Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 17 Nov 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Diamonds are a girl's best friend srlinuxx 10/04/2005 - 11:45pm
Story AMD not out of the Race yet srlinuxx 10/04/2005 - 11:53pm
Story techiemoe rants: srlinuxx 10/08/2009 - 7:01pm
Story More BS from the Evil One. srlinuxx 10/04/2005 - 11:27pm
Story Doom3 for those with little or no PC! srlinuxx 11/04/2005 - 12:49am
Story Linux leaders at open-source summit srlinuxx 10/04/2005 - 11:35pm
Story This months Cosmo srlinuxx 06/02/2005 - 4:03am
Story Mandrake's Clustering Again srlinuxx 11/04/2005 - 4:58pm
Story No Case - No Problem srlinuxx 11/04/2005 - 5:35am
Story ATI has released 64-Bit drivers srlinuxx 10/04/2005 - 11:38pm

Goa to train teachers in new open-source software apps for cyber security

Filed under
OSS
Security

After working with Google India for wider adoption of internet safety in schools two years ago, Goa education agencies will implement another project to train computer, information and communication technology school and higher secondary teachers in new open-source software applications for cyber security integration.

The State Board of Secondary and Higher Secondary Education and Goa State Council Educational Research and Training (GSCERT) have decided to begin the second programme with over 650 computer teachers from December 4 to 18, Mr. Ajay Jadhav, Board of Study member and coordinator of the first project with Google, said on Friday. The cyber security training syllabus has been worked out and 18 resource persons are ready for the project.

Read more

5 of the Best File Managers for Linux

Filed under
GNU
Linux

One of the pieces of software you use daily is a file manager. A good file manager is essential to your work. If you are a Linux user and want to try out file managers other than the default one that comes with your system, below is a list of the best Linux file managers you will find.

Read more

Fedora: Flatpak, PHP Builds, Ansible and NeuroFedora

Filed under
Red Hat
  • Flatpak – a solution to the Linux desktop packaging problem

    In hindsight I must say the situation was not as bad as I thought on the server level: Linux in the data center grew and grew. Packaging simply did not matter that much because admins were used to problems deploying applications on servers anyway and they had the proper knowledge (and time) to tackle challenges.

    Additionally, the recent rise of container technologies like Docker had a massive impact: it made deploying of apps much easier and added other benefits like sandboxing, detailed access permissions, clearer responsibilities especially with dev and ops teams involved, and less dependency hell problems. Together with Kubernetes it seems as there is an actual standard evolving of how software is deployed on Linux servers.

    To summarize, in the server ecosystem things never were as bad, and are quite good these days. Given that Azure serves more Linux servers than Windows servers there are reasons to believe that Linux is these days the dominant server platform and that Windows is more and more becoming a niche platform.

  • PHP on RHEL-8
  • How to authenticate Ansible with Azure
  • NeuroFedora update: week 46

LLVM/AOCC, GCC at AMD

Filed under
Development
GNU
Hardware
  • Radeon GCC Back-End Updated For Running Single-Threaded C & Fortran On AMD GPUs

    Back in September Code Sourcery / Mentor Graphics posted the Radeon GCC back-end they have been developing with the cooperation of AMD. This is for allowing the GCC compiler to eventually offload nicely to Radeon GPUs with its different programming languages and supported parallel programming models, particularly with OpenMP and OpenACC in mind. But for now this patch series just works with single-threaded C and Fortran programs. The second version of this port was posted for review.

    Hitting the GCC mailing list on Friday was the updated version of this AMD GCN port targeting Tonga/Fiji through Vega graphics hardware. Code Sourcery will post the OpenACC/OpenMP support bits at a later date while for now the code works with single-threaded C/Fortran programs with C++ not yet supported, among other initial shortcomings. For now the AMDGPU LLVM back-end is far more mature in comparison, which is what's currently used by the open-source AMD Linux driver compute and graphics stacks.

  • AMD Optimizing C/C++ Compiler 1.3 Brings More Zen Tuning

    Earlier this month AMD quietly released a new version of their Optimizing C/C++ compiler in the form of AOCC 1.3. This new compiler release has more Zen tuning to try to squeeze even more performance out of Ryzen/EPYC systems when using their LLVM-based compiler.

    The AMD Optimizing C/C++ Compiler remains AMD's high performance compiler for Zen compared to the earlier AMD Open64 Compiler up through the Bulldozer days. AOCC is based on LLVM Clang with various patches added in. Fortunately, with time at least a lot of the AOCC patches do appear to work their way into upstream LLVM Clang. AOCC also has experimental Fortran language support using the "Flang" front-end that isn't as nearly mature as Clang.

Security: Japan's Top Cybersecurity Official, SuperCooKey, Information Breach on HealthCare.gov

Filed under
Security
  • Security News This Week: Japan's Top Cybersecurity Official Has Never Used a Computer
  • SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

    TLS 1.3 has a heavily touted feature called 0-RTT that has been paraded by CloudFlare as a huge speed benefit to users because it allows sessions to be resumed quickly from previous visits. This immediately raised an eyebrow for me because this means that full negotiation is not taking place.

    After more research, I’ve discovered that 0-RTT does skip renegotiation steps that involve generating new keys.

    This means that every time 0-RTT is used, the server knows that you’ve been to the site before, and it knows all associated IPs and sign-in credentials attached to that particular key.

  • Information Breach on HealthCare.gov

    In October 2018, a breach occurred within the Marketplace system used by agents and brokers. This breach allowed inappropriate access to the personal information of approximately 75,000 people who are listed on Marketplace applications.

today's howtos

Filed under
HowTos

The Spectre/Meltdown Performance Impact On Linux 4.20, Decimating Benchmarks With New STIBP Overhead

Filed under
Graphics/Benchmarks

As outlined yesterday, significant slowdowns with the Linux 4.20 kernel turned out to be due to the addition of the kernel-side bits for STIBP (Single Thread Indirect Branch Predictors) for cross-HyperThread Spectre Variant Two mitigation. This has incurred significant performance penalties with the STIBP support in its current state with Linux 4.20 Git and is enabled by default at least for Intel systems with up-to-date microcode. Here are some follow-up benchmarks looking at the performance hit with the Linux 4.20 development kernel as well as the overall Spectre and Meltdown mitigation impact on this latest version of the Linux kernel.

Some users have said AMD also needs STIBP, but at least with Linux 4.20 Git and the AMD systems I have tested with their up-to-date BIOS/microcode, that hasn't appeared to be the case. Most of the AMD STIBP references date back to January when Spectre/Meltdown first came to light. We'll see in the week ahead if there is any comment from AMD but at this time seems to be affecting up-to-date Intel systems with the Linux 4.20 kernel.

Read more

today's leftovers

Filed under
Misc
  • macOS vs.Windows: Which OS Really Is the Best?

    If you’re truly gung-ho on interface customization, I recommend Linux, which offers a selection of completely different user interface shells.

    [...]

    Those looking for the ultimate in stability, though, should check out Linux.

  • Essential System Tools: Nmap – network security tool

    This is the ninth in our series of articles highlighting essential system tools. These are small utilities, useful for system administrators as well as regular users of Linux based systems. The series examines both graphical and text based open source utilities. For this article, we’ll look at Nmap (“Network Mapper”).

  •  

  • KDE Itinerary @ Paris Open Transport Meetup

    I have been invited by Kisio Digital to present the work we have been doing around KDE Itinerary at the Paris Open Transport Meetup next week. The meetup is near Gare de Lyon and starts on Thursday at 19:00. Feel free to come by, I’m looking forward to discuss ideas on how to move KDE Itinerary forward.

  • WordPress Update 5.0 Introduces The Gutenberg Editor, A Brand New Theme and Much More

    WordPress, an open source platform for managing content which is built up and based around MySQL and PHP. Often used for blogging purposes and publishing content on websites, WordPress happens to be one of the pioneer class in what it does. With that, building up on its current platform, the latest update for is arriving sooner than later. The 5.0 update, dubbed as the biggest update in quite a while.

    While minor updates will be followed and coupled with the main deal, WordPress developers and publishers have been keen to reiterate the two new additions brought towards it, this time around. Firstly they emphasis on the Gutenberg Editor, a new way to edit text rather than the usual classic WordPress Editor that people normally use. The second one happens to be the theme for the updates platform. Dubbed as the Twenty Nineteen theme, this will be the style suite enveloping the WordPress user interface this time around.

    Firstly, Gutenberg. This is not a new feature for those ‘Pro’ WordPress users who may have seen the update as a form of the testing phase in the update version 4.9.8. It allowed for users to try out this new form of the text editing platform. The look of the entire editor window seems ot be revamped and can be seen here below. Apart from that, interacting with it has been changed, the true depth of which would be completely known when the full version is available to the end users and is tested out.

  • Microsoft and Facebook team up on open-source AI [Ed:Two surveillance companies are openwashing their abuses, plan to blame the abuses on "AI"]
  • SRT Alliance Welcomes Comcast Technology Solutions and Ooyala to Open Source Video Streaming Project
  • How to Configure Nginx as Reverse Proxy for Nodejs App

Security Leftovers

Filed under
Security

Ubuntu Mir's EGMDE Desktop Getting Experimental XWayland

Filed under
Ubuntu

Ubuntu's little known EGMDE example Mir desktop that is mostly a proving grounds for Mir development is now receiving support for XWayland for being able to run X11 applications within this example environment.

Lead Mir developer Alan Griffiths posted about initial XWayland support for EGMDE but that it is "highly experimental, and can crash the desktop." This support is available via the "edge" EGMDE Snap.

Read more

Devices: Coreboot, Toradex and Digi, Raspberry Pi 3 Model A+

Filed under
Linux
Hardware
  • Another Micro-ATX Haswell Era Motherboard Working With Coreboot But Needs Tiny Blob

    There are many Sandy Bridge era motherboards that have been freed by Coreboot while if you are looking for more options on something (slightly) newer, a micro-ATX Haswell-era motherboard from ASRock now works under this open-source BIOS implementation.

    The ASRock H81M-HDS is the latest motherboard port now mainline in Coreboot. The ASRock H81M-HDS supports Haswell Core and Xeon CPUs, supports two DDR3/DDR3L DIMMs, one PCI Express x16 slot, onboard display outputs, four SATA ports, and multiple USB3/USB2 ports. This motherboard can be found refurbished still from some Internet shops for about $70 USD.

  • Toradex and Digi launch i.MX8X-based Colibri and ConnectCore COMs

    Toradex and Digi have released Linux-friendly i.MX8X-based modules via early access programs. The Colibri iMX8X and Digi ConnectCore 8X each provide WiFi-ac and Bluetooth 4.2.

    NXP’s i.MX8X SoC has made quite a splash this week. Eight months after Phytec announced an i.MX8X-based phyCORE-i.MX 8X module, Variscite unveiled a VAR-SOM-MX8X module and then Congatec followed up with the Qseven form-factor Conga-QMX8X and SMARC 2.0 Conga-SMX8X. Now Toradex and Digi are beginning shipments of i.MX8X based modules for early access customers.

  • New Raspberry Pi 3 Model A+ launched for only $25

Mozilla Firefox and Google Chrome: Net Neutrality Stance, Mozilla, a VR Work, Firefox Monitor and 5 Best Chrome Extensions For Productivity

Filed under
Google
Moz/FF
OSS
Web
  • Mozilla Fights On For Net Neutrality

    Mozilla took the next step today in the fight to defend the web and consumers from the FCC’s attack on an open internet. Together with other petitioners, Mozilla filed our reply brief in our case challenging the FCC’s elimination of critical net neutrality protections that require internet providers to treat all online traffic equally.

    The fight for net neutrality, while not a new one, is an important one. We filed this case because we believe that the internet works best when people control for themselves what they see and do online.

    The FCC’s removal of net neutrality rules is not only bad for consumers, it is also unlawful. The protections in place were the product of years of deliberation and careful fact-finding that proved the need to protect consumers, who often have little or no choice of internet provider. The FCC is simply not permitted to arbitrarily change its mind about those protections based on little or no evidence. It is also not permitted to ignore its duty to promote competition and protect the public interest. And yet, the FCC’s dismantling of the net neutrality rules unlawfully removes long standing rules that have ensured the internet provides a voice for everyone.

    Meanwhile, the FCC’s defenses of its actions and the supporting arguments of large cable and telco company ISPs, who have come to the FCC’s aid, are misguided at best. They mischaracterize the internet’s technical structure as well as the FCC’s mandate to advance internet access, and they ignore clear evidence that there is little competition among ISPs. They repeatedly contradict themselves and have even introduced new justifications not outlined in the FCC’s original decision to repeal net neutrality protections.

  • Virtual meeting rooms don’t have to be boring. We challenge you to design better ones!

    Mozilla’s mission is to make the Internet a global public resource, open and accessible to all, including innovators, content creators, and builders on the web. VR is changing the very future of web interaction, so advancing it is crucial to Mozilla’s mission. That was the initial idea behind Hubs by Mozilla, a VR interaction platform launched in April 2018 that lets you meet and talk to your friends, colleagues, partners, and customers in a shared 360-environment using just a browser, on any device from head-mounted displays like HTC Vive to 2D devices like laptops and mobile phones.

    Since then, the Mozilla VR team has kept integrating new and exciting features to the Hubs experience: the ability bring videos, images, documents, and even 3D models into Hubs by simply pasting a link. In early October, two more useful features were added: drawing and photo uploads.

  • New Raspbian Update, Qt Creator 4.8 Beta2 Released, Firefox Monitor Now Available in More Than 26 Languages, Chrome OS Linux Soon Will Have Access to Downloads Folder and Canonical Extends Ubuntu 18.04 Long-Term Support

    Firefox Monitor, the free services that tells you whether your email has been part of a security breach, is now available in more than 26 languages: "Albanian, Traditional and Simplified Chinese, Czech, Dutch, English (Canadian), French, Frisian, German, Hungarian, Indonesian, Italian, Japanese, Malay, Portuguese (Brazil), Portuguese (Portugal), Russian, Slovak, Slovenian, Spanish (Argentina, Mexico, and Spain), Swedish, Turkish, Ukranian and Welsh." Along with this, Mozilla also announced that it has added "a notification to our Firefox Quantum browser that alerts desktop users when they visit a site that has had a recently reported data breach". See the Mozilla blog for details.

  • 5 Best Chrome Extensions For Productivity That You Should Use In 2019

    Google is the most popular browser around and supports a vast number of extensions as well. Since there are a lot of Chrome addons available in the Chrome Web Store, picking the best Google Chrome extension can be quite a task.

    Also, it is quite easy to get distracted on the web and lose track of time. Thankfully, several good extensions for productivity are available that can help you focus on your tasks, save time by prioritizing them and skillfully manage your to-do list. So here is a list of excellent Google Chrome extensions for productivity for the year 2019 that will assist you in your work in.

Graphics: Open-Source AMD Linux Driver Stack, Mesa 18.3.0 RC, ROCm 1.9.2 and Firefox on Wayland

Filed under
Graphics/Benchmarks
  • The Open-Source AMD Linux Driver Stack Hitting Problems With The Radeon RX 590

    While the Radeon RX 590 that launched this week is just yet another Polaris refresh, it turns out the open-source AMD Linux graphics driver stack isn't yet playing well with retail RX 590 graphics cards. This is quite a surprise considering the PCI ID was picked up months ago and the mature Polaris Linux driver support for quite a while now, but could be like the rough Raven Ridge Linux experience where the production cards with the shipping vBIOS isn't what the developers encountered during their pre-production driver enablement.

    [...]

    Long story short, it looks like at least one initialization issue is blocking the Radeon RX 590 Linux support. Hopefully the workaround ends up being trivial enough that it can be quickly back-ported to existing stable Linux kernel series. Once the Radeon RX 590 is running well on Linux, I'll be through with a ton of benchmarks that I have already been working on this week with other graphics cards using the newest Linux driver stacks. This situation is sadly reminiscent of the Raven Ridge launch earlier this year where the open-source driver team was working on support for months in advance, but the production hardware/BIOS ended up varying a lot from their hardware bring-up that is was very shaky support at launch. The Raven Ridge support improved a lot on Linux since launch, but even to this day some hardware still seems to be problematic both of hardware in my labs as well as reports by users. Hopefully it won't take nearly as long for the RX 590 support to be in shape.

  • mesa 18.3.0-rc3

    The third release candidate for Mesa 18.3.0 is now available.

  • Mesa 18.3-RC3 Released With RADV Fixes, Drops Zen L3 Thread Pinning

    Mesa release manager Emil Velikov has announced the latest weekly release candidate of the upcoming Mesa 18.3.

    Mesa 18.3 has a number of Meson build system updates, several RADV driver corrections, a few NIR updates, fixes video API support for Raven 2 APUs, and back-ports the change to drop the AMD Zen L3 thread pinning functionality.

  • Radeon ROCm 1.9.2 Released - Brings SDMA/RDMA Support For Vega 20, HIP/HCC Improvements

    While we know ROCm 2.0 is coming out before year's end and that will have many improvements like complete OpenCL 2.0 support, ROCm 1.9.2 is out today as the latest stable release for this Radeon Open Compute stack.

    ROCm 1.9.2 brings some notable changes for just being a point release ahead of the big ROCm 2.0 milestone. Vega 20 remains one of the big areas for AMD's driver/software developers for what will begin shipping next year as the Radeon Instinct MI50 / MI60 accelerators.

  • Mozilla Now Ships Firefox Nightly Builds With Wayland Enabled

    After what feels like an eternity in waiting years for Mozilla to ship their Firefox web-browser with native Wayland support enabled, their latest Firefox Nightly builds have achieved this milestone.

    There have been Wayland patches for Firefox going back years but the Wayland support hasn't been enabled in the official Firefox binaries up until now. Starting yesterday, the Mozilla.org Firefox Nightly packages have Wayland support built-in and when launching Firefox if GDK_BACKEND=wayland is set, should now work with native Wayland rather than XWayland.

OSS: Delver, Lock-in, Dries Buytaert, Openstack and Mycroft

Filed under
OSS
  • Delver devs release their tech publicly under open source license

    As an added bonus, it's always nice when developers open source their tech to share with others.

    The source release doesn't contain or cover the game data from Delver, and the game data remains subject to original copyright and applicable law.

    It's also worth mentioning that the source code release is licensed under the GNU General Public License v2.0, meaning the software can continue to be shared, edited, and distributed for free, and can be used for commercial use as well.

  • How open source makes lock-in worse (and better) [Ed: Troll Mac Asay at it again]

    For open source companies desperate to figure out a business model that scales with the adoption of their ostensibly free software, Amazon's recent troubles getting off Oracle's database could be instructive. One way to look at Amazon's struggles is through the lens of "proprietary software creates lock-in," but this isn't actually helpful. Why? Because open source creates similar lock-in, and that's something open source entrepreneurs might want to consider.

  • At Acquia Engage, CTO talks of open source WCM, Red Hat buy

    Dries Buytaert: No, [because] 18 to 19 years ago, mobile didn't exist. Google was a private company. I remember AT&T launching text messaging a month or so before. Social media didn't exist. I think less than 10% of the world had internet.

    I started Drupal; it was very much an experimental platform for me, just to have some fun. I was fascinated with the web, and I didn't have any grand plans. Obviously, that changed over time. I made it open source, [and] it started growing, slowly.

    Drupal started to grow, so I started my plans for Drupal and [followed] my conviction of us being onto something. We made a bet-the-farm bet on cloud [in about 2008], and that turned out to be the right bet, because we pioneered a new business model for open source, delivering [it] in the cloud. And a lot of companies are doing that now -- Elastic Path, MongoDB -- and I'm very proud of that.

  • Openstack moves one step closer to the edge

    The second Openstack Summit of the year drew to a close in Berlin yesterday, and it will be the last of its name as it rebrands as the Open Infrastructure Summit in 2019, a move that seems largely in line with the evolution of the open source cloud platform as it shifts further into edge and builds out a series of related pilot projects with Openstack as the core proposition.

    Many of the keynotes this time around showed the progress that the community had made in building out the pilot projects announced at the Vancouver Summit earlier this year. One in particular, the first release of StarlingX, might well help cement the open infrastructure platform in edge.

    StarlingX is branded as an open source edge platform, with telecom and IoT use cases in mind. According to the Foundation it "leverages components of Ceph, Openstack and Kubernetes and complements them with new services including configuration and fault management", in particular to address technology challenges around high availability and ultra-low latency compute.

  • SD Times Open-Source Project of the Week: Mycroft

    Companies are looking to provide better experiences with their customers, which has given rise to the popularity of chatbots. Yet assistants that use voice tend to be only associated with tech giants like Apple, Amazon, and Google. Mycroft is an open-source voice assistant that is aiming to make voice assistants more attainable for everyone.

    “We believe the future of AI should be open, not a cryptic black box only few understand and have control over. Building this new technology together, collaborating, sharing ideas and building on top of each other – that’s how we see it,” Mycroft’s website states.

GitHub alternative strives to be all open source, only open source

Filed under
Development

A new software service for hosting and managing open source projects, Sr.ht, aims to be an entirely open source alternative to existing services like GitHub, GitLab, and Bitbucket, recreating many of their features.

Created by Drew DeVault and written in a mixture of Python and Go, Sr.ht is now available for public alpha testing by developers. Users can create an account with the hosted version provided by DeVault, or set up the exact same code on cloud or on-prem hardware.

Read more

Security: SMS, Patches, Android, Spam and 'Smart' Things

Filed under
Security
  • A leaky database of SMS text messages exposed password resets and two-factor codes

    A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

    The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

    For Sébastien Kaul, a Berlin-based security researcher, it didn’t take long to find.

    Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox’s own subdomains. Worse, the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves.

  • Security updates for Friday
  • Google: Android Pie Updates Will Be A Lot Faster With Project Treble
  • Frustrating spammers
  • Tracking and snooping on a million kids

    With a couple of watches paired to different testing phones, I had a play with various authorisation and Insecure Direct Object Reference, IDOR, attacks.

    The only check the API appears to perform is matching the UID with the session_token, so simply changing the family_id in the get_watch_data_latest action, shown ibelow, allows an attacker to return the watch location and device_id associated with that family.

Syndicate content