Language Selection

English French German Italian Portuguese Spanish

Misc

today's leftovers

Filed under
Misc

  • Changing Of The Guard For HPC And Big Iron At HPE

    Hewlett Packard Enterprise has been building a mainstream and grassroots server business aimed at large enterprises, HPC centers, and academic and government institutions for two decades. HPE took a run at the hyperscalers and cloud builders and large service providers with its Cloudline minimalist machinery, but has largely backed away from that business because margins are thin to non-existent.

    The systems business that is left represents the core of HPE after it has largely divested its software and services business, which it spent tens of billions of dollars to acquire to try to create a clone of IBM, and split off its PC and printer business into an entirely different company.

    While the original Hewlett Packard has a long history in proprietary and Unix systems, it was the acquisition of Compaq way back in September 2001 for $25 billion that gave what is now HPE a volume server business aimed at small, medium, and large enterprises as well as the emerging webscale companies. The rivalry with Dell (and to a lesser extent with Lenovo, Inspur, and Sugon) and the rise of the original design manufacturers who work directly with the hyperscalers and large public cloud builders (Foxconn, Quanta, Inventec, WiWynn, and such) have put the hurt on this ProLiant server business. But that ProLiant business is still formidable, and has many millions of loyal customers.

  • SUSE: 7 Digital Transformation Questions IT Should Ask Their Business Managers

    During the journey of digital transformation, organizations have to master several things at the same time: adopting new innovations, increasing efficiency, and maintaining continuity. IT not only plays a crucial role in these improvements but in many cases also leads transformation projects that improve the business.

  • Freedom to map depends on WHO delivers it

    At the moment, I do not know enough about this reform and its general background, to have a definite opinion on who is wrong or right here. But that is not important. My only goal with this post is to remind everybody, in India and everywhere else, that “map or you will be mapped” is not just a fancy slogan.

    Whoever draws the maps, or controls the data needed to draw them, can concretely increase, or limit, your personal freedom and rights. This is the only thing that you surely want to learn from all the congratulations and concerns above. Take them as concrete examples of what could actually go wrong, or right, with mapping laws, whatever digital map you are already living in.

  • Microsoft Attacks The Open Web Because It's Jealous Of Google's Success

today's leftovers

Filed under
Misc
  • mintCast 355.5 – McKnight in Shining Armor

    1:49 Linux Innards
    27:06 Vibrations from the Ether
    51:29 Check This Out
    58:45 Announcements & Outro

    In our Innards section, we talk to community member Mike!

    And finally, the feedback and a couple suggestions

  • The small web is beautiful

    About fifteen years ago, I read E. F. Schumacher’s Small is Beautiful and, despite not being interested in economics, I was moved by its message. Perhaps even more, I loved the terse poetry of the book’s title – it resonated with my frugal upbringing and my own aesthetic.

    I think it’s time for a version of that book about technology, with a chapter on web development: The Small Web is Beautiful: A Study of Web Development as if People Mattered. Until someone writes that, this essay will have to do.

    There are two aspects of this: first, small teams and companies. I’m not going to talk much about that here, but Basecamp and many others have. What I’m going to focus on in this essay is small websites and architectures.

  • PS2 Emulation Gets Even Nicer With Custom Textures

    PCSX2 has long been a fantastic PS2 emulator, but a recent advance has made it all the more appealing for anyone playing on a PC: the ability to swap textures in games.

    While the famous Dolphin emulator for the GameCube has long supported this feature, PCSX2 has only just brought it in, and it’ll allow modders to improve any kind of texture they want in an old PS2 game. In the example video below by someother1ne, we can see everything from the road in Gran Turismo to the helmets and jerseys in NFL2K5 get swapped out.

  • Epic Games is buying Fall Guys creator Mediatonic

    According to the blog posts and FAQs detailing the announcement, Fall Guys will remain available on Steam for the time being, and the developer is still bringing the game to both the Xbox and Nintendo Switch platforms. Epic and Mediatonic say there are no plans right now to make the game (which currently costs $19.99) free-to-play, as Epic did with Rocket League. Epic later confirmed it plans to make the PC version of Fall Guys available on the Epic Game Store.

today's leftovers

Filed under
Misc
  • Five Tips For The Openbox Window Manager

    Openbox has always been my favorite floating window manager. It holds a special place in my heart due it being the first window manager that I used when I switched to Linux. And I still find it so darn comfy to use!

  • The Waybig Machine | LINUX Unplugged 395

    It's our worst idea yet. We share the password to our brand-new server and see who can own the box first. Whoever wins gets a special prize.

    Plus how Archive.org uses Linux, and more.

  • Tachyum Delivers First Software Emulation Systems

    Native Tachyum Linux 5.10

  • Big Gains for Open Aerospace: Interview with Open Research Institute

    The Open Research Institute (ORI) is an OSI Affiliate project that works to facilitate worldwide collaboration in the development of technology. The past year has been a particularly exciting one -- achieving some groundbreaking wins for open source in aerospace. ORI’s co-founder and CEO, Michelle Thompson took some time out of her busy schedule to talk with me about their recent regulatory initiatives.

    DN: Can you tell us a little bit about the Open Research Institute's history and mission?

    MT: Open Research Institute's mission is to provide a friendly, safe, and accessible place to do open source research and development for amateur radio and beyond. We have been fully operational since March 2019 and have contributed technical and regulatory work central to the mission of the international amateur radio service. This work is useful outside of the amateur community because it allows a wide variety of organizations to use open source communications technology where they would otherwise have to reinvent a wheel, or restrict the work to US persons only.

    DN: It was a big year for ORI, with the determination that "Open Source Satellite Work" is free of International Traffic in Arms Regulations (ITAR.) What prompted ORI to draft a commodity jurisdiction request?

    MT: We were able to do this work due to the generous support of YASME Foundation, ARRL Foundation, and ARDC Foundation. Without their generous financial support and guidance, the technical and regulatory victories over the past 18 months would simply not have happened.

  • Sparky System

    There is a new, small application available for Sparkers: Sparky System

  • Digest of YaST Development Sprint 118

    You may know that both the SUSE and openSUSE families of operating systems include container-oriented members, namely openSUSE MicroOS and SLE Micro. In order to make them even more awesome, we got the request to make possible to propose and configure the usage of Security-Enhanced Linux, more widely known as SELinux, during the (auto)installation. This is a complex change affecting several parts of YaST and various versions of (open)SUSE, but you can get a good overview in the description of this pull request which includes some screenshots that may be worth a thousand words. Right now, the feature may look different on each one of the distributions due to the different state of SELinux on them. While in SLE Micro the new setting is visible during installation and activated at its more restrictive level, in others it may look more permisive or even not be presented at all. We expect things to consolidate during the upcoming weeks.

    And talking about things that take their time, for a long time we had wanted to improve the usability of the configuration of wireless network adapters. Finally we found the time to reorganize the corresponding tab in the YaST Network module, improving the mechanism to select a wireless network and automatically pre-filling as much information as possible. You can see the result in the following animation and in the detailed pull request with the usual before-and-after screenshots.

  • Steam On Linux In February Still Residing Below 1% - Phoronix

    Valve has released their updated Steam Survey figures for February 2021.

    For January, the reported Steam Linux usage hit 0.91%, similar to where it was in November of last year. With the ongoing success of Steam Play (Proton + DXVK/VKD3D-Proton) for running many modern Windows games well under Linux, Steam on Linux has been enjoying the upper sub-1% space on a monthly basis -- normally 0.8~0.9%.

  • Try the demo of Dashing Dodgems, a frantic and hilarious bumper cars party game

    In development by Yellowcake Games, it's all about last driver remaining and it's really fun. When a match starts to take too long, the world will start to crumble around you with tiles vanishing into the water. You cars can annihilate the environment too, which you need to do to get power-ups hidden inside buildings - which is quite satisfying when you bump your way through a town.

    [...]

    You can follow it on Steam and try the Linux demo on itch.io.

  • RADV Vulkan Driver Adds Option To Force Smart Access Memory Behavior

    The latest "Smart Access Memory" work by the open-source AMD Radeon graphics driver stack is an option for the RADV Vulkan driver to force the "SAM" behavior even if the system is not advertising all the video RAM as visible or even if using APU graphics.

  • Update on tender for a built-in UNO object inspection tool in LibreOffice

    In July last year, we launched a tender to implement a dedicated, built-in UNO object inspection tool in LibreOffice. UNO refers to Unified Network Objects, the component model used by the software.

    Tomaž Vajngerl was assigned to work on the tender, and has blogged about his progress. He discusses the point-and-click functionality to inspect selected objects in the document, and his next steps.

  • PRESS: Hardware hacker and academic Nadya Peek to keynote LibrePlanet 2021

    The Free Software Foundation (FSF) today announced digital fabrication expert and University of Washington assistant professor Nadya Peek as a keynote speaker for LibrePlanet 2021. The annual technology and social justice conference will be held online on March 20 and 21, 2021, with the theme "Empowering Users."

    [...]

    At this year's LibrePlanet conference, Peek will discuss the increasingly ambiguous dividing line between hardware and software, and how everyone can ensure that the physical tools created by digital fabrication methods are as hackable and reconfigurable as free software tools. On Peek's announcement as LibrePlanet 2021's third keynote speaker announcement, FSF program manager Zoë Kooyman stated, "Her work in human-centered design is exactly that: human-centered. Nadya Peek's research and work is guided by the powerful belief that machines, as well as the concept of automation itself, can be approached in a different way. By giving users access to all the pieces they could need to build a machine, she gives individuals the creative freedom to make or automate almost anything. It's empowering to the core and we're excited to learn more about her work."

    Asked to comment on being selected to keynote at the LibrePlanet conference, Peek stated, "LibrePlanet has an amazing community. I like it when I'm the person in the room who knows the fewest FFmpeg [a popular free software multimedia encoder] flags by heart. I'm very excited to spend time together, albeit virtually during an extremely strange time."

  • Intel Looking To Upstream A Proper SPIR-V Compute Back-End For LLVM

    It's been talked about many times from various parties but so far has remained elusive from the mainline LLVM code-base: a SPIR-V back-end for LLVM that would go from LLVM into this Khronos intermediate representation most notably used by OpenCL and Vulkan drivers. Intel engineers are stepping up and hope to help get a proper SPIR-V back-end upstreamed into LLVM.

    There have been various out-of-tree efforts and plans talked about by different companies/developers for having a SPIR-V back-end in LLVM as this key IR supported by the modern Khronos APIs. With Intel's latest push and "request for comments", they are looking to have a proper back-end in LLVM for targeting SPIR-V -- initially with a compute focus but the possibility of extending to 3D shader support for Vulkan later on.

  • Python For Loop Examples - nixCraft

    ow and when do I use for loops under Python programming language? How can I use the break and continue statements to alter the flow of a Python loop?

    A for loop is a Python statement which repeats a group of statements a specified number of times. You can use any object (such as strings, arrays, lists, tuples, dict and so on) in a for loop in Python. This page explains the basics of the Python for loop in including break and continue statements.

today's leftovers

Filed under
Misc

  • tCam-Mini IR thermal camera board ships with ESP32 module

    While there are plenty of ESP32 camera boards, it’s much harder to find off-the-shelf solutions with ESP32 wireless SoC and an IR thermal camera.

    That’s likely why Dan Julio decided to design tCam-Mini board combining an ESP32 module with a Flir Lepton 3.5 sensor with 160×120 resolution to capture radiometric data for thermographic analysis.

    [...]

    It’s possible to connect to the ESP32 thermal camera board in access point or station mode to control it with “tCam console” desktop application compatible with Linux...

  • How your young people can create with tech for Coolest Projects 2021
  • Canonical completes Azure Arc Validation Program, helps increase user confidence in Arc enabled production Kubernetes [Ed: Canonical has been boosting Microsoft for years and it closed bug #1 which basically means they don't wish to actually replace Windows]
  • Ubuntu Blog: Ubuntu in the wild – 2nd of March 2021

    The Ubuntu in the wild blog post ropes in the latest highlights about Ubuntu and Canonical around the world on a bi-weekly basis. It is a summary of all the things that made us feel proud to be part of this journey. What do you think of it?

    [...]

    This one could interest our Italian readers: Lorenzo Cavassa, Field Engineer at Canonical, will be talking about how to create Kubernetes clusters on any type of substrate, from public clouds to private data centers to the Edge, with the automation and flexibility provided by Juju and Ubuntu.

  • New Garuda Linux “Hawk Eagle” Released With LibreWolf Browser

    Following its monthly release model, the Garuda team has announced a new version called Garuda Linux “Hawk Eagle” (210225).

    Like all previous releases, this February update also comes with a new edition called KDE Dragonized BlackArch Edition. It features the BlackArch repository, tweaks, and most common tools.

    So, in total, Garuda now has 16 editions with different desktop environments: KDE Multimedia, GNOME, Xfce, LXQT-Kwin, Wayfire, i3WM, Qtile, MATE, Cinnamon, Recbox, UKUI, BSPWM, dr460nized, dr460nized gaming, dr460nized blackarch, Barebone KDE, and GNOME.

    Another important change that Garuda Linux “Hawk Eagle” has brought for all editions (except Xfce and i3WM) is the inclusion of the LibreWolf (with extensions) as the default web browser.

  • Late Night Linux – Episode 114

    Linux on another planet, Chrome OS enjoys huge success, great Firefox improvements, a flawed but well-meaning idea for a laptop, free RHEL for FOSS projects, Xfce news, and KDE Korner.

  • Cartesi (CTSI) Opens Linux Environment Gates for Avalanche

    Cartesi, the layer-2 decentralized Linux infrastructure announced its integration with Avalanche, the open-source platform for highly decentralized apps. With this integration, Cartesi’s Layer-2 infrastructure will expand within DeFi for the first time. Additionally, it will enable a Linux environment on Avalanche for smart contracts and higher computational scalability. Once the integration completes, the developers building on Avalanche will first time have access to develop smart contracts using Linux and uncountable mainstream software stack.

  •  

  • Official Evernote Application For Linux Available For Download (Beta)

    Let me start by telling you a bit about Evernote, in case you've never heard of it (which is weird, because this is a quite popular application). Evernote is an application for note-taking, organizing, task management, and archiving. Using it you can create notes using text, drawings, add photographs, audio, or web content. Each note can be tagged, annotated, edited, searched, given attachments, and exported. The application is free to use (but not free, open source software) with monthly usage limits, or you can use a paid plan. Up until recently, Evernote was available for Microsoft Windows, macOS, Android and iOS.

  • MySQL from Below

    When you insert data into a database and run COMMIT you expect things to be there: Atomically, Consistent, Isolated and Durable, like Codd commanded us 40 years ago, but also quickly. There is a surprising amount of sophistication being poured into this, but since I do not want to shame MongoDB and Redis developers in this post, I am not going to talk about that much in this place.

    We are instead trying to understand what our databases are doing all day, from the point of view of the storage stack.

  • To Prevent the Resurgence of the Pandemic, Can We Talk About Open-Source Research?

today's leftovers

Filed under
Misc
  • Call for Papers Open for openSUSE Conference

    The call for papers is open until May 4. This leaves a little more than 60 days to submit a proposal. The dates of the conference are scheduled for June 18 - 20. Registration for the conference has also begun.

  • [Arch] FOSS Activities in February 2021

    The start of this month was marked with FOSDEM! I held a talk about secure boot and the tooling stuff I have written, sbctl. It’s a tool to help you manage secure boot keys and signing files. With help from sbsigntools it also does live enrollment of keys.

    The talk went great (I think) and it was fun to see how FOSDEM pulled off the conference with matrix and jitsi. I gave me some inspiration for Arch Conf 2021 that I should try kick off some planning on.

  • Linux Championed Work From Home Before Everyone Else: Greg Kroah-Hartman [Ed: This is a revisionist load. GNU predates this. Linux and LF trying to delete GNU from history…]

    Linux kernel is the world’s largest collaborative technology. It’s created by thousands of people from around the world, working together from the comfort of their homes, just via email. In this episode of TFiR Insights, we hosted none other than Greg Kroah-Hartman, the leading Linux kernel developer and maintainer of the stable branch. We discussed a wide range of topics including work from home and the progress Linux has made over the years.

today's leftovers

Filed under
Misc
  • 15 ways to leave your cloud provider

    Avoid concentration

    While it’s tempting to keep things simple by using the same cloud for everything, the danger is that one cloud becomes a big point of failure. Microsoft, for instance, bought GitHub and this should give Azure users a reason to start thinking about storing their code in other repositories. Or at the very least, make sure it is pushed regularly to backups. The same goes for the other clouds.

    Use open source

    Proprietary code has many wonderful aspects. Sometimes the business model delivers some amazing software. There are many times in life when you get what you pay for and that can be true in the software world too. But only open source software offers you the freedom to move the code easily and quickly without begging, “Mother, may I?” Richard Stallman always said that he was after “free as in speech, not free as in beer.”

    Avoid proprietary tools

    The cloud providers usually offer two types of products: open source clones and proprietary tools. While the closed source products may offer plenty of tempting options and attractive innovations, the threat of losing service is too great to risk using them. If you choose the MySQL service at AWS, you can move to MySQL on your own box. If you choose a proprietary tool, you can’t.

  • Jan-Erik Rediger: Three-year Moziversary

    Has it really been 3 years? I guess it has. I joined Mozilla as a Firefox Telemetry Engineer in March 2018, I blogged twice already: 2019, 2020.

    And now it's 2021. 2020 was nothing like I thought it would and still been a lot like I said last year at this point. It's been Glean all over the year, but instead of working from the office and occasionally meeting my team in person, it's been working from home for 12 months now.

    In September of last year I officially became the Glean SDK tech lead and thus I'm now responsible for the technical direction and organisation of the whole project, but really this is a team effort. Throughout the year we made Project FOG happen. At least the code is there and we can start migrating now. It's far from finished of course.

  • Firefox 86 TOTALLY FIXES the cookie problem.

    Firefox 86 is the latest release of Firefox and it's got two killer features. One of them is how Firefox handles cross-origin requests and cookies: by silo-ing each web page. Now, when you visit a new site for the first time, any assets loaded from other websites (read: Google Analytics) don't have your login information from your Google Account. This is CRITICAL!

  • Community Member Monday: Rafael Lima

    I am a university professor in Brazil, and I teach and research optimization applied to management sciences. In my work I often need to write papers and prepare spreadsheets to analyze data, and for that I’ve been using LibreOffice for over a year now. I have been working with supply chain optimization problems such as vehicle routing, network design and facility location.

    I have always been an enthusiast of Open Source, since my undergraduate days in 2001. At the time I started using Linux and most of my current research work is done using FOSS tools. The dynamics of how open source software is developed is a topic that has always caught my attention.

    Outside of work, I like to spend my free time practicing sports (mostly playing tennis) and whenever I have the opportunity I like to travel to new places. And obviously, like many tech enthusiasts, I like gaming too!

  • Learning the Poke language in Y minutes

    Mohammad-Reza Nabipoor has written a nice short tutorial called "Learn
    the Poke Language in Y minutes". The tutorial has the form of a Poke
    program itself, and I think it really highlights the most uncommon
    (and useful!) features of our domain-specific language.

    The tutorial is also available as part the poke source distribution in
    `doc/learn-poke-language-in-y-minutes.pk' so you can play with it. Find
    the plain source file here.

    Mohammad will be improving and updating it as the language grows.
    Thanks Mohammad, and happy poking!

  • Swiss National Bank releases paper regarding CBDC and GNU Talers

    The Swiss National Bank has released a paper on the advantages of GNU Talers over blockchain and account-based digital money transactions for Central Bank Digital Currency.

    A possible technical implementation was presented in a paper by the Swiss National Bank (SNB), discussing the merits of token-based digital cash called GNU Talers. The Swiss Bank has been developing the concept of ‘Taxable Anonymous Libre Electronic Reserves’, or Taler for short. Interested parties have been able to try out the cryptographically secured digital ‘coins’ for some time.

today's leftovers

Filed under
Misc
  • Derivation: Peppertown video-game by Congusbongus and StarNavigator

    Thanks to the authors because the game is fully open-source and released on Github under the MIT License [2]. It was made with FLOSS tools (GIMP, VS Code, Phaser, Audacity, git, Tiled) for the MiniJam22 contest [3] and congratz to Congusbongus and StarNavigator for reaching the 2nd place with Peppertown!

  • What security does a default OpenBSD installation offer? (by solene@)

    In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation.

  • Jonathan Dieter: WANPIPE and DAHDI COPR for EL8

    At Spearline, we have a number of servers around the world with Sangoma telephony cards, which use the out-of-tree wanpipe and dahdi kernel modules. As we’ve been migrating our servers from CentOS 6 to SpearlineOS, one of the problems we’ve hit has been the out-of-tree modules don’t compile against the EL8 kernels that we use as the base for SpearlineOS.

    [...]

    If there’s any interest in using the kmod RPMs without the other packages in the COPR, I could look at splitting them into a separate COPR. Please email me if you would like me to do this.

  • Mousepad 0.5.3 Is Released

    The Xfce team has released another version of the extremely plain and simple Mousepad editor. The latest version has a keybinding for resetting the font size and some small fixes. It still lacks absolutely everything beyond the ability to edit text and load and save files.

    [...]

    Mousepad still lacks all the features other simple text-editors like KWrite have beyond the very basic ability to edit text. There is no syntax high-lighting, there is no spell-checker, you can't select text and make it uppercase or lowercase or much else for that matter. It does have a search-and-replace function, and you can load and save files, and you can even have multiple files open in tabs. It does have those things going for it even though it is severely lacking in all other areas.

today's leftovers

Filed under
Misc
  • Snapcraft Clinic Successes

    On Thursday I mentioned we were restarting the Snapcraft Clinic. Basically we stand up a regular video call with engineers from the snap and snapcraft team & us from Snap Advocacy. Developers of applications and publishers of snaps are invited to join to troubleshoot.

    There was nothing especially secret or private discussed, but as we don’t record or stream the calls, and I don’t have direct permission to mention the applications or people involved, so I’ll keep this a little vague. In future I think we should ask permission and record the outcomes of the calls.

    We had a few productive discussions. One developer brought an application which they’d requested classic confinement for, and wished to discuss the options for confinement. We had a rather lengthy open discussion about the appropriateness of the available options. The developer was offered some choices, including making changes to their application to accomodate confinement, and another was (as always) not to snap the application. They appreciated our openness in terms of accepting that there are limitations with all software, and not everything always makes sense to be packaged as a snap, at the moment.

    We also had a productive discusison with a representative of a group responsible for publishing multiple snaps. They had difficulties with a graphical snapped application once it had been updated to use core20. The application would launch and almost immediately segfault. As the application was already published in the Snap Store, in a non-stable channel, we were all able to install it to test on our own systems.

  • Kraft Version 0.96

    Ich freue mich, heute das Release Version 0.96 von Kraft herauszugeben. Die neue Version kann über die Homepage heruntergeladen werden.

  • A new data format has landed in the upcoming GTG 0.5

    Diego’s changes are major, invasive technological changes, and they would benefit from extensive testing by everybody with “real data” before 0.5 happens (very soon). I’ve done some pretty extensive testing & bug reporting in the last few months; Diego fixed all the issues I’ve reported so far, so I’ve pretty much run out of serious bugs now, as only a few remain targetted to the 0.5 milestone… But I’m only human, and it is possible that issues might remain, even after my troll-testing.

    Grab GTG’s git version ASAP, with a copy of your real data (for extra caution, and also because we want you to test with real data); see the instructions in the README, including the “Where is my user data and config stored?” section.

    Please torture-test it to make sure everything is working properly, and report issues you may find (if any). Look for anything that might seem broken “compared to 0.4”, incorrect task parenting/associations, incorrect tagging, broken content, etc.

  • MAS ‘Ocean strainer’ technology to be open source

    Inspired by the success of its ‘Ocean Strainer’ floating trash trap, a pilot project launched in the Dehiwala Canal last year, MAS Holdings will make the ‘Ocean Strainer’ technology available to interested parties, to replicate and scale up the solution.

  • Notes on Addressing Supply Chain Vulnerabilities

    One of the unsung achievements of modern software development is the degree to which it has become componentized: not that long ago, when you wanted to write a piece of software you had to write pretty much the whole thing using whatever tools were provided by the language you were writing in, maybe with a few specialized libraries like OpenSSL. No longer. The combination of newer languages, Open Source development and easy-to-use package management systems like JavaScript’s npm or Rust’s Cargo/crates.io has revolutionized how people write software, making it standard practice to pull in third party libraries even for the simplest tasks; it’s not at all uncommon for programs to depend on hundreds or thousands of third party packages.

    [...]

    Even packages which are well maintained and have good development practices routinely have vulnerabilities. For example, Firefox recently released a new version that fixed a vulnerability in the popular ANGLE graphics engine, which is maintained by Google. Both Mozilla and Google follow the practices that this blog post recommends, but it’s just the case that people make mistakes. To (possibly mis)quote Steve Bellovin, “Software has bugs. Security-relevant software has security-relevant bugs”. So, while these practices are important to reduce the risk of vulnerabilities, we know they can’t eliminate them.

    Of course this applies to inadvertant vulnerabilities, but what about malicious actors (though note that Brewer et al. observe that “Taking a step back, although supply-chain attacks are a risk, the vast majority of vulnerabilities are mundane and unintentional—honest errors made by well-intentioned developers.”)? It’s possible that some of their proposed changes (in particular forbidding anonymous authors) might have an impact here, but it’s really hard to see how this is actionable. What’s the standard for not being anonymous? That you have an e-mail address? A Web page? A DUNS number?[3] None of these seem particularly difficult for a dedicated attacker to fake and of course the more strict you make the requirements the more it’s a burden for the (vast majority) of legitimate developers.

    I do want to acknowledge at this point that Brewer et al. clearly state that multiple layers of protection needed and that it’s necessary to have robust mechanisms for handling vulnerability defenses. I agree with all that, I’m just less certain about this particular piece.

  • 26 Firefox Quantum About:Config Tricks You Need to Learn - Make Tech Easier

    “Here be dragons,” reads the ominous disclaimer when you type about:config into Firefox’s URL bar, warning you that tweaking things in this area is largely experimental and can cause instability to your browser.

    Sounds exciting, right? And even though it sounds a little scary, the fact is you will almost certainly be okay when you start playing around in this area and can actually use the features here to improve and speed up your browser. These are Make Tech Easier’s favorite Firefox about:config tricks, freshly updated for Firefox Quantum.

  • Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973 - Blueliv

today's leftovers

Filed under
Misc
  • Broadcom VK Accelerator Driver, More Intel ACRN Code Arrives For Linux 5.12 - Phoronix

    Greg Kroah-Hartman this week sent in "the large set of char/misc/whatever driver subsystem updates", which as usual -- given it's a catch-all area of kernel drivers not fitting well into other subsystems -- there is an interesting mix of additions.

    Linux 5.12 still isn't moving forward with any "accelerator" subsystem for the likes of the Habana Labs driver and other accelerators / offload cards, even with Linux 5.12 bringing the Broadcom VK accelerator driver, so for now the char/misc area of the kernel continues to expand.

  • Mesa Flips On OpenGL Threading For Valheim To Deliver Better Performance - Phoronix

    For those enjoying the Valheim, the new survival/sandbox game that has been an incredible success and sold more than four millions of copies so far while being a low-budget indie game, Mesa should be providing better performance when using its OpenGL renderer.

    Valheim is powered by the Unity game engine and is natively supported on Linux. Initially the focus was on the OpenGL rendering support while the game is now running out Vulkan support. But for those sticking to OpenGL usage, Mesa Git is performing better thanks to enabling OpenGL threading.

  • Library management system with global Open Source community

    It is difficult to choose a single benefit in Koha, says Jessica Andersson from Alingsås Library, who is also in the board of Koha’s Sweden Network. Koha is build to be modular and features can easily be controlled by activation or de-sctivation. This is a flexibility, which Jessica Andersson points out to be unique in Koha.

  •   

  • What is the GNOME Editor in Linux?

    If you are operating a Linux operating system through the GNOME editor, you will see a graphical text editor that you can use easily and well. It is a basic text editor that has a couple of advanced features for the fun of editing. When you start gedit with multiple files, it will load the files into individual buffers and display each of them as a tabbed window inside the editor’s main window. The left frame inside the gedit editor will show the documents that you have been editing.

today's leftovers

Filed under
Misc
  • Kernel Electric-Fence: Linux 5.12 Merges KFence For Low-Overhead Memory Safety Feature

    Linus Torvalds just merged a set of patches that includes KFence. Short for the Kernel Electric Fence, KFence is a low-overhead memory safety error detector/validator that is suitable for use in production kernel builds.

    While there has long been KASAN as the Kernel Address Sanitizer for a dynamic memory error detector for discovering use-after-free and out-of-bounds bugs within the Linux kernel, KFence aims to provide a lower-overhead solution.

  • FOSS, Mentorship, and Doing Great Work

    Katherine Druckman and Doc Searls talk to Travis Carden and Petros Koutoupis about maintaining open source projects, mentoring contributors, Drupal, and automated testing.

  • Tailwind does not support pseudo-elements

    This week I came across another tricky part of Tailwind, pseudo-elements. But what if you want to use them?

    What are pseudo-elements anyway? Pseudo-elements are HTML elements that do not exist in the HTML markup at all. Such elements won’t be visible to the browser assistive technology, they can only be styled visually with CSS.

    It’s quite common to define the :before and :after pseudo-elements that style a non-existing element in position relative to the element at hand. People use it for typography or drawing to keep markup clean and tidy. A lot of times, they are used in code pens to showcase some advanced CSS.

  • Spidermonkey Development Blog: SpiderMonkey Newsletter 9 (Firefox 86-87)

    SpiderMonkey is the JavaScript engine used in Mozilla Firefox. This newsletter gives an overview of the JavaScript and WebAssembly work we’ve done as part of the Firefox 86 and 87 Nightly release cycles.

  • Patterns

    The biggest value in design patterns is that it gives us a common language for talking about software and how it’s organized. That’s why Alexander named one of his books A Pattern Language. We’ve all spent hours making diagrams on black- or white-boards to show how some software we’re writing is organized. Design patterns give a common vocabulary so that we can discuss software with some certainty that we all mean the same thing. I eventually realized that UML had the same aim: UML diagrams are like architectural blueprints, in which one kind of line represents a brick wall, another wood, another plasterboard. Unfortunately, UML was never quite standard enough, and like design patterns, was perceived as a good in itself. In the end, a common vocabulary (whether a pattern catalog or UML) is a tool, and any tool can be abused.

  • QtQuick3D instanced rendering

    Using this new instancing feature on my development machine, QtQuick3D can render one million cubes at 60 frames per second (FPS), using only 2% CPU time. The same scene recreated with the API in Qt 6.0, using Repeater3D to generate cubes, starts to struggle at ten thousand cubes: only managing 42 FPS and using 100% of the CPU.

  • Using the Display Posts plugin with WordPress and custom CSS

    My goal when I refactored the site (once again) using WordPress was to focus more on writing than fiddling. I mean, yes, this was a tiny bit fiddly, but I could have spent quite a bit of time trying to code this up myself. Especially since coding isn’t my thing.

    Instead, a few “off-the-shelf” open source bits and I’m in business.

  • EDB tries to crowbar graph, JSON, and time-series data models into PostgreSQL – but can they pull it off?

    EDB, a prominant backer of the PostgreSQL open-source database, expects to focus on graph, JSON, and time-series data in the upcoming autumn release. Analysts, however, are sceptical about its ability to optimise for different data models ahead of built for purpose databases.

    Last week, EDB announced a 59 per cent increase in annual recurring revenue, although being privately held it can pick and choose which financial metrics to release. Its team has grown by nearly half, to 300, however that is dwarfed by comparable open-source-supporting firms like Red Hat, with 13,000 employees.

  • 30 Years of Browsers: A Quick History [Ed: Mostly glosses over Microsoft crimes in that area, as might be expected from IDG]

    It didn’t take long for Internet Explorer (IE) to win over most internet users, but that did attract the attention of the US government, which brought antitrust charges against Microsoft for its practice of preventing computer manufacturers from uninstalling IE and installing other browsers. The case was finally settled in 2001, but IE had three more years of being the preeminent browser ahead of it, peaking at 95% of the market in 2003.

  • Michael Meeks: 2021-02-26 Friday

    Finally got around to posting my FOSDEM slides, first an update for the Collaboration dev-room on integrating

  • FOSDEM 2021: Building massive virtual communities in Matrix

    Matthew, the open source lead for the Matrix project, held a 48 minutes long lecture on Matrix, a open protocol communications system with encrypted chat, chatrooms and more, at FOSDEM 2021. The video is worth watching if you are curious to learn how Matrix works, what their future plans are for shared spaces and other features, and the practical use-cases it can solve for you and your organization.

  • New Affiliate Member Joins OSI: The TeX Users Group

    The TeX Users Group (TUG) is new to the OSI Affiliate program, but not new to the world. It's a membership-based not-for-profit that was founded in 1980 to encourage and expand the use of TeX, LaTeX, Metafont and related systems. TUG fosters innovation while maintaining the usability of these systems. TUG also supports users by hosting an annual event, maintaining a list of active local TeX user groups and publishing a regular journal called TUGboat three times a year.

    The OSI loves to let folks know about open source tools that they could be using like the TeX, LaTeX and Metafont systems for preparing documents. TUG is for anyone who uses the TeX typesetting system created by Donald Knuth and/or is interested in typography and font design. If you want to install TeX on your computer, please consult the resources mentioned on the TUG home page.

  • Release notes for the Genode OS Framework 21.02

    Genode 21.02 stays close to the plan laid out on our road map, featuring a healthy dose of optimizations, extends the framework's ARM SoC options, and introduces three longed-for new features.

    First, we extended our concept of pluggable device drivers to all network drivers, including Ethernet and Wifi. As reported in Section Pluggable network device drivers, such drivers can now gracefully be started, restarted, removed, and updated at runtime without disrupting network-application stacks.

    Second, the release features the infrastructure needed for mobile-data communication over LTE, which is a prerequisite for our ambition to use Genode on the Pinephone. Section LTE modem stack gives insights into the involved components and the architecture.

    Third, we are happy to feature the initial version of VirtualBox 6 for Genode. Section VirtualBox 6.1.14 gives an overview of the already supported feature set and the outlook to reach feature-parity to our version of VirtualBox 5 soon. Speaking of VirtualBox in general (both versions), we were able to significantly improve the USB-device pass-through abilities, specifically covering audio headsets.

    Further noteworthy improvements of the current release range from added VirtIO-block device support for virtual machines on ARM (Section VirtIO block devices for virtual machines on ARM), revived developments on RISC-V (Section RISC-V), over VFS support for named pipes (Section VFS support for named pipes), to streamlined tooling (Section Build system and tools).

  • Genode OS Framework 21.02 Adds LTE Data Support, More RISC-V Work

    Genode OS 21.02 is out as the latest feature release to this open-source operating system framework.

  • The Apache News Round-up: week ending 26 February 2021

    Farewell, February --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities...

  • West: Post-Spectre web development

    Mike West has posted a detailed exploration of what is really required to protect sensitive information in web applications from speculative-execution exploits. "Spectre-like side-channel attacks inexorably lead to a model in which active web content (JavaScript, WASM, probably CSS if we tried hard enough, and so on) can read any and all data which has entered the address space of the process which hosts it. While this has deep implications for user agent implementations' internal hardening strategies (stack canaries, ASLR, etc), here we’ll remain focused on the core implication at the web platform level, which is both simple and profound: any data which flows into a process hosting a given origin is legible to that origin. We must design accordingly."

  • What Is the Shellshock Bug and Is It Still a Risk? [Ed: Borrowing old FUD to keep the scare. 2014 called. It wants is news back.]

    Like most security bugs, Shellshock took the internet by a storm in 2014 and compromised millions of accounts. This deadly bug originates from the Bash (Bourne Again Shell) which is the default command-line interface on all Linux, Unix, and Mac-based operating systems.

    The Shellshock vulnerability was first detected some 30 years ago but was not classified as an official and public threat until September of 2014. Even with the passage of time and numerous patches, this bug still remains a threat to enterprise security.

  • Five Tips For Life Sciences Companies To Protect Their AI Technologies [Ed: Some habitual copyleft FUD]

    Though they come in all shapes and flavors, open source licenses can generally be characterized into two groups: (1) permissive open source licenses, and (2) copyleft open source licenses. A permissive open source license (e.g., the MIT license) makes software code available for free to a user, but does not place significant restrictions on how the code must be used. Importantly, this means the user of code under a permissive open source license can combine the code with its own proprietary code and be under no obligation to disclose or license the combined code. Conversely, copyleft licenses (e.g., the General Public License (GPL)) also make software code available for free, but require that any modified code be licensed under the same terms. Therefore, if the copyleft licensed code is combined with proprietary code, the user may be required to make its proprietary code publicly available for free as well. Obviously, this is not a good outcome for a company desiring to keep its AI software secret. To avoid this negative outcome, companies should incorporate good hygiene around their use of open source software and implement policies and procedures to ensure that no source code is used that could jeopardize the secrecy of the company’s proprietary code.

Syndicate content

More in Tux Machines

4 Best Free and Open Source Graphical MPD Clients

MPD is a powerful server-side application for playing music. In a home environment, you can connect an MPD server to a Hi-Fi system, and control the server using a notebook or smartphone. You can, of course, play audio files on remote clients. MPD can be started system-wide or on a per-user basis. MPD runs in the background playing music from its playlist. Client programs communicate with MPD to manipulate playback, the playlist, and the database. The client–server model provides advantages over all-inclusive music players. Clients can communicate with the server remotely over an intranet or over the Internet. The server can be a headless computer located anywhere on a network. There’s graphical clients, console clients and web-based clients. To provide an insight into the quality of software that is available, we have compiled a list of 4 best graphical MPD clients. Hopefully, there will be something of interest here for anyone who wants to listen to their music collection via MPD. Here’s our recommendations. They are all free and open source goodness. Read more

LWN on Kernel: 5.12 Merge, Lockless Algorithms, and opy_file_range()

  • 5.12 Merge window, part 1 [LWN.net]

    The beginning of the 5.12 merge window was delayed as the result of severe weather in the US Pacific Northwest. Once Linus Torvalds got going, though, he wasted little time; as of this writing, just over 8,600 non-merge changesets have been pulled into the mainline repository for the 5.12 release — over a period of about two days. As one might imagine, that work contains a long list of significant changes.

  • An introduction to lockless algorithms [LWN.net]

    Low-level knowledge of the memory model is universally recognized as advanced material that can scare even the most seasoned kernel hackers; our editor wrote (in the July article) that "it takes a special kind of mind to really understand the memory model". It's been said that the Linux kernel memory model (and in particular Documentation/memory-barriers.txt) can be used to frighten small children, and the same is probably true of just the words "acquire" and "release". At the same time, mechanisms like RCU and seqlocks are in such widespread use in the kernel that almost every developer will sooner or later encounter fundamentally lockless programming interfaces. For this reason, it is a good idea to equip yourself with at least a basic understanding of lockless primitives. Throughout this series I will describe what acquire and release semantics are really about, and present five relatively simple patterns that alone can cover most uses of the primitives.

  • How useful should copy_file_range() be? [LWN.net]

    Its job is to copy len bytes of data from the file represented by fd_in to fd_out, observing the requested offsets at both ends. The flags argument must be zero. This call first appeared in the 4.5 release. Over time it turned out to have a number of unpleasant bugs, leading to a long series of fixes and some significant grumbling along the way. In 2019 Amir Goldstein fixed more issues and, in the process, removed a significant limitation: until then, copy_file_range() refused to copy between files that were not located on the same filesystem. After this patch was merged (for 5.3), it could copy between any two files, falling back on splice() for the cross-filesystem case. It appeared that copy_file_range() was finally settling into a solid and useful system call. Indeed, it seemed useful enough that the Go developers decided to use it for the io.Copy() function in their standard library. Then they ran into a problem: copy_file_range() will, when given a kernel-generated file as input, copy zero bytes of data and claim success. These files, which include files in /proc, tracefs, and a large range of other virtual filesystems, generally indicate a length of zero when queried with a system call like stat(). copy_file_range(), seeing that zero length, concludes that there is no data to copy and the job is already done; it then returns success. But there is actually data to be read from this kind of file, it just doesn't show in the advertised length of the file; the real length often cannot be known before the file is actually read. Before 5.3, the prohibition on cross-filesystem copies would have caused most such attempts to return an error code; afterward, they fail but appear to work. The kernel is happy, but some users can be surprisingly stubborn about actually wanting to copy the data they asked to be copied; they were rather less happy.

Banana Pi BPI-M2 Pro is a compact Amlogic S905X3 SBC

Banana Pi has already designed an Amlogic S905X3 SBC with Banana Pi BPI-M5 that closely follows Raspberry Pi 3 Model B form factor, but they’ve now unveiled a more compact model with Banana Pi BPI-M2 Pro that follow the design of the company’ earlier BPI-MP2+ SBC powered by the good old Allwinner H3 processor. BPI-M2 Pro comes with 2GB RAM, 16GB eMMC storage, HDMI video output, Gigabit Ethernet, Wifi & Bluetooth connectivity, as well as two USB 3.0 ports. Read more

Chrome 89 vs. Firefox 86 Performance Benchmarks On AMD Ryzen + Ubuntu Linux

Given this week's launch of Chrome 89 and the recent Firefox 86 debut, here are some quick benchmarks for those curious about the current performance when using Ubuntu Linux with a AMD Ryzen 9 5900X and Radeon graphics. Curious about the latest standing of the newest Firefox and Chrome releases on Linux, here are some quick benchmarks carried out on one of the systems locally. A larger comparison will come soon while this is just a quick one-page article for those eager to see some new browser numbers for AMD on Linux. The Ryzen 9 5900X was at stock speeds - the reported CPU frequency is due to a kernel bug working its way to 5.11/5.10 stable still. Read more