Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 15 Nov 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Events: Jesień Linuksowa 2018, Sustain OSS 2018, Hacktoberfest Celebrates 5th Anniversary Roy Schestowitz 13/11/2018 - 5:22pm
Story Xfce Support For "Primary Display" Output Handling Finally Being Squared Away Roy Schestowitz 13/11/2018 - 5:11pm
Story Games: Latest Titles Available for GNU/Linux Roy Schestowitz 13/11/2018 - 5:00pm
Story Graphics: Vulkan, Wayland, AMD, Mesa and Vulkan Roy Schestowitz 13/11/2018 - 4:31pm
Story Android Leftovers Rianne Schestowitz 13/11/2018 - 4:16pm
Story OpenStack expands focus beyond the IaaS cloud Rianne Schestowitz 13/11/2018 - 4:10pm
Story today's howtos Roy Schestowitz 13/11/2018 - 4:01pm
Story Qubes OS 3.2.1 has been released! Roy Schestowitz 13/11/2018 - 3:56pm
Story 4 tips for learning Golang Roy Schestowitz 13/11/2018 - 3:52pm
Story C language update puts backward compatibility first Roy Schestowitz 13/11/2018 - 3:45pm

7 reasons I love open source

Filed under
OSS

Here's why I spend so much of my time—including evenings and weekends—on GitHub, as an active member of the open source community.

I’ve worked on everything from solo projects to small collaborative group efforts to projects with hundreds of contributors. With each project, I’ve learned something new.

Read more

today's leftovers

Filed under
Misc
  • New Sailfish X support for Xperia XA2 variants and free trial

    Along with releasing Sailfish 3 to all Sailfish users today, we also introduce Sailfish X support for all Sony Xperia XA2 models, and a free trial license option. This means that now you can download and install free of charge a Sailfish X trial version for your preferred Xperia XA2 device. The full software package will be available later this year. As the trial version is free so it naturally comes with limited functions, please see the table below:

  • Chrome 71 Will Show Warning On Sites That Trick Users Into Paying A Fee

    oogle is going to crack down on websites that hide billing information that is charged on users’ monthly mobile bill. Starting with Chrome 71, Google will show a full-page warning to users who access web pages that come with deceiving mobile subscription forms.

  • PostgreSQL Updates to Address Security Issue, openSUSE Announces New Legal Review System, Gumstix Launches Board Builder Service, Creative Commons on the EU "Link Tax" and Unreal Engine 4.21 Released

    PostgreSQL 11.1 was released today. In addition, updates are available for all supported versions, including 10.6, 9.6.11, 9.5.15, 9.4.20 and 9.3.25. The updates address a security issue as well as several bugfixes, so update as soon as possible.

  • FDA Targets Patient Data With Open-Source MyStudies mHealth App

    The federal agency in charge of regulating new mHealth technology is looking to include digital health data from consumers into the mix.

    The US Food and Drug Administration has unveiled an open-source mHealth app called MyStudies “to foster the collection of real world evidence via patients’ mobile devices.” Officials say the connected health platform will improve the development of new mobile health technologies by giving developers and researchers a direct link to the patients who would be using the technology.

    “There are a lot of new ways that we can use real world evidence to help inform regulatory decisions around medical products as the collection of this data gets more widespread and reliable,” FDA Commissioner Scott Gottlieb, MD, said in a press release. “Better capture of real world data, collected from a variety of sources, has the potential to make our new drug development process more efficient, improve safety and help lower the cost of product development.”

  • Leading Open Access Supporters Ask EU To Investigate Elsevier's Alleged 'Anti-Competitive Practices'

    Most of the complaint is a detailed analysis of why academic publishing has become so dysfunctional, and is well-worth reading by anyone interested in understanding the background to open access and its struggles.

    As to what the complaint might realistically achieve, Tennant told Techdirt that there are three main possibilities. The European Commission can simply ignore it. It can respond and say that it doesn't think there is a case to answer, in which case Tennant says he will push the Commission to explain why. Finally, in the most optimistic outcome, the EU could initiate a formal investigation of Elsevier and the wider academic publishing market. Although that might seem too much to hope for, it's worth noting that the EU Competition Authority is ultimately under the Competition Commissioner, Margrethe Vestager. She has been very energetic in her pursuit of Internet giants like Google. It could certainly be a hugely significant moment for open access if she started to take an interest in Elsevier in the same way.

Debian Package Analysis and More

Filed under
Debian

Linux Foundation Consortia and Other Consortia: Cloud-Native, LF Energy, GraphQL, OpenMP and ODPi Egeria

  • Cloud-native app development: buzzword or breakthrough?

    Organizations can struggle with the term, “digital transformation.” Some find it hard to understand and difficult to define. That’s because many conversations about it inevitably focus on the unicorns--those born-of-the-web companies that have completely disrupted their industries.

  • How LF Energy plans to open source energy

    The prospects from the UN's most recent climate report are bleak. There are less than two decades until the point of no return for the planet's climate, and the leaders of major countries seem to be retracting political willingness to fix the existential threat.

    But, the roadblocks might not be as daunting as they first appear. Shuli Goodman, executive director of the newly created LF Energy group, hopes to fundamentally transform the way energy is distributed, reduce waste, and build new models that could be scaled out with an open source framework.

    [...]

    There are just fifteen transmission system operators in the world carrying 70 percent of the current, Goodman says, so if the group is able to create "resiliency and flexibility" in a "relatively rigid, centralised system" for on-boarding renewables it only needs to go after a small number of organisations.

    And there is some early interest - not least because of security. National critical systems such as electric grids were built quite some time ago - and with a proprietary model. Combine this with recent cyber attacks on national grids, such as in Ukraine, and security is a concern for operators and governments.

  • GraphQL Moving to Neutral, Open-Source Foundation
  • OpenMP 5.0 Specification Released, GCC 9.0 Lands Initial Support

    The OpenMP ARB has announced the release today of the major OpenMP 5.0 specification. OpenMP 5.0 has been three years in the making and is a big update to this parallel programming specification relative to past updates. 

    OpenMP 5.0 is intended for use from embedded and accelerators to multi-core NUMA systems. OpenMP 5.0 offers portability improvements, full support for accelerators, better NUMA handling on HPC systems, improved device constructors, and various other benefits for parallel programming on C / C++ / Fortran systems.

  • Introducing ODPi Egeria – The Industry’s First Open Metadata Standard

    Egeria is built on open standards and delivered via Apache 2.0 open source license. The Egeria project creates a set of open APIs, types and interchange protocols to allow all metadata repositories to share and exchange metadata. From this common base, it adds governance, discovery and access frameworks for automating the collection, management and use of metadata across an enterprise. The result is an enterprise catalog of data resources that are transparently assessed, governed and used in order to deliver maximum value to the enterprise.

Raptor Talos II POWER9 Benchmarks Against AMD Threadripper & Intel Core i9

Filed under
Graphics/Benchmarks

For those curious about the performance of IBM's POWER9 processors against the likes of today's AMD Threadripper and Intel Core i9 HEDT processors, here are some interesting benchmarks as we begin looking closer at the POWER9 performance on the fully open-source Raptor Talos II Secure Workstation. This open-source, secure system arrived for Linux testing with dual 22-core POWER9 CPUs to yield 176 total threads of power.

As mentioned a few days ago in the aforelinked article, Raptor Computing Systems recent sent over a Talos II system for benchmarking to deliver more frequent benchmarks from this high-end workstation/server that's fully open-source down to the motherboard firmware and BMC stack. We previously have carried out some remote benchmarks of the Talos II, but now having it in our labs allows us to more frequently conduct tests as well as swapping out the hardware, matching other test systems, and also other tests like performance-per-Watt comparisons that were not possible with the remote testing.

Read more

KDE: French Krita Book and Qt 5.12.0 Beta 4

Filed under
KDE
  • French Krita book – 2nd edition

    Last month was released the 2nd edition of my book “Dessin et peinture numérique avec Krita”. I just received a few copies, so now is time to write a little about it.

    I wrote the first edition for Krita 2.9.11, almost three years ago. A lot of things have changed, so I updated this second edition for Krita version 4.1.1, and added a few notes about some new features.

  • Qt 5.12.0 Beta4 released

    We have released Qt 5.12.0 Beta4 today. As earlier you can get it via online installer. Delta to beta3 attached.

  • Qt 5.12 Fast Approaching With The Final Beta Now Available

    The Qt Company has announced the release of Qt 5.12 Beta 4 as the final beta release for this upcoming LTS tool-kit update.

    Qt 5.12 Beta 4 is arriving just two days late, which still provides for hope of closely meeting the planned release target of Qt 5.12.0 as 29 November, but long story short this Qt tool-kit update should be shipping at the end of November or early December.

Audiocasts/Shows: Ubuntu Podcast from the UK LoCo, Linux Journal, and Red Hat's CLH

Filed under
Interviews
  • Ubuntu Podcast from the UK LoCo: S11E35 – Stranger on Route Thirty-Five

    This week we’ve been using windows Subsystem for Linux and playing with a ThinkPad P1. IBM buys RedHat, System76 announces their Thelio desktop computers, SSD encryption is busted, Fedora turns 15, IRC turns 30 and we round up the community news.

    It’s Season 11 Episode 35 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

  • Episode 6: Conferences and Community

    Katherine Druckman talks to Doc Searls about Freenode Live, conferences, and the Linux community.

  • The One About DevSecOps

    Bad security and reliability practices can lead to outages that affect millions. It's time for security to join the DevOps movement. And in a DevSecOps world, we can get creative about improving security.

    Discovering one vulnerability per month used to be the norm. Now, software development moves quickly thanks to agile processes and DevOps teams. Vincent Danen tells us how that's led to a drastic increase in what's considered a vulnerability. Jesse Robbins, the former master of disaster at Amazon, explains how companies prepare for catastrophic breakdowns and breaches. And Josh Bressers, head of product security at Elastic, looks to the future of security in tech.

Mozilla: TenFourFox Turns 8, Extensions in Firefox 64 and Happy BMO Push Day

Filed under
Moz/FF

Security: Updates, VirtualBox Zero-Day Vulnerability, Red Hat Enterprise Linux FIPS 140-2, Extended Security Maintenance

Filed under
Security
  • Security updates for Thursday
  • VirtualBox Zero-Day Vulnerability Goes Public, No Security Patch Yet Available

    A zero-day vulnerability in VirtualBox was publicly disclosed by an independent vulnerability researcher and exploit developer Sergey Zelenyuk. VirtualBox is a famous open sourced virtualization software which has been developed by Oracle. This recently discovered vulnerability can allow a malicious program to escape virtual machine and then execute code on OS of the host machine.

  • Red Hat Continues Drive for More Secure Enterprise IT, Re-Certifies Red Hat Enterprise Linux for FIPS 140-2
  • Keep legacy applications secure with Extended Security Maintenance

    Application updates come and go, often they provide your business with added value, but sometimes an update isn’t what is needed or wanted for a legacy application.

    Choosing not to update an application can cause issues. Often, that application becomes unsupported, and with security patches no longer available, it can see your business falling foul of regulatory demands, such as GDPR or security threats.

    Ubuntu LTS users have a five-year window for support, for ITstrategen, when that window came to an end on 12.04, some of ITstrategen’s customers still depended on servers running the now out of support operating system and without support, the security of those servers was at risk.

    The German hosting provider, which was founded in 2011 and supports some of Germany’s most successful businesses, uses Ubuntu as its server operating system.

FreeBSD 12.0 Faces A Minor Setback But Still Should Be Out Ahead Of Christmas

Filed under
BSD

The big FreeBSD 12.0 release still is expected to happen in December but will be a bit later than originally planned.

The FreeBSD release engineering team has decided that a fourth beta is warranted before branching the FreeBSD 12 code and moving onto the release candidate phase. There already has been a number of alpha releases and three betas, but due to a boot time issue and allowing more time for ARM/ARM64 builds to complete, a fourth beta has been penciled into the schedule.

Read more

Also: malloc.conf replaced with a sysctl

Samsung announce Linux on DeX with Ubuntu: for developers on the move

Filed under
GNU
Linux
Ubuntu
Gadgets

The Samsung Developer Conference, held this week in San Francisco, brings creators together to discover and learn about the latest technologies in Samsung’s portfolio and further afield. One of the technologies showcased, following the initial demo in 2017, is Samsung’s Linux on DeX. Samsung DeX, launched last year, lets users of Samsung flagship Galaxy devices enjoy apps on a bigger screen for a better viewing experience, whether watching films, playing games or just browsing the web.

This year, Samsung is announcing the beta launch of Linux on DeX which extends the value of Samsung DeX to Linux developers. Linux on DeX empowers developers to build apps within a Linux development environment by connecting their Galaxy device to a larger screen for a PC-like experience.

Read more

Also: Ubuntu Linux On Samsung Galaxy Devices Finally Reaches Beta (Samsung DeX)

Fedora 29 Released – Here’s What’s New

Filed under
Red Hat

Fedora 29 will hide the GRUB menu when running in a system with single OS. Fedora project feels that when you have only OS, it is not needed to have GRUB menu and it is useless in this use case.

Read more

Also: Ubuntu 19.04 – Release Date, Features & More Recently updated!

Containers: Docker Enterprise 2.1 and VMware Acquiring Heptio (for Kubernetes)

Filed under
Server
  • Docker Enterprise 2.1 Accelerates Application Migration to Containers

    Docker Inc. announced the release of Docker Enterprise 2.1 on Nov. 8, providing new features and services for containers running on both Windows and Linux servers.

    Among the capabilities that Docker is highlighting is the ability to migrate legacy applications, specifically Windows Server 2008, into containers, in an attempt to help with the challenge of end-of-life support issues. The release also provides enterprises with the new Docker Application Convertor, which identifies applications on Windows and Linux systems and then enables organizations to easily convert them into containerized applications. In addition, Docker is boosting security in the new release, with support for FIPS 140-2 (Federal Information Processing Standards) and SAML (Security Assertion Markup Language) 2.0 authentication.

    "We've added support for additional versions of Windows Server, and we're the only container platform that actually supports Windows Server today," Banjot Chanana, vice president of product at Docker Inc., told eWEEK. "All in all, this really puts Windows containers at parity with Linux counterparts."

  • Why VMware Is Acquiring Heptio and Going All In for Kubernetes

    VMware is the company that did more than perhaps any other to help usher in the era of enterprise server virtualization that has been the cornerstone of the last decade of computing. Now VMware once again is positioning itself to be a leader, this time in the emerging world of Kubernetes-based, cloud-native application infrastructure.

    On Nov. 6, VMware announced that it is acquiring privately held Kubernetes startup Heptio, in a deal that could help further cement VMware's position as a cloud-native leader. Heptio was launched in 2016 by the co-founders of Kubernetes, Craig McLuckie and Joe Beda, in an effort to make Kubernetes more friendly to use for enterprises. Financial terms of the deal have not been publicly disclosed, though Heptio has raised $33.5 million in venture funding.

    VMware's acquisition of Heptio comes a week after IBM announced its massive $34 billion deal for Red Hat. While Heptio is a small startup, the core of what IBM was after in Red Hat is similar to what VMware is seeking with Heptio, namely a leg up in the Kubernetes space to enable the next generation of the cloud.

  • The Kubernetes World: VMware Acquires Heptio

    One week ago, a one hundred and seven year old technology company bet its future, at least in part, on an open source project that turned four this past June. It shouldn’t come as a total surprise, therefore, that a twenty year old six hundred pound gorilla of virtualization paid a premium for one of the best regarded collections of talent of that same open source project, the fact that containers are disruptive to classic virtualization notwithstanding.

    But just because it shouldn’t come as a surprise in a rapidly consolidating and Kubernetes obsessed market doesn’t mean the rationale or the implications are immediately obvious. To explore the questions of why VMware paid an undisclosed but reportedly substantial sum for Heptio, then, let’s examine what it means for the market, for Heptio and for VMware in order.

Copyleft Licensing: GPL Initiative, Free Software Directory, FSF Policy on 'Commons Clause' etc.

Filed under
GNU
  • GPL Initiative Expands with 16 Additional Companies Joining Campaign for Greater Predictability in Open Source Licensing

    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Adobe, Alibaba, Amadeus, Ant Financial, Atlassian, Atos, AT&T, Bandwidth, Etsy, GitHub, Hitachi, NVIDIA, Oath, Renesas, Tencent, and Twitter have joined an ongoing industry effort to combat harsh tactics in open source license enforcement by adopting the GPL Cooperation Commitment. By making this commitment, these 16 corporate leaders are strengthening long-standing community norms of fairness, pragmatism, and predictability in open source license compliance.

  • The completion of David's internship work on the Free Software Directory

    One of the main projects of my internship has been importing information about free software extensions for Mozilla-based browsers on the Free Software Directory based on data from addons.mozilla.org. I call this project FreeAMO (AMO stands for addons.mozilla.org) and it exists as part of the directory package on Savannah. After many weeks of work, it generates usable directory entries. In the same project is a script to import entries from the Debian package repository. I also fixed bugs in that script, and got it to a usable state. However, before importing entries to the Directory, we want to solve one remaining issue: making it so we can import the data automatically on a regular basis, but also allow users to edit parts of the imported entry. I hope to complete this work sometime after my internship is done.

    [...]

    There are still packages with nonstandard license names that need to be evaluated one by one. One common issue is explained in the article For Clarity's Sake, Please Don't Say “Licensed under GNU GPL 2”! When people tell you a program is released “under GNU GPL version 2,” they are leaving the licensing of the program unclear. Is it released under GPL-2.0-only, or GPL-2.0-or-later? Can you merge the code with packages released under GPL-3.0-or-later?

    Unfortunately, Mozilla is contributing to this problem because when someone uploads an addon package to addons.mozilla.org, they are asked to specify which license the package is under by selecting from a drop-down list of licenses. Then that name is displayed on addons.mozilla.org. However, the GPL license options are ambiguous and don't specify "only" and "or-later." To accurately specify the license, uploaders should choose "Custom License" and then mention the correct license in the description field. We hope Mozilla will change this, but since the Directory only lists free addons, and anyone can improve the Directory, we encourage people to use it instead of addons.mozilla.org.

  • Recent licensing updates

    We added the Commons Clause to our list of nonfree licenses. Not a stand-alone license in and of itself, it is meant to be added to an existing free license to prevent using the work commercially, rendering the work nonfree. It's particularly nasty given that the name, and the fact that it is attached to pre-existing free licenses, may make it seem as if the work is still free software.

    If a previously existing project that was under a free license adds the Commons Clause, users should work to fork that program and continue using it under the free license. If it isn't worth forking, users should simply avoid the package. We are glad to see that in the case of Redis modules using the Commons Clause, people are stepping up to maintain free versions.

Programming: Rust 1.30.1, Solid, Schools and GSoC

Filed under
Development
  • Announcing Rust 1.30.1

    The Rust team is happy to announce a new version of Rust, 1.30.1. Rust is a systems programming language focused on safety, speed, and concurrency.

  • What is developer efficiency and velocity?

    As I previously mentioned I am currently in the information gathering phase for improvements to desktop Firefox developer efficiency and velocity. While many view developer efficiency and velocity as the same thing–and indeed they are often correlated–it is useful to discuss how they are different.

    I like to think of developer velocity as the rate at which a unit of work is completed. Developer efficiency is the amount of effort required to complete a unit of work.

    If one were to think of the total development output as revenue, improvements to velocity would improve the top-line and improvements to efficiency would improve the bottom-line.

  • Solid: a new way to handle data on the web

    The development of the web was a huge "sea change" in the history of the internet. The web is what brought the masses to this huge worldwide network—for good or ill. It is unlikely that Tim Berners-Lee foresaw all of that when he came up with HTTP and HTML as part of his work at CERN, but he has been in a prime spot to watch the web unfold since 1989. His latest project, Solid, is meant to allow users to claim authority over the personal data that they provide to various internet giants.

    Berners-Lee announced Solid in a post on Medium in late September. In it, he noted that despite "all the good we've achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas". Part of what he is decrying is enabled by the position of power held by companies that essentially use the data they gather in ways that run directly counter to the interests of those they gather it from. "Solid is how we evolve the web in order to restore balance — by giving every one of us complete control over data, personal or not, in a revolutionary way."

    Users' data will be stored in a Solid "pod" (sometimes "personal online data store" or POD) that can reside anywhere on the internet. Since Solid deliberately sets out to build on the existing web, it should not be a surprise that URLs, along with Uniform Resource Identifiers (URIs), are used to identify pods and specific objects within them. Pods also provide one place for businesses, including Inrupt, which was co-founded by Berners-Lee, to provide services for Solid. As he noted in his post, people are willing to pay companies like Dropbox for storage; hosting Solid pods would be a similar opportunity for Inrupt and others.

  • Should a programming course be mandatory for high school students?

    But further, understanding at least the basics of programming is important to being able to fully reap the benefits of open source. Having the code available to review, edit, and share under an open license is important, but can you really make use of the full power of an open license if you're locked in by your own inability to make the changes you wish to make?

  • A Summer Of Code Question

    This is a lightly edited response to a question we got on IRC about how to best apply to participate in Google’s “Summer Of Code” program. this isn’t company policy, but I’ve been the one turning the crank on our GSOC application process for the last while, so maybe it counts as helpful guidance.

    We’re going to apply as an organization to participate in GSOC 2019, but that process hasn’t started yet. This year it kicked off in the first week of January, and I expect about the same in 2019.

    You’re welcome to apply to multiple positions, but I strongly recommend that each application be a focused effort; if you send the same generic application to all of them it’s likely they’ll all be disregarded. I recognize that this seems unfair, but we get a tidal wave of redundant applications for any position we open, so we have to filter them aggressively.

    Successful GSOC applicants generally come in two varieties – people who put forward a strong application to work on projects that we’ve proposed, and people that have put together their own GSOC proposal in collaboration with one or more of our engineers.

Got a Screwdriver? GalliumOS Can Turn Chromebooks Into Linux Boxes

Filed under
GNU
Linux
Google

GalliumOS is a Chromebook-specific Linux variant. It lets you put a real Linux distro on a Chromebook.

My recent review of a new Chromebook feature -- the ability to run Linux apps on some Chromebook models -- sparked my interest in other technologies that run complete Linux distros on some Chromebooks without using ChromeOS.

GalliumOS is not a perfect solution. It requires making a physical adjustment inside the hardware and flashing new firmware before the GalliumOS installation ISO will boot. However, it can be a handy workaround if your Chromebook does not support Linux apps and/or Android apps.

If you follow directions explicitly and can wield a screwdriver to remove the bottom panel, GalliumOS is an ingenious Linux distro that can give you the best of two computing worlds. You can install it as a fully functional replacement for the ChromeOS on a compatible Chromebook. You can install it as a dual boot to give you both ChromeOS and a complete Linux distro on one lightweight portable computer.

Read more

How To Install Kali Linux Tools In Ubuntu

Filed under
Linux

Today I am going to do a quick demonstration of how to easily install a suite of security testing tools from Kali Linux onto a Ubuntu machine. For a bit of background information, Kali Linux is a distribution derived from Debian. Its sole purpose is to provide a suite of tools for penetration testing (pentesting) and forensics. It is provided by Offensive Security, an organization dedicated to providing security training. There is a very long list of tools available for Kali. Such tools include (but are not limited to) forensics, vulnerability checks, access checks, and stress testing.

Read<br />
more

Syndicate content

More in Tux Machines

Qt/KDE: Qt for Python, Inkscape Dark Theme on KDE Plasma, Atelier at Maker Faire and QtCon 2018!

  • Python and Qt: 3,000 hours of developer insight
    With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences. [...] The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds. I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said. After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.
  • Inkscape Dark Theme on KDE Plasma
    On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.
  • Atelier at Maker Faire and QtCon 2018!
    On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

Security: Updates, Systematic Evaluation of Transient Execution Attacks and Defenses, New IoT Security Regulations and GPU Side-Channel Attacks

  • Security updates for Thursday
  • A Systematic Evaluation of Transient Execution Attacks and Defenses

    [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

  • New IoT Security Regulations
    Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet. But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.
  • University Researchers Publish Paper On GPU Side-Channel Attacks
    University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown. With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

VirtualBox 6.0 Beta 2

  • Announcement: VirtualBox 6.0 Beta 2 released
    Please do NOT use this VirtualBox Beta release on production machines! A VirtualBox Beta release should be considered a bleeding-edge release meant for early evaluation and testing purposes. You can download the binaries here: http://download.virtualbox.org/virtualbox/6.0.0_BETA2 Please do NOT open bug reports at our public bugtracker but use our VirtualBox Beta Feedback forum at https://forums.virtualbox.org/viewforum.php?f=15 to report any problems with the Beta. Please concentrate on reporting regressions since VirtualBox 5.2! Version 6.0 will be a new major release. Please see the forum at https://forums.virtualbox.org/viewtopic.php?f=15&t=90315 for an incomplete list of changes. Thanks for your help! Michael
  • VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder
    Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features. VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more