Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 12 Dec 17 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Turi as FOSS

Filed under
Development
OSS
  • Fruit of an acquisition: Apple AI software goes open

    Apple's joined other juggernauts of the tech sector by releasing an open source AI framework.

    Turi Create 4.0, which landed at GitHub recently, is a fruit of its 2016 US$200 million acquisition of Turi.

    As the GitHub description explains, it targets app developers that want custom machine learning models but don't have the expertise to “add recommendations, object detection, image classification, image similarity or activity classification” to their apps.

  • Apple Releases Turi ML Software as Open Source

    Apple last week released Turi Create, an open source package that it says will make it easy for mobile app developers to infuse machine learning into their products with just a few lines of code.

    “You don’t have to be a machine learning expert to add recommendations, object detection, image classification, image similarity, or activity classification to your app,” the company says in the GitHub description for Turi Create. “Focus on tasks instead of algorithms.”

Security: Patch Management, Windows Keyloggers, and Fingerprinting MySQL

Filed under
Security
  • Open Source Patch Management: Options for DIYers [Ed: "Linux comes with patch management," it says, which defeats much of the point of this article...]

    CVE-2017-5638 is the code vulnerability that will long live in the corporate memory of Equifax, the credit ratings agency. A simple patch management system might have kept that vulnerability from turning into one of the most high-profile data breaches in recent memory.

    CVE-2017-5638 is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts, an open source application framework for developing Java EE web applications. Remote code execution bugs are generally extremely serious, and for that reason, when the vulnerability was discovered, the Apache Foundation recommended that any developers or users of affected versions of Struts upgrade to later versions that had been patched to close the vulnerability.

  • HP laptops found to have hidden keylogger

    HP said more than 460 models of laptop were affected by the "potential [sic] security vulnerability".

    [...]

    In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

  • Fingerprinting MySQL with scannerl

    The goal here is to identify the version of MySQL running on a remote host.

Linux on Devices: Ataribox and More

Filed under
Linux
Hardware
  • With Ataribox, the Legend Returns -- Powered by Linux

    Available to pre-order on Thursday for a special price via an Indiegogo crowdfunding campaign, the Ataribox is shaping up to be an amalgam of retro gaming console and living room PC. Details are mostly sketchy at this point, but we do know that it will be powered by some variant of Linux OS and will include over 100 Atari classic games pre-installed.

  • Atari plans to open preorders for its Ataribox home console this Thursday

    Preorders for the Ataribox, the classic game company’s take on a NES Classic retro console, are slated to go live this Thursday, according to a report from CNET citing an email from Atari sent out today to interested consumers. The Ataribox was first teased back at E3 in June and then in a more formal unveiling in July, in which the Atari 2600-inspired PC was shown in two customization options: a wood-like finish or a more modern and sleek black and red look.

  • Rugged in-vehicle PC line includes Kaby Lake and Bay Trail models

    Ibase’s rugged MPT V-Series in-vehicle computers offer 7th/6th Gen Core or Bay Trail CPUs, plus 2x mini-PCIe, 3x M.2, and optional CAN or OBD-II links.

    Ibase announced a new line of fanless MPT V-Series computers for IoT applications, starting with two rugged, in-vehicle models: the MPT-7000V with Intel’s 7th (“Kaby Lake”) or 6th (“Skylake”) Generation Core processors and the MPT-3000V with a quad-core, 1.91GHz Atom E3845 from the Bay Trail generation with 10W TDP. The systems support Windows 7/10 or Linux with kernel 3.8.0. In both cases, 64-bit implementations are required in order to use the driver for the supplied G-sensor, which appears to be necessary for shock resistance.

  • Apollo Lake based IoT gateway and embedded controller runs Ubuntu

    Adlink’s rugged “MXE-210” gateway offers Atom x7-E3950 or x5-E3930 SoCs, industrial protocol support, and mini-PCIe wireless and storage options.

    The Intel Apollo Lake based MXE-210 adds to a line of rugged Adlink MXE computers such as the Bay Trail Atom based MXE-200i. The compact, 140 x 110 x 58mm MXE-210 is an “IIoT-ready combination embedded controller and IoT gateway” designed for rugged industrial automation, transportation, agriculture/aquaculture, and smart city applications, says Adlink.

Server/Back End: Orange, Oracle, Docker

Filed under
Server
  • With OPNFV, Orange Plans a Full-Scale Rollout of Network Functions Virtualization

    Over the past few years, the entire networking industry has begun to transform as network demands rapidly increase. This is true for both the technology itself and the way in which carriers — like my employer Orange, as well as vendors and other service providers — adapt and evolve their approach to meeting these demands. As a result, we’re becoming more and more agile and adept in how we virtualize our evolving network and a shifting ecosystem.” keep up with growing demands and the need to virtualize.

  • Oracle joins the serverless fray with Fn

    With its open source Fn project, Oracle is looking to make a splash in serverless computing.

    Fn is a container native serverless platform that can be run on-premises or in the cloud. It requires the use of Docker containers. Fn developers will be able to write functions in Java initially, with Go, Ruby, Python, PHP, and Node.js support planned for later. Applications can be built and run without users having to provision, scale, or manage servers, by using the cloud.

  • DevOps, Docker, and Empathy

    Just because we’re using containers doesn’t mean that we “do DevOps.” Docker is not some kind of fairy dust that you can sprinkle around your code and applications to deploy faster. It is only a tool, albeit a very powerful one. And like every tool, it can be misused. Guess what happens when we misuse a power tool? Power fuck-ups. Let’s talk about it.

    I’m writing this because I have seen a few people expressing very deep frustrations about Docker, and I would like to extend a hand to show them that instead of being a giant pain in the neck, Docker can help them to work better, and (if that’s their goal) be an advantage rather than a burden in their journey (or their “digital transformation” if we want to speak fancy.)

BlackArch Linux Ethical Hacking OS Gets Linux Kernel 4.14.4, Updated Installer

Filed under
Linux

Coming hot on the BlackArch Linux 2017.11.24 ISO snapshot released two weeks ago with more than 50 new hacking tools, the BlackArch Linux 2017.12.11 ISO images are now available to download incorporating the latest version of the BlackArch Installer utility, which fixes a few critical bugs.

The bugs were related to a login loop and the supported window managers, and they are now fixed in BlackArch Installer 0.6.2, which is included in the BlackArch Linux 2017.11.24 ISO snapshot. Also included is the Linux 4.14.4 kernel and many of the latest system updates and security patches released upstream.

Read more

System76 Enables HiDPI Support on All of Their Linux Laptops and Desktops

Filed under
Linux

We reported last week on the upcoming support for HiDPI displays coming to System76's for its Ubuntu-based Pop!_OS Linux distro, and it didn't take long for them to release the new daemon that would enable HiDPI support on all of its laptops and desktops where Ubuntu or Pop!_OS Linux is installed.

HiDPI support was becoming an urgent necessity for System76 as more and more customers started asking for assistance in setting up their displays. And while the Wayland display server isn't yet mature enough to be adopted by all GPU vendors and completely replace X.Org, there was a need for a compromise.

Read more

Mint 18.3: The best Linux desktop takes big steps forward

Filed under
Linux

I run many operating systems every day, from macOS, to Windows 7 and 10, to more Linux desktop distributions than you can shake a stick at. And, once more, as a power-user's power user, I've found the latest version of Linux Mint to be the best of the best.

Why? Let's start with the basics. MacOS has been shown to have the worst bug I've ever seen in an operating system: The macOS High Sierra security hole that lets anyone get full administrative control. Windows, old and new, continues to have multiple security bugs every lousy month. Linux? Sure, it has security problems. How many of these bugs have had serious desktop impacts? Let me see now. None. Yes, that would be zero.

Read more

Security: NSA, Microsoft Debacles, and FOSS Updates

Filed under
Security
  • Script Recovers Event Logs Doctored by NSA Hacking Tool

    Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines.

    Last week, Fox-IT published a Python script that recovers event log entries deleted using the "eventlogedit" utility that's part of DanderSpritz, a supposed NSA cyber-weapon that was leaked online by a hacking group known as the Shadow Brokers.

    According to Fox-IT, they found a flaw in the DanderSpritz log cleaner when they realized the utility does not actually delete event log entries, but only unreferences them, merging entries together.

  • Pre-Installed Keylogger Discovered on Hundreds of HP Laptop Models

    A keylogger that can help record pretty much every keystroke on the computer has been discovered on HP’s devices, with a security researcher revealing that hundreds of laptop models come with this hidden software pre-installed.

    Michael Myng says in an analysis of the keylogger that the malicious code is hiding in the Synaptics Touchpad software and he actually discovered it when looking into ways to control the keyboard backlight on his laptop.

    According to his findings, the keylogger isn’t activated by default, but it can be turned on by any cybercriminals that get access to the system. The list of affected models includes hundreds of laptops like EliteBook, ProBook, Spectre, Zbook, Envy, and Pavilion.

  • Laptop touchpad driver included extra feature: a keylogger [Ed: This is the second time in recent times HP gets caught with keyloggers; This is no accident, it's intentional.]

    Flaws in software often offer a potential path for attackers to install malicious software, but you wouldn't necessarily expect a hardware vendor to include potentially malicious software built right into its device drivers. But that's exactly what a security researcher found while poking around the internals of a driver for a touchpad commonly used on HP notebook computers—a keystroke logger that could be turned on with a simple change to its configuration in the Windows registry.

  • Microsoft Needed 110 Days to Fix Critical Security Bug After First Ignoring It

    Microsoft needed more than 100 days to fix a critical credential leak in Dynamics 365 after the company originally ignored the bug report and only reacted after being warned that details could go public.

    Software engineer Matthias Gliwka explains in a long blog post that he discovered and reported a security flaw in Microsoft’s Customer Relationship Manager and Enterprise Resource Planning software in August, but the software giant refused to fix it on claims that administrator credentials would be required.

    Gliwka says he came across a wildcard transport layer security (TLS) certificate that also included the private key, which would in turn expose communications by anyone who could decrypt traffic. The developer says that extracting the certificate grants access to any sandbox environment, with absolutely no warning or message displayed to clients.

  • UK Spy Agency Finds Severe Flaw in Microsoft Antivirus in Kaspersky Bye-Bye Push
  • Security updates for Monday

OSS Leftovers

Filed under
OSS
  • What is a blockchain smart contract?

    Now, in a blockchain, the important thing is that once the state has changed, you then ensure it's recorded on the blockchain so that it's public and nobody can change or challenge it. But there are other uses for blockchain technology, as I explained in "Is blockchain a security topic?" Permissionless systems, often referred to as distributed ledger technologies (DLTs) are a great fit for non-transactional state models, largely because the sort of people who are interested in them are closed groups of organisations that want to have complex sets of conditions met before they move to the next state. These aren't, by the tightest definition, blockchains. Banks and other financial institutions may be the most obvious examples where DLTs are gaining traction, but they are very useful in supply chain sectors, for instance, where you may have conditions around changing market rates, availability, and shipping times or costs, which may all play into the final price of the commodity or service being provided.

  • Running a successful open source project

    Running an open source project is easy. All you have to do is make your source code available and you’re open source, right? Well, maybe. Ultimately, whether or not an open source project is successful depends on your definition of success. Regardless of your definition, creating an open source project can be a lot of work. If you have goals regarding adoption, for example, then you need to be prepared to invest. While open source software is “free as in beer”, it’s not really free: time and energy are valuable resources and these valuable resources need to be invested in the project.

    So, how do you invest those resources?

  • New package repositories are now enabled by default

    During this year’s coding sprint in Toulouse (which I was able to attend, thanks to being in Europe on a study-abroad program), I spent a lot of time massaging HaikuPorts to generate a consistent-enough state of packages for us to switch to them by default, and then making the in-tree changes necessary for the switch. Thanks to this and mmlr’s comprehensive overhaul of the HaikuPorter Buildmaster over the past couple months, we have finally switched to the new repositories by default as of hrev51620. If you’ve installed a nightly image from after this, you should be able to just pkgman full-sync and upgrade away.

  • Haiku OS Is Very Close To Their Long Awaited Beta, New Repository Working

    The BeOS-inspired Haiku operating system should be issuing its long-awaited beta release by early 2018.

    For months there has been talk of the long-awaited beta for Haiku OS while it looks like roughly within the next month we should be actually seeing this milestone.

  • DeepVariant: Tool to call out variants in sequencing data goes open source

    Megan Molteni, Wired, decoded, at least, the very nature of the challenge to know more about our human puzzle. "Today, a teaspoon of spit and a hundred bucks is all you need to get a snapshot of your DNA. But getting the full picture—all 3 billion base pairs of your genome—requires a much more laborious process. One that, even with the aid of sophisticated statistics, scientists still struggle over."

    DeepVariant was developed by researchers from the Google Brain team, focused on AI techniques, and Verily, the Alphabet subsidiary focused on life sciences.

    It is based on the same neural network for image recognition, but DeepVariant, is now making headlines not for cat IDs but as a way to scan a genetic code for mutations. DeepVariant has gone open source. The GitHub definition of DeepVariant: "an analysis pipeline that uses a deep neural network to call genetic variants from next-generation DNA sequencing data."

  • Open source VPN clients vs VPN provider apps: which is better?

    Power users love open source software for its transparency and flexibility – but what about open source VPN software? Are there any open source VPN clients that can stand up to being compared with the more popular VPN apps from premium providers like ExpressVPN, VyprVPN, IPVanish or NordVPN?

    The short answer is... not really. But the long answer depends a lot on your level of technical know-how, patience, and where you’re willing to place your trust.

  • Coreboot Conference 2017 Videos Now Available

    For those interested in the open-source Coreboot project that serves as a replacement to proprietary UEFI/BIOS, the videos from their European Coreboot Conference are now available.

    The European Coreboot Conference 2017 (ECC'17) was held in Bochum, Germany back at the end of October.

  • Election night hackathon supports civic engagement

    On November 7, 2017, members of the Rochester Institute of Technology (RIT) community came together for the annual Election Night Hackathon held in the Simone Center for Student Innovation. This marked the seventh anniversary of a civic tradition for the FOSS @ MAGIC community, in which students and faculty analyze civic problems in the local community, state, or country and propose a project to address them. MAGIC Center faculty and event organizers are on hand to help students choose open source licenses and publish and share their code.

KDE: Randa Meetings and KDE Edu Sprint 2017

Filed under
KDE
  • Looking Back at Randa Meetings 2017: Accessibility for Everyone

    Randa Meetings are a yearly collection of KDE Community contributor sprints that take place in Randa, Switzerland. With origins dating back to a Plasma meeting in 2009, Randa is one of the most important developer-related events in the community.

  • KDE Edu Sprint 2017

    Two months ago I attended to KDE Edu Sprint 2017 at Berlin. It was my first KDE sprint (really, I send code to KDE software since 2010 and never went to a sprint!) so I was really excited for the event.

    KDE Edu is the an umbrella for specific educational software of KDE. There are a lot of them and it is the main educational software suite in free software world. Despite it, KDE Edu has received little attention in organization side, for instance the previous KDE Edu sprint occurred several years ago, our website has some problems, and more.

    Therefore, this sprint was an opportunity not only for developers work in software development, but for works in organization side as well.

    In organization work side, we discuss about the rebranding of some software more related to university work than for “education” itself, like Cantor and Labplot. There was a wish to create something like a KDE Research/Science in order to put software like them and others like Kile and KBibTex in a same umbrella. There is a discussion about this theme.

Programming/Development: fwupd, LLVM and More

Filed under
Development
  • CSR devices now supported in fwupd

    The BlueCore CSR chips are used everywhere. If you have a “wireless” speaker or headphones that uses Bluetooth there is a high probability that it’s using a CSR chip inside. This makes the addition of CSR support into fwupd a big deal to access a lot of vendors. It’s a lot easier to say “just upload firmware” rather than “you have to write code” so I think it’s useful to have done this work.

  • Skylake Server Scheduler Model Updated In LLVM 6.0 Along With Other Intel CPU Updates
  • Most Software Code Will Be Written By Machines By 2040, Researchers Predict

    Imagine a scenario where a programmer needs to follow a couple of tried and tested procedures to write code that becomes a part of a bigger program that needs some insightful contribution from another programmer. So, is the first programmer really needed? Can’t we find a robotic replacement for the same?

    In the past, GitHub CEO had already made a prediction which says that future of coding is no coding at all. A similar speculation has been made by the researchers at the Oak Ridge National Laboratory, Tennessee, who have said that machines will write most of their own code by 2040.

  • Hazelcast joins Eclipse, JCache is key focal point

    Open source In-Memory Data Grid (IMDG) company Hazelcast has joined the Eclipse Foundation – and it has done so for a reason.

    Hazelcast’s primary focus will be on JCache the Eclipse MicroProfile and EE4J.

    In particular, Hazelcast will be collaborating with members to popularize JCache, a Java Specification Request (JSR-107).

    So what place does JCache fill in the universe then?

Software: Darktable, VLC, Mesa, Audacity, Toplip, GNUstep

Filed under
Software
  • Darktable 2.4-RC1 Rolls Out With Windows Support, OpenCL Improvements

    The open-source Darktable RAW photography software that's long been available for Linux and macOS has finally been ported to Microsoft Windows. But fortunately that's not all to be found in Darktable 2.4.

    While Windows support is their big headline feature of Darktable 2.4, the RC1 release that came out today is also packed with other improvements.

  • Linux Release Roundup: VLC, Mesa, Audacity + More

    Another week has flown by, making it time for another round-up of pertinent Linux app releases that didn’t manage to wangle a full post’s worth of waffle on this site.

    This week’s crop of curios includes updates to the world’s most popular open-source video player, the world’s most popular open-source audio editor, and the world’s most popular open-source graphics drivers.

  • Toplip – A Very Strong File Encryption And Decryption CLI Utility

    There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”. It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.

  • GNUstep Takes Another Step Forward For Implementing Apple's Cocoa Frameworks

    GNUstep is the long-standing free software project working to implement Apple's Cocoa Objective-C frameworks used by macOS. The GNU project has made new releases of their GUI and Back libraries.

    GNUstep GUI 0.26 is out this morning as the latest update to their graphical user-interface library. GNUstep GUI 0.26 has a number of compatibility improvements, translation updates, mouse tracking logic improvements, bug fixes, and other work.

today's howtos

Filed under
HowTos

Games: The Last Wind Monk, Haque, Super Night Riders, Bad Pad

Filed under
Gaming

Is PowerTop / TLP Still Useful To Save Power On Linux Laptops?

Filed under
Graphics/Benchmarks

This system was running Ubuntu 17.10 and the configurations tested included:

- Ubuntu 17.10 in a "stock" or "out of the box" experience when using its Linux 4.13 kernel, GNOME Shell 3.26.1 with Wayland, and Mesa 17.2.2 atop an EXT4 file-system.

- Upgrading the Ubuntu 17.10 system to Linux 4.15 Git for showing the power consumption when using the very latest kernel cycle.

- This Ubuntu 17.10 + Linux 4.15 system then with Intel PowerTop installed and changing all the tunables to their "good" values for maximum power-savings.

- Installing TLP and using its default power-saving options.

Read more

Linux 4.15 I/O Scheduler Tests: BFQ, CFQ, Kyber

Filed under
Graphics/Benchmarks
Linux

With some BFQ performance fixes included as part of Linux 4.15 along with other I/O scheduler work and block improvements for this latest Linux kernel series, here are some fresh benchmarks of the different I/O scheduler options using the Linux 4.15 Git kernel.

Read more

Ataribox Pre-Orders Begin on December 14

Filed under
GNU
Linux
Hardware
Gaming

The company behind the new games machine revealed the pre-order date in a (now deleted) Facebook post. It later uploaded an image teasing the date ‘14.12.17’ (pictured above).

Users will be able to “pre-order” the Ataribox through IndieGoGo, where the price for the console is expected to be start somewhere around the $299 mark.

Read more

Syndicate content