Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 23 Oct 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story today's leftovers Roy Schestowitz 23/10/2018 - 7:34pm
Story Android Leftovers Rianne Schestowitz 23/10/2018 - 7:33pm
Story OSS Leftovers Roy Schestowitz 23/10/2018 - 7:29pm
Story Raspberry Pi lookalike offers HDMI 2.0 and optional M.2 Rianne Schestowitz 23/10/2018 - 7:29pm
Story GNU Gets Its Own 'CoC' Roy Schestowitz 3 23/10/2018 - 7:21pm
Story ​Linus Torvalds talks about coming back to work on Linux Roy Schestowitz 23/10/2018 - 7:00pm
Story Mozilla: Firefox 65 Plans and Firefox 63 Analysis Roy Schestowitz 23/10/2018 - 6:56pm
Story Security: Cross-Hyperthread Spectre V2 Mitigation Ready For Linux, Targeted vs General-Purpose Security and More Roy Schestowitz 23/10/2018 - 6:53pm
Story today's howtos Roy Schestowitz 23/10/2018 - 6:47pm
Story Games: Ion Maiden, Hazelnut Bastille and More Roy Schestowitz 23/10/2018 - 6:44pm

today's leftovers

Filed under
Misc
  • [Mesa-dev] 18.3 release plan
  • Mesa 18.3 Gets A Release Date Towards The End Of November

    Intel open-source developer Dylan Baker has laid out a proposed release schedule for the upcoming Mesa 18.3 quarterly feature release. 

    There are two key dates: 31 October is the proposed branching date and 21 November is the proposed Mesa 18.3.0 release date. Between those two dates would be the usual weekly release candidates and there is the potential for the Mesa 18.3.0 release to be drawn out to the end of November or early December depending upon any open blocker bugs, which is common for the Mesa quarterly feature releases.

  • Google Code-in 2018 is about to start!

    After a break in 2017, the KDE community is participating in the Google Code-in contest as a mentoring organization. This means that pre-university students aged 13 to 17 from all over the world will be able to contribute to the Free Software movement by helping KDE develop software products that give users control, freedom, and privacy.

    Google Code-in is a global online contest with the goal of helping teenagers get involved in the world of open source development. Mentors from the participating organizations lend a helping hand as participants complete various bite-sized tasks in coding, graphics design, documentation, and more.

    This year we have tasks from KDE Connect, a project that enables all your devices to communicate with each other; GCompris, an educational software suite; KDE Partition Manager, our disk partitioning utility; and the KDE Visual Design Group, our interface usability experts.

  • Celebrating KDE’s 22 years and embracing new contributors at LaKademy 2018

    Almost two weeks ago we had the seventh edition of the LaKademy, an event that has been held in Brazil since 2012. As you may know LaKademy’s main goal is to get together the Latin American contributors of KDE community and to attract new ones. We don’t have talks like in Akademy because the event’s idea is to be a space for sprints. So people work in small groups doing specific tasks like fixing bugs, developing new features or translating software and documentation.

  • openSUSE Security Update For Leap

    openSUSE has released an updated kernel for Leap 42.3 to address several vulnerabilities. An attacker could exploit some of these vulnerabilities to cause a denial of service or escalate their privileges.

  • Death Road to Canada adds 4-player local co-op along with new game modes

    In today’s post, we’re talking about failure. In episode 4, “Fail Better,” we learn how Google has systematically learned to embrace (each and every) failure as an opportunity to learn, grow, and prevent classes of similar problems from happening again. We also learn how one of the most popular video game franchises of all time may not have been so successful had the developers been successful in their first attempt at an algorithm for some rather prominent non-player characters (NPCs).

    Whether we like it or not, some amount of failure is inevitable. To this end, I started this week’s discussion with Jared and Michael by asking about how an early failure may have led to a different—or even a beneficial—outcome.

  • Failure as a catalyst: Designing a feedback loop for success

    Emotional Resonance (context): I was turned down by Red Hat for a scrum master position because I wasn’t “qualified enough” even though this is what I had been doing prior to my job search. Red Hat was a fantastic opportunity for me and an opportunity to work on tech at a software company. I really wanted to work there. I longed to work there. (Note: Red Hat saw the error of their ways 4 months later and offered me a position that was hand crafted for my experience. The rest is history. And I’m forever grateful to my hiring manager.)

  • Arm expands DesignStart program for Linux embedded designs

    Arm has expanded its DesignStart program to include the Cortex-A5 CPU, Arm's low-power and Linux-capable application processor, according to the processor IP vendor. Developers can now accelerate embedded and IoT SoC design for applications including medical, smart home, gateways and wearables.

    [...]

    When ready to tape out a custom chip, time to market can be accelerated with Arm's Artisan physical IP. Developers can also benefit from design enablement platforms being supported by 18 foundry partners with process technology ranging from 250nm to 5nm, Arm said.

    Earlier in October 2018, Arm announced its DesignStart program would be offering Cortex-M processors without any license fee or royalty on Xilinx FPGAs. Through expanding the program to offer Cortex-A5, Arm is looking to support innovation across the entire design spectrum of embedded and IoT devices. DesignStart also helps speed up SoC implementation with free access to the industry-leading library of physical IP, tailored for a range of fabs and process nodes, through Arm Artisan physical IP.

  • Inexpensive Webcam

     

    Using a $5 Rpi Zero W from Microcenter, physically soldered the tiny webcam wires to the Zero: 3 V black to pin 1 on GPIO, ground to pin 6, D+ to PP22 pad next to the microusb and D- to PP23 usb pad. This wasn’t easy and I made a mess of the usb pads, but it works!  

  • The Best Android Phones Under $300

OSS Leftovers

Filed under
OSS
  • The Apache Software Foundation Announces Apache® HTTP Server v2.4.37

    The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® HTTP Server 2.4.37, the latest version of the world’s most popular Web server.

    Apache HTTP Server is an Open Source HTTP server for modern operating systems that include UNIX, Microsoft Windows, Mac OS/X, and Netware. For more than 23 years, the award-winning server software has been lauded as a secure, efficient, and extensible server that provides HTTP services observing the current HTTP standards.

  • Benjamin Mako Hill: Why organizational culture matters for online groups

    Leaders and scholars of online communities tend of think of community growth as the aggregate effect of inexperienced individuals arriving one-by-one. However, there is increasing evidence that growth in many online communities today involves newcomers arriving in groups with previous experience together in other communities. This difference has deep implications for how we think about the process of integrating newcomers. Instead of focusing only on individual socialization into the group culture, we must also understand how to manage mergers of existing groups with distinct cultures. Unfortunately, online community mergers have, to our knowledge, never been studied systematically.

  • Why does the C Programming language refuse to die?

    As a technology research analyst, I try to keep up pace with the changing world of technology. It seems like every single day, there is a new programming language, framework, or tool emerging out of nowhere. In order to keep up, I regularly have a peek at the listicles on TIOBE, PyPL, and Stackoverflow along with some twitter handles and popular blogs, which keeps my FOMO (fear of missing out) in check.

    So here I was, strolling through the TIOBE index, to see if a new programming language is making the rounds or if any old timer language is facing its doomsday in the lower half of the table. The first thing that caught my attention was Python, which interestingly broke into the top 3 for the first time since it was ranked by TIOBE. I never cared to look at Java, since it has been claiming the throne ever since it became popular. But with my pupils dilated, I saw something which I would have never expected, especially with the likes of Python, C#, Swift, and JavaScript around.

  • RcppTOML 0.1.4: Now with TOML v0.5.0
  • GitHub suffers major outage caused by faulty storage appliance

     

    Actual repository data wasn't affected, but at just before midnight last night, UK time, the MySQL databases containing push and pull requests were borked.

  • NAB, Microsoft join to build ATM with facial recognition

     

    The proof-of-concept uses a cloud-based application developed using Azure Cognitive Services and artificial intelligence to identify customers who opt in to the service.

Raspberry Pi lookalike offers HDMI 2.0 and optional M.2

Filed under
Android
Debian
Ubuntu

Geniatech’s “XPI-S905X” is a new Raspberry Pi pseudo clone with a quad -A53 Amlogic S905X plus 2GB RAM, up to 16GB eMMC, 4K-ready HDMI 2.0, LAN, 4x USB, touch-enabled LVDS, and optional M.2.

Geniatech, which is known for Qualcomm based SBCs such as the Snapdragon 410 based, 96Boards-like Development Board IV and Snapdragon 820E based Development Board 8, has posted specs for a Raspberry Pi form factor board with a quad -A53, Amlogic S905X with 1/6GHz to 2GHz performance. No pricing is available for the XPI-S905X, which appears to be aimed at the OEM market.

Read more

​Linus Torvalds talks about coming back to work on Linux

Filed under
Linux

"'I'm starting the usual merge window activity now," said Torvalds. But it's not going to be kernel development as usual. "We did talk about the fact that now Greg [Kroah-Hartman] has write rights to my kernel tree, and if will be easier to just share the load if we want to, and maybe we'll add another maintainer after further discussion."

So, Kroah-Hartman, who runs the stable kernel, will have a say on Linus' cutting-edge kernel. Will someone else get write permission to Torvalds' kernel code tree to help lighten the load?

Stay tuned.

Read more

Also: Linux Foundation Technical Advisory Board election call for nominations

Mozilla: Firefox 65 Plans and Firefox 63 Analysis

Filed under
Moz/FF

Security: Cross-Hyperthread Spectre V2 Mitigation Ready For Linux, Targeted vs General-Purpose Security and More

Filed under
Security
  • Cross-Hyperthread Spectre V2 Mitigation Ready For Linux With STIBP

    On the Spectre front for the recently-started Linux 4.20~5.0 kernel is STIBP support for cross-hyperthread Spectre Variant Two mitigation.

    Going back to the end of the summer was the patch work for this cross-hyperthread Spectre V2 mitigation with STIBP while now it's being merged to mainline.

  • Targeted vs General purpose security

    There seems to be a lot of questions going around lately about how to best give out simple security advice that is actionable. Goodness knows I’ve talked about this more than I can even remember at this point. The security industry is really bad at giving out actionable advice. It’s common someone will ask what’s good advice. They’ll get a few morsels, them someone will point out whatever corner case makes that advice bad and the conversation will spiral into nonsense where we find ourselves trying to defend someone mostly concerned about cat pictures from being kidnapped by a foreign nation. Eventually whoever asked for help quit listening a long time ago and decided to just keep their passwords written on a sticky note under the keyboard.

    I’m pretty sure the fundamental flaw in all this thinking is we never differentiate between a targeted attack and general purpose security. They are not the same thing. They’re incredibly different in fact. General purpose advice can be reasonable, simple, and good. If you are a target you’ve already lost, most advice won’t help you.

    General purpose security is just basic hygiene. These are the really easy concepts. Ideas like using a password manager, multi-factor-auth, install updates on your system. These are the activities anyone and everyone should be doing. One could argue these should be the default settings for any given computer or service (that’s a post for another day though). You don’t need to be a security genius to take these steps. You just have to restrain yourself from acting like a crazy person so whoever asked for help can actually get the advice they need.

  • Oracle Moves to Gen 2 Cloud, Promising More Automation and Security [Ed: Ellison wants people to blindly trust proprietary blobs for security (a bad thing to do, never mind the CIA past of Oracle and severe flaws in its DBs)].

    A primary message from Ellison is that the Gen 2 Oracle cloud is more secure, with autonomous capabilities to help protect against attacks. Ellison also emphasized the segmentation and isolation of workloads on the Gen 2 Oracle cloud, providing improved security.

  • Reproducible Builds: Weekly report #182

    Here’s what happened in the Reproducible Builds effort between Sunday October 14 and Saturday October 20 2018...

Games: Ion Maiden, Hazelnut Bastille and More

Filed under
Gaming

Graphics: NVIDIA, ATI RAGE and Phoronix Test Suite a Decade Later

Filed under
Graphics/Benchmarks
  • New LTS Kernel 4.19 and NVidia Patch

    Under 24h after Linux Kernel 4.19 LTS is released by Greg, Patrick decided to bump the kernel used in -current to the latest LTS release. This new major version brings tons of new and interesting features, as written in Kernel Newbies.

    [...]

    I'm pretty sure it will showed up soon enough as KDE 5 is getting more stable and polished. It has been tested by Eric (and some other) for some time and it's proven to be solid.

  • A 2018 Autumn Linux Driver Update For The ATI RAGE 128 Series

    The open-source display driver for supporting these graphics cards where 32MB of SDRAM was suitable, 250 nm fabrication was standard, and core clocks around 100MHz were competitive is still being maintained... Two decades after the release of the ATI RAGE series, the open-source Linux driver continues seeing some activity and in fact a new driver release.

    The lone independent driver contributor ushering along the RAGE driver (xf86-video-r128) is Kevin Brace who started working on the VIA OpenChrome open-source driver in recent years and for the past number of months recently shifted focus to the classic RAGE driver. He released the xf86-video-r128 6.12.0 driver today to address two build failures. Besides addressing build problems, he also began writing some of the XAA/EXA 2D acceleration code. He did note of the changes to the 2D acceleration code paths, "It is always possible that I can mess up the code, but it appears that the code is working correctly."

  • OpenBenchmarking.org Serves Up Its 35 Millionth Test Profile/Suite Benchmark Download

    Just a little more than one month after crossing 34 million downloads, the 35,000,000 milestone was achieved -- continuing the trend that's been going on for the past number of quarters. OpenBenchmarking.org serves test profiles/suites separate from the Phoronix Test Suite package itself to allow new tests to be easily introduced without having to upgrade the PTS client itself, update existing tests with version controls, etc. OpenBenchmarking.org is also what allows users to upload their own test results publicly, obtain various hardware/software statistics, and much more.

Fedora Toolbox ready for testing!

Filed under
Red Hat

As many of you know we kicked of a ambitious goal to revamp the Linux desktop when we launched Fedora Workstation 4 years. We wanted to remove many of the barriers to adoption of Linux as a desktop and make it a better operating system for all, especially for developers.

To that effect we have been pushing a long range of initiatives over the last 4 years ago, ranging from providing a better input stack through libinput, a better display system through Wayland, a better audio and video subsystem through PipeWire, a better way of doing application packaging and dependency handling through Flatpak, a better application installation history through GNOME Software, actual firmware handling for Linux through Linux Vendor Firmware Service, better manageability through Fleet Commander, and Project Silverblue for reliable OS updates. We also had a lot of efforts done to improve general hardware handling, be that work on glvnd and friends for dealing with NVidia driver, the Bolt project for handling Thunderbolt devices better, HiDPI support in the desktop, better touch support in the desktop, improved laptop battery life, and ongoing work to improve state of fingerprint readers under Linux and to provide a flicker free boot experience.

Read more

Celebrating 15 Years of the Xen Project and Our Future

Filed under
Linux

In the 1990s, Xen was a part of a research project to build a public computing infrastructure on the Internet led by Ian Pratt and Keir Fraser at The University of Cambridge Computer Laboratory. The Xen Project is now one of the most popular open source hypervisors and amasses more than 10 million users, and this October marks our 15th anniversary.
From its beginnings, Xen technology focused on building a modular and flexible architecture, a high degree of customizability, and security. This security mindset from the outset led to inclusion of non-core security technologies, which eventually allowed the Xen Project to excel outside of the data center and be a trusted source for security and embedded vendors (ex. Qubes, Bromium, Bitdefender, Star Labs, Zentific, Dornerworks, Bosch, BAE systems), and also a leading hypervisor contender for the automotive space.
As the Xen Project looks to a future of virtualization everywhere, we reflect back on some of our major achievements over the last 15 years. To celebrate, we’ve created an infographic that captures some of our key milestones — share it on social.
A few community members also weighed in on some of their favorite Xen Project moments and what’s to come:

Read more

Latest Firefox Rolls Out Enhanced Tracking Protection

Filed under
Moz/FF

At Firefox, we’re always looking to build features that are true to the Mozillia mission of giving people control over their data and privacy whenever they go online. We recently announced our approach to Anti-tracking where we discussed three key feature areas we’re focusing on to help people feel safe while they’re on the web. With today’s release, we’re making progress against “removing cross-site tracking” with what we’re calling Enhanced Tracking Protection.

Read more

Is Pine64 Considering a Linux Smartphone Running KDE Plasma?

Filed under
KDE

It’s not confirmed but it is likely that Pine64 is considering a budget Linux smartphone running KDE Plasma.

Pine64 is a hardware vendor famous for its Linux-based Single Board Computers like Pine A64. These ARM boards are inexpensive and cost only $15-$20.

Pine64 also has an $89 Linux laptop called Pinebook. This laptop actually runs the Pine A64 underneath it.

Pine64 works with a few Linux distributions to provide a smooth running operating system for Pinebook. KDE Neon is one of those Linux distributions and it seems that this partnership will have some new and exciting ventures in future.

Read more

Ubuntu MATE 18.10 Released for GPD Pocket PCs, Raspberry Pi Images Coming Soon

Filed under
Linux
Ubuntu

Shipping with the latest MATE 1.20.3 desktop environment and Linux 4.18 kernel, Ubuntu MATE 18.10 is now available with updated apps and core components, better hardware support, and, for the first time, images for the GDP Pocket and GDP Pocket 2 handheld computers, along with the generic images for 64-bit Intel PCs.

According to Martin Wimpress, Ubuntu MATE 18.10 (Cosmic Cuttlefish) includes some hardware-specific tweaks and other improvements to core components in an attempt to make the Linux-based operating system work out-of-the-box and without any hiccups on both the GDP Pocket and GDP Pocket 2 tiny computers.

Read more

Plasma 5.14.2

Filed under
KDE

Today KDE releases a Bugfix update to KDE Plasma 5, versioned 5.14.2. Plasma 5.14 was released in October with many feature refinements and new modules to complete the desktop experience.

Read more

Also: KDE Plasma 5.14.2 Desktop Environment Improves Firmware Updates, Snap Support

Red Hat and Fedora Leftovers

Filed under
Red Hat
  • Red Hat: Creativity is risky (and other truths open leaders need to hear)

    Leaders are all too aware of the importance of invention and innovation. Today, the health and wealth of their businesses have become increasingly dependent on the creation of new products and processes. In the digital age especially, competition is more fierce than ever as global markets open and expand. Just keeping pace with change requires a focus on constant improvement and consistent learning. And that says nothing about building for tomorrow.

  • APAC Financial Services Institutions Bank on Red Hat to Enhance Agility
  • APAC banks aim to use open source to enhance agility
  • Huawei CloudFabric Supports Container Network Deployment Automation, Improving Enterprise Service Agility

    At HUAWEI CONNECT 2018, Huawei announced that its CloudFabric Cloud Data Center Solution supports container network deployment automation and will be available for the industry-leading enterprise Kubernetes platform via a new plug-in.

  • Redis Labs Integrates With Red Hat OpenShift, Hits 1B Milestone

    Redis Labs is integrating its enterprise platform as a hosted and managed database service on Red Hat’s OpenShift Container Platform. That integration includes built-in support for Red Hat’s recently launched Kubernetes Operator.

    The Redis Enterprise integration will allow customers to deploy and manage Redis databases as a stateful Kubernetes service. It will also allow users to run Redis Enterprise on premises or across any cloud environment.

  • Needham & Company Starts Red Hat (RHT) at Buy
  • Fedora Toolbox — Hacking on Fedora Silverblue

    Fedora Silverblue is a modern and graphical operating system targetted at laptops, tablets and desktop computers. It is the next-generation Fedora Workstation that promises painless upgrades, clear separation between the OS and applications, and secure and cross-platform applications. The basic operating system is an immutable OSTree image, and all the applications are Flatpaks.

    It’s great!

    However, if you are a hacker and decide to set up a development environment, you immediately run into the immutable OS image and the absence of dnf. You can’t install your favourite tools, editors and SDKs the way you’d normally do on Fedora Workstation. You can either unlock your immutable OS image to install RPMs through rpm-ostree and give up the benefit of painless upgrades; or create a Docker container to get an RPM-based toolbox but be prepared to mess around with root permissions and having to figure out why your SSH agent or display server isn’t working.

  • Fedora 28 : Alien, Steam and Fedora distro.

Raspberry Pi: Hands-on with the updated Raspbian Linux

Filed under
Linux

wrote last week about the new Raspbian Linux release, but in that post I was mostly concerned with the disappearance of the Wolfram (and Mathematica) packages, and I didn't really do justice to the release itself. So now I have continued with installing or upgrading it on all of my Raspberry Pi systems, and this post will concentrate on the process and results from that.

First, the new ISO images are available from the Raspberry Pi Downloads page (as always), and the Release Notes have been added to the usual text document. I have only downloaded the plain Raspbian images, I don't bother with the NOOBS images much any more - but the new ISO is included in those as well of course.

Please note that the SHA-256 checksum for the images is given on the web page, so be sure to verify that before you continue with the file that you downloaded. If you prefer stronger (or weaker) verification, you can find a PGP signature (and an SHA-1 checksum) on the Raspbian images download page.

Read more

Syndicate content

More in Tux Machines

Raspberry Pi lookalike offers HDMI 2.0 and optional M.2

Geniatech’s “XPI-S905X” is a new Raspberry Pi pseudo clone with a quad -A53 Amlogic S905X plus 2GB RAM, up to 16GB eMMC, 4K-ready HDMI 2.0, LAN, 4x USB, touch-enabled LVDS, and optional M.2. Geniatech, which is known for Qualcomm based SBCs such as the Snapdragon 410 based, 96Boards-like Development Board IV and Snapdragon 820E based Development Board 8, has posted specs for a Raspberry Pi form factor board with a quad -A53, Amlogic S905X with 1/6GHz to 2GHz performance. No pricing is available for the XPI-S905X, which appears to be aimed at the OEM market. Read more

​Linus Torvalds talks about coming back to work on Linux

"'I'm starting the usual merge window activity now," said Torvalds. But it's not going to be kernel development as usual. "We did talk about the fact that now Greg [Kroah-Hartman] has write rights to my kernel tree, and if will be easier to just share the load if we want to, and maybe we'll add another maintainer after further discussion." So, Kroah-Hartman, who runs the stable kernel, will have a say on Linus' cutting-edge kernel. Will someone else get write permission to Torvalds' kernel code tree to help lighten the load? Stay tuned. Read more Also: Linux Foundation Technical Advisory Board election call for nominations

Mozilla: Firefox 65 Plans and Firefox 63 Analysis

  • Firefox 65 Will Block Tracking Cookies By Default
    Mozilla today released Firefox 63, which includes an experimental option to block third-party tracking cookies, protecting against cross-site tracking. You can test this out today, but Mozilla wants to enable it for everyone by default in Firefox 65.
  • The Path to Enhanced Tracking Protection
    As a leader of Firefox’s product management team, I am often asked how Mozilla decides on which privacy features we will build and launch in Firefox. In this post I’d like to tell you about some key aspects of our process, using our recent Enhanced Tracking Protection functionality as an example.
  • Firefox 63 Lets Users Block Tracking Cookies
    As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. Starting with Firefox 63, all desktop versions of Firefox include an experimental cookie policy that blocks cookies and other site data from third-party tracking resources. This new policy provides protection against cross-site tracking while minimizing site breakage associated with traditional cookie blocking.
  • Firefox 63 – Tricks and Treats!
  • Firefox 63 Released, Red Hat Collaborating with NVIDIA, Virtual Box 6.0 Beta Now Available, ODROID Launching a New Intel-Powered SBC and Richard Stallman Announces the GNU Kind Communication Guidelines
    Firefox 63.0 was released this morning. With this new version, "users can opt to block third-party tracking cookies or block all trackers and create exceptions for trusted sites that don't work correctly with content blocking enabled". In addition, WebExtensions now run in their own process on Linux, and Firefox also now warns if you have multiple windows and tabs open when you quit via the main menu. You can download it from here.
  • Changes to how Mozilla Readability extracts article metadata in Firefox 63
    Mozilla Readability will now extract document metadata from Dublin Core and Open Graph Protocol meta tags instead of trying to guess article titles. Earlier this year, I documented how reader mode in web browsers extract metadata about articles. After learning about the messy state of metadata extraction for reader mode, I sought to improve the extraction logic used in Mozilla Readability. Mozilla Readability was one of the first reader mode parsers and it’s used in Firefox as well as other web browsers.

Security: Cross-Hyperthread Spectre V2 Mitigation Ready For Linux, Targeted vs General-Purpose Security and More

  • Cross-Hyperthread Spectre V2 Mitigation Ready For Linux With STIBP
    On the Spectre front for the recently-started Linux 4.20~5.0 kernel is STIBP support for cross-hyperthread Spectre Variant Two mitigation. Going back to the end of the summer was the patch work for this cross-hyperthread Spectre V2 mitigation with STIBP while now it's being merged to mainline.
  • Targeted vs General purpose security
    There seems to be a lot of questions going around lately about how to best give out simple security advice that is actionable. Goodness knows I’ve talked about this more than I can even remember at this point. The security industry is really bad at giving out actionable advice. It’s common someone will ask what’s good advice. They’ll get a few morsels, them someone will point out whatever corner case makes that advice bad and the conversation will spiral into nonsense where we find ourselves trying to defend someone mostly concerned about cat pictures from being kidnapped by a foreign nation. Eventually whoever asked for help quit listening a long time ago and decided to just keep their passwords written on a sticky note under the keyboard. I’m pretty sure the fundamental flaw in all this thinking is we never differentiate between a targeted attack and general purpose security. They are not the same thing. They’re incredibly different in fact. General purpose advice can be reasonable, simple, and good. If you are a target you’ve already lost, most advice won’t help you. General purpose security is just basic hygiene. These are the really easy concepts. Ideas like using a password manager, multi-factor-auth, install updates on your system. These are the activities anyone and everyone should be doing. One could argue these should be the default settings for any given computer or service (that’s a post for another day though). You don’t need to be a security genius to take these steps. You just have to restrain yourself from acting like a crazy person so whoever asked for help can actually get the advice they need.
  • Oracle Moves to Gen 2 Cloud, Promising More Automation and Security [Ed: Ellison wants people to blindly trust proprietary blobs for security (a bad thing to do, never mind the CIA past of Oracle and severe flaws in its DBs)].
    A primary message from Ellison is that the Gen 2 Oracle cloud is more secure, with autonomous capabilities to help protect against attacks. Ellison also emphasized the segmentation and isolation of workloads on the Gen 2 Oracle cloud, providing improved security.
  • Reproducible Builds: Weekly report #182
    Here’s what happened in the Reproducible Builds effort between Sunday October 14 and Saturday October 20 2018...