Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 18 Nov 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Microsoft Spies on Customers, Red Hat Connections to Government

Filed under
Red Hat
Microsoft
Misc
  • Microsoft covertly collects personal data from enterprise Office ProPlus users

    Privacy Company released the results of a data protection impact assessment showing privacy risks in the enterprise version of Microsoft Office.

  • DLT Named Red Hat Public Sector Partner for 2019; Brian Strosser Quoted

    Red Hat has selected DLT Solutions as its Public Sector Partner of the Year in recognition of the Herndon, Va.-based tech firm’s contributions to the former’s business efforts.

    DLT said Tuesday it provides government agencies with resale access to open-source technologies such as Red Hat’s cloud, middleware and Linux software offerings.

    The company has provided services in support of Red Hat’s products through contracts under the General Services Administration‘s GSA Schedule, NASA‘s SEWP V, the Defense Department‘s Enterprise Software Initiative and the National Institutes of Health‘s Chief Information Officer – Commodities and Solutions vehicles.

Programming: WebRender, Healthcare Design Studio GoInvo, PHP Boost and Google Cloud Platform (GCP)

Filed under
Development
  • Mozilla GFX: WebRender newsletter #30

    Hi! This is the 30th issue of WebRender’s most famous newsletter. At the top of each newsletter I try to dedicate a few paragraphs to some historical/technical details of the project. Today I’ll write about blob images.

    WebRender currently doesn’t support the full set of graphics primitives required to render all web pages. The focus so far has been on doing a good job of rendering the most common elements and providing a fall-back for the rest. We call this fall-back mechanism “blob images”.

    The general idea is that when we encounter unsupported primitives during displaylist building we create an image object and instead of backing it with pixel data or a texture handle, we assign it a serialized list of drawing commands (the blob). For WebRender, blobs are just opaque buffers of bytes and a handler object is provided by the embedder (Gecko in our case) to turn this opaque buffer into actual pixels that can be used as regular images by the rest of the rendering pipeline.

  • Healthcare Design Studio GoInvo Releases Open Source Research on Loneliness [Ed: Very odd if not 'creative' use of the term Open Source]
  • PHP Lands Preload Feature, Boosting Performance In Some Cases 30~50%

    PHP developers unanimously approved and already merged support for the new "preloading" concept for this web server language. PHP preloading basically allows loading PHP code that persists as long as the web server is running and that code will always be ready for each subsequent web request, which in some cases will dramatically speed-up the PHP performance on web servers.

    While PHP has long supported caching to avoid PHP code recompilation on each new web request, with each request PHP has still had to check to see if any of the source file(s) were modified, re-link class dependencies, and similar work. PHP preloading allows for given functions/classes to be "preloaded" that will survive as long as the web server is active. It effectively allows loading of functions or entire/partial frameworks that will then be present for each new web request just as if it were a built-in function.

  • Google Announces a Managed Cron Service: Google Cloud Scheduler

    Google announced a new Service on the Google Cloud Platform (GCP) - Cloud Scheduler, a fully managed cron job service that allows any application to invoke batch, big data and cloud infrastructure operations. The service is currently available in beta.

    With Google Cloud Scheduler customers can use the cron service with no need to manage the underlying infrastructure. There is also no need to manually intervene in the event of transient failure, as the services retries failed jobs. Furthermore, customers will only pay for the operations they run -- GCP takes care of all resource provisioning, replication and scaling required to operate Cloud Scheduler. Also, customers can, according to Vinod Ramachandran, product manager at Google, benefit from:

Security Holes in Proprietary Software and Hardware

Filed under
Security
  • It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

    Microsoft and Adobe have delivered the November edition of Patch Tuesday with another sizable bundle of security fixes to install as soon as you're able to.

    The trick is to test and deploy the fixes before exploits are developed to leverage the vulnerabilities.

  • A Research Paper Proposes Seven New Types of Spectre Attacks

    A group of nine scholastics has uncovered today seven new CPU attacks. The seven effect AMD, ARM, and Intel CPUs to different degrees. Two of the seven new attacks are varieties of the Meltdown attack, while the other five are a minor departure from the first Specter attacks – two surely understood attacks that have been uncovered toward the beginning of the year and found to affect CPUs models returning to 1995.

    Scientists say they’ve found the seven new CPU attacks while playing out “a sound and extensible systematization of transient execution attacks” – a catch-all term the examination group used to depict attacks on the different inner instruments that a CPU uses to process information, for example, the theoretical execution process, the CPU’s interior reserves, and other inward execution stages.

today's howtos

Filed under
HowTos

Games: GOG, Underworld Ascendant on GNU/Linux and Monster Sanctuary

Filed under
Gaming
  • GOG adds a bunch of new visual novels to their store

    For those of you who love your visual novels, head on over to GOG as they have some new goodies for you. One of them only just recently got Linux support too.

  • The RPG 'Underworld Ascendant' will be on Linux 1-2 months after release

    OtherSide Entertainment sadly won't be getting the Linux version of Underworld Ascendant on Linux at release.

    It's still coming though, it just needs a little more time. On Twitter, they mentioned "the Mac and Linux versions around 30-45 days after launch to make sure they have the attention they need". They also said they're looking for testers, so naturally we've reached out to let them know we're available.

  • Monster taming metroidvania 'Monster Sanctuary' has smashed plenty of stretch goals, looking good

    Monster Sanctuary, a rather interesting monster taming metroidvania that has a Linux demo has smashed through more stretch goals on Kickstarter and it's exciting.

    I've actually put a surprising amount of time in demo, because it runs so nicely. It's also a very promising game when it comes to the actual gameplay and mechanics. Honestly, I'm really surprised by just how engrossing and exciting the game actually is from the demo. It's going to be seriously fun to watch this one get developed into a full game, I have high hopes for it.

The Newest Mesa NIR/SPIR-V Code For Handling OpenCL Kernels

Filed under
Graphics/Benchmarks

It's now been nearly one year since longtime Nouveau contributor Karol Herbst joined Red Hat where one of his big projects has been working on OpenCL support for this open-source NVIDIA driver by bringing up NIR/SPIR-V support and making the necessary improvements for allowing OpenCL kernels to be represented in that IR commonly used by the Mesa drivers. The work still isn't yet in Mesa Git, but Karol this week sent out his newest patches.

Karol Herbst sent out 22 patches this week in regards to adding support for OpenCL kernels within Mesa's NIR and SPIR-V common code. The patches are mostly adding the necessary OpenCL bits to the common NIR/SPIR-V compiler code for handling the intricacies of OpenCL kernels with features like physical pointer support, cl_size/cl_alignment, and other bits.

Read more

Snaps are the new Linux Apps that work on every Distro

Filed under
Ubuntu

See, when using Linux, you couldn’t exactly Google the name of a program you want, then download the .exe file, double click it and it is installed like you would on Windows (although technically you can do that now with .deb files). You had to know your way around the Terminal. Once in the Terminal, like for the case of Ubuntu, you needed to add the software source to your Repository with sudo apt commands, then now update the cache, then finally install the app you want with sudo apt-get install. In most cases, the dependencies would be all messed up and you’d have to scroll through endless forums trying to figure out how to fix that one pesky dependency that just won’t allow your app to run well.

You’d jump through all these hoops and then finally the app would run, but then it would look all weird because maybe it wasn’t made for your distro. Bottom line, it takes patience and resilience to install Linux Apps.

Read more

Mark Zuckerberg ordered all Facebook executives to use Android phones

Filed under
Android

Facebook CEO Mark Zuckerberg ordered his management team to only use Android phones, given that the operating system has more total users worldwide. According to The New York Times, the decision reportedly occurred after Apple CEO Tim Cook criticized Facebook in an MSNBC interview for being a service that traffics “in your personal life.”

In those comments made back in March, Cook dismissed a question asking him what he would do if he were in Zuckerberg’s shoes dealing with the fallout from the Cambridge Analytica scandal by saying, “I wouldn’t be in this situation.” Zuckerberg soon after retorted in an interview with Recode that he found Cook’s comments to be “extremely glib,” and that “I think it’s important that we don’t all get Stockholm syndrome and let the companies that work hard to charge you more convince you that they actually care more about you. Because that sounds ridiculous to me.”

Read more

New Raspberry Pi 3 Model A+ unveiled

Filed under
Linux

Raspberry Pi 3 Model A+ is a smaller, cheaper, lower-powered Pi 3 and it's on sale now at just US$ 25. The newest Pi is ideal for projects in which you need the speed and processing power of the Pi 3 but can live without ethernet, multiple USB ports, and extra RAM.

Before the first Raspberry Pi was launched, the Raspberry Pi Foundation said it planned to do two product lines: Model A (US$ 25) and Model B (US$ 35). The Model B was launched in 2012, and the Model A a year later. Originally the Model A was just a Model B with half the RAM, and one USB port and the ethernet port removed, but otherwise at the same size and in the same form factor. In 2014, the Model B+ was launched, with more GPIOs and two additional USB ports, and was promptly followed by the A+, in which the board took a size reduction owing to the space created by removal of components.

Read more

7 open source platforms to get started with serverless computing

Filed under
OSS

The term serverless has been coming up in more conversations recently. Let’s clarify the concept, and those related to it, such as serverless computing and serverless platform.

Serverless is often used interchangeably with the term FaaS (Functions-as-a-Service). But serverless doesn’t mean that there is no server. In fact, there are many servers—serverful—because a public cloud provider provides the servers that deploy, run, and manage your application.

Serverless computing is an emerging category that represents a shift in the way developers build and deliver software systems. Abstracting application infrastructure away from the code can greatly simplify the development process while introducing new cost and efficiency benefits. I believe serverless computing and FaaS will play an important role in helping to define the next era of enterprise IT, along with cloud-native services and the hybrid cloud.

Read more

A "joke" in the glibc manual

Filed under
Development
GNU

A "joke" in the glibc manual—targeting a topic that is, at best, sensitive—has come up for discussion on the glibc-alpha mailing list again. When we looked at the controversy in May, Richard Stallman had put his foot down and a patch removing the joke—though opinions of its amusement value vary—was reverted. Shortly after that article was published, a "cool down period" was requested (and honored), but that time has expired. Other developments in the GNU project have given some reason to believe that the time is ripe to finally purge the joke, but that may not work out any better than the last attempt.

The joke in question refers to a US government "censorship rule" from over two decades ago regarding sharing of information about abortion. It is attached to documentation of the abort() call in glibc and the text of it can be seen in the patch to remove it. One might think that an age-old US-centric joke would be a good candidate for removal regardless of its subject matter. That it touches on a topic that is emotionally fraught for many might also make it unwelcoming—thus unwelcome in documentation. But, according to Stallman, that's not so clear cut.

[...]

When pressed for more information about what these larger issues are, as O'Donell did, Stallman counseled patience. He did not offer any more information than that; perhaps the discussion has moved to a private mailing list or the like.

For many, including me, it is a little hard to understand why there is any opposition to removing the joke at all. It is clearly out of place, not particularly funny, and doesn't really push the GNU anti-censorship philosophy forward in any real way even if you grant that anti-censorship is a goal of the project (which some do not). There are, of course, those who oppose removing it because they are opposed to "political correctness" and do not see how it could be "unwelcoming", but even they might concede that it is an oddity that is poked into a back corner of a entirely unrelated document. And it is not hard for many to see that tying the topic of abortion to a C function might be upsetting to some; why waste a bunch of project time defending it when it has effectively no impact in the direction that Stallman wants, while putting off some (possibly small) percentage of glibc manual readers?

Read more

Red Hat: Fedora at Linux Day 2018, Makati (PH) Expansion and Red Hat's Fontana on Copyleft

Filed under
Red Hat
  • Linux Day 2018 – Italy

    Every year, on the last Saturday of October, in Italy there is a national event called “Linux Day”. This year was the 18th edition and it was held on October 27.

    The event is promoted by the Italian Linux Society, and it is independently organized in many cities all around the country by groups of volunteers, LUGs and various associations. Even if it is highly fragmented (many little events in many cities), it is probably the biggest Italian event related to Linux and FLOSS, that is directly organized by people involved in the communities and by ordinary users.

    The aim of such event is to to promote Linux and FLOSS in general: in each city there are many talks, presentations and installation parties. The target audience is not limited to computer enthusiasts, hackers or IT professionals, but newbies, students and curious citizens are welcome as well.

  • Red Hat expands PHL operations, opens new office in Makati
  • Protecting the open-source license commons

    Enforcement, especially involving version 2 of the GPL, has always been a part of the open-source landscape. It only reached the point of actual litigation in the early 2000s, where we saw enforcement efforts showing up in three broad classes. Community enforcement came directly from the developers, either individually or through organizations like the Software Freedom Conservancy (SFC). Commercial entities have done some enforcement, usually in support of an associated proprietary licensing model. And "non-community developers", such as Patrick McHardy, have been pursuing extortionate actions in search of commercial gain. These are the so-called copyright trolls, though he does not like that term. There has been an increase in all three types of enforcement in the last few years; one outcome has been the SFC enforcement principles that try to distinguish the first two types of enforcement from the last, he said.

    A lot of thought has gone into enforcement at his employer Red Hat; Fontana said that enforcement activities should be judged by whether they promote collaboration or not. Enforcement that promotes certainty, predictability, and a level playing field will do that, while commercially motivated enforcement will reduce the incentive to collaborate. So he believes, like many others, that enforcement should not be done for commercial gain. Beyond that, there needs to be transparency around the funding of litigation and the selection of targets. Proceedings should be open; the secrecy built into the German legal system (where much enforcement activity to date has taken place) has not helped here. And, overall, litigation is a poor way to achieve license compliance.

Deepin 15.8 - Attractive and Efficient, Excellent User Experience

Filed under
Debian

Deepin is an open source GNU/Linux operating system, based on Linux kernel and desktop applications, supporting laptops, desktops and all-in-ones. deepin preinstalls Deepin Desktop Environment (DDE) and nearly 30 deepin native applications, as well as several applications from the open source community to meet users’ daily learning and work needs. In addition, about a thousand of applications are offered in Deepin Store to meet your more needs. deepin, developed by a professional operating system R&D team and deepin technical community (www.deepin.org), is from the name of deepin technical community - “deepin”, which means deep pursuit and exploration of the life and the future.

Compared with deepin 15.7, the ISO size of deepin 15.8 has been reduced by 200MB. The new release is featured with newly designed control center, dock tray and boot theme, as well as improved deepin native applications, hoping to bring users a more beautiful and efficient experience.

Read more

Kernel: Zinc and 4.20 Merge Window

Filed under
Linux
  • Zinc: a new kernel cryptography API

    We looked at the WireGuard virtual private network (VPN) back in August and noted that it is built on top of a new cryptographic API being developed for the kernel, which is called Zinc. There has been some controversy about Zinc and why a brand new API was needed when the kernel already has an extensive crypto API. A recent talk by lead WireGuard developer Jason Donenfeld at Kernel Recipes 2018 would appear to be a serious attempt to reach out, engage with that question, and explain the what, how, and why of Zinc.

    WireGuard itself is small and, according to Linus Torvalds, a work of art. Two of its stated objectives are maximal simplicity and high auditability. Donenfeld initially did try to implement WireGuard using the existing kernel cryptography API, but after trying to do so, he found it impossible to do in any sane way. That led him to question whether it was even possible to meet those objectives using the existing API.

    By way of a case study, he considered big_key.c. This is kernel code that is designed to take a key, store it encrypted on disk, and then return the key to someone asking for it if they are allowed to have access to it. Donenfeld had taken a look at it, and found that the crypto was totally broken. For a start, it used ciphers in Electronic Codebook (ECB) mode, which is known to leave gross structure in ciphertext — the encrypted image of Tux on the left may still contain data perceptible to your eye — and so is not recommended for any serious cryptographic use. Furthermore, according to Donenfeld, it was missing authentication tags (allowing ciphertext to be undetectably modified), it didn't zero keys out of memory after use, and it didn't use its sources of randomness correctly; there were many CVEs associated with it. So he set out to rewrite it using the crypto API, hoping to better learn the API with a view to using it for WireGuard.

    The first step with the existing API is to allocate an instance of a cipher "object". The syntax for so doing is arguably confusing — for example, you pass the argument CRYPTO_ALG_ASYNC to indicate that you don't want the instance to be asynchronous. When you've got it set up and want to encrypt something, you can't simply pass data by address. You must use scatter/gather to pass it, which in turn means that data in the vmalloc() area or on the stack can't just be encrypted with this API. The key you're using ends up attached not to the object you just allocated, but to the global instance of the algorithm in question, so if you want to set the key you must take a mutex lock before doing so, in order to be sure that someone else isn't changing the key underneath you at the same time. This complexity has an associated resource cost: the memory requirements for a single key can approach a megabyte, and some platforms just can't spare that much. Normally one would use kvalloc() to get around this, but the crypto API doesn't permit it. Although this was eventually addressed, the fix was not trivial.

  • 4.20 Merge window part 2

    At the end of the 4.20 merge window, 12,125 non-merge changesets had been pulled into the mainline kernel repository; 6,390 came in since last week's summary was written. As is often the case, the latter part of the merge window contained a larger portion of cleanups and fixes, but there were a number of new features in the mix as well.

Limiting the power of package installation in Debian

Filed under
Debian

There is always at least a small risk when installing a package for a distribution. By its very nature, package installation is an invasive process; some packages require the ability to make radical changes to the system—changes that users surely would not want other packages to take advantage of. Packages that are made available by distributions are vetted for problems of this sort, though, of course, mistakes can be made. Third-party packages are an even bigger potential problem because they lack this vetting, as was discussed in early October on the debian-devel mailing list. Solutions in this area are not particularly easy, however.

Lars Wirzenius brought up the problem: "when a .deb package is installed, upgraded, or removed, the maintainer scripts are run as root and can thus do anything." Maintainer scripts are included in a .deb file to be run before and after installation or removal. As he noted, maintainer scripts for third-party packages (e.g. Skype, Chrome) sometimes add entries to the lists of package sources and signing keys; they do so in order to get security updates to their packages safely, but it may still be surprising or unwanted. Even simple mistakes made in Debian-released packages might contain unwelcome surprises of various sorts.

He suggested that there could be a set of "profiles" that describe the kinds of changes that might be made by a package installation. He gave a few different examples, such as a "default" profile that only allowed file installation in /usr, a "kernel" profile that can install in /boot and trigger rebuilds of the initramfs, or "core" that can do anything. Packages would then declare which profile they required. The dpkg command could arrange that package's install scripts could only make the kinds of changes allowed by its profile.

Read more

SpamAssassin is back

Filed under
OSS
Security

The SpamAssassin 3.4.2 release was the first from that project in well over three years. At the 2018 Open Source Summit Europe, Giovanni Bechis talked about that release and those that will be coming in the near future. It would seem that, after an extended period of quiet, the SpamAssassin project is back and has rededicated itself to the task of keeping junk out of our inboxes.
Bechis started by noting that spam filtering is hard because everybody's spam is different. It varies depending on which languages you speak, what your personal interests are, which social networks you use, and so on. People vary, so results vary; he knows a lot of Gmail users who say that its spam filtering works well, but his Gmail account is full of spam. Since Google knows little about him, it is unable to train itself to properly filter his mail.

Just like Gmail, SpamAssassin isn't the perfect filter for everybody right out of the box; it's really a framework that can be used to create that filter. Getting the best out of it can involve spending some time to write rules, for example.

Read more

GNOME Development Updates From Carlos Garnacho and Robert Ancell

Filed under
Development
GNOME
  • Carlos Garnacho: On the track for 3.32

    It happens sneakily, but there’s more things going on in the Tracker front than the occasional fallout. Yesterday 2.2.0-alpha1 was released, containing some notable changes.

    On and off during the last year, I’ve been working on a massive rework of the SPARQL parser. The current parser was fairly solid, but hard to extend for some of the syntax in the SPARQL 1.1 spec. After multiple attempts and failures at implementing property paths, I convinced myself this was the way forward.

  • Robert Ancell: Counting Code in GNOME Settings

    I've been spending a bit of time recently working on GNOME Settings. One part of this has been bringing some of the older panel code up to modern standards, one of which is making use of GtkBuilder templates.

    I wondered if any of these changes would show in the stats, so I wrote a program to analyse each branch in the git repository and break down the code between C and GtkBuilder.

Zentyal 6.0 Released

Filed under
GNU
Linux
Server
Syndicate content

More in Tux Machines

KDE: This week in Usability & Productivity and KBibTeX's Latest

  • This week in Usability & Productivity, part 45
    Let’s have a bit more Usability & Productivity, shall we? The KDE Applications 18.12 release is right around the corner, and we got a lot of great improvements to some core KDE apps–some for that upcoming release, and some for the next one. And lots of other things too, of course!
  • Running KBibTeX from Git repository has become easier
    A common problem with bug reports received for KBibTeX is that the issue may already be fixed in the latest master in Git or that I can provide a fix which gets submitted to Git but then needs to be tested by the original bug reporter to verify that the issue has been indeed fixed for good. For many distributions, no ‘Git builds’ are available (or the bug reporter does not know if they exist or how to get them installed) or the bug reporter does not know how to fetch the source code, compile it, and run KBibTeX, despite the (somewhat too technical) documentation. Therefore, I wrote a Bash script called run-kbibtex.sh which performs all the necessary (well, most) steps to get from zero to a running KBibTeX. The nicest thing is that all files (cloned Git repo, compiled and installed KBibTeX) are placed inside /tmp which means no root or sudo are required, nor are any permanent modifications made to the user&aposs system.

FreeBSD 12.0-RC1 Released, Fixes Ryzen 2 Temperature Reporting

Arguably most user-facing with this week's FreeBSD 12.0-RC1 release is updating the amdsmn/amdtemp drivers for attaching to Ryzen 2 host bridges. Additionally, the amdtemp driver has been fixed for correctly reporting the AMD Ryzen Threadripper 2990WX core temperature. The 2990WX temperature reporting is the same fix Linux initially needed to for a 27 degree offset to report the correct temperature. It's just taken FreeBSD longer to add Ryzen 2 / Threadripper 2 temperature bits even though they had beat the Linux kernel crew with the initial Zen CPU temperature reporting last year. Read more Also: MeetBSD 2018: Michael W Lucas Why BSD?

GPU/Graphics: DRM/KMS and CUDA

  • Google's Pixel 3 Is Using The MSM DRM Driver, More Android Phones Moving To DRM/KMS Code
    It turns out Google's recently announced Pixel 3 smartphone is making use of the MSM Direct Rendering Manager driver associated with the Freedreno open-source Qualcomm graphics project. Google is also getting more Android vendors moving over to using DRM/KMS drivers to power their graphics/display. Alistair Strachan of Google presented at this week's Linux Plumbers Conference and the growing adoption of Direct Rendering Manager / Kernel Mode-Setting drivers by Android devices.
  • Red Hat Developers Working Towards A Vendor-Neutral Compute Stack To Take On NVIDIA's CUDA
    At this week's Linux Plumbers Conference, David Airlie began talking about the possibility of a vendor-neutral compute stack across Intel, Radeon, and NVIDIA GPU platforms that could potentially take on NVIDIA's CUDA dominance. There has been the work on open-source NVIDIA (Nouveau) SPIR-V compute support all year and that's ongoing with not yet having reached mainline Mesa. That effort has been largely worked on by Karol Herbst and Rob Clark, both open-source GPU driver developers at Red Hat. There has also been other compute-motivated open-source driver/infrastructure work out of Red Hat like Jerome Glisse's ongoing kernel work around Heterogeneous Memory Management (HMM). There's also been the Radeon RADV driver that Red Hat's David Airlie co-founded and continues contributing significantly to its advancement. And then there has been other graphics/compute contributions too with Red Hat remaining one of the largest upstream contributors to the ecosystem.

Endless OS Switching To The BFQ I/O Scheduler For More Responsive Linux Desktop

While Con Kolivas' kernel patch series decided to do away with BFQ support, the GNOME-aligned Endless OS Linux distribution has decided to do the opposite in move from CFQ as the default I/O scheduler over to BFQ. Endless OS has decided to switch to the BFQ (Budget Fair Queuing) I/O scheduler since it prioritizes interactive workloads and should make for a better experience for its users particularly when applications may be upgrading in the background. During heavy background I/O, Endless found that their launch time of LibreOffice went from taking 16 seconds with CFQ to just three seconds when using BFQ. Other tests were also positive for improving the interactivity/responsiveness of the system particularly during heavy background I/O. Read more