Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 14 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Titlesort icon Author Replies Last Post
Story 3 open source genealogy tools for mapping your family tree Roy Schestowitz 17/12/2015 - 1:15pm
Story 3 open source personal finance tools for Linux Roy Schestowitz 07/01/2016 - 10:45am
Story 3 tools that make scanning on the Linux desktop quick and easy Roy Schestowitz 23/09/2014 - 8:05pm
Story 4 open source alternatives to Dreamweaver Roy Schestowitz 24/03/2016 - 10:40am
Story 4 open source tools I used to write a Linux book Roy Schestowitz 06/07/2016 - 8:10am
Story 4 steps to creating a thriving open source project Roy Schestowitz 26/05/2015 - 3:48pm
Story 4 tips for how to migrate to Drupal Roy Schestowitz 20/02/2015 - 12:49pm
Story 4 versatile boards for fast, inexpensive IoT development Roy Schestowitz 10/10/2016 - 8:44am
Story 5 open access journals for open source enthusiasts Roy Schestowitz 21/10/2014 - 8:04am
Story 5 open source projects to join in 2015 Roy Schestowitz 05/01/2015 - 6:23pm

Open Hardware/Modding: Raspberry Pi 3, RISC-V Foundation and More

Filed under
GNU
Linux
Hardware
  • $38 Compute Module PoE Board Works with Raspberry Pi CM3/CM3+ Modules

    Raspberry Pi 3 Compute Module was first introduced in 2017 with CM3 and CM3L systems-on-module with or without 4GB eMMC flash for $25 and up before the company launched an update earlier this year...

  • IoT ugly Christmas sweaters

    If there’s one thing we Brits love, it’s an ugly Christmas sweater. Jim Bennett, a Senior Cloud Advocate at Microsoft, has taken his ugly sweater game to the next level by adding IoT-controlled, Twitter-connected LEDs thanks to a Raspberry Pi Zero.

  • A Look at Ubuntu on MINIX NEO G41V-4 and J50C-4 Mini PCs
  • iCommSemi SV6166F is a Low-Power WiFi SoC for IoT and Embedded Systems
  • RISC-V Foundation Says Goodbye to the United States

    For over thirty years U.S. companies have enjoyed a home court advantage in developing information and communications technology (ICT) standards. Specifically, the overwhelming majority of the more than five hundred consortia founded over the last thirty-five years to develop ICT standards have been formed under U.S. laws and headquartered in the U.S. That’s hardly a surprise because the vast majority of the companies that founded these same consortia were also American companies. Now the times may be a-changing.

    The ability to form and maintain standards consortia in the founders’ backyards provides significant advantages. They include convenience, reduced travel costs, predictability of legal results, choice of language, demonstration of national leadership, standardization of governance structures and more. For decades, foreign companies were amenable to this practice, so long as a sufficient percentage of face to face meetings were held outside the U.S.

    That tolerance began to erode after 9/11. New security measures made crossing the U.S. border more tedious, sometimes even requiring fingerprinting as a precondition to entry. Some members couldn’t obtain visas at all, an issue that became more critical as Chinese companies became more active in standards development. Privacy concerns also escalated, leading to European objections to hosting the information of its citizens in the U.S. at all. Those concerns were temporarily abated when new rules were put in place, but anxieties have heightened again – this time with the U.S. as well as in Europe – over the privacy policies of the largest U.S. IT companies.

    This year, concerns increased again when ZTE, and then Huawei and scores of that Chinese company’s affiliates, were added to the U.S. “Entity List.” Huawei and its affiliates are reportedly members of over 400 ICT standards organizations, each of which was suddenly tasked with figuring out which of its activities, if any, it could now permit the Chinese companies to participate in.

Graphics: AMD, Intel, Vulkan/Flycast and NVIDIA

Filed under
Graphics/Benchmarks
  • AMD Publishes Vega 7nm ISA Documentation - 300 More Pages Of GPU Docs

    Beyond AMD's open-source graphics driver stack of the past decade, part of their original open-source plans have also involved providing public (NDA-free) GPU hardware documentation. That has come with time though the documentation drops are not coordinated in-step with code drops. Out today, for example, is the ISA documentation on Vega 7nm.

    Back in 2017 was the timely release of the Vega ISA documentation and earlier this summer was even the RDNA 1.0 ISA documentation but missing out until now was the Vega 7nm ISA documentation.

  • Intel's Iris Gallium3D Driver Continuing To See Performance Optimizations On Mesa 20.0

    With the current Mesa 19.3 there is the Intel Gallium3D driver generally performing much better than their "classic" i965 driver and for Mesa 20.0 it looks to only make more ground as it switches over to this driver by default.

    Beyond the recent build system changes for supporting an Intel Gallium3D default and building it as part of the default x86/x86_64 Gallium3D drivers with hopes of soon flipping the switch for Broadwell and newer, more performance optimizations are still being done.

  • Dreamcast emulator Flycast adds a Vulkan renderer

    There seems to be quite a lot of interest in Vulkan lately, as more projects begin using it. Now we have the Dreamcast emulator Flycast adding Vulkan support.

    In the technical blog post announcing it on the Libretro site, it gives a bit of brief history of the Dreamcast GPU and mentions the usual "less overhead, more reliability and better performance in many cases" when it comes to using Vulkan although it's a lot more complicated to use.

  • NVIDIA have two new Linux drivers available, one stable and one Vulkan Beta

    NVIDIA continue pushing their drivers forwards with two new Linux driver updates available. Let's take a quick look.

    First, the stable 440.44 driver release as part of their long-lived branch. This adds support for the Quadro T2000 with Max-Q Design, you can now use the "__GL_SYNC_DISPLAY_DEVICE" environment variable for Vulkan applications and it fixes a few bugs like tearing with a G-SYNC or G-SYNC Compatible monitor when you've got something running directly on a display (like VR).

Watch these videos from the Linux App Summit

Filed under
Linux

For some, the holidays are a hectic time of shopping, cooking, and a house overflowing with loved ones. For others, they’re quiet times spent with just a few friends, or even in solitude behind the warm glow of a computer monitor. And for still others, it’s a workday like any other.

No matter how you end up spending the holiday season this year, there’s comfort to be found in the Linux App Summit of 2019. This summit, which combined the strengths of everyone involved in developing applications for Linux, focused on a few major topics...

Read more

Most essential apps for every Linux user | 2020

Filed under
GNU
Linux
Software

When you first install a Linux distro or do a fresh install on a system, you need to install the essential apps for regular use. That is why I have prepared a quick guide list of the essential apps for every Linux user. So that you can check and go through the installation easily and get the needed apps for your better use and workflow.

Read more

Qt Creator 4.11 is released

Filed under
KDE

We added experimental support for Qt for WebAssembly and Qt for MCUs.

We improved the general handling of configuring, building and running projects in so many smaller ways that I fail to choose anything for being highlighted here.

If you use CMake 3.14 or later we now use CMake's file-base API for configuring and parsing projects. Which behaves much more reliably than the previous server-mode, especially if you also use CMake from a terminal or other applications.

Read more

Games: Transport Fever 2, Vampire: The Masquerade - Coteries of New York, Rocket League

Filed under
Gaming
  • Build a transportation empire with Transport Fever 2 out now, same-day support for Linux

    Urban Games and Good Shepherd Entertainment are back, with Transport Fever 2 now officially available with same-day support for Linux.

    With a wide variety of transportation options available to build across multiple generations, there's a huge amount of content included. Prepare to kiss your time and friendships goodbye as we've got another great time-sink on our hands.

  • Vampire: The Masquerade - Coteries of New York for Linux is now uncertain

    Before release, the store pages for Vampire: The Masquerade - Coteries of New York very clearly listed Windows, MAC OS, Linux and now it's only available for Windows.

    Not to be confused with Bloodlines 2, Coteries of New York is styled like an interactive fiction (a fancy way to say: Visual Novel). It does look good though and it sounded very interesting so we were quite excited to see the mention of Linux support.

  • Rocket League's new Item Shop and Blueprints get a price reduction

    Oh Psyonix, what have you done? Rocket League recently had the loot boxes removed, with Blueprints and an Item Shop instead so you see exactly what you get but the pricing is terrible.

    As someone who has hundreds of hours in Rocket League, Psyonix really did disappoint with the big update recently. It could have been handled a lot better, but it came across as incredibly greedy. It's a game you have to pay for, yet they wanted us to spend a ridiculous amount of money on Credits for some of the items.

LibreOffice 6.3.4 available for download

Filed under
LibO

For enterprise class deployments, TDF strongly recommend sourcing LibreOffice from one of the ecosystem partners to get long-term supported releases, dedicated assistance, custom new features and other benefits, including Service Level Agreements (SLAs). Also, the work done by ecosystem partners flows back into the LibreOffice project, benefiting everyone.

Also, support for migrations and trainings should be sourced from certified professionals who provide value-added services which extend the reach of the community to the corporate world and offer CIOs and IT managers a solution in line with proprietary offerings.

In fact, LibreOffice – thanks to its mature codebase, rich feature set, strong support for open standards, excellent compatibility and long-term support options from certified partners – represents the ideal solution for businesses that want to regain control of their data and free themselves from vendor lock-in.

Read more

GNOME and gestures, Part 3: HdyLeaflet again

Filed under
GNOME

0.0.12 brings some changes to HdyLeaflet mode and child transitions. Separate mode and child transition types have been deprecated in favor of a unified transition-type property. It can take 4 values: none, slide, over, under. Crossfade doesn’t make much sense spatially and was deprecated as well, though it’s still works if used via child-transition-type property. Additionally, over and under transitions have a subtle shadow now, similar to the WebKit gesture.

It’s recommended that the apps using the gesture use over transition.

Read more

New Shows: The Linux Link Tech Show (TLLTS), BSD Now, Choose Linux, Destination Linux

Filed under
GNU
Linux
BSD
  • The Linux Link Tech Show Episode 837

    echo dot, google services, aws, spanner, docker, alpine linux

  • EPYC Netflix Stack | BSD Now 328

    LLDB Threading support now ready, Multiple IPSec VPN tunnels with FreeBSD, Netflix Optimized FreeBSD’s Network Stack More Than Doubled AMD EPYC Performance, happy eyeballs with unwind(8), AWS got FreeBSD ARM 12, OpenSSH U2F/FIDO support, and more.

  • What We Wish We’d Known Earlier | Choose Linux 24

    All three of us have different levels of experience with Linux but there are tons of things that we wish we'd learned earlier in our journey.

    From gatekeeping to community culture, command line tricks to backups, and more.

  • Destination Linux Episode #151

    When we launched the Destination Linux Network we also wanted to partner with our growing community to find ways we could give back. So we put up a post on our Discourse forum and asked the community to provide us feedback on the charities you would like for us to work with. Free Geek was highly recommended by many of you and we’re so excited to partner with them and launch our first giving back campaign.

    Free Geek’s mission is to sustainably reuse technology and enable digital access and education to the community. The best part is they have many ways for everyone to get involved. In this episode we interview Hilary Shohoney of FreeGeek. Hilary is Free Geek’s Manager of Development and manages the relationships between Free Geek and the local community working on issues like the digital divide.

Secure, open source Linux handheld has an Ethernet port

Filed under
Linux
OSS

XXLSEC’s open-spec “ProteusDevice” handheld runs a security-hardened, Linux 5.4-based PriveOS without binary blobs on an i.MX6 with 1GB RAM, 8GB eMMC, 5-inch touchscreen, 10/100 Ethernet, and optional WiFi.

Helsinki, Finland-based XXLSEC has posted specs for a security focused, i.MX6 Quad based handheld called the ProteusDevice, which is based on its almost identical, but slightly smaller Privecall TX device. The minimalist Twitter and Reddit announcements claim the 5.5-inch touchscreen enabled device is for sale, but there’s no price or shopping page listed.

Read more

Fedora and Red Hat: Fedora's Modularity Initiative, Git, Servers, Buildah and Ansible

Filed under
Red Hat
  • Fedora's modularity mess

    Fedora's Modularity initiative has been no stranger to controversy since its inception in 2016. Among other things, there were enough problems with the original design that Modularity went back to the drawing board in early 2018. Modularity has since been integrated with both the Fedora and Red Hat Enterprise Linux (RHEL) distributions, but the controversy continues, with some developers asking whether it's time for yet another redesign — or to abandon the idea altogether. Over the last month or so, several lengthy, detailed, and heated threads have explored this issue; read on for your editor's attempt to integrate what was said.
    The core idea behind Modularity is to split the distribution into multiple "streams", each of which allows a user to follow a specific project (or set of projects) at a pace that suits them. A Fedora user might appreciate getting toolchain updates as soon as they are released upstream while sticking with a long-term stable release of LibreOffice, for example. By installing the appropriate streams, this sort of behavior should be achievable, allowing a fair degree of customization.

    Much of the impetus — and development resources — behind Modularity come from the RHEL side of Red Hat, which has integrated Modularity into the RHEL 8 release as "Application Streams". This feature makes some sense in that setting; RHEL is famously slow-moving, to the point that RHEL 7 did not even support useful features like Python 3. Application Streams allow Red Hat (or others) to make additional options available with support periods that differ from that of the underlying distribution, making RHEL a bit less musty and old, but only for the applications a specific user cares about.

    The use case for Modularity in Fedora is arguably less clear. A given Fedora release has a support lifetime of 13 months, so there are limits to the level of stability that it can provide.

  • Moving bugzilla overrides to dist-git

    A while ago Fedora had pkgdb to configure ACLs for each package repo and package related admin actions. When we moved to 'pagure over dist-git', pagure already provided some of these capabilities. pkgdb would have needed a lot of effort to make it work with the modern package branching (modularity) [1] with different lifecycles for each package that are unrelated to Fedora releases and thus we've decided to retire it and replace it with a different solution.

    One of the missing parts after retireing pkgdb was the ability to set different default bugzilla assignees for EPEL and Fedora. This was solved by creating a new repository called fedora-scm-requests [2]. A script would then parse the contents of the repository, merge that information with the main package admins and repo watchers from dist-git and sync this information to bugzilla so that new bugs get assigned to the correct maintainers and all the interested parties get put on CC:. Each change required a pull request to this repo and someone from the infrastructure team to review and merge the patch. It is obvious that this doesn't scale with the huge number of packages that Fedora and EPEL have.

  • Red Hat customers want the hybrid cloud

    If you listen to some people, everyone and their corner office wants to move to the public cloud. Red Hat's global customers have a different take. Thirty-one percent of Red Hat's customers say "hybrid" describes their strategy best, 21% are leaning toward a private cloud approach, while only 4% see the public cloud as their first choice. There's only one little problem: Finding the staff with the right skills to make the jump from old-school IT to the cloud.

    Businesses prefer the hybrid cloud strategy for many different reasons -- but, overall, data security, cost benefits, and data integration led the pack. For years, the hybrid cloud wasn't that popular. With the rise of the Kubernetes-based hybrid cloud model and with Red Hat being one of the new-model hybrid cloud's leading proponents, customers are embracing the hybrid cloud.

  • Building with Buildah: Dockerfiles, command line, or scripts
  • How to write a multitask playbook in ansible

VirtualBox 6.1 Officially Released with Linux Kernel 5.4 Support, Improvements

Filed under
Software

Oracle released today the final version of the VirtualBox 6.1 open-source and cross-platform virtualization software for GNU/Linux, macOS, and Windows operating systems.
VirtualBox 6.1 is the first major release in the VirtualBox 6 series of the popular virtualization platform and promises some exciting new features, such as support for the latest and greatest Linux 5.4 kernel series, the ability to import virtual machines from the Oracle Cloud Infrastructure, as well as enhanced support for nested virtualization.

"Support for nested virtualization enables you to install a hypervisor, such as Oracle VM VirtualBox or KVM, on an Oracle VM VirtualBox guest. You can then create and run virtual machines in the guest VM. Support for nested virtualization allows Oracle VM VirtualBox to create a more flexible and sophisticated development and testing environment," said Oracle.

Read more

Programming Leftovers

Filed under
Development
  • A static-analysis framework for GCC

    One of the features of the Clang/LLVM compiler that has been rather lacking for GCC may finally be getting filled in. In a mid-November post to the gcc-patches mailing list, David Malcolm described a new static-analysis framework for GCC that he wrote. It could be the starting point for a whole range of code analysis for the compiler.

    According to the lengthy cover letter for the patch series, the analysis runs as an interprocedural analysis (IPA) pass on the GIMPLE static single assignment (SSA) intermediate representation. State machines are used to represent the code parsed and the analysis looks for places where bad state transitions occur. Those state transitions represent constructs where warnings can be emitted to alert the user to potential problems in the code.

    There are two separate checkers that are included with the patch set: malloc() pointer tracking and checking for problems in using the FILE * API from stdio. There are also some other proof-of-concept state machines included: one to track sensitive data, such as passwords, that might be leaked into log files and another to follow potentially tainted input data that is being used for array indexes and the like.

    The malloc() state machine is found in sm-malloc.cc, which is added by this patch, looks for typical problems that can occur with pointers returned from malloc(): double free, null dereference, passing a non-heap pointer to free(), and so on. Similarly, one of the patches adds sm-file.c for the FILE * checking. It looks for double calls to fclose() and for the failure to close a file.

  • RUST howto getting started – hello world

    if one is viewing this site using Firefox or Gecko-Engine… one is running RUST already.

    At the beginning – one was big fan of Java – Java was/still is all the rage – theoretically write once – run anywhere linux, osx and (thanks to Google) on mobile and even on the closed source OS who’s name shall not be mentioned, nobody knows what the Java Virtual Machine does besides running bytecode, Java on slow ARM CPUs is kind of a burden.

  • Async Interview #2: cramertj, part 3

    This blog post is continuing my conversation with cramertj. This will be the last post.

    In the first post, I covered what we said about Fuchsia, interoperability, and the organization of the futures crate.

    In the second post, I covered cramertj’s take on the Stream, AsyncRead, and AsyncWrite traits. We also discussed the idea of attached streams and the importance of GATs for modeling those.

  • Python 3.7.6rc1 and 3.6.10rc1 are now available for testing

    Python 3.7.6rc1 and 3.6.10rc1 are now available. 3.7.6rc1 is the release preview of the next maintenance release of Python 3.7;  3.6.10rc1 is the release preview of the next security-fix release of Python 3.6. Assuming no critical problems are found prior to 2019-12-18, no code changes are planned between these release candidates and the final releases. These release candidates are intended to give you the opportunity to test the new security and bug fixes in 3.7.6 and security fixes in 3.6.10. While we strive to not introduce any incompatibilities in new maintenance and security releases, we encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that these are preview releases and, thus, their use is not recommended for production environments.

  • Print all git repos from a user (only curl and grep)
  • Linux Fu: Debugging Bash Scripts

    A recent post about debugging constructs surprised me. There were quite a few comments about how you didn’t need a debugger, as long as you had printf. For that matter, we’ve all debugged systems where you had nothing but an LED to flash or otherwise turn on to communicate with the user. However, it is hard to deny that a debugger can help with complex code.

    To say you only need printf would be like saying you only need machine language. Technically accurate — you can do anything in machine language. But it sure makes things easier to have an assembler or some language to help you work out your problem. If you write a simple bash script, you can use the equivalent to printf — maybe that’s the echo command, although there is usually a printf command on a typical system, if you want to use it. However, there are other things you can do with bash including a pretty cool debugger if you know how to find it.

    I assume you already know how to use echo and printf, but let’s dig into how to use trace execution line by line without the need for echo statements on every other line. Along the way, you’ll learn how to get started with the bash debugger.

Kernel: LWN Articles and Radeon Linux 5.6 Changes

Filed under
Linux
  • Fixing SCHED_IDLE

    The scheduler implements many "scheduling classes", an extensible hierarchy of modules, and each class may further encapsulate "scheduling policies" that are handled by the scheduler core in a policy-independent way. The scheduling classes are described below in descending priority order; the Stop class has the highest priority, and Idle class has the lowest.

    The Stop scheduling class is a special class that is used internally by the kernel. It doesn't implement any scheduling policy and no user task ever gets scheduled with it. The Stop class is, instead, a mechanism to force a CPU to stop running everything else and perform a specific task. As this is the highest-priority class, it can preempt everything else and nothing ever preempts it. It is used by one CPU to stop another in order to run a specific function, so it is only available on SMP systems. The Stop class creates a single, per-CPU kernel thread (or kthread) named migration/N, where N is the CPU number. This class is used by the kernel for task migration, CPU hotplug, RCU, ftrace, clock events, and more.

    The Deadline scheduling class implements a single scheduling policy, SCHED_DEADLINE, and it handles the highest-priority user tasks in the system. It is used for tasks with hard deadlines, like video encoding and decoding. The task with the earliest deadline is served first under this policy. The policy of a task can be set to SCHED_DEADLINE using the sched_setattr() system call by passing three parameters: the run time, deadline, and period.

    To ensure deadline-scheduling guarantees, the kernel must prevent situations where the current set of SCHED_DEADLINE threads is not schedulable within the given constraints. The kernel thus performs an admittance test when setting or changing SCHED_DEADLINE policy and attributes. This admission test calculates whether the change can be successfully scheduled; if not, sched_setattr() fails with the error EBUSY.

    The POSIX realtime (or RT) scheduling class comes after the deadline class and is used for short, latency-sensitive tasks, like IRQ threads. This is a fixed-priority class that schedules higher-priority tasks before lower-priority tasks. It implements two scheduling policies: SCHED_FIFO and SCHED_RR. In SCHED_FIFO, a task runs until it relinquishes the CPU, either because it blocks for a resource or it has completed its execution. In SCHED_RR (round-robin), a task will run for the maximum time slice; if the task doesn't block before the end of its time slice, the scheduler will put it at the end of the round-robin queue of tasks with the same priority and select the next task to run. The priority of the tasks under the realtime policies range from 1 (low) to 99 (high).

  • Virtio without the "virt"

    One might ask why it makes sense to implement virtio devices in hardware. After all, they were originally designed for hypervisors and have been optimized for software rather than hardware implementation. Now that virtio support is widespread, the network effects allow hardware implementations to reuse the guest drivers and infrastructure. The virtio 1.1 specification defines ten device types, among them a network interface, SCSI host bus adapter, and console. Implementing a standards-compliant device interface lets hardware implementers focus on delivering the best device instead of designing a new device interface and writing guest drivers from scratch. Moreover, existing guests will work with the device out of the box, and applications utilizing user-space drivers, such as the DPDK packet processing toolkit, do not need to be relinked with new drivers — this is especially helpful when static linking is utilized.

    Implementing virtio in hardware also makes it easy to switch between hardware and software implementations. A software device can be substituted without changing guest drivers if the hardware device is acting up. Similarly, if the driver is acting up, it is possible to substitute a software device to make debugging the driver easier. It is possible to assign hardware devices to performance-critical guests while assigning software devices to the other guests; this decision can be changed in the future to balance resource needs. Finally, implementing virtio in hardware makes it possible to live-migrate virtual machines more easily. The destination host can have either software or hardware virtio devices.

  • 5.5 Merge window, part 1

    The 5.5 merge window got underway immediately after the release of the 5.4 kernel on November 24. The first week has been quite busy despite the US Thanksgiving holiday landing in the middle of it. Read on for a summary of what the first 6,300 changesets brought for the next major kernel release.

  • Radeon Linux 5.6 Changes Begin Queuing - Better Power Management, Adds DMCUB Controller

    While the Linux 5.5 merge window has just been over for less than one week, AMD has already submitted their first batch of feature updates to DRM-Next of new graphics driver material aiming for Linux 5.6 early next year.

Screencasts and Shows: Pisi Linux 2.1.2 Run Through, Linux Headlines, Going Linux, FLOSS Weekly and Selling Keynotes/Tweets at the Linux Foundation

Filed under
GNU
Linux

GNOME at the Back End and GNOME Shell 3.35.2

Filed under
GNOME
  • Molly de Blanc: Keeping the (server) lights on

    Building and maintaining infrastructure for the GNOME project is one of the many activities of the GNOME Foundation, and it’s one of the most important. Building software like the GNOME desktop environment requires a lot of technical support, including managing servers and providing collaboration tools. Since GNOME is focused on being a self-sustaining community, we look as much as possible to managing our own services and software, and making sure it is free and open source.

    The GNOME Infrastructure Team currently supports a total of 34 virtual machines hosted on a total of eight bare metal nodes. These virtual machines allow us to run services like the Openshift Container Platform (OSCP), which provides self-service access to the community to run any of their workflows on an automated and containarized fashion.

    GNOME is build using self-hosted FOSS. We collaboratively build GNOME using a GitLab instance, which has a total of 15k accounts. We do shared storage using NextCloud. Community discussion is handled over Mailman, Discourse, and MoinMoin. We are currently using Indico and Connfa for our event planning and management.

  • GNOME Shell 3.35.2 Begins Launching Spawned Processes Within Systemd Scopes

    Out today is a new development release of GNOME Shell on the road to GNOME 3.36 in March.

    Among the changes in this new GNOME Shell snapshot include:

    - Spawned processes are now placed within systemd scopes in order to improve out-of-memory behavior for applications, an easy means of being able to kill other processes when the shell is restarted, and other use-cases. Systemd scopes allow managing of processes for organization and resource management purposes.

Security: Proprietary Software Holes and More

Filed under
Security
  • It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

    With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs.

    [...]

    Also of note is CVE-2019-1471, a critical hypervisor escape bug that would allow an attacker running on a guest VM to execute code on the host box.

    The bulk of this month's critical fixes were for a series of five remote code execution flaws in Git for Visual Studio. In each of the flaws, said to be caused by improper handling of command-line input, an attacker would launch the exploit by convincing the target to clone a malicious repo.

    The remaining critical patch is for CVE-2019-1468, a play on the tried-and-true font-parsing vulnerability. In the wild, an attacker would embed the poisoned font file in a webpage and attack any system that visits.

  • Exploring Legacy Unix Security Issues

    The operating system SGI IRIX 6.5.22 was declared end of life in 2003, so it has limited use as a production system. I decided I could relive the good old days by looking for new vulnerabilities on an old system in my spare time. It was also an excuse to write some C code, and refresh my memory.

    One of my favorite vulnerabilities is the Insecure Temporary File (CWE-377). This involves manipulating files created in /tmp in an insecure manner. A file is created in /tmp by a piece of software that doesn’t check if the file exists before creating it. Allowing a malicious local user to symlink that file to a critical system file and overwriting it with the contents of what is written to the file in /tmp.

    So I started looking under the /usr/sbin directory for binaries to target. I did a quick examination of binaries and scripts in using the find command to give myself a starting point.

  • Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

    The Breakpointing Bad team at the University of New Mexico recently reported a VPN vulnerability that affects Linux, MacOS, iOS, Android, and more. The vulnerability allows malicious actors to not only see your VPN IP address, but also identify sites you are visiting and inject data into connections. The team consists of William J. Tolley, Beau Kujath, and Jedidiah R. Crandall and the public was notified on December 4th, 2019. Designated [CVE-2019-14899], the vulnerability shook the VPN industry due to the breadth of affected systems. [CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec.

    Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections. To our knowledge, Private Internet Access is the first commercial VPN to release a new client that prevents this ongoing security vulnerability.

  • Chrome now warns you when your password has been stolen

    Google is rolling out Chrome version 79 today, and it includes a number of password protection improvements. The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach. Google has been warning about reused passwords in a separate browser extension or in its password checkup tool, but the company is now baking this directly into Chrome to provide warnings as you log in to sites on the web.

Syndicate content

More in Tux Machines

Android Leftovers

Get started with Lumina for your Linux desktop

For a good number of years, there was a desktop operating system (OS) based on FreeBSD called PC-BSD. It was intended as an OS for general use, which was noteworthy because BSD development mostly focuses on servers. For most of its life, PC-BSD shipped with the KDE desktop by default, but the more KDE came to depend on Linux-specific technology, the more PC-BSD migrated away from it. PC-BSD became Trident, and its default desktop is Lumina, a collection of widgets written to use the same Qt toolkit that KDE is based upon, running on the Fluxbox window manager. You may find the Lumina desktop in your Linux distribution's software repository or in BSD's ports tree. If you install Lumina and you're already running another desktop, you may find yourself with redundant applications (two PDF readers, two file managers, and so on) because Lumina includes a few integrated applications. If you just want to try the Lumina desktop, you can install a Lumina-based BSD distribution in a virtual machine, such as GNOME Boxes. Read more

Android Leftovers

10 Best Linux Log File Management Tools

Log file management is essential for apps, operating systems, servers, and anything software related. Realistically, there are some specific file management best practices that are fundamental, and tools which tend to make the process easier while outpacing the rest. We’ll briefly explore ten of these tools in this writing. Linux and Unix require log management that’s as convenient as possible for best server management. Servers are the core of many businesses in terms of technology, and different businesses have different needs. From Papertrail to Lnav to LOGalyze, there are plenty of worthwhile options. Find those that best fit your business and needs of its tech personnel. Read more