Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 23 Oct 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Graphics: Mesa 18.2.3, AMDVLK and Intel KVMGT Roy Schestowitz 19/10/2018 - 10:01pm
Story Some Initial PostgreSQL 11.0 Database Benchmarks Roy Schestowitz 19/10/2018 - 9:57pm
Story KaOS 2018.10 Roy Schestowitz 1 19/10/2018 - 9:45pm
Story Hacker friendly LapPi laptop kit runs on Raspberry Pi 3B+ Roy Schestowitz 19/10/2018 - 9:31pm
Story OSS and Sharing Leftovers Roy Schestowitz 1 19/10/2018 - 5:38pm
Story Snaps in Numbers and Belated (the Day After) Ubuntu Release Coverage Roy Schestowitz 2 19/10/2018 - 5:21pm
Story Is New Ubuntu 18.10 Worth Installing? Mohd Sohail 19/10/2018 - 5:06pm
Story Red Hat and Fedora Leftovers Roy Schestowitz 19/10/2018 - 5:05pm
Story Android Leftovers Rianne Schestowitz 19/10/2018 - 5:04pm
Story Intel Core i9 9900K vs. AMD Ryzen 7 2700X Linux Gaming Benchmarks Rianne Schestowitz 19/10/2018 - 4:55pm

Security: Facebook, GNU Binutils and Epson/HP

Filed under
Security
  • What To Do If Your Account Was Caught in the Facebook Breach

    Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

    30 Million Accounts Affected

    The number of users whose access tokens were stolen is lower than Facebook originally estimated. When Facebook first announced this incident, it stated that attackers may have been able to steal access tokens—digital “keys” that control your login information and keep you logged in—from 50 to 90 million accounts. Since then, further investigation has revised that number down to 30 million accounts.

    The attackers were able to access an incredibly broad array of information from those accounts. The 30 million compromised accounts fall into three main categories. For 15 million users, attackers access names and phone numbers, emails, or both (depending on what people had listed).

  • GNU Binutils read_reloc Function Denial of Service Vulnerability [CVE-2018-18309]
  • Security Updates Are Even Breaking Your Printer (On Purpose)

    Printer manufacturers hate third-party ink cartridges. They want you buying the expensive, official ones. Epson and HP have issued sneaky “updates” that break these cheaper cartridges, forcing you to buy the expensive ones.

    HP pioneered this technique back in 2016, rolling out a “security update” to its OfficeJet and OfficeJet Pro printers that activated a helpful new feature—helpful for HP’s bottom line, at least. Now, before printing, the printer would verify you’re using new HP ink cartridges. If you’re using a competitor’s ink cartridge or a refilled HP ink cartridge, printing would stop. After some flaming in the press, HP sort-of apologized, but not really.

Kernel: Keeping Control in the Hands of the User and KUnit

Filed under
Linux
  • Keeping Control in the Hands of the User

    Various efforts always are underway to implement Secure Boot and to add features that will allow vendors to lock users out of controlling their own systems. In that scenario, users would look helplessly on while their systems refused to boot any kernels but those controlled by the vendors.

    The vendors' motivation is clear—if they control the kernel, they can then stream media on that computer without risking copyright infringement by the user. If the vendor doesn't control the system, the user might always have some secret piece of software ready to catch and store any streamed media that could then be shared with others who would not pay the media company for the privilege.

    Recently, Chen Yu and other developers tried to submit patches to enhance Secure Boot so that when the user hibernated the system, the kernel itself would encrypt its running image. This would appear to be completely unnecessary, since as Pavel Machek pointed out, there is already uswsusp (userspace software suspend), which encrypts the running image before suspending the system. As Pavel said, the only difference was that uswusp ran in userspace and not kernel space.

  • Google Engineer Proposes KUnit As New Linux Kernel Unit Testing Framework

    Google engineer Brendan Higgins sent out an experimental set of 31 patches today introducing KUnit as a new Linux kernel unit testing framework to help preserve and improve the quality of the kernel's code.

    KUnit is a unit testing framework designed for the Linux kernel and inspired by the well known JUnit as well as Googletest and other existing unit testing frameworks for designing unit tests and related functionality.

DragonFlyBSD Continues Squeezing More Performance Out Of AMD's Threadripper 2990WX

Filed under
Graphics/Benchmarks

DragonFlyBSD 5.4 should be a really great release if you are a BSD user and have an AMD Threadripper 2 box, particularly the flagship Threadripper 2990WX 32-core / 64-thread processor.

The project leader of this long ago fork from FreeBSD, Matthew Dillon, has been quite outspoken about the Threadripper 2990WX since he purchased one earlier this summer. This prolific BSD developer has been praising the performance out of the Threadripper 2990WX since he got the system working on the current DragonFlyBSD 5.3 development builds.

Since getting DragonFlyBSD running on the Threadripper 2 hardware in August, he's routinely been making performance tuning optimizations to DragonFly's kernel to benefit the 2990WX given its NUMA design.

Read more

Arm Launches Mbed Linux and Extends Pelion IoT Service

Filed under
Linux

Politics and international relations may be fraught with acrimony these days, but the tech world seems a bit friendlier of late. Last week Microsoft joined the Open Invention Network and agreed to grant a royalty-free, unrestricted license of its 60,000-patent portfolio to other OIN members, thereby enabling Android and Linux device manufacturers to avoid exorbitant patent payments. This week, Arm and Intel kept up the happy talk by agreeing to a partnership involving IoT device provisioning.

Arm’s recently announced Pelion IoT Platform will align with Intel’s Secure Device Onboard (SDO) provisioning technology to make it easier for IoT vendors and customers to onboard both x86 and Arm-based devices using a common Peleon platform. Arm also announced Pelion related partnerships with myDevices and Arduino (see farther below).

Read more

Programming: Version Control With Git, 5 Things Your Team Should Do to Make Pull Requests Less Painful and More GitHub Workflow Automation

Filed under
Development
  • How to Use Git Version Control System in Linux [Comprehensive Guide]

    Version Control (revision control or source control) is a way of recording changes to a file or collection of files over time so that you can recall specific versions later. A version control system (or VCS in short) is a tool that records changes to files on a filesystem.

    There are many version control systems out there, but Git is currently the most popular and frequently used, especially for source code management. Version control can actually be used for nearly any type of file on a computer, not only source code.

  • 5 Things Your Team Should Do to Make Pull Requests Less Painful

    A user story is a short description of a unit of work that needs doing. It’s normally told from the perspective of the user, hence the name. The journey towards a good pull request starts with a well-written user story. It should be scoped to a single thing that a user can do in the system being built.

  • More GitHub workflow automation

    The more you use computers, the more you see the potentials for automating everything. Who doesn't love that? By building Mergify those last months, we've decided it was time bring more automation to the development workflow.

today's howtos

Filed under
HowTos

Games: Cultist Simulator, Planetary Annihilation: TITANS, CrossOver 18, Updated Proton 3.16 Beta, Descenders, Bridge Constructor Portal, Train Valley 2, Sipho

Filed under
Gaming

Security: Stamos, E-mail and RAT Arrest

Filed under
Security

Browsing the web with Min, a minimalist open source web browser

Filed under
OSS
Web

Does the world need another web browser? Even though the days of having a multiplicity of browsers to choose from are long gone, there still are folks out there developing new applications that help us use the web.

One of those new-fangled browsers is Min. As its name suggests (well, suggests to me, anyway), Min is a minimalist browser. That doesn't mean it's deficient in any significant way, and its open source, Apache 2.0 license piques my interest.

Read more

Security: Patches, FUD and Voting Machines

Filed under
Security
  • libssh 0.8.4 and 0.7.6 security and bugfix release

    libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

  • A Cybersecurity Weak Link: Linux and IoT [Ed: Blaming "Linux" for companies that put default passwords on all their products? Windows has back doors.]
  • Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

    But University of Michigan grad student Matt Bernhard has demonstrated that he can bypass the tamper-evident seals in seconds, using a shim made from a slice of a soda can. The bypass is undetectable and doesn't damage the seal, which can be resecured after an attacker gains access to the system.

  • Security Seals Used to Protect Voting Machines Can Be Easily Opened With Shim Crafted from a Soda Can

    Bernhard, who is an expert witness for election integrity activists in a lawsuit filed in Georgia to force officials to get rid of paperless voting machines used in that state, said the issue of security ties and seals came up in the lawsuit earlier this year when Fulton County Elections Director Richard Barron told the court that his Georgia county relies on tamper-evident metal and plastic ties to seal voting machines and prevent anyone with physical access to the machines from subverting them while they sit in polling places days before an election.

    [...]

    He noted that defeating ties and seals in non-tamper-evident ways isn’t the only method to wreak havoc on an election in Michigan. The state has a unique law that prohibits ballots from being used in a recount if the number of voters doesn't match the number of ballots cast at a precinct or if the seal on a ballot box is broken or has a different serial number than what it should have. Someone who wanted to wreak havoc on an election or alter an election outcome in Michigan could purposely tamper with ballot box seals in a way that is evident or simply replace them with a seal bearing a different serial number in order to get ballots excluded from a recount. The law came into sharp relief after the 2016 presidential election when Green Party candidate Jill Stein sought to get a statewide recount in Michigan and two other critical swing states and found that some precincts in Wayne County couldn't be recounted because the number of voters who signed the poll books—which get certified with a seal signed by officials—didn't match the number of ballots scanned on the voting machines.

OSS: Hedera Hashgraph, Service Providers, and Renaming the Bro Project

Filed under
OSS
  • Hedera Hashgraph Distributed Ledger Technology Shares New Open-Source SDK [Ed: Hedera needs to delete GitHub, however, as the new head of GitHub killed Java projects like Hedera's]

    Hedera Hashgraph, one of the DApp facilitators within the blockchain industry recently announced that it has released its Software Development Kit (SDK) in Java.

  • Service Providers Should Adapt to Open Source World

    Finding differing opinions on open source with the telecom industry isn't hard to do, especially where orchestration is concerned. That's why a panel discussion on open source and MANO at the Light Reading NFV-Carrier SDN event in Denver seemed an odd place to find such outspoken agreement on that topic, but there it was.

    Four smart guys, none shy with their opinions, all seemed to agree on key points around open source, the need for standards, the role of vendors and the lack of internal software skills. But they also agreed that telecom service providers are struggling a bit to understand how to proceed in an open source world and still need some fundamental internal changes.

  • Renaming the Bro Project

    More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now the name "Bro" is alas much more of a distraction than a reminder.

    On the Leadership Team of the Bro Project, we heard clear concerns from the Bro community that the name "Bro" has taken on strongly negative connotations, such as "Bro culture". These send a sharp, anti-inclusive - and wholly unintended and undesirable - message to those who might use Bro. The problems were significant enough that during BroCon community sessions, several people have mentioned substantial difficulties in getting their upper management to even consider using open-source software with such a seemingly ill-chosen, off-putting name.

Back End: Apache Kafka, 'Serverless'

Filed under
Server
OSS

Microsoft Lies and Openwashing

Filed under
Microsoft
OSS

Red Hat Leftovers

Filed under
Red Hat

Why MX Linux Is the Windows Alternative You’ve Been Waiting For

Filed under
GNU
Linux

If you’re looking for a Windows alternative but have shied away from Linux, MX Linux may be the solution you’ve been waiting for.

Linux distributions have always held promise for Windows users to migrate away from an expensive OS. Even Windows 10 has enough quirks and issues that a truly robust and functional Linux alternative could easily entice longtime Windows users to switch.

Let’s take a closer look at MX Linux from the perspective of a longtime Windows user.

Read more

Chromebox and Chrome 'Hacks'

Filed under
Google
  • CTL’s New CBX1 Chromebox is a Powerhouse at a Great Price

    Chromeboxes are really great desktops for users who have moved their workflow into a web browser, especially at lower prices. You don’t need higher specs inside a Chromebox for it to work well, but it can help.

    For those who want a supercharged Chromebox on the cheap, Oregon-based CTL has just the thing for you. Its new Chromebox—the CBX1—has all the high-end parts you could want, at a comparatively low price.

  • How to Install Progressive Web Apps (PWAs) in Chrome

    Chrome 70, available now, lets you install “Progressive Web Apps,” or PWAs, on Windows. When you visit a website with a PWA, like Twitter or Spotify, you can now “install” it to make it behave more like a normal desktop application.

  • How to Stop Chrome From Automatically Signing You Into the Browser

    With Chrome 69, Google began automatically signing you into the Chrome browser whenever you signed into a Google website like Gmail. Chrome 70, available now, has a hidden option to disable this feature.

    We don’t think most Chrome users will care about this. But, if you do care, Google now gives you a choice. And that’s good news.

MongoDB Becomes Less Affero GPL-Like

Filed under
Server
OSS
Legal
  • Fed up with cloud giants ripping off its database, MongoDB forks new open-source license

    After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.

    And, inevitably, some responded by forking the affected code.

    Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.

    "Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.

    Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.

  • MongoDB switches up its open-source license

    MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. To combat this, MongoDB today announced it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.

    Previously, MongoDB used the GNU AGPLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.

  • MongoDB license could push open source deeper into cloud: Is this what industry needs?

    Things just got serious in open source land. Despite the occasional Commons Clause or Fair Source licensing attempt to change the meaning of the words "open source" to include "the right for a private company to make money from its open source efforts," we've stuck to the Open Source Definition, and it has served us well. Open source communities have become the center of the innovation universe, giving us exceptional code like Linux, Kubernetes, Apache Kafka, and more.

  • It's MongoDB's turn to change its open source license

    The old maxim that the nice thing about standards is that there are so many to choose from could well apply to open source licensing. While now nearing a couple years old, the last WhiteSource Software survey of the top 10 open source licenses found close competition between the GPL, MIT, and Apache licenses. While the commercial-friendly Apache license has dominated the world of big data platforms and AI frameworks, MIT and GPL (which has "copyleft" provisions requiring developers to contribute back all modifications and enhancements) continues to be popular. GPL and variants such as the AGPL have been popular amongst vendors that seek to control their own open source projects, like MongoDB.

  • Matthew Garrett: Initial thoughts on MongoDB's new Server Side Public License

    MongoDB just announced that they were relicensing under their new Server Side Public License. This is basically the Affero GPL except with section 13 largely replaced with new text, as follows:

    "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.

    “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

    MongoDB admit that this license is not currently open source in the sense of being approved by the Open Source Initiative, but say:"We believe that the SSPL meets the standards for an open source license and are working to have it approved by the OSI."

    At the broadest level, AGPL requires you to distribute the source code to the AGPLed work[1] while the SSPL requires you to distribute the source code to everything involved in providing the service. Having a license place requirements around things that aren't derived works of the covered code is unusual but not entirely unheard of - the GPL requires you to provide build scripts even if they're not strictly derived works, and you could probably make an argument that the anti-Tivoisation provisions of GPL3 fall into this category.

Syndicate content

More in Tux Machines

Android Leftovers

Tiny NanoPi Duo2 SBC offers camera connector

FriendlyElec has launched a tiny, under $20 “NanoPi Duo2” board that updates the original Duo with an Allwinner H3, Bluetooth, a camera connector, and an optional 2G carrier board. FriendlyElec has spun out a modest upgrade to last year’s $13 (previously $8) NanoPi Duo. Like the Duo, the COM-like, $19.50 NanoPi Duo2 includes two 16-pin GPIO headers with breadboard pins in a dual-in-line layout. Read more

today's leftovers

  • OSNEXUS and Pogo Linux to Exhibit Software-Defined Storage Solutions at All Things Open
  • Warning: 'Soul Calibur 6' Is Causing A Serious Problem For Linux Gamers
    The good news: right out of the box, Soul Calibur VI seems to offer decent performance on Linux via Steam Play and Proton. The bad news? The game fails to detect an online network, and then when gamers switch over to play on Windows they're finding themselves completely blocked from playing the fighter online.
  • Latte Dock, new painting is coming...
    In the video you can see the upcoming coloring mechanism of Latte's next version. Even though I am using plasma 5.14 and I love it, it is also the reason I am already expecting impatiently plasma 5.15 this January!! :) This functionality can be supported only with plasma 5.15 .
  • BGP LLGR: robust and reactive BGP sessions
    On a BGP-routed network with multiple redundant paths, we seek to achieve two goals concerning reliability: A failure on a path should quickly bring down the related BGP sessions. A common expectation is to recover in less than a second by diverting the traffic to the remaining paths. As long as a path is operational, the related BGP sessions should stay up, even under duress.
  • Measuring the speaker frequency response using the AUDMES free software GUI - nice free software
    My current home stereo is a patchwork of various pieces I got on flee markeds over the years. It is amazing what kind of equipment show up there. I've been wondering for a while if it was possible to measure how well this equipment is working together, and decided to see how far I could get using free software. After trawling the web I came across an article from DIY Audio and Video on Speaker Testing and Analysis describing how to test speakers, and it listing several software options, among them AUDio MEasurement System (AUDMES). It is the only free software system I could find focusing on measuring speakers and audio frequency response. In the process I also found an interesting article from NOVO on Understanding Speaker Specifications and Frequency Response and an article from ecoustics on Understanding Speaker Frequency Response, with a lot of information on what to look for and how to interpret the graphs. Armed with this knowledge, I set out to measure the state of my speakers. The first hurdle was that AUDMES hadn't seen a commit for 10 years and did not build with current compilers and libraries. I got in touch with its author, who no longer was spending time on the program but gave me write access to the subversion repository on Sourceforge. The end result is that now the code build on Linux and is capable of saving and loading the collected frequency response data in CSV format. The application is quite nice and flexible, and I was able to select the input and output audio interfaces independently. This made it possible to use a USB mixer as the input source, while sending output via my laptop headphone connection. I lacked the hardware and cabling to figure out a different way to get independent cabling to speakers and microphone.
  • Arm Offers Lower Cost Cortex-A5 License
    Arm is now offer a low-cost route to developing Cortex-A5 based Linux-capable ASICs for embedded Internet of Things (IoT) devices featuring advanced edge processing, with a new one-year license fee of $75,000. This fee provides access to the CPU IP and one year of design support, through Arm's DesignStart program.
  • Arm DesignStart program expands to accelerate Linux-based embedded design
    While the breadth of IoT provides endless possibilities for advanced software development, it also holds challenges for designers. In a rapidly changing and competitive market, designers need to differentiate their products and deliver enhanced designs at the lowest cost in the fastest time possible. One avenue for differentiation is “rich embedded processing”, which we define at Arm as providing an advanced level of performance and sophistication. Sometimes that includes an interactive user interface, but on the whole, it is about offering advanced capability. These products use a comprehensive set of software stacks and benefit from the breadth of ready-to-run middleware and applications available on fully featured operating systems such as Linux. Companies developing rich embedded IoT designs are now turning toward application-specific integrated circuits (ASICs) to meet their specific needs.

Red Hat: OpenShift and Awards

  • OpenShift Commons Briefing: OpenShift 3.11 Release Update with Scott McCarty (Red Hat)
    In this briefing, Red Hat’s Scott McCarty and numerous other members of the OpenShift Product Management team gave an in-depth look at Red Hat’s OpenShift’s latest release 3.11 and some insights in to the road ahead.
  • Awards roll call: Red Hat awards, June to October 2018
    Depending on the weather in your region, it’s safe to say that the seasons are changing so it’s a good time to look back at what was a busy few months for Red Hat, especially when it came to industry awards for our technical and product leadership. In recent months, Red Hat products and technologies took home twenty awards, highlighting the breadth and depth of our product portfolio as well as the expertise that we provide to our customers. In addition, Red Hat as a company won five awards recognizing its growth and culture as a leader in the industry.
  • More advice from a judge - what it takes to win a Red Hat Innovation Award
    Last year I penned the below post to provide insight into what the judges of the Red Hat Innovation Awards are looking for when reviewing submissions. Looking back, I would give almost the identical advice again this year...maybe with a few tweaks. With all the stellar nominations that we receive, the question I often get is, “how can we make our entry standout?” There’s no magic formula for winning the Red Hat Innovation Awards, but there are things that the other judges and I look for in the entries. Overall, we’re looking for the project that tells a compelling story. It’s not just about sharing what Red Hat products and services you used, we want to hear the full narrative. What challenges did you face; how you implemented the project; and ultimately, what was the true business impact and transformation that took place? Submissions that are able to showcase how open source culture and values were key to success, or how the project is making a difference in the lives of others, are the entries that most often rise to the top.