Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 20 Jan 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

OSS Leftovers

Filed under
OSS
  • Attackers Leverage Open Source in New BYOB Attack [Ed: A "phishing site impersonating the Office 365 login page," but hey, let's blame "open source"]

    An attack leveraging the open-source Build Your Own Botnet (BYOB) framework has reportedly been intercepted by Israeli cybersecurity firm Perception Point’s incident response team. According to the team, this appears to be the first time the BYOB framework has been found to be used for fraudulent activity in the wild.

    While these tactics and techniques have historically been limited in used to financially backed advanced persistent threat (APT) groups, they are now more easily accessed by novice criminals, in part because of the more widespread popularity of plug-and-play hacking kits, researchers said.

  • Try ‘Puffer’: An Open-Source Free Live TV Streaming Service By Stanford

    A new free TV streaming service called “Puffer” has been launched as a part of a nonprofit academic research study by a group of Stanford researchers.

    The team, led by Francis Yan, a doctoral student from the computer science department at Stanford Universty, aims at improving Internet transmission and video-streaming algorithms by using AI.

  • H2O.ai Empowers MarketAxess to Innovate and Inform Trading Strategies

    H2O.ai, the open source leader in artificial intelligence (AI) and machine learning (ML), today announced that its open source platform, H2O, provides critical machine learning capabilities to MarketAxess, the operator of a leading electronic trading platform for fixed-income securities and the provider of market data and post-trade services for the global fixed-income markets. MarketAxess' Composite+, powered by H2O open source, delivers greater insight and price discovery in real-time, globally, for over 24,000 corporate bonds. Composite+ has won several awards for its use of AI including the Risk Markets Technology Award for Electronic Trading Support Product of the Year and the Waters Technology American Financial Technology Award for Best Artificial Intelligence Technology Initiative.

  • 2019 AI Trend To Watch: Open Source and RAPIDS

    Nvidia aims to increase its GPU platform usage by offering open source tools to help accelerate machine learning workloads.

  • How to Preserve Your Privacy on Android Without Tearing Your Hair Out

    It can seem intimidating, but you can gain some semblance of mobile privacy with a few quick tweaks.

    [...]

    If you had unlimited time and some familiarity with the Android platform, you could go to extremes like rooting to disable system components, flashing custom ROMs, or even building your own privacy-focused ROM. For most people, that’s not feasible. Not only are such activities incredibly complex, but they also make your phone less useful.

    The fact of the matter is, most Android users want access to the Play Store, Google apps, and high-security apps (e.g. banking) that rely on Google’s TrustZone system. However, you can make some simple but not always obvious changes to Android phones to preserve your privacy.

  • Blast from the Past: Retrieving Old Game Source Code

    Way back in 1985, I created games on the ZX Spectrum/Timex and CBM-64. A friend and I set up a small software house, and in addition to creating our own games, we also (and more lucratively) converted games for other publishers from CBM-64 to other formats.

    During this period, I wrote several original games in Z80 and 6502 assembler. I kept their sources on 5 1/4″ floppy disks, but after a few years I lost the floppy drive that could read the disks, and they were shoved in a cupboard. Somewhere between house moves, I lost the disks for all time.

    Fast-forward to this past December. In a store, I spotted a cheap game console for roughly $100 (get a look at this absolute unit, sold under the brand name “RetroPi”). It came with 18,000 games for various old computers and consoles, including SNES, ZX Spectrum and CBM-64. The hardware was a Raspberry PI clone in a case, and included Nintendo-type game controllers, along with HDMI and USB power cables.

    [...]

    I priced out the hardware for the console, and reckon it would cost about $70 for the Pi, controllers and cables, so I don’t feel ripped off… especially as it gave me a chance to play “Legend of Zelda” and “Secret of Mana” for the first time in 25 years via the SNES emulator!

  • How Open Source Culture Is Battling Skepticism Successfully

    The software industry has also witnessed vital changes. One of the biggest methods of evangelising this grown lies in open sourcing. One may think open source is just about free software and data, but, that is not the only thing; open source is about the code that becomes publicly available for people to modify and use it.

  • VLC, that magic open source video player, might be making a play for more consoles

    Speaking to VentureBeat, Jean-Baptiste Kempf revealed that VLC had reached three billion downloads to date and will continue to push HDR support as much as they can via the AV1 format, and further support VR videos.

    As far as gaming devices go, Kempf says that in addition to their already existing Xbox app they're also interested in releasing VLC for the Switch, Roku devices and the PS4. As VentureBeat points out these aren't a top priority given that only 12 people actually contribute to the VLC project, but it's something they're thinking about.

Server: OpenShift, Containers, SUSE, IBM and Kubernetes/Heptio

Filed under
Server

Linux Foundation: Upcoming Events and Hyperledger

Filed under
Linux
OSS
  • Check Out the 2019 Linux Foundation Events and Expand Your Open Source Experience

    The Linux Foundation just recently announced its 2019 events schedule, featuring all your favorite events as well as some brand-new ones to cover the latest technologies. Make plans now to speak or attend and expand your experience with open source.

  • The Role of Hyperledger in the Development of Smart Contracts

    Businesses constantly look to improve. A great part of that improvement is optimizing the costs-to-revenue ratio, which obviously favors revenue. Developing decentralized applications (dApps) with smart contracts has opened exciting avenues for businesses. Blockchain developers are exploring this practical aspect of smart contracts to create dApps that solve several issues current businesses struggle with: too many intermediaries, too much time, and too many conditions attached to executing a business transaction.

    The sum of these issues comes down to spending too much money on completing business contracts. Expectedly, the solution would be to reduce most of the complicated aspects to do business in a more affordable way than ever before.

    [...]

    The Hyperledger is different from other blockchain endeavors. It not only offers a dApp platform for creating practical solutions but it also provides collaborative partnership and unique smart contract technology as well as rich resources such as plug-in tools and frameworks that businesses can use in the process of dApp development. In the spirit of Linux, it also features a very active online community.

    Despite the permissioned blockchain model, it’s important to keep in mind Hyperledger’s open-source software orientation, which means the platform offers its newly developed code to partners for free. Apart from the membership fee, there are no additional fees for licenses and royalties. In a way, seeing blockchains as completely open or partially open networks is similar to the conundrum associated with the different benefits of open-source and proprietary software.

Programming: GCN, Python, Rust, RcppArmadillo

Filed under
Development

Games: Lost in Sky: Violent Seed, Steam and PlayOnLinux 5.0 Alpha 2

Filed under
Gaming
  • Lost in Sky: Violent Seed Bringing Co-Op Puzzle Platforming to Linux & Windows

    While action-platformers aren't in short supply in today's gaming market, there is a definite lack of co-op games in the genre despite that being a natural fit. Thankfully, the team behind List in Sky: Violent Seed saw that and is setting out to bring a new IP into the industry alongside a merging of numerous gaming concepts. In a sci-fi setting, you and a partner will team up and not only battle a ton of nasty-looking mutants, but also team up to solve puzzles. Puzzle-platformers have seen an upswing in popularity, but co-op ones haven't really been done before. That sub-genre is an even more natural fit than a co-op action-platformer since it's much easier to solve puzzles when you put your minds together.

  • Steam Beta Update Now Allows Per-Game Enabling Of Steam Play, Other Improvements

    It was just yesterday that Valve dropped a big Steam client update including several long sought improvements for Linux gamers. Today that's been succeeded by another rather nice beta upgrade. It was just yesterday that Valve dropped a big Steam client update including several long sought improvements for Linux gamers. Today that's been succeeded by another rather nice beta upgrade.

    [...]

    This update also fixes the incorrect scroll offset for the in-game overlay with Steam on Linux. Outside of the Linux-specific work are some Big Picture fixes and on Steam Input is support for the HORI Battle Pad and HORI Wireless Switch Pad.

  • Phoenicis PlayOnLinux 5.0 - Alpha 2 has been released

    We have rewritten from scratch our winebuild platform. To make it short, it is more reliable, more transparent, easier to setup and cross-platform compatible. Any project that needs to use wine could now potentially use it and take advantage of the 1828 different builds. (We admit that some of them are outdated, though).

    The winebuild project is open source, uses containers. You can install it on your machine in no time if you want to build wine by yourself.

today's howtos

Filed under
HowTos

Android: Android Q, Fossil and Deprecating 32-Bit Android Apps

Filed under
Android

CNC milling with open source software

Filed under
OSS

I'm always looking for new projects to create with my 3D printer. When I recently saw a new design for a computer numeric code (CNC) milling machine that mostly uses 3D printed parts, I was intrigued. When I saw that the machine works with open source software and the controller is an Arduino running open source software, I knew I had to make one.

CNC milling machines are precision cutting tools used in creating dies, engravings, and models. Unlike other milling tools, CNC machines can move on three axes: the Z axis moves vertically, the X axis moves horizontally, and the Y axis moves backward and forward.

Read more

Security: Jenkins, Polyverse, Rootkits, Cryptojacking and Kali Linux

Filed under
Security

Server Side Public License (SSPL) Fallout

Filed under
Red Hat
Server
OSS
  • Red Hat drops MongoDB over concerns related to its Server Side Public License (SSPL)

    It was last year in October when MongoDB announced that it’s switching to Server Side Public License (SSPL). Now, the news of Red Hat removing MongoDB from its Red Hat Enterprise Linux and Fedora over its SSPL license has been gaining attention.

  • The Need for Sustainable Open Source Projects

    The point of the article is a lot of companies that support open source projects, like RedisDB, are moving to more closed source solutions to survive. The cloud providers are called out as a source of a lot of problems in this article, as they consume a lot of open source software, but do not really spend a lot of time or effort in supporting it. Open source, in this situation, becomes a sort of tragedy of the commons, where everyone thinks someone else is going to do the hard work of making a piece of software viable, so no-one does any of the work. Things are made worse because the open source version of the software is often "good enough" to solve 80% of the problems users need solved, so there is little incentive to purchase anything from the companies that do the bulk of the work in the community.

  • MongoDB’s licensing changes led Red Hat to drop the database from the latest version of its server OS

    After MongoDB decided last year that it was changing the license for its open-source database to a more restrictive version, Red Hat decided it would no longer include MongoDB in the latest version of its flagship Red Hat Enterprise Linux operating system.

    The change apparently went unnoticed until a Hacker News thread took off earlier today, but it was included in the release notes for RHEL 8.0, which was released in beta last November. In those notes, Red Hat states “note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL).”

MariaDB Platform X3

Filed under
Server
OSS
  • Unlock Hybrid Everything with MariaDB Platform X3

    As customers, we expect businesses to provide us with useful information. And as our expectations rise, so too must the usefulness of the information. For example, it’s useful to know a product is on sale. It’s more useful to know that it will be sold-out within hours. It’s also useful to know the balance on my credit card. But it’s even more useful to know if it’s going be higher than the automated payment I scheduled.

  • MariaDB Platform X3 combines transaction processing and analytics

    With MariaDB Platform X3, an organization may use a single database both for conventional customer-facing workloads (transactional, or OLTP) and internal business-intelligence workloads (analytical, or OLAP). The same data is available for either kind of work and is kept automatically in sync between the two sides.

    MariaDB Platform is priced at a flat per-node cost, regardless of whether nodes are OLTP or OLAP. This allows for more flexible deployments, where the number of nodes in a given deployment can be moved freely between OLTP and OLAP workloads as demand changes.

Open Source Startup ‘Tidelift’ raises $25m in series B funding

Filed under
News

Open Source startups are also booming with the rise of open source usage in the enterprise world. Tidelift is one such startup making it big with multi-million dollar fundings.
Read more

Facebook, Instagram, WhatsApp pose privacy risks, warns free software guru Richard Stallman

Filed under
GNU

Think twice before posting anyone’s photo on Facebook, WhatsApp or Instagram, says free software guru Richard Stallman. As a few among the strongest centralised surveillance mechanisms in the world, even with a picture of the back of head, they would be able to track where you go and what you do, he added.
The software guru’s lecture titled Education Freedom Day lecture, organised by International Centre for Free and Open Source Software and Society for Promotion of Alternate Computing and Employment (SPACE) in Thiruvananthapuram, had first bewildered information technology professionals and academicians when he asked them to “switch-off the geo-location feature of your smartphone, if you are taking my photos”.
He said that 90% of the 1,000 free applications in Google Play stores can spy, according to the latest studies and asked why should the fleshlight application be linked to the server. Even the data on the sex toy go to the server, with its thermometer readings sharing the time of contact. He argued that owners of the firms who spy on a user’s personal data should be jailed. Richard Matthew Stallman, according to Wikipedia, “is an Amercian freedom activist and a computer programmer. He campaigns for software to be distributed in such a manner that a user receiving it, likewise receives with it the freedom to use, study, distribute and modify that software”.

Read more

Security: Updates, Leaks, Kubernetes and Let's Encrypt

Filed under
Security
  • Security updates for Thursday
  • Oracle Releases First Critical Patch Update of 2019, Red Hat Enterprise Linux and Fedora to Drop MongoDB, The Linux Foundation Announces Its 2019 Event Lineup, Firefox Closing Its Test Pilot Program and GoDaddy to Support AdoptOpenJDK

    Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

  • Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised

    Good morning! A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history. Here’s how to make sure your information is still safe.

    This collection of email address and passwords—dubbed “Collection #1”—groups together several smaller breaches into a larger master file of sorts. This huge collection of data comes from several different sites, so your personal info may have been compromised from multiple different sources. That means your information could’ve been compromised multiple times—the same email address with different passwords.

  • Kubernetes security: 4 tips to manage risks

    Kubernetes has one of the liveliest (if not the liveliest) communities around. Getting involved is one of the best ways to get up to speed and stay abreast of best security practices. That community values the same thing you’re seeking: Making the most of Kubernetes’ power while minimizing any risks that come with its increasing adoption.

    “This community clearly cares deeply about security, and it emphasizes education and inclusion, so security staff can look forward to a helpful, educational community from whom they can learn,” Dang says.

    “Get educated and follow industry best practices, like the CIS Kubernetes Benchmark,” advises Amir Jerbi, CTO at Aqua Security. “Kubernetes is a complex system with many configuration options, any of which, if done wrong, could leave clusters open to attacks.”

    Plugging into the vibrant Kubernetes community is a great step toward ensuring your organization’s implementation isn’t creating unnecessary vulnerabilities.

  • Protect Your Websites with Let's Encrypt

    Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let's Encrypt for free, and the whole thing takes just a few minutes.

Programming: Django, PHP, Polonius and More

Filed under
Development
  • Django 2.2 alpha 1 released

    Django 2.2 alpha 1 is now available. It represents the first stage in the 2.2 release cycle and is an opportunity for you to try out the changes coming in Django 2.2.

    Django 2.2 has a salmagundi of new features which you can read about in the in-development 2.2 release notes.

  • Eliminating PHP polyfills

    The Symfony project has recently created a set of pure-PHP polyfills for both PHP extensions and newer language features. It allows developers to add requirements upon those functions or language additions without increasing the system requirements upon end users. For the most part, I think this is a good thing, and valuable to have. We've done similar things inside MediaWiki as well for CDB support, Memcached, and internationalization, just to name a few.

    But the downside is that on platforms where it is possible to install the missing PHP extensions or upgrade PHP itself, we're shipping empty code. MediaWiki requires both the ctypes and mbstring PHP extensions, and our servers have those, so there's no use in deploying polyfills for those, because they'll never be used. In September, Reedy and I replaced the polyfills with "unpolyfills" that simply provide the correct package, so the polyfill is skipped by composer. That removed about 3,700 lines of code from what we're committing, reviewing, and deploying - a big win.

  • Polonius and region errors

    Now that NLL has been shipped, I’ve been doing some work revisiting the Polonius project. Polonius is the project that implements the “alias-based formulation” described in my older blogpost. Polonius has come a long way since that post; it’s now quite fast and also experimentally integrated into rustc, where it passes the full test suite.

  • Serious Python released!

    Well, Serious Python is the the new name of The Hacker's Guide to Python — the first book I published. Serious Python is the 4th update of that book — but with a brand a new name and a new editor!

Ditching Out-of-Date Documentation Infrastructure

Filed under
Linux

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out."

He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel.

Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now.

Read more

Mozilla: Rust 1.32.0, Privacy, UX and Firefox Nightly

Filed under
Moz/FF
  • Announcing Rust 1.32.0

    The Rust team is happy to announce a new version of Rust, 1.32.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  • Rust 1.32 Released With New Debugger Macro, Jemalloc Disabled By Default

    For fans of Rustlang, it's time to fire up rustup: Rust 1.32 is out today as the latest feature update for this increasingly popular programming language.

    The Rust 1.32 release brings dbg!() as a new debug macro to print the value of a variable as well as its file/line-number and it works with more than just variables but also commands.

  • Julien Vehent: Maybe don't throw away your VPN just yet...

    At Mozilla, we've long adopted single sign on, first using SAML, nowadays using OpenID Connect (OIDC). Most of our applications, both public facing and internal, require SSO to protect access to privileged resources. We never trust the network and always require strong authentication. And yet, we continue to maintain VPNs to protect our most sensitive admin panels.

    "How uncool", I hear you object, "and here we thought you were all about DevOps and shit". And you would be correct, but I'm also pragmatic, and I can't count the number of times we've had authentication bugs that let our red team or security auditors bypass authentication. The truth is, even highly experienced programmers and operators make mistakes and will let a bug disable or fail to protect part of that one super sensitive page you never want to leave open to the internet. And I never blame them because SSO/OAuth/OIDC are massively complex protocols that require huge libraries that fail in weird and unexpected ways. I've never reached the point where I fully trust our SSO, because we find one of those auth bypass every other month. Here's the catch: they never lead to major security incidents because we put all our admin panels behind a good old VPN.

  • Reflections on a co-design workshop

    Co-design workshops help designers learn first-hand the language of the people who use their products, in addition to their pain points, workflows, and motivations. With co-design methods [1] participants are no longer passive recipients of products. Rather, they are involved in the envisioning and re-imagination of them. Participants show us what they need and want through sketching and design exercises. The purpose of a co-design workshop is not to have a pixel-perfect design to implement, rather it’s to learn more about the people who use or will use the product, and to involve them in generating ideas about what to design.

    We ran a co-design workshop at Mozilla to inform our product design, and we’d like to share our experience with you.

    [...]

    Our UX team was tasked with improving the Firefox browser extension experience. When people create browser extensions, they use a form to submit their creations. They submit their code and all the metadata about the extension (name, description, icon, etc.). The metadata provided in the submission form is used to populate the extension’s product page on addons.mozilla.org.

  • Firefox Nightly: These Weeks in Firefox: Issue 51

Mesa 18.3.2

Filed under
Graphics/Benchmarks

Mesa 18.3.2 is now available.

In this release candidate we have added more PCI IDs for AMD Vega devices and
a number of fixes for the RADV Vulkan drivers.

On the Intel side we have a selection ranging from quad swizzles support for
ICL to compiler fixes.

The nine state tracker has also seen some love as do the Broadcom drivers.

To top it all up, we have a healthy mount of build system fixes.

Alex Deucher (3):
pci_ids: add new vega10 pci ids
pci_ids: add new vega20 pci id
pci_ids: add new VegaM pci id

Alexander von Gluck IV (1):
egl/haiku: Fix reference to disp vs dpy

Andres Gomez (2):
glsl: correct typo in GLSL compilation error message
glsl/linker: specify proper direction in location aliasing error

Axel Davy (3):
st/nine: Fix volumetexture dtor on ctor failure
st/nine: Bind src not dst in nine_context_box_upload
st/nine: Add src reference to nine_context_range_upload

Bas Nieuwenhuizen (5):
radv: Do a cache flush if needed before reading predicates.
radv: Implement buffer stores with less than 4 components.
anv/android: Do not reject storage images.
radv: Fix rasterization precision bits.
spirv: Fix matrix parameters in function calls.

Caio Marcelo de Oliveira Filho (3):
nir: properly clear the entry sources in copy_prop_vars
nir: properly find the entry to keep in copy_prop_vars
nir: remove dead code from copy_prop_vars

Dave Airlie (2):
radv/xfb: fix counter buffer bounds checks.
virgl/vtest: fix front buffer flush with protocol version 0.

Dylan Baker (6):
meson: Fix ppc64 little endian detection
meson: Add support for gnu hurd
meson: Add toggle for glx-direct
meson: Override C++ standard to gnu++11 when building with altivec on ppc64
meson: Error out if building nouveau and using LLVM without rtti
autotools: Remove tegra vdpau driver

Emil Velikov (13):
docs: add sha256 checksums for 18.3.1
bin/get-pick-list.sh: rework handing of sha nominations
bin/get-pick-list.sh: warn when commit lists invalid sha
cherry-ignore: meson: libfreedreno depends upon libdrm (for fence support)
glx: mandate xf86vidmode only for "drm" dri platforms
meson: don't require glx/egl/gbm with gallium drivers
pipe-loader: meson: reference correct library
TODO: glx: meson: build dri based glx tests, only with -Dglx=dri
glx: meson: drop includes from a link-only library
glx: meson: wire up the dispatch-index-check test
glx/test: meson: assorted include fixes
Update version to 18.3.2
docs: add release notes for 18.3.2

Eric Anholt (6):
v3d: Fix a leak of the transfer helper on screen destroy.
vc4: Fix a leak of the transfer helper on screen destroy.
v3d: Fix a leak of the disassembled instruction string during debug dumps.
v3d: Make sure that a thrsw doesn't split a multop from its umul24.
v3d: Add missing flagging of SYNCB as a TSY op.
gallium/ttn: Fix setup of outputs_written.

Erik Faye-Lund (2):
virgl: wrap vertex element state in a struct
virgl: work around bad assumptions in virglrenderer

Francisco Jerez (5):
intel/fs: Handle source modifiers in lower_integer_multiplication().
intel/fs: Implement quad swizzles on ICL+.
intel/fs: Fix bug in lower_simd_width while splitting an instruction which was already split.
intel/eu/gen7: Fix brw_MOV() with DF destination and strided source.
intel/fs: Respect CHV/BXT regioning restrictions in copy propagation pass.

Ian Romanick (2):
i965/vec4/dce: Don't narrow the write mask if the flags are used
Revert "nir/lower_indirect: Bail early if modes == 0"

Jan Vesely (1):
clover: Fix build after clang r348827

Jason Ekstrand (6):
nir/constant_folding: Fix source bit size logic
intel/blorp: Be more conservative about copying clear colors
spirv: Handle any bit size in vector_insert/extract
anv/apply_pipeline_layout: Set the cursor in lower_res_reindex_intrinsic
spirv: Sign-extend array indices
intel/peephole_ffma: Fix swizzle propagation

Karol Herbst (1):
nv50/ir: fix use-after-free in ConstantFolding::visit

Kirill Burtsev (1):
loader: free error state, when checking the drawable type

Lionel Landwerlin (5):
anv: don't do partial resolve on layer > 0
i965: include draw_params/derived_draw_params for VF cache workaround
i965: add CS stall on VF invalidation workaround
anv: explictly specify format for blorp ccs/mcs op
anv: flush fast clear colors into compressed surfaces

Marek Olšák (1):
st/mesa: don't leak pipe_surface if pipe_context is not current

Mario Kleiner (1):
radeonsi: Fix use of 1- or 2- component GL_DOUBLE vbo's.

Nicolai Hähnle (1):
meson: link LLVM 'native' component when LLVM is available

Rhys Perry (3):
radv: don't set surf_index for stencil-only images
ac/nir,radv,radeonsi/nir: use correct indices for interpolation intrinsics
ac: split 16-bit ssbo loads that may not be dword aligned

Rob Clark (2):
freedreno/drm: fix memory leak
mesa/st/nir: fix missing nir_compact_varyings

Samuel Pitoiset (1):
radv: switch on EOP when primitive restart is enabled with triangle strips

Timothy Arceri (2):
tgsi/scan: fix loop exit point in tgsi_scan_tess_ctrl()
tgsi/scan: correctly walk instructions in tgsi_scan_tess_ctrl()

Vinson Lee (2):
meson: Fix typo.
meson: Fix libsensors detection.

Read more

Also: Mesa 18.3.2 Released With Many Fixes As Users Encouraged To Upgrade

Syndicate content

More in Tux Machines

Security: Bo Weaver, New Scares, Clones With Malware

  • Bo Weaver on Cloud security, skills gap, and software development in 2019
    Bo Weaver, a Kali Linux expert shares his thoughts on the security landscape in the cloud. He also talks about the skills gap in the current industry and why hiring is a tedious process. He explains the pitfalls in software development and where the tech is heading currently. Bo, along with another Kali Linux expert Wolf Halton were also interviewed on why Kali Linux is the premier platform for testing and maintaining Windows security. They talked about advantages and disadvantages for using Kali Linux for pentesting. We also asked them about what they think about pentesting in cybersecurity, in general. They have also talked about their stance about the role of pentesting in cybersecurity in their interview titled, “Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity” [...] I laugh and cry at this term. I have a sticker on my laptop that says “There is no Cloud…. Only other people’s computers.” Your data is sitting on someone else’s system along with other people’s data. These other people also have access to this system. Sure security controls are in place but the security of “physical access” has been bypassed. You’re “in the box”. One layer of security is now gone. Also, your vendor has “FULL ACCESS” to your data in some cases. How can you be sure what is going on with your data when it is in an unknown box in an unknown data center? The first rule of security is “Trust No One”. Do you really trust Microsoft, Amazon, or Google? I sure don’t!!! Having your data physically out of your company’s control is not a good idea. Yes, it is cheaper but what are your company and its digital property worth? [...] In software development, I see a dumbing down of user interfaces. This may be good for my 6-year-old grandson, but someone like me may want more access to the system. I see developers change things just for the reason of “change”. Take Microsoft’s Ribbon in Office. Even after all these years, I find the ribbon confusing and hard to use. At least, with Libre Office, they give you a choice between a ribbon and an old school menu bar. The changes in Gnome 3 from Gnome 2. This dumbing down and attempting to make a desktop usable for a tablet and a mouse totally destroyed the usability of their desktop. What used to take 1 click now takes 4 clicks to do.
  • Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity [Interview]
  • Cloud security products uninstalled by mutating malware [Ed: Affects already-compromised servers]
    Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers - it's not just the Chinese cloud environments being hosted via Linux, it's likely that your business is running at least one cloud service on a Linux server too.
  • Google Play still has a clone problem in 2019 with no end in sight
    A fake app tries to clone another app in name, looks, and functionality, often also adding something like malware. Despite Google’s best efforts, both types of apps were fairly common in 2018.

Programming: GNU Binutils, Qt, Python, GStreamer, C++ and GTK+

  • GNU Binutils 2.32 Branched Ahead Of Release With New Features
    A new release of the GNU Binutils programming tools will soon be available. The upcoming Binutils 2.32 release is primarily made up of new CPU ports.  GNU Binutils 2.32 is bringing a MIPS port to the Loongson 2K1000 processor and the Loongson 3A1000/3A2000/3A3000 processors, all of which are based on the MIPS64r2 ISA but with different instruction set extensions. These new GPUs are exposed via -march=gs264e, -march=gs464, and -march=gs464e flags. With Binutils 2.32, the utilities like objdump and c++filt now have a maximum amount of recursion that is allowed while demangling strings with the current default being 2048. There is also a --no-recurse-limit for bypassing that limit. Objdump meanwhile allows --disassemble to specify a starting symbol for disassembly.
  • Building Qt apps with Travis CI and Docker
    I recently configured Travis CI to build Nanonote, my minimalist note-taking application. We use Jenkins a lot at work, and despite the fact that I dislike the tool itself, it has proven invaluable in helping us catch errors early. So I strongly believe in the values of Continuous Integration. When it comes to CI setup, I believe it is important to keep your distances with the tool you are using by keeping as much setup as possible in tool-agnostic scripts, versioned in your repository, and making the CI server use these scripts.
  • PyPI Security and Accessibility Q1 2019 Request for Proposals Update
    Earlier this year we launched a Request for Information (RFI) followed by the launch of a Request for Proposals (RFP) in November to fulfill a contract for the Open Technology Fund (OTF) Core Infrastructure Fund.  The initial deadline for our RFP was December 14th. We had hoped to begin work with the selected proposers in January 2019, but ultimately fell short of the ability to do so.
  • GStreamer 1.15.1 Released With Work On AV1, V4L HEVC Encode/Decode
    GStreamer 1.15.1 was announced on Friday as the first development release in the trek towards GStreamer 1.16 for this powerful open-source multimedia framework.
  • GStreamer 1.15.1 development release
    The GStreamer team is pleased to announce the first development release in the unstable 1.15 release series. The unstable 1.15 release series adds new features on top of the current stable 1.14 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. The unstable 1.15 release series is for testing and development purposes in the lead-up to the stable 1.16 series which is scheduled for release in a few weeks time. Any newly-added API can still change until that point, although it is rare for that to happen.
  • Is C++ fast?
    A library that I work on often these days, meshoptimizer, has changed over time to use fewer and fewer C++ library features, up until the current state where the code closely resembles C even though it uses some C++ features. There have been many reasons behind the changes - dropping C++11 requirement allowed me to make sure anybody can compile the library on any platform, removing std::vector substantially improved performance of unoptimized builds, removing algorithm includes sped up compilation. However, I’ve never quite taken the leap all the way to C with this codebase. Today we’ll explore the gamut of possible C++ implementations for one specific algorithm, mesh simplifier, henceforth known as simplifier.cpp, and see if going all the way to C is worthwhile.
  • Python Counters @PyDiff
  • Report: (clxi) stackoverflow python report
  • Regular Expressions in Python
  • Starting on a new map rendering library
    Currently in Maps, we use the libchamplain library to display the bitmap map titles (based on OpenStreetMap data and aerial photography) that we get from our tile provider, currently MapBox. This library is based on Clutter and used via the GTK+ embed support within libchamplain, which in turn makes use of the Clutter GTK embed support. Since this will not be supported when moving along to GTK+ 4.x and the Clutter library is not maintained anymore (besides the copy of it that is included in the GNOME Shell window manager/Wayland compositor, Mutter) eventually Maps will have to find a replacement. There's also some wonky bugs especially with regards to the mixing of event handling on the Clutter side vs. the GTK+ side. So to at least get the ball rolling a bit, I recently decided to see how hard it would be to take the code from libchamplain and keep the grotty deep-down internals dealing with tile downloading and caching and such and refocus the top-level parts onto new GTK+ 4 technologies such as the Snapshot, GSK (scene graph), and render node APIs.

today's howtos

LibreELEC (Leia) v8.95.3 BETA

LibreELEC 9.0 (Leia) Beta 3 has finally arrived after a long gestation period. Based upon Kodi v18 RC5.2, the 9.0 Beta 3 release contains many changes and refinements to user experience and a complete overhaul of the underlying OS core to improve stability and extend hardware support. Kodi v18 also brings new features like Kodi Retroplayer and DRM support that (equipped with an appropriate add-on) allows Kodi to unofficially stream content from services like Netflix and Amazon. Read more