Language Selection

English French German Italian Portuguese Spanish

August 2019

Modern Linux Runs On Ancient Toshiba

Filed under
GNU
Linux

While Microsoft no longer supports those of its operating systems that were in heavy use into the early 2000s, support for old hardware is not typically something that you will have to worry about if you run Linux on your machines. Sure, there will be driver issues from time to time, and you might have to do some things by hand, but if you’re using legacy hardware you’ll want a Linux distribution of some sort. Especially if you’re running it on one of the first laptops to ever feature a Pentium processor of any kind.

This is a Toshiba T4900CT which [MingcongBai] has been able to spruce up by installing a simplified version of the AOSC OS Linux distribution. The distribution is known for its simplified user interface, and this particular one runs a “Retro” command-line-only version. Upon startup (which takes over two minutes), the user can view the hardware and software specs: Linux kernel 4.19.67 (released within the past year) on a 75 MHz Intel processor.

Read more

Devices: Open Source Arduino Buzzers, GNU Projects for the Motorola 68HC11, Android Pico Projector

Filed under
Hardware
  • Game On With These Open Source Arduino Buzzers

    Planning a game of Hacker Jeopardy at your next meetup? You’re going to want some proper buzzers to complete the experience, but why buy when you can build? [Flute Systems] has released an open source DIY game buzzer system based on the Arduino that will help instantly elevate your game. Certainly beats just yelling across the room.

    The design has been made to be as easily replicable as possible: as long as you’ve got access to a 3D printer to run off the enclosures for the buzzers and base station, you’ll be able to follow along no problem. The rest of the project consists of modular components put together with jumper wires and scraps of perfboard. Granted it might not be the most elegant solution, but there’s something to be said for projects that beginners and old salts alike can complete.

  • GNU Projects for the Motorola 68HC11

    Now that the GNU GCC 3.0 compiler has shipped and supports cross-compilation on the 68HC11 and 68HC12, what can you do with it? You can try out NanoK, a “nanoscopic” task-switching kernel.

    Or how about running Ethernet and a TCP/IP stack on your 68HC11? These and other uses of the GNU tool chain for 68HC11/68HC12 chips is covered at www.gnu-m68hc11.org. You’ll also find lots of documentation on installing and using the GNU compiler and tool chain.

  • Philips Crowdfunds PicoPix Max Android Pico Projector with Autofocus

OSS Leftovers

Filed under
OSS
  • This Program Makes It Even Easier to Make Deepfakes

    A new method for making deepfakes creates realistic face-swapped videos in real-time, no lengthy training needed.

    Unlike previous approaches to making deepfakes—algorithmically-generated videos that make it seem like someone is doing or saying something they didn’t in real life—this method works on any two people without any specific training on their faces.

    Most of the deepfakes that are shared online are created by feeding an algorithm hundreds or thousands of images of a specific face. The algorithm "trains" on that specific face so it can swap it into the target video. This can take hours or days even with access to expensive hardware, and even longer with consumer-grade PC components. A program that doesn’t need to be trained on each new target is another leap forward in making realistic deepfakes quicker and easier to create.

    [...]

    On their project website, the researchers say that the project code will eventually be available on GitHub...

  • 5 Free and Open Source CRM Software

    We’re here to save you time by going over some of the most popular free and open source CRM solutions and when you should consider paid system...

  • A free/open tool for making XKCD-style "hand-drawn" charts

    Tim Qian, a "full stack developer and open source activist," has published chart.xkcd, a free/open tool that lets you create interactive, "hand-drawn" charts in the style of XKCD comics. It's pretty fabulous!

  • The Secret Source: Machine Learning and Open Source Come Together

    There was a time when banks and asset managers would dare not talk about their use of AI—and, specifically, machine learning—in public forums, as they either viewed it as taboo or they wanted to hide its power from competitors. The secret, though, is out of the black box.

  • How China became a hero in open source

    China was once a relative zero when it came to software. Not anymore. In both proprietary and open source development, China's influence is growing. Sure, open source has helped to fuel that rise—as Swim.ai CTO Simon Crosby has suggested, "Now [China] can download our best, for free, every day"—but this tells an incomplete story. China may have been a net consumer of code once upon a time, but now has gone from zero to hero in open source.

  • The 7 Best Tools for Open-Source Network Bandwidth Monitoring

    Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is.

    There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.

    Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.

    Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

  • Au Revoir DTW

    While I wanted to use it for my tiny, crazy, work in progress thoughts, I find that it was increasingly being subsumed by my new shiny Mastodon.

    And as the volume of things I write now scales up, I do not want another place to maintain.

  • How To Promote Real Social Good

    It was big news this week when the nation’s most powerful chief executives finally acknowledged that corporations should contribute more to society than maximizing shareholder value.

    [...]

    This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation.

    [...]

    We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

Security Leftovers

Filed under
Security
  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

GNOME Feeds is a Simple RSS Reader for Linux Desktops

Filed under
GNOME

Feedreader, Liferea, and Thunderbird are three of the most popular desktop RSS readers for Linux, but now there’s a new option on the scene.

GNOME Feeds app is simple, no-frills desktop RSS reader for Linux systems. It doesn’t integrate or sync with a cloud-based service, like Feedly or Inoreader, but you can import a list of feeds via an .opml file.

“Power” users of RSS feeds will likely find that GNOME Feeds a little too limited for their needs. But the lean feature set is, arguably, what will make this app appeal to more casual users.

Read more

GNU Radio Launches 3.8.0.0, First Minor-Version Release In Six Years

Filed under
GNU

The GNU Radio maintainers have announced the release of GNU Radio 3.8.0.0, the first minor-version release of the popular LimeSDR-compatible software defined radio (SDR) development toolkit in over six years.

“It’s the first minor release version since more than six years, not without pride this community stands to face the brightest future SDR on general purpose hardware ever had,” the project’s maintainers announced this week. “What has not changed is the fact that GNU Radio is centred around a very simple truth: Let the developers hack on DSP. Software interfaces are for humans, not the other way around. And so, compared to the later 3.7 releases, nothing has fundamentally modified the way one develops signal processing systems with GNU Radio: You write blocks, and you combine blocks to be part of a larger signal processing flow graph.”

Read more

IBM/Red Hat Leftovers

Filed under
Red Hat
  • Accelerating the journey to open hybrid cloud with Red Hat Modernization and Migration Solutions

    The integration of technology into all areas of a business (the "digital transformation" we hear so much about) is fundamentally changing how organizations operate as well as how they deliver value to customers. An example is Lockheed Martin, who opted to undergo an eight-week agile transformation labs residency to implement an open source architecture onboard the F-22 and simultaneously disentangle its web of embedded systems. But such transformation can also create new challenges, from additional competitive pressures to increased customer expectations.

    To help overcome these challenges, Red Hat is introducing a family of solutions to help optimize infrastructure, modernize applications and accelerate innovation while supporting customers in their journey to the open hybrid cloud. Red Hat Modernization and Migration Solutions are designed to help customers realize the benefits of open technologies and adopt containers, Kubernetes and hybrid cloud-ready platforms. The family of solutions offers a path for customers from restrictive, proprietary environments to more flexible and (often) less costly open source alternatives, in an iterative approach.

  • Let’s talk about Privacy by Design

    Privacy by Design or Privacy by Default (PbD) is not a new concept. However PbD received renewed attention when the GDPR added PbD as a legal requirement. PbD refers to the process of building in technical, organizational and security measures at the beginning stage of product development and throughout the product lifecycle.

    [...]

    One PbD tool we use to build in privacy to our development process is our Privacy Impact Assessment, also known as a PIA. The PIA is a process which assists developers at the early stages in identifying and mitigating privacy risks associated with the collection and use of personal data.

    The PIA tool begins with a self assessment that asks a lot of questions about the planned project or product. This initiates a process of review by individuals trained in privacy and security. The process is collaborative and creates an on-going dialogue about privacy with respect to the product, system or application at hand.

  • IBM Open Sources Its Workhorse Power Chip Architecture

    RISC-V now has formidable competition from an architecture with a long track record in servers and supercomputers.

Simplicity Linux 19.10 Alpha ISOs are here!

Filed under
GNU
Linux

We’re proud to announce the release of Simplicity Linux 19.10. It is based on Stretchdog, which in turn is based on Debian Stretch. As this is an alpha release, none of these images should be considered finished versions, and may contain bugs or issues which won’t be present in the final release. These images should also be considered to be designed for live booting rather than being installed.

All three editions of Simplicity Linux 19.10 feature Ecosia as the default search engine. This is a search engine where revenue from ads is used to plant trees. It is something we have been testing for some time, and we weren’t going to include it in the alpha releases. However, after hearing about the fires in the Amazon Rainforest, we have decided to include Ecosia in each version. It’s our way of trying to help in whatever small way we can.

Simplicity Mini 19.10 Alpha is our cut down version of Simplicity Linux. There are few local applications, instead being replaced by browser based versions of software which are run through Google Chrome. comes with Google Docs, Gmail, Netflix, Vortex Cloud Gaming, Spotify, Mega.nz, Vivaldi browser which opens on boot, Lastpass password manager, DotVPN, uBlock Origin.

Read more

Programming Leftovers

Filed under
Development
  • Animating Ptolemy’s Equant with Python, SVG, and CSS

    You will recall my previous blog post that tried to build the necessary scaffolding for me to finally write up my 2017 PyCon Ireland keynote on the structure of the Medieval universe. It ran into several problems with matplotlib animations — but, having written that post, I realized that the problem ran deeper.

    How could any animation show a Solar System, when a Solar System’s motion never exactly repeats? The orbital periods of the planets aren’t exact multiples of each other, and don’t provide a moment when the planets reach their original positions and the animation can start over again. At whatever moment an animation finished and looped back to the beginning, the planets would visibly and jarringly jump back to their original position.

  • Train your own spell corrector with TextBlob

    TextBlob is a wonderful Python library it. It wraps nltk with a really pleasant API. Out of the box, you get a spell-corrector.

  • How To Learn Any Programming Language Online in 2019

    Let’s face it, computers are everywhere these days, and the need for programmers is ever-increasing. Programming is vital to make computers be able to help us solve our everyday problems. It’s also a means to increase their speed and usability. With this in mind, it’s high time you jumped on this bandwagon and learned a language yourself!

    However, picking out the most appropriate programming language to learn is a substantial task for beginners. A good approach to making this choice is to consider the most popular programming languages, which languages are easy-to-learn, and how easy it is to find a job for beginners in these languages.

  • How to Build a Custom Anaconda Installer for R

    A frequent question on the Anaconda Community mailing list is how to package R with conda for distribution. Depending on the use case, one option may be to use conda to move environments. This requires that conda has been previously installed on the system. Another option is conda constructor, a utility for packaging a complete conda installation with Python and R packages.

    Constructor is the same utility we use to build Anaconda Distribution and Miniconda installers. It’s a multi-platform installer which means you can build an installer for Windows, Linux and macOS. It also supports a number of options to control how the installer is built. These options are documented on the GitHub constructor repository.

  • Digging into regressions

    Whenever a patch is landed on autoland, it will run many builds and tests to make sure there are no regressions. Unfortunately many times we find a regression and 99% of the time backout the changes so they can be fixed. This work is done by the Sheriff team at Mozilla- they monitor the trees and when something is wrong, they work to fix it (sometimes by a quick fix, usually by a backout). A quick fact, there were 1228 regressions in H1 (January-June) 2019.

    My goal in writing is not to recommend change, but instead to start conversations and figure out what data we should be collecting in order to have data driven discussions. Only then would I expect that recommendations for changes would come forth.

  • “Sudo Mastery” and the new Tilted Windmill Press clothing line

    Sudo Mastery, 2nd edition, is now complete. I’m doing the release slightly different this time, however.

  • Fossil Versus Git

    The feature sets of Fossil and Git overlap in many ways. Both are distributed version control systems which store a tree of check-in objects to a local repository clone. In both systems, the local clone starts out as a full copy of the remote parent. New content gets added to the local clone and then later optionally pushed up to the remote, and changes to the remote can be pulled down to the local clone at will. Both systems offer diffing, patching, branching, merging, cherry-picking, bisecting, private branches, a stash, etc.

weston 7.0.0

Filed under
Graphics/Benchmarks

Weston 7.0.0 is released!

ABI note: the return value of two functions introduced in this release
has been changed from void to int: weston_log_scope_printf and
weston_log_scope_vprintf. Additionally weston_binding_destroy has been
made public again.

Daniel Stone (1):
      backend-drm: Enforce content protection for hardware planes

Manuel Stoeckl (1):
      weston-terminal: Ignore SIGPIPE

Marius Vlad (2):
      weston-log: Return bytes written for 'printf()' and 'vprintf()' functions
      compositor: Return the number of bytes written as to format properly

Simon Ser (1):
      build: bump to version 7.0.0 for the official release

sichem (1):
      make weston_binding_destroy public

git tag: 7.0.0

Read more

Also: Wayland's Weston 7.0 Compositor Released With PipeWire Streaming Support

More in Tux Machines

Security Leftovers

  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

GNOME Feeds is a Simple RSS Reader for Linux Desktops

Feedreader, Liferea, and Thunderbird are three of the most popular desktop RSS readers for Linux, but now there’s a new option on the scene. GNOME Feeds app is simple, no-frills desktop RSS reader for Linux systems. It doesn’t integrate or sync with a cloud-based service, like Feedly or Inoreader, but you can import a list of feeds via an .opml file. “Power” users of RSS feeds will likely find that GNOME Feeds a little too limited for their needs. But the lean feature set is, arguably, what will make this app appeal to more casual users. Read more

GNU Radio Launches 3.8.0.0, First Minor-Version Release In Six Years

The GNU Radio maintainers have announced the release of GNU Radio 3.8.0.0, the first minor-version release of the popular LimeSDR-compatible software defined radio (SDR) development toolkit in over six years. “It’s the first minor release version since more than six years, not without pride this community stands to face the brightest future SDR on general purpose hardware ever had,” the project’s maintainers announced this week. “What has not changed is the fact that GNU Radio is centred around a very simple truth: Let the developers hack on DSP. Software interfaces are for humans, not the other way around. And so, compared to the later 3.7 releases, nothing has fundamentally modified the way one develops signal processing systems with GNU Radio: You write blocks, and you combine blocks to be part of a larger signal processing flow graph.” Read more

IBM/Red Hat Leftovers

  • Accelerating the journey to open hybrid cloud with Red Hat Modernization and Migration Solutions

    The integration of technology into all areas of a business (the "digital transformation" we hear so much about) is fundamentally changing how organizations operate as well as how they deliver value to customers. An example is Lockheed Martin, who opted to undergo an eight-week agile transformation labs residency to implement an open source architecture onboard the F-22 and simultaneously disentangle its web of embedded systems. But such transformation can also create new challenges, from additional competitive pressures to increased customer expectations. To help overcome these challenges, Red Hat is introducing a family of solutions to help optimize infrastructure, modernize applications and accelerate innovation while supporting customers in their journey to the open hybrid cloud. Red Hat Modernization and Migration Solutions are designed to help customers realize the benefits of open technologies and adopt containers, Kubernetes and hybrid cloud-ready platforms. The family of solutions offers a path for customers from restrictive, proprietary environments to more flexible and (often) less costly open source alternatives, in an iterative approach.

  • Let’s talk about Privacy by Design

    Privacy by Design or Privacy by Default (PbD) is not a new concept. However PbD received renewed attention when the GDPR added PbD as a legal requirement. PbD refers to the process of building in technical, organizational and security measures at the beginning stage of product development and throughout the product lifecycle. [...] One PbD tool we use to build in privacy to our development process is our Privacy Impact Assessment, also known as a PIA. The PIA is a process which assists developers at the early stages in identifying and mitigating privacy risks associated with the collection and use of personal data. The PIA tool begins with a self assessment that asks a lot of questions about the planned project or product. This initiates a process of review by individuals trained in privacy and security. The process is collaborative and creates an on-going dialogue about privacy with respect to the product, system or application at hand.

  • IBM Open Sources Its Workhorse Power Chip Architecture

    RISC-V now has formidable competition from an architecture with a long track record in servers and supercomputers.