Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 26 Jun 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney
  • 10/01/2017 - 11:53pm
    jennipurne
  • 10/01/2017 - 11:50pm
    relativ7

Security Leftovers

Filed under
Security
  • [Attackers] Used Two Firefox Zero Days to Hit a Crypto Exchange

    Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.

  • Romanian hospitals, affected by ransomware attack [iophk: "Windows TCO"]

    Four hospitals in Romania have been affected by the BadRabbit 4 ransomware, the Romanian Intelligence Service (SRI) announced. One of the hospitals is the Victor Babeş Infectious Diseases Hospital in Bucharest. The other hospitals are located in Huşi, Dorohoi and Cărbuneşti.

  • Cyber-attacks on hospitals most likely come from China, SRI says

    The specialists with the Cyberint National Centre with the Romanian Intelligence Service (SRI) suspect that the recent attacks on hospitals in Romania come from China, service representatives say, quoted by digi24.ro.

    “Regarding the cyber-attacks on hospitals, the Cyberint National Centre suspect the attackers are of Chinese origin. The time interval was considered, when the Chinese hackers are active and the clues left along with the ransom requests,” SRI says in a release.

  • Five Romanian hospitals targeted by cyber attack [iophk: "Windows TCO"]

    Five hospitals in the Romanian capital Bucharest are the target of a cyber attack. Various Romanian media report this. Opposite the news platform Stiri Lazi, the Romanian Minister of Health has announced that patients will be affected by the attack.

  • US 'launched cyber-attack on Iran weapons systems'

    The cyber-attack disabled computer systems controlling rocket and missile launchers, the Washington Post said.

  • [Compromise] of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On

    Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online.

    A terabyte of torrents seeded by Distributed Denial of Secrets (DDOS)—journalists dispersing records that governments and corporations would rather nobody read—are as of writing being downloaded daily. As of this week, that includes more than 400 GB of data stolen by an unknown actor from Perceptics, a discreet contractor based in Knoxville, Tennessee, that works for Customs and Border Protection (CBP) and is, regardless of whatever U.S. officials say, right now the epicenter of a major U.S. government data breach.

KStars v3.3.1 is released

Filed under
KDE

KStars v3.3.1 is released for Windows, MacOS, and Linux on all platforms (Intel/AMD and ARM). This is yet another maintenance release with a few new experimental features and addons.

Read more

today's leftovers

Filed under
Misc
  • Google to Abandon Tablets in Favor of Chrome OS Laptops

    One reason that Google is moving away from tablets has to do with the fact that they are just not selling all that well.

  • Support for Jupyter notebooks has evolved in Cantor

    Hello everyone, it's been almost a month since my last post and there are a lot of changes that have been done since then.

    First, what I called the "minimal plan" is arleady done! Cantor can now load Jupyter notebooks and save the currently opened document in Jupyter format.

    Below you can see how one of the Jypiter notebooks I'm using for test purposes (I have mentioned them in previous post) looks in Jupyter and in Cantor.

  • Will Thompson: Rebasing downstream translations

    At Endless, we maintain downstream translations for an number of GNOME projects, such as gnome-software, gnome-control-center and gnome-initial-setup. 

    [...]

    Whenever we update to a new version of GNOME, we have to reconcile our downstream translations with the changes from upstream. We want to preserve our intentional downstream changes, and keep our translations for strings that don’t exist upstream; but we also want to pull in translations for new upstream strings, as well as improved translations for existing strings. Earlier this year, the translation-rebase baton was passed to me. My predecessor would manually reapply our downstream changes for a set of officially-supported languages, but unlike him, I can pretty much only speak English, so I needed something a bit more mechanical.

    I spoke to various people from other distros about this problem.1 A common piece of advice was to not maintain downstream translation changes: appealing, but not really an option at the moment. I also heard that Ubuntu follows a straightforward rule: once the translation for a string has been changed downstream, all future upstream changes to the translation for that string are ignored. The assumption is that all downstream changes to a translation must have been made for a reason, and should be preserved. This is essentially a superset of what we’ve done manually in the past.

    I wrote a little tool to implement this logic, pomerge. Its “rebase” mode takes the last common upstream ancestor, the last downstream commit, and a working copy with the newest downstream code. For each locale, for each string in the translation in the working copy, it compares the old upstream and downstream translations – if they differ, it merges the latter into the working copy.

  • GNOME 3.33.3 Released, Kernel Security Updates for RHEL and CentOS, Wine Developers Concerned with Ubuntu 19.10 Dropping 32-Bit Support, Bzip2 to Get an Update and OpenMandriva Lx 4.0 Now Available

    GNOME 3.33.3 was released yesterday. Note that this release is development code and is intended for testing purposes.

  • TenFourFox FPR15b1 available

    In honour of New Coke's temporary return to the market (by the way, I say it tastes like Pepsi and my father says it tastes like RC), I failed again with this release to get some sort of async/await support off the ground, and we are still plagued by issue 533. The second should be possible to fix, but I don't know exactly what's wrong. The first is not possible to fix without major changes because it reaches up into the browser event loop, but should be still able to get parsing and thus enable at least partial functionality from the sites that depend on it. That part didn't work either. A smaller hack, though, did make it into this release with test changes. Its semantics aren't quite right, but they're good enough for what requires it and does fix some parts of Github and other sites.

  • Cloudflare's random number generator, robotics data visualization, npm token scanning, and more news

    Is there such a thing as a truly random number? Internet security and services provider Cloudflare things so. To prove it, the company has formed The League of Entropy, an open source project to create a generator for random numbers.

    The League consists of Cloudflare and "five other organisations — predominantly universities and security companies." They share random numbers, using an open source tool called Drand (short for Distributed Randomness Beacon Daemon). The numbers are then "composited into one random number" on the basis that "several random numbers are more random than one random number." While the League's random number generator isn't intended "for any kind of password or cryptographic seed generation," Cloudflare's CEO Matthew Prince points out that if "you need a way of having a known random source, this is a really valuable tool."

Kernel: Rants, PulseAudio 12, Valve-Related Bug and Mesa 19.1.1 RC

Filed under
Graphics/Benchmarks
Linux
  • 'Bulls%^t! Complete bull$h*t!' Reset the clock on the last time woke Linus Torvalds exploded at a Linux kernel dev

    Linux kernel chieftain Linus Torvalds owes the swear jar a few quid this week, although by his standards this most recent rant of his is relatively restrained.

    Over on the kernel development mailing list, in a long and involved thread about the functionality and efficiency of operating system page caches, firebrand-turned-woke Torvalds described Aussie programmer Dave Chinner’s arguments in the debate as "bullshit," "complete bullshit," and "obviously garbage."

    To be fair to the open-source overlord, this is a far less personal attack than previous outbursts, such as the time he slammed "some security people" as "just f#cking morons," or that unforgettable straight-to-the-point detonation: "Mauro, SHUT THE F**K UP."

  • It Looks Like PulseAudio 13.0 Will Be Releasing Soon

    It's been a year since the release of PulseAudio 12 and even eleven months since the last point release but it looks like the next PulseAudio release will be out very soon.

    The next PulseAudio release has been under discussion with the sorting out of when the release will take place and any blocker bugs. As it stands now, there is just one blocker bug remaining and that is addressing a regression.

  • A One Line Kernel Patch Appears To Solve The Recent Linux + Steam Networking Regression

    As a follow-up to the issue reported on Friday regarding the latest Linux kernel releases causing problems for Valve's Steam client, a fix appears pending that with changing around one line of code does appear to address the regression.

    Linus Torvalds got involved and pointed out a brand new kernel patch that may solve the issue. That patch was quickly reaffirmed by Linux gamers as well as prominent Valve Linux developer Pierre-Loup A. Griffais.

  • Mesa 19.1.1 release candidate
    Hello list,
    
    The candidate for the Mesa 19.1.1 is now available. Currently we have:
     - 27 queued
     - 0 nominated (outstanding)
     - and 0 rejected patch
    
    
    The current queue consists mostly in fixes for different drivers (RADV, ANV,
    Nouveau, Virgl, V3D, R300g, ...)
    
    The queue also contains different fixes for different parts (Meson build, GLX,
    etc).
    
    Take a look at section "Mesa stable queue" for more information
    
    
    Testing reports/general approval
    --------------------------------
    Any testing reports (or general approval of the state of the branch) will be
    greatly appreciated.
    
    The plan is to have 19.1.1 this Tuesday (25th June), around or shortly after
    10:00 GMT.
    
    If you have any questions or suggestions - be that about the current patch queue
    or otherwise, please go ahead.
    
    
    Trivial merge conflicts
    -----------------------
    commit 25a34df61439b25645d03510d6354cb1f5e8a185
    Author: Kenneth Graunke 
    
        iris: Fix iris_flush_and_dirty_history to actually dirty history.
    
        (cherry picked from commit 64fb20ed326fa0e524582225faaa4bb28f6e4349)
    
    
    Cheers,
        J.A.
    
  • Mesa 19.1.1 Is Coming Next Week With A Variety Of Fixes

    Debuting two weeks ago was the Mesa 19.1 quarterly feature update while due out early next week is the first bug-fix point release.

    Mesa 19.1 is a huge update over 19.0 and earlier. Mesa 19.1 brought multiple new Gallium3D drivers as well as a new Vulkan driver (TURNIP), performance optimizations, new Vulkan extensions, mature Icelake support, and a variety of other features as listed in the aforelinked article.

OpenBSD Leftovers

Filed under
BSD
  • OpenBSD Adds Initial User-Space Support For Vulkan

    Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port.

    This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers.

  • SSH gets protection against side channel attacks

    Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised.

    Hopefully we can remove this in a few years time when computer architecture has become less unsafe.

  • doas environmental security

    Ted Unangst (tedu@) posted to the tech@ mailing list regarding recent changes to environment handling in doas (in -current): [...]

Programming: PNG, AArch64, Python and Tor

Filed under
Development
  • Segfaults and Twitter monkeys: a tale of pointlessness

    For a few years in the 1990s, when PNG was just getting established as a Web image format, I was a developer on the libpng team.

    One reason I got involved is that the compression patent on GIFs was a big deal at the time. I had been the maintainer of GIFLIB since 1989; it was on my watch that Marc Andreesen chose that code for use in the first graphics-capable browser in ’94. But I handed that library off to a hacker in Japan who I thought would be less exposed to the vagaries of U.S. IP law. (Years later, after the century had turned and the LZW patents expired, it came back to me.)

    Then, sometime within a few years of 1996, I happened to read the PNG standard, and thought the design of the format was very elegant. So I started submitting patches to libpng and ended up writing the support for six of the minor chunk types, as well as implementing the high-level interface to the library that’s now in general use.

    As part of my work on PNG, I volunteered to clean up some code that Greg Roelofs had been maintaining and package it for release. This was “gif2png” and it was more or less the project’s official GIF converter.

  • AArch64 support for ELF Dissector

    After having been limited to maintenance for a while I finally got around to some feature work on ELF Dissector again this week, another side-project of mine I haven’t written about here yet. ELF Dissector is an inspection tool for the internals of ELF files, the file format used for executables and shared libraries on Linux and a few other operating systems.

    [...]

    ELF Dissector had its first commit more than six years ago, but it is still lingering around in a playground repository, which doesn’t really do it justice. One major blocker for making it painlessly distributable however are its dependencies on private Binutils/GCC API. Using the Capstone disassembler is therefore also a big step towards addressing that, now only the use of the demangler API remains.

  • Weekly Python StackOverflow Report: (clxxxiii) stackoverflow python report
  • denemo @ Savannah: Release 2.3 is imminent - please test.
  • Arguments | Another way to work with user inputs – Part 7
  • Call for setting up new obfs4 bridges

    BridgeDB is running low on obfs4 bridges and often fails to provide users with three bridges per request. Besides, we recently fixed a BridgeDB issue that could get an obfs4 bridge blocked because of its vanilla bridge descriptor: <https://bugs.torproject.org/28655>

    We therefore want to encourage volunteers to set up new obfs4 bridges to help censored users. Over the last few weeks, we have been improving our obfs4 setup guide which walks you through the process: <https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy>p>

Security: Windows, 'DevSecOps', SSH, Bash and More

Filed under
Security
  • Electronic Health Records at 26 Hospitals Hit by Two-Hour Outage [iophk: "Windows TCO"]

    Universal, which manages more than 350 health-care facilities in the U.S. and U.K., declined to specify the technical issues or say how many patient records were affected. The problem lasted for less than two hours and the affected hospitals have returned to normal operations, said Eric Goodwin, chief information officer of the King of Prussia, Pennsylvania-based company.

  • DevSecOps: 4 key considerations for beginners

    Security used to be the responsibility of a dedicated team in the last development stage, but with development cycles increasing in number and speed, security practices need to be constantly updated.

    This has led to the rise of DevSecOps, which emphasizes security within DevOps. Companies need DevSecOps to make sure their initiatives run safely and securely. Without DevSecOps, DevOps teams need to rebuild and update all their systems when a vulnerability is found, wasting time and effort.

  • OpenSSH to Keep Private Keys Encrypted at Rest in RAM

    A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

    OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

  • OpenSSH adds protection against Spectre, Meltdown, Rowhammer and RAMBleed attacks
  • GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711]

    A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.

  • Daily News Roundup: Malware in Your Pirated Software

    Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software.

  • A Method for Establishing Liability for Data Breaches

    Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives.

    The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.

Enso OS, A Desktop Mix between Xubuntu and elementary OS

Filed under
GNU
Linux

Enso OS is a relatively new GNU/Linux distro based on Ubuntu with XFCE desktop coupled with Gala Window Manager. Looking at Enso is like looking at a mix between Xubuntu and elementary OS. It features a Super key start menu called Panther and a global menu on its top panel, making the interface very interesting to try. This overview briefly highlights the user interface for you.

Read more

Stellarium v0.19.1 has been released!

Filed under
Software
Sci/Tech

Thank you very much to community for bug reports, feature requests and contributions!

Read more

Also: Stellarium 0.19.1 Released with A Large List of Changes

Wine-Staging 4.11 Released With Its 800+ Patches On Top Of Wine

Filed under
Software
Gaming

Just hours after releasing Wine 4.11, the team maintaining the experimental/testing version of Wine -- Wine-Staging -- issued their release with more than 800 patches re-based on top.

Wine-Staging 4.11 is at 818 patches on top of upstream Wine, which is lower than previous releases thanks to a number of patches getting upstreamed this month.

Read more

Games: Ascii Patrol Game, Canonical/Valve, and Weekend Picks

Filed under
Gaming
  • Play Ascii Patrol Game in Linux Terminal!

    Typing a command in the Linux terminal is one of the exciting things. We are like a king who is giving orders to his soldiers to do certain things. Terminal on Linux has many benefits when you understand the commands that exist. In addition to executing a command, we can play games at the terminal.

    Playing games on the Linux terminal is one of entertainment. There are many Terminal-based games that you can play on the Linux terminal, one of which is Ascii Patroll. This game is inspired by the classic game "Moon Patrol", and we can run it on the CLI.

  • Valve Will Not Be Officially Supporting Ubuntu 19.10+

    The planned dropping of 32-bit support on Ubuntu saga continues... Well known Valve Linux developer Pierre-Loup Griffais has said they plan to officially stop supporting Ubuntu for Steam on Linux.

  • Valve looking to drop support for Ubuntu 19.10 and up due to Canonical's 32bit decision

    Things are starting to get messy, after Canonical announced the end of 32bit support from Ubuntu 19.10 onwards, Valve have now responded.

    [...]

    I can't say I am surprised by Valve's response here. Canonical pretty clearly didn't think it through enough on how it would affect the desktop. It certainly seems like Canonical also didn't speak to enough developers first.

    Perhaps this will give Valve a renewed focus on SteamOS? Interestingly, Valve are now funding some work on KWin (part of KDE).

  • What are you playing this weekend and what do you think about it? It's mostly Dota Underlords for me

    Let's lighten the mood a bit shall we? It's question time here on GamingOnLinux! Let's have a talk about what you've been playing recently.

    I will of course go first: Dota Underlords. I have quite the sweet spot for it already, even though I'm absolutely terrible at it. This might be the game to finally get me to kick my unhealthy Rocket League obsession, which is amazing considering how radically different they are. I adore strategy games though and unlike normal Dota, I don't need to think ridiculously quickly. Since you don't need any kind of reflexes for it, sitting back and relaxing with the Steam Controller is another reason I quite like Dota Underlords. In the evenings on weekends especially, I can be quite the lazy-gamer, so anything that allows me to kick back with it is likely to get my vote.

    After only being out for a few days, it's already annihilated the player record for Artifact. Artifact's all-time high was only just over 60K whereas Underlords has sailed past 190K, although that shouldn't be too surprising since Underlords is free and isn't rammed full of micro-transactions (yet?) and it helps being on mobile as well of course (According to one of the SteamDB folk, the mobile players are being counted too).

Stable kernels 5.1.13, 5.1.14, 4.19.54, 4.19.55, 4.14.129, 4.9.183, and 4.4.183

Filed under
Linux

Ubuntu 19.10 Dropping 32-bit Support Leaves Developers Fuming

Filed under
News

There will be no 32-bit support at all in Ubuntu 19.10. This is problematic for developers of Wine and Steam and gaming on Ubuntu might be in trouble.
Read more

Open Source Slack Alternative Mattermost Gets $50M Funding

Filed under
OSS

Mattermost, which presents itself as an open source alternative to Slack raised $50M in series B funding. This is definitely something to get excited for.

Slack is a cloud-based team collaboration software that is mainly used for internal team communication. Enterprises, startups and even open source projects worldwide use it interact with colleagues and project members. Slack is free with limited features while the paid enterprise version has premium features.

Slack is valued at $20 billion in June, 2019. You can guess the kind of impact it has made in the tech industry and certainly more products are trying to compete with Slack.

Read more

today's leftovers

Filed under
Misc
  • Important, but obscure, sysadmin tool osquery gets a foundation of its own

    But users think osquery's founder, Facebook, has been neglecting osquery. Going forward, Facebook has turned osquery over to The Linux Foundation. There, engineers and developers from Dactiv, Facebook, Google, Kolide, Trail of Bits, Uptycs, and other companies invested in osquery, will support it under the new foundation: The osquery Foundation.

    That's a good thing because while you may not have heard of osquery, many major companies, such as Airbnb, Dropbox, Netflix, Palantir, Etsy, and Uber, rely on it. This project needed a new lease on life.

    How does it work? Osquery exposes server operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data and low level system information. In osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.These are kept in a SQLite DBMS.

  • Running Ubuntu on the One Mix Yoga 3 mini laptop (video)

    The One Mix Yoga 3 is a small laptop that features an 8.4 inch touchscreen display and a convertible tablet-style design. It ships with Windows 10, but one of the first things I tried doing with the tablet was to boot a GNU/Linux distribution.

    I posted some notes about what happened when I took Ubuntu 19.04 for a spin on the One Mix 3 Yoga in my first-look article, but plenty of folks who watched my first look video on YouTube asked for a video… so I made one of those too.

  • Cockroach and the Source Available Future [Ed: The proprietary software giants-funded pundits like PedMonk on the openwashing agenda ("Source Available"... like "Shared Source" or "Inner Source"). What a crock.]

    Earlier this month, the database company Cockroach Labs relicensed its flagship database product. This is notable for two reasons. Most obviously, the company is following in the footsteps of several of its commercial open source database peers such as Confluent, Elastic, MongoDB, Redis Labs and TimescaleDB that have felt compelled to apply licenses that are neither open source nor, in most cases, traditionally proprietary.

    But the relicensing of CockroachDB is also interesting because this isn’t the first time the company has applied such a license.

    In January of 2017, Cockroach Labs announced the introduction of what it called the CockroachDB Community License (CCL). To the company’s credit, in the post announcing this new license, it took pains to make it clear that the CCL, while making source code available, was not in fact an open source license because it restricted redistribution. The CCL essentially enforced a two tier, open core-type business model, in which a base version of the database was made available under a permissive open source license (Apache) while certain enterprise features were made available under the CCL, which essentially requires users of these premium, enterprise-oriented features to pay for them.

    With its recent relicensing, the original dual core model has been deprecated. Moving forward, CockroachDB will be made available under two non-open source licenses – which, as an aside to Cockroach, presumably means that section 1B of the CCL probably needs to be updated. The CCL will continue to govern the premium featureset, but the original open source codebase will moving forward be governed by the Business Source License (BSL). Originally released by MariaDB, the BSL is a source available license; a license that makes source code for a project available, but places more restrictions upon its usage than is permitted by open source licenses.

  • Welcoming the newest Collaborans!

    For many, June 21, day of the Solstice, is a day of celebrations. At Collabora, we're also celebrating, as we take a moment to welcome all the newest members of our engineering and administration teams who've joined over the last year!

    Comprised of some of the most motivated and active Open Source contributors and maintainers around the world, Collaborans share an enduring passion for technology and Open Source, and these new joiners are no different.

Syndicate content

More in Tux Machines

Android Leftovers

4 open source Android apps for writers

While I'm of two minds when it comes to smartphones and tablets, I have to admit they can be useful. Not just for keeping in touch with people or using the web but also to do some work when I'm away from my computer. For me, that work is writing—articles, blog posts, essays for my weekly letter, e-book chapters, and more. I've tried many (probably too many!) writing apps for Android over the years. Some of them were good. Others fell flat. Here are four of my favorite open source Android apps for writers. You might find them as useful as I do. Read more

How a trip to China inspired Endless OS and teaching kids to hack

Last year, I decided to try out Endless OS, a lightweight, Linux-based operating system developed to power inexpensive computers for developing markets. I wrote about installing and setting it up. Endless OS is unique because it uses a read-only root file system managed by OSTree and Flatpak, but the Endless company is unique for its approach to education. Late last year, Endless announced the Hack, a $299 laptop manufactured by Asus that encourages kids to code, and most recently the company revealed The Third Terminal, a group of video games designed to get kids coding while they're having fun. Since I'm so involved in teaching kids to code, I wanted to learn more about Endless Studios, the company behind Endless OS, The Third Terminal, The Endless Mission, a sandbox-style game created in partnership with E-Line Media, and other ventures targeted at expanding digital literacy and agency among children around the world. I reached out to Matt Dalio, Endless' founder, CEO, and chief of product and founder of the China Care Foundation, to ask about Endless and his charitable work supporting orphaned children with special needs in China. Read more

AMD Releases Firmware Update To Address SEV Vulnerability

A new security vulnerability has been made public over AMD's Secure Encrypted Virtualization (SEV) having insecure cryptographic implementations. Fortunately, this AMD SEV issue is addressed by a firmware update. CVE-2019-9836 has been made pulic as the AMD Secure Processor / Secure Encrypted Virtualization having an insecure cryptographic implementation. Read more