Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 04 Mar 21 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

How to Enable or Missing UTF-8 Support in Linux

Filed under
Linux

When you access a specific web page or any text file which is written in a different language or use an ASCII message, then your system will not be able to detect language.

Because of that, you will see “X” all over the file. All this happens because of missing UTF-8, or you have selected the wrong locales.

Through this article, we will enable UTF-8 support using the terminal in Linux. Before that, first understand what is UTF-8, Why the system requires UTF-8 support?
Read more

IPFire Linux Firewall Distro Now Offers WPA3 Client Support, Faster DNS Resolution

Filed under
Linux

IPFire 2.25 Core Update 154 is IPFire’s first update in 2021 and, as you can imagine, it comes with a bunch of goodies for those who want to deploy IPFire as a Linux-powered hardened firewall on their machines.

The biggest changes in this release include the enablement of WPA3 support for the client side, allowing you to connect to authenticate to the network and encrypt packets using the latest WPA3 protocol, which was supported in IPFire since IPFire 2.25 Core Update 153, and faster DNS resolution by reusing any TLS and TCP connections in IPFire’s built-in DNS proxy.

Read more

No, Linux Mint is Not Going to Force Updates Like Windows

Filed under
News

It just wants to remind users about updating their system more frequently. That's not a bad thing, is it?
Read more

Canonical Chooses Google’s Flutter UI SDK to Build Future Ubuntu Apps

Filed under
Ubuntu

For those not in the known, Flutter is an open-source UI SDK (software development kit) created by Google to helps those who want to build quick and modern applications for a wide-range of operating systems, including Android, Linux, Mac, iOS, Windows, Google Fuchsia, that work across desktop, mobile, and the Web.

A year ago, Canonical teamed up with Google to make the Flutter SDK available on Linux as Snap, the universal software deployment and package management system for Ubuntu `and other GNU/Linux distributions, allowing those interested in building beautiful apps on the Linux desktop.

Read more

Python: Security and NumPy 1.20 Release

Filed under
Development
  • Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

    The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted.

    Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement similar package management systems, all of which demand some level of trust. Developers are often advised to review any code they import from an external library though that advice isn't always followed.

    Package management systems like npm, PyPI, and RubyGems have all had to remove subverted packages in recent years. Malware authors have found that if they can get their code included in popular libraries or applications, they get free distribution and trust they haven't earned.

    Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.

  • A pair of Python vulnerabilities [LWN.net]

    Two separate vulnerabilities led to the fast-tracked release of Python 3.9.2 and 3.8.8 on February 19, though source-only releases of 3.7.10 and 3.6.13 came a few days earlier. The vulnerabilities may be problematic for some Python users and workloads; one could potentially lead to remote code execution. The other is, arguably, not exactly a flaw in the Python standard library—it simply also follows an older standard—but it can lead to web cache poisoning attacks.

    [...]

    [Update: As pointed out in an email from Moritz Muehlenhoff, Python 2.7 actually is affected by this bug. He notes that python2 on Debian 10 ("Buster") is affected and has been updated. Also, Fedora has a fix in progress for its python2.7 package.]

  • NumPy 1.20 has been released

    NumPy is a Python library that adds an array data type to the language, along with providing operators appropriate to working on arrays and matrices. By wrapping fast Fortran and C numerical routines, NumPy allows Python programmers to write performant code in what is normally a relatively slow language. NumPy 1.20.0 was announced on January 30, in what its developers describe as the largest release in the history of the project. That makes for a good opportunity to show a little bit about what NumPy is, how to use it, and to describe what's new in the release.

    [...]

    NumPy adds a new data type to Python: the multidimensional ndarray. This a container, like a Python list, but with some crucial differences. A NumPy array is usually homogeneous; while the elements of a list can be of various types, an ndarray will, typically, only contain a single, simple type, such as integers, strings, or floats. However, these arrays can instead contain arbitrary Python objects (i.e. descendants of object). This means that the elements will, for simple data types, all occupy the same amount of space in memory. The elements of an ndarray are laid out contiguously in memory, whereas there is no such guarantee for a list. In this way, they are similar to Fortran arrays. These properties of NumPy arrays are essential for efficiency because the location of each element can be directly calculated.

    Beyond just adding efficient arrays, NumPy also overloads arithmetic operators to act element-wise on the arrays. This allows the Python programmer to express computations concisely, operating on arrays as units, in many cases avoiding the need to use loops. This does not turn Python into a full-blown array language such as APL, but adds to it a syntax similar to that incorporated into Fortran 90 for array operations.

4 Best Free and Open Source Graphical MPD Clients

Filed under
Software

MPD is a powerful server-side application for playing music. In a home environment, you can connect an MPD server to a Hi-Fi system, and control the server using a notebook or smartphone. You can, of course, play audio files on remote clients. MPD can be started system-wide or on a per-user basis.

MPD runs in the background playing music from its playlist. Client programs communicate with MPD to manipulate playback, the playlist, and the database.

The client–server model provides advantages over all-inclusive music players. Clients can communicate with the server remotely over an intranet or over the Internet. The server can be a headless computer located anywhere on a network.

There’s graphical clients, console clients and web-based clients.

To provide an insight into the quality of software that is available, we have compiled a list of 4 best graphical MPD clients. Hopefully, there will be something of interest here for anyone who wants to listen to their music collection via MPD.

Here’s our recommendations. They are all free and open source goodness.

Read more

LWN on Kernel: 5.12 Merge, Lockless Algorithms, and opy_file_range()

Filed under
Linux
  • 5.12 Merge window, part 1 [LWN.net]

    The beginning of the 5.12 merge window was delayed as the result of severe weather in the US Pacific Northwest. Once Linus Torvalds got going, though, he wasted little time; as of this writing, just over 8,600 non-merge changesets have been pulled into the mainline repository for the 5.12 release — over a period of about two days. As one might imagine, that work contains a long list of significant changes.

  • An introduction to lockless algorithms [LWN.net]

    Low-level knowledge of the memory model is universally recognized as advanced material that can scare even the most seasoned kernel hackers; our editor wrote (in the July article) that "it takes a special kind of mind to really understand the memory model". It's been said that the Linux kernel memory model (and in particular Documentation/memory-barriers.txt) can be used to frighten small children, and the same is probably true of just the words "acquire" and "release".

    At the same time, mechanisms like RCU and seqlocks are in such widespread use in the kernel that almost every developer will sooner or later encounter fundamentally lockless programming interfaces. For this reason, it is a good idea to equip yourself with at least a basic understanding of lockless primitives. Throughout this series I will describe what acquire and release semantics are really about, and present five relatively simple patterns that alone can cover most uses of the primitives.

  • How useful should copy_file_range() be? [LWN.net]

    Its job is to copy len bytes of data from the file represented by fd_in to fd_out, observing the requested offsets at both ends. The flags argument must be zero. This call first appeared in the 4.5 release. Over time it turned out to have a number of unpleasant bugs, leading to a long series of fixes and some significant grumbling along the way.

    In 2019 Amir Goldstein fixed more issues and, in the process, removed a significant limitation: until then, copy_file_range() refused to copy between files that were not located on the same filesystem. After this patch was merged (for 5.3), it could copy between any two files, falling back on splice() for the cross-filesystem case. It appeared that copy_file_range() was finally settling into a solid and useful system call.

    Indeed, it seemed useful enough that the Go developers decided to use it for the io.Copy() function in their standard library. Then they ran into a problem: copy_file_range() will, when given a kernel-generated file as input, copy zero bytes of data and claim success. These files, which include files in /proc, tracefs, and a large range of other virtual filesystems, generally indicate a length of zero when queried with a system call like stat(). copy_file_range(), seeing that zero length, concludes that there is no data to copy and the job is already done; it then returns success.

    But there is actually data to be read from this kind of file, it just doesn't show in the advertised length of the file; the real length often cannot be known before the file is actually read. Before 5.3, the prohibition on cross-filesystem copies would have caused most such attempts to return an error code; afterward, they fail but appear to work. The kernel is happy, but some users can be surprisingly stubborn about actually wanting to copy the data they asked to be copied; they were rather less happy.

Banana Pi BPI-M2 Pro is a compact Amlogic S905X3 SBC

Filed under
Hardware

Banana Pi has already designed an Amlogic S905X3 SBC with Banana Pi BPI-M5 that closely follows Raspberry Pi 3 Model B form factor, but they’ve now unveiled a more compact model with Banana Pi BPI-M2 Pro that follow the design of the company’ earlier BPI-MP2+ SBC powered by the good old Allwinner H3 processor.

BPI-M2 Pro comes with 2GB RAM, 16GB eMMC storage, HDMI video output, Gigabit Ethernet, Wifi & Bluetooth connectivity, as well as two USB 3.0 ports.

Read more

Chrome 89 vs. Firefox 86 Performance Benchmarks On AMD Ryzen + Ubuntu Linux

Filed under
Graphics/Benchmarks

Given this week's launch of Chrome 89 and the recent Firefox 86 debut, here are some quick benchmarks for those curious about the current performance when using Ubuntu Linux with a AMD Ryzen 9 5900X and Radeon graphics.

Curious about the latest standing of the newest Firefox and Chrome releases on Linux, here are some quick benchmarks carried out on one of the systems locally. A larger comparison will come soon while this is just a quick one-page article for those eager to see some new browser numbers for AMD on Linux.

The Ryzen 9 5900X was at stock speeds - the reported CPU frequency is due to a kernel bug working its way to 5.11/5.10 stable still.

Read more

today's howtos

Filed under
HowTos
  • How to install Budgie desktop on Manjaro

    Budgie is an elegant and simplified desktop environment that integrates very well with Manjaro. Budgie is developed and maintained by the Solus team. This article will delve into the details of everything you need to know while installing the Budgie Desktop on Manjaro.

  • How To Update Fedora Linux using terminal to apply updates - nixCraft

    I recently switched from Windows server to Fedora 32/33 server running in the cloud. How do I apply software updates and patches on Fedora 32/33 server using the terminal application?

    Fedora Linux uses dnf command. It is the next upcoming major version of yum command. Yum is a package manager for RPM-based Linux distributions such as CentOS/RHEL 7.x and older version of Fedora Linux. You need to use the dnf command to update Fedora Linux using terminal for latest software patches. This page explains how to update a Fedora Linux using the terminal.

  • How to Turn Off Automatic Brightness on Ubuntu Linux

    Some new laptops come with built-in integrated light sensor. Operating systems use this sensor to measure the ambient light conditions and change the screen brightness automatically. This helps in reducing eye strain.

    You can see that this is a useful feature. But not everyone might like it all the time. For example, while watching Netflix on Linux at night, it reduces the screen brightness at the lowest for me. This makes the movie scene quite dull.

    This is one of the many cases when you probably would not want automatic brightness. Turning off automatic brightness on Ubuntu is quite simple. I’ll show that to you in this quick article.

    This tutorial is valid for GNOME desktop environment. The command line method should work for MATE desktop as well. If you are not certain, check which desktop environment you are using.

  • MultiCD - A Shell Script to Combine Multiple Bootable ISO's into One CD

    If you’ve ever used a multiboot CD that contains different utilities or bootable ISOs then creating one for yourself would be amazing. In this article, we shall take a look at MultiCD.sh, a shell script that is designed to help you build a multiboot CD image that can contain different, small Linux distros and/or utilities.

    There are many advantages of using this script and they include among others; no need for different CDs for small Linux distributions or utilities, you can simply use ISO images that you already have without downloading them again and in case of new versions, simply download them and run the script again and build a new multiboot image.

  • Linux Sponge - Soak Up Standard Input and Write to a File - Putorius

    The sponge command is part of the moreutils package. It is a utility that provides a function that is so simple it’s genius. It’s basic use is to soak up (get it? sponge..) standard input and write it to a file. The terminology “soak up” is more important than just creating a fun play on words. In this short tutorial we show you the sponge commands basic usage and why the term “soak up” is important.

Moving commits between independent git histories

Filed under
Development
Gentoo

PyPy is an alternative Python implementation. While it does replace a large part of the interpreter, a large part of the standard library is shared with CPython. As a result, PyPy is frequently affected by the same vulnerabilities as CPython, and we have to backport security fixes to it.

Backporting security fixes inside CPython is relatively easy. All main Python branches are in a single repository, so it’s just a matter of cherry-picking the commits. Normally, you can easily move patches between two related git repositories using git-style patches but this isn’t going to work for two repositories with unrelated histories.

Does this mean manually patching PyPy and rewriting commit messages by hand? Luckily, there’s a relatively simple git am trick that can help you avoid that.

Read more

today's howtos

Filed under
HowTos
  • Learn How to Use Postman to Test APIs

    Anyone who creates APIs should also be testing APIs. One of the most popular ways to test APIs is to use Postman. Postman has over 10 million users worldwide.

    We've released a Postman crash course on the freeCodeCamp.org YouTube channel that will teach you everything you need to know to start easily testing your APIs.

    Valentin Despa created this course. Valentin is a developer educator who has been teaching software concepts for many years.

  • How to find NetworkManager version on Linux - nixCraft

    How do I check or find NetworkManager version on Linux distribution?

    We can use the nmcli command line for controlling NetworkManager and reporting network status. Another option is to use the NetworkManager to print the version on Linux.

  • [Older] Introduction to database normalization: the first three normal forms

    The table above, doesn’t satisfy the first normal form, why? For the first normal form to be satisfied, each column of a table must contain atomic (indivisible) data. In the second row of our table, which contains information about the “The Usual Suspects” movie, we can see that the genre column contains data which is not atomic. Two genres are actually listed: Thriller and Neo-noir. Let’s say in our representation we want to allow one movie to be associated with more than one genre; how do we solve the problem?

    The first thing that comes to mind may be to add a new row in the same table, repeating the information about the movie, and just specify one genre per raw. This idea is quite horrible, since we would have a lot of redundant data (we should repeat the same movie information each time we want to associate it with a new genre!).

    Another slightly better solution, would be to add a new column, so to have, for example, a genre1 and genre2 columns. This however would, among the other things, represent a limit: what if a movie should be listed under more than two genres?

  • How To Install Atom Text Editor on Manjaro 20 [Ed: The problem is that it's controlled by Microsoft]

    In this tutorial, we will show you how to install Atom Text Editor on Manjaro 20. For those of you who didn’t know, Atom is a free and open-source text and source code editor for OS X, Linux, and Windows with support for plug-ins written in Node.js, and embedded Git Control, developed by GitHub. It supports more than 35+ programming languages by default.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Atom Text Editor on a Manjaro 20 (Nibia).

  • Learning through breaking | Bryan Quigley

    I run Steam in a flatpak for convenience and confinment reasons. One day my Steam install failed with

Free Software Foundation awarded consulting project grant from Community Consulting Teams of Boston

Filed under
GNU

The Free Software Foundation (FSF) today announced the award of a pro bono management consulting project from Community Consulting Teams of Boston (CCT). The strategic need is an analysis and marketing plan focused on the FSF's diverse network of supporters worldwide. The project is anticipated to be completed this summer.

As one of eight pro bono consulting project grants awarded by CCT in 2021, the FSF was chosen among Boston-area nonprofits based on its demonstrated need, organizational stability, and readiness to plan and implement change. CCT has awarded over 200 consulting grants to Boston-area nonprofits since its inception in 1990, providing an estimated $20 million value.

Read more

today's leftovers

Filed under
Misc

  • Changing Of The Guard For HPC And Big Iron At HPE

    Hewlett Packard Enterprise has been building a mainstream and grassroots server business aimed at large enterprises, HPC centers, and academic and government institutions for two decades. HPE took a run at the hyperscalers and cloud builders and large service providers with its Cloudline minimalist machinery, but has largely backed away from that business because margins are thin to non-existent.

    The systems business that is left represents the core of HPE after it has largely divested its software and services business, which it spent tens of billions of dollars to acquire to try to create a clone of IBM, and split off its PC and printer business into an entirely different company.

    While the original Hewlett Packard has a long history in proprietary and Unix systems, it was the acquisition of Compaq way back in September 2001 for $25 billion that gave what is now HPE a volume server business aimed at small, medium, and large enterprises as well as the emerging webscale companies. The rivalry with Dell (and to a lesser extent with Lenovo, Inspur, and Sugon) and the rise of the original design manufacturers who work directly with the hyperscalers and large public cloud builders (Foxconn, Quanta, Inventec, WiWynn, and such) have put the hurt on this ProLiant server business. But that ProLiant business is still formidable, and has many millions of loyal customers.

  • SUSE: 7 Digital Transformation Questions IT Should Ask Their Business Managers

    During the journey of digital transformation, organizations have to master several things at the same time: adopting new innovations, increasing efficiency, and maintaining continuity. IT not only plays a crucial role in these improvements but in many cases also leads transformation projects that improve the business.

  • Freedom to map depends on WHO delivers it

    At the moment, I do not know enough about this reform and its general background, to have a definite opinion on who is wrong or right here. But that is not important. My only goal with this post is to remind everybody, in India and everywhere else, that “map or you will be mapped” is not just a fancy slogan.

    Whoever draws the maps, or controls the data needed to draw them, can concretely increase, or limit, your personal freedom and rights. This is the only thing that you surely want to learn from all the congratulations and concerns above. Take them as concrete examples of what could actually go wrong, or right, with mapping laws, whatever digital map you are already living in.

  • Microsoft Attacks The Open Web Because It's Jealous Of Google's Success

Programming Leftovers

Filed under
Development

  • Rust Lang team March update

    Did you know that you can see the lang team's active projects on our project board? We're still experimenting and evolving the setup, but the goal is that it should give you a quick overview of what kinds of things the lang team is focused on, and what stage they are in their development. Our minutes contain a writeup for each active project, but let me call out a few highlights here...

  • DIY primary/foreign key relationships, again

    In a blog post in 2020 I described a problem I was finding in linked tables. One table had a primary key field and the other had a foreign key field that should have referred back to the first table. That wasn't always the case, because the tables didn't always come from a database with referential integrity. The tables were sometimes built in spreadsheets and the primary and foreign keys were entered by hand.

    The defective tables usually have formatting differences or orphaned foreign keys. The formatting issue is that the primary key is something like "Abc_def_236-ghi" and the foreign key is "Abc-def-236-ghi"; close, but no cigar. Orphaned foreign keys are correctly formatted entries with no match at all in the primary key set.

  • Flutter 2.0 reaches stable and adds support for foldable and dual-screen devices

    For a while now, Flutter for Desktop has been in an alpha stage, which meant changing APIs, bugs, and performance issues. With Flutter 2.0, Google has moved its status to somewhere between beta and stable. What does that mean? Well, it’s available in Flutter 2.0 Stable, but Google doesn’t think it’s fully complete yet. It should be fine for production use, but there may be a bug here and there.

  • How I Built a Web Scraper with Beautiful Soup and Used it to Land My First Job

    Landing any job, let alone a first job, can be a difficult process. Employers often tell you that you don't have enough experience for them to hire you. But that means you also won't get an opportunity to gain that experience (like a job).

    Landing a job in tech can feel even more challenging. On the one hand you have to answer interview questions well, like any other job. On the other you have to prove that your technical skills can do the job you're interviewing for.

    These hurdles can be difficult to overcome. In this article I'll share how I built a web scraper to help me land my first job in tech. I'll explain what exactly I built and the key lessons I learned. Most importantly, I'll share how I leveraged those lessons to ace my interviews and land a job offer.

  • We Sent 304,654 Coding Tests to Developers from 156 Countries – Here’s What We Learned

    At DevSkiller, we are known for our detailed industry reports that assist IT recruitment professionals with their hiring decisions. And this past year has been the most diverse and data-heavy set of information ever compiled by our team.

    Despite the circumstances that 2020 brought us, the show must go on. We have compiled 304,654 coding tests sent to developers in 156 countries to create the 2021 DevSkiller IT skills report.

    Whilst it’s easy to point to the big tech multinationals that will indeed profit from a crisis like we’ve had, many other small businesses will have a hard time adapting to the market’s fluctuating demands.

  • Qt 6.0.2 Released

    We have released Qt 6.0.2 today. As a patch release, the Qt 6.0.2 does not add any new functionality but provides bug fixes and other improvements.

  • The Month in WordPress: February 2021

    That was Josepha Haden Chomphosy on WordPress is Free(dom) episode of the WP Briefing Podcast, speaking about the four freedoms of open-source software. Those four freedoms are core to how WordPress is developed. A lot of the updates we bring you this month will resonate with those freedoms.

  • Toolbox your Debian

    Last week I needed a Debian system to test things, I had heard others were using toolbox with Debian images without much trouble so decided to give it a go instead of creating a VM.

    Toolbox only requires a handful utilities to work with any given docker image. After a quick search I stumbled upon Philippe’s post which in turn linked into this PR about an Ubuntu based toolbox image. Looks like the last major issues where worked out recently in toolbox and there isn’t anything extra needed apart the image.

  •   

  • February GNU Spotlight with Mike Gerwitz: 23 new releases

    23 new GNU releases in the last month (as of February 25, 2021):
    artanis-0.5
    autoconf-archive-2021.02.19
    binutils-2.36.1
    freeipmi-1.6.7
    freeipmi-1.6.8
    glibc-2.33
    gnuhealth-3.8.0
    gwl-0.3.0
    help2man-1.48.1
    inetutils-2.0
    intlfonts-1.4.1
    libgcrypt-1.9.2
    libredwg-0.12.1
    libredwg-0.12.2
    linux-libre-5.11
    mailutils-3.12
    nano-5.6
    nettle-3.7.1
    octave-6.2.0
    parallel-20210222
    tar-1.34
    unifont-13.0.06
    xorriso-1.5.4.pl02

Free Software Leftovers

Filed under
GNU
  • Zstd 1.4.9 Released With ~2x Faster Performance For Long Mode

    Zstd previously introduced the "--long" mode to analyze large quantities of data in a timely manner and suitable memory budget. The aim in this mode is to improve the compression ratio for files with long matches at a large distance. With Zstd 1.4.9 the long distance mode is much faster thanks to a number of optimizations that preserve the compression ratio while drastically speeding up the compression time. Test cases are showing this long distance mode being 114~154% faster than the prior point release of Zstd. These new algorithms for the long distance mode appear to be a big win based on all of the data published thus far.

  • Conditions and Implied Licenses: Bitmanagement v. United States

    An interesting case was handed down by the Federal Circuit on February 25, 2021, discussing some software licensing issues seldom mentioned in case law. Bitmanagement Software GMBH v. United States was a dispute that involved the use of certain proprietary software, BS Contract Geo, a 3D visualization product.

    The facts surrounding the license of the software are complex, but laid out in detail in the opinion. The owner of the software, Bitmanagement, and the user of the software, the US Navy, never entered into a direct or express software license. The contracting process, which took place via a reseller called Planet 9, stalled, when it was determined that the Navy’s system needs were incompatible with Bitmanagement’s software management keys. In the end, the Navy paid for some copies, but engaged in “massive free copying” (see concurring opinion, p.27) of the software with no express license to do so.

    Central to the court’s finding, the parties had agreed that as a condition to the license, the Navy would use Flexera’s license-tracking software FlexWrap to monitor the number of simultaneous users of the software. It noted that the Claims Court found that Bitmanagement agreed to the licensing scheme “because Flexera would limit the number of simultaneous users of BS Contact Geo, regardless of how many copies were installed on Navy computers.” (p. 20) But the Navy did not use the FlexWrap tool as agreed. The court held that use of this management software was a condition of the license, even though the license was not in writing. The court said, “This is one of those rare circumstances where the record as a whole reflects that the only feasible explanation for Bitmanagement allowing mass copying of its software, free of charge, was the use of Flexera at the time of copying.” (p.21)

  • Sustainability for Open Source Projects: 4 Big Questions [Ed: VM (Vicky) Brasseur, who promotes proprietary software in some contexts, wants to FUD Free software as having that mythical "sustainability" woe (as if it's all about money). GNU developed for 37 years (soon 38) in spite of that "sustainability" nonsense. People can get paid for things other than their per Free software project.]

    What does sustainability look like for open source projects? VM (Vicky) Brasseur considers four key questions to help determine the answer for your project.

    These days the word "sustainability" gets thrown around a lot with respect to free and open source software (FOSS). What is sustainability, and what does it mean for your project?

    The concept of sustainability didn't originate in the 1980s, but it gained a lot of mindshare at that time thanks to the Brundtland Report, which was released by the United Nations in 1987 after three years of research by a cross-functional team of scientists, policy makers, and business people. The report defines sustainability as "…development that meets the needs of the present without compromising the ability of future generations to meet their own needs."

  • Samuel Iglesias: Igalia is hiring! [Ed: Case of point; you can get paid to do Free software]

    One of the best decisions I did in my life was when I joined Igalia in 2012. Inside Igalia, I have been working in different open-source projects, most of the time related to graphics technologies, interacting with different communities, giving talks, organizing conferences and, more importantly, contributing to free software as my daily job.

    [...]

    What we offer is to work in an open-source consultancy in which you can participate equally in the management and decision-making process of the company via our democratic, consensus-based assembly structure. As all of our positions are remote-friendly, we welcome submissions from any part of the world.

Asymmetric Multi Processing with Linux & Zephyr on the STM32MP1

Filed under
Hardware

In the embedded world, more and more vendors offer Arm-based System-on-Chips (SoC) including both powerful Cortex-A CPU cores, designed to run a full-featured OS such as Linux, and one or more low-power Cortex-M cores, usually found in microcontrollers, designed to execute bare-metal or RTOS-based applications.

[...]

While the Linux kernel can run on a wide range of devices, it requires a decent amount of memory (> 4MB), and therefore cannot be used on memory-constrained microcontrollers.

Enters Zephyr, a project initiated by Wind River, now developed as a Linux Foundation project.

Read more

Geniatech XPI-3288 Raspberry Pi lookalike features Rockchip RK3288 SoC

Filed under
Hardware

Geniatech XPI is a family of single board computers following Raspberry Pi 3 form factor. We first covered XPI-S905X SBC in 2018, which was followed by XPI 3128 board last year.

The company has now launched another model with Geniatech XPI-3288 SBC powered by Rockchip RK3288 32-bit quad-core Cortex-A17 processor coupled with 2G RAM and 16GB eMMC flash.

Read more

Videos/Audiocasts/Shows

Filed under
GNU
Linux
  • Font Preview Ueberzug: A Better Font Previewer

    A while back I looked at a font preview script but it was kind of annoying to use, but it turns out there's a much better version of that script called font preview ueberzug which is what we're checking out today.

  • Ubuntu Voltage

    For a few years we’ve been performing a live version of an Ubuntu Podcast at FOSS Talk Live. This is a lively, nerdy, in-person Linux Podcast event at the Harrison Pub in London. A few shows are performed in front of a live slightly drunk studio pub audience. We are but one troup of performers though, over the course of the evening.

    The whole thing is organised by Joe Ressington and attended by our friends and/or/xor listeners. Joe has just announced over on episode 114 of Late Night Linux that we’re all doing it again! Go and listen to that show for a small amount of detail.

  • FLOSS Weekly 619: Notetaking With Dendron - Kevin Lin and Dendron [Ed: FLOSS Weekly jumping the shark by pushing Microsoft proprietary software instead of actual FLOSS]

    Kevin Lin and Dendron.

    Kevin Lin joins Jonathan Bennett and Katherine Druckman to talk about Dendron, a note-taking application built on top of VSCode. After many years of taking notes, Kevin found himself with a massive, unmanageable personal knowledge store. None of the existing note-taking applications quite solved his problem, so Kevin did the only reasonable thing, and wrote his own. On this episode of FLOSS Weekly, Lin covers some of his design decisions, including building Dendron on VSCode and Javascript, and helps us understand how Dendron can help tame the jungle of personal knowledge.

Kernel: Intel SGX, Swapfile Problem, and Security Fixes

Filed under
Linux

     

  • Intel Sends Out KVM SGX Virtualization Patches For Linux - Phoronix

    Intel SGX support finally landed in Linux 5.11 after going through 40+ rounds of review that took years for bringing up Software Guard Extensions in the mainline kernel. But that trek isn't yet over as Intel is now working on KVM SGX virtualization support to be upstreamed. 

    Intel earlier sent out a "request for comments" on KVM SGX virtualization support while on Monday they sent out the first formal (non-RFC) patch series with this support for handling Software Guard Extensions in the context of KVM virtualization. Basically this allows for a portion of the system memory to be encrypted with an SGX enclave exclusively for a KVM guest virtual machine that can't be accessed outside of the secure enclave. Separate from SGX enclaves, Intel also has coming out with future CPUs the Total Memory Encryption (TME) feature. AMD meanwhile has been working on Secure Encrypted Virtualization (SEV) with Secure Memory Encryption (SME) as their EPYC approach for securing guest VM memory from other VMs or the host. 

  •   

  • Linux 5.12 Lands Fix For File-System Corruption Caused By Swapfile Issue - Phoronix

    For those wanting to help in testing out the Linux 5.12 kernel, at least it should no longer eat your data now if you rely on a swapfile. 

    The file-system corruption issue on Linux 5.12 Git noted last week and then followed up on yesterday when the corruption hit Intel's graphics CI systems and narrowed down to a set of swap-related changes, has now been resolved with today's latest Git code. 

    [...]

    With that fix now in, we can get back to looking at Linux 5.12 performance changes and other more interesting testing than worrying about data loss.

  • High severity Linux network security holes found, fixed | ZDNet

    Young and rising Linux security developer Alexander Popov of Russia's Positive Technologies discovered and fixed a set of five security holes in the Linux kernel's virtual socket implementation. An attacker could use these vulnerabilities (CVE-2021-26708) to gain root access and knock out servers in a Denial of Service (DoS) attack.

Syndicate content

More in Tux Machines

Canonical Chooses Google’s Flutter UI SDK to Build Future Ubuntu Apps

For those not in the known, Flutter is an open-source UI SDK (software development kit) created by Google to helps those who want to build quick and modern applications for a wide-range of operating systems, including Android, Linux, Mac, iOS, Windows, Google Fuchsia, that work across desktop, mobile, and the Web. A year ago, Canonical teamed up with Google to make the Flutter SDK available on Linux as Snap, the universal software deployment and package management system for Ubuntu `and other GNU/Linux distributions, allowing those interested in building beautiful apps on the Linux desktop. Read more

Python: Security and NumPy 1.20 Release

  • Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

    The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted. Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement similar package management systems, all of which demand some level of trust. Developers are often advised to review any code they import from an external library though that advice isn't always followed. Package management systems like npm, PyPI, and RubyGems have all had to remove subverted packages in recent years. Malware authors have found that if they can get their code included in popular libraries or applications, they get free distribution and trust they haven't earned. Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.

  • A pair of Python vulnerabilities [LWN.net]

    Two separate vulnerabilities led to the fast-tracked release of Python 3.9.2 and 3.8.8 on February 19, though source-only releases of 3.7.10 and 3.6.13 came a few days earlier. The vulnerabilities may be problematic for some Python users and workloads; one could potentially lead to remote code execution. The other is, arguably, not exactly a flaw in the Python standard library—it simply also follows an older standard—but it can lead to web cache poisoning attacks. [...] [Update: As pointed out in an email from Moritz Muehlenhoff, Python 2.7 actually is affected by this bug. He notes that python2 on Debian 10 ("Buster") is affected and has been updated. Also, Fedora has a fix in progress for its python2.7 package.]

  • NumPy 1.20 has been released

    NumPy is a Python library that adds an array data type to the language, along with providing operators appropriate to working on arrays and matrices. By wrapping fast Fortran and C numerical routines, NumPy allows Python programmers to write performant code in what is normally a relatively slow language. NumPy 1.20.0 was announced on January 30, in what its developers describe as the largest release in the history of the project. That makes for a good opportunity to show a little bit about what NumPy is, how to use it, and to describe what's new in the release. [...] NumPy adds a new data type to Python: the multidimensional ndarray. This a container, like a Python list, but with some crucial differences. A NumPy array is usually homogeneous; while the elements of a list can be of various types, an ndarray will, typically, only contain a single, simple type, such as integers, strings, or floats. However, these arrays can instead contain arbitrary Python objects (i.e. descendants of object). This means that the elements will, for simple data types, all occupy the same amount of space in memory. The elements of an ndarray are laid out contiguously in memory, whereas there is no such guarantee for a list. In this way, they are similar to Fortran arrays. These properties of NumPy arrays are essential for efficiency because the location of each element can be directly calculated. Beyond just adding efficient arrays, NumPy also overloads arithmetic operators to act element-wise on the arrays. This allows the Python programmer to express computations concisely, operating on arrays as units, in many cases avoiding the need to use loops. This does not turn Python into a full-blown array language such as APL, but adds to it a syntax similar to that incorporated into Fortran 90 for array operations.

4 Best Free and Open Source Graphical MPD Clients

MPD is a powerful server-side application for playing music. In a home environment, you can connect an MPD server to a Hi-Fi system, and control the server using a notebook or smartphone. You can, of course, play audio files on remote clients. MPD can be started system-wide or on a per-user basis. MPD runs in the background playing music from its playlist. Client programs communicate with MPD to manipulate playback, the playlist, and the database. The client–server model provides advantages over all-inclusive music players. Clients can communicate with the server remotely over an intranet or over the Internet. The server can be a headless computer located anywhere on a network. There’s graphical clients, console clients and web-based clients. To provide an insight into the quality of software that is available, we have compiled a list of 4 best graphical MPD clients. Hopefully, there will be something of interest here for anyone who wants to listen to their music collection via MPD. Here’s our recommendations. They are all free and open source goodness. Read more

LWN on Kernel: 5.12 Merge, Lockless Algorithms, and opy_file_range()

  • 5.12 Merge window, part 1 [LWN.net]

    The beginning of the 5.12 merge window was delayed as the result of severe weather in the US Pacific Northwest. Once Linus Torvalds got going, though, he wasted little time; as of this writing, just over 8,600 non-merge changesets have been pulled into the mainline repository for the 5.12 release — over a period of about two days. As one might imagine, that work contains a long list of significant changes.

  • An introduction to lockless algorithms [LWN.net]

    Low-level knowledge of the memory model is universally recognized as advanced material that can scare even the most seasoned kernel hackers; our editor wrote (in the July article) that "it takes a special kind of mind to really understand the memory model". It's been said that the Linux kernel memory model (and in particular Documentation/memory-barriers.txt) can be used to frighten small children, and the same is probably true of just the words "acquire" and "release". At the same time, mechanisms like RCU and seqlocks are in such widespread use in the kernel that almost every developer will sooner or later encounter fundamentally lockless programming interfaces. For this reason, it is a good idea to equip yourself with at least a basic understanding of lockless primitives. Throughout this series I will describe what acquire and release semantics are really about, and present five relatively simple patterns that alone can cover most uses of the primitives.

  • How useful should copy_file_range() be? [LWN.net]

    Its job is to copy len bytes of data from the file represented by fd_in to fd_out, observing the requested offsets at both ends. The flags argument must be zero. This call first appeared in the 4.5 release. Over time it turned out to have a number of unpleasant bugs, leading to a long series of fixes and some significant grumbling along the way. In 2019 Amir Goldstein fixed more issues and, in the process, removed a significant limitation: until then, copy_file_range() refused to copy between files that were not located on the same filesystem. After this patch was merged (for 5.3), it could copy between any two files, falling back on splice() for the cross-filesystem case. It appeared that copy_file_range() was finally settling into a solid and useful system call. Indeed, it seemed useful enough that the Go developers decided to use it for the io.Copy() function in their standard library. Then they ran into a problem: copy_file_range() will, when given a kernel-generated file as input, copy zero bytes of data and claim success. These files, which include files in /proc, tracefs, and a large range of other virtual filesystems, generally indicate a length of zero when queried with a system call like stat(). copy_file_range(), seeing that zero length, concludes that there is no data to copy and the job is already done; it then returns success. But there is actually data to be read from this kind of file, it just doesn't show in the advertised length of the file; the real length often cannot be known before the file is actually read. Before 5.3, the prohibition on cross-filesystem copies would have caused most such attempts to return an error code; afterward, they fail but appear to work. The kernel is happy, but some users can be surprisingly stubborn about actually wanting to copy the data they asked to be copied; they were rather less happy.