Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 18 Oct 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

today's leftovers

Filed under
Misc
  • Linux-Focused Penguin Computing Banking On AI Infrastructure
  • Spinnaker: The Kubernetes of Continuous Delivery

    Comparing Spinnaker and Kubernetes in this way is somewhat unfair to both projects. The scale, scope, and magnitude of these technologies are different, but parallels can still be drawn.

    Just like Kubernetes, Spinnaker is a technology that is battle tested, with Netflix using Spinnaker internally for continuous delivery. Like Kubernetes, Spinnaker is backed by some of the biggest names in the industry, which helps breed confidence among users. Most importantly, though, both projects are open source, designed to build a diverse and inclusive ecosystem around them.

  • Tracktion 7 – A Full Featured Digital Audio Workstation for Music Creators [Ed: When "free, cross-platform" is just a marketing term for proprietary software with a restrictive licence]

    FossMint has covered software for audio creation and manipulation in the past (e.g. Ardour and Audacity) and we even covered Operating Systems created with media creation in focus (e.g Ubuntu Studio and AV Linux).

    Today, we bring you an amazing tool for professional use that anybody with an interest in music creation and time can easily make use of. It goes by the name of Tracktion 7.

    Tracktion 7 is a free, cross-platform, DAW (Digital Audio Workstation) for music creators of all classes. It features an equalizer, input, waveform, level, pan, and plugins which are all displayed left-to-right in an intuitive single-screen interface.

    Its users have access to an unlimited number of audio and MIDI tracks coupled with tools to facilitate easier music composing, recording, mixing, and sharing processes.

  • KDE Bugsquad – Konsole Bug Day on October 20th, 2018

    We will be holding a Bug Day on October 20th, 2018, focusing on Konsole. Join at any time, the event will be occurring all day long!

    This is a great opportunity for anyone, especially non-developers to get involved!

  • KDE Plasma5 for Slackware – october ’18 batch

    Today the Plasma developer team released Plasma 5.14.1 which was what I was waiting for. I was a bit hesitant to add a major new release (5.14.0) to my monthly refresh for Slackware and opted for this point release.

    And now “KDE-5_18.10” has been uploaded to the ‘ktown‘ repository. Again I was able to offer a full set of updates.

    What’s new

    The October release of KDE Plasma5 for Slackware contains the KDE Frameworks 5.51.0, Plasma 5.14.1 and Applications 18.08.2. All this on top of Qt 5.11.2 which was updated inbetween the two monthly ‘ktown’ releases.
    There were two updates in the ‘extras’ section for Applications: new versions for ‘krita’ and ‘okteta”. The ‘deps’ section saw some changes as well: ‘PyQt5’ was updated to work properly with Qt 5.11.2, a newer version of ‘sip’ had to be added for that same reason – it replaces the somewhat older Slackware package. And a new package ‘python-enum34’ package had to be added, it is a dependency for the Python2 support in PyQt5.

  • How to accelerate your digital transformation with open source technologies

    Businesses worldwide are on track to spend $1.1 Trillion on Digital Transformation in 2018 according to IDC. Executives tasked with driving transformation have to balance funding innovation initiatives with keeping the lights on. Maintaining existing infrastructure is necessary but when much of the budget is used to maintain the status quo, transformation efforts slow down to a crawl. New competitors disrupting established companies are not saddled with the burden of maintaining legacy infrastructure. They can innovate faster, using new business models and technologies like Cloud Computing, Artificial Intelligence, industrial IoT, and Real Time Analytics. What do all these technologies have in common? The foundation for these transformational technologies is open source software.

  • Shutter Removed From Ubuntu 18.10 And Debian Unstable, New PPA Available

    The popular screenshot tool, which uses Gtk2 and Perl, was one of the very few packages that blocked Debian (and Ubuntu) from removing the obsolete libgnome2-perl and libgnome2-vfs-perl from the repository archive. Since Shutter doesn't work without these packages, it was removed from the Debian Unstable and Ubuntu 18.10 repositories.

  •  

  • La Frite Linux Mini Computer Looks Like An Ultra-affordable Raspberry Pi Alternative

    Raspberry Pi has been able to inspire a wide range of open source Linux computer boards. Some of the notable names include Orange Pi, Asus Tinker Board, Banana Pi, etc. Also, from time-to-time, new and promising projects keep appearing on Kickstarter and Indiegogo that promise to provide a better value at lower cost.

    Just recently, I came across a similar project that goes by the name La Frite. This open source mini computer is available for backing and it aims to ship in November. The project has already crossed its $10,000 aim.

  • The New Kindle Paperwhite is Waterproof, Still Affordable [Ed: These run Linux, but Bezos uses these to remotely delete your books...]
  • The new Kindle Paperwhite is thinner and waterproof

    The Voyage may be dead, but the Kindle line still has some life left in it. This time last year, Amazon upgraded the high-end Oasis model, and now the mid-range Paperwhite is getting a little love.The workhorse of the company’s devoted e-reader line just got a handful of upgrades that will give users a more premium experience, while keeping the device’s starting price at $130.

OSS Leftovers

Filed under
OSS
  • We already have nice things, and other reasons not to write in-house ops tools

    When I was an ops consultant, I had the "great fortune" of seeing the dark underbelly of many companies in a relatively short period of time. Such fortune was exceptionally pronounced on one client engagement where I became the maintainer of an in-house deployment tool that had bloated to touch nearly every piece of infrastructure—despite lacking documentation and testing. Dismayed at the impossible task of maintaining this beast while tackling the real work of improving the product, I began reviewing my old client projects and probing my ops community for their strategies. What I found was an epidemic of "not invented here" (NIH) syndrome and a lack of collaboration with the broader community.

  • Open Source Program Benefits Survey Results

    There are many organizations out there, from companies like Red Hat to internet scale giants like Google and Facebook that have established an open source programs office (OSPO). The TODO Group, a network of open source program managers, recently performed the first ever annual survey of corporate open source programs and revealed some interesting findings on the actual benefits of open source programs.

  • LLVM Still Proceeding With Their Code Relicensing

    It's been three years since the original draft proposal for relicensing the LLVM compiler code was sent out and while there hasn't been a lot to report on recently about the effort, they are making progress and proceeding.

    Since 2015 LLVM developers have been discussing relicensing to an Apache 2.0 license to help motivate new contributors, protect users of LLVM code, better protect existing contributors, ensure that LLVM run-time libraries can be used by both other open-source and proprietary compilers.

  • Automating upstream releases with release-bot

    Good news: We have developed a tool called release-bot that automates the process. All you need to do is file an issue into your upstream repository and release-bot takes care of the rest. But let’s not get ahead of ourselves. First, let’s look at what needs to be set up for this automation to happen. I’ve chosen the meta-test-family upstream repository as an example.

Security: Facebook, GNU Binutils and Epson/HP

Filed under
Security
  • What To Do If Your Account Was Caught in the Facebook Breach

    Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

    30 Million Accounts Affected

    The number of users whose access tokens were stolen is lower than Facebook originally estimated. When Facebook first announced this incident, it stated that attackers may have been able to steal access tokens—digital “keys” that control your login information and keep you logged in—from 50 to 90 million accounts. Since then, further investigation has revised that number down to 30 million accounts.

    The attackers were able to access an incredibly broad array of information from those accounts. The 30 million compromised accounts fall into three main categories. For 15 million users, attackers access names and phone numbers, emails, or both (depending on what people had listed).

  • GNU Binutils read_reloc Function Denial of Service Vulnerability [CVE-2018-18309]
  • Security Updates Are Even Breaking Your Printer (On Purpose)

    Printer manufacturers hate third-party ink cartridges. They want you buying the expensive, official ones. Epson and HP have issued sneaky “updates” that break these cheaper cartridges, forcing you to buy the expensive ones.

    HP pioneered this technique back in 2016, rolling out a “security update” to its OfficeJet and OfficeJet Pro printers that activated a helpful new feature—helpful for HP’s bottom line, at least. Now, before printing, the printer would verify you’re using new HP ink cartridges. If you’re using a competitor’s ink cartridge or a refilled HP ink cartridge, printing would stop. After some flaming in the press, HP sort-of apologized, but not really.

Kernel: Keeping Control in the Hands of the User and KUnit

Filed under
Linux
  • Keeping Control in the Hands of the User

    Various efforts always are underway to implement Secure Boot and to add features that will allow vendors to lock users out of controlling their own systems. In that scenario, users would look helplessly on while their systems refused to boot any kernels but those controlled by the vendors.

    The vendors' motivation is clear—if they control the kernel, they can then stream media on that computer without risking copyright infringement by the user. If the vendor doesn't control the system, the user might always have some secret piece of software ready to catch and store any streamed media that could then be shared with others who would not pay the media company for the privilege.

    Recently, Chen Yu and other developers tried to submit patches to enhance Secure Boot so that when the user hibernated the system, the kernel itself would encrypt its running image. This would appear to be completely unnecessary, since as Pavel Machek pointed out, there is already uswsusp (userspace software suspend), which encrypts the running image before suspending the system. As Pavel said, the only difference was that uswusp ran in userspace and not kernel space.

  • Google Engineer Proposes KUnit As New Linux Kernel Unit Testing Framework

    Google engineer Brendan Higgins sent out an experimental set of 31 patches today introducing KUnit as a new Linux kernel unit testing framework to help preserve and improve the quality of the kernel's code.

    KUnit is a unit testing framework designed for the Linux kernel and inspired by the well known JUnit as well as Googletest and other existing unit testing frameworks for designing unit tests and related functionality.

DragonFlyBSD Continues Squeezing More Performance Out Of AMD's Threadripper 2990WX

Filed under
Graphics/Benchmarks

DragonFlyBSD 5.4 should be a really great release if you are a BSD user and have an AMD Threadripper 2 box, particularly the flagship Threadripper 2990WX 32-core / 64-thread processor.

The project leader of this long ago fork from FreeBSD, Matthew Dillon, has been quite outspoken about the Threadripper 2990WX since he purchased one earlier this summer. This prolific BSD developer has been praising the performance out of the Threadripper 2990WX since he got the system working on the current DragonFlyBSD 5.3 development builds.

Since getting DragonFlyBSD running on the Threadripper 2 hardware in August, he's routinely been making performance tuning optimizations to DragonFly's kernel to benefit the 2990WX given its NUMA design.

Read more

Arm Launches Mbed Linux and Extends Pelion IoT Service

Filed under
Linux

Politics and international relations may be fraught with acrimony these days, but the tech world seems a bit friendlier of late. Last week Microsoft joined the Open Invention Network and agreed to grant a royalty-free, unrestricted license of its 60,000-patent portfolio to other OIN members, thereby enabling Android and Linux device manufacturers to avoid exorbitant patent payments. This week, Arm and Intel kept up the happy talk by agreeing to a partnership involving IoT device provisioning.

Arm’s recently announced Pelion IoT Platform will align with Intel’s Secure Device Onboard (SDO) provisioning technology to make it easier for IoT vendors and customers to onboard both x86 and Arm-based devices using a common Peleon platform. Arm also announced Pelion related partnerships with myDevices and Arduino (see farther below).

Read more

Programming: Version Control With Git, 5 Things Your Team Should Do to Make Pull Requests Less Painful and More GitHub Workflow Automation

Filed under
Development
  • How to Use Git Version Control System in Linux [Comprehensive Guide]

    Version Control (revision control or source control) is a way of recording changes to a file or collection of files over time so that you can recall specific versions later. A version control system (or VCS in short) is a tool that records changes to files on a filesystem.

    There are many version control systems out there, but Git is currently the most popular and frequently used, especially for source code management. Version control can actually be used for nearly any type of file on a computer, not only source code.

  • 5 Things Your Team Should Do to Make Pull Requests Less Painful

    A user story is a short description of a unit of work that needs doing. It’s normally told from the perspective of the user, hence the name. The journey towards a good pull request starts with a well-written user story. It should be scoped to a single thing that a user can do in the system being built.

  • More GitHub workflow automation

    The more you use computers, the more you see the potentials for automating everything. Who doesn't love that? By building Mergify those last months, we've decided it was time bring more automation to the development workflow.

today's howtos

Filed under
HowTos

Games: Cultist Simulator, Planetary Annihilation: TITANS, CrossOver 18, Updated Proton 3.16 Beta, Descenders, Bridge Constructor Portal, Train Valley 2, Sipho

Filed under
Gaming

Security: Stamos, E-mail and RAT Arrest

Filed under
Security

Browsing the web with Min, a minimalist open source web browser

Filed under
OSS
Web

Does the world need another web browser? Even though the days of having a multiplicity of browsers to choose from are long gone, there still are folks out there developing new applications that help us use the web.

One of those new-fangled browsers is Min. As its name suggests (well, suggests to me, anyway), Min is a minimalist browser. That doesn't mean it's deficient in any significant way, and its open source, Apache 2.0 license piques my interest.

Read more

Security: Patches, FUD and Voting Machines

Filed under
Security
  • libssh 0.8.4 and 0.7.6 security and bugfix release

    libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

  • A Cybersecurity Weak Link: Linux and IoT [Ed: Blaming "Linux" for companies that put default passwords on all their products? Windows has back doors.]
  • Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

    But University of Michigan grad student Matt Bernhard has demonstrated that he can bypass the tamper-evident seals in seconds, using a shim made from a slice of a soda can. The bypass is undetectable and doesn't damage the seal, which can be resecured after an attacker gains access to the system.

  • Security Seals Used to Protect Voting Machines Can Be Easily Opened With Shim Crafted from a Soda Can

    Bernhard, who is an expert witness for election integrity activists in a lawsuit filed in Georgia to force officials to get rid of paperless voting machines used in that state, said the issue of security ties and seals came up in the lawsuit earlier this year when Fulton County Elections Director Richard Barron told the court that his Georgia county relies on tamper-evident metal and plastic ties to seal voting machines and prevent anyone with physical access to the machines from subverting them while they sit in polling places days before an election.

    [...]

    He noted that defeating ties and seals in non-tamper-evident ways isn’t the only method to wreak havoc on an election in Michigan. The state has a unique law that prohibits ballots from being used in a recount if the number of voters doesn't match the number of ballots cast at a precinct or if the seal on a ballot box is broken or has a different serial number than what it should have. Someone who wanted to wreak havoc on an election or alter an election outcome in Michigan could purposely tamper with ballot box seals in a way that is evident or simply replace them with a seal bearing a different serial number in order to get ballots excluded from a recount. The law came into sharp relief after the 2016 presidential election when Green Party candidate Jill Stein sought to get a statewide recount in Michigan and two other critical swing states and found that some precincts in Wayne County couldn't be recounted because the number of voters who signed the poll books—which get certified with a seal signed by officials—didn't match the number of ballots scanned on the voting machines.

OSS: Hedera Hashgraph, Service Providers, and Renaming the Bro Project

Filed under
OSS
  • Hedera Hashgraph Distributed Ledger Technology Shares New Open-Source SDK [Ed: Hedera needs to delete GitHub, however, as the new head of GitHub killed Java projects like Hedera's]

    Hedera Hashgraph, one of the DApp facilitators within the blockchain industry recently announced that it has released its Software Development Kit (SDK) in Java.

  • Service Providers Should Adapt to Open Source World

    Finding differing opinions on open source with the telecom industry isn't hard to do, especially where orchestration is concerned. That's why a panel discussion on open source and MANO at the Light Reading NFV-Carrier SDN event in Denver seemed an odd place to find such outspoken agreement on that topic, but there it was.

    Four smart guys, none shy with their opinions, all seemed to agree on key points around open source, the need for standards, the role of vendors and the lack of internal software skills. But they also agreed that telecom service providers are struggling a bit to understand how to proceed in an open source world and still need some fundamental internal changes.

  • Renaming the Bro Project

    More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now the name "Bro" is alas much more of a distraction than a reminder.

    On the Leadership Team of the Bro Project, we heard clear concerns from the Bro community that the name "Bro" has taken on strongly negative connotations, such as "Bro culture". These send a sharp, anti-inclusive - and wholly unintended and undesirable - message to those who might use Bro. The problems were significant enough that during BroCon community sessions, several people have mentioned substantial difficulties in getting their upper management to even consider using open-source software with such a seemingly ill-chosen, off-putting name.

Back End: Apache Kafka, 'Serverless'

Filed under
Server
OSS

Microsoft Lies and Openwashing

Filed under
Microsoft
OSS

Red Hat Leftovers

Filed under
Red Hat

Why MX Linux Is the Windows Alternative You’ve Been Waiting For

Filed under
GNU
Linux

If you’re looking for a Windows alternative but have shied away from Linux, MX Linux may be the solution you’ve been waiting for.

Linux distributions have always held promise for Windows users to migrate away from an expensive OS. Even Windows 10 has enough quirks and issues that a truly robust and functional Linux alternative could easily entice longtime Windows users to switch.

Let’s take a closer look at MX Linux from the perspective of a longtime Windows user.

Read more

Syndicate content

More in Tux Machines

OSS Leftover

  • How an affordable open source eye tracker is helping thousands communicate
    In 2015, while sat in a meeting at his full-time job, Julius Sweetland posted to Reddit about a project he had quietly been working on for years, that would help people with motor neurone disease communicate using just their eyes and an application. He forgot about the post for a couple of hours before friends messaged him to say he'd made the front page. Now three years on Optikey, the open source eye-tracking communication tool, is being used by thousands of people, largely through word of mouth recommendations. Sweetland was speaking at GitHub Universe at the Palace of Fine Art in San Francisco, and he took some time to speak with Techworld about the project. [...] Originally, Sweetland's exposure to open source had largely been through the consumption of tools such as the GIMP. "I knew of the concept, I didn't really know how the nuts and bolts worked, I was always a little blase about how do you make money from something like that... but flipping it around again I'm still coming from the point of view that there's no money in my product, so I still don't understand how people make money in open source...
  • Fission open source serverless framework gets updated
    Platform9 just released updates to Fission.io - the open source, Kubernetes-native Serverless framework, with new features enabling developers and IT Operations to improve the quality and reliability of serverless applications. Other new features include Automated Canary Deployments to reduce the risk of failed releases, Prometheus integration for automated monitoring and alerts, and fine-grained cost and performance optimization capabilities. With this latest release, Fission offers the most complete set of features to allow Dev and Ops teams to safely adopt Serverless and benefit from the speed, cost savings and scalability of this cloud native development pattern on any environment - either in the public cloud or on-premises.
  • Alphabet’s DeepMind open-sources key building blocks from its AI projects
  • United States: It's Ten O'Clock: Do You Know Where Your Software Developers Are? [Ed: Smith Gambrell & Russell LLP are liars. Dana Hustins says FSF "purport to convert others' proprietary software into open source software" in there. They paint GPL as a conspiracy of some kind to entrap proprietary s/w developers.]
  • Transatomic Power To Open Source IP Regarding Advanced Molten Salt Reactors [Ed: There's no such thing as "IP", Duane Morris LLP. There are copyrights, trademarks, patents etc. and Transatomic basically made code free.]
  • Code Review--an Excerpt from VM Brasseur's New Book Forge Your Future with Open Source
    Even new programmers can provide a lot of value with their code reviews. You don't have to be a Rockstar Ninja 10x Unicorn Diva programmer with years and years of experience to have valuable insights. In fact, you don't even have to be a programmer at all. You just have to be knowledgable enough to spot patterns. While you won't be able to do a complete review without programming knowledge, you may still spot things that could use some work or clarification. If you're not a Rockstar Ninja 10x Unicorn Diva programmer, not only is your code review feedback still valuable, but you can also learn a great deal in the process: Code layout, programming style, domain knowledge, best practices, neat little programming tricks you'd not have seen otherwise, and sometimes antipatterns (or "how not to do things"). So don't let the fact that you're unfamiliar with the code, the project, or the language hold you back from reviewing code contributions. Give it a go and see what there is to learn and discover.

Security Leftovers

Android Leftovers

Ubuntu 18.10 (Cosmic Cuttlefish) Is Now Available to Download

After six months in development, Ubuntu 18.10 (Cosmic Cuttlefish) is now finally here, and you can download the ISO images right now for all official flavors, including Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu Budgie, Ubuntu Kylin, and Ubuntu Studio, for 64-bit and 32-bit architectures (only Lubuntu and Xubuntu). The Ubuntu Server edition is also out and it's supported on more hardware architectures than Ubuntu Desktop, including 64-bit (amd64), ARM64 (AArch64), IBM System z (s390x), PPC64el (Power PC 64-bit Little Endian), and Raspberry Pi 2/ARMhf. A live Ubuntu Server flavor is also available only for 64-bit computers. Read more Also: Ubuntu Linux 18.10 arrives