Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 23 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Do You Have an Xbox? srlinuxx 11/04/2005 - 3:35am
Story This Week at the Movies: Hitch & The Aviator srlinuxx 11/04/2005 - 3:34am
Story Latest On the Browser Wars srlinuxx 11/04/2005 - 3:32am
Story Legislation to regulate games srlinuxx 11/04/2005 - 3:31am
Story Typing Style Can Be Password srlinuxx 11/04/2005 - 3:30am
Story Hey Coool, a Virtual Tour srlinuxx 11/04/2005 - 3:30am
Story Experiences of a Linux Newbie srlinuxx 11/04/2005 - 3:29am
Story June Cleaver meets Fortune 500 srlinuxx 11/04/2005 - 3:29am
Story Predictions of Gloom and Doom srlinuxx 11/04/2005 - 3:29am
Story EBay eyes open source srlinuxx 11/04/2005 - 3:28am

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

Filed under
Security
  • Another Face to Face: Email Changes and Crypto Policy

    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended.

    One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.

  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre

    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure.

    For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.

  • Addressing Meltdown and Spectre in the kernel

    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly.

    First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.

  • Is it time for open processors?

    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea.

    Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.

  • Notes from the Intelpocalypse

    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel.
    All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks.

    A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.

US Sanctions Against Chinese Android Phones, LWN Report on Eelo

Filed under
Android
  • A new bill would ban the US government from using Huawei and ZTE phones

    US lawmakers have long worried about the security risks posed the alleged ties between Chinese companies Huawei and ZTE and the country’s government. To that end, Texas Representative Mike Conaway introduced a bill last week called Defending U.S. Government Communications Act, which aims to ban US government agencies from using phones and equipment from the companies.

    Conaway’s bill would prohibit the US government from purchasing and using “telecommunications equipment and/or services,” from Huawei and ZTE. In a statement on his site, he says that technology coming from the country poses a threat to national security, and that use of this equipment “would be inviting Chinese surveillance into all aspects of our lives,” and cites US Intelligence and counterintelligence officials who say that Huawei has shared information with state leaders, and that the its business in the US is growing, representing a further security risk.

  • U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources

    U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said.

    The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries.

    Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei [HWT.UL] handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.

  • Eelo seeks to make a privacy-focused phone

    A focus on privacy is a key feature being touted by a number of different projects these days—from KDE to Tails to Nextcloud. One of the biggest privacy leaks for most people is their phone, so it is no surprise that there are projects looking to address that as well. A new entrant in that category is eelo, which is a non-profit project aimed at producing not only a phone, but also a suite of web services. All of that could potentially replace the Google or Apple mothership, which tend to collect as much personal data as possible.

Mozilla: Resource Hogs, Privacy Month, Firefox Census, These Weeks in Firefox

Filed under
Moz/FF
  • Firefox Quantum Eats RAM Like Chrome

    For a long time, Mozilla’s Firefox has been my web browser of choice. I have always preferred it to using Google’s Chrome, because of its simplicity and reasonable system resource (especially RAM) usage. On many Linux distributions such as Ubuntu, Linux Mint and many others, Firefox even comes installed by default.

    Recently, Mozilla released a new, powerful and faster version of Firefox called Quantum. And according to the developers, it’s new with a “powerful engine that’s built for rapid-fire performance, better, faster page loading that uses less computer memory.”

  • Mozilla Communities Speaker Series #PrivacyMonth

    As a part of the Privacy Month initiative, Mozilla volunteers are hosting a couple of speaker series webinars on Privacy, Security and related topics. The webinars will see renowned speakers talking to us about their work around privacy, how to take control of your digital self, some privacy-security tips and much more.

  • “Ewoks or Porgs?” and Other Important Questions

    You ever go to a party where you decide to ask people REAL questions about themselves, rather than just boring chit chat? Us, too! That’s why we’ve included questions that really hone in on the important stuff in our 2nd Annual Firefox Census.

  • These Weeks in Firefox: Issue 30

Red Hat Corporate News

Filed under
Red Hat

Slack as a Snap

Filed under
Software
Ubuntu
  • In a Snap, Slack Comes to Linux. Here's How To Install It

    While binaries for Slack have been available for Ubuntu and Fedora, other Linux operating systems are not so lucky. To overcome this, Canonical has released Slack as a Snap, which allows Slack to be installed and used on a greater variety of Linux distributions.

    Snapcraft is a command line tool that allows you to install containerised applications called Snaps on many different Linux distribution. As these Snap containers contain all the required dependencies that a program needs to run, it makes it very easy to create and distribute a single container that works on a variety of Linux versions.

  • Linux Users Can Now Download Slack as a ‘Snap’

    Slack is one step closer to becoming the workplace staple for businesses across the globe. The software is now available for use on Linux environments, bundled as a Snap – an application package for opensource systems.

    Tens of millions of users across the world run Linux on their systems, opting for one among its many distribution avatars. In comparison, Slack reported that over 6 million active profiles used the app daily last year, 2 million of them with paid subscriptions. The new release could open Slack up to a whole new set of customers.

  • Slack has arrived on Linux thanks to Canonical Snap

    CANONICAL HAS made the wishes of its users come true again as it brings another major app to Linux users for the first time.

    This time it's popular team platform Slack. The secret sauce is Ubuntu's "Snap" packages, a form of containerisation which puts an app into a little bubble that makes it run in the Linux environment. At Christmas, the technique was used to bring a desktop Spotify to Linux for the first time.

    The important thing here is that Snaps, first launched in 2016, run on any Linux distro, not just Canonical's own Ubuntu. Named specifically were Linux Mint, Manjaro, Debian, ArchLinux, OpenSUSE and Solus. Not only that, they work across desktop, server, cloud and IoT.

Linux Foundation: Upcoming Free Webinars, ONAP, Hyperledger

Filed under
Linux

Linux Gaming For Older/Lower-End Graphics Cards In 2018

Filed under
Graphics/Benchmarks
Gaming

A request came in this week to look at how low-end and older graphics cards are performing with current generation Linux games on OpenGL and Vulkan. With ten older/lower-end NVIDIA GeForce and AMD Radeon graphics cards, here is a look at their performance with a variety of native Linux games atop Ubuntu using the latest Radeon and NVIDIA drivers.

Read more

Also: Wine 3.0 open-source compatibility layer now available

Red Hat Patch Warning

Filed under
Red Hat
Security
  • We Didn't Pull CPU Microcode Update to Pass the Buck
  • Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues

    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.

    "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.

    "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Security: Updates, SOS Fund, IR, ME, and WPA

Filed under
Security
  • Security updates for Friday
  • Seeking SOS Fund Projects

    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.

  • Strong Incident Response Starts with Careful Preparation

    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.

  • The Intel Management Engine: an attack on computer users' freedom

    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.

  • What Is WPA3, and When Will I Get It On My Wi-Fi?

    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.

First Impressions: Asus Tinkerboard and Docker

Filed under
Linux
Hardware

The board's standard OS is TinkerOS - a Linux variant of Debian 9. I've also read that Android is available but that doesn't interest us here. While Android may use forms of containerisation under the hood it doesn't mix with Docker containers.

Rather than trying TinkerOS I flashed Armbian's release of Ubuntu 16.04.03. The stable build on the download page contains a full desktop, but if you want to run the board headless (like I do) then you can find a smaller image on the "other downloads" link.

I initially used the stable image but had to swap to the nightly build due to a missing kernel module for Kubernetes networking. Having looked this up on Google I found the nightly build contained the fix to turn on the missing module.

Read more

PlayOnLinux For Easier Use Of Wine

Filed under
Linux

PlayOnLinux is a free program that helps to install, run, and manage Windows software on Linux. It can also manage virtual C: drives (known as Wine prefixes), and download and install certain Windows libraries for getting some software to run on Wine properly. Creating different drives using different Wine versions is also possible. It is very handy because what runs well in one version may not run as well (if at all) on a newer version. There is PlayOnMac for macOS and PlayOnBSD for FreeBSD.

Read<br />
more

Linux Kernel: KPTI, SEV, CBS

Filed under
Linux
  • Experimental KPTI Support For x86 32-bit Linux

    For the Kernel Page Table Isolation (KPTI) support currently within the Linux kernel for addressing the Meltdown CPU vulnerability it's currently limited to 64-bit on the x86 side, but for the unfortunate souls still running x86 32-bit operating systems, SUSE is working on such support.

  • AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16

    With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline.

    Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.

  • Deadline scheduler part 2 — details and usage

    Linux’s deadline scheduler is a global early deadline first scheduler for sporadic tasks with constrained deadlines. These terms were defined in the first part of this series. In this installment, the details of the Linux deadline scheduler and how it can be used will be examined.

    The deadline scheduler prioritizes the tasks according to the task’s job deadline: the earliest absolute deadline first. For a system with M processors, the M earliest deadline jobs will be selected to run on the M processors.

    The Linux deadline scheduler also implements the constant bandwidth server (CBS) algorithm, which is a resource-reservation protocol. CBS is used to guarantee that each task will receive its full run time during every period. At every activation of a task, the CBS replenishes the task’s run time. As the job runs, it consumes that time; if the task runs out, it will be throttled and descheduled. In this case, the task will be able to run only after the next replenishment at the beginning of the next period. Therefore, CBS is used to both guarantee each task’s CPU time based on its timing requirements and to prevent a misbehaving task from running for more than its run time and causing problems to other jobs.

Graphics: Mesa and AMDGPU

Filed under
Graphics/Benchmarks
  • Mesa 17.3.3 Released With RADV & ANV Vulkan Driver Fixes

    Mesa 17.3.3 is now available as the latest point release for the Mesa 17.3 stable series.

    This bi-weekly point release to Mesa presents several RADV Vega/GFX9 fixes, various Intel ANV Vulkan driver fixes, a DRI3 fix, and random fixes to the OpenGL drivers like RadeonSI, Etnaviv, and even Swrast.

  • R600g "Soft" FP64 Shows Signs Of Life, Enabling Older GPUs To Have OpenGL 4 In 2018

    Most pre-GCN AMD graphics cards are still limited to OpenGL 3.3 support at this time due to not supporting FP64. Only the HD 5800/6900 series on R600g currently have real double-precision floating-point support working right now so at present they are on OpenGL 4.3 rather than 3.3, but those other generations may be catching up soon thanks to the "soft" FP64 code.

  • AMDGPU DC Gets More Raven Ridge Improvements, Audio Fixes

    Harry Wentland of AMD has sent out the latest batch of patches for the AMDGPU DC display code stack. Fortunately it lightens up the DRM driver by about six thousand lines thanks to removing some unused code.

    Besides gutting out a chunk of unused code, the DC code has a few audio fixes (no word yet on supporting newer audio formats with DC), fixes on driver unload, a "bunch" of continued Raven Ridge display updates, and various other code clean-ups.

  • AMDGPU Firmware Blobs Updated For Video Encode/Decode

    There are updated AMDGPU microcode/firmware files now available for recent Radeon GPUs.

    The updated firmware files now available via the main linux-firmware.git repository are centered around the video blocks: UVD video decoding, VCE video encode, and the new VCN video encode/decode block with Raven Ridge.

Games: DRAG, Geneshift, Balloonatics and More

Filed under
Gaming

Tumbleweed Update

Filed under
SUSE
  • Tumbleweed Rolls Forward with New versions of Mesa, Squid, Xen

    This week provided a pretty healthy amount of package updates for openSUSE’s rolling distribution Tumbleweed.

    There were three snapshots released since the last blog and some of the top packages highlighted this week are from Mesa, Squid, Xen and OpenSSH.

    The Mesa update from version 17.2.6 to 17.3.2 in snapshot 20180116 provided multiple fixes in the RADV Vulkan driver and improvements of the GLSL shader cache. The Linux Kernel provides some fixes for the security vulnerabilities of Meltdown in version 4.14.13 and added a prevent buffer overrun on memory hotplug during migration for KVM with s390. The snapshot had many more package updates like openssh 7.6p1, which tightened configuration access rights. A critical fix when updating Flatpak packages live was made with the gnome-software version 3.26.4 update. File systems package btrfsprogs 4.14.1 provided cleanups and some refactoring while wireshark 2.4.4 made some fixes for dissector crashes. Xen 4.10.0_10 added a few patches. Rounding out the snapshot, ModemManager 1.6.12 fixed connection state machine when built against libqmi and blacklisted a few devices to include some Pycom devices.

  • openSUSE Tumbleweed Rolls To Mesa 17.3, Linux 4.14.13

    OpenSUSE has continued rolling in the new year with several key package updates in January.

    Exciting us a lot is that openSUSE Tumbleweed has migrated from Mesa 17.2 to now Mesa 17.3. Mesa 17.3.2 is the version currently in openSUSE's rolling-release.

Compact Quark-based embedded computer sells for $120

Filed under
Linux

Advantech’s “UBC-222” is an embedded computer that runs Yocto Linux on an Intel Quark X1000 with up to 1GB DDR3, dual 10/100 LAN ports, and a mini-PCIe socket with LTE-ready SIM slot.

Read more

Syndicate content

More in Tux Machines

Mozilla Firefox 58

  • Latest Firefox Quantum release available with faster, always-on privacy with opt-in Tracking Protection and new features
    We accept things in the online world that we wouldn’t accept in the physical one. For instance, how would you feel if you popped your head in a store and that store now had the ability to keep sending you flyers even if you didn’t buy anything? Online, we often visit sites that track us, but it isn’t clear when this is happening or how the information is being used. Adding insult to injury, this often invisible tracking actually slows down web pages.
  • Firefox 58 Arrives With Continued Speed Optimizations
    Mozilla has set free Firefox 58.0 today as their latest "Firefox Quantum" release that continues work on being a performant web browser.
  • Firefox Quantum 58 builds on performance gains, improves screenshots tool
    Mozilla is rolling out Firefox Quantum 58.0 for desktop, along with Firefox for Android 58.0. It arrives over two months after the landmark release of Firefox Quantum 57.0. The latest build focuses on performance and security, while an update to Firefox’s user profile feature means it’s no longer backwards compatible with previous versions. Android users also gain the ability to pin favorite websites to their home screen for use like native apps.
  • Firefox 58 Released for Linux, Mac, and Windows
    The Mozilla Foundation has made Firefox 58 files available for download on its official FTP servers. An official announcement will be made later today when the organization will also release the final changelog.
  • Browse without baggage in Firefox: Set Tracking Protection to always on
    We just can’t stop making Firefox faster — and with our most recent release, we also made it easier for you to control how much you’re tracked.
  • Firefox 58: The Quantum Era Continues
    2017 was a big year for Mozilla, culminating in the release of Firefox Quantum, a massive multi-year re-tooling of the browser focused on speed, and laying the groundwork for the years to come. In 2018, we’ll build on that incredible foundation, and in that spirit our next several releases will continue to bear the Quantum moniker. Let’s take a look at some of the new goodies that Firefox 58 brings.

LibreOffice 6.0 Will Launch with Many Design Improvements, Use Elementary Icons

The major LibreOffice 6.0 release is coming next week, and The Document Foundation's Mike Saunders talked with members of the community to get their perspectives on LibreOffice's new design. While it won't bring a massive redesign, as most users may have expected, LibreOffice 6.0 will include a few noteworthy design changes, including new table styles, new gradients, updated motif/splash screen, improved Notebookbars, menu and toolbar improvements, and the Elementary icons. Read more

Linux Foundation introduces the LF Networking Fund, harmonizes​ open source, open standards

The Linux Foundation is taking the first step to bring some commonality across its myriad network efforts by creating the LF Networking Fund (LFN). By creating a combined administrative structure, Linux Foundation said LFN will provide a platform for cross-project collaboration. LFN will form the foundation for collaboration across the network stack: the data plane into the control plane, to orchestration, automation and testing. Read more

Openwashing Surveillance

  • Facebook Open Sources Detectron Object Detection
    The way big companies are open sourcing significant AI is both gratifying and slightly worrying. AI is the biggest revolution since we discovered fire and started making tools. FaceBook AI Research has added to the list of what is available by open sourcing its Detectron project.
  • Facebook open-sources object detection research
    Facebook's artificial intelligence research (FAIR) team today announced it would open-source its object detection platform Detectron, as well as the research the team has done on it.
  • Facebook open-sources object detection work: Watch out, Google CAPTCHA
    acebook has brought us one step closer to a Skynet future made a commitment to computer vision boffinry by open-sourcing its codebase for object detection, Detectron. Written in Python and powered by the Caffe2 deep learning framework, the codebase – which implements object-sniffing algos such as Mask R-CNN and RetinaNet – is available under the Apache 2.0 licence.