Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 20 Jan 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Wear OS 2.3 begins rolling out to some smartwatches

Filed under
OS

Google is still in the process of updating some of its smartwatches to Wear OS 2.2 H, but in a bid to stay ahead of the curve, or totally confuse us, version 2.3 of the wearable operating system is also being rolled out. Go figure!

As part of the update, the Home app has been updated from version 2.20 to 2.21, which has a number of improvements including a slight change of design, improved health coaching and what they call more “proactive” help from Google Assistant.

Read more

Plasma 5.15 Beta

Filed under
KDE

Today KDE launches the beta release of Plasma 5.15.

For the first release of 2019, the Plasma team has embraced KDE's Usability & Productivity goal. We have teamed up with the VDG (Visual Design Group) contributors to get feedback on all the papercuts in our software that make your life less smooth, and fixed them to ensure an intuitive and consistent workflow for your daily use.

Plasma 5.15 brings a number of changes to our configuration interfaces, including more options for complex network configurations. Many icons have been added or redesigned. Our integration with third-party technologies like GTK and Firefox has been made even more complete. Discover, our software and add-on installer, has received a metric tonne of improvements to help you stay up-to-date and find the tools you need to get your tasks done.

Read more

Also: KDE Plasma 5.15 Desktop Environment Enters Beta, Promises Numerous Improvements

KDE Plasma 5.15 Beta Released With Some Grand Improvements

OSS Leftovers

Filed under
OSS
  • SalesAgility Launches SuiteCRM 7.11

    SalesAgility has released SuiteCRM 7.11 with several bug fixes, new workflows, Elasticsearch, and Google calendar synchronization.

    Elasticsearch is an open-source RESTful search engine to centrally store and index data. SuiteCRM will now provide users a faster and more scalable way to perform full text searches via Global Search on larger data volumes than before.

  • The essential guide to open source virtualization platforms

    Open source virtualization platforms offer adopters the chance to reduce licensing costs and avoid vendor lock-in, while still providing robust virtualization features.

    IT administrators who adopt open source might have less support than they would from a major vendor, so they must be adept at troubleshooting or garnering help from open source communities. Open source virtualization adopters might also consider vendors such as Red Hat that can provide support and integration services.

  • WordPress Partners with Google News to Launch Open Source Platform for Newsrooms

    On January 14, 2019, WordPress announced the launch of Newspack by WordPress, an Open Source Platform for Newsrooms which will begin operations in mid-2019 with backing from ConsenSys, Civil media and others.

  • Automattic announces Newspack to help news organizations publish and monetize

    WordPress,  the open-source project that lets you create websites on WordPress.com, is already a solid content management system (we use it at TechCrunch). But it becomes more difficult to use once you want to monetize your content using subscriptions, metered paywalls and user accounts. WordPress doesn’t have a native solution for that.

    That’s why Automattic  is working on a platform for news organizations — think about it as a version of WordPress specifically designed for news organizations. The company wants to help local news organizations more specifically, as those media companies don’t necessarily have a ton of development resources.

  • Open Call for Humanitarian Design Challenges

    All designs and documentation of the solution will be freely published online as Open Source, to the benefit of you, users and other stakeholders, future (student) teams and anyone interested.

Stable kernels 4.20.3, 4.19.16, 4.14.94, 4.9.151 and 4.4.171

Filed under
Linux

ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support

Filed under
Linux
Legal

Last week I reported on ZFS On Linux breaking with Linux 5.0 due to some kernel symbols sought by this out-of-tree file-system driver no longer being exported and the upstream developers not willing to adjust for the ZoL code. That's still the case but the ZFS On Linux developers have a patch so at least the file-system driver will be able to build on Linux 5.0.

This ZOL + Linux 5.0 issue stems from a set of functions used by this ZFS Linux port for vectorized file-system checksums no longer being exported. The kernel developers don't want to re-export the functionality since as Greg Kroah-Hartman put it, "my tolerance for ZFS is pretty non-existant."

Since that Phoronix article last week, Greg KH followed up on the mailing list with, "Sorry, no, we do not keep symbols exported for no in-kernel users." Longtime Linux kernel developer Christoph Hellwig also suggested users switch instead to FreeBSD if caring about ZFS.

Read more

Programming: Panda 3D Game Project, Skills in 2019, Golang Mastery, Python and Mozilla

Filed under
Development
  • Create Panda 3D Game Project

    Hello, do you still remember that I have mentioned to you before that I will start another game project alongside the new pygame project? Well, I have not decided yet which game framework should I use to build the python game. Yesterday I had just came across Panda 3D which is a very attractive game framework that we can use to create the python game.

  • Top technical skills that will get you hired in 2019

    Landing the perfect IT job is never easy, but certain technical skills can smooth the way, especially if they’re in high demand. Job search platform Indeed has analyzed the fastest-growing terms used by job seekers when searching for tech jobs in 2019, and the results represent some significant changes over last year.

    “When people look for new jobs, they often use search terms that describe cutting-edge skills associated with the jobs they want,” says Daniel Culbertson, economist at Indeed. “On the employer side, the highly specialised tech talent who have these proficiencies are in great demand.”

  • 5 open source Go tools for tuning up your Golang mastery

    Love programming in Go? It’s hard not to fall in love with it, we know! Today we browsed through some Golang tools on GitHub and picked some of our favorites from the list. Far from exhaustive, this list highlights some of the best in show.

  • Executing Shell Commands with Python
  • Introduction to Python
  • Convert video from one format to another with python
  • L10n report: January edition

Games: HyperRogue, Warhammer, Dis Pontibus, Guard Duty, LandTraveller

Filed under
Gaming

Sailfish OS Sipoonkorpi is now available

Filed under
OS
Linux

The release of Sailfish 3 has been a gratifying milestone for Jolla. Each new update completes the circle of the Sailfish 3 era, step by step, delivering new features and adding value to Sailfish OS.

This time, our name pick fell upon the woodlands of Sipoonkorpi. Sipoonkorpi is a 19 km² Finnish National park located in the municipalities of Helsinki, Vantaa and Sipoo. Sipoonkorpi is well known for its peaceful settings that combine nature and small villages to create an astonishing view.

Read more

Also: Sailfish OS "Sipoonkorpi" Brings Firewall Improvements, Redesigned Image Editing

FOSS Licensing: Sirocco and MongoDB

Filed under
OSS
  • HMD released the source code for Nokia 8 Sirocco

    The Open source releases webpage was refreshed once more, now with the source code files for beautiful Nokia 8 Sirocco.

  • AWS mixes toxic cocktail for open source

    There is currently a crisis unfolding in the open source world, with a number of companies changing their licensing to protect revenue. This has arisen due to a potentially toxic situation where public cloud providers have introduced managed services based on free open source products.

  • MongoDB "open-source" Server Side Public License rejected

    MongoDB is open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL). Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux (RHEL) 8.

  • Amazon Ditches MongoDB, Launches Rival

    The rationale given by Amazon is that customers find it challenging to build performant, highly available applications on MongoDB that can quickly scale to multiple Terabytes because of the complexity that comes with setting up and managing MongoDB clusters. Amazon DocumentDB implements the Apache 2.0 open source MongoDB 3.6 API by emulating the responses that a MongoDB client expects from a MongoDB server, allowing customers to use their existing MongoDB drivers and tools with Amazon DocumentDB.

    However, there's a lot that's not included in that view of the situation. Amazon and AWS has in the past been criticized for taking open-source software, doing some work on it then rebranding it without necessarily playing fair with the original developers. The thinking seemed to be that just having Amazon using your software was enough of a reward.

  • AWS has broken open source software

    Amazon Web Services (AWS) and other infrastructure as a service companies have broken the standard open source revenue model. The former model was that you wrote software to solve a problem you were having. This was usually a problem being experienced by many people. You could earn a decent living supporting the software you created since you were the creator of the software. People would come to you with questions or pay you to create additional functionality.

    Let’s say you created software to store lots of information in computer memory and retrieve it quickly. This is something that many other people would like to do too. Rather than write their own software they will use the software and pay you for support when they have questions or issues.

    If Amazon Web Services (AWS) or other infrastructure as a service companies decide to use your software, suddenly users of your software have a decision: do they pay Amazon to support the software or do they pay you for support. In general, most companies will choose Amazon since they are a well-known commodity and that is the decision with the least risk.

  • Why I Just Sold Most of My MongoDB Stake

    The "Death Star" has reared its head for MongoDB. Not the Death Star from Star Wars , but the company that cable mogul John Malone once compared to that ominous space station: Amazon (NASDAQ: AMZN) .

    Amazon Web Service's huge cloud infrastructure has allowed the company to expand into databases over time, but its efforts had been limited to the Aurora SQL database and the DynamoDB database. Dynamo is a nonrelational database closer to MongoDB; however, DynamoDB was not open-source, like MongoDB.

  • Open Source Software At A Crossroads

    Last week, AWS announced on its blog the launch of DocumentDB, a MongoDB-compatible database. As some pundits have pointed out, this is clearly a reaction to MongoDB, Inc.’s new and highly-restrictive license called the Server Side Public License (SSPL)—a move which the publicly-traded MongoDB made in order to protect its revenue position.

    Earlier last year, Redis Labs learned a hard lesson in community relations management when it took a less dramatic step: while offering its Redis database under a permissive license, it changed the licensing on its add-on modules to the “Commons Clause”, so service providers would need to pay for their use. While communication could have been clearer, the action itself is similar in intent to what MongoDB did, and to what many other open source companies have attempted or plan to attempt to do.

Pseudo-Open Source (Openwashing) and PR Stunts

Filed under
OSS

Security: Amadeus, Kubernetes, WordPress and More

Filed under
Security
  • Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide

    According to ELAL, the bug stems from their supplier Amadeus’ (https://amadeus.com/en/industries/airlines) online booking system, which controls a staggering 44% market share of airlines operating worldwide, including United Airlines, Lufthansa, Air Canada, and many more. While booking a flight with ELAL, we received the following link to check our PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE.

    By simply changing the RULE_SOURCE_1_ID, we were able to view any PNR and access the customer name and associated flight details.

  • Kubernetes flaw shows API security is no ‘set & forget’ deal

    When a report surfaced last month detailing a ‘severe vulnerability’ in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, many of us will have wondered what the deeper implications of this alleged flaw could mean.

    Although the flaw was quickly patched, it allowed any user to escalate their privileges to access administrative controls through the Kubernetes API server.

  • WordPress to show warnings on servers running outdated PHP versions
  • Top 10 app vulnerabilities: Unpatched plugins and extensions dominate
  • This Clever New Ransomware Attempts To Steal Your PayPal Credentials

    Meanwhile, PayPal offers two factor authentication which, when turned on, can offer a vital extra layer of security should your password and username be compromised, Moore says.

  • A deep dive into the technical feasibility of Bloomberg's controversial "Chinese backdoored servers" story

    These denials also don't add up: Bloomberg says it sourced its story from multiple (anonymous) sources who had direct knowledge of the incidents and who had been employed in the named organizations while they were unfolding. Bloomberg stood by its reporting, and implied that the idea that all these sources from different organizations would collude to pull off a hoax like this.

    Faced with the seemingly impossible task of sorting truth from hoax in the presence of contradictory statements from Big Tech and Bloomberg, technical experts began trying to evaluate whether the hacks attributed to the Chinese spy agencies were even possible: at first, these analyses were cautiously skeptical, but then they grew more unequivocal.

    Last month, Trammell Hudson -- who has developed well-regarded proof-of-concept firmware attacks -- gave a detailed talk giving his take on the story at the Chaos Communications Congress in Leipzig.

Get started with CryptPad, an open source collaborative document editor

Filed under
OSS

There seems to be a mad rush at the beginning of every year to find ways to be more productive. New Year's resolutions, the itch to start the year off right, and of course, an "out with the old, in with the new" attitude all contribute to this. And the usual round of recommendations is heavily biased towards closed source and proprietary software. It doesn't have to be that way.

Here's the fifth of my picks for 19 new (or new-to-you) open source tools to help you be more productive in 2019.

Read more

Programming: Python 'Standard', sr.ht and Wing Python IDE 6.1.4

Filed under
Development
  • What should be in the Python standard library?

    Python has always touted itself as a "batteries included" language; its standard library contains lots of useful modules, often more than enough to solve many types of problems quickly. From time to time, though, some have started to rethink that philosophy, to reduce or restructure the standard library, for a variety of reasons. A discussion at the end of November on the python-dev mailing list revived that debate to some extent.

    Jonathan Underwood raised the issue, likely unknowingly, when he asked about possibly adding some LZ4 compression library bindings to the standard library. As the project page indicates, it fits in well with the other compression modules already in the standard library. Responses were generally favorable or neutral, though some, like Brett Cannon, wondered if it made sense to broaden the scope a bit to create something similar to hashlib but for compression algorithms.

  • A new free-software forge: sr.ht

    Many projects have adopted the "GitHub style" of development over the last few years, though, of course, there are some high-profile exceptions that still use patches and mailing lists. Many projects are leery of putting all of their project metadata into a proprietary service, with limited means of usefully retrieving it should that be necessary, which is why GitLab (which is at least "open core") has been gaining some traction. A recently announced effort looks to kind of bridge the gap; Drew DeVault's sr.ht ("the hacker's forge") combines elements of both styles of development in a "100% free and open source software forge". It looks to be an ambitious project, but it may also suffer from a lack of "social network" effects, which is part of what sustains GitHub as the forge of choice today, it seems.

    The announcement blog post is replete with superlatives about sr.ht, which is "pronounced 'sir hat', or any other way you want", but it is a bit unclear whether the project quite lives up to all of that. It combines many of the features seen at sites like GitHub and GitLab—Git hosting, bug tracking, continuous integration (CI), mailing list management, wikis—but does so in a way that "embraces and improves upon the email-based workflow favored by git itself, along with many of the more hacker-oriented projects around the net". The intent is that each of the separate services integrate well with both sr.ht and with the external ecosystem so that projects can use it piecemeal.

    There are two sides to the sr.ht coin at this point; interested users can either host their own instance or use the hosted version. For now, the hosted version is free to use, since it is still "alpha", but eventually one will need to sign up for a plan, which range from $2 to $10 per month, to stay on the hosted service. There are instructions for getting sr.ht to run on other servers; it uses nginx, PostgreSQL, Redis, and Python 3 along with a mail server and a cron daemon.

  • Wing Python IDE 6.1.4

    This minor release fixes using typing.IO and similar classes as type hints, improves handling of editor splits in goto-definition, fixes failure to install the remote agent, and fixes failure to convert EOLs in the editor. See the change log for details.

LWN's Latest Linux Kernel Articles (Paywall Has Expired)

Filed under
Linux
  • The rest of the 5.0 merge window

    Linus Torvalds released 5.0-rc1 on January 6, closing the merge window for this development cycle and confirming that the next release will indeed be called "5.0". At that point, 10,843 non-merge change sets had been pulled into the mainline, about 2,100 since last week's summary was written. Those 2,100 patches included a number of significant changes, though, including some new system-call semantics that may yet prove to create problems for existing user-space code.

  • A setback for fs-verity

    The fs-verity mechanism, created to protect files on Android devices from hostile modification by attackers, seemed to be on track for inclusion into the mainline kernel during the current merge window when the patch set was posted at the beginning of November. Indeed, it wasn't until mid-December that some other developers started to raise objections. The resulting conversation has revealed a deep difference of opinion regarding what makes a good filesystem-related API and may have implications for how similar features are implemented in the future.
    The core idea behind fs-verity is the use of a Merkle tree to record a hash value associated with every block in a file. Whenever data from a protected file is read, the kernel first verifies the relevant block(s) against the hashes, and only allows the operation to proceed if there is a match. An attacker may find a way to change a critical file, but there is no way to change the Merkle tree after its creation, so any changes made would be immediately detected. In this way, it is hoped, Android systems can be protected against certain kinds of persistent malware attacks.

    There is no opposition to the idea of adding functionality to the kernel to detect hostile modifications to files. It turns out, though, there there is indeed some opposition to how this functionality has been implemented in the current patch set. See the above-linked article and this documentation patch for details of how fs-verity is meant to work. In short, user space is responsible for the creation of the Merkle tree, which must be surrounded by header structures and carefully placed at the beginning of a block after the end of the file data. An ioctl() call tells the kernel that fs-verity is to be invoked on the file; after that, the location of the end of the file (from a user-space point of view) is changed to hide the Merkle tree from user space, and the file itself becomes read-only.

  • Pressure stall monitors

    One of the useful features added during the 4.20 development cycle was the availability of pressure-stall information, which provides visibility into how resource-constrained the system is. Interest in using this information has spread beyond the data-center environment where it was first implemented, but it turns out that there some shortcomings in the current interface that affect other use cases. Suren Baghdasaryan has posted a patch set aimed at making pressure-stall information more useful for the Android use case — and, most likely, for many other use cases as well.

GNOME Software Package Manager to Feature Better Flatpak Support for GNOME 3.32

Filed under
GNOME

GNOME Software, the app used for installing, updating, and removing software from your GNOME-based GNU/Linux operating system, will get a major revamp in functionality for the upcoming GNOME 3.32 desktop environment.
A new development snapshot of GNOME Software 3.32 landed this week with lots of improvements for the Flatpak universal package format, allowing new permissions for Flatpak updates and displaying permissions for installed Flatpak apps. GNOME Software also now shows correct version numbers for installed Flatpaks.

The update mechanism for Flatpak apps was switched to use a single transaction, allowing the GNOME developers to share more code with the flatpak command-line utility, and it looks like GNOME Software 3.32 will offer better support for installing Flatpak repository files, also known as flatpakref, and for Flatpak plugins.

Read more

Fedora Still Needs Help Testing The New Zchunk Metadata Support

Filed under
Red Hat

Fedora has been working on transitioning to Zchunk for its DNF metadata due to its good compression ratio while being delta-friendly and leveraging the existing work of Zstandard and Zsync/casync. The metadata has been offered in Zchunk for some weeks while more client testing is needed before landing that support in Rawhide and in turn for Fedora 30.

The goal of this Zchunk metadata for Fedora is to speed-up DNF operations by needing to download less metadata. While the server bits are in place, additional client testing is desired before landing the updated packages in Fedora Rawhide where it will affect all users on this development build of Fedora ahead of the Fedora 30 release due out in the spring.

Read more

Also: NOTICE: Epylog has been retired for Fedora Rawhide/30

Syndicate content

More in Tux Machines

Audiocasts: Full Circle Weekly News, mintCast and GNU World Order

KDE: Usability & Productivity Report From Nate Graham

  • This week in Usability & Productivity, part 54
    This week in KDE’s Usability & Productivity initiative, something big landed: virtual desktop support on Wayland, accompanied by a shiny new user interface for the X11 version too. Eike Hein has been working on this literally for months and I think he deserves a round of applause! It was a truly enormous amount of work, but now we can benefit for years to come.
  • KDE Now Has Virtual Desktop Support On Wayland
    KDE landing virtual desktop support on Wayland this week is certainly quite exciting while also a new UI was added for the X11 virtual desktop support too. Some of the other KDE improvements that landed this week and relayed by Nate Graham include the digital clock widget now allowing adjustments to the date formatting, the KDE Information Center's USB devices section will now actually display all USB devices, wallpaper chooser view improvements, and various other improvements.

Screenshots/Screencasts: Robolinux 10.4 LXDE, deepin 15.9, and Parrot OS 4.5 KDE

Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

With the Linux 5.1 kernel cycle that should get underway in just over one month's time, there will now be the long in development work (it's been through 15+ rounds of public code review!) for supporting atomic replace and cumulative patches. Read more