Language Selection

English French German Italian Portuguese Spanish

Phoronix

Syndicate content
Linux Hardware Reviews & News
Updated: 2 hours 43 min ago

Intel Media SDK 20.3 Released With AV1 Decode, Rocket Lake + DG1/SG1 Support

Saturday 10th of October 2020 06:39:40 PM
Just over one week ago Intel released the Media Driver 2020.3 with Gen12/Xe AV1 decode and other improvements for their quarterly feature release of this open-source video acceleration driver. They have also now released their adjoining Media SDK 20.3 open-source update...

KDE Plasma 5.21 To Bring Multi-GPU Support For Wayland

Saturday 10th of October 2020 03:45:40 PM
KDE developers have been busy not only putting the finishing touches on the soon to be released Plasma 5.20 but also early feature work continues on what will be Plasma 5.21...

AMD Sends Out Latest SFH Linux Driver Patches

Saturday 10th of October 2020 12:49:15 PM
It was in January that AMD finally published an open-source Linux driver for their Sensor Fusion Hub used by AMD Ryzen laptops for various sensor functionality. As we approach the end of the year this driver still hasn't been mainlined yet but a new revision was sent out on Friday...

RADV ACO Lands NGG Geometry Shader Support

Saturday 10th of October 2020 10:27:47 AM
Adding to the growing list of Mesa 20.3 features is now RADV ACO supporting NGG GS. Or rather, the Radeon Vulkan driver with the ACO back-end now supports geometry shaders with Next-Gen Geometry (NGG) as found on newer AMD GPUs...

Wine-Staging 5.19 Adds Windows.Networking.Connectivity

Saturday 10th of October 2020 07:48:25 AM
Following yesterday's release of Wine 5.19, the developers responsible for the Wine-Staging have issued their corresponding update for this codebase that adds 600+ patches currently undergoing testing...

Intel's Latest Compute Code Is Enabling OpenCL 3.0 For All Hardware Since Broadwell

Saturday 10th of October 2020 04:00:00 AM
Intel's next Compute Runtime release is going to be exciting as OpenCL 3.0 will be enabled for all graphics hardware found going back to Broadwell CPUs...

A Last Call For The 2020 Phoronix Premium Oktoberfest Special

Saturday 10th of October 2020 03:59:00 AM
Just a friendly reminder and last call that if you wanted to partake in this week's 2020 "Oktoberfest" Phoronix Premium special, it is ending this weekend...

Wine 5.19 Released With A Variety Of Changes

Friday 9th of October 2020 09:12:27 PM
Wine 5.19 is out as the latest bi-weekly development release of this software for running Windows games/applications on Linux and other platforms...

EXT4 "Fast Commits" Coming For Big Performance Boost In Ordered Mode

Friday 9th of October 2020 06:51:48 PM
After being in development for more than one year, it looks like with Linux 5.10 there will be EXT4 fast commit support...

The Current Intel Coffee Lake Mitigation Performance Impact With Linux 5.9

Friday 9th of October 2020 06:07:11 PM
Of the many new features in Linux 5.9 with its debut set for this weekend, one of the performance-related changes is Intel FSGSBASE support finally being mainlined. A half-decade after the Linux patches first appeared for this feature present in Intel CPUs going back to Ivy Bridge, the mainline kernel is now patched for this feature that can help out I/O and other context switching heavy workloads. Given many of the same workloads were negatively impacted by the CPU security mitigations of recent years, here is a look at the current mitigated vs. unmitigated performance difference on the Linux 5.9 kernel with an Intel Core i9 9900K CPU for reference on how the mitigation impact is on recent versions of the Linux kernel.

Paragon Sends Out Latest NTFS Read-Write Linux Driver Patches

Friday 9th of October 2020 02:45:47 PM
Back in August was the big surprise of file-system driver vendor Paragon Software wanting to mainline their NTFS driver into the Linux kernel that is much more advanced than the existing NTFS Linux driver. While not merged yet, on Friday the latest version was sent out for review...

KDE Plasma Mobile Has Been Making Great Progress

Friday 9th of October 2020 01:00:25 PM
Not only is the Plasma 5.20 desktop shining and more Wayland improvements and other enhancements queuing for Plasma 5.21, but the Plasma Mobile effort is also beginning to shine...

The Linux Kernel Preparing To Take Advantage Of The Intel DSA / ENQCMD In Sapphire Rapids

Friday 9th of October 2020 10:46:39 AM
Expected with next year's Intel Sapphire Rapids Xeon CPUs is the Intel DSA as the Data Streaming Accelerator for high performance data movement and transformation operations. Since the end of 2019 there have been Linux patches surfacing for bringing up the DSA support and now as we roll into 2021 the Linux kernel looks to begin making use of the new capabilities...

FFmpeg Now Supports VP9 Profile 2 VDPAU Decode (10-bit / 12-bit)

Friday 9th of October 2020 10:19:04 AM
New to the RTX 30 series and the NVIDIA 455 Linux driver is decode support with VDPAU for VP9 10-bit and 12-bit content, which can now be taken advantage of by the popular FFmpeg multimedia library...

AMD Reportedly In Talks To Acquire Xilinx

Friday 9th of October 2020 09:57:20 AM
While AMD is providing great pressure against Intel in the CPU space, it looks like AMD could be soon going up against them in the FPGA space too...

PowerPC 601 Support Being Retired In Linux 5.10 - The First 32-bit PowerPC CPU

Friday 9th of October 2020 04:00:00 AM
The PowerPC 601 as the first-generation processor supporting the 32-bit PowerPC RISC instruction set in the early 90's is being retired with the upcoming Linux 5.10 kernel...

Linux 5.10 To Fix Some HP Laptops Performing Less Than Optimally On AC Power

Thursday 8th of October 2020 10:00:08 PM
Some HP Spectre laptops and possibly other HP models as well should be performing better when running on AC power starting with the Linux 5.10 kernel...

AMD Ryzen 5000 Series / Zen 3 Launch

Thursday 8th of October 2020 04:00:00 PM
It's finally Zen 3 launch day! It's a virtual event given the ongoing pandemic, but this much anticipated CPU launch is now streaming.

AMD Ryzen 5000 Series (Zen 3) Linux Expectations - Should Be Good But No "Znver3" Compiler Yet

Thursday 8th of October 2020 03:00:00 PM
Today perhaps will be the most interesting day since the start of the pandemic... It's finally the day where AMD Zen 3 desktop CPUs are expected to be revealed in just about one hour's time! Stay tuned, but before that virtual event, here is a word on the Linux prospects and support for these upcoming AMD CPUs...

GNOME 3.38.1 Released With An Initial Batch Of Fixes

Thursday 8th of October 2020 01:41:50 PM
Following last month's release of GNOME 3.38, out today is GNOME 3.38.1 as the first point release to this H2'2020 Linux desktop environment...

More in Tux Machines

Plasma 5.20 is an exceptionally refined desktop

There you go. I have to say, this is the best Plasma release in a long while. I would say since 5.12. In fact, this should have been the LTS. You get everything: speed, stability, consistency, beautiful looks, highly functional software. And now, the challenge: this ought to remain, without regressions, for three releases. There are some small niggles here and there, but all in all, there's nothing cardinally wrong with this edition. Quite the contrary, it brings massive improvements on many levels, and infuses joy into my jaded soul, a ray of hope that has been absent for many months now. If you're contemplating Linux, or contemplating replacing your desktop environment, then Plasma 5.20 offers the freshest, most elegant solution by a huge margin. Worth testing and using - and hopefully, there will be some long-term version available somewhere, so that people need stability and minimal change can settle in and enjoy a refined, pleasant desktop. That's my wish for the new year, and now off you go testing. Bottom line: awesome. Bye bye. Read more

Accessibility in GTK 4

The big news in last weeks GTK 3.99.3 release is that we have a first non-trivial backend for our new accessibility implementation. Therefore, now is a good time to take a deeper look at accessibility in GTK 4. Lets start with a quick review of how accessibility works on Linux. The actors in this are applications and assistive technologies (ATs) such as screen readers (for instance, Orca), magnifiers and the like. The purpose of ATs generally is to provide users with alternative ways to interact with the application that are tailored to their needs (say, an enlarged view, text read out aloud, or voice commands). To do this, ATs need a lot of detailed information about the applications UI, and this is where the accessibility stack comes into play—it is the connecting layer between the application (or its toolkit) and the ATs. Read more

Security Leftovers

  • Kaspersky's Secur'IT hacking competition attracts entrants from 24 universities

    Four university students, competing as ByteMe, have won the first prize in the Secur'IT Cup, an annual hacking competition jointly organised by security outfit Kaspersky and Hackathons Australia.

  • Hackers Use Billboards to Trick Self-driving Cars into Slamming on the Brakes

    “The attacker just shines an image of something on the road or injects a few frames into a digital billboard, and the car will apply the brakes or possibly swerve, and that’s dangerous,” Ben Gurion University researcher Yisroel Mirsky told the magazine. “The driver won’t even notice at all. So somebody’s car will just react, and they won’t understand why.”

  • File Exfiltration via Libreoffice in BigBlueButton and JODConverter

    BigBlueButton is a free web-based video conferencing software that lately got quite popular, largely due to Covid-19. Earlier this year I did a brief check on its security which led to an article on Golem.de (German). I want to share the most significant findings here. BigBlueButton has a feature that lets a presenter upload a presentation in a wide variety of file formats that gets then displayed in the web application. This looked like a huge attack surface. The conversion for many file formats is done with Libreoffice on the server. Looking for ways to exploit server-side Libreoffice rendering I found a blog post by Bret Buerhaus that discussed a number of ways of exploiting such setups. One of the methods described there is a feature in Opendocument Text (ODT) files that allows embedding a file from an external URL in a text section. This can be a web URL like https or a file url and include a local file. This directly worked in BigBlueButton. An ODT file that referenced a local file would display that local file. This allows displaying any file that the user running the BigBlueButton service could access on the server. A possible way to exploit this is to exfiltrate the configuration file that contains the API secret key, which then allows basically controlling the BigBlueButton instance. I have a video showing the exploit here. (I will publish the exploit later.) I reported this to the developers of BigBlueButton in May. Unfortunately my experience with their security process was not very good. At first I did not get an answer at all. After another mail they told me they plan to sandbox the Libreoffice process either via a chroot or a docker container. However that still has not happened yet. It is planned for the upcoming version 2.3 and independent of this bug this is a good idea, as Libreoffice just creates a lot of attack surface. Recently I looked a bit more into this. The functionality to include external files only happens after a manual user confirmation and if one uses Libreoffice on the command line it does not work at all by default. So in theory this exploit should not have worked, but it did. It turned out the reason for this was another piece of software that BigBlueButton uses called https://github.com/sbraconnier/jodconverter JODConverter. It provides a wrapper around the conversion functionality of Libreoffice. After contacting both the Libreoffice security team and the developer of JODConverter we figured out that it enables including external URLs by default.

  • New Gitjacker tool lets you find .git folders exposed online

    A new open-source tool called Gitjacker can help developers discover when they've accidentally uploaded /.git folders online and have left sensitive information exposed to attackers. Gitjacker is available as a free download on Github.

Debian donation for Peertube development

The Debian project is happy to announce a donation of 10,000 USD to help Framasoft reach the fourth stretch-goal of its Peertube v3 crowdfunding campaign -- Live Streaming. This year's iteration of the Debian annual conference, DebConf20, had to be held online, and while being a resounding success, it made clear to the project our need to have a permanent live streaming infrastructure for small events held by local Debian groups. As such, Peertube, a FLOSS video hosting platform, seems to be the perfect solution for us. We hope this unconventional gesture from the Debian project will help us make this year somewhat less terrible and give us, and thus humanity, better Free Software tooling to approach the future. Read more