Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • The cpu_features library

    "Write Once, Run Anywhere." That was the promise of Java back in the 1990s. You could write your Java code on one platform, and it would run on any CPU implementing a Java Virtual Machine.

    But for developers who need to squeeze every bit of performance out of their applications, that's not enough. Since the dawn of computing, performance-minded programmers have used insights about hardware to fine tune their code.

  • Google Rolls Out cpu_features Library

    Google's cpu_features library makes it easier for detecting modern CPU capabilities like FMA, SSE, and AVX extensions when writing hand-tuned code.

  • 3 steps to reduce a project's failure rate [Ed: "Open Decision Framework" the latest Red Hat openwashing sound bite]

    It's no secret that clear, concise, and measurable requirements lead to more successful projects. A study about large scale projects by McKinsey & Company in conjunction with the University of Oxford revealed that "on average, large IT projects run 45 percent over budget and 7 percent over time, while delivering 56 percent less value than predicted." The research also showed that some of the causes for this failure were "fuzzy business objectives, out-of-sync stakeholders, and excessive rework."

  • Symphony Now Available on OpenFin Through Open Source Contribution to Symphony Software Foundation

    OpenFin, the desktop operating system built specifically for the needs of capital markets, announced today that it has publicly contributed code to the Symphony Software Foundation that allows, for the first time, any OpenFin customer to deploy Symphony Chat on the OpenFin operating system. The integration, currently in beta testing, enables seamless deployment and interoperability of Symphony alongside the expanding ecosystem of applications already running on OpenFin.

  • 2 startups are joining forces — and together they could pose a threat to Bloomberg

    Symphony, a messaging service that has gained some traction among Wall Street firms, has been integrated into OpenFin, an operating system built for financial-services, the two companies announced Thursday. 

    OpenFin hosts more than a hundred applications on its platform, and the integration means Symphony will be "interoperable" with those apps, the same way social media apps on your phone are able to talk with one another.

    “By enabling Symphony to run on the OpenFin operating system, we are making it easy for our mutual customers to unify the Symphony desktop experience with their other OpenFin-based apps," Mazy Dar, chief executive of OpenFin, said of the news. 

  • Gleif and Swift debut open source BIC-to-LEI mapping

    The Global Legal Entity Identifier Foundation (GLEIF) has published the first monthly relationship file that matches a Business Identifier Code (BIC) assigned to an organization against its Legal Entity Identifier (LEI).
    With the launch of this open source file, GLEIF and SWIFT have pioneered a cooperation model that, for the first time, enables market participants to link and cross-reference these key entity identifiers free of charge. This will significantly streamline entity verification processes and reduce data management costs.

  • Integrating continuous testing for improved open source security

    To protect yourself, you need mechanisms to prevent vulnerable packages from being added, and to ensure you get alerted and can quickly respond to new vulnerability disclosures. This chapter will focus on the first concern, discussing how you can integrate SCA vulnerability testing into your process, and prevent the addition of new vulnerable libraries to your code. The next chapter will deal with responding to new issues.

    Preventing new security flaws is conceptually simple, and very aligned with your (hopefully) existing quality control. Because vulnerabilities are just security bugs, a good way to prevent them is to test for them as part of your automated test suite.

More in Tux Machines

Security: Japan's Top Cybersecurity Official, SuperCooKey, Information Breach on HealthCare.gov

  • Security News This Week: Japan's Top Cybersecurity Official Has Never Used a Computer
  • SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

    TLS 1.3 has a heavily touted feature called 0-RTT that has been paraded by CloudFlare as a huge speed benefit to users because it allows sessions to be resumed quickly from previous visits. This immediately raised an eyebrow for me because this means that full negotiation is not taking place.

    After more research, I’ve discovered that 0-RTT does skip renegotiation steps that involve generating new keys.

    This means that every time 0-RTT is used, the server knows that you’ve been to the site before, and it knows all associated IPs and sign-in credentials attached to that particular key.

  • Information Breach on HealthCare.gov

    In October 2018, a breach occurred within the Marketplace system used by agents and brokers. This breach allowed inappropriate access to the personal information of approximately 75,000 people who are listed on Marketplace applications.

today's howtos

Android Leftovers

The Spectre/Meltdown Performance Impact On Linux 4.20, Decimating Benchmarks With New STIBP Overhead

As outlined yesterday, significant slowdowns with the Linux 4.20 kernel turned out to be due to the addition of the kernel-side bits for STIBP (Single Thread Indirect Branch Predictors) for cross-HyperThread Spectre Variant Two mitigation. This has incurred significant performance penalties with the STIBP support in its current state with Linux 4.20 Git and is enabled by default at least for Intel systems with up-to-date microcode. Here are some follow-up benchmarks looking at the performance hit with the Linux 4.20 development kernel as well as the overall Spectre and Meltdown mitigation impact on this latest version of the Linux kernel. Some users have said AMD also needs STIBP, but at least with Linux 4.20 Git and the AMD systems I have tested with their up-to-date BIOS/microcode, that hasn't appeared to be the case. Most of the AMD STIBP references date back to January when Spectre/Meltdown first came to light. We'll see in the week ahead if there is any comment from AMD but at this time seems to be affecting up-to-date Intel systems with the Linux 4.20 kernel. Read more