Language Selection

English French German Italian Portuguese Spanish

Linuxinsight

Syndicate content
LinuxInsight - aggregated feeds
Updated: 37 min 35 sec ago

TuxMachines: Mozilla Leftovers

Saturday 3rd of February 2018 11:25:12 AM
  • These Weeks in Dev-Tools, issue 3

    These Weeks in Dev-Tools will keep you up to date with all the exciting dev tools news. We plan to have a new issue every few weeks. If you have any news you'd like us to report, please comment on the tracking issue.

  • These Weeks in Firefox: Issue 31
  • Understanding Extension Permission Requests

    An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but are not built by Mozilla, it’s good practice to understand the permissions they ask for and how to make decisions about what to install. While rare, a malicious extension can do things like steal your data or track your browsing across the web without you realizing it.

    We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the release of Firefox 57 last fall. The new APIs limit an extension’s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a review process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.

  • Janitor project - Newsletter 10

    We hope you’ve had a smooth start into the year, and wish you all the best in your life and projects. This is your recurrent burst of good news about Janitor.

  • Switch from Chrome to Firefox in just a Few Minutes

    You’ve heard about how fast the new Firefox is. You’ve heard it’s made by people who want the web to be awesome for everyone. You like that, you’re curious to try, but you hesitate. Moving from Chrome to Firefox seems like work. Fussy, computer-y IT work. Ugh. ”What about all my “stuff”? I don’t want to set all this up again.”

read more

TuxMachines: Glibc 2.27 and everything you didn't know about FSFE in a picture

Saturday 3rd of February 2018 11:23:11 AM
  • Glibc 2.27 Released With Many Optimizations, Support For Static PIE Executables

    Being released right on time is Glibc 2.27, version 2.27 of the GNU C Library.

    As we have been covering the past few months, exciting us a lot about Glibc 2.27 are many performance optimizations with a number of functions receiving AVX/FMA tuning and other performance tweaks particularly for x86_64. But even on the ARM64/AArch64 side are also some performance optimizations as well as for POWER and SPARC.

  • GNU C Library 2.27 released

    The GNU C Library version 2.27 is now available.

    The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel.

  • Everything you didn't know about FSFE in a picture

    As FSFE's community begins exploring our future, I thought it would be helpful to start with a visual guide to the current structure.

    All the information I've gathered here is publicly available but people rarely see it in one place, hence the heading. There is no suggestion that anything has been deliberately hidden.

read more

Reddit: A dinner date: GNOME and Purism

Saturday 3rd of February 2018 11:22:40 AM

TuxMachines: Proprietary Security: Abobe, Windows, and Patching Buggy Chips

Saturday 3rd of February 2018 11:07:39 AM
  • An Adobe Flash 0day is being actively exploited in the wild

    The critical, use-after-free vulnerability, which is indexed as CVE-2018-4877, resides in the latest version of the widely installed Flash, researchers from Cisco Systems' Talos group said in a blog post. Adobe said separately that versions earlier than current Flash 28.0.0.137 are also susceptible. The vulnerability came to light on Wednesday when South Korea's CERT issued an advisory warning that attack code was circulating in the wild that exploited the zeroday flaw.

    Talos said the exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. Once the SWF object is triggered, it installs ROKRAT, a remote administration tool Talos has been tracking since January 2017. Until now, the group behind ROKRAT—which Talos calls Group 123—has relied on social engineering or exploits of older, previously known vulnerabilities that targets hadn't yet patched. This is the first time the group has used a zeroday exploit.

  • Cryptocurrency botnets are rendering some companies unable to operate

    Like Zealot, Smominru uses other exploit techniques to infect targeted computers, but it can fall back on the NSA-developed EternalBlue in certain cases, presumably for spreading from machine to machine inside infected networks or when other infection techniques fail on a machine that hasn't been patched. Smominru also makes use of the Windows Management Interface. Proofpoint said that the botnet is also likely exacting a punishing performance impact on the business networks it infects by slowing down servers and driving up electricity costs.

  • 6 important security takeaways from applying Spectre and Meltdown patches

    A flurry of patching commenced across all industries once these vulnerabilities came to light due to the severity involved. Here are seven important lessons I took away from the process:]...

read more

TuxMachines: DRM Stories

Saturday 3rd of February 2018 11:04:49 AM
  • Catalog of Missing Devices Illustrates Gadgets that Could and Should Exist

    Bad Copyright Law Prevents Innovators from Creating Cool New Tools

    San Francisco - The Electronic Frontier Foundation (EFF) has launched its “Catalog of Missing Devices”—a project that illustrates the gadgets that could and should exist, if not for bad copyright laws that prevent innovators from creating the cool new tools that could enrich our lives.

    “The law that is supposed to restrict copying has instead been misused to crack down on competition, strangling a future’s worth of gadgets in their cradles,” said EFF Special Advisor Cory Doctorow. “But it’s hard to notice what isn’t there. We’re aiming to fix that with this Catalog of Missing Devices. It’s a collection of tools, services, and products that could have been, and should have been, but never were.”

  • Remove the DRM from iTunes movies with TunesKit

    Since then, I'm able to watch videos purchased through iTunes using any iOS video app I want to, on my computer or Android handset. If you're so inclined, you can still watch your videos and transfer them to your iPhone using iTunes, too. It's worth mentioning that the software works on content rented from iTunes as well. But removing the DRM from rented videos to keep after the rental period is up is theft, plain and simple. Do what's right for you.

  • Documentary on the DRM-breaking farmers who just want to fix their tractors, even if they have to download bootleg Ukrainian firmware to do it

    Motherboard's short documentary, "Tractor Hacking: The Farmers Breaking Big Tech's Repair Monopoly" is an excellent look at the absurd situation created by John Deere's position that you can't own your tractor because you only license the software inside it, meaning that only Deere can fix Deere's tractors, and the centuries-old tradition of farmers fixing their agricultural equipment should end because Deere's shareholders would prefer it that way.

read more

LXer: This Week in Open Source News: Emotional Chatbots, LF Networking Fund & More

Saturday 3rd of February 2018 10:03:46 AM
This week in open source and Linux news, developer Eugenia Kuyda's fascinating open source-built chatbot is emotionally intelligent, The Linux Foundation forms new networking umbrella, & more!

TuxMachines: Apple Woes (Due to Competition From Android/Linux)

Saturday 3rd of February 2018 09:54:07 AM
  • iPhone ‘Super Cycle’ Pronounced Dead

    The iPhone “super cycle” -- a wave of upgrades and new customers that was supposed to wash over Apple Inc. this year with the introduction of its model X -- was pronounced dead on arrival.

    In Apple’s first earnings report since the launch of the pricey flagship smartphone, the company reported lower-than-expected handset sales from the holiday period. Chief Financial Officer Luca Maestri also forecast a decline in the average selling price of iPhones in the current quarter, suggesting the most-expensive models aren’t as popular.

  • Apple sells fewer phones but profits rise
  • iPhone sales down, but revenue up in latest quarter

    Apple sold less iPhones in the latest quarter but earned a lot more than a year ago, given the price of its iPhone X began at US$1000, according to the company's results for the first fiscal quarter of 2018. The user base of active devices rose to 1.3 billion in January.

  • Apple Says It Will Implement Toggle Option for iPhone Slowdowns Next Month

    Apple has confirmed the investigations launched by the US government over slowing down of customer's iPhone devices without being more transparent and says the promised power management features are coming next month.

    As you may be aware, Apple released last year a new software update that implemented a so-called feature which slowed down the performance of certain iPhone 6 and iPhone 6s devices with degrated batteries under cold weather and when the battery charge was low.

    The feature was extended to iPhone 7 models as well a year later, and discovered by accident after some users reported slowdowns on their older iPhone devices. Apple wasn't really transparent about this feature, even so Apple CEO Tim Cook said in an interview earlier this month that they said so in the release notes of the respective iOS update.

    Anyway, when Apple came clean about slowing down older iPhone devices, numerous customers sued the company, and it now looks like even the U.S. government is asking them about the handling of older iPhone batteries and their transparency to customers, as Bloomberg reported earlier this week.

read more

TuxMachines: Open source software: 20 years and counting

Saturday 3rd of February 2018 09:39:51 AM

Twenty years later, that campaign has proven wildly successful, beyond the imagination of anyone involved at the time. Today open source software is literally everywhere. It is the foundation for the internet and the web. It powers the computers and mobile devices we all use, as well as the networks they connect to. Without it, cloud computing and the nascent Internet of Things would be impossible to scale and perhaps to create. It has enabled new ways of doing business to be tested and proven, allowing giant corporations like Google and Facebook to start from the top of a mountain others already climbed.

Also: Open source is 20: How it changed programming and business forever

read more

TuxMachines: Rugged, fanless i.MX6 SBC matches COM Express Basic footprint

Saturday 3rd of February 2018 09:33:20 AM

Versalogic has revealed preliminary details of its first Arm-based SBC. The quad-core i.MX6-powered “Tetra” features up to 4GB RAM, 32GB eMMC, and 128K MRAM, plus I/O including GbE, SATA, LVDS, HDMI, USB, serial, CAN, microSD, and miniPCIe, and runs fanless over -40 to 85°C.

Versalogic, a decades-old designer and manufacturer of x86-based single board computers for embedded and industrial applications, has posted preliminary product details for its first-ever Arm SBC. Referred to as “Tetra” (aka VL-EPC-2700), the new SBC puts NXP’s ubiquitous i.MX6 SoC to work on a rugged, fanless board that’s well endowed with networking, storage, graphics, USB, serial, and GPIO interfaces, and also supports modular expansion with mini-PCIe, mSATA, and microSD cards.

read more

Reddit: Natural TTS engine + GUI for Linux?

Saturday 3rd of February 2018 09:24:11 AM

LXer: Which Linux Kernel Version Is 'Stable'?

Saturday 3rd of February 2018 08:20:51 AM
Almost every time Linus Torvalds releases a new mainline Linux kernel, there's inevitable confusion about which kernel is the "stable" one now. Is it the brand new X.Y one, or the previous X.Y-1.Z one? Is the brand new kernel too new? Should you stick to the previous release?

Reddit: Centos wifi?

Saturday 3rd of February 2018 07:38:14 AM

So after many hours of searching the internet and googling things, I have come to the conclusion that there is no proper working solution for "no wlan or wireless dev shows when 'nmcli dev status' is run?" on the whole internet.

submitted by /u/avengingangel69
[link] [comments]

Reddit: Just Created an Interesting Plymouth Theme

Saturday 3rd of February 2018 06:57:51 AM

LXer: How to Install OpenProject on Ubuntu 16.04

Saturday 3rd of February 2018 06:37:55 AM
OpenProject is a web-based management system for location-independent team collaboration, released under GNU GPL 3 License. It's a project management software that provides task-management, team collaboration, and scrum. In this tutorial, I will show you how to install and configure the OpenProject management system using Ubuntu 16.04.

Reddit: What can I read to grok VFIO?

Saturday 3rd of February 2018 06:16:17 AM

I'd like to write a userspace driver for some hardware. I hear that VFIO is a good option. What can I read to wrap my head around it? I've read "vfio.txt" in the kernel source but it doesn't provide too much detail.

submitted by /u/capitalsigma
[link] [comments]

Reddit: Weird problem on System76 Galago pro.

Saturday 3rd of February 2018 06:11:25 AM

I got a core i7 Galago pro laptop from System 76. Have a weird problem that seems to be related to GPU..

It has Intel® UHD Graphics 620.

After wiping out Pop OS, I installed Ubuntu 16.04. Played around with various configs and currently triple booting Ubuntu 16.04, Ubuntu 17.10 and Windows 10.

16.04 works ok but freezes after playing videos randomly and then resumes sometimes.

Ubuntu 17.10 freezes and display messes up upon boot if system is running for a while on some other OS. Always have to force reset.

Windows 10 never froze (till now) and display never messed up, however hard I tried.

I have narrowed it down to heating and/or driver issues. When 17.10 freezes (even installer), laptop is somewhat warm to touch but not hot. It works fine when booted after rest of 30 mins.

I have following in dmesg in 16.04 after freeze:

[ 183.722227] [drm] GPU HANG: ecode 9:0:0x85dffffb, in totem [2667], reason: Hang on render ring, action: reset

[ 183.722298] drm/i915: Resetting chip after gpu hang

[ 200.695666] drm/i915: Resetting chip after gpu hang

Have not managed to capture dmesg for 17.10 yet.

Does it appear to be a one off hardware issue or a software/firmware one? Will a replacement also have the issue?

Usually I would go for replacement but I am located outside USA and it was hassle to get it shipped to me. Now it will be an even bigger hassle to get it replaced.

submitted by /u/rfdz
[link] [comments]

Reddit: Need help

Saturday 3rd of February 2018 05:57:26 AM

I have an old laptop on which I run arch. I've created a local ssh server on it. How do I play music on that system by logging in on the server through my phone. Like I keep the the server on at all times.. When i am home, I want to log in and just play music via cmus on the laptop. Is it possible? Thanks a lot in advance.

submitted by /u/SirRavixOfFourhorn
[link] [comments]

Reddit: Raspberry Pi

Saturday 3rd of February 2018 05:42:23 AM

so im looking to build a raspberry pi leaning towards pi3 any for running Kali any suggestions on what hardware i will need to get?

submitted by /u/harvee94
[link] [comments]

More in Tux Machines

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.

Logstash 6.2.0 Released, Alfresco Grabbed by Private Equity Firm

  • Logstash 6.2.0 Release Improves Open Source Data Processing Pipeline
    The "L" in the ELK stack gets updated with new features including advanced security capabilities. Many modern enterprises have adopted the ELK (Elasticsearch, Logstash, Kibana) stack to collect, process, search and visualize data. At the core of the ELK stack is the open-source Logstash project which defines itself as a server-side data processing pipeline - basically it helps to collect logs and then send them to a users' "stash" for searching, which in many cases is Elasticsearch.
  • Alfresco Software acquired by Private Equity Firm
    Enterprise apps company taken private in a deal that won't see a change in corporate direction. Alfresco has been developing its suite of Enterprise Content Management (ECM) and Business Process Management (BPM) technology since the company was founded back in June of 2005. On Feb. 8, Alfresco announced that it was being acquired by private equity firm Thomas H. Lee Partners (THL). Financial terms of the deal are not being publicly disclosed.

Servers and GPUs: Theano, DevOps, Kubernetes, AWS

  • Open Source Blockchain Computer Theano
    TigoCTM CEO Cindy Zimmerman says “we are excited to begin manufacturing our secure, private and open source desktops at our factory in the Panama Pacifico special economic zone. This is the first step towards a full line of secure, blockchain-powered hardware including desktops, servers, laptops, tablets, teller machines, and smartphones.” [...] Every component of each TigoCTM device is exhaustively researched and selected for its security profile based especially on open source hardware, firmware, and software. In addition, devices will run the GuldOS operating system, and open source applications like the Bitcoin, Ethereum and Dash blockchains. This fully auditable stack is ideal for use in enterprise signing environments such as banks and investment funds.
  • Enterprises identify 10 essential tools for DevOps [Ed: "Source code repository" and other old things co-opted to promote the stupid buzzword "devops"]
    Products branded with DevOps are everywhere, and the list of options grows every day, but the best DevOps tools are already well-known among enterprise IT pros.
  • The 4 Major Tenets of Kubernetes Security
    We look at security from the perspective of containers, Kubernetes deployment itself and network security. Such a holistic approach is needed to ensure that containers are deployed securely and that the attack surface is minimized. The best practices that arise from each of the above tenets apply to any Kubernetes deployment, whether you’re self-hosting a cluster or employing a managed service. We should note that there are related security controls outside of Kubernetes, such as the Secure Software Development Life Cycle (S-SDLC) or security monitoring, that can help reduce the likelihood of attacks and increase the defense posture. We strongly urge you to consider security across the entire application lifecycle rather than take a narrow focus on the deployment of containers with Kubernetes. However, for the sake of brevity, in this series, we will only cover security controls within the immediate Kubernetes environment.
  • GPUs on Google’s Kubernetes Engine are now available in open beta
    The Google Kubernetes Engine (previously known as the Google Container Engine and GKE) now allows all developers to attach Nvidia GPUs to their containers. GPUs on GKE (an acronym Google used to be quite fond of, but seems to be deemphasizing now) have been available in closed alpha for more than half a year. Now, however, this service is in beta and open to all developers who want to run machine learning applications or other workloads that could benefit from a GPU. As Google notes, the service offers access to both the Tesla P100 and K80 GPUs that are currently available on the Google Cloud Platform.
  • AWS lets users run SAP apps directly on SUSE Linux
  • SUSE collaborates with Amazon Web Services toaccelerate SAP migrations

Chrome and Firefox

  • The False Teeth of Chrome's Ad Filter.
    Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of trust in advertising that leaves massive user privacy issues unaddressed. Last year, a new industry organization, the Coalition for Better Ads, published user research investigating ad formats responsible for "bad ad experiences." The Coalition examined 55 ad formats, of which 12 were deemed unacceptable. These included various full page takeovers (prestitial, postitial, rollover), autoplay videos with sound, pop-ups of all types, and ad density of more than 35% on mobile. Google is supposed to check sites for the forbidden formats and give offenders 30 days to reform or have all their ads blocked in Chrome. Censured sites can purge the offending ads and request reexamination. [...] Some commentators have interpreted ad blocking as the "biggest boycott in history" against the abusive and intrusive nature of online advertising. Now the Coalition aims to slow the adoption of blockers by enacting minimal reforms. Pagefair, an adtech company that monitors adblocker use, estimates 600 million active users of blockers. Some see no ads at all, but most users of the two largest blockers, AdBlock and Adblock Plus, see ads "whitelisted" under the Acceptable Ads program. These companies leverage their position as gatekeepers to the user's eyeballs, obliging Google to buy back access to the "blocked" part of their user base through payments under Acceptable Ads. This is expensive (a German newspaper claims a figure as high as 25 million euros) and is viewed with disapproval by many advertisers and publishers.
  • Going Home
  • David Humphrey: Edge Cases
  • Experiments in productivity: the shared bug queue
    Over the next six months, Mozilla is planning to switch code review tools from mozreview/splinter to phabricator. Phabricator has more modern built-in tools like Herald that would have made setting up this shared queue a little easier, and that’s why I paused…briefly
  • Improving the web with small, composable tools
    Firefox Screenshots is the first Test Pilot experiment to graduate into Firefox, and it’s been surprisingly successful. You won’t see many people talking about it: it does what you expect, and it doesn’t cover new ground. Mozilla should do more of this.