Language Selection

English French German Italian Portuguese Spanish

September 2019

Linux 5.4-rc1

Filed under
Linux

I didn't really extend the merge window by a day here, but I gave
myself an extra day to merge my pending queue. Thus the Monday date
for the rc1 rather than the usual Sunday afternoon.

And it wasn't all _that_ big or painful a merge window, for some
reason I just didn't get to the end of the queue until fairly late in
the second week, and continued to get a few more pull requests even
then. Part of it was just other discussions too happening, so I didn't
do _just_ merges all the time. But part of it was just that I also
spent some of Sunday away from the computer, doing some welding
instead.

Anyway, what I'm saying is that the Monday rc1 isn't really a sign of
any real trouble or more issues than usual. More just random timing.

Size-wise, 5.4 looks to shape up very regular. It's almost exactly the
same size as 5.3 was at the same stage, both in commits and in lines
added (honestly in advertising: 5.3 had more lines removed mainly due
to some isdn removal). Nothing major stands out, the most notable may
be the long-pending lockdown patches that weren't all that big, but
that now finally aren't tied to just EFI secure boot, so you can test
them out other ways too.

Read more

Also: The 5.4-rc1 kernel is out

Linux 5.4-rc1 Kernel Steps Forward With Next-Gen GPU Bits, Arm Laptop Support & exFAT

Manjaro Linux makes two bold moves

Filed under
Linux

Manjaro has had one heck of a ride lately. Recently, the Arch-based Linux distribution went from being just that (an Arch-based Linux distribution) to a full-blown company: Manjaro GmbH & Co. KG. The move was to shift the distribution from being a hobby project to something that should (and will) be taken seriously.

In fact, Philip Müller said he'd been researching "ways to secure the project in its current form and how to allow for activities which can't be undertaken as a 'hobby project.'" What this boils down to is that the Manjaro developers could now focus on the desktop Linux distribution full time, all the while getting paid for their efforts.

Read more

Raspberry Pi OS Raspbian Improves Raspberry Pi 4 Support, Adds Many Improvements

Filed under
Linux

Raspbian 2019-09-26 images are now available to download and they include the rpi-eeprom tool, which will automatically update the SPI EEPROM on the new Raspberry Pi 4 computer to the latest stable version. Furthermore, it adds overscan support added for FKMS driver, and improves Bluetooth connection with audio devices by adding the latest changes to the Bluez ALSA interface.

Furthermore, the Audio Settings tool has been modified to integrate more closely with the Volume plugin, which now lets users switch audio input devices, as well as the audio output between two HDMI devices. Support for more audio devices has been added as well in Raspbian 2019-09-26 by implementing "plug" values in the ALSA configuration file (.asoundrc).

Read more

Android Leftovers

Filed under
Android

The Xeon vs. EPYC Performance With Intel's oneAPI Embree & OSPray Render Projects

With Intel seemingly ramping up work on their open-source OSPray portable ray-tracing engine now that they have pulled it under their oneAPI umbrella as part of a forthcoming rendering tool-kit, I figured it would be the latest interesting candidate for benchmarking of AMD EPYC 7742 vs. Intel Xeon Platinum 8280 performance. In addition, the Embree ray-tracing kernels are also being benchmarked as part of this performance comparison.

Intel's oneAPI is expected to see a beta release next quarter and among the libraries making up the oneAPI Rendering Toolkit will be OSPray and Embree. The OSPRay ray-tracing engine is geared for scientific visualizations and supports a wide range of features all while being open-source under the Apache 2.0 license. OSPray also builds off Embree itself as well as the Intel SPMD Program Compiler (ISPC). The SPMD Program Compiler is for Intel's C-derived language optimized for SIMD on their modern architectures.

Read more

Security in Linux 5.4

Filed under
Linux
Security

Security Updates

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).

  • Exim 4.92.3 security release

    Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based buffer overflow in string_vformat that could lead to remote code execution. "The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist."

  • pam-python: local root escalation (CVE-2019-16729)

    Last week the openSUSE Security Team spent some time to check and review the PAM module from the pam-python project. Main reason for that – to make sure that the source code of the project is secure enough and bug free of course. Badly implemented PAM modules may cause user authentication to always succeed or otherwise badly influence security.

Exaile Music Player Got Its First Release in 4 Years, And I Didn’t Even Notice!

Filed under
Software

It turns out that this long-forgotten music library-come-player quietly squeaked back into life in the summer with the release of Exaile 4.0.0.

Exaile, for those who don’t know about it, is a GTK-based music player that was (arguably) most popular during the “halcyon” days of omg! in 2009-2012, aka the era of apps like CoverGloobus, Docky, eMeSeNe, Songbird, et al.

But the player (like other great apps of its time) soon faded from earshot as the music player scene solidified around apps like Banshee and Clementine and music streaming services like Spotify, Pandora and Deezer.

Read more

Microsoft Loves Linux Needs More Work Argues Open Source Leader

Filed under
GNU
Microsoft

Microsoft has increasingly embraced Linux in recent years, enough for Redmond to run under the mantra, “Microsoft Loves Linux”. Of course, the reason for the sea change from hating open source to embracing it is simply good economic movement.

Despite its new-found love for Linux, one expert believes Microsoft has a long way to go to atone for past problems. Specifically, free-software leader Richard Stallman says Microsoft’s top execs previously targeted open source in the past.

Most famous of the Linux attacks was former Microsoft CEO Steve Ballmer, who described the platform as a “cancer”. Former Windows chief Jim Allchin said the open source idea was both un-American and a killer of intellectual property.

Read more

More in Tux Machines

today's howtos

GameMode 1.5

  • Feral's GameMode 1.5 Now Supports Changing The CPU Governor Differently For iGPUs

    With Feral's GameMode 1.5 the big change facing users is for those running integrated graphics. In a change led by an Intel open-source graphics driver developer, GameMode now supports setting an alternative CPU frequency scaling governor for integrated graphics use-cases. Up to now GameMode has defaulted to always using the "performance" CPU frequency scaling governor for normally delivering the best performance, but for integrated graphics that in some situations can lead to lower performance. Due to the integrated graphics and CPU cores sharing the same power envelope, ramping up the CPU performance can throw the graphics performance out of balance and at least for some games lead to lower performance. So with GameMode 1.5, the user can now opt for "powersave" or an alternative governor instead when using an iGPU.

  • Feral Interactive's open source 'GameMode' system performance booster has a new release

    Feral Interactive don't just port a lot of games to Linux, they also work on some open source bits here and there. One of their projects is GameMode, which just got a new release. GameMode is a "daemon/lib combo for Linux that allows games to request a set of optimisations be temporarily applied to the host OS and/or a game process". In simple terms, it can help ensure your Linux PC is giving the game all it can to run smoothly. Looks like someone new is handling the project too, with Alex Smith having left Feral Interactive.

Mozilla on Privacy Badger, Rust and Digital ID Systems

  • Firefox Extension Spotlight: Privacy Badger

    People can't be expected to understand all of the technically complex ways their online behavior is tracked by hidden entities. As you casually surf the web, there are countless techniques different third party actors use to secretly track your online movement. So how are we supposed to protect our privacy online if we don't even understand how the game works? To help answer this, the good folks at the Electronic Frontier Foundation (a non-profit devoted to defending digital privacy) built Privacy Badger--a browser extension designed to give you highly advanced tracking protection, while requiring you to do nothing more than install it on Firefox. No configuration, no advanced settings, no fuss. Once you have Privacy Badger installed, it automatically scours every website you visit in its relentless hunt for hidden trackers. And when it finds them, blocks them.

  • This Week In Rust: This Week in Rust 322
  • What could an “Open” ID system look like?: Recommendations and Guardrails for National Biometric ID Projects

    Digital ID systems are increasingly the battlefield where the fight for privacy, security, competition, and social inclusion is playing out. In our ever more connected world, some form of identity is almost always mediating our interactions online and offline. From the corporate giants that dominate our online lives using services like Apple ID and Facebook and Google’s login systems to government IDs which are increasingly required to vote, get access to welfare benefits, loans, pay taxes, get on transportation or access medical care. Part of the push to adopt digital ID comes from the international development community who argue that this is necessary in order to expand access to legal ID. The UN Sustainable Development Goals (SDGs) call for “providing legal identity for all, including birth registration” by 2030. Possessing legal identity is increasingly a precondition to accessing basic services and entitlements from both state and private services. For the most marginalised communities, using digital ID systems to access essential services and entitlements from both state and private services are often one of their first interactions with digital technologies. Without these commonly recognized forms of official identification, individuals are at risk of exclusion and denial of services. However, the conflation of digital identity as the same as (or an extension of) “legal identity”, especially by the international development community, has led to an often uncritical embrace of digital ID projects. In this white paper, we survey the landscape around government digital ID projects and biometric systems in particular. We recommend several policy prescriptions and guardrails for these systems, drawing heavily from our experiences in India and Kenya, among other countries. In designing, implementing, and operating digital ID systems, governments must make a series of technical and policy choices. It is these choices that largely determine if an ID system will be empowering or exploitative and exclusionary. While several organizations have published principles around digital identity, too often they don’t act as a meaningful constraint on the relentless push to expand digital identity around the world. In this paper, we propose that openness provides a useful framework to guide and critique these choices and to ensure that identity systems put people first. Specifically, we examine and make recommendations around five elements of openness: multiplicity of choices, decentralization, accountability, inclusion, and participation.

Red Hat/IBM: Red Hat Enterprise Linux, OpenShift 4.3 and OpenSCAP

  • Red Hat Enterprise Linux 8 for SAP Solutions on IBM POWER9: An open foundation to power intelligent business decisions

    At Red Hat Summit 2019, we unveiled Red Hat Enterprise Linux 8, the next generation of the world’s leading enterprise Linux platform, which provides the scale, flexibility and innovation to drive enterprise workloads across the hybrid cloud. Even with the advancements across the platform, we recognize that there’s no singular panacea to overcome every unique IT challenge. To meet these needs, Red Hat delivers specialized offerings built around Red Hat Enterprise Linux to address specific hardware, applications and environment requirements, and Red Hat Enterprise Linux 8 continues this strategy with the availability of Red Hat Enterprise Linux 8 for SAP Solutions on IBM Power Systems (POWER9).

  • OpenShift 4.3: Quay Container Security Integration

    In the Red Hat OpenShift 4.2 Web UI Console, we introduced a new Cluster Overview Dashboard as the landing page when users first log in. The dashboard is there to help users resolve issues more efficiently and maintain a healthy cluster. With the latest 4.3 release, we added an image security section to the cluster health dashboard card. This section will appear on the dashboard when the Container Security Operator gets installed.

  • Deploying OpenSCAP on Satellite using Ansible

    In many environments today, security is one of the top priorities. New information security vulnerabilities are discovered regularly, and these incidents can have a significant impact on businesses and their customers. Red Hat customers I talk to are frequently looking for tools they can use to help evaluate and secure their environments. One of these tools is OpenSCAP, which is included in Red Hat Enterprise Linux (RHEL), and can perform compliance and vulnerability scanning on RHEL servers. Satellite makes OpenSCAP easier to use by allowing you to deploy the OpenSCAP agent to hosts, manage the OpenSCAP policies centrally, and to view OpenSCAP reports from the Satellite web interface.