Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 23 Feb 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

LMMS Guide Part 1: Creating Simple Melodies Using Sounds And Instruments

Filed under
Linux

​LMMS stands for Linux Multimedia Studio. It is a very good open-source program that is used to create music tracks using sound files, predefined instruments, and sound effects. LMMS has versions for Windows and macOS in addition to Linux. Their website, of course, lists all of their features offered to users. This article will attempt to provide practical guides and tips for composing songs using LMMS.

Read<br />
more

How To Create Shell Scripts

Filed under
Linux

Having to type the same command over and over again can be a daunting task and tiresome for that matter. The shell scripts are really easy to create and run saving you from a lot of misery and anguish if you really prefer using the terminal over using the GUI for running tasks.

Read<br />
more

Security Leftovers

Filed under
Security
  • Thousands of FedEx customers' private info exposed in legacy server data breach

    Uncovered by Kromtech Security Center, the parent company of MacKeeper Security, the breach exposed data such as passport information, driver's licenses and other high profile security IDs, all of which were hosted on a password-less Amazon S3 storage server.

  • Correlated Cryptojacking

    they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

    Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.

  • Facebook using 2FA cell numbers for spam, replies get posted to the platform

    Replies ending up as comments appears to be a bizarre bug, but the spamming seems intentional.

  • Swedish Police website hacked [sic] to mine cryptocurrency

    Remember now, it is a Police Force that allowed their website to be hijacked by this simple attack vector. The authority assigned to serve and protect. More specifically, the authority that argues that wiretapping is totally safe because the Police is competent in IT security matters, so there’s no risk whatsoever your data will leak or be mishandled.

    This is one of the websites that were trivially hacked [sic].

    It gives pause for thought.

    It also tells you what you already knew: authorities can’t even keep their own dirtiest laundry under wraps, so the notion that they’re capable or even willing to protect your sensitive data is hogwash of the highest order.

  • New EU Privacy Law May Weaken Security

    In a bid to help domain registrars comply with the GDPR regulations, ICANN has floated several proposals, all of which would redact some of the registrant data from WHOIS records. Its mildest proposal would remove the registrant’s name, email, and phone number, while allowing self-certified 3rd parties to request access to said data at the approval of a higher authority — such as the registrar used to register the domain name.

    The most restrictive proposal would remove all registrant data from public WHOIS records, and would require legal due process (such as a subpoena or court order) to reveal any information supplied by the domain registrant.

  • Intel hit with 32 lawsuits over security flaws

    Intel Corp said on Friday shareholders and customers had filed 32 class action lawsuits against the company in connection with recently-disclosed security flaws in its microchips.

  • The Risks of "Responsible Encryption"

    Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.

  • Reviewing SSH Mastery 2nd Ed

    It’s finally out ! Michael W Lucas is one of the best authors of technical books out there. I was curious about this new edition. It is not a reference book, but covers the practical aspects of SSH that I wish everybody knew. Rather than aggregating different articles/blogs on SSH, this book covers 90% of the common use cases for SSH that you will ever encounter.

Amazon Linux 2 - Who nicked my cheese?

Filed under
GNU
Linux
Server

So far, it's a relatively benign, easy introduction to a new operating system that blends the familiar and new in a timid package. Perhaps that's the goal, because a radical offering would right away scare everyone. Amazon Linux 2 is an appealing concept, as it gives users what Red Hat never quite did (yet) - A Fedora-like bleeding-edge tech with the stability and long-term support of the mainstay enterprise offering. But then, it also pulls a Debian/Ubuntu stunt by breaking ABI, so it will be cubicle to those who enjoying living la vida loco (in their cubicle or open-space prison).

Having lived and breathed the large-scale HPC world for many years, I am quite piqued to see how this will evolve. Performance, stability and ease of use will be my primary concerns. Then, is it possible to hook up a remote virtual machine into the EC2 hive? That's another experiment, and I'd like to see if scaling and deployment works well over distributed networks. Either way, even if nothing comes out of it, Amazon Linux 2 is a nice start to a possibly great adventure. Or yet another offspring in the fragmented family we call Linux. Time will tell. Off you go. Cloud away.

Read more

Updates From OpenIndiana and LibreOffice (Projects That Oracle Discarded)

Filed under
OS
LibO
  • Migration to GCC 6.4 as userland compiler

    Modulo some minor details, the transition of our userland to GCC 6 is complete.

  • OpenIndiana Has Upgraded To The GCC 6 Compiler

    The OpenSolaris/Illumos-based OpenIndiana operating system has finally moved past GCC 4.9 as its base user-land compiler and is now using GCC 6.4.

    This comes while GCC 8.1 should be officially released in the next few weeks and they are already targeting GCC 7.3.0 as their next illumos-gate compiler.

  • LibreOffice 6.0 Open-Source Office Suite Passes 1 Million Downloads Mark

    The Document Foundation announced recently that its LibreOffice 6.0 open-source and cross-platform office suite reached almost 1 million downloads since its release last month on January 31, 2018.

    That's terrific news for the Open Source and Free Software community and a major milestone for the acclaimed LibreOffice office suite, which tries to be a free alternative to proprietary solutions like Microsoft Office.

    The 1 million downloads mark was reached just two weeks after the release of LibreOffice 6.0, which is the biggest update ever of the open-source office suite adding numerous new features and enhancements over previous versions.

FreeBSD Finally Gets Mitigated For Spectre & Meltdown (and Hugs)

Filed under
BSD
  • FreeBSD Finally Gets Mitigated For Spectre & Meltdown

    Landing in FreeBSD today was the mitigation work for the Meltdown and Spectre CPU vulnerabilities.

    It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.

    There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.

  • FreeBSD outlaws virtual hugs
  • AsiaBSDCon 2018 Conference Programme

Linux: To recurse or not

Filed under
Linux

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

Read more

today's leftovers

Filed under
Misc
  • MX Linux Review of MX-17 – For The Record

    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots

    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.

    SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

  • Xen Project Contributor Spotlight: Kevin Tian

    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started

    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier

    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.

    The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.

Logstash 6.2.0 Released, Alfresco Grabbed by Private Equity Firm

Filed under
OSS
  • Logstash 6.2.0 Release Improves Open Source Data Processing Pipeline

    The "L" in the ELK stack gets updated with new features including advanced security capabilities.

    Many modern enterprises have adopted the ELK (Elasticsearch, Logstash, Kibana) stack to collect, process, search and visualize data.

    At the core of the ELK stack is the open-source Logstash project which defines itself as a server-side data processing pipeline - basically it helps to collect logs and then send them to a users' "stash" for searching, which in many cases is Elasticsearch.

  • Alfresco Software acquired by Private Equity Firm

    Enterprise apps company taken private in a deal that won't see a change in corporate direction.

    Alfresco has been developing its suite of Enterprise Content Management (ECM) and Business Process Management (BPM) technology since the company was founded back in June of 2005.

    On Feb. 8, Alfresco announced that it was being acquired by private equity firm Thomas H. Lee Partners (THL). Financial terms of the deal are not being publicly disclosed.

Servers and GPUs: Theano, DevOps, Kubernetes, AWS

  • Open Source Blockchain Computer Theano

    TigoCTM CEO Cindy Zimmerman says “we are excited to begin manufacturing our secure, private and open source desktops at our factory in the Panama Pacifico special economic zone. This is the first step towards a full line of secure, blockchain-powered hardware including desktops, servers, laptops, tablets, teller machines, and smartphones.”

    [...]

    Every component of each TigoCTM device is exhaustively researched and selected for its security profile based especially on open source hardware, firmware, and software. In addition, devices will run the GuldOS operating system, and open source applications like the Bitcoin, Ethereum and Dash blockchains. This fully auditable stack is ideal for use in enterprise signing environments such as banks and investment funds.

  • Enterprises identify 10 essential tools for DevOps [Ed: "Source code repository" and other old things co-opted to promote the stupid buzzword "devops"]

    Products branded with DevOps are everywhere, and the list of options grows every day, but the best DevOps tools are already well-known among enterprise IT pros.

  • The 4 Major Tenets of Kubernetes Security

    We look at security from the perspective of containers, Kubernetes deployment itself and network security. Such a holistic approach is needed to ensure that containers are deployed securely and that the attack surface is minimized. The best practices that arise from each of the above tenets apply to any Kubernetes deployment, whether you’re self-hosting a cluster or employing a managed service.

    We should note that there are related security controls outside of Kubernetes, such as the Secure Software Development Life Cycle (S-SDLC) or security monitoring, that can help reduce the likelihood of attacks and increase the defense posture. We strongly urge you to consider security across the entire application lifecycle rather than take a narrow focus on the deployment of containers with Kubernetes. However, for the sake of brevity, in this series, we will only cover security controls within the immediate Kubernetes environment.

  • GPUs on Google’s Kubernetes Engine are now available in open beta

    The Google Kubernetes Engine (previously known as the Google Container Engine and GKE) now allows all developers to attach Nvidia GPUs to their containers.

    GPUs on GKE (an acronym Google used to be quite fond of, but seems to be deemphasizing now) have been available in closed alpha for more than half a year. Now, however, this service is in beta and open to all developers who want to run machine learning applications or other workloads that could benefit from a GPU. As Google notes, the service offers access to both the Tesla P100 and K80 GPUs that are currently available on the Google Cloud Platform.

  • AWS lets users run SAP apps directly on SUSE Linux
  • SUSE collaborates with Amazon Web Services toaccelerate SAP migrations

Chrome and Firefox

Filed under
Google
Moz/FF
  • The False Teeth of Chrome's Ad Filter.

    Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of trust in advertising that leaves massive user privacy issues unaddressed.

    Last year, a new industry organization, the Coalition for Better Ads, published user research investigating ad formats responsible for "bad ad experiences." The Coalition examined 55 ad formats, of which 12 were deemed unacceptable. These included various full page takeovers (prestitial, postitial, rollover), autoplay videos with sound, pop-ups of all types, and ad density of more than 35% on mobile. Google is supposed to check sites for the forbidden formats and give offenders 30 days to reform or have all their ads blocked in Chrome. Censured sites can purge the offending ads and request reexamination.

    [...]

    Some commentators have interpreted ad blocking as the "biggest boycott in history" against the abusive and intrusive nature of online advertising. Now the Coalition aims to slow the adoption of blockers by enacting minimal reforms. Pagefair, an adtech company that monitors adblocker use, estimates 600 million active users of blockers. Some see no ads at all, but most users of the two largest blockers, AdBlock and Adblock Plus, see ads "whitelisted" under the Acceptable Ads program. These companies leverage their position as gatekeepers to the user's eyeballs, obliging Google to buy back access to the "blocked" part of their user base through payments under Acceptable Ads. This is expensive (a German newspaper claims a figure as high as 25 million euros) and is viewed with disapproval by many advertisers and publishers.

  • Going Home
  • David Humphrey: Edge Cases
  • Experiments in productivity: the shared bug queue

    Over the next six months, Mozilla is planning to switch code review tools from mozreview/splinter to phabricator. Phabricator has more modern built-in tools like Herald that would have made setting up this shared queue a little easier, and that’s why I paused…briefly

  • Improving the web with small, composable tools

    Firefox Screenshots is the first Test Pilot experiment to graduate into Firefox, and it’s been surprisingly successful. You won’t see many people talking about it: it does what you expect, and it doesn’t cover new ground. Mozilla should do more of this.

Software and Games

Filed under
Software
Gaming

GNOME: GitLab, LVFS and GStreamer

Filed under
GNOME
  • Weekend Website Experiment

    As you may know if you read this blog via Planet GNOME, the GNOME project is busy switching to GitLab for its code hosting and bug tracking. I like GitLab! It’s a large step up from Bugzilla, which was what GNOME used for the last 20 years. Compared to GitHub, GitLab is about equal, with a few nicer things and a few less nice things.

    The one thing that I miss from Bugzilla is a dashboard showing the overall status of the bugs for your project. I thought it would not be too hard to use the GitLab API to do some simple queries and plop them on a web page. So, last weekend I gave it a try. The final result is here. Click the button to log into GitLab, and you’ll be redirected back to the page where you’ll get the results of the queries.

  • LVFS will block old versions of fwupd for some firmware

    Although fwupd 0.8.0 was released over a year ago it seems people are still downloading firmware with older fwupd versions. 98% of the downloads from the LVFS are initiated from gnome-software, and 2% of people using the fwupdmgr command line or downloading the .cab file from the LVFS using a browser manually.

  • SRT in GStreamer

    Transmitting low delay, high quality video over the Internet is hard. The trade-off is normally between video quality and transmission delay (or latency). Internet video has up to now been segregated into two segments: video streaming and video calls. On the first side, streaming video has taken over the world of the video distribution using segmented streaming technologies such as HLS and DASH, allowing services like Netflix to flourish. On the second side, you have VoIP systems, which are generally targeted a relatively low bitrate using low latency technologies such as RTP and WebRTC, and they don't result in a broadcast grade result. SRT bridges that gap by allowing the transfer of broadcast grade video at low latencies.

Red Hat and Fedora

Filed under
Red Hat

Ubuntu: Data Collection, a Decade at Canonical, Xubuntu 18.04 Community Wallpaper Contest

Filed under
Ubuntu
  • Canonical wants Ubuntu to collect your personal data

    This has gone down like a bucket of cold sick with Linux users. After all, this is the sort of thing that Microsoft does and is precisely the sort of thing that they hate about Windows 10.

  • 10 Amazing Years of Ubuntu and Canonical

    10 years ago today, I joined Canonical, on the very earliest version of the Ubuntu Server Team!

    And in the decade since, I've had the tremendous privilege to work with so many amazing people, and the opportunity to contribute so much open source software to the Ubuntu ecosystem.

  • Xubuntu 18.04 community wallpaper contest

    We’re on our way to the 18.04 LTS release and it’s time for another community wallpaper contest!

Syndicate content

More in Tux Machines

GNOME and Fedora

  • RFC: Integrating rsvg-rs into librsvg
    I have started an RFC to integrate rsvg-rs into librsvg. rsvg-rs is the Rust binding to librsvg. Like the gtk-rs bindings, it gets generated from a pre-built GIR file.
  • 1+ year of Fedora and GNOME hardware enablement
    A year and a couple of months ago, Christian Schaller asked me to pivot a little bit from working full time on Fleet Commander to manage a new team we were building to work on client hardware enablement for Fedora and GNOME with an emphasis on upstream. The idea was to fill the gap in the organization where nobody really owned the problem of bringing up new client hardware features vertically across the stack (from shell down to the kernel), or rather, ensure Fedora and GNOME both work great on modern laptops. Part of that deal was to take over the bootloader and start working closer to customers and hardware manufacturing parnters.
  • Fedora Atomic Workstation: Works on the beach
    My trip is getting really close, so I decided to upgrade my system to rawhide. Wait, what ? That is usually what everybody would tell you not to do. Rawhide has this reputation for frequent breakage, and who knows if my apps will work any given day. Not something you want to deal with while traveling.
  • 4 cool new projects to try in COPR for February

Why You Shouldn’t Use Firefox Forks (and Proprietary Opera)

  • Why You Shouldn’t Use Firefox Forks Like Waterfox, Pale Moon, or Basilisk
    Mozilla Firefox is an open source project, so anyone can take its code, modify it, and release a new browser. That’s what Waterfox, Pale Moon, and Basilisk are—alternative browsers based on the Firefox code. But we recommend against using any of them.
  • Opera Says Its Next Opera Release Will Have the Fastest Ad Blocker on the Block
    Opera Software promoted today its upcoming Opera 52 web browser to the beta channel claiming that it has the faster ad blocker on the market compared to previous Opera release and Google Chrome. One of the key highlights of the Opera 52 release will be the improved performance of the built-in ad blocker as Opera claims to have enhanced the string matching algorithm of the ad blocker to make it open web pages that contain ads much faster than before, and, apparently than other web browsers, such as Chrome.

Graphics: Glxinfo, ANV, SPIR-V

  • Glxinfo Gets Updated With OpenGL 4.6 Support, More vRAM Reporting
    The glxinfo utility is handy for Linux users in checking on their OpenGL driver in use by their system and related information. But it's not often that glxinfo itself gets updated, except that changed today with the release of mesa-demos-8.4.0 as the package providing this information utility. Mesa-demos is the collection of glxinfo, eglinfo, glxgears, and utilities related to Mesa. With the Mesa-demos 8.4.0 it is predominantly glxinfo updates.
  • Intel ANV Getting VK_KHR_16bit_storage Support Wrapped Up
    Igalia's Jose Maria Casanova Crespo sent out a set of patches today for fixes that allow for the enabling of the VK_KHR_16bit_storage extension within Intel's ANV Vulkan driver. The patches are here for those interested in 16-bit storage support in Vulkan. This flips on the features for storageBuffer16BitAccess, uniformAndStorageBuffer16BitAccess, storagePushConstant16 and the VK_KHR_16bit_storage extension. This support is present for Intel "Gen 8" Broadwell graphics and newer. Hopefully the work will be landing in Mesa Git soon.
  • SPIR-V Support For Gallium3D's Clover Is Closer To Reality
    It's been a busy past week for open-source GPU compute with Intel opening up their new NEO OpenCL stack, Karol Herbst at Red Hat posting the latest on Nouveau NIR support for SPIR-V compute, and now longtime Nouveau contributor Pierre Moreau has presented his latest for SPIR-V Clover support. Pierre has been spending about the past year adding SPIR-V support to Gallium3D's "Clover" OpenCL state tracker. SPIR-V, of course, is the intermediate representation used now by OpenCL and Vulkan.

Security: Updates, Tinder, FUD and KPTI Meltdown Mitigation

  • Security updates for Friday
  • Tinder vulnerability let hackers [sic] take over accounts with just a phone number

    The attack worked by exploiting two separate vulnerabilities: one in Tinder and another in Facebook’s Account Kit system, which Tinder uses to manage logins. The Account Kit vulnerability exposed users’ access tokens (also called an “aks” token), making them accessible through a simple API request with an associated phone number.

  • PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor [Ed: Drama queen once again (second time in a week almost) compares compromised GNU/Linux boxes to "back doors"]
    Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos. Attacks with this malware have been spotted since June, last year. They have been recently documented and broken down in a GoSecure report.
  • Another Potential Performance Optimization For KPTI Meltdown Mitigation
    Now that the dust is beginning to settle around the Meltdown and Spectre mitigation techniques on the major operating systems, in the weeks and months ahead we are likely to see more performance optimizations come to help offset the performance penalties incurred by mitigations like kernel page table isolation (KPTI) and Retpolines. This week a new patch series was published that may help with KPTI performance.