Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 25 Apr 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

today's howtos

Filed under
HowTos

Debian, Elive, and Ubuntu

Filed under
Debian
Ubuntu
  • Re-elected as Debian Project Leader

    I have been extremely proud to have served as the Debian Project Leader since my election in early 2017. During this time I've learned a great deal about the inner workings of the Project as well as about myself. I have grown as a person thanks to all manner of new interactions and fresh experiences.

    I believe is a privilege simply to be a Debian Developer, let alone to be selected as their representative. It was therefore an even greater honour to learn that I have been re-elected by the community for another year. I profoundly and wholeheartedly thank everyone for placing their trust in me for another term.

  • Elive 3.0 is ALMOST here!

    Elive's latest beta, 2.9.90, was released a couple of weeks ago.
    According to the description, this is the last beta before the official release of version 3.0.

    I have been waiting for Elive for quite a long time.
    My first contact with it was through a live CD of version 2.0 Topaz in 2010, when I had recently migrated to Linux. I was truly impressed by the beauty and polish of the distro. I never installed it, though. I was put off by the fact that it was the only distro that could not be installed unless one paid for an installing module. Back then, I assumed that free software had to be "gratis".

  • NGINX Updates: Ubuntu Bionic, and Mainline and Stable PPAs

    Ubuntu Bionic 18.04 now has 1.14.0 in the repositories, and very likely will have 1.14.0 for the lifecycle of 18.04 from April of 2018 through April of 2023, as soon as it is released.

  • gksu removed from Ubuntu

OSS Leftovers

Filed under
OSS
  • Prospects for free software in cars

    Car manufacturers, like most companies, navigate a narrow lane between the benefits of using free and open-source software and the perceived or real importance of hiding their trade secrets. Many are using free software in some of the myriad software components that make up a modern car, and even work in consortia to develop free software. At the recent LibrePlanet conference, free-software advocate Jeremiah Foster covered progress in the automotive sector and made an impassioned case for more free software in their embedded systems. Foster has worked in automotive free software for many years and has played a leading role in the GENIVI Alliance, which is dedicated to incorporating free software into in-vehicle infotainment (IVI) systems. He is currently the community manager for the GENIVI Alliance.

    First, Foster talked about the importance of software in modern vehicles. He pointed out that software increasingly becomes the differentiator used to market cars. Horsepower no longer sells these vehicles, Foster says—features do. He claims that some companies even sell the car at cost (the old "razor/blades" or "printer/ink" business model) and make their money on aftermarket apps and features. Companies are finding it effective to get hardware from other manufacturers while improving the user experience through their software. Some of these features contribute to safety (such as alerts that help you drive within the lane or parallel park), and some may be critical, such dashboard icons that warn the driver of electrical system problems or low brake fluid.

  • Productising open source integration

    We asked Lumina Networks’ CEO Andrew Coward, how companies can make best use of open source. “Open source is not a spectator sport,” says Andrew. “Sitting around and waiting for somebody to show up and deliver the equivalent of your existing vendor’s offering is not the right approach. So we work best when our customers are very engaged. And really, it’s all about how you automate things.”

  • Riot: A Distributed Way of Having IRC and VOIP Client and Home Server

    Riot is a free and open source decentralized instant messaging application that can be considered an alternative to Slack. We take a look at features of Riot, installation procedure and usage.

    It’s surprising that many Linux users and open source projects use a proprietary messaging service like Slack. Even we at It’s FOSS use Slack for our internal communication which I don’t like. This is why I came up with the proposal of using an open source alternative to Slack, called Riot.

  • Announcing the 2018 Fractal Hackfest

    For the past few months, I’ve been contributing to a new group messaging app called Fractal. Its aim is to be so good that we can maybe, eventually, finally replace IRC as the primary communication channel for GNOME development.

  • The ticking time bomb: Fake ad blockers in Chrome Web Store

    People searching for a Google Chrome ad blocking extension have to choose from dozens of similarly named extensions. Only few of these are legitimate, most are forks of open source ad blockers trying to attract users with misleading extension names and descriptions. What are these up to? Thanks to Andrey Meshkov we now know what many people already suspected: these extensions are malicious. He found obfuscated code hidden carefully within a manipulated jQuery library that accepted commands from a remote server.

  • Google Chrome now blocks autoplaying video with sound

    Video that plays without audio, or that a user has tapped or clicked on, will still play. On mobile, autoplaying videos will be allowed on sites that have been added as a bookmark to the home screen, while desktop sites that a user frequently actively watches video on will be allowed to autoplay videos with sound as ranked by the firm’s new Media Engagement Index (MEI).

  • Israeli Government Is Open Sourcing Its Software Code

    Just yesterday, we told you about German government’s decision to go ahead with an open source solution for creating its private cloud. The government announced a partnership with Nextcloud, which is a popular open source solutions provider.

    In another encouraging development for the open source enthusiasts, the Israeli government has decided to open source its software code. As a result, the released code will be available to public and free to reuse.

BSD: LLVM and OpenBSD on the Desktop

Filed under
BSD
  • LLVM Is Playing A Big Role With Vulkan/SPIR-V Compilers

    The usage of LLVM as part of the graphics driver stack continues to be picked up now especially in the Vulkan/SPIR-V world.

    With the new NVIDIA 396 driver series there is their new "NVVM" compiler stack for SPIR-V, the IR used by Vulkan and OpenCL and now can be consumed by OpenGL 4.6 too.

  • OpenBSD on my fanless desktop computer

     

    I’ve been using OpenBSD on servers for years as a web developer, but never had a chance to dive in to system administration before. If you appreciate the simplicity of OpenBSD and you have to give it a try on your desktop.

Mozilla News and Development

Filed under
Moz/FF
  • Firefox Performance Update #6

    These updates are going to shift format slightly. I’m going to start by highlighting the status of some of the projects the Firefox Performance Team (the front-end team working to make Firefox snappy AF), and then go into the grab-bag list of improvements that we’ve seen landing in the tree.

  • Announcing cargo src (beta)

    cargo src is a new tool for exploring your Rust code. It is a cargo plugin which runs locally and lets you navigate your project in a web browser. It has syntax highlighting, jump to definition, type on hover, semantic search, find uses, find impls, and more.

  • Things Gateway - Series 2, Episode 1
  • Firefox Data engineering newsletter Q1 / 2018

    As the Firefox data engineering teams we provide core tools for using data to other teams. This spans from collection through Firefox Telemetry, storage & processing in our Data Platform to making data available in Data Tools.

    [...]

    Most centrally, the Telemetry portal is now the main entry point to our tools, documentation and other resources. When working with Firefox data you will find all the important tools linked from there.

  • Working for Good: Metalwood Salvage of Portland

    The web should be open to everyone, a place for unbridled innovation, education, and creative expression. That’s why Firefox fights for Net Neutrality, promotes online privacy rights, and supports open-source tech around the globe. We strive to make the online community a better place. We also know people everywhere work tirelessly to improve their own communities. In this series, we’re profiling businesses that work to make the world better—and use Firefox to support a healthy, open, and safe internet.

  • It’s time to give Firefox a fresh chance

     

    After spending some quality time comparing the actual experience of using Chrome, Safari, and Firefox across a variety of websites, I’m confident in saying browser benchmarks are profoundly uninformative. The truth is that performance differences are not substantial enough to be noticed. If anything, you’re most likely to clash with “only works in Chrome” incompatibilities, but that’s kind of the whole reason for me to avoid Chrome: someone has to keep using the alternatives so as to give them a reason to exist.

Malware in Microsoft, Bugs in Android Apps

Filed under
Android
Google
Microsoft
Web

Spyder – The Scientific Python IDE for Data Science

Filed under
Development

I don’t know how many of our readers are research scientists, data analysts, etc. but today, we introduce an IDE that is ideal for Python development and it goes by the name of Spyder.

Spyder is an Open Source IDE written in Python for Python development with a focus on research, data analysis, and scientific package creation. It boasts a well-planned User Interface with interactive options, customizable layouts, and toggle-able sections.

Its features include a multi-language editor with automatic code completion, real-time code analysis, go-to definitions, etc. It also contains a history log, developer tools, a documentation viewer, a variable explorer, and an interactive console, among other perks.

Read more

LWN on Linux: 'Secure' Boot, AF_XDP Patch, 4.17 Release and 'Beep'

Filed under
Linux
  • Kernel lockdown locked out — for now

    As the 4.17 merge window opened, it seemed possible that the kernel lockdown patch set could be merged at last. That was before the linux-kernel mailing list got its hands on the issue. What resulted was not one of the kernel community's finest moments. But it did result in a couple of evident conclusions: kernel lockdown will almost certainly not be merged for 4.17, but something that looks very much like it is highly likely to be accepted in a subsequent merge window.

    As a reminder: the purpose of the lockdown patches is to enforce a distinction between running as root and the ability to run code in kernel mode. Proponents of UEFI secure boot maintain that this separation is necessary; otherwise the promise of secure boot (that the system will only run trusted code in kernel mode) cannot be kept. Closing off the paths by which a privileged attacker could run arbitrary code in kernel mode requires disabling a number of features in the kernel; see the above-linked article for the details. Most users will never miss the disabled features, but there are always exceptions.

    [...]

    One other aspect of this issue that came up briefly is the fear that, if Linux looks like a tool that can be used to compromise secure-boot systems running Windows, that Microsoft might blacklist the signing key and render Linux unbootable on most x86 hardware. David Howells expressed this worry, for example. Greg Kroah-Hartman said, though, that he has researched this claim numerous times and it has turned out to be an "urban myth".

  • Accelerating networking with AF_XDP

    The Linux network stack does not lack for features; it also performs well enough for most uses. At the highest network speeds, though, any overhead at all is too much; that has driven the most demanding users toward specialized, user-space networking implementations that can outperform the kernel for highly constrained tasks. The express data path (XDP) development effort is an attempt to win those users back, with some apparent success so far. With the posting of the AF_XDP patch set by Björn Töpel, another piece of the XDP puzzle is coming into focus.

  • The first half of the 4.17 merge window

    As of this writing, 5,392 non-merge changesets have been pulled into the mainline repository for the 4.17 release. The 4.17 merge window is thus off to a good start, but it is far from complete. The changes pulled thus far cover a wide part of the core kernel as well as the networking, driver, and filesystem subsystems.

  • What the beep?

    A "simple" utility to make a system beep is hardly the first place one would check for security flaws, but the strange case of the "Holey Beep" should perhaps lead to some rethinking. A Debian advisory for the beep utility, which was followed by another for Debian LTS, led to a seemingly satirical site publicizing the bug (and giving it the "Holey Beep" name). But that site also exploits a new flaw in the GNU patch program—and the increased scrutiny on beep has led to more problems being found.

Games: Cities: Skylines - Parklife expansion, Supposedly Wonderful Future, Serious Sam 4

Filed under
Gaming

Graphics: AMD, RADV, RadeonSI, Mesa 18.0.1

Filed under
Graphics/Benchmarks
  • AMDGPU DRM Gets "GFXOFF" Patches To Turn Off Graphics Engine

    AMD's Huang Rui has posted a set of 20 patches providing "GFXOFF" support for the AMDGPU Direct Rendering Manager Linux kernel driver.

    GFXOFF is a new graphics processor feature that allows for powering off the graphics engine when it would otherwise be idle with no graphics workload. Obviously, this would equate to a potentially significant power savings with that engine being able to be shut-off.

  • RADV Driver Lands Support For Vulkan's New Descriptor Indexing Extension

    Earlier this month with the Vulkan 1.1.72 specification update was the new VK_EXT_descriptor_indexing extension that is quickly being well received by developers.

    The VK_EXT_descriptor_indexing extension allows for creating large descriptor sets made up of all their combined resources and selecting those resources via dynamic indexes in a shader.

  • RadeonSI Now Appears To Support "RX Vega M" With Intel Core CPUs

    One of the most common Linux hardware questions I've received dozens of times in the past few weeks alone has been over the support for "RX Vega M" Vega-based graphics processors found on select newer Intel Kabylake CPUs. It appears RadeonSI at least should now support these Radeon graphics on Intel CPUs.

  • mesa 18.0.1
  • Mesa 18.0.1 Released With A Number Of Fixes

    In addition to Mesa 17.3.9 being released today, Mesa 18.0.1 also rolled out the door as the first point release to last quarter's Mesa 18.0 series.

    Mesa 18.0.1 features improvements to its Meson build system support, several RADV Vulkan driver fixes, various fixes to the Gallium3D Nine (D3D9) state tracker, various Intel driver fixes, several core Mesa improvements, and then the other random smothering of fixes collected over the past few weeks.

Programming: nGraph Compiler, JavaScript Trademark, PyPI and Pip

Filed under
Development
  • Intel Opens Up nGraph Source Code For DNN Model Compiler

    Intel tonight announced they are open-sourcing their nGraph compiler code, which serves as a framework-neutral deep neural network model compiler.

    Intel claims with nGraph and Xeon Scalable hardware that researchers can obtain up to 10x performance improvements over previous TensorFlow integrations, as one example. Besides TensorFlow, nGraph also supports PyTorch, MXNet, Neon, Caffe2, and CNTK while also planning to support other frameworks moving forward.

  • Why it's finally time to give up on the name JavaScript

    An iOS developer has apparently received a cease and desist notice from Oracle over the use of the word "JavaScript" in the title of their app. The developer, Tyanya Software, shared the notice on perennial internet soapbox Reddit to seek advice on how to fight the order.

    [...]

    If user reviews are any indication, the app is not even particularly good, with reviewers stating things such as "Not ready for production," "Does not work as advertised," and "Waste of money, don't buy this." The last update to the app was in 2014, which the changelog notes was only an upgrade to add support for iOS 8. The app developer is at least honest about the intent behind the unwieldy name for the app, saying in a Reddit comment that "we game the App Store ranking by adding all the keywords to the app name."

    While Oracle has a duty to protect their trademarks, this type of legal bludgeoning underscores a historical problem that has been left unaddressed for too long: JavaScript is a terrible name for the thing being described.

    It has nothing to do with Java, an actual product developed by Sun (now owned by Oracle). JavaScript was developed at Mozilla, and the name was changed during beta releases of Netscape Navigator 2.0 from "LiveScript" to "JavaScript." It has, for some time, caused confusion among casual web users about the difference between Java and JavaScript. Given that ECMAScript is also a trademarked term, it seems best to revert to calling the language "LiveScript" to undercut trademark-related legal posturing.

    [...]

    Oracle declined to comment on this story.

  • New PyPI launched

    The new PyPI has been launched. Browser traffic and API calls (including "pip install") have been redirected from the old pypi.python.org to the new site. The old PyPI will shut down on April 30. LWN covered the new PyPI last week.

  • Pip 10.0 has been released

    The release of pip 10.0 has been announced. Some highlights of this release include the removal of Python 2.6 support, limited PEP 518 support (with more to come), a new "pip config" command, and other improvements.

Meltdown/PTI Mitigation Impact On BSDs vs. Linux

Filed under
Graphics/Benchmarks
Linux
BSD

Besides the fresh BSD/Linux disk performance tests, some other tests I ran on various BSDs and Linux distributions this week was looking at the performance impact of Intel Meltdown CPU vulnerability mitigation on each of them, namely the performance impact of using kernel page-table isolation.

On DragonFlyBSD 5.2, TrueOS 18.03, Ubuntu 16.04, Ubuntu 18.04, and Clear Linux I ran tests when the mitigation was enabled and then again when it was off for seeing the performance impact.

Read more

Red Hat and Fedora Leftovers

Filed under
Red Hat
  • Enterprise Node.js on OpenShift, April 19th, 12 p.m. EDT

    The next online DevNation Live Tech Talk is Thursday, April 19th at 12pm EDT. The topic is “Enterprise Node.js on Red Hat OpenShift” presented by Lance Ball, and hosted by Burr Sutter. The popularity of JavaScript on the front end and the JSON format for data has led to a “JavaScript Everywhere” movement with Node.js at the center. Node.js offers developers an event-driven, non-blocking I/O model that is perfect for high concurrency, low-latency applications that run across distributed devices. Its reactive architecture makes it an ideal technology for containerized microservices architectures you’ve been hearing so much about.

  • President to President with Luc Villeneuve, Red Hat Canada

    ITWC President Fawn Annan gets to the point with Red Hat’s general manager for Canada. Villeneuve speaks about building the open source technology firm in the country, the unique differences when dealing with the Quebec market, and how he fosters a positive culture in the workplace. Plus, he dishes on how his experience in journey hockey taught him how to build a successful sales team.

  • Be mindful of jumping into an open source project too soon: RedHat CTO

    Open source software has long been seen as a movement towards collaborative development. In a conversation with BusinessLine, Chris Wright, Vice-President & CTO at RedHat, talks about some of the challenges the open source community is facing and why it is important to set expectations right when it comes to promoting open source software. Edited excerpts:

  • DevOps Tool Market Global Manufacturers: Chef, Atlassian, Saltstac, Red Hat and Docker Inc.
  • Two sizzlers stock’s are not to be missed: Red Hat, Inc. (RHT), Navient Corporation (NAVI)
  • Fedora Community Blog: Fedora meetup at Pune – March 2018

    Long time we did not had any meetup at Pune, Maharashtra, India, so we decided to get started again. Details about this meetup are available at Fedora Wiki page.

    Planning for meetup started 1 month before. Initially Ompragash proposed to have meetup.com account for Fedora Pune to get more awareness. Later dropped this plan, since this is not only Fedora Pune level topic but applicable for all Fedora events.

  • Fedora 28 Beta – dnf system-upgrade

    Used DNF to remove duplicate rpms, reinstalled the new kernel and libwbclient, and corrected GNOME’s right-click behaviour, and all is well.

Security Leftovers

Filed under
Security

Devices Leftovers

Filed under
Linux
Hardware

‘No Company Is So Important Its Existence Justifies Setting Up a Police State’

Filed under
GNU
Interviews

You’re talking about very — about specific manifestations, and in some cases in ways that presuppose a weak solution.

What is data privacy? The term implies that if a company collects data about you, it should somehow protect that data. But I don’t think that’s the issue. I think the problem is that it collects data about you period. We shouldn’t let them do that.

I won’t let them collect data about me. I refuse to use the ones that would know who I am. There are unfortunately some areas where I can’t avoid that. I can’t avoid even for a domestic flight giving the information of who I am. That’s wrong. You shouldn’t have to identify yourself if you’re not crossing a border and having your passport checked.

With prescriptions, pharmacies sell the information about who gets what sort of prescription. There are companies that find this out about people. But they don’t get much of a chance to show me ads because I don’t use any sites in a way that lets them know who I am and show ads accordingly.

So I think the problem is fundamental. Companies are collecting data about people. We shouldn’t let them do that. The data that is collected will be abused. That’s not an absolute certainty, but it’s a practical, extreme likelihood, which is enough to make collection a problem.

A database about people can be misused in four ways. First, the organization that collects the data can misuse the data. Second, rogue employees can misuse the data. Third, unrelated parties can steal the data and misuse it. That happens frequently, too. And fourth, the state can collect the data and do really horrible things with it, like put people in prison camps. Which is what happened famously in World War II in the United States. And the data can also enable, as it did in World War II, Nazis to find Jews to kill.

In China, for example, any data can be misused horribly. But in the U.S. also, you’re looking at a CIA torturer being nominated to head the CIA, and we can’t assume that she will be rejected. So when you put this together with the state spying that Snowden told us about, and with the Patriot Act that allows the FBI to take almost any database of personal data without even talking to a court. And what you see is, for companies to have data about you is dangerous.

And I’m not interested in discussing the privacy policies that these companies have. First of all, privacy policies are written so that they appear to promise you some sort of respect for privacy, while in fact having such loopholes that the company can do anything at all. But second, the privacy policy of the company doesn’t do anything to stop the FBI from taking all that data every week. Anytime anybody starts collecting some data, if the FBI thinks it’s interesting, it will grab that data.

And we also know that the FBI and other such agencies are inclined to label protesters as terrorists. So that way they can use laws that were ostensibly adopted to protect us from terrorists to threaten a much larger number of us than any terrorist could.

Read more

Also: Numerical Analysis Software Global Market Analysis & Forecast: Analytica, Matlab, GNU Octave, Plotly, FlexPro

Today in Techrights

Filed under
News
Syndicate content

More in Tux Machines

5 top Blender video tutorials for beginners

Blender is a complex piece of software that is capable of producing extremely high-quality visuals for all manner of visual art purposes, from video games to product visualization. Of course, that power needs to be wielded by a controlled hand. Otherwise, you'll end up with a mush of digital geometry that makes no sense at all. These days, video tutorials are the educational tool of choice for most people. I'm going to give you five of the best free beginner video tutorials for Blender currently available. I recommend you watch all of them. They all cover a lot of the same information. However, every instructor has a different way of presenting. Stick with the one that clicks with you. Read more

Cinnamon 3.8 Desktop Environment Released with Python 3 Support, Improvements

Scheduled to ship with the upcoming Linux Mint 19 "Tara" operating system series this summer, the Cinnamon 3.8 desktop environment is now available for download and it's a major release that brings numerous improvements, new features, and lots of Python 3 ports for a bunch of components. Among the components that got ported to Python 3 in the Cinnamon 3.8 release, we can mention cinnamon-settings, cinnamon-menu-editor, cinnamon-desktop-editor, cinnamon-settings-users, melange, background slideshow, the switch editor and screensaver lock dialogs, desktop file generation scripts, as well as all the utilities. Read more

Canonical Releases Kernel Security Updates for Ubuntu 17.10 and Ubuntu 16.04 LTS

For Ubuntu 17.10 (Artful Aardvark) users, today's security update addresses a bug (CVE-2018-8043) in Linux kernel's Broadcom UniMAC MDIO bus controller driver, which improperly validated device resources, allowing a local attacker to crash the vulnerable system by causing a denial of service (DoS attack). For Ubuntu 16.04 LTS (Xenial Xerus) users, the security patch fixes a buffer overread vulnerability (CVE-2017-13305) in Linux kernel's keyring subsystem and an information disclosure vulnerability (CVE-2018-5750) in the SMBus driver for ACPI Embedded Controllers. Both issues could allow a local attacker to expose sensitive information. Read more

Security: Updates, Reproducible Builds, Match.com and More

  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #156
  • A Match.com glitch reactivated a bunch of old profiles, raising concerns about user data

    A Match Group spokesperson confirmed that a “limited number” of old accounts had been accidentally reactivated recently and that any account affected received a password reset. Match.com’s current privacy statement, which was last updated in 2016, says that the company can “retain certain information associated with your account” even after you close it. But that Match Group spokesperson also told The Verge that the company plans to roll out a new privacy policy “in the next month or so,” in order to comply with the EU’s General Data Protection Regulation (GDPR); under the new policy, all those years-old accounts will be deleted. The Verge has requested clarification on which accounts will qualify for deletion, and what “deletion” will specifically entail, but has not received a response as of press time.

  • New hacks siphon private cryptocurrency keys from airgapped wallets

    Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren't connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.

  • New hacker group targets US health-care industry, researchers say

    The group, which Symantec has named “Orangeworm,” has been installing backdoors in large international corporations based in the U.S., Europe and Asia that operate in the health-care sector.

    Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations.