Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 24 May 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Security Leftovers

Filed under
Security
  • Security updates for Wednesday
  • Illumos-Powered OmniOS Gets Updated Against MDS / ZombieLoad Vulnerabilities

    While it was just earlier this month that the OpenSolaris/Illumos-based OmniOS saw a big LTS release, it's already been succeeded by a new release given the recent Intel MDS / Zombieload CPU vulnerabilities coming to light.

    There are new spins of OmniOS for all supported releases. These new OmniOS Community Edition releases mitigate against the Multiarchitectural Data Sampling (MDS) vulnerabilities and also bundle in the updated Intel CPU microcode.

  • Hackers Hack A Forum For Hacked Accounts: Here’s How

    A group of hackers failed to deploy security mechanisms to secure the storage where they store hacked accounts and another hacker group hacked it.

    The story is indeed funny and real. Infamous forum named OGUSERS which is popular amongst hackers for obtaining “OG” Instagram, Twitter usernames, hacked accounts of Domino’s Pizza, Steam, PlayStation Network, and other online accounts was hacked by a hacker group and its data was published in another hacker forum.

  • Security Announcement: Disabling SMT by default on affected Intel processors

    This is an important announcement with an upcoming change in the next Core Update of IPFire.

    Because of the recent vulnerabilities in Intel processors, the IPFire team has decided, that - to keep systems as secure as possible - Simultaneous Multi-Processing (SMT) is automatically disabled if the processor is vulnerable to one of the attacks.

    SMT is also called Intel(R) Hyper-Threading Technology and simulates more virtual cores than the system has. This allows to perform faster processing when applications benefit from it. Unfortunately with networking, we benefit from that. Therefore the effect of disabling SMT will be a very signifiant performance impact of around 30% or more. Applications that will be affected in IPFire are the firewall throughput itself as well as other CPU and memory-bound tasks like the web proxy and the Intrusion Prevention System. On systems that are not vulnerable for this attack, SMT is being left enabled. If you still want to disable it, please do so in the BIOS of your firewall.

Red Hat and the rise of RHEL

Filed under
Red Hat

If the success of the open source company Red Hat can be ascribed to one thing, it's the Enterprise Linux operating system that it releases

The company recently unveiled the general release of the latest version, RHEL 8, and it serves as a bellwether for how software development has changed over the years.

Developers are now shouldering more operational responsibilities, which is largely due to the rise in the use of containers. This enables teams to use microservices to build applications. With RHEL 8, Red Hat has also placed container tools such as Buildah, Podman and Skopea directly into the operating system.

Read more

Red Hat, Fedora and SUSE/OpenStack

Filed under
Red Hat
Server
SUSE
  • Rook-Ceph storage Operator now on OperatorHub.io

    We are excited to announce the addition of the Rook-Ceph storage Operator to OperatorHub.io. Operators are design patterns that augment and implement common day one and day two activities with Kubernetes clusters, simplifying application deployments and empowering developers to focus on creation versus remediation. The Rook-Ceph Operator is an upstream effort that Red Hat is leading and is using as part of its work towards Red Hat OpenShift Container Storage 4.

    Developing and deploying cloud-native applications at scale can be complex and challenging. The new Rook-Ceph storage Operator is designed to automate the packaging, deployment, management, upgrading, and scaling of Ceph clusters that provide persistent storage to stateful applications as well as infrastructure services (logging, metrics, registry) in Kubernetes clusters. The release of Rook’s Ceph Operator augments Kubernetes scheduling with a complement of stateful storage services including block, filesystem and object storage.

  • Red Hat Satellite 6.4.3 has been released

    Red Hat Satellite 6.4.3 is generally available. The main drivers for the 6.4.3 release are a Request for Feature Enhancement (RFE) for capsule syncing control as well as general stability fixes.

    The capsule syncing control feature enables the user to have control over when capsule syncs occur. Traditionally the capsule sync occurs automatically after a content view is updated, but some customers may want more granular control over when the synchronization occurs. Satellite 6.4.3 introduces a new setting in Administer —> Settings —> Content —> Sync Capsules after Content View promotion.

  • Contributors are Empowered When They Know the Process

    There is a saying in the legal profession that you should never ask a question you don’t already know the answer to. Despite how this sounds, it is actually a rule most people follow in life. This is the source of that feeling you get when you’re too scared to raise your hand and ask a question. In Open Source we need to make sure that contributors feel like they already “know” the answers, so they will feel confident in making the request.

    As a university lecturer, I always encouraged my students to first think about what they thought the answer was and then ask the question. In some cases, I encouraged them to actually write down what they thought the answer was. In this way, they could judge both their skills and their ability to grow based on what the answer turned out to be. It created an additional feedback loop.

  • Alisha and Shraddha: Positive feedback loops in Fedora

    This post is the second introduction to the Fedora Summer Coding interns Class of Summer 2019. In this interview, we’ll meet Alisha Mohanty and Shraddha Agrawal, who are both working on Fedora Happiness Packets to promote positive feedback loops in the Fedora community.

  • The OpenStack User Survey is now open

    The 2019 OpenStack User Survey is now open and waiting for your input. Whether you’re a user of OpenStack, or an operator utilising it to power your offerings, the OpenStack Foundation (and the rest of the community) want to hear about your usage.

    2018 saw the 11th OpenStack User Survey unveiled at the Berlin OpenStack Summit, giving some fantastic insight into how and where people are using OpenStack across 63 different countries. Usage in Asia surged dramatically in 2018, with 48% of respondents based in that continent, with Europe 2nd at 26% and North America 3rd with 20% of respondents.

Programming: KubeCon, PHP, Python, GitLab, and Rust

Filed under
Development
  • Team OpenCensus or OpenTracing? It'll be neither and both now: Hello, OpenTelemetry

    Something odd happened at KubeCon 2019. Rather than snipe at each other from the safety of Twitter, two very similar open-source projects opted to pool their ideas into one: OpenTelemetry.

    The project is geared towards solving the problem of working out just what the heck is happening in today's microservices or container-based apps. Logging without incurring a chunky overhead both in terms of generating useful telemetry and actually collating the output.

    Distributed tracing is a bit more than fancy logging, as one commentator put it. Think more a transaction log over all the containers, services and components used in an application.

    Two projects emerged to deal with the challenge – OpenCensus from Google and OpenTracing, co-created by Ben Sigelman of Lightstep.

  • PHP 7.4 as Software Collection.

    Version 7.4.0-alpha1 will be soon released. It's now enter the stabilization phase for the developers, and the test phase for the users.

    RPM of this upcoming version of PHP 7.4, are available in remi repository for Fedora 29, 30 and Enterprise Linux 7, 8 (RHEL, CentOS, ...) in a fresh new Software Collection (php74) allowing its installation beside the system version.

    As I strongly believe in SCL potential to provide a simple way to allow installation of various versions simultaneously, and as I think it is useful to offer this feature to allow developers to test their applications, to allow sysadmin to prepare a migration or simply to use this version for some specific application, I decide to create this new SCL.

  • HEIC / HEIF images support

    The HEIF image format (High Efficiency Image File Format) is now widely used, especially since iOS 11, so it make sense to be able to process these images.

  • EuroPython 2019: First batch of accepted sessions
  • Hello CodeGrades!

    This is a blog about CodeGrades, an experiment to help folks learn about programming (initially in Python). We’ll use it to celebrate the successes, learn from the failures and reflect upon the feedback of participants. We’ll also share project news here too.

  • Setting Up GitLab CI for a Python Application

    This blog post describes how to configure a Continuous Integration (CI) process on GitLab for a python application.

  • How OpenTracing & OpenCensus Merger Helps Users Like GitLab

    In this episode of Let’s Talk, Andrew Newdigate – Staff Site Reliability Engineer at GitLab talks about OpenTracing, OpenCensus, and the newly announced OpenTelemetry project.

  • This Week In Rust: This Week in Rust 287
  • Kushal Das: Game of guessing colors using CircuitPython

Drill: New Desktop File Search Utility That Uses Clever Crawling Instead Of Indexing

Filed under
Software

Drill is a new file search utility that uses "clever crawling" instead of indexing, for Linux, Windows and macOS.

The application can locate files and folders, but it does not search file contents. It's designed for desktops, using a Gtk GUI by default, but there's also a command line frontend available, albeit quite minimal right now (a Ncurses backend is on the todo list as well).

Read more

Amp Up Your Linux Music Library With DeaDBeeF

Filed under
GNU
Linux
Software

There are a ton of great music players for Linux, and most of them have a pretty strong following. What makes DeaDBeeF stand out? In a word, it’s customization. DeaDBeeF is as close to a DIY music player as you’re going to get without making the jump to the command line.

DeaDBeeF lets you customize the entire layout of your music player, how your library is arranged, and which information is displayed when you play a song. Plus, it’s highly extensible, and there are plenty of excellent plugins that open up even more options for how you can customize and control your listening experience.

Read more

AMD Radeon VII Linux Performance vs. NVIDIA Gaming On Ubuntu For Q2'2019

Filed under
Graphics/Benchmarks
Gaming

It's been three months now since the AMD Radeon VII 7nm "Vega 20" graphics card was released and while we hopefully won't be waiting much longer for Navi to make its debut, for the time being this is the latest and great AMD Radeon consumer graphics card -- priced at around $700 USD. Here are some fresh benchmarks of the Radeon VII on Linux and compared to various high-end NVIDIA graphics cards while all testing happened from Ubuntu 19.04.

Fortunately, the open-source Radeon VII Linux support is in fact in great shape. There was some confusion for some weeks and a lack of benchmarks recently since I had been unable to get my Vega 20 graphics card running reliably. Under different OpenGL/Vulkan workloads and even some desktop tasks, the graphics card would freeze and spewing from dmesg would most often be a load of VMC page faults and other errors stemming from AMDGPU. But after a lot of testing, ultimately it was figured out the graphics card became defective in some manner. The original card was a pre-launch Radeon VII review sample and was my lone Vega 20 GPU but has now been fortunately replaced by AMD. I received a new Radeon VII last week and since then has been under near constant load/testing. This new card has been working out well and I haven't encountered any issues with this retail card, unlike the woes I experienced with the original VII a few weeks after launch. It was a bit surprising the original Radeon VII failed especially without having done any over-clocking to it (granted was pushed very hard for a few weeks with all of my benchmarking workloads), but whatever the case, this retail Radeon VII is working out fine on Ubuntu 19.04 and various kernel/Mesa upgrades.

Read more

An Early Look At Some PHP 7.4 Performance Benchmarks

Filed under
Graphics/Benchmarks

The initial PHP 7.4 Alpha 1 release is just two weeks away already... Curious about the performance of this yearly update to PHP7, I ran some benchmarks on the latest development code as of this morning compared to the earlier PHP7 releases and even PHP-8.0 that is in development on Git master.

PHP 7.4 has been working on preloading options, short closures, custom object serialization, FFI work that didn't end up making it for PHP 7.3, the null coalescing assignment operator has been added, and various other changes. The PHP 7.4 alpha releases are supposed to kick off on 6 June while the betas will then fire up starting on 18 July followed by at least six release candidates beginning at the end of August. If all goes well, PHP 7.4.0 will make its debut around the end of November or early December. PHP-7.4 has been branched since January while PHP-8.0 development is on Git master for that next major PHP8 release with JIT functionality and other changes in the works.

Read more

Bringing the Benefits of Linux Containers to Operational Technology

Filed under
Linux
Security

Linux container technology was introduced more than a decade ago and has recently jumped in adoption in IT environments. However, the OT (operational technology) environments, typically made up of heterogenous embedded systems, have lagged in the adoption of container technologies, due to both the unique technology requirements and the business models that relied on proprietary systems. In this article, I explore recent innovation in open-source offerings that are enabling the use of containers in OT use cases, such as industrial control systems, IoT gateways, medical devices, Radio Access Network (RAN) products and network appliances.

Enterprise IT leaders have adopted “cloud-native” computing architectures because of the innovation velocity and cost benefits derived by the approach. To leverage containers, developers segment applications into modular micro-services that enable flexible development and deployment models. These micro-services are then deployed as containers where the service itself is integrated with the required libraries and functions. On containerization, these application components have small footprints and fast speeds of deployment. The applications become highly portable across compute architectures due to the abstraction away from the hardware and the operating system.

Read more

Open-spec Omega2 LTE SBC features Cat 4 and GNSS

Filed under
Linux

Onion’s $99, sandwich-style Omega2 LTE SBC for remote sensor applications with a MIPS-based, WiFi-enabled Omega2S+ compute module, a Quectel EC25 chipset with LTE Cat 4 and GNSS, plus USB Type-C, microSD, and battery support.

Last December, Onion updated its MIPS-based, WiFi-enabled Omega2 board with a similarly OpenWrt-driven Omega2 Pro SBC that increased RAM to 512MB and flash to 8GB and added real-world USB host and micro-USB ports. Now, the company has returned to Crowd Supply with a similarly open source, OpenWrt Linux driven Omega2 LTE model with 4G LTE and GNSS location connectivity. Pricing ranges from $99 for the board alone to $199 for a fully loaded “Ultimate Collection” kit, all with early August shipments.

Read more

openSUSE Community Releases Leap 15.1 Version

Today’s release of the openSUSE Leap 15.1 brings professional users, entrepreneurs and Independent Software Vendors updated support for modern hardware.

The release of Leap 15.1 improves YaST functionality and the installer.

“Continuity and stability are what we are providing users with Leap 15.1,” said Haris Sehic, a member of the openSUSE community. “With Leap 15, we have introduced a huge number of new features and innovations in security, performance and tool/desktop area. Having in mind how stable, efficient and reliable Leap has become, with this release, we managed to keep the level of quality to the point that our private and Small Business users can, actually more than ever, profit from the enterprise background of an openSUSE Linux Distribution. Let’s continue to have a lot of fun!”

Leap releases are scalable and both the desktop and server are equally important for professional’s workloads, which is reflected in the installation menu as well as the amount of packages Leap offers and hardware it supports. Leap is well suited and prepared for usage as a Virtual Machine (VM) or container guest, allowing professional users to efficiently run network services no matter whether it’s a single server or a data center.

Read more

Also: openSUSE Leap 15.1 Officially Released, Based on SUSE Linux Enterprise 15 SP1

OpenSUSE Leap 15.1 Released - Based Off SUSE Linux Enterprise 15 SP1

Stable kernels 5.1.4, 5.0.18, 4.19.45, 4.14.121 , and 4.9.178

Filed under
Linux
  • Linux 5.1.4

    I'm announcing the release of the 5.1.4 kernel.

    All users of the 5.1 kernel series must upgrade.

    The updated 5.1.y git tree can be found at:
    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y
    and can be browsed at the normal kernel.org git web browser:
    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

  • Linux 5.0.18
  • Linux 4.19.45
  • Linux 4.14.121
  • Linux 4.9.178

New Release: Tor Browser 8.5

Filed under
Moz/FF
Security
Web

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Read more

The Document Foundation releases LibreOffice 6.2.4

Filed under
LibO

The Document Foundation announces LibreOffice 6.2.4, the fourth bug and regression fixing release of the LibreOffice 6.2 family, targeted at tech-savvy individuals: early adopters, technology enthusiasts and power users.

LibreOffice’s individual users are helped by a global community of volunteers: https://www.libreoffice.org/get-help/community-support/. On the website and the wiki there are guides, manuals, tutorials and HowTos. Donations help us to make all of these resources available.

LibreOffice users are invited to join the community at https://www.libreoffice.org/community/get-involved/, to improve LibreOffice by contributing back in one of the following areas: development, documentation, infrastructure, localization, quality assurance, design or marketing.

Read more

Also: LibreOffice 6.2.4 Open-Source Office Suite Released with More Than 100 Bug Fixes

Games: Gallium3D, Google, DXVK and New Titles on GNU/Linux

Filed under
Gaming
  • Intel Iris Gallium3D Driver Gets On-Disk Shader Cache Support

    In helping to speed-up game load times when switching to the new Intel "Iris" Gallium3D OpenGL Linux driver and smooth out frame-rates for games sporadically loading shaders, Mesa 19.2-devel has added on-disk shader cache support for the driver.

    Intel's existing "i965" classic Mesa driver has long supported an on-disk shader cache along with the other Mesa OpenGL drivers while now the Gallium3D shader cache functionality has been extended for the new Iris driver.

  • 10 Unknown Google Search Games for You

    Google Search by default has games hidden in it, which is a fact, not many Google users are aware of. Google has compiled some really authentic and entertaining games over a period of time, that can be played in Google.com page itself without having to visit any other Web page.

    Most of these games were made to appear as Google Doodle, in relation with certain anniversaries that have been a remarkable day in history. While some of these games are not available easily because Google Doodle keeps changing.

    However, a few of them continue to be played even today. All you need is to search the game by its name in Google and hit “search” and Voila! The games will appear right in front of your eyes and you can play them right then and there.

    Read on to know about the playable games still available, though hidden within the Google Search.

  • Valve have released a new dedicated mobile Steam Chat application

    Now that Valve have upgraded the chat and friends system in the desktop Steam client, they've also rolled out a brand new dedication mobile application to do the same.

    This isn't the normal Steam mobile application, instead they've oddly decided to split them in two. Touching on that, they said the original Steam mobile application is going to get some upgrades "focused on account security" including better Steam Guard options, like QR codes and a one-touch login.

  • Sci-fi first-person shooter 'Interstellar Marines' continues to live on, with a big update out now

    Interstellar Marines, a once promising sci-fi first-person shooter that slowly died is slowly making a comeback. Update 28 was released just recently, giving it an overhaul in a few places.

  • Valve working on a stand-alone version of the popular Dota Auto Chess

    Dota Auto Chess, a very popular custom game mode for Dota 2 is being turned into a stand-alone game by Valve.

    The Dota 2 arcade is full of interesting games but nothing has really come close to Dota Auto Chess, looking at it right now it has over 125K people playing just this one game mode. It also has over 8 million people subscribed to it, to give you another idea of just how popular it is. Based on player-count, if it manages to keep it for the stand-alone version it would put it into the top-5 games on Steam.

  • Blacksite returns alongside Sirocco for the latest Danger Zone update in Counter-Strike: Global Offensive

    Counter-Strike: Global Offensive's newer Battle Royale mode, Danger Zone, continues to be tweaked and the original map has made a return.

    This should help spice things up a bit, as Blacksite is quite a good map but I've also immensely enjoyed playing on the newer and more open Sirocco map. Thankfully, Valve have now enabled Danger Zone for both maps together as a "time-based map rotation" as you can see below:

  • DXVK 1.2.1 really does improve Overwatch quite a lot on Linux with NVIDIA

    In the latest release of DXVK 1.2.1 that was released last week, it included a note about improved GPU utilization. They certainly weren’t kidding, with Overwatch now performing even better on Linux with Wine.

    When I previously wrote about it, I said I was in shock at how well you could play Overwatch on Linux thanks to Wine, DXVK and a little help from Lutris. I included a video in the previous article to show it off, which showed the framerate hardly going above 100FPS and often dipped down to around 60FPS. Checking back, previous versions of DXVK didn’t let my NVIDIA 980ti GPU utilization go above 80%.

  • The absolutely insane and pretty awesome twin-stick shooter 'BulletRage' is now on Kickstarter

    BulletRage is a game I firmly think is worth supporting, as the developer has had Linux support in very early and it does seem like a pretty awesome twin-stick shooter.

today's leftovers

Filed under
Misc
  • Dark Style Rises | LINUX Unplugged 302

    Can the Free Desktop avoid being left behind in the going dark revolution? Cassidy from elementary OS joins us to discuss their proposal.

    Plus we complete our Red Hat arc by giving Silverblue the full workstation shakedown, Drew shares his complete review, and we discuss the loss of Antergros.

  • mintCast 309 – Virtualization
  • curl 7.65.0 dances in

    After another eight week cycle was been completed, curl shipped a new release into the world. 7.65.0 brings some news and some security fixes but is primarily yet again a set of bug-fixes bundled up.

  •  

  • Time for school as the big Cities: Skylines - Campus expansion is out now

    Paradox Interactive and Colossal Order have put school back on the map, as the Cities: Skylines - Campus expansion is out now. In terms of features and new content, this is one of the bigger expansions to be released.

    Adding in a little extra complexity for those who want it while also giving you even more freedom at the same time with the way you design your campus. Much like what came with the Parklife expansion, Campus lets you freely zone an entire area to build your fancy new education system.

  • The Humble tinyBuild Bundle 2019 is live with some lovely Linux games

    Here's something to keep you going for a little while, the Humble tinyBuild Bundle 2019 went live today and it has plenty of Linux games.

  • Academic Support Center BiASC connects the SUSE Academic Program with Belgium and Luxembourg

    The SUSE Academic Program has taken significant strides in new territories with the help of trusted academic partners from different regions. BiASC is an academic support organization that connects with IT academies from higher and secondary education and from non-commercial and professional training institutions. Already working with a number of universities, including the University of Luxembourg and Katholieke Universiteit Leuven, we hope to see our footprint spread with support from BiASC.

  • Raspberry Pi Close To Seeing CPUFreq Support

    Nicolas Saenz Julienne of SUSE has been working on CPUFreq support for the Raspberry Pi single board computers to allow for the Linux kernel to provide CPU frequency scaling controls.

    This CPUFreq support communicates with firmware running on a dedicated processor on the Raspberry Pi that is responsible for adjusting the CPU frequencies as well as that of the VPU and related blocks. The driver can request changes to the CPU frequencies though isn't necessarily honored depending upon thermal factors and other criteria. The firmware also offers the ability to request a turbo mode, but that can boost up other clocks and appears to be causing issues at least with the current state of the Raspberry Pi kernel drivers.

  • Freexian’s report about Debian Long Term Support, April 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • RC candidate of the day (1)

    Sometimes the list of release-critical bugs is overwhelming, and it’s hard to find something to tackle.

    So I invite you to have a go at #928040, which may only be a case of reviewing and uploading the included patch.

  • [GSoC – 1] Achieving consistency between SDDM and Plasma

    I’m very excited to start off the Google Summer of Code blogging experience regarding the project I’m doing with my KDE mentors David Edmundson and Nate Graham.

    What we’ll be trying to achieve this summer is have SDDM be more in sync with the Plasma desktop.

    What does that mean? The essence of the problem is quite simple: you can customize Plasma to no end, yet the only thing you can customize in SDDM is the cursor theme. As a customization-loving user, this has been a big pet peeve of mine. In my attempts to work around the issue I’ve already went as far as adding one too many config points to the Breeze SDDM theme. So to finish that project and thereby solve our GSoC issue, perhaps we could just hook up the respective KCM’s UI to those options…

  • Guaranteed Hard Real-time Response and Determinism from Aitech's Space SBC Processor Using NASA cFS Linux
  • Embedded PC with 6th or 7th Gen CPUs offers optional mini-PCIe and PCIe x4

    Aaeon’s barebones, semi-rugged “EPIC-KBS9-PUC” embedded PC runs on 6th or 7th Gen Core CPUs with up to 4x GbE and 2x serial plus 4x USB, mSATA, dual displays, and optional mini-PCIe, PCIe x4, or 2.5-inch HDD.

    Aaeon has spun last year’s EPIC form-factor EPIC-KBS board into an embedded system for light industrial duty including “automated warehouse robots, retail POS systems, and even a 3D printer for cakes.” The barebones, 216 x 180 x 65mm system will presumably let you load either Linux or Windows on a range of 6th (Skylake) or 7th (Kaby Lake) generation Intel Core CPUs up to 65W.

  • How to install Microsoft Visual Studio Code (VS Code) on Ubuntu [Ed: Jack Wallen pushing Microsoft agenda and helps Microsoft impose proprietary software, MSVS, on GNU/Linux users. Wallen should know better than this, but LF now pays him.]
  • Apple Is Finally Fixing the Keyboards on MacBook Pros

    Apple’s newest MacBook Pros, which are being announced today and include significant bumps in power and performance, are still using Apple’s third-generation “butterfly” keyboard. But the company says these keyboards have a change in the physical material that exists within the butterfly mechanism that will address some of the issues that MacBook users have been experiencing. The company declined to say exactly what the material change was. [...]

  • Flex PCB Fabrication

    I’ve gotten a few people asking me where I get my flex PCBs fabricated, so I figured I’d make a note here. I get my flex PCBs (and actually most of my PCBs, except laser-drilled microvia) done at a medium-sized shop in China called King Credie. Previously it was a bit hard to talk about them because they only took orders via e-mail and in Chinese, but they recently opened an English-friendly online website for quotation and order placement. There’s still a few wrinkles in the website, but for a company whose specialty is decidedly not “web services” and with English as a second language, it’s usable.

    Knowing your PCB vendor is advantageous for a boutique hardware system integrators like me. It’s a bit like the whole farm-to-table movement — you get better results when you know where your materials are coming from. I’ve probably been working with King Credie for almost a decade now, and I try to visit their facility and have drinks with the owner on a regular basis. I really like their CEO, he’s been a circuit board fabrication nerd since college, and he’s living his dream of building his own factory and learning all he can about interesting and boutique PCB processes.

  • TechnicalDebt

     

    Thinking of this as paying interest versus paying of principal can help decide which cruft to tackle. If I have a terrible area of the code base, one that's a nightmare to change, it's not a problem if I don't have to modify it. I only trigger an interest payment when I have to work with that part of the software (this is a place where the metaphor breaks down, since financial interest payments are triggered by the passage of time). So crufty but stable areas of code can be left alone. In contrast, areas of high activity need a zero-tolerance attitude to cruft, because the interest payments are cripplingly high. This is especially important since cruft accumulates where developers make changes without paying attention to internal quality - the more changes, the greater risk of cruft building up.

Security Leftovers

Filed under
Security
  • WannaCry? Hundreds of US schools still haven’t patched servers

    But cities aren't the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows' Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems.

  • Google stored some passwords in plain text for fourteen years

    In a blog post today, Google disclosed that it recently discovered a bug that caused some portion of G Suite users to have their passwords stored in plain text. The bug has been around since 2005, though Google says that it can’t find any evidence that anybody’s password was improperly accessed. It’s resetting any passwords that might be affected and letting G Suite administrators know about the issue.

    G Suite is the corporate version of Gmail and Google’s other apps, and apparently the bug came about in this product because of a feature designed specifically for companies. Early on, it was possible for your company administrator for G Suite apps to set user passwords manually — say, before a new employee came on board — and if they did, the admin console would store those passwords in plain text instead of hashing them. Google has since removed that capability from administrators.

  • Notifying administrators about unhashed password storage
  • Google Disappoints Yet Again: Stored Some Passwords In Plain Text For 14 Years

    G Suite users were taken aback yesterday when Google disclosed that it stored some passwords for Enterprise G Suite users in plain text for 14 years.

    In a blog post, the search giant mentioned that the passwords were encrypted but not hashed, which means that Google employees had complete access to them. However, the company says that there is no evidence that passwords were illegally accessed by anyone or misused.

  • Stable Version Of Tor Browser For Android Now Available On Play Store

    After eight months of testing, a stable release for the Tor browser has arrived on the Play Store. The new Android browser now brings Tor features directly into a standalone browser, replacing the Orbot/Orfox as the main way to connect to the Tor network via Android devices.

    The stable version (v8.5) of Tor for Android routes your web traffic through the Tor network — a web of encrypted computers spread worldwide.

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

  • Zombieload, Nextcloud, Peppermint 10, KDE Plasma, IPFire, ArcoLinux, LuneOS | This Week in Linux 67
    On this episode of This Week in Linux, we’ll check out some Distro News from Peppermint OS, ArcoLinux, LuneOS & IPFire. We got a couple apps to talking about like Nextclou0…d and a new Wallpaper tool that has quite a bit of potential. We’ll take a look at what is to come with the next version of KDE Plasma. Intel users have gotten some more bad news regarding a new security vulnerability. Later in the show, we’ll cover some interesting information regarding a couple governments saving money by switching to Linux. Then finally we’ll check out some Linux Gaming News. All that and much more on your Weekly Source for Linux GNews!
  • Ubuntu Podcast: S12E07 – R-Type
    This week we’ve been installing Lineage on a OnePlus One and not migrating Mastodon accounts to ubuntu.social. We round up the Ubuntu community news from Kubuntu, Ubuntu MATE, Peppermint OS and we discuss some tech news. It’s Season 12 Episode 07 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.
  • OpenGL 4.6 / SPIR-V Support Might Be Inching Closer For Mesa Drivers
    We're quickly approaching the two year anniversary of the OpenGL 4.6 release and it's looking like the Intel/RadeonSI drivers might be inching towards the finish line for that latest major revision of the graphics API.  As we've covered many times, the Mesa drivers have been held up on OpenGL 4.6 support due to their SPIR-V ingestion support mandated by this July 2017 version of the OpenGL specification. While there are the Intel and Radeon RADV Vulkan drivers already with the SPIR-V support that is central to Vulkan, it's taken a long time re-fitting the OpenGL drivers for the likes of ARB_gl_spriv. Then again, there aren't many (actually, any?) major OpenGL games requiring version 4.6 of the specification even with its interoperability benefits thanks to SPIR-V.

Software: Left, Samba, LaTeX, PyRadio and More

  • Left Is A Minimalist, Distraction-Free Text Editor For Writers
    Left is a free and open source distraction-free text editor for Linux, Windows and Mac. The main goal of Left is to get you to focus on writing. It comes with writing essentials like autocomplete, synonym suggestions and writing statistics, but it doesn't support text formatting, and doesn't have all the bells and whistles found in applications like LibreOffice Writer or Microsoft Office Word. This minimalist text editor may not be particularly exciting, and it's not for everyone, but if you're working on a long writing project, a clean interface that allows you to focus exclusively on your work may be for you.
  • Samba 4.10.4 Released With 40 Bug fixes
    The Samba Team announced the availability of Samba 4.10.4. This is the latest stable release of the Samba 4.10 release series. Also, they released a patch against Samba 4.10.3. This release comes with close to 40 bug fixes.
  • 8 Best latex editors for Linux, Windows or MacOS
    LaTeX project is a programming language with which scientific and mathematical texts can be created. The full form of LaTeX here is Lamport TeX. In simple words, it is a document preparation system for high-quality typesetting but for special purposes where you need scientific and mathematical texts like scientific formulas for some academic books or PDF… Using packages or libraries, you can extend the scope of functions to create graphics and formulas. Now, what exactly is the LaTex editor? In simple words, the editor that supports LaTeX programming to create documents is called LaTeX editors. Thus, it is not like our normal word editor where we get formatted text in WYSIWYG (“what you see is what you get”) such as OpenOffice, LibreOffice or Microsoft Office. LaTeX is totally opposite uses a command line interface to format text for books or documents need an extensive text system that is intended for books, scientific papers and articles. Particularly in the mathematical-technical area, the system offers itself because of the formulas contained. You can simply install LaTeX on your system and then text can be entered in a simple editor and saved in a source text file, similar to a script. This text is supplemented by LaTeX commands, which, for example, identify chapters, sections, headings, and quotes. In addition, a LaTeX document can be spread over several files, so that each chapter is a separate file. However, there are a good number of best LaTeX backed editors are available for online to download with both open sources as well as a free license for Windows, Linux and MacOS. Thus, here we are with some best open source or free LaTeX editors but before installing them remember they are not simple text editors and to operate them, first, you must get familiar with the LaTeX commands…
  • PyRadio – curses based internet radio player
    On my roadmap is to review all actively maintained internet radio players. To date, I’ve covered odio, Shortwave, and Radiotray-NG. While there’s lots to admire in these projects, I feel that an internet radio player meeting all my requirements is still out there waiting to be discovered. For this review, I’ll run through PyRadio. Unlike the other radio players I’ve covered, PyRadio is curses based software.
  • Insync 3 Beta Available With OneDrive Syncing Support On Linux [Ed: Give all your files to Microsoft (which bribes officials to dump GNU/Linux, puts back doors in everything arrests whistleblowers etc.)]
  • GNOME 3.34's Mutter Gets Important Fix To Avoid Stuttering / Frame Skips
    In addition to GNOME's Mutter compositor / window manager seeing an important fix recently lowering the output lag under X11 so it matches GNOME's Wayland performance, another important Mutter fix also landed. The Mutter/Clutter change to avoid skipping over the next frame to render has landed. This is yet another big deal contribution by Canonical's Daniel van Vugt as part of their GNOME desktop enhancements.
  • Firefox brings you smooth video playback with the world’s fastest AV1 decoder
    Tuesday’s release of Firefox 67 brought a number of performance enhancing features that make this our fastest browser ever. Among these is the high performance, royalty free AV1 video decoder dav1d, now enabled by default on all desktop platforms (Windows, OSX and Linux) for both 32-bit and 64-bit systems. With files more than 30% smaller than today’s most popular web codec VP9 [1], and nearly 50% smaller than its widely deployed predecessor H.264 [2], AV1 allows high-quality video experiences with a lot less network usage, and has the potential to transform how and where we watch video on the Internet. However, because AV1 is brand new and more sophisticated, some experts had predicted that market adoption would wait until 2020 when high-performance hardware decoders are expected. Dav1d in the browser upends these predictions.
  • GNU Binutils Begins Landing eBPF Support
    The GNU Binutils is finally getting wired up around the Extended BPF (eBPF) as the modern, in-kernel virtual machine that stretches the Berkeley Packet Filter beyond the networking subsystem.  Compiling for eBPF has most commonly been done by the LLVM eBPF back-end to allow compiling C into the eBPF bytecode but it looks like the GNU toolchain developers are looking to increase their support around the increasingly common eBPF use-cases for this in-kernel VM.

Distros: Draco in Sparky, Fedora Issues and Optional Dependencies in Debian

  • Draco Desktop
    There is a new desktop available for Sparkers: Draco
  • Archiving 26 500 community Q&As from Ask Fedora
    Ask Fedora is the Fedora Linux community’s questions-and-answers portal, and it recently transitioned from a forum software called Askbot to Discourse. Changing the underlying forum software doesn’t have to be destructive but Ask Fedora decided to go with a nuke-and-pave migration strategy: They decided to start from scratch instead of copying user accounts and the user-contributed content to the new software. The first time I learned of the migration was a few days after it had happen. I’d run into an issue with my Fedora installation and went online looking for solutions. Every useful search result was from the old Ask Fedora site and every link returned an HTTP 404 Not Found error message as those answers hadn’t been migrated to the new Ask Fedora website.
  • Attention epel6 and epel7 ppc64 users
    If you are a epel6 or epel7 user on the ppc64 platform, I have some sad news for you. If you aren’t feel free to read on for a tale of eol architectures. ppc64 (the big endian version of power) was shipped with RHEL6 and RHEL7 and Fedora until Fedora 28. It’s been replaced by the ppc64le (little endian) version in Fedora and RHEL8.
  • Optional dependencies don’t work
    In the i3 projects, we have always tried hard to avoid optional dependencies. There are a number of reasons behind it, and as I have recently encountered some of the downsides of optional dependencies firsthand, I summarized my thoughts in this article. [...] Software is usually not built by end users, but by packagers, at least when we are talking about Open Source. Hence, end users don’t see the knob for the optional dependency, they are just presented with the fait accompli: their version of the software behaves differently than other versions of the same software. Depending on the kind of software, this situation can be made obvious to the user: for example, if the optional dependency is needed to print documents, the program can produce an appropriate error message when the user tries to print a document. Sometimes, this isn’t possible: when i3 introduced an optional dependency on cairo and pangocairo, the behavior itself (rendering window titles) worked in all configurations, but non-ASCII characters might break depending on whether i3 was compiled with cairo. For users, it is frustrating to only discover in conversation that a program has a feature that the user is interested in, but it’s not available on their computer. For support, this situation can be hard to detect, and even harder to resolve to the user’s satisfaction.