Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 15 Nov 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story LibreELEC (Leia) v8.90.007 ALPHA Roy Schestowitz 14/11/2018 - 5:15am
Story OpenStack Now Powers 75 Public Clouds Worldwide Roy Schestowitz 14/11/2018 - 5:11am
Story today's leftovers Roy Schestowitz 13/11/2018 - 8:22pm
Story Openwashing With GitHub Roy Schestowitz 13/11/2018 - 8:15pm
Story GNU/Linux Skills, Raspberry Pi and FUD Roy Schestowitz 13/11/2018 - 7:51pm
Story IBM/Red Hat: Moving, Supercomputing and How IBM and Red Hat Will Impact Your Cloud Strategy Roy Schestowitz 6 13/11/2018 - 7:30pm
Story GPL Licensing: FSF Update Rules Commons Clause Non-Free, Red Hat on Compliance Roy Schestowitz 2 13/11/2018 - 7:23pm
Story Android Leftovers Rianne Schestowitz 13/11/2018 - 7:00pm
Story A Look At The GCC 9 Performance On Intel Skylake Against GCC 8, LLVM Clang 7/8 Rianne Schestowitz 13/11/2018 - 6:55pm
Story This under-$6 SBC runs Linux on RISC-V based C-SKY chip Rianne Schestowitz 13/11/2018 - 6:52pm

Security: BoE, North Korea, Russia

Filed under
Security

  • Bank of England stages day of war games to combat cyber-attacks [iophk: "neglects to implicate Windows as the key facilitator of attacks, both by making victims vulnerable and by providing a platform for attackers"]

    Up to 40 firms are taking part in the voluntary exercise, alongside the BoE, the Treasury, City regulator the Financial Conduct Authority and UK Finance, the industry trade body.

  • North Korean hackers filched tens of millions from cash machines in ATM heist

    Symantec reports that the scheme has been going on for some time, and while the 2018 attack targeted 23 countries in Africa and Asia, the US government reports a similar attack in 2017 which saw 30 nations' ATMs breached simultaneously.

    The good news - well, goodish - is that all Trojan.Fastcash attacks seem to have hit servers running outdated software.

  • The US Military Just Publicly Dumped Russian Government Malware Online

    The malware itself does not appear to still be active. A spokesperson for Symantec told Motherboard in an email that the command and control servers—the computers that tell the malware what commands to run or store stolen data—are no longer operational. The spokesperson added that Symantec detected the sample when the company updated its detection tools a couple of months ago.

Bison 3.2.1 released [stable]

Filed under
GNU

We would have been happy not to have to announce the release of Bison 3.2.1,
which fixes portability issues of Bison 3.2.
Bison 3.2 brought massive improvements to the deterministic C++ skeleton,
lalr1.cc. When variants are enabled and the compiler supports C++11 or
better, move-only types can now be used for semantic values. C++98 support
is not deprecated. Please see the NEWS below for more details.
Many thanks to Frank Heckenbach for paving the way for this release with his
implementation of a skeleton in C++17, and to Nelson H. F. Beebe for testing
exhaustively portability issues.

Read more

Fedora Community and Debian Work

Filed under
Red Hat
Debian

KDE and GNOME: Freenode#live, KDE Applications 18.12 and More

Filed under
KDE
GNOME
  • Freenode#live post

    The weekend of 3 and 4 November Dave and I went to staff the KDE booth at Freenode#live, in Bristol. I had never been in that corner of England before, It turns out to have hills, and a river, and tides. Often an event brings me to a city, and then out, without seeing much of it. This time I traveled in early and left late the day after the event so I had some time to wander around, and it was quite worthwhile.

    Turns out there is quite a lot of cider available, and the barman gave me an extensive education on the history of cider and a bit on apple cultivation when I asked about it. Sitting down with a Slimbook and a pint can be quite productive; I got some Calamares fixes done before the conference.

  • KDE Applications 18.12 branches created

    We're already past the dependency freeze.

    The Freeze and Beta is this Thursday 15 of November.

  • Talking at PETCon2018 in Hamburg, Germany and OpenPGP Email Summit in Brussels, Belgium

    Just like last year, I managed to be invited to the Privacy Enhancing Technologies Conference to talk about GNOME. First, Simone Fischer-Huebner from Karlstadt University talked about her projects which are on the edge of security, cryptography, and usability, which I find a fascinating area to be in. She presented outcomes of her Prismacloud project which also involves fancy youtube videos…

  • GSConnect 15 Offers Better Phone Integration With The GNOME Shell

    In addition to this week bringing KDE Connect 1.10 for the communication/integration between the KDE desktop and Android smartphones/tablets, GSConnect as the GNOME Shell port of this open-source software also received a new feature release.

    GSConnect is the GNOME-based version of KDE Connect that provides integration with the GNOME Shell, Nautilus file manager, and also the Chrome/Firefox web-browsers for sharing of data and message handling from Android devices to your GNOME Linux desktop.

Zstd-Compressed Linux Kernel and PRs Bot

Filed under
Linux
  • Patches Revived For A Zstd-Compressed Linux Kernel While Dropping LZMA & BZIP2

    For more than a year it's been talked about adding an option to support Zstd-compressed Linux kernel images while it looks like that Facebook-backed high performance compression algorithm for kernel images could soon finally be mainlined.

  • The kernel pull-request tracker bot

    Since the beginning, one part of the kernel-development task has been watching the mainline to see whether one's work had been merged. That is about to change with the advent of the pull-request tracker bot, which will inform maintainers when one of their pull requests has made it into the mainline. Konstantin Ryabitsev, who put this service together, plans to expand it to other trees once things have settled down.

OSS: ESP32, MDN, GNU and More

Filed under
OSS
  • Tractor Drives Itself, Thanks to ESP32 and Open Source

    Modern agricultural equipment has come a long way, embracing all kinds of smart features and electronic controls. While some manufacturers would prefer to be the sole gatekeepers of the access to these advanced features, that hasn’t stopped curious and enterprising folks from working on DIY solutions. One such example is this self-steering tractor demo by [Coffeetrac], which demonstrates having a computer plot and guide a tractor through an optimal coverage pattern.

    A few different pieces needed to come together to make this all work. At the heart of it all is [Coffeetrac]’s ESP32-based Autosteer controller, which is the hardware that interfaces to the tractor and allows for steering and reading sensors electronically. AgOpenGPS is the software that reads GPS data, interfaces to the Autosteer controller, and tells equipment what to do; it can be thought of as a mission planner.

  • Performance Updates and Hosting Moves: MDN Changelog for October 2018
  • SD Times Open-Source Project of the Week: Apollo GraphQL Platform [Ed: That is fostering Microsoft tools like a VS Code plugin which helps Microsoft sell proprietary software.]

    Also available to open-core users is the VS Code plugin, which DeBergalis explained “puts valuable information about your schema — like the average latency of a specific field — right at your fingertips at development time.”

  • Facebook’s GraphQL moved to a new GraphQL Foundation, backed by The Linux Foundation

    The foundation will provide a neutral home for the community to collaborate and encourage more participation and contribution. The community will be able to spread responsibilities and costs for infrastructure which will help in increasing the overall investment. This neutral governance will also ensure equal treatment in the community.

    [...]

    In the next few months, The Linux Foundation with Facebook and the GraphQL community will be finalizing the founding members of the GraphQL Foundation.

  • GRUB Bootloader Picks Up A Verifier Framework For Secure Boot, TPM, PGP Verification

    Landing in the GRUB boot-loader minutes ago is a new "verifiers" framework providing core verification functionality for the likes of UEFI Secure Boot, Trusted Platform Modules, and PGP. 

    The GRUB verifiers framework can be used by modules whereby the boot-loader needs to handle some verification steps at boot-time. The obvious focus on this verification framework is for security mechanisms like Secure Boot or TPM support. 

  • GCC 9 Lands Support For Intel PTWRITE

    There has been a flurry of activity recently for the GCC 9 compiler due to feature development ending soon. The latest work hitting their mainline tree this morning is support for the Intel PTWRITE instruction. 

    PTWRITE is a new instruction for Intel CPUs that allows writing values into the processor trace (PT) log. The intention of this is for allowing lightweight instrumentation/tracing of programs. The PTWRITE instruction is initially supported by Intel Geminilake / Goldmont Plus hardware.

  • Open source licensing: Is your vendor a troll?

    This shouldn't be an issue, of course. Open source is supposed to be about collaboration and community. When Red Hat, Facebook, Google, and IBM initially proposed the GCC in November 2017, therefore, it was a bit of a surprise. By July 2018, 20 more companies had joined, including Toyota, Intel, and Royal Philips. More head scratching. This week 16 more companies joined the GCC, including my employer, Adobe, and I finally asked the question, "Is this really a problem? Are individuals or companies really weaponizing GPL licensing against (likely) innocent wrongdoers?"

    The answer is "Yes."

  • The Evolution Of Open

    I’ve mentioned before that I think it’s a mistake to think of federation as a feature of distributed systems, rather than as consequence of computational scarcity. But more importantly, I believe that federated infrastructure – that is, a focus on distributed and resilient services – is a poor substitute for an accountable infrastructure that prioritizes a distributed and healthy community.  The reason Twitter is a sewer isn’t that Twitter is centralized, it’s that Jack Dorsey doesn’t give a damn about policing his platform and Twitter’s board of directors doesn’t give a damn about changing his mind. Likewise, a big reason Mastodon is popular with the worst dregs of the otaku crowd is that if they’re on the right instance they’re free to recirculate shit that’s so reprehensible even Twitter’s boneless, soporific safety team can’t bring themselves to let it slide.

    That’s the other part of federated systems we don’t talk about much – how much the burden of safety shifts to the individual. The cost of evolving federated systems that require consensus to interoperate is so high that structural flaws are likely to be there for a long time, maybe forever, and the burden of working around them falls on every endpoint to manage for themselves. IRC’s (Remember IRC?) ongoing borderline-unusability is a direct product of a notion of openness that leaves admins few better tools than endless spammer whack-a-mole. Email is (sort of…) decentralized, but can you imagine using it with your junkmail filters off?

  • How to make an open-source, computerized map of the brain

    This post was contributed by Mason Muerhoff, who is the Associate University Relations Specialist for the Waisman Center. 

    In search of a way to improve how scientists analyze brain images, researchers at the University of Wisconsin–Madison Waisman Center decided to build a brain.

    Or at least, a brain model.

    Waisman Center senior scientist Alexander Converse and colleagues from several international universities recently published a rhesus macaque brain atlas aligned to a magnetic resonance imaging (MRI) template. The result is a three-dimensional, computerized map of the rhesus brain.

  •  

  • Developers are the new kingdom builders

    These are today's geniuses and visionaries of the blockchain world—the Linus Torvalds of blockchain. But there are many following them, using the platforms created by these geniuses to create new business models and experiment with their own kingdoms. Some will fail, and some will succeed. But clearly, there is a new path for developers to conquer the world—and now it's for real.

Security and DRM

Filed under
Security
  • The Morris Worm Turns 30
  • DJI Fixes Massive Vulnerability In User Accounts That Could’ve Allowed Hackers To Take Control Of Your Drone And Steal Personal Information

    DJI drones are the hot trend of 21st century. However, as functional and well built they are, some vulnerabilities in them could pose serious threat to your security. As these drones rely on a DJI account to be functional, you can land in serious trouble if a hacker gains access to your account. The hacker may access your drone and fly or crash it into a sensitive more or no fly zone. Not only that, personal information can also be accessed through the exploit and that may put you in more danger.

  • Denuvo: Every Download Is A Lost Sale For This Anonymous AAA Title We're Referencing, So Buy Moar Dunuvo!

    The saga of antipiracy DRM company Denuvo is a long and tortured one, but the short version of it is that Denuvo was once a DRM thought to be unbeatable but which has since devolved into a DRM that cracking groups often beat on timelines measured in days if not hours. Denuvo pivoted at that point, moving on from boasting at the longevity of its protection to remarking that even this brief protection offered in the release windows of games made it worthwhile. Around the same time, security company Irdeto bought Denuvo and rolled its services into its offering.

    And Irdeto apparently wants to keep pushing the line about early release windows, but has managed to do so by simply citing some unnamed AAA sports game that it claims lost millions by being downloaded instead of using Denuvo to protect it for an unspecified amount of time.

  • Denuvo Research Claims Unnamed “major sports title” Lost $21m in Revenue Because of Piracy [Ed: Amplifying the lies of disgraced DRM firm Denuvo]

    Denuvo, the infamous video game anti-piracy software provider, was acquired by Irdeto earlier this year in January. In a statement posted on Irdeto’s website, the software company shared research results which claim game piracy caused a potential loss of $21 million for an unnamed AAA sports title in the two weeks following its release.

Linux-driven 96Boards SBC features AI and RISC-V companion chips

Filed under
Linux
Hardware

Bitmain announced a “Sophon BM1880 EDB” 96Boards CE SBC featuring its new Sophon BM1880 AI chip plus dual Cortex-A53 cores that run Linux. There’s also a RISC-V chip and optional Raspberry Pi and Arduino modules.

Beijing-based Bitmain, which is known primarily as a leading vendor of bitcoin mining chips and computers, also has a “Sophon” AI chip business built around its BM1680 and more recent BM1682 Tensor Computing Processor (TPU) AI chips. Bitmain recently announced a third-gen BM1880 TPU along with a Sophon BM1880 Edge Development Board (EDB) 96Boards CE SBC, referred to by 96Boards.org as the “Sophon Edge.”

Read more

ScyllaDB Releases Scylla Open Source 3.0

Filed under
OSS

ScyllaDB, the real-time big data database company, is releasing Scylla Open Source 3.0, introducing new production-ready capabilities.

The company also previewed Scylla support for concurrent OLTP and OLAP, an industry first that enables simultaneous transactional and analytical processing.

Scylla Open Source 3.0 features a close-to-the-hardware design that makes optimal use of modern servers. Written from the ground-up in C++ to provide significant improvements to throughput, latency and administration, Scylla delivers scale-up performance of more than 1,000,000 IOPS per node, scales out to hundreds of nodes, and consistently achieves a 99% tail latency of less than 1 millisecond.

Read more

VirtualBox 5.2.22

Filed under
Software
  • Changelog for VirtualBox 5.2
  • VirtualBox 5.2.22 Released, Disables 3D For Wayland & Brings Linux 4.19 Fixes

    While VirtualBox 6.0 is in beta, VirtualBox 5.2.22 was released today as the latest stable release for this Oracle virtualization software.

    Announced earlier this week was a VirtualBox zero-day vulnerability that went public with the researcher being upset over current bug disclosure processes... That 0-day vulnerability in VirtualBox touches its PRO/1000 network adapter code and allows the guest to escape to the host's ring three and from there paired with other exploits potentially hitting the host's ring zero. Details on that zero-day via virtualbox_e1000_0day. Surprisingly though there is no word in today's VirtualBox 5.2.22 release information whether this vulnerability is addressed.

Wine 3.20 and Gaming News

Filed under
Gaming
  • Wine Announcement

    The Wine development release 3.20 is now available.

  • Wine 3.20 Released With Several Improvements

    Wine 3.20 is now the latest bi-weekly development release for this increasingly popular code-base for running Windows programs/games on Linux and other operating systems.

    Wine 3.20 brings improvements to its IDL compiler, support for sub-storage transforms within MSIs, RPC/COM marshalling fixes, support for Unicode requests within WinHTTP, and shell auto-complete optimizations.

  • Snapshot Games have cancelled the Linux version of Phoenix Point [Ed: "It's clear Unity has had plenty of Linux issues in the past year though," Liam says. Unity uses Microsoft Mono. Be ready for Microsoft to vandalise GNU/Linux on the desktop by ALL MEANS POSSIBLE. Guess who Microsoft made GitHub's new chief: Mr. Mono.]

    Some news that I'm not particularly happy about. Snapshot Games, which includes X-COM creator Julian Gollop, have announced they've cancelled the Linux version of Phoenix Point.

    As a reminder: After having a succesful Fig campaign last year, where they raised well over $750K which went up to over $780K after it finished, Snapshot Games also gained over $1.2 million in pre-orders from their own store. Linux was a platform advertised during their crowdfunding campaign along with it being clearly listed as a platform on their official website's FAQ. They went on to release two backer builds, both of which had Linux support and ran quite well. After spending quite a number of hours in their second backer beta, I was extremely keen for the third build which was expanding the feature-set quite a lot.

    I ended up speaking to Snapshot Games, who gave me the news ahead of time so I've had a little time to think about this. Even so, I'm really not happy with the situation.

    They put up a dedicated page to talk briefly about it, after I told them not to leave the reasons why up to people's imaginations. Citing reasons like Linux requiring "specialised graphics programming" as it uses OpenGL and not DirectX, they also mentioned that Linux drivers are "not as comprehensive as for Windows and Mac" requiring them to make "adaptations to graphical shaders" to get them working. Additionally, they mentioned the issue of Linux having many distributions, Linux-specific Unity bugs like "not being able to correctly render the video player" and input issues. I won't comment much on those points, since I am not a game developer and so I've no idea how Unity handles different APIs and everything else Unity does. It's clear Unity has had plenty of Linux issues in the past year though.

  • The Wall, a rather unusual FPS game is planning to support Linux

    A recent discovery is The Wall, an usual competitive FPS now in Early Access on Steam and they're planning to support Linux.

    Speaking to the developer on the Steam forum, they said it was "Definitely" coming and then clarified it would be soon after the Early Access release which is out now.

  • Cheap Golf, a retro-styled comedy mini-golf adventure released with Linux support

    Cheap Golf from developer Pixeljam (Dino Run, Starr Mazer: DSP) is a surprisingly good and quite amusing retro-styled mini-golf adventure. A very easy game to get into, since it only requires a single hand to fling the mouse around.

GIMP 2.10.8 Released

Filed under
GNU
  • GIMP 2.10.8 Released

    Though the updated GIMP release policy allows cool new features in micro releases, we also take pride on the stability of our software (so that you can edit images feeling that your work is safe).

    In this spirit, GIMP 2.10.8 is mostly the result of dozens of bug fixes and optimizations.

  • GIMP 2.10.8 Gets Better Performance Boost On Lower-End Hardware

    It doesn't look like GIMP 3.0 will be under the tree this Christmas, but at least GIMP 2.10 continues progressing with new stable releases to provide new optimizations and enhancements.

    GIMP 2.10.8 should perform better on lower-end systems now with its chunk size being determined dynamically based on processing speed. This should make this imaging program more responsive. There is also the groundwork in this release towards delivering more performance optimizations moving forward.

Canonical: Surveillance ("Big Data") and "Smart" Kiosks

Filed under
Ubuntu
  • How to harness big data for maximum business value

    Canonical and Spicule have joined forces to bring your business a better option for open source big data and streaming analytics.

    You can learn more about us at some of our upcoming events – read on to find out more.

    Or, jump right in and get started using JAAS to deploy a fully supported Hadoop stack for interactive SQL based analytics.

  • The rise of the Digital Smart Kiosk

    The adaptability of smart kiosks makes them a compelling option for all sorts of projects. Essentially, if you have information to deliver visually in a public or semi-public setting, a smart kiosk can probably work. The benefits of smart kiosks extend well beyond this, though, for the reason that they can basically pay for themselves.
    Digital smart kiosk screens are, essentially, digital signage screens in miniature, and advertisers are eager to get their content up on those screens where users can see them. After all, it’s rare for more than one or two kiosks to be in a given area, meaning busy locations can expect their kiosks to get a fair bit of traffic.

Mesa 18.3 RC2

Filed under
Graphics/Benchmarks
  • mesa 18.3.0-rc2

    The second release candidate for Mesa 18.3.0 is now available.

  • Mesa 18.3-RC2 Released With RADV, Wayland & NIR Fixes

    The second weekly release candidate of Mesa 18.3 is now available for testing of these open-source OpenGL / Vulkan drivers.

    Mesa 18.3-RC2 comes with several RADV Radeon Vulkan driver fixes, Wayland WSI updates, a few Intel/NIR changes, some minor Android updates, Gallium Nine built with Meson now is linked against pthreads, and various other alterations.

Evaluate Linux server distros for your data center

Filed under
GNU
Linux
Server

Most data centers include Linux, but there are many Linux server distros to choose from. Deciding which one is the right fit for your data center can be confusing, but there are three main options: Ubuntu Server, Red Hat Enterprise Linux and CoreOS.

Linux is flexible, reliable, agile and secure, which makes it a strong contender for enterprises and SMBs. If you want your Linux OS to cover a wide range of use cases, you cannot go wrong with Ubuntu Server 18.04. This Ubuntu version is a long-term support release, and it's capable of serving large scale-out needs, as well as some more specific workloads, such as database servers, web servers, lightweight directory access protocol servers and OpenStack.

Ubuntu Server supports the ZFS volume management/file system, which is ideal for servers and containers because it includes all the tools you need for containers and clustering, as well as snap universal package support. It is also certified as a guest on AWS, Microsoft Azure, Joyent, IBM, Google Cloud Platform and Rackspace.

When it comes to Linux server distros, Ubuntu Server has many customization options and few system requirements. Ubuntu Server is terminal-only; you can install a GUI desktop environment, but that can consume precious system resources.

Read more

Also: Docker invites elderly Windows Server apps to spend remaining days in supervised care

Syndicate content

More in Tux Machines

Qt/KDE: Qt for Python, Inkscape Dark Theme on KDE Plasma, Atelier at Maker Faire and QtCon 2018!

  • Python and Qt: 3,000 hours of developer insight
    With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences. [...] The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds. I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said. After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.
  • Inkscape Dark Theme on KDE Plasma
    On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.
  • Atelier at Maker Faire and QtCon 2018!
    On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

Security: Updates, Systematic Evaluation of Transient Execution Attacks and Defenses, New IoT Security Regulations and GPU Side-Channel Attacks

  • Security updates for Thursday
  • A Systematic Evaluation of Transient Execution Attacks and Defenses

    [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

  • New IoT Security Regulations
    Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet. But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.
  • University Researchers Publish Paper On GPU Side-Channel Attacks
    University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown. With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

VirtualBox 6.0 Beta 2

  • Announcement: VirtualBox 6.0 Beta 2 released
    Please do NOT use this VirtualBox Beta release on production machines! A VirtualBox Beta release should be considered a bleeding-edge release meant for early evaluation and testing purposes. You can download the binaries here: http://download.virtualbox.org/virtualbox/6.0.0_BETA2 Please do NOT open bug reports at our public bugtracker but use our VirtualBox Beta Feedback forum at https://forums.virtualbox.org/viewforum.php?f=15 to report any problems with the Beta. Please concentrate on reporting regressions since VirtualBox 5.2! Version 6.0 will be a new major release. Please see the forum at https://forums.virtualbox.org/viewtopic.php?f=15&t=90315 for an incomplete list of changes. Thanks for your help! Michael
  • VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder
    Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features. VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more