Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 18 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Linux in Cars and Watches

Filed under
Linux
  • Here’s every company developing self-driving car tech at CES 2018

    Then there’s a fleet of companies with new interfaces to facilitate how you interact with your car (human-machine interaction, or HMI – because, of course, there’s an acronym), as well as a small armada working on automotive-grade Linux, which pretty much everyone seems to think is going to be at the heart of every self-driving vehicle someday. Sorry, Windows.

  • Verizon now rolling out Gear S3 update with Tizen 3.0 and battery bug fix

    Verizon, one of the big mobile and data wireless carriers in the US, is currently rolling out a new software update for the Gear S3 and Gear S3 Frontier smartwatches. The updates are for Tizen 3.0.0.1 and, from the feedback we’ve received, it looks like the updates also contain the recent battery bug fix that was released by Samsung.

Servers: Concurrency, Purism, InSpec, Kubernetes, Docker/Containers

Filed under
Server
  • Thinking Concurrently: How Modern Network Applications Handle Multiple Connections

    The idea behind a process is fairly simple. A running program consists of not only executing code, but also data and some context. Because the code, data and context all exist in memory, the operating system can switch from one process to another very quickly. This combination of code + data + context is known as a "process", and it's the basis for how Linux systems work.

    When you start your Linux box, it has a single process. That process then "forks" itself, such that two identical processes are running. The second ("child") process reads new code, data and context ("exec"), and thus starts running a new process. This continues throughout the time that a system is running. When you execute a new program on the command line with & at the end of the line, you're forking the shell process and then exec'ing your desired program in its place.

  • New Purist Services – Standard Web Services Done Ethically

    When you sign up for a communication service, you are typically volunteering to store your personal, unencrypted data on someone else’s remote server farm. You have no way of ensuring that your data is safe or how it is being used by the owner of the server. However, online services are incredibly convenient especially when you have multiple devices.

  • Automated compliance testing with InSpec

    Don't equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT.

  • How the Kubernetes Certification Ensures Interoperability

    Dan Kohn, executive director of the Cloud Native Computing Foundation, has called the launch of the new Kubernetes service provider certification program the most significant announcement yet made by the Foundation around the open source container orchestration engine.

    On this new episode of The New Stack Makers from KubeCon + CloudNativeCon 2017, we’ll learn more from Kohn and William Denniss, a product manager at Google, about how the program can help ensure interoperability and why that’s so important.

  • Container Structure Tests: Unit Tests for Docker Images

    Usage of containers in software applications is on the rise, and with their increasing usage in production comes a need for robust testing and validation. Containers provide great testing environments, but actually validating the structure of the containers themselves can be tricky. The Docker toolchain provides us with easy ways to interact with the container images themselves, but no real way of verifying their contents. What if we want to ensure a set of commands runs successfully inside of our container, or check that certain files are in the correct place with the correct contents, before shipping?

  • Prometheus vs. Heapster vs. Kubernetes Metrics APIs

    In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

  • Google Introduces Open Source Framework For Testing Docker Images

    Google has announced a new framework designed to help developers conduct unit tests on Docker container images. 

    The Container Structure Test gives enterprises a way to verify the structure and contents of individual containers to ensure that everything is as it should be before shipping to production, the company said in the company’s Open Source blog Jan. 9. 

    Google has been using the framework to test containers internally for more than a year and has released it publicly because it offers an easier way to validate the structure of Docker containers than other approaches, the company said.

Linux Foundation's Work on SPDX and Work for Microsoft

Filed under
Linux
Microsoft
  • SPDX clears confusion around software licenses

    Around this time every year, our minds turn to copyright. Or maybe they turn more to copyright. After all, open source works because of copyright law. As you may already know, copyright laws give the authors of works the exclusive right to copy (among other things) their work. These rights attach as soon as the work is fixed in a tangible medium (written down, saved to disk, etc.). So the rights that open source licenses grant rely on copyright law.

    But what rights are specifically granted? That depends on which license the developer selects. Most projects use one of a few standard licenses, but they're not always clearly communicated. For example, a project may be released under "the GNU General Public License (GPL)." But which version? And can the recipient choose a later version if they wish?

    The Software Package Data Exchange (SPDX) is a Linux Foundation project to help reduce the ambiguity of software by defining standards for reporting information. The license is one such piece of information. SPDX provides a format for listing the specific license variant and version that applies to a software package. With over 300 licenses, you're likely to find the one you use. The License List contains a human-friendly name, a short name, and a link to the full license text. SPDX also provides guidelines for matching the text of a license file to the official text of the license.

  • The Linux Foundation announces Linux on Azure training course to speed with Linux and vice versa

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced on Thursday the availability of a new training course, LFS205 – Administering Linux on Azure.

    A large number of the virtual machines running in Azure are utilizing the Linux operating system. Both Linux and Azure professionals should make sure they know how to manage Linux workloads in an Azure environment as this trend is likely to continue.

  • The Linux Foundation launches 'Administering Linux on Azure' training course

    Linux is very much mainstream nowadays. What was once viewed as a hobby and niche project, is transforming the world. Many of the world's servers are running Linux-based operating systems. Hell, the most popular mobile operating system on the planet, Android, is Linux-based. Even closed-source champion Microsoft is embracing Linux by integrating it into Windows 10 and offering it on its Azure platform.

  • 4 Days Left to Submit Your Proposal for Open Networking Summit NA 2018

    The call for proposals deadline is quickly approaching! With more than 2000 attendees expected at this year’s event, submit before Sunday, January 14, 2018 at 11:59pm PST to share your ideas and expertise with the open networking community.

Linux and Graphics (Phoronix)

Filed under
Graphics/Benchmarks
Linux
  • Systemd 237 Will Have Support For WireGuard

    The next release of systemd, v237, will introduce support for WireGuard. WireGuard as a reminder is the effort to provide a fast, modern and secure VPN tunnel that eventually plans to be part of the mainline Linux kernel.

    Systemd's networkd component recently merged patches for supporting WireGuard that have been in the works since September 2016. From the systemd perspective it's implementing support for the new "wireguard" interface type and supporting key management.

  • Some Of The Other Changes Slated For Linux 4.16

    There's still a week and a half to go until the Linux 4.15.0 stable kernel release is expected and that rings in the Linux 4.16 merge window. On top of various Linux 4.16 changes already talked about, here's a look at some of the other kernel features/additions expected for this next release cycle.

  • Wayland 1.15 & Weston 4.0 Planning For Release Next Month

    Ongoing Wayland/Weston release manager Bryce Harrington of Samsung's Open-Source Group has laid out plans for the next releases of Wayland and the reference Weston compositor.

    It's been a half-year since the release of Wayland 1.14 and Weston 3.0, so Bryce is trying to build up interest in getting out new releases in the weeks ahead.

  • NVIDIA Contributes Some New Tegra/Nouveau Patches

    It's not any re-clocking code or magical improvements for Nouveau's Pascal support, but on the Tegra side a NVIDIA developer has volleyed some new open-source patches.

  • Initial Intel Ice Lake PCH Support Posted
  • The Linux Graphics Stack Gets Further Meson-ized: Now With Libdrm Support

    The work on adding optional Meson build system support to the Linux graphics stack and other key open-source projects continues...

    Going back to last September has been work for Meson-izing Mesa as an alternative build system rather than Autotools, CMake, or SCons within Mesa. It's been delivering fast results and since the initial port landed more Mesa components have become supported by the Meson build.

  • Server-Side GLVND Updated While X.Org Server 1.20 Drags On

    Adam Jackson of Red Hat has sent out the second version of the ongoing patches for providing server-side GLVND functionality for the X.Org Server.

    Most of you faithful Phoronix readers should be familiar with GLVND, the OpenGL Vendor Neutral Dispatch Library. That's the effort led by NVIDIA and supported by others in the ecosystem for improving the "Linux OpenGL driver ABI" by allowing for multiple OpenGL drivers to happily co-exist on the same system without fighting over libGL.so. and the like. That's been going well but server-side GLVND for the X.Org Server takes things a step further.

  • A Look At Linux Hardware/Software Trends Over The Past Seven Years

    Here are some Linux hardware and software statistics going back to 2011.

Software: OpenGenus, StackEdit, Lightworks

Filed under
Software
  • OpenGenus Quark: The World’s First Offline Search Engine To Search Code

    You’re searching a code for your project online and the Internet connection is suddenly dropped. What would you do? Just sitting idle and waiting for the Internet connection to be back? Not necessary! Now, you can search your favorite code written in any language even if there is no Internet connection. Sounds awesome? Indeed! Say hello to “OpenGenus Quark” – the World’s first Offline Search Engine that helps you to search code for any algorithm or data-structure in your favorite language in seconds. Be it a C++ code, or Java or Python, OpenGenus Quark will instantly display a lot of sample codes in a matter of second. OpenGenus community is constantly adding more codes everyday. So if the code you’re looking for is not available, no worries! Just mail them and they will take care of it.

  • StackEdit – An In-Browser Markdown Editor for Professionals

    You might not have heard about PageDown before, but you must have heard about Stack Overflow and its sister sites. Well, PageDown is the Markdown library those services use. And it is also what StackEdit is based on.

    StackEdit is a full-featured modern, open-source Markdown editor and it is what is used by Stack Overflow and all its sibling sites.

  • New Lightworks RC3 Version 14.1 revision 102835 Now Available on Windows Linux and Mac!
  • Lightworks 14.1 Video Editor Steps Closer To Release

    The multi-platform, professional-grade Lightworks non-linear video editing system is getting close to releasing version 14.1.

Games: Civilization VI, Hex: Shards of Fate, Next Up Hero, Shoppe Keep 2, Cendric and More

Filed under
Gaming
  • The “Fall 2017” update for Civilization VI has finally made it to Linux

    I’ll mention it right at the top: there’s still no cross-platform multiplayer as of this update.

    Putting that aside, this latest update makes a few important changes to Civilization VI [Official Site]. Perhaps most notably, religion has seen a reformation of sorts with new units, pantheons, rules and balancing passes that have changed up how that aspect of the game develops. I noticed from a quick game that it’s now much easier to tell apart the different religions of missionaries and see how trade affects the spreading of faith. Likewise, in a similar vein, a lot of the game’s UI has seen a lot of changes for the better. The diplomacy screen has been overhauled and there’s all sorts of small touches that make it simpler to understand the information the game is throwing at you.

    The Khmer and Indonesia are also now in the game as part of a DLC pack. It also adds both a new wonder, Ankor Wat, as well as a natural wonder, Ha Long Bay. Like with the other DLC thus far, there’s also a new scenario included with special rules but, as of the time of writing this article, it’s not selectable on the in-game list. I contacted Aspyr about that omission and I’ve been told that they’ll look into it. Hopefully it’s just something that was overlooked and easily fixed.

  • Hex: Shards of Fate, a digital card game, has unofficial Linux builds available

    This rather fun trading card game has had unofficial builds that run on Linux for a little while now. I tried them out and it’s a pretty fun game, but don’t expect official support anytime soon.

  • Next Up Hero from Digital Continue & Aspyr Media won't be on Linux until the full release

    For those excited by Next Up Hero [Steam, Official Site], the new 2D action game from Digital Continue & Aspyr Media we have somewhat bad news, as there's no Linux support during Early Access.

  • Merchant simulator 'Shoppe Keep 2' to have Linux support at Early Access launch

    The developer of Shoppe Keep 2 [Steam, Official Site] has announced that Linux will be supported in their merchant simulator when it launches in Early Access.

  • Cendric, an RPG and Platformer hybrid will launch on Linux in March

    Cendric [Steam, Official Site] is an interesting discovery, a game this mixes platformer gameplay with an RPG and it will launch with Linux support in March.

    What's interesting, is that the game is open on GitHub, where a lot of the assets are under a mixure of Creative Commons licenses. Unsure about the code, since it isn't mentioned. The actual game engine is custom-made and is based on the SFML library.

  • Voting is now open for our Linux GOTY Awards

Red Hat and Fedora Articles/News

Filed under
Red Hat
  • Top predictions for 2018 point toward security and innovation

    When thinking about future trends, it’s important to have a strong understanding of the important innovations impacting most sectors, and pair that understanding with an intuition around what impacts those innovations will have to most organizations in 2018.

    Innovation is crucial to federal agencies, but is muted when security becomes a factor. When it comes to impactful trends in the new year, it’s all about three things: security, security, security. Despite the fact that a Ponemon Institute study recently showed that the global average cost of a data breach is down 10 percent over previous years to $3.62 million, according CSO, the average size of a data breach increased nearly two percent. This stat signifies that security will continue to be a top concern for 2018, just as it was in 2017, and will be in 2019.

  • How inner sourcing saved our IT department

    Red Hat is a company with roughly 11,000 employees. The IT department consists of roughly 500 members. Though it makes up just a fraction of the entire organization, the IT department is still sufficiently staffed to have many application service, infrastructure, and operational teams within it. Our purpose is "to enable Red Hatters in all functions to be effective, productive, innovative, and collaborative, so that they feel they can make a difference,"—and, more specifically, to do that by providing technologies and related services in a fashion that is as open as possible.

    Being open like this takes time, attention, and effort. While we always strive to be as open as possible, it can be difficult. For a variety of reasons, we don't always succeed.

  • Red Hat, Inc.’s (RHT) stock price ends at $126.16 with performance of 1.33% on volume of 2098805 shares
  • Traders Secrets on Red Hat, Inc. (RHT), Nutanix, Inc. (NTNX)
  • Copr Modularity in retrospect

    his article is about the journey that we made since the Fedora modularity project started and we decided to get involved and provide modularity features in Copr. It has been a long and difficult road and we are still not on its end because the whole modularity project is a living organism that is still evolving and changing. Though, we are happy to be part of it.

  • 10 Fedora Women Days across the world

    Different topics were covered during the events, not only for people already familiar with our community but especially for newcomers intrigued by the open source world and willing to join the Fedora Project. This year we presented in Guwahati, Bangalore, Tirana, Managua, Cusco, Puno, Pune, Lima, Brno and Prishtina, spreading the word about Fedora and saying thank you to all the women contributors to our project.

    Even though the events were dedicated to women, everyone of all identities were welcomed to participate or give a talk. We are glad to see how much interest there was in these events in different local communities and how successful they were, making the decision easier for us to organize them again next year.

  • The Fedora 28 Wallpaper Contest is Open for Entries

    If you’re in any way creative, and want to give something back to the Linux community, here’s your chance!

    Fedora is on the hunt for a new set of desktop wallpapers sourced from the open source community.

    The distro invites open source enthusiasts to submit their very best photographs and illustrations for possible inclusion in the add-on wallpaper pack for its next major release, Fedora 28.

  • Submit Wallpaper for Fedora 28 Supplemental Wallpaper!
  • My FLOSS​ Year in Review

    Thanks to the Fedora Project, GNOME, BacktrackAcademy and the Linux Foundation, I was able to organize FLOSS events mostly in Lima, Peru. Besides that, I did a voluntary work as speaker in FLOSS workshops and IT conference in other parts of the world, being interviewed to reach more newcomers into the challenging Linux world, and do online training.

OSS Leftovers

Filed under
OSS
  • Deep learning wars: Is Facebook-backed PyTorch an answer to Google’s TensorFlow?

    The rapid rise of tools and techniques in Artificial Intelligence and Machine learning of late has been astounding. Deep Learning, or “Machine learning on steroids” as some say, is one area where data scientists and machine learning experts are spoilt for choice in terms of the libraries and frameworks available. A lot of these frameworks are Python-based, as Python is a more general-purpose and a relatively easier language to work with. Keras, Theano, TensorFlow are a few of the popular deep learning libraries built on Python, developed with an aim to make the life of machine learning experts easier.

  • Libre in Las Vegas

    It's no secret that Aleph Objects, by design, does not have trade secrets. As the makers of the LulzBot brand of 3D printers, our industry-leading transparency is born out of a passion for free software, libre innovation, and open source hardware.

    Every software tool we use to make our certified open source hardware is free software. Libre innovation encourages this kind of fanatical transparency, freeing us to share not only our bill of materials and internal assembly documentation, but even things like our research projects on our public development server. We confidently share everything that goes into our products—and more importantly, it lets us show you how they're made and how to get involved.

  • Ceph Day Germany 2018

    I'm glad to annouce that there will be a Ceph Day on the 7th of February 2018 in Darmstadt. Deutsche Telekom will host the event. The day will start at 08:30 with registration and end around 17:45 with an one hour networking reception. 
    We have already several very interesting presentations from SUSE, SAP, CERN, 42.com, Deutsche Telekom AG and Red Hat on the agenda and more to come. If you have an interesting  15-45 min presentation about Ceph, please contact me to discuss if we can add it to the agenda. Presentation language should be German or English.

  • #AWChat: How Prebid.org & Open Source Will Shape the Ad Tech Landscape

    Some wrapper solutions are built on open source technology, while others are proprietary. Today, we are here to talk about Prebid, the leading open source solution that enables publishers to quickly implement header bidding.

  • 20 years on, open source hasn’t changed the world as promised

    Open source has officially been a thing for 20 years now. Did anyone notice?

    No, really. For something as revolutionary as open source, you’d think it would have changed the way all software is developed, sold, and distributed. Unfortunately for those party planners looking to celebrate the 20-year anniversary of open source, it hasn’t—changed software, that is. For most developers, most of the time, software remains stubbornly proprietary.

  • OPNsense 18.1-RC1 released
  • FreeBSD-Powered OPNsense 18.1-RC1 Released

    For fans of the pfSense-forked OPNsense FreeBSD-based firewall/network operating system, the first release candidate of OPNsense 18.1 is available for testing.

  • Top 5: Favorite Linux distros, retro gaming on Raspberry Pi, and more

    This week we look at how open source projects are viewed by college students, unusual tools for agile team development, setting up a Raspberry Pi for retro gaming, the future of Kubernetes, and our annual Linux distro poll.

Firefox Development News

Filed under
Moz/FF
  • Not every bit of code you write needs to be optimal

    It's easy to fall into the trap of obsessing about performance and try to micro-optimize every little detail in the code you're writing. Or reviewing for that matter. Most of the time, this just adds complexity and is a waste of effort.

    If a piece of code only runs a few (or even a few hundred) times a second, a few nanoseconds per invocation won't make a significant difference. Chances are the performance wins you'll gain by micro optimizing such code won't show up on a profile.

  • Making tab switching faster in Firefox with tab warming

    Since working on the Electrolysis team (and having transitioned to working on various performance initiatives), I’ve been working on making tab operations feel faster in Firefox. For example, I wrote a few months back about a technique we used to make tab closing faster.

    Today, I’m writing to talk about how we’re trying to make tab switching feel faster in some cases.

  • Firefox 60 Is The Next ESR Release, Introducing Policy Engine

    For those sticking to Firefox Extended Support Releases, the Firefox 60 branch will be the next ESR version.

    Firefox 60 will be an ESR release and the plan is to have the ESR 60.0 release out on 8 May, the Firefox 60.1 ESR release on 3 July, and to end Firefox 52 ESR on 28 August when releasing Firefox 60.2.

Programming/Development: JavaScript, Go, Qt, and GitHub

Filed under
Development
  • Exploring Node.js with Mark Hinkle, Executive Director of the Node.js Foundation

    Even though JavaScript has been around for more than 20 years, it’s becoming the first-class citizen for developing enterprise applications. There is a huge developer community behind this technology.

    What makes things even more interesting is that, with Node.js, JavaScript can run on server, so developers can write applications that run end-to-end in JavaScript. Node.js is very well suited for service applications because server applications are increasingly becoming single function event-driven microservices.

  • As Go 2.0 Nears, AWS Launches Developer Preview of Go SDK 2.0
  • PackageKit-Qt Updated With Qt5 Port, Offline Updates & Performance Improvement

    The PackageKit-Qt project that provides Qt bindings for PackageKit has simultaneously released versions v0.10 and v1.0.

  • PackageKitQt 1.0.0 and 0.10.0 released!

    PackageKitQt is a Qt Library to interface with PackageKit

    It’s been a while that I don’t do a proper PackageKitQt release, mostly because I’m focusing on other projects, but PackageKit API itself isn’t evolving as fast as it was, so updating stuff is quite easy.

  • GitHub Knows

    I was reflecting the other day how useful it would be if GitHub, in addition to the lists it has now like Trending and Explore, could also provide me a better view into which projects a) need help; and more, Cool can accept that help when it arrives. Lots of people responded, and I don't think I'm alone in wanting better ways to find things in GitHub.

    Lots of GitHub users might not care about this, since you work on what you work on already, and finding even more work to do is the last thing on your mind. For me, my interest stems from the fact that I constantly need to find good projects, bugs, and communities for undergrads wanting to learn how to do open source, since this is what I teach. Doing it well is an unsolved problem, since what works for one set of students automatically disqualifies the next set: you can't repeat your success, since closed bugs (hopefully!) don't re-open.

    And because I write about this stuff, I hear from lots of students that I don't teach, students from all over the world who, like my own, are struggling to find a way in, a foothold, a path to get started. It's a hard problem, made harder by the size of the group we're discussing. GitHub's published numbers from 2017 indicate that there are over 500K students using its services, and those are just the ones who have self-identified as such--I'm sure it's much higher.

Security: Updates, AMD, Intel, IBM/Power, Blender 3D, CES and More

Filed under
Security
  • Security updates for Friday
  • AMD processors: Not as safe as you might have thought

    In a posting. Mark Papermaster, AMD's CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, "We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue."

  •  

  • AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

    Last week in light of the Spectre disclosure. AMD believed they were at "near zero risk" to Variant Two / Branch Target Injection. But now the company confirmed last night that's not the case: they are at least potentially vulnerable.

  • AMD Confirms Its Chips Are Affected By Spectre Flaw, Starts Pushing Security Patches
  • Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs

    On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

  • Power Systems And The Spectre And Meltdown Threats

    Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

    Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.

  • Blender 3D open source platform plagued with arbitrary code vulnerabilities

    Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

  • Technologies That Secure the Home, WiFi and More Debut at CES 2018
  • What is the Future of Wi-Fi?
  • Spectre and Meltdown Attacks Against Microprocessors

    This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.

  • Four Tips for a More Secure Website

    Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

  • What is DevSecOps? Developing more secure applications

    The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

Security: Intel, Cisco, Apple, FBI

Filed under
Security
  • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
  • Intel's Microcode Update for Spectre Exploit Is Now Available in Ubuntu's Repos

    Canonical announced a few moments ago that Intel's latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

    After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

  • Cisco can now sniff out malware inside encrypted traffic

    Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

    Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) - available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

    Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

  • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

    According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

  • Intel tells select customers not to use its bug fixes

    Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

  • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
  • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

    The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

    H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

    Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

  • FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

    The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

    Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

  • Canonical Says It'll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

    Canonical's Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

    By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

7 Open-Source Serverless Frameworks Providing Functions as a Service

Filed under
OSS

With virtualization, organizations began to realize greater utilization from physical hardware. That trend continued with the cloud, as organization began to get their virtual machines in a pay-as-you-go service.

Read more

Raspberry Pi Zero WH SBCs Are Now Available with Professionally Soldered Headers

Filed under
Linux

Meet Raspberry Pi Zero WH, the third Raspberry Pi Zero model, which offers the same features as Raspberry Pi Zero W and a professionally soldered header that might come in handy for those who don't know how to solder their own header on a Raspberry Pi Zero W board, and it's also perfect for those tiny projects of yours.

"Imagine a Raspberry Pi Zero W. Now add a professionally soldered header. Boom, that’s the Raspberry Pi Zero WH," says Alex Bate. "It’s your same great-tasting Pi, with a brand-new…crust? It’s perfect for everyone who doesn’t own a soldering iron or who wants the soldering legwork done for them."

Read more

Linux Phones That Could Not Survive

Filed under
Linux
Gadgets

Though it hasn’t been sunny for Linux on smartphones. There are some interesting things to look forward to. The Librem 5 Linux phone has been creating a lot of buzz and is expected to hit the floors this year. One major reason for a Pure Linux phone not being successful could be that they haven’t been made available to the world. Most of the times they are sold only in certain regions and with lower end configuration.

Read more

Top 3 Linux Distributions That ‘Just Work’

Filed under
Linux

Twenty years ago, when I first started using Linux, finding a distribution that worked, out of the box, was an impossible feat. Not only did the installation take some serious mental acuity, configuring the software and getting connected to the Internet was often a challenge users were reluctant to attempt.

Today, things are quite different. Linux now offers distributions that anyone can use, right out of the box. But, even among those distros that “just work,” some rise to the top to stand as the best in breed. These particular flavors of Linux are perfect for users hoping to migrate away from Windows or mac OS and who don’t want to spend hours getting up to speed on how the platform works, or (more importantly) making the system perform as expected.

Read more

Raspberry Pi: Hands-On with the Pi Server tool

Filed under
Linux
Server

When the Raspberry Pi Foundation announced Raspbian (Debian) Stretch for x86 and Macs, there was a very brief mention of something called PiServer to manage multiple Pi clients on a network, with a promise to cover it in more detail later.

Well, 'later' has now arrived, in the form of a new Raspberry Pi Blog post titled The Raspberry Pi PiServer Tool. In simple terms, the PiServer package allows you to manage multiple Raspberry Pi clients from a single PC or Mac server. Here are the key points:

Read more

Remove GUEST Session From Ubuntu Login Screen

Filed under
Linux

A guest session on Ubuntu allows having a temporary user account and access the Ubuntu machine. The desktop of a guest session looks like it does when a regular user logs in. Behind the scenes, Ubuntu controls the access privileges for a guest session.

Read<br />
more

Syndicate content

More in Tux Machines

Kernel: Kernelci.org, Tripwire, Linux Foundation, R600 Gallium3D

  • Kernelci.org automated bisection
    The kernelci.org project aims at continuously testing the mainline Linux kernel, from stable branches to linux-next on a variety of platforms. When a revision fails to build or boot, kernel developers get informed via email reports. A summary of all the results can also be found directly on the website.
  • Securing the Linux filesystem with Tripwire
    While Linux is considered to be the most secure operating system (ahead of Windows and MacOS), it is still vulnerable to rootkits and other variants of malware. Thus, Linux users need to know how to protect their servers or personal computers from destruction, and the first step they need to take is to protect the filesystem. In this article, we'll look at Tripwire, an excellent tool for protecting Linux filesystems. Tripwire is an integrity checking tool that enables system administrators, security engineers, and others to detect alterations to system files. Although it's not the only option available (AIDE and Samhain offer similar features), Tripwire is arguably the most commonly used integrity checker for Linux system files, and it is available as open source under GPLv2.
  • Open Source Networking and a Vision of Fully Automated Networks
    Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed open source networking trends at Open Source Summit Europe. Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation. “Networking is cool again,” he said, opening his keynote address with observations on software-defined networks, virtualization, and more. Joshipura is no stranger to network trends. He has led major technology deployments across enterprises, carriers, and cloud architectures, and has been a steady proponent of open source. “This is an extremely important time for our industry,” he said. “There are more than 23 million open source developers, and we are in an environment where everyone is asking for faster and more reliable services.”
  • R600 Gallium3D Gets Some Last Minute Improvements In Mesa 18.0
    These days when Dave Airlie isn't busy managing the DRM subsystem or hacking on the RADV Vulkan driver, he's been spending a fair amount of time on some OpenGL improvements to the aging R600 Gallium3D driver. That's happened again and he's landed some more improvements just ahead of the imminent Mesa 18.0 feature freeze.

OSS Leftovers

  • Reliance Jio and global tech leaders come together to push Open Source in India
    The India Digital Open Summit which will be held tomorrow at the Reliance Corporate Park campus in Navi Mumbai -is a must-attend event for industry leaders, policymakers, technologists, academia, and developer communities working towards India’s digital leadership through Open Source platforms. The summit is hosted by Reliance Jio in partnership with the Linux Foundation and supported by Cisco Systems.
  • Open-source software simulates river and runoff resources
    Freshwater resources are finite, unevenly distributed, and changing through time. The demand—and competition—for water is expected to grow both in the United States and in the developing/developed world. To examine the connection between supply and demand and resulting regional and global water stresses, a team developed Xanthos. The open-source hydrologic model is available for free and helps researchers explore the details and analyze global water availability. Researchers can use Xanthos to examine the implications of different climate, socioeconomic, and/or energy scenarios over the 21st century. They can then assess the effects of the scenarios on regional and global water availability. Xanthos can be used in three different ways. It can operate as an independent hydrologic model, driven, for example, by scenarios. It can serve as the core freshwater supply component of the Global Change Assessment Model, where multiple sectors and natural systems are modeled simultaneously as part of an interconnected, complex system. Further, it can be used by other integrated models and multi-model frameworks that focus on energy-water-land interactions.
  • “The Apache Way” — Open source done well
    I was at an industry conference and was happy to see many people stopping by the Apache booth. I was pleased that they were familiar with the Apache brand, yet puzzled to learn that so many were unfamiliar with The Apache Software Foundation (ASF). For this special issue, “All Eyes On Open Source”, it’s important to recognize not just Apache’s diverse projects and communities, but also the entity behind their success. Gone are the days when software and technology, in general, were developed privately for the benefit of the few. As technology evolves, the challenges we face become more complex, and the only way to effectively move forward to create the technology of the future is to collaborate and work together. Open Source is a perfect framework for that, and organizations like the ASF carry out a decisive role in protecting its spirit and principles.
  • ​Learn how to run Linux on Microsoft's Azure cloud
  • LLVM 6.0-RC1 Makes Its Belated Debut
    While LLVM/Clang 6.0 was branched earlier this month and under a feature freeze with master/trunk moving to LLVM 7.0, two weeks later the first release candidate is now available. Normally the first release candidate comes immediately following the branching / feature freeze, but not this time due to the shifted schedule with a slow start to satisfy an unnamed company seeking to align their internal testing with LLVM 6.0.
  • Hackers can’t dig into latest Xiaomi phone due to GPL violations
     

    Yet another Android OEM is dragging its feet with its GPL compliance. This time, it's Xiaomi with the Mi A1 Android One device, which still hasn't seen a kernel source code release.  

    Android vendors are required to release their kernel sources thanks to the Linux kernel's GPLv2 licensing. The Mi A1 has been out for about three months now, and there's still no source code release on Xiaomi's official github account.

  • 2017 - The Year in Which Copyright Went Beyond Source Code
    2017 was a big year for raising the profile of copyright in protecting computer programs. Two cases in particular helped bring attention to a myth that was addressed and dispelled some time ago but persists in some circles nonetheless. Many lawyers hold on to the notion that copyright protection for software is weak because such protection inheres in the source code of computer programs. Because most companies that generate code take extensive (and often successful) measures to keep source code out of the hands of third parties, the utility of copyright protection for code is often viewed as limited. However, copyright also extends to the “non-literal elements” of computer programs, such as their sequence, structure and organization, as well as to things such as screen displays and certain user interfaces. In other words, copyright infringement can occur when copying certain outputs of the code without there ever having been access to the underlying code itself.
  • Announcing WebBook Level 1, a new Web-based format for electronic books
    Eons ago, at a time BlueGriffon was only a Wysiwyg editor for the Web, my friend Mohamed Zergaoui asked why I was not turning BlueGriffon into an EPUB editor... I had been observing the electronic book market since the early days of Cytale and its Cybook but I was not involved into it on a daily basis. That seemed not only an excellent idea, but also a fairly workable one. EPUB is based on flavors of HTML so I would not have to reinvent the wheel. I started diving into the EPUB specs the very same day, EPUB 2.0.1 (released in 2009) at that time. I immediately discovered a technology that was not far away from the Web but that was also clearly not the Web. In particular, I immediately saw that two crucial features were missing: it was impossible to aggregate a set of Web pages into a EPUB book through a trivial zip, and it was impossible to unzip a EPUB book and make it trivially readable inside a Web browser even with graceful degradation. When the IDPF started working on EPUB 3.0 (with its 3.0.1 revision) and 3.1, I said this was coming too fast, and that the lack of Test Suites with interoperable implementations as we often have in W3C exit criteria was a critical issue. More importantly, the market was, in my opinion, not ready to absorb so quickly two major and one minor revisions of EPUB given the huge cost on both publishing chains and existing ebook bases. I also thought - and said - the EPUB 3.x specifications were suffering from clear technical issues, including the two missing features quoted above.
  • Firefox 58 Bringing Faster WebAssembly Compilation With Two-Tiered Compiler
    With the launch of Mozilla Firefox 58 slated for next week, WebAssembly will become even faster thanks to a new two-tiered compiler.
  • New Kernel Releases, Net Neutrality, Thunderbird Survey and More
    In an effort to protect Net Neutrality (and the internet), Mozilla filed a petition in federal court yesterday against the FCC. The idea behind Net Neutrality is to treat all internet traffic equally and without discrimination against content or type. Make your opinions heard: Monterail and the Thunderbird email client development team are asking for your assistance to help improve the user interface in the redesign of the Thunderbird application. Be sure to take the survey.

IBM code grandmaster: what Java does next

Reports of Java’s death have been greatly exaggerated — said, well, pretty much every Java engineer that there is. The Java language and platform may have been (in some people’s view) somewhat unceremoniously shunted into a side ally by the self-proclaimed aggressive corporate acquisition strategists (their words, not ours) at Oracle… but Java still enjoys widespread adoption and, in some strains, growing use and development. Read more

Programming/Development: Git 2.16, Node.js, Testing/Bug Hunting

  • Git v2.16.0
    The latest feature release Git v2.16.0 is now available at the usual places. It is comprised of 509 non-merge commits since v2.15.0, contributed by 91 people, 26 of which are new faces.
  • Git 2.16 Released
    Git maintainer Junio Hamano has released version 2.16.0 of this distributed revision control system.
  • Announcing The Node.js Application Showcase
    The stats around Node.js are pretty staggering. There were 25 million downloads of Node.js in 2017, with over one million of them happening on a single day. And these stats are just the users. On the community side, the numbers are equally exceptional. What explains this immense popularity? What we hear over and over is that, because Node.js is JavaScript, anyone who knows JS can apply that knowledge to build powerful apps — every kind of app. Node.js empowers everyone from hobbyists to the largest enterprise teams to bring their dreams to life faster than ever before.
  • Google AutoML Cloud: Now Build Machine Learning Models Without Coding Experience
    Google has been offering pre-trained neural networks for a long time. To lower the barrier of entry and make the AI available to all the developers and businesses around, Google has now introduced Cloud AutoML. With the help of Cloud AutoML, businesses will be able to build machine learning models with the help of a drag-and-drop interface. In other words, if your company doesn’t have expert machine-learning programmers, Google is here to fulfill your needs.
  • Re-imagining beta testing in the ever-changing world of automation
    Fundamentally, beta testing is a test of a product performed by real users in the real environment. There are a number of names for this type of testing—user acceptance testing (UAT), customer acceptance testing (CAT), customer validation and field testing (common in Europe)—but the basic components are more or less the same. All involve user testing of the front-end user interface (UI) and the user experience (UX) to find and resolve potential issues. Testing happens across iterations in the software development lifecycle (SDLC), from when an idea transforms into a design, across the development phases, to after unit and integration testing.