Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 19 Nov 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney
  • 10/01/2017 - 11:53pm
    jennipurne
  • 10/01/2017 - 11:50pm
    relativ7

GitHub alternative strives to be all open source, only open source

Filed under
Development

A new software service for hosting and managing open source projects, Sr.ht, aims to be an entirely open source alternative to existing services like GitHub, GitLab, and Bitbucket, recreating many of their features.

Created by Drew DeVault and written in a mixture of Python and Go, Sr.ht is now available for public alpha testing by developers. Users can create an account with the hosted version provided by DeVault, or set up the exact same code on cloud or on-prem hardware.

Read more

Security: SMS, Patches, Android, Spam and 'Smart' Things

Filed under
Security
  • A leaky database of SMS text messages exposed password resets and two-factor codes

    A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

    The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

    For Sébastien Kaul, a Berlin-based security researcher, it didn’t take long to find.

    Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox’s own subdomains. Worse, the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves.

  • Security updates for Friday
  • Google: Android Pie Updates Will Be A Lot Faster With Project Treble
  • Frustrating spammers
  • Tracking and snooping on a million kids

    With a couple of watches paired to different testing phones, I had a play with various authorisation and Insecure Direct Object Reference, IDOR, attacks.

    The only check the API appears to perform is matching the UID with the session_token, so simply changing the family_id in the get_watch_data_latest action, shown ibelow, allows an attacker to return the watch location and device_id associated with that family.

Programming: Java EE, Rust, JavaScript, RcppGetconf and More

Filed under
Development
  • Free Online Java EE Development Course From Red Hat Available Now

    The Red Hat Training team is pleased to announce the release of Fundamentals of Java EE Development. This free training is hosted by our partner edX. edX is an open online course provider that now hosts three Red Hat courses, including Fundamentals of Red Hat Enterprise Linux and Fundamentals of Containers, Kubernetes, and Red Hat OpenShift.

    Enterprise Java (Java EE is now known as Jakarta EE) is one of the most in-demand and marketable programming platforms. With Fundamentals of Java EE Development, students learn the foundational skills needed to develop modern applications. Serving as an introduction to enterprise Java development using Red Hat Developer Studio and Red Hat JBoss Enterprise Application Platform, this course builds on students’ Java SE skills to teach the basic concepts behind more advanced topics such as microservices and cloud-native applications.

  • New Rust Course - Building Reuseable Code with Rust

    This course is about the Rust programming language, but it’s not those general introductory course on basic Rust syntax. This course focus on the code reuse aspect of the Rust language. So we won’t be touch every language feature, but we’ll help you understand how a selected set of features will help you achieve code reuse.

    [...]

    snippet is not enough. What comes next naturally is to define a clear interface, or internal API between the modules (in a general sense, not the Rust mod). This is when traits comes in handy. Traits help you define and enforce interfaces. We’ll also discuss the performance impact on static dispatch vs. dynamic dispatch by using generics and trait object.

    Finally we talk about more advanced (i.e. you shouldn’t use it unless necessary) tool like macros, which will help do crazier things by tapping directly into the compiler. You can write function-like macros that can help you reuse code that needs lower level access. You can also create custom derive with macros.

  • What is the MEAN stack? JavaScript web applications

    Most anyone who has developed web applications knows the acronym LAMP, which is used to describe web stacks made with Linux, Apache (web server), MySQL (database server), and PHP, Perl, or Python (programming language).

    Another web-stack acronym has come to prominence in the last few years: MEAN—signifying a stack that uses MongoDB (database server), Express (server-side JavaScript framework), Angular (client-side JavaScript framework), and Node.js (JavaScript runtime).

  • RcppGetconf 0.0.3

    Changes are minor. We avoid an error on a long-dead operating system cherished in one particular corner of the CRAN world. In doing so some files were updated so that dynamically loaded routines are now registered too.

  • The performance impact of zeroing raw memory

    When you create a new variable (in C, C++ and other languages) or allocate a block of memory the value is undefined. That is, whatever bit pattern happened to be in the raw memory location at the time. This is faster than initialising all memory (which languages such as Java do) but it is also unsafe and can lead to bugs, such as use-after-free issues.

    There have been several attempts to change this behaviour and require that compilers would initialize all memory to a known value, usually zero. This is always rejected with a statement like "that would cause a performance degradation fo unknown size" and the issue is dropped. This is not very scientific so let's see if we could get at least some sort of a measurement for this.

More Benchmarks Of The Performance Pullback In Linux 4.20

Filed under
Graphics/Benchmarks
Linux

Last night I published some benchmarks after finding Linux 4.20 is regressing in several workloads compared to Linux 4.18/4.19 and at least was affecting Intel Core i9 "HEDT" boxes. Here are more affected workloads regressing on Linux 4.20 and it's not just limited to high-end hardware.

This morning I decided to check in on my automated bi-daily kernel benchmarks on LinuxBenchmarking.com. It's all automated and thus don't necessarily have the time to look at the data too often (even though PTS' LinuxBenchmarking.com does also provide email notifications when auto-detecting possible regressions), but in looking back at the archived data it too captured a significant performance pullback on multiple systems on Linux 4.20.

Read more

Ubuntu MATE 18.10 Cosmic Cuttlefish - Reasonable-ish

Filed under
Reviews
Ubuntu

We mentioned consistency, remember? Well, in this regard, Ubuntu MATE is consistent. Lots of tiny visual bugs, average battery life, an occasional crash or three, and network connectivity issues. These were my top complaints with Beaver and they remain so with Cuttlefish. Ubuntu MATE 18.10 is more or less identical to its LTS predecessor. The changes aren't really big, with some extra hardware problems - the phone side is a big, big disappointment, but you get better overall theming and a more streamlined package manager.

I would like to see this project succeed, but the energy investment from going hobby to pro is exponential, and it can't be done easily. But this is exactly what Ubuntu MATE needs. A super-strong QA process, and more focus on getting things tightly integrated. Power management is another issue. In the end, you should stay with the LTS edition of course, but hopefully, the problems we see here will be resolved in the next version. This reminds me of the situation Xfce was in two years ago. Gaining momentum, becoming better, and then ... we'll see.

Because, speaking of energy, there does seem to be a limited, finite amount of it, and the mojo pendulum seems to have swung away from Xfce to MATE. There are a lot of excellent and unique new ideas in this project, but the glue (gluons in nuclear physics, if you will) isn't strong enough. Grade, about 7/10. I really want to see everything working like clockwork. Having a modern, majestic Gnome 2 reincarnate would be super fun. Take care, Borgians.

Read more

Canonical: Mastering the upgrading of OpenStack

Red Hat and Fedora Leftovers

Filed under
Red Hat
  • Red Hat Names Carahsoft 2018 Public Sector Distribution Partner of the Year; Natalie Gregory Quoted

    Red Hat has selected Carahsoft Technology as a recipient of the Public Sector Distribution Partner of the Year award for the fifth year in a row.

    Carahsoft said Thursday the award recognizes its efforts to drive net revenue and support for Red Hat’s public sector partner program.

  • Why IBM's purchase of Red Hat makes their future mostly cloudy

    IBM's purchase of Red Hat is getting mixed reviews and the implications for the IT world remain to be seen. I talked with James Sanders about the acquisition and reaction to the news. The following is an edited transcript of our interview.

  • First beta of Red Hat Enterprise Linux 8 now available with security updates, new features

    As the dust settles from the announcement of IBM's pending acquisition of Red Hat, work continues undaunted in delivering new products. This week sees the first beta release of Red Hat Enterprise Linux (RHEL) 8, Red Hat's venerable enterprise distribution, which also serves as the basis for CentOS and Oracle Linux. For reference, RHEL is based on Fedora, which just celebrated the release of Fedora 29.

    In terms of security, the biggest changes in RHEL 8 are support for OpenSSL 1.1.1 and TLS 1.3, which a press release notes "[enable] server applications on the platform to use the latest standards for cryptographic protection of customer data." Likewise, the new release includes "System-wide Cryptographic Policies" allowing for cryptographic configuration using a unified interface, rather than needing to work with specific applications.

  • Fedora lifecycle: Problems, solutions, and a proposal

    I’ve been talking with a number of Fedora leaders, principals, and team members about the issue of Fedora lifecycle. Lifecycle here means the way we manage, schedule, and populate Fedora releases. I started the Lifecycle objective and proposed it as a lead to the Fedora Council to house what I hope will be improvements to Fedora lifecycle.

    One of the most important goals is to diversify the community ownership of our releases. This involves a fairly extensive set of changes in Fedora. It will need effort from a number of teams that work on release processes and services. For that reason, I’m proposing we pause the release cycle after the release of Fedora 30.

    I posted this morning to the devel list to start gathering feedback and input from a wider group on the ideas around the ideas in the writeup. The most important feedback comes from those who are involved in those processes and services. But constructive feedback is welcome from any part of Fedora. Please take the time to read the whole document and understand the goals and benefits for Fedora.

  • FPgM report: 2018-46
  • Fedora 29 : PyQt5 with Qt5 Designer tool.
  • Bodhi 3.11.0 released

Raspbian 2018-11-13 Brings Hardware-Accelerated VLC Media Player

Filed under
Debian

After releasing the Raspberry Pi 3 Model A+ yesterday, the Raspberry Pi Foundation today announced Raspbian 2018-11-13 as the latest update to their Debian-based Linux distribution for these low-cost ARM SBCs.

Most notable with the Raspbian November 2018 update is shipping VLC as its default media player application. The VLC build in Raspbian comes with working hardware acceleration using Broadcom's VideoCore engine for H.264 / MPEG-2 / VC-1 video formats. But the MPEG-2 and VC-1 support requires purchasing the codec licenses.

Read more

Containers and Kubernetes News

Filed under
Server
OSS
  • Ruby in Containers

    Software changes environments from a development machine to a UAT (user acceptance testing) server environment or even from a test environment to production. It is required that the software runs consistently and reliably in these environments in the process.

    There was a time when deploying software was an event, a ceremony because of the difficulty that was required to keep this consistency. Teams spent a lot of time making the destination environments run the software as the source environment. They thereafter prayed that the gods kept the software running perfectly in production as in development.

    With containers, deployments are more frequent because we package our applications with their libraries as a unit making them portable thereby helping us maintain consistency and reliability when moving software between environments. For developers, this is improved productivity, portability and ease of scaling.

    Because of this portability, containers have become the universal language of the cloud allowing us to move software from one cloud to another without much trouble.

    In this article, I will discuss two major concepts to note while working with containers in Ruby. I will discuss how to create small container images and how to test them.

  • Kubernetes co-founder on the container revolution and the future of VMs

    Containers have exploded in popularity in recent years. To help with the deploying, scaling, and managing of containerized applications, Brendan Burns co-founded Kubernetes - a production-grade container orchestration system. In this episode, Brendan shares how he and his co-founders came up with the idea, how they got started, and what containers mean for the future of Virtual Machines.

  • FOSS Project Spotlight: BlueK8s

    Kubernetes (aka K8s) is now the de facto container orchestration framework. Like other popular open-source technologies, Kubernetes has amassed a considerable ecosystem of complementary tools to address everything from storage to security. And although it was first created for running stateless applications, more and more organizations are interested in using Kubernetes for stateful applications.

    However, while Kubernetes has advanced significantly in many areas during the past couple years, there still are considerable gaps when it comes to running complex stateful applications. It remains challenging to deploy and manage distributed stateful applications consisting of a multitude of co-operating services (such as for use cases with large-scale analytics and machine learning) with Kubernetes.

  • How to choose the right storage solution for your containers

    We talk to many shops that are adopting, or have adopted, DevOps practices. For many companies, staying ahead of disruption means not only delivering new applications but also optimizing (or changing!) current processes and systems. They are moving to team-based cultures, working in smaller increments, and automating their environments to try to increase the velocity for software development and deployment.

    Having a common storage underpinning that is "self-service" for developers to provision and manage storage for their applications means teams have less friction in developing and shipping applications.

Microsoft's Vista 10 Disaster Returns, Privacy Violations, and Moving to GNU/Linux

Filed under
GNU
Linux
Microsoft
  • If at first or second you don't succeed, you may be Microsoft: Hold off installing re-released Windows Oct Update

    The 1809 build of Windows 10 and Windows Server is fast becoming infamous. Microsoft pulled it shortly after release when it started deleting people's files, and stumbling in other ways. Redmond reissued the software on Tuesday, and today it's clear you shouldn't rush into deploying it, if installing it at all, in its present state.

  • Microsoft Just Crammed Ads Into Windows 10 Mail. When Will They Stop? [Ed: With Vista 10 the users are the product. The spies from Microsoft spy on them (sometimes illegally, but these people are above the law) and their real clients are advertisers.]

    Whether it’s pre-installing Candy Crush Saga, showing full-screen ads on your lock screen, or displaying banner ads in File Explorer, Microsoft has been shoehorning ads into every inch of Windows 10. The Mail app is getting them next.

    Update: Microsoft’s head of communications, Frank Shaw, just backpedaled on Twitter. He said “this is an experimental feature that was never intended to be tested broadly and is being turned off.” As Mehedi Hassan notes over at Thurrott, this is a strange claim because Microsoft has a detailed support page explaining these advertisements.

  • Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office

    Microsoft broke Euro privacy rules by carrying out the "large scale and covert" gathering of private data through its Office apps.

    That's according to a report out this month [PDF] that was commissioned by the Dutch government into how information handled by 300,000 of its workers was processed by Microsoft's Office ProPlus suite. This software is installed on PCs and connects to Office 365 servers.

    The dossier's authors found that the Windows goliath was collecting telemetry and other content from its Office applications, including email titles and sentences where translation or spellchecker was used, and secretly storing the data on systems in the United States. That's a no-no.

    Those actions break Europe's new GDPR privacy safeguards, it is claimed, and may put Microsoft on the hook for potentially tens of millions of dollars in fines. The Dutch authorities are working with the corporation to fix the situation, and are using the threat of a fine as a stick to make it happen.

  • How old were you when you first started using Linux?

    Whether you switched from another operating system, or are one of the lucky few who knew no OS before it, all of us were beginners at some point.

    How old were you when you started using Linux? Do you remember that time clearly, or is it so far in the past that it's but a faint memory?

    Regardless of the answer, let us know when it was, and maybe, a bit about what that experience has meant to you.

Games: Serious Sam Fusion, Surviving Mars: Space Race, Total War: WARHAMMER II

Filed under
Gaming
  • Serious Sam Fusion has the first update in some time

    Serious Sam Fusion, the game hub that allows you to play Serious Sam HD: The First Encounter, Serious Sam HD: The Second Encounter, Serious Sam 3: BFE along with the VR version finally has an update. It's still in beta, but not classed as "Early Access" on Steam.

    If you pickup any of those games, it automatically gives you Fusion which is especially good for Linux gamers since some of their titles weren't officially available on Linux but are with Fusion. The Fusion hub also brings Vulkan support, so that's awesome.

  • Surviving Mars: Space Race expansion and Gagarin free update have released, working well on Linux

    Haemimont Games along with Paradox Interactive have released the Surviving Mars: Space Race expansion today and it's great.

  • Total War: WARHAMMER II will release for Linux on November 20th

    Feral Interactive have announced that Total War: WARHAMMER II for Linux is officially releasing on November 20th. Originally developed by Creative Assembly in partnership with Games Workshop and published by SEGA for Windows, this is the follow-up game to the original which was released for Linux in November of 2016.

  • Total War: WARHAMMER II Launching For Linux Next Week

    Feral Interactive has just announced that Total War: WARHAMMER II will be released for Linux (and macOS) next week.

    On 20 November they will be releasing this latest native Linux game port following the Windows release a year ago. We've known it was slated for November and now it looks like they have the release all squared away for debut next Tuesday.

Plata Is A New Gtk Theme Based On The Latest Material Design Refresh

Filed under
GNOME

Plata is a new Gtk+ theme based on the latest Material Design refresh. The theme comes in 3 variants, regular (mixed), Lumiere (light) and Noir (dark), each with regular and compact versions.

The theme, which mixes black, indigo and grey with bits of red and purple, supports Gtk+ 3.20.x, 3.22.x and 3.24.x, as well as Gtk+ 2, and a multitude of desktop environments like Gnome Shell (and Flashback), Cinnamon, Xfce, Mate, LXDE, and Budgie Desktop.

Patheon (elementary OS), Unity 7 and "Gnome Shell customized by Canonical" (the Ubuntu session) are not officially supported by Plata theme. I've used Plata in Ubuntu 18.10 with Gnome Shell and I didn't notice any issues other than the theme GDM theme not being used, but this is only after about an hour of usage.

Read more

GNOME 3.31.2 released

Filed under
GNOME

GNOME 3.31.2 is now available. This is the second unstable development release leading to 3.32 stable series. Apologies that it's slightly late: there were some technical snafus.

If you want to compile GNOME 3.31.2, you can use the official BuildStream project snapshot. Thanks to BuildStream's build sandbox, it should build reliably for you regardless of the dependencies on your host system...

Read more

Also: GNOME 3.31.2 Desktop Released

Bisected: The Unfortunate Reason Linux 4.20 Is Running Slower

Filed under
Graphics/Benchmarks

After running a lot of tests and then bisecting the Linux 4.20 kernel merge window, the reason for the significant slowdowns in the Linux 4.20 kernel for many real-world workloads is now known...

This latest Linux 4.20 testing endeavor started out with seeing the Intel Core i9 performance pulling back in many synthetic and real-world tests. This ranged from Rodinia scientific OpenMP tests taking 30% longer to Java-based DaCapo tests taking up to ~50% more time to complete to code compilation tests taking measurably longer to lower PostgreSQL database server performance to longer Blender3D rendering times. That happened with a Core i9 7960X and Core i9 7980XE test systems while the AMD Threadripper 2990WX performance was unaffected by the Linux 4.20 upgrade.

Read more

5 Easy Tips for Linux Web Browser Security

Filed under
Linux
Security
Web

If you use your Linux desktop and never open a web browser, you are a special kind of user. For most of us, however, a web browser has become one of the most-used digital tools on the planet. We work, we play, we get news, we interact, we bank… the number of things we do via a web browser far exceeds what we do in local applications. Because of that, we need to be cognizant of how we work with web browsers, and do so with a nod to security. Why? Because there will always be nefarious sites and people, attempting to steal information. Considering the sensitive nature of the information we send through our web browsers, it should be obvious why security is of utmost importance.

So, what is a user to do? In this article, I’ll offer a few basic tips, for users of all sorts, to help decrease the chances that your data will end up in the hands of the wrong people. I will be demonstrating on the Firefox web browser, but many of these tips cross the application threshold and can be applied to any flavor of web browser.

Read more

Acumos Project's 1st Software, Athena, Helps Ease AI Deployment

Filed under
Software

The LF Deep Learning Foundation on Wednesday announced the availability of the first software from the Acumos AI Project. Dubbed "Athena," it supports open source innovation in artificial intelligence, machine learning and deep learning.

This is the first software release from the Acumos AI Project since its launch earlier this year. The goal is to make critical new technologies available to developers and data scientists everywhere.

Acumos is part of a Linux Foundation umbrella organization, the LF Deep Learning Foundation, that supports and sustains open source innovation in artificial intelligence, machine learning and deep learning. Acumos is based in Shanghai.

Read more

Kodak’s new 3D printer has a Raspberry Pi inside

Filed under
Linux

Kodak has launched a Raspberry Pi 3 based Kodak Portrait 3D Printer with a dual-extrusion system, multiple filament types, a 5-inch touchscreen, and WiFi and Ethernet connections to a Kodak 3D Cloud service.

Kodak and Smart Int’l. have collaborated on a professional, dual extrusion Kodak Portrait 3D Printer that runs a Linux-based 3DprinterOS on a Raspberry Pi 3 board. The $3,500 device offers connections to a Kodak 3D Cloud service, and is designed for engineering, design, and education professionals.

Read more

Syndicate content

More in Tux Machines

today's howtos

Linus Torvalds Comments On STIBP & He's Not Happy - STIBP Default Will End Up Changing

It turns out that Linus Torvalds himself was even taken by surprise with the performance hit we've outlined on Linux 4.20 as a result of STIBP "Single Thread Indirect Branch Predictors" introduction as well as back-porting already to stable series for cross-hyperthread Spectre V2 protection. He doesn't want this enabled in full by default. All of the benchmarking I've been doing the past few days to shine the light on the Linux kernel's STIBP addition appears to be paying off. My tests have found Linux 4.20 to incur significant performance penalties in many workloads -- in fact, more so than some of the earlier Spectre and Meltdown mitigations -- and STIBP is already being back-ported to stable series like Linux 4.19.2. PHP, Pythom, Java, and many other workloads are measurably affected and even the gaming performance to some extent. Read more

Submissions now open for the Fedora 30 supplemental wallpapers

Each release, the Fedora Design team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper. Submissions are now open for the Fedora 30 Supplemental Wallpapers, and will remain open until January 31, 2019 Have you always wanted to start contributing to Fedora but don’t know how? Submitting a supplemental wallpaper is one of the easiest ways to start as a Fedora contributor. Keep reading to learn how. Read more

Android Leftovers