-graph
          compositor: Fix missing new line when displaying buffer type for EGL buffer
    
    Pekka Paalanen (7):
          meson: link editor with gobject-2.0
          meson: link cms-colord with glib and gobject
          meson: link remoting with glib and gobject
          meson: DRM-backend demands GBM
          meson: dep fix for compositor.h needing xkbcommon.h
          build: add missing dep to x11 backend
          libweston: fix protocol install path
    
    Scott Anderson (1):
          compositor: Fix incorrect use of bool options
    
    Sebastian Wick (1):
          weston-terminal: Fix weston-terminal crash on mutter
    
    Silva Alejandro Ismael (1):
          compositor: fix segfaults if wl_display_create fails
    
    Simon Ser (1):
          build: bump to version 6.0.1 for the point release
    
    Tomohito Esaki (1):
          cairo-util: Don't set title string to Pango layout if the title is NULL
    
    git tag: 6.0.1
    
  • Wayland's Weston 6.0.1 Released With Build System Fixes & Other Corrections

    Weston 6.0 was released back in March with a remote/streaming plug-in and Meson becoming the preferred build system among other improvements. Weston 6.0.1 was released today by Simon Ser with various fixes to this reference Wayland compositor.

    Weston 6.0.1 is mostly made up of Meson build system fixes/improvements to ensure a good Meson experience. There is also a fix for building with pre-4.4 kernels and a variety of other smaller fixes.

  • OpenStack Stein feature highlights: vGPU support coming in Red Hat OpenStack Platform 15

    Red Hat is working on the next release of the supported enterprise distribution of OpenStack, Red Hat OpenStack Platform 15, based on the Stein community release. In this multi-part blog series, we’ll be examining some of the features that Red Hat and the open source community have collaborated on–starting with a look to future workloads, such as artificial intelligence.

    "How does OpenStack enable next generation workloads?" you ask. When it comes to computer-driven decision making, machine learning algorithms can provide adaptable services that can get better over time. Some of these workloads, such as facial recognition, require GPUs to ingest and process graphical data in real time. But the more powerful GPUs often used for machine learning and such are expensive, power-hungry, and can take up a lot of room in the servers' chassis. When working with GPUs at scale, optimized utilization is key to more cost effective machine learning.

  • Panfrost Gallium3D Picks Up Yet More Features Thanks To Collabora's Summer Internship

    Just a few days ago I wrote how the Panfrost Gallium3D driver continues making incredible progress for this community-driven, open-source graphics driver targeting Arm Bifrost/Midgard graphics. There's yet another batch of new features and improvements to talk about.

    Most of this feature work continues to be done by Panfrost lead developer Alyssa Rosenzweig who is interning at Collabora this summer and appears to be spending most of her time working on this reverse-engineered Arm graphics driver supporting their recent generations of IP.

  • Vulkan 1.1.112 Released While Open-Source ANV + RADV Drivers Continue Marching Along

    Vulkan 1.1.112 was outed this morning as the newest documentation update to this high performance graphics and compute API.

    Vulkan 1.1.112 is quite a mundane update with just documentation corrections and clarifications this go around and not any new extensions. But at least the clarifications should help out some and other maintenance items addressed by this Vulkan 1.1.112 release. It's not a surprise the release is so small considering Vulkan 1.1.111 was issued just two weeks ago.

5 Best and Free Desktop Email Clients for Linux and Windows

Filed under
Software

If you are looking for free Email clients for Linux and Windows – here are 5 of them we list which you can try and consider for casual or professional uses.

Web based email is popular today which can be accessed via browser or mobile apps. However, big and medium enterprises, generic users still prefers native desktop email clients for heavy and office uses. Microsoft Outlook is the most popular desktop email client which is of course not free and you have to pay huge licence fee to use.

There are multiple options for free desktop email clients available. Here are the best 5 free and open source email clients which you can go ahead and try then deploy for your needs.

Read more

On the Road to Fedora Workstation 31

Filed under
Red Hat

So I hope everyone is enjoying Fedora Workstation 30, but we don’t rest on our laurels here so I thought I share some of things we are working on for Fedora Workstation 31. This is not an exhaustive list, but some of the more major items we are working on.

Wayland – Our primary focus is still on finishing the Wayland transition and we feel we are getting close now, and thank you to the community for their help in testing and verifying Wayland over the last few years. The single biggest goal currently is fully removing our X Windowing System dependency, meaning that GNOME Shell should be able to run without needing XWayland. For those wondering why that has taken so much time, well it is simple; for 20 years developers could safely assume we where running atop of X. So refactoring everything needed to remove any code that makes the assumption that it is running on top of X.org has been a major effort. The work is mostly done now for the shell itself, but there are a few items left in regards to the GNOME Setting daemon where we need to expel the X dependency. Olivier Fourdan is working on removing those settings daemon bits as part of his work to improve the Wayland accessibility support. We are optimistic that can declare this work done within a GNOME release or two. So GNOME 3.34 or maybe 3.36. Once that work is complete an X server (XWayland) would only be started if you actually run a X application and when you shut that application down the X server will be shut down too.

Read more

Videos: OpenMandriva Lx 4.0, Enso OS 0.3.1, OpenShift and Upbound

Filed under
GNU
Linux
Interviews
  • OpenMandriva Lx 4.0 overview | The best! ...until OpenMandriva does better.

    In this video, I am going to show an overview of OpenMandriva Lx 4.0 and some of the applications pre-installed.

  • Enso OS 0.3.1 Run Through

    In this video, we look at Enso OS 0.3.1. Enjoy!

  • Video from KubeCon 2019: Red Hat in Barcelona

    From May 21-25, Red Hat OpenShift Container Storage rolled into KubeCon Europe 2019 in Barcelona, Spain, a rare chance to bring different parts of the Red Hat community together from across Europe and the U.S. While there, we took the opportunity to sit down with members of the teams that are shaping the next evolution of container native storage in Red Hat OpenShift and throughout the Kubernetes ecosystem.

    We’ve put together highlights from Barcelona, where you’ll see what happens when you gather 7,700 people from the Kubernetes ecosystem in one place. You’ll also hear from members of Red Hat’s team in Barcelona—Distinguished Engineer Ju Lim, Senior Architect Annette Clewett, Rook Senior Maintainer Travis Nielsen and others—about what’s exciting them now, and what’s ahead.

  • Bassam Tabbara: Next 10 Years Should Be About Open Cloud

    During KubeCon + CloudNativeCon, Barcelona, we sat down with Bassam Tabbara – CEO and founder of Upbound to talk about the company he is building to make the next decade about Open / Open Source Cloud, breaking away from the proprietary cloud. Tabbara shared his insights into how AWS, Azure and the rest leverage open source technologies to create the proprietary clouds. He wants to change that.

189 Lives Changed - By Linux

Filed under
GNU
Linux

I've been at this business of putting Linux-powered computers into the homes of financially disadvantaged kids since 2005, one way or the other. That's 14 years and north of 1670 computers placed. Throughout those years, I've shared with you some of our successes, and spotlighted the indomitable spirit of the Free Open Source Community and The Linux Community as a whole. I've also shared with you the lowest of the low times for us, and me personally.

But through it all, Reglue has maintained our mission of placing first-time computers into the homes of financially disadvantaged students. By onesies and twosies mostly. A multi-machine learning center here and there, by far the greatest is the Bruno Knaapen Technology Learning Center. And as much of a challenge as that was, we have another project of even greater measure.

If you don't know who Bruno Knaapen is, I suggest you follow the link. Bruno will go down in history as a person who helped more people adapt to Linux than anyone, at any time. Bruno's online contributions are still a treasure trove of Linux knowledge. So much, individuals pay out of their pocket to make sure that information remains available. Going down that list, you will come to understand the tenacity and knowledge that man shared with his community. I was one of those that learned at his elbow.

Read more

Tails 3.14.2 is out

Filed under
Security
Debian

This release is an emergency release to fix a critical security vulnerability in Tor Browser.

You should upgrade as soon as possible.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • OpenSSH code gets an update to protect against side-channel attacks

    Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.

    SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.

    However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.

  • Bird Miner cryptominer targets Macs, emulates Linux [Ed: This is actually malware that spreads itself using proprietary software and not about "Linux"]

    A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool.

  • Linux Admins! Grab Our Free Tool To Protect Against Netflix SACK Panic

    Your Linux boxes may be vulnerable to TCP networking vulnerabilities that can lead to a remote DoS attack.

Audiocasts/Shows: Full Circle Magazine, This Week in Linux, Open Source Security Podcast and Linux Gaming News Punch

Filed under
Interviews

Canonical Releases Linux Kernel Security Patch for 64-Bit PowerPC Ubuntu Systems

Filed under
Security
Ubuntu

Affecting the Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), and Ubuntu 18.04 LTS (Bionic Beaver) operating systems, the new Linux kernel security patch fixes a vulnerability (CVE-2019-12817) on 64-bit PowerPC (ppc64el) systems, which could allow a local attacker to access memory contents or corrupt the memory of other processes.

"It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power (ppc64el) systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system," reads the security advisory.

Read more

0.4.1 Release of Elisa

Filed under
KDE

Elisa is a music player developed by the KDE community that strives to be simple and nice to use. We also recognize that we need a flexible product to account for the different workflows and use-cases of our users.

We focus on a very good integration with the Plasma desktop of the KDE community without compromising the support for other platforms (other Linux desktop environments, Windows and Android).

We are creating a reliable product that is a joy to use and respects our users privacy. As such, we will prefer to support online services where users are in control of their data.

Read more

Syndicate content

More in Tux Machines

Fedora Workstation 31, AAC Support

  • Fedora Workstation 31 to come with Wayland support, improved core features of PipeWire, and more

    On Monday, Christian F.K. Schaller, Senior Manager for Desktop at Red Hat, shared a blog post that outlined the various improvements and features coming in Fedora Workstation 31. These include Wayland improvements, more PipeWire functionality, continued improvements around Flatpak, Fleet Commander, and more.

  • Fedora's AAC Support Finally Seeing Audio Quality Improvements

    Fedora's version of the FDK-AAC library that they began shipping in 2017 to finally provide AAC audio support strips out what was patented encumbered functionality. But that gutting of the code did cause some problems like audio playback glitches that are now being addressed. Fortunately, better AAC support is on the way to Fedora. There is this F30 update pending to provide an updated AAC implementation with quality enhancements.

Mozilla: Firefox's Gecko Media Plugin & EME Architecture, Accessibility, Firefox 68 Beta 10 Testday Results

  • Chris Pearce: Firefox's Gecko Media Plugin & EME Architecture

    For rendering audio and video Firefox typically uses either the operating system's audio/video codecs or bundled software codec libraries, but for DRM video playback (like Netflix, Amazon Prime Video, and the like) and WebRTC video calls using baseline H.264 video, Firefox relies on Gecko Media Plugins, or GMPs for short. This blog post describes the architecture of the Gecko Media Plugin system in Firefox, and the major class/objects involved, as it looked in June 2019. For DRM video Firefox relies upon Google's Widevine Content Decryption Module, a dynamic shared library downloaded at runtime. Although this plugin doesn't conform to the GMP ABI, we provide an adapter to allow it to be run through the GMP system. We use the same Widevine CDM plugin that Chrome uses. For decode and encode of H.264 streams for WebRTC, Firefox uses OpenH264, which is provided by Cisco. This plugin implements the GMP ABI.

  • Hacks.Mozilla.Org: How accessibility trees inform assistive tech

    The web is accessible by default. It was designed with features to make accessibility possible, and these have been part of the platform pretty much from the beginning. In recent times, inspectable accessibility trees have made it easier to see how things work in practice. In this post we’ll look at how “good” client-side code (HTML, CSS and JavaScript) improves the experience of users of assistive technologies, and how we can use accessibility trees to help verify our work on the user experience.

  • QMO: Firefox 68 Beta 10 Testday Results

    As you may already know, Friday June 14th – we held a new Testday event, for Firefox 68 Beta 10.

Security Leftovers/FUD

  • New Linux Worm Attacks IoT Devices [Ed: How to blame "Linux" for default passwords in devices (and some now also blame "Iran", citing a CIA 'proxy' Recorded Future in relation to this because they want war)]

    Silex has 'bricked' more than 2000 Linux-based IoT devices so far.

  • Your server remote login isn't root:password, right? Cool. You can keep your data. Oh sh... your IoT gear, though? [Ed: All this "Silex" 'news' tries to blame Iran for cracking by guessing default passwords; but this is attempted every day by dozens of nations, every minute in a lot of cases. Any political motivation behind this Iran angle?]

    Earlier this week, infosec outfit Recorded Future claimed a Tehran-backed group known as Elfin, or APT33, has been increasingly active in recent months, largely targeting industrial facilities and companies within Saudi Arabia that do business with the US and other Western countries.
  • 'Silex' Malware Renders Internet-of-Things Devices Useless. Here's How to Prevent It [Ed: War lovers' media, e.g. Fortune (see parent) and CBS (through ZDNet) push this whole "Iran" angle, manufactured in part by Recorded Future, which works with the CIA. This is the source of all these "Iran is cracking your gear" stories (every large nation does it all the time, so why the focus on Iran all of a sudden?)]
  • Silex malware targeting IoT devices spotted by security researchers
  • Daily News Roundup: Hackers Broke into Ten Telecom Networks [Ed: Definitely sounds like they used Windows, which executes malware without obstructing the users (who might just open an E-mail or click on a link)]

    Security researchers have revealed hackers spent years burrowing into ten different telecoms. Using a common method of an email with a link leading to malware, the hackers then used sophisticated techniques to target specific individuals. Security researchers at Cybereason revealed details of years-long attempts to break into telecom services (cell phone carriers). Starting in 2017, and possibly before, hackers sent emails to unsuspecting telecom employees with malicious links. The initial payload gave the hackers access to the telecom networks. Once in, the hackers ultimately compromised the network, gaining administrative privileges, and even creating a VPN on the system that let hackers access large amounts of data and empowered them even to shut down the telecom network entirely. The hackers had so much power that Amit Serper, Principal Security Researcher at Cybereason, described them as essentially a “de facto shadow IT department of the company.”

Kernel: LWN's Latest (SACK etc.) and Phoronix on Saitek R440 Force Racing Wheel Support Coming to Linux

  • The TCP SACK panic

    Selective acknowledgment (SACK) is a technique used by TCP to help alleviate congestion that can arise due to the retransmission of dropped packets. It allows the endpoints to describe which pieces of the data they have received, so that only the missing pieces need to be retransmitted. However, a bug was recently found in the Linux implementation of SACK that allows remote attackers to panic the system by sending crafted SACK information. Data sent via TCP is broken up into multiple segments based on the maximum segment size (MSS) specified by the other endpoint—or some other network hardware in the path it traversed. Those segments are transmitted to that endpoint, which acknowledges that it has received them. Originally, those acknowledgments (ACKs) could only indicate that it had received segments up to the first gap; so if one early segment was lost (e.g. dropped due to congestion), the endpoint could only ACK those up to the lost one. The originating endpoint would have to retransmit many segments that had actually been received in order to ensure the data gets there; the status of the later segments is unknown, so they have to be resent. In simplified form, sender A might send segments 20-50, with segments 23 and 37 getting dropped along the way. Receiver B can only ACK segments 20-22, so A must send 23-50 again. As might be guessed, if the link is congested such that segments are being dropped, sending a bunch of potentially redundant traffic is not going to help things.

  • Short waits with umwait

    If a user-space process needs to wait for some event to happen, there is a whole range of mechanisms provided by the kernel to make that easy. But calling into the kernel tends not to work well for the shortest of waits — those measured in small numbers of microseconds. For delays of this magnitude, developers often resort to busy loops, which have a much smaller potential for turning a small delay into a larger one. Needless to say, busy waiting has its own disadvantages, so Intel has come up with a set of instructions to support short delays. A patch set from Fenghua Yu to support these instructions is currently working its way through the review process. The problem with busy waiting, of course, is that it occupies the processor with work that is even more useless than cryptocoin mining. It generates heat and uses power to no useful end. On hyperthreaded CPUs, a busy-waiting process could prevent the sibling thread from running and doing something of actual value. For all of these reasons, it would be a lot nicer to ask the CPU to simply wait for a brief period until something interesting happens. To that end, Intel is providing three new instructions. umonitor provides an address and a size to the CPU, informing it that the currently running application is interested in any writes to that range of memory. A umwait instruction tells the processor to stop executing until such a write occurs; the CPU is free to go into a low-power state or switch to a hyperthreaded sibling during that time. This instruction provides a timeout value in a pair of registers; the CPU will only wait until the timestamp counter (TSC) value exceeds the given timeout value. For code that is only interested in the timeout aspect, the tpause instruction will stop execution without monitoring any addresses.

  • Dueling memory-management performance regressions

    The 2019 Linux Storage, Filesystem, and Memory-Management Summit included a detailed discussion about a memory-management fix that addressed one performance regression while causing another. That fix, which was promptly reverted, is still believed by most memory-management developers to implement the correct behavior, so a patch posted by Andrea Arcangeli in early May has relatively broad support. That patch remains unapplied as of this writing, but the discussion surrounding it has continued at a slow pace over the last month. Memory-management subsystem maintainer Andrew Morton is faced with a choice: which performance regression is more important? The behavior in question relates to the intersection of transparent huge pages and NUMA policy. Ever since this commit from Aneesh Kumar in 2015, the kernel will, for memory areas where madvise(MADV_HUGEPAGE) has been called, attempt to allocate huge pages exclusively on the current NUMA node. It turns out that the kernel will try so hard that it will go into aggressive reclaim and compaction on that node, forcing out other pages, even if free memory exists on other nodes in the system. In essence, enabling transparent huge pages for a range of memory has become an equivalent to binding that memory to a single NUMA node. The result, as observed by many, can be severe swap storms and a dramatic loss of performance. In an attempt to fix this problem, Arcangeli applied a patch in November 2018 that loosened the tight binding to the current node. But, it turned out, some workloads want that binding behavior. Local huge pages will perform better than huge pages on a remote node; even local small pages tend to be better than remote huge pages. For some tasks, the performance penalty for using remote pages is high enough that it is worth going to great lengths — even enduring a swap storm at application startup — to avoid it. No such workload has been publicly posted, but the patch was reverted by David Rientjes in December after a huge discussion.

  • Rebasing and merging in kernel repositories

    What follows is a kernel document I have been working on for the last month in the hope of reducing the number of subsystem maintainers who run into trouble during the merge window. If all goes according to plan, this text will show up in 5.3 as Documentation/maintainer/rebasing-and-merging.txt. On the off chance that some potentially interested readers might not be monitoring additions to the nascent kernel maintainer's handbook, I'm publishing the text here as well. Maintaining a subsystem, as a general rule, requires a familiarity with the Git source-code management system. Git is a powerful tool with a lot of features; as is often the case with such tools, there are right and wrong ways to use those features. This document looks in particular at the use of rebasing and merging. Maintainers often get in trouble when they use those tools incorrectly, but avoiding problems is not actually all that hard. One thing to be aware of in general is that, unlike many other projects, the kernel community is not scared by seeing merge commits in its development history. Indeed, given the scale of the project, avoiding merges would be nearly impossible. Some problems encountered by maintainers result from a desire to avoid merges, while others come from merging a little too often.

  • Years Late But Saitek R440 Force Racing Wheel Support Is On The Way For Linux

    If you happen to have a Saitek R440 Force Wheel or looking to purchase a cheap and used racing wheel for enjoying the various Linux racing game ports or even the number of games working under Steam Play like F1 2018 and DiRT Rally 2.0, Linux support is on the way. The Saitek R440 Force Wheel can still be found from the likes of eBay for those wanting a cheap/used PC game racing wheel. Now coming soon to the Linux kernel is support for this once popular gaming wheel -- which was originally released back in 2004. The Linux kernel patch originally adding the Saitek R440 was sent last year only to be resent out recently in an attempt for mainline acceptance.