Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 18 Feb 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Slovak advocates want parliament to push for open source

Slovak proponents of the use of free and open source software are rallying for their country’s parliament to approve plans to share the source code of software solutions developed by and for public services. They are concerned that proprietary software vendors will lobby for changes to the eGovernment act, a strategic IT Government proposal that is to be discussed in parliament in March or April. Read more

Intel Graphics: Discrete Graphics Cards and SVT-AV1

  • Intel Preps For Discrete Graphics Cards With Linux Patches
    Intel has confirmed that recent patches to its Linux graphics driver were related to its continued work on preparing the ecosystem for its new line of discrete graphics cards. Phoronix reported that Intel released 42 such patches with more than 4,000 lines of code between them on February 14. The main purpose of the patches was to introduce the concept of memory regions in "preparation for upcoming devices with device local memory." (Such as, you know, discrete graphics cards.) [...] Still, any information about Intel's graphics plans is welcome. Right now the graphics market is dominated by AMD and Nvidia, and as we noted in December, Intel is probably the only company that even has a possibility of successfully introducing a new discrete graphics architecture. Why not enjoy the occasional glimpse behind the curtain as that architecture's being built?
  • SVT-VP9 Is Intel's Latest Open-Source Video Encoder Yielding High Performance VP9
    At the start of the month Intel open-sourced SVT-AV1 aiming for high-performance AV1 video encoding on CPUs. That complemented their existing SVT-HEVC encoder for H.265 content and already SVT-AV1 has been seeing nice performance improvements. Intel now has released SVT-VP9 as a speedy open-source VP9 video encoder. Uploaded on Friday was the initial public open-source commit of SVT-VP9, the Intel Scalable Video Technology VP9 encoder. With this encoder they are focusing on being able to provide real-time encoding of up to two 4Kp60 streams on an Intel Xeon Gold 6140 processor. SVT-VP9 is under a BSD-style license and currently runs on Windows and Linux.

How I got my job in Linux: from Newbie to Pro

I was peeved, because I’d spent my own money on building a computer and buying Microsoft Windows to put on it. Money that I really needed to pay the rent and put food in my belly. I also felt sorry for all the people that I’d end up re-installing Windows on their PC to fix their problem. I knew that most of them would probably be back in the store six or so months later with the same complaint. Almost by accident, I found Linux. I was in the magazine section of the PC shop I worked in one day in late 1999. I saw a magazine called ‘Linux Answers’. On the cover was a copy of Red Hat Linux 6.0. Before long, I had done the unthinkable: I had deleted Windows in a rage of fury because it had completely crashed and wouldn’t start up. All of my MP3s, photos and documents, all but gone save for a few backups on CDs I had lying around. Back in those days I had no idea that I would have been able to salvage those files with Linux; I just blithely reformatted my hard disk and went cold-turkey, believing everything that the magazine said, I forced myself into the abyss of the unknown! These were exciting times! I remember the blue text-mode installer, the glare of the many lines of text flying by when the machine started up for the first time. It looked really un-user friendly. Eventually, the screen flipped into what I’d later know to be called ‘runlevel 5’ and I could see a graphical login screen. Little did I know it, but that flashing cursor was the beginning to a whole new world of computing for me. Read more

Linux 5.0-rc7

A nice and calm week, with statistics looking normal. Just under half drivers (gpu, networking, input, md, block, sound, ...), with the rest being architecture fixes (arm64, arm, x86, kvm), networking and misc (filesystem etc). Nothing particularly odd stands out, and everything is pretty small. Just the way I like it. Shortlog appended, Linus Read more

What is project /e/? Should you install it on your Android smartphone?

Filed under
OS
Android

Have you ever thought about how secure your Android device, let’s be clear, not very much. Now you might be wondering why? It is because due to Android being open source many apps can track you. However, if you are even a bit into flashing new ROMs onto your smartphone or even rooting your mobile /e/ might be the thing you want to read about right now.

The /e/ ROM helps enhance device security and makes your Android powered smartphone much more secure. /e/ is a project of the E-Foundation, which is focused on enhancing a user’s device security by restricting anything that logs user data. As per the company, /e/ is a non-profit project, made in public interest. The E Foundation is building an open-source mobile operating system, which respects a user’s data privacy.

Project /e/ provides a great and unique mobile operating system alternative, stripped down of all the services that might collect and use user data. Things like Google services that collect user information anonymously are stripped down and replaced with things like microG services which enable users to enjoy the benefits of Android without Google collecting their data.

Read more

HowTos and Programming Leftovers

Filed under
Development
HowTos
  • How to Use Two Versions of GIMP in Ubuntu
  • How To Make a Countdown Timer in Bash
  • Command Line Utilities… in the Cloud?
  • A Lightweight AVR IDE

    All the basic features are there – there’s syntax highlighting, as well as integration with the AVRA assembler and AVRDUDE for programming chips. It’s a tool that could make taking the leap into assembly code just that little bit easier.  For another taste of bare metal coding, check out [Ben Jojo]’s discussion of x86 bootloaders.

  • patience diffing algorithm

     

    I needed a (text) diff algorithm, and if you search for one you mostly come up with the Myers algorithm. But then I stumbled across something called patience diffing, and it turns out to be just what I wanted. It’s already described elsewhere, but it seems more people could stand to know about it, so here we are. It’s easy to understand, and more importantly, usually makes pretty diffs (often prettier than Myers).  

Slovak advocates want parliament to push for open source

Filed under
OSS

Slovak proponents of the use of free and open source software are rallying for their country’s parliament to approve plans to share the source code of software solutions developed by and for public services. They are concerned that proprietary software vendors will lobby for changes to the eGovernment act, a strategic IT Government proposal that is to be discussed in parliament in March or April.

Read more

Intel Graphics: Discrete Graphics Cards and SVT-AV1

Filed under
Graphics/Benchmarks
Hardware
  • Intel Preps For Discrete Graphics Cards With Linux Patches

    Intel has confirmed that recent patches to its Linux graphics driver were related to its continued work on preparing the ecosystem for its new line of discrete graphics cards.

    Phoronix reported that Intel released 42 such patches with more than 4,000 lines of code between them on February 14. The main purpose of the patches was to introduce the concept of memory regions in "preparation for upcoming devices with device local memory." (Such as, you know, discrete graphics cards.)

    [...]

    Still, any information about Intel's graphics plans is welcome. Right now the graphics market is dominated by AMD and Nvidia, and as we noted in December, Intel is probably the only company that even has a possibility of successfully introducing a new discrete graphics architecture. Why not enjoy the occasional glimpse behind the curtain as that architecture's being built?

  • SVT-VP9 Is Intel's Latest Open-Source Video Encoder Yielding High Performance VP9

    At the start of the month Intel open-sourced SVT-AV1 aiming for high-performance AV1 video encoding on CPUs. That complemented their existing SVT-HEVC encoder for H.265 content and already SVT-AV1 has been seeing nice performance improvements. Intel now has released SVT-VP9 as a speedy open-source VP9 video encoder.

    Uploaded on Friday was the initial public open-source commit of SVT-VP9, the Intel Scalable Video Technology VP9 encoder. With this encoder they are focusing on being able to provide real-time encoding of up to two 4Kp60 streams on an Intel Xeon Gold 6140 processor. SVT-VP9 is under a BSD-style license and currently runs on Windows and Linux.

How I got my job in Linux: from Newbie to Pro

Filed under
GNU
Linux

I was peeved, because I’d spent my own money on building a computer and buying Microsoft Windows to put on it. Money that I really needed to pay the rent and put food in my belly. I also felt sorry for all the people that I’d end up re-installing Windows on their PC to fix their problem. I knew that most of them would probably be back in the store six or so months later with the same complaint.

Almost by accident, I found Linux. I was in the magazine section of the PC shop I worked in one day in late 1999. I saw a magazine called ‘Linux Answers’. On the cover was a copy of Red Hat Linux 6.0. Before long, I had done the unthinkable: I had deleted Windows in a rage of fury because it had completely crashed and wouldn’t start up. All of my MP3s, photos and documents, all but gone save for a few backups on CDs I had lying around. Back in those days I had no idea that I would have been able to salvage those files with Linux; I just blithely reformatted my hard disk and went cold-turkey, believing everything that the magazine said, I forced myself into the abyss of the unknown! These were exciting times!

I remember the blue text-mode installer, the glare of the many lines of text flying by when the machine started up for the first time. It looked really un-user friendly. Eventually, the screen flipped into what I’d later know to be called ‘runlevel 5’ and I could see a graphical login screen. Little did I know it, but that flashing cursor was the beginning to a whole new world of computing for me.

Read more

Linux 5.0-rc7

Filed under
Linux

A nice and calm week, with statistics looking normal. Just under half
drivers (gpu, networking, input, md, block, sound, ...), with the rest
being architecture fixes (arm64, arm, x86, kvm), networking and misc
(filesystem etc).

Nothing particularly odd stands out, and everything is pretty small.
Just the way I like it. Shortlog appended,

Linus

Read more

Linux Foundation and Servers: LF Edge, Open Mainframe Project, CNCF and Kubernetes

Filed under
Server
  • ETSI MEC Creates Its First Working Group

    The group will be led by Walter Featherstone, a principal research engineer at Viavi.

    ETSI formed the MEC industry specification group (ISG) with 24 companies in December 2014. The group now boasts around 85 members. It set out to create a standardized, open environment for the integration of applications across multi-vendor MEC platforms.

    MEC will enable operators and vendors to provide cloud computing as well as an IT service environment at the edge of the network, which is characterized by low latency and high bandwidth. The technology is a rapidly developing application for 5G and IoT use cases.

    [...]

    The Linux Foundation, earlier this year, launched an edge computing initiative called LF Edge. The initiative will serve as an umbrella organization for five edge projects. The group has set out to build an open, interoperable framework for edge computing that is independent of hardware, silicon, cloud, or operating systems.

  • Open Mainframe Project: Zowe Ready for Prime Time

    There is a lot of interest in updating mainframe technology/interfaces across traditional enterprises. As development environments and toolsets have evolved outside the mainframe, there is a struggle to keep up—partially because backward compatibility requirements make wild changes difficult and partly because the very architecture of mainframes is different.

  • These Are Not The Containers You're Looking For

    It is a well-documented fact that the rise of cloud and open-source has been connected, which also brings some interesting tensions, as I explored in my previous article. In containers, this synergy seems stronger than ever. The juggernaut behind Kubernetes and many related open source projects, the Cloud Native Computing Foundation (CNCF), is part of the Linux Foundation. The CNCF charter is clear about the intentions of the foundation: it seeks to foster and sustain an ecosystem of open source, vendor-neutral projects. Consequentially, since the CNCF's inception in 2014, it has become increasingly feasible to manage a complex cloud-native stack with a large mix of these open source projects (some interesting data in the foundation's annual report). The more you get into container-native methodologies, the more open source you will use.

  • What is Knative, and What Can It Do for You?

    Kubernetes is great, as it is. But with Knative, a new, open source platform spearheaded by Google, Kubernetes can be even better.

    If you haven’t yet taken a look at what Knative is or how it can save developers time and headaches, you could be missing out on some powerful features that help you get more out of Kubernetes (and containers in general) with less effort.

    Keep reading for an overview of what Knative is and how it can help you double down on microservices and containers.

Databases: DigitalOcean, InfluxData and SQLite

Filed under
Server
OSS
  • DigitalOcean launches its managed database service

    DigitalOcean started as an affordable but basic virtual private server offering with a pleasant user interface. Over the last few years, the company started adding features like object and block storage, load balancers and a container service. Today, it’s expanding its portfolio once again by launching a feature that was sorely missing in its lineup: a managed database service.

    The first edition of these DigitalOcean Managed Databases only supports PostgreSQL, the popular open-source relational database. Later this year, it’ll add MySQL and Redis support (likely in Q2 or Q3). As for other databases, the company says that it’ll listen to customer feedback and use that to prioritize other offerings.

  • InfluxData Secures $60 Million in Series D Funding to Bring the Value of Time Series to the Enterprise Mainstream
  • InfluxData raises $60 million for time-series database software

    The amount of data generated today boggles the mind — U.S. companies alone produce 2.5 quintillion bytes daily, enough to fill ten thousand Libraries of Congress in a year — and much of it is of the time-series variety (i.e., data points indexed in time order). Given the sheer volume, it’s no wonder that only 12 percent of companies say they’re analyzing the data they have, according to Forrester Research.

    That’s one of the reasons Paul Dix — who’s helped to build software for startups, large companies, and organizations like Microsoft, Google, McAfee, Thomson Reuters, and Air Force Space Command — founded Y Combinator- and Bloomberg Beta-backed InfluxData (formerly Errplane) in 2012. The San Francisco startup develops an open source time series platform, InfluxDB, that is optimized to handle metrics and events in DevOps, internet of things (IoT), and real-time analytics domains. And after a banner year that saw revenue double, InfluxDB 2.0 launch in alpha, and Flux — a functional language for both querying and processing data — debut in technical preview, the startup is gearing up for growth.

  • Why you should use SQLite

    Lift the hood on most any business application, and you’ll reveal some way to store and use structured data. Whether it’s a client-side app, an app with a web front-end, or an edge-device app, chances are it needs an embedded database of some kind.

    SQLite is an embeddable open source database, written in C and queryable with conventional SQL, that is designed to cover those use cases and more. SQLite is designed to be fast, portable, and reliable, whether you’re storing only kilobytes of data or multi-gigabyte blobs.

Open Hardware: RISC-V and ESP32

Filed under
Hardware
OSS
  • RISC-V Climbs Software Mountain

    Now that RISC-V has established a beachhead as a deeply embedded controller in SoCs, it’s time to start asking the next question: Can this open-source instruction-set architecture (ISA) make the next big leap into being an alternative to Arm and the x86 as a host processor?

    The short answer is yes, but it could take several years and there are plenty of pitfalls along the way. Essentially, the freewheeling open-source community behind RISC-V will need to develop and adhere to a wide range of system-level standards.

    So far, Nvidia and Western Digital plan to use RISC-V controllers in their SoCs, and Microsemi will use it in a new FPGA. Andes, Cortus, and startup SiFive sell IP cores, and a handful of startups plan to launch mainly machine-learning accelerators using it.

  • Western Digital’s RISC-V ‘Swerv’ Core Now Available for Free

    Western Digital has announced that it’s completed work on its Swerv RISC-V CPU core and has published the register-transfer level (RTL) abstraction of the design. Publishing the RTL code allows other companies to use the design.

    Open-source hardware initiatives and ISAs have existed for decades, but RISC-V has gathered a critical ecosystem and corporate interests in these projects where historically there was little incentive to buy-in. The issue isn’t primarily cost savings — particularly as node sizes decrease, the licensing costs of an ARM core simply aren’t a major part of the total. The end of conventional Moore’s Law scaling has moved interest back to ISAs, as has the rise of IoT, AI, ML, and the need for new architectures to address these challenges.

  • Western Digital Releases Their RISC-V Cores To The World

    What grew out of a university research project is finally becoming real silicon. RISC-V, the ISA that’s completely Big-O Open, is making inroads in dev boards, Arduino-ish things, and some light Internet of Things things. That’s great and all, but it doesn’t mean anything until you can find RISC-V cores in actual products. The great hope for RISC-V in this regard looks to be Western Digital, manufacturers of storage. They’re going to put RISC-V in all their drives, and they’ve just released their own version of the core, the SweRV.

    Last year, Western Digital made the amazing claim that they will transition their consumption of silicon over to RISC-V, putting one Billion RISC-V cores per year into the marketplace. This is huge news, akin to Apple saying they’re not going to bother with ARM anymore. Sure, these cores won’t necessarily be user-facing but at least we’re getting something.

    As far as technical specs for the Western Digital SweRV core go, it’s a 32-bit in-order core, with a target implementation process of 28nm, running at 1.8GHz. Performance per MHz is good, and if you want a chip or device to compare the SweRV core to (this is an inexact comparison, because we’re just talking about a core here and not an entire CPU or device), we’re looking at something between a decade-old iPhone or a very early version of the Raspberry Pi and a modern-ish tablet. Again, an inexact comparison, but no direct comparison can be made at this point.

  • A Network Card For The Trash-80

    The idea for the trsnic comes from [Arno Puder]’s RetroStoreCard, a device that plugs into the TRS-80 Model III and connects it to a ‘personal cloud’ of sorts that hosts and runs applications without the need for cassettes or floppys. It does this with an ESP32 wired up to the I/O bus in the Model III, and it’s all completely Open Source.

    [Peter] took this idea and ran with it. Thanks to the power found in the ESP32, real encrypted Internet communication can happen, and that means HTTPS and TLS.

Free/Open Source Software on IoT and the Net/WWW

Filed under
Web
  • Security Vulnerabilities Pose a Challenge to IoT/IIoT Mass Adoption

    Statista, a leading market and consumer data research firm, estimates that by 2020, the utilities, transportation and logistics, and discrete manufacturing industries are each projected to spend $40 billion on Internet of Things (IoT) platforms, systems and services. The next largest spending category will be business-to-consumer vendors, at $25 billion, while the health-care, energy and retail industries are each projected to spend north of $10 billion. These numbers add up to a significant investment in the IoT. In fact, the Boston Consulting Group predicts that the IoT market will reach $267 billion by 2020.

  • Decentralised IoT Network Gets Tencent Investment

    Wienke Giezeman is a man on a mission: since 2015, he’s been busy creating a decentralized LoRaWAN based internet of things (IoT) network which has no single owner and no single point of control. His goal is to make it easy for people to focus on the business value created by IoT, and not have to worry about the technology.

    Giezeman stood on the stage at his The Things Conference here earlier this month to announce some major breakthroughs that could just tip the balance for mass deployment of LoRaWAN devices and gateways. This includes a very low cost $69 indoor gateway, a generic software defined IoT node device incorporating multiple sensors, a security chip in conjunction with Microchip Technology, and a partnership with Tencent to accelerate LoRaWAN network expansion among the Chinese developer community.

  • Open IoT Network Adds Devices, Expands in China

    Giezeman stood on the stage at his The Things Conference here earlier this month to announce some major breakthroughs that could just tip the balance for mass deployment of LoRaWAN devices and gateways. This includes a very low cost $69 indoor gateway, a generic software defined IoT node device incorporating multiple sensors, a security chip in conjunction with Microchip Technology, and a partnership with Tencent to accelerate LoRaWAN network expansion among the Chinese developer community.

  • How Tim Berners-Lee's Inrupt project plans to fix the web

    Tim Berners-Lee wants to change the face of the internet he created. In September 2018, the father of the world wide web announced the launch of startup Inrupt, co-founded with cybersecurity entrepreneur John Bruce, which has as its mission “to restore rightful ownership of data back to every web user.”

    Since 2015, Berners-Lee has been working on a new web infrastructure called Solid, which rethinks how web apps store and share personal data. Inrupt aims to drive the development of the Solid platform and transform it from an innovative idea to a viable platform for businesses and consumers. “My group in the CSAIL [Computer Sciences and Artifical Intelligence Laboratory] Lab at MIT had been working on Solid for some years,” Berners-Lee says. “The initial goal of Inrupt is to add the energy and resources of a startup to the open-source efforts to make the Solid movement happen.”

    Over the past three decades, the web has evolved into something very different to Berners-Lee's original vision of openness, co-operation and creativity. Most of the data we put online is now siloed on the servers of companies like Google, Facebook and Twitter, and used to sell us as an audience for targeted advertising. We can download and delete our online histories, but we still can't easily move our data between services. “Innovation and value creation are choked by powerful forces whose focus is primarily on what generates profit or serves political agendas,”says John Bruce, who takes the role of CEO at Inrupt (Berners-Lee is CTO).

Programming: DApp, Groovy, TensorFlown and a Lot More

Filed under
Development
  • Chinese Tech Giant Baidu Launches Blockchain OS to Support DApp Development

    Chinese search engine and web services company Baidu has launched its Baidu Blockchain Engine (BBE), an operating system designed to facilitate decentralized application (DApp) development. The news was officially announced by Baidu’s cloud computing unit, Baidu Cloud, on Feb. 14.
    Baidu Cloud states that it considers an open source, commercialized platform to be “the only way to build a blockchain operating system.” BBE has reportedly been built on the basis of Baidu’s “ABC” technology strategy — artificial intelligence (AI), big data and cloud computing —  and aims to make DApp development “as simple as creating a mobile app.”

  • How is the Eclipse Foundation Specification Process (EFSP) different from the Java Community Process (JCP)?

    As most of you are aware, Oracle has contributed the Java EE specification to the Eclipse Foundation. The enterprise Java community decided to rename the Java EE specification to Jakarta EE. Part of this huge transition to open source is changing the specification process. The famous Java Community Process (JCP) is going to be replaced by the Eclipse Foundation Specification Process (EFSP), which will be better suited for vendor neutrality, transparency, and all other attributes associated with open source. So what exactly is the difference?

    To learn more about the new process, please refer to the EFSP v1.0, and Wayne Beaton’s article in this newsletter.

  • How To Build A Successful Developer Community

    As a community starter, the first question one should ask themselves is why developers want to join the community: is it because they are going to learn new skills or make their work easier?

    What is the impetus for building the community by asking questions like, whether the community is built around an open-source project? Are the developer tools available? Is there a platform with an API? Is it like a partner ecosystem? Or is it just selling a product?

  • Ember.js video documentary released

    Besides being an interesting piece of content for developers and open-source enthusiasts around the world, the documentary also addresses the human element of open-source software and the power of community.

    The documentary starts off with Tom Dale telling the story about how in the early days of creating web apps using Javascript, people where telling them, "please stop using Javascript", and "you guys are abusing the system" - but they had to stick with the vision and see it through and today, everyone uses Javascript to create web applications.

  • Why 2019 Will Be the Year for Shift-Left Mainframe Testing

    While 2018 was the year for planning and implementing shift-left methodologies in testing, mainframe and server testers were, for the most part, left behind. These legacy infrastructure experts were tied down to old-school testing tools. Mainframes kept functioning, but tools and testing practices often became bottlenecks, preventing performance testing teams from testing more quickly mid-cycle and pre-release.

  • Ubisoft's Clever-Commit AI will sniff out bugs in Firefox

    GAMES DO ENCOURAGE VIOLENCE, but against bugs in the case Ubisoft which has partnered with Mozilla to build out an artificial intelligence (AI) system that sniffs out code gremlins.

    Dubbed Clever-Commit, the AI will act as a form of coding assistant that learns from a developer's base bug and regression data to predict and flag potential new bugs that might be added as new code is slapped onto the codebase.

    The system, which is already being used internally by Ubisoft, will be adopted by Mozilla to review Firefox code and spot dodgy bits, with the goal of making the browser more stable for its users. But if the systems works well, Mozilla has plans to stick it further into Firefox.

  • Ubisoft and Mozilla team up to develop Clever-Commit, an AI coding assistant

    Game developer Ubisoft today announced that it has partnered with Mozilla to develop Clever-Commit, an AI-based coding assistant that learns from your code base’s bug and regression data to analyze and flag potential new bugs as new code is committed. Ubisoft already uses this tool internally and Mozilla  says that it will deploy it to spot bugs in its Firefox code.

  • Programming languages: Python rides high but Groovy is cool again with developers

    Groovy, which came to life in 2007, hasn't been a top-20 language in Tiobe's index since 2016 but in the February listing it is now at 19th place, up from 49th last year. 

    Groovy hit its stride as a language for writing scripts for popular continuous-integration tool Jenkins, but it's also been buoyed by the Gradle open-source build-automation system. According to Tiobe, these days more 'glue' software is being written in Groovy. 

  • The Deep Learning Framework Backed By Facebook Is Getting Industry's Attention

    When it comes to deep learning frameworks, TensorFlow is one of the most preferred toolkits.

  • Inside the AI developer’s toolbox
  • Guide To Web Scraping With Python Libraries Selenium & Beautiful Soup
  • Speeding up basic object operations in Cython
  • Python’s str.isdigit vs. str.isnumeric
  • Test and Code: 65: one assert per test
  • Setting up Tor hidden service
  • How to install WildFly (JBoss) on Ubuntu 18.04

Security: runc, Switzerland and More

Filed under
Security
  • Open Source Security Podcast: Episode 134 - What's up with the container runc security flaw?

    Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.

  • Switzerland launches e-voting bug bounty

    The Swiss government is inviting hackers to test its electronic voting (e-voting) system for vulnerabilities, in a move aimed at improving the security and integrity of the country’s electoral process.

    The initiative was unveiled last week by Swiss Post, Switzerland’s national postal service and the organization tasked with deploying and managing the country’s e-voting platform.

    Ahead of the system’s planned nationwide rollout, a public intrusion test will take place between February 25 and March 24. A range of cash prizes are on offer for successful pen testers.

  • A Conversation about ZipSlip, NodeJS Security, and BBS Hacking

    Earlier this year, the popular Bower package manager was found vulnerable to archive extraction, allowing attackers to write arbitrary files on a user's disk. As Nodejs Security WG member and Snyk developer advocate Liran Tal wrote, the vector attacks used by this exploit have been known since the early days of BBS.

    As security researcher skyn3t reported on January 1st 2019, an attacker could craft a malicious zip archive to exploit improper validation of symlinks to write arbitrary files outside of the zip extraction directory. According to Tal, the culprit for enabling path transversal in Bower's case is a small Nodejs package, decompress-zip, but it is far from being an isolated case. In fact, this kind of vulnerability has been found in several ecosystems, including JavaScript, Ruby, .NET, Go, and Java, and seems to affect thousands of projects, making it deserve the ZipSlip moniker. What is even more striking is that the basic attack vector used by ZipSlip has been known, and potentially exploited many times, since the very early days of Bulletin Board Systems (BBS).

  • Vet third-party apps to reduce supply chain threats [Ed: At least NPM caught this; with proprietary software the back doors are there permanent, hidden, and you cannot remove them]

    Case in point: there was last fall's update to the event-stream Node Package Manager (NPM), which included cryptocurrency-stealing code, and which wasn't revealed until almost two months after the software was released. There have also been prior security issues identified in NPM packages.

    Jarrod Overson blogged about investigating the event-stream NPM package. The event-stream developer changed ownership of the project and the cryptocurrency-stealing code was added by the new developer in a subsequent update. The original developer hadn't used the module in years and agreed to give a new developer control of the package.

    Once the malicious code was added, the developer updated the version information so applications that used the module would install the updated version. The package was installed as a dependency to other modules and was reportedly downloaded two million times per week. NPM packages will follow best practices to determine if updates to dependencies are available and auto-install the updated modules, making these types of attacks difficult to combat.

Ubuntu Studio: Updates for February 2019

Filed under
Ubuntu

With Ubuntu 19.04’s feature freeze quickly approaching, we would like to announce the new updates coming to Ubuntu Studio 19.04.

Read more

Bastian Ilsø Hougaard's and Tobias Bernard's Reports From GNOME at FOSDEM

Filed under
GNOME
  • Bastian Ilsø Hougaard: GNOME at FOSDEM 2019

    Earlier this month, the annual FOSDEM conference happened again at ULB, Bruxelles, Belgium. I had the opportunity to go there, man the GNOME booth, sell socks, and catch up with other GNOME contributors.

    Prior to the conference I had booked La Chambre Haute, which is a great little rooftop apartment located in Etterbeek, around 1.7km from the FOSDEM venue. I arranged the apartment for sharing through the GNOME wiki and shared the apartment with fellow GNOMEies Florian, Tobias, Julian and Niclas. We had a really pleasant time there, including oriental cooking and hacking! I can recommend joining for FOSDEM 2020. Wink

  • Tobias Bernard: FOSDEM 2019

    Earlier this month I attended FOSDEM in Brussels. This year was much more relaxed than last year because I didn’t have a talk or other major responsibilities. That meant I had a lot more time to talk to fellow GNOME people and other friends working on different projects.

    I spent a lot of time at our booth, talking to people coming by, and planning new projects with fellow developers. The only talk I ended up going to was Zeeshan’s on Rust. I really wanted to go see Jordan’s talk as well, but the Rust devroom was way too packed on Sunday. I also attended the Mobile Free Software BoF, where Nicole gave a status update about the Librem 5 to interested community members, and people could ask questions.

Review: Slontoo 18.07.1 "LXDE"

Filed under
Reviews

It is not often that I experiment with projects from the Gentoo family of distributions. This week I decided to enjoy a change of pace and experiment with a desktop oriented distribution from the Gentoo family called Slontoo. According to the project's website,
Slontoo is an operating system based on Funtoo Linux. It uses the Linux Mint live installer to simplify the installation procedure. Slontoo tries to provide most appropriate tools for home and office use.
Funtoo is, in turn, based on Gentoo and strives to improve the technologies presented in the Gentoo meta-distribution.

Slontoo is available in three editions: LXDE, MATE and Xfce. New users can download one unified ISO (1.7GB) that contains all three desktop environments, or select from one of three smaller ISO files that each include just one desktop. I decided to download the distribution's LXDE edition which is 1GB in size. Slontoo is available for 64-bit systems only.

Booting from the live media brings up a menu asking us to pick our preferred language. Then the system boots into a graphical mode and presents us with the LXDE desktop. A panel sits at the bottom of the screen, with the application menu in the bottom-left corner. Icons on the desktop open the file manager and launch the system installer. The live desktop was responsive and the distribution appeared to be working smoothly so I jumped immediately into the installer.

Read more

Also: Solus Plasma Testing V1 overview | A kde flavored Solus OS

Debian: Sway in Experimental and More

Filed under
Debian
  • Sway in experimental

    A couple of days ago the 1.0-RC2 version of Sway, a Wayland compositor, landed in Debian experimental. Sway is a drop in replacement for the i3 tiling window manager for wayland. Drop in replacement means that, apart from minor adaptions, you can reuse your existing i3 configuration file for Sway. On the Website of sway you can find a short introduction video that shows the most basic concepts of using Sway, though if you have worked with i3 you will feel at home soon.

    In the video the utility swaygrab is mentioned, but this tool is not part of Sway anymore. There is another screenshot tool now though, called grim which you can combine with the tool slurp if you want to select regions for screenshots. The video also mentions swaylock, which is a screen locking utility similar to i3lock. It was split out of the main Sway release a couple of weeks ago but there also exists a Debian package by now. And there is a package for swayidle, which is a idle management daemon, which comes handy for locking the screen or for turning of your display after a timeout. If you need clipboard manager, you can use wl-clipboard. There is also a notification daemon called mako (the Debian package is called mako-notifier and is in NEW) and if you don’t like the default swaybar, you can have a look at waybar (not yet in Debian, see this RFS). If you want to get in touch with other Sway users there is a #sway IRC channel on freenode. For some tricks setting up Sway you can browse the wiki.

  • The Sway Wayland Compositor Is Now Available From Debian Experimental

    For those that have been wanting to try out the near-final Sway 1.0, this Wayland compositor has made its way into the Debian archive albeit only in the "experimental" section for now.

    At the end of January was the start of the upstream Debian packaging work around Sway and it's kept up with the latest release candidates. Available from Debian Experimental is now the latest Sway 1.0-RC2.

  • Making debug symbols discoverable and fetchable

    Michael wrote a few days ago about the experience of debugging programs on Debian. And he is certainly not the only one, who found it more difficult to find debug symbols on Linux systems in general.

    But fortunately, it is a fixable problem. Basically, we just need a service to map a build-id to a downloadable file containing that build-id. You can find the source code to my (prototype) of such a dbgsym service on salsa.debian.org.

Linux Vs. Unix: What's the Difference?

Filed under
OS
Linux

Linux and Unix are often compared to each other. If the similarity in their names wasn't enough, Linux is technically a descendant of Unix, and they share a number of similarities in tool kits and overall structure. They aren't exactly the same, though, and the approaches and philosophies behind them are radically different.

Read more

Daniel García Moreno: I'm a hacker

Filed under
Development
GNOME

The hack computer is built on top of the Endless OS. Endless OS is based on debian and the desktop is a modified gnome shell, but it's not the usual debian derivative, it's based on OSTree. The main difference is that the root filesystem is read only and updates are managed with ostree, that's like a git repository.

This kind of Operating System is easier to maintain, because the user can't modify the base system, so this means that he was unable to break it. All user applications are installed via flatpak, so are independent of the OS version and because of flathub you can install latests version of apps without the need to update the full operating system.

This is the way that Fedora SilverBlue is trying to follow and is a new way to build and distribute GNU/Linux.

Read more

Wine Developers Release Hangover Alpha To Run Windows x86_64 Programs On 64-Bit ARM

Filed under
Software

Wine developers André Hentschel and Stefan Dösinger have been working on "Hangover" as a means of running Windows x86/x86_64 applications on 64-bit ARM (AArch64) Linux and Android or even Windows for ARM. They are out today with the project's first alpha release.

Hangover 0.4 is the first (alpha) release from this project for running x86/x86_64 Windows programs now on 64-bit ARM Linux distributions. Besides GNU/Linux platforms, Hangover can also run on Android as well. This also lays the groundwork for supporting Windows games on AArch64 using Direct3D/WineD3D though due to upstream Wine limitations that doesn't yet work on Android due to WineD3D not working off OpenGL ES at this time.

Read more

Syndicate content

More in Tux Machines

Slovak advocates want parliament to push for open source

Slovak proponents of the use of free and open source software are rallying for their country’s parliament to approve plans to share the source code of software solutions developed by and for public services. They are concerned that proprietary software vendors will lobby for changes to the eGovernment act, a strategic IT Government proposal that is to be discussed in parliament in March or April. Read more

Intel Graphics: Discrete Graphics Cards and SVT-AV1

  • Intel Preps For Discrete Graphics Cards With Linux Patches
    Intel has confirmed that recent patches to its Linux graphics driver were related to its continued work on preparing the ecosystem for its new line of discrete graphics cards. Phoronix reported that Intel released 42 such patches with more than 4,000 lines of code between them on February 14. The main purpose of the patches was to introduce the concept of memory regions in "preparation for upcoming devices with device local memory." (Such as, you know, discrete graphics cards.) [...] Still, any information about Intel's graphics plans is welcome. Right now the graphics market is dominated by AMD and Nvidia, and as we noted in December, Intel is probably the only company that even has a possibility of successfully introducing a new discrete graphics architecture. Why not enjoy the occasional glimpse behind the curtain as that architecture's being built?
  • SVT-VP9 Is Intel's Latest Open-Source Video Encoder Yielding High Performance VP9
    At the start of the month Intel open-sourced SVT-AV1 aiming for high-performance AV1 video encoding on CPUs. That complemented their existing SVT-HEVC encoder for H.265 content and already SVT-AV1 has been seeing nice performance improvements. Intel now has released SVT-VP9 as a speedy open-source VP9 video encoder. Uploaded on Friday was the initial public open-source commit of SVT-VP9, the Intel Scalable Video Technology VP9 encoder. With this encoder they are focusing on being able to provide real-time encoding of up to two 4Kp60 streams on an Intel Xeon Gold 6140 processor. SVT-VP9 is under a BSD-style license and currently runs on Windows and Linux.

How I got my job in Linux: from Newbie to Pro

I was peeved, because I’d spent my own money on building a computer and buying Microsoft Windows to put on it. Money that I really needed to pay the rent and put food in my belly. I also felt sorry for all the people that I’d end up re-installing Windows on their PC to fix their problem. I knew that most of them would probably be back in the store six or so months later with the same complaint. Almost by accident, I found Linux. I was in the magazine section of the PC shop I worked in one day in late 1999. I saw a magazine called ‘Linux Answers’. On the cover was a copy of Red Hat Linux 6.0. Before long, I had done the unthinkable: I had deleted Windows in a rage of fury because it had completely crashed and wouldn’t start up. All of my MP3s, photos and documents, all but gone save for a few backups on CDs I had lying around. Back in those days I had no idea that I would have been able to salvage those files with Linux; I just blithely reformatted my hard disk and went cold-turkey, believing everything that the magazine said, I forced myself into the abyss of the unknown! These were exciting times! I remember the blue text-mode installer, the glare of the many lines of text flying by when the machine started up for the first time. It looked really un-user friendly. Eventually, the screen flipped into what I’d later know to be called ‘runlevel 5’ and I could see a graphical login screen. Little did I know it, but that flashing cursor was the beginning to a whole new world of computing for me. Read more

Linux 5.0-rc7

A nice and calm week, with statistics looking normal. Just under half drivers (gpu, networking, input, md, block, sound, ...), with the rest being architecture fixes (arm64, arm, x86, kvm), networking and misc (filesystem etc). Nothing particularly odd stands out, and everything is pretty small. Just the way I like it. Shortlog appended, Linus Read more