Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 15 Sep 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Vulture Central team welcomed to our new nest by crashed Ubuntu that's 3 years out of date

Filed under
Ubuntu

As eagle-eyed readers may have noted, Vulture Central UK is on the move. Our migratory path has led us to London's Grays Inn Road and, well, you can see what was waiting for us.

We normally like to feature Windows machines in various states of distress, be it a Tesco or Boots self-service till, or the odd railway terminal having a very, very bad day.

Today, courtesy of BT's InLinkUK, we have a Linux-based device caught with its pants down on our doorstep.

InLinkUK is an outfit that plops ad-slinging screens on the pavement, which lure punters with the promise of connectivity. Or, in this case, an insight into the OS on which the things actually run.

Read more

LWN on Linux: Trust, Security, Tags, exFAT and CHAOSS

Filed under
Linux
  • Maintaining the kernel's web of trust

    A typical kernel development cycle involves pulling patches from over 100 repositories into the mainline. Any of those pulls could conceivably bring with it malicious code, leaving the kernel (and its users) open to compromise. The kernel's web of trust helps maintainers to ensure that pull requests are legitimate, but that web has become difficult to maintain in the wake of the recent attacks on key servers and other problems. So now the kernel community is taking management of its web of trust into its own hands.

    Some history

    As recently as 2011, there was no mechanism in place to verify the provenance of pull requests sent to kernel maintainers. If an emailed request looked legitimate, and the proposed code changes appeared to make sense, then the requested pull would generally be performed. That degree of openness makes for a low-friction development experience, but it also leaves the project open to at least a couple types of attacks. Email is easy to forge; an attacker could easily create an email that appeared to be from a known maintainer, but which requested a pull from a malicious repository.

    The risk grows greater if an attacker somehow finds a way to modify a maintainer's repository (on kernel.org or elsewhere); then the malicious code would be coming from a trusted location. The chances of a forged pull request from a legitimate (but compromised) repository being acted on are discouragingly high.

    The compromise of kernel.org in 2011 focused minds on this problem. By all accounts, the attackers had no idea of the importance of the machine they had taken over, so they did not even try to tamper with any of the repositories kept there. But they could have done such a thing. Git can help developers detect and recover from such attacks, but only to an extent. What the community really needs is a way to know that a specific branch or tag proposed for pulling was actually created by the maintainer for the relevant subsystem.

    One action that was taken was to transform kernel.org from a machine managed by a small number of kernel developers in their spare time into a carefully thought-out system run by full-time administrators supported by the Linux Foundation. The provision of shell accounts to hundreds of kernel developers was belatedly understood to be something other than the best of ideas, so that is no longer done. No system is immune, but kernel.org has become a much harder target than before, so repositories stored there should be relatively safe.

  • Kernel runtime security instrumentation

    Finding ways to make it easier and faster to mitigate an ongoing attack against a Linux system at runtime is part of the motivation behind the kernel runtime security instrumentation (KRSI) project. Its developer, KP Singh, gave a presentation about the project at the 2019 Linux Security Summit North America (LSS-NA), which was held in late August in San Diego. A prototype of KRSI is implemented as a Linux security module (LSM) that allows eBPF programs to be attached to the kernel's security hooks.

    Singh began by laying out the motivation for KRSI. When looking at the security of a system, there are two sides to the coin: signals and mitigations. The signals are events that might, but do not always, indicate some kind of malicious activity is taking place; the mitigations are what is done to thwart the malicious activity once it has been detected. The two "go hand in hand", he said.

    For example, the audit subsystem can provide signals of activity that might be malicious. If you have a program that determines that the activity actually is problematic, then you might want it to update the policy for an LSM to restrict or prevent that behavior. Audit may also need to be configured to log the events in question. He would like to see a unified mechanism for specifying both the signals and mitigations so that the two work better together. That is what KRSI is meant to provide.

    He gave a few examples of different types of signals. For one, a process that executes and then deletes its executable might well be malicious. A kernel module that loads and then hides itself is also suspect. A process that executes with suspicious environment variables (e.g. LD_PRELOAD) might indicate something has gone awry as well.

    On the mitigation side, an administrator might want to prevent mounting USB drives on a server, perhaps after a certain point during the startup. There could be dynamic whitelists or blacklists of various sorts, for kernel modules that can be loaded, for instance, to prevent known vulnerable binaries from executing, or stopping binaries from loading a core library that is vulnerable to ensure that updates are done. Adding any of these signals or mitigations requires reconfiguration of various parts of the kernel, which takes time and/or operator intervention. He wondered if there was a way to make it easy to add them in a unified way.

  • Change IDs for kernel patches

    For all its faults, email has long proved to be an effective communication mechanism for kernel development. Similarly, Git is an effective tool for source-code management. But there is no real connection between the two, meaning that there is no straightforward way to connect a Git commit with the email discussions that led to its acceptance. Once a patch enters a repository, it transitions into a new form of existence and leaves its past life behind. Doug Anderson recently went to the ksummit-discuss list with a proposal to add Gerrit-style change IDs as a way of connecting the two lives of a kernel patch; the end result may not be quite what he was asking for.

    [...]

    Creation of this tag is relatively easy; it can be entirely automated at the point where a patch is applied to a Git repository. But it doesn't solve the entire problem; it can associate a commit with the final posting of a patch on a mailing list, but it cannot help to find previous versions of a patch. Generally, the discussion of the last version of a patch is boring since there is usually a consensus at that point that it should be applied. It's the discussion of the previous versions that will have caused changes to be made and which can explain some of the decisions that were made. But kernel developers are remarkably and inexplicably poor at placing the message ID of the final version of a patch into the previous versions.

    The most commonly suggested solution to that problem is not fully automatic. Developers like Thomas Gleixner and Christian Brauner argued in favor of adding a link to previous versions of a patch when posting an updated version. Gleixner called for a link to the cover letter of the prior version, while Brauner puts links to all previous versions. Either way, an interested developer can follow the links backward to see how a patch series has changed, along with the discussions that led to those changes.

  • Examining exFAT

    inux kernel developers like to get support for new features — such as filesystem types — merged quickly. In the case of the exFAT filesystem, that didn't happen; exFAT was created by Microsoft in 2006 for use in larger flash-storage cards, but there has never been support in the kernel for this filesystem. Microsoft's recent announcement that it wanted to get exFAT support into the mainline kernel would appear to have removed the largest obstacle to Linux exFAT support. But, as is so often the case, it seems that some challenges remain.
    For years, the Linux community mostly ignored exFAT; it was a proprietary format overshadowed by an unpleasant patent cloud. A Linux driver existed, though, and was shipped as a proprietary module on various Android devices. In 2013, the code for this driver escaped into the wild and was posted to a GitHub repository. But that code was never actually released under a free license and the patent issues remained, so no serious effort to upstream it into the mainline kernel was ever made.

    The situation stayed this way for some years. Even Microsoft's decision to join the Open Invention Network (OIN) in 2018 did not change the situation; exFAT, being outside the OIN Linux System Definition, was not covered by any new patent grants. Some people pointed this out at the time, but it didn't raise a lot of concern. Most people, it seemed, had simply forgotten about exFAT, which has a relatively limited deployment overall.

  • CHAOSS project bringing order to open-source metrics

    Providing meaningful metrics for open-source projects has long been a challenge, as simply measuring downloads, commits, or GitHub stars typically doesn't say much about the health or diversity of a project. It's a challenge the Linux Foundation's Community Health Analytics Open Source Software (CHAOSS) project is looking to help solve. At the 2019 Open Source Summit North America (OSSNA), Matt Germonprez, one of the founding members of CHAOSS, outlined what the group is currently doing and why its initial efforts didn't work out as expected.

    Germonprez is an Associate Professor at the University of Nebraska at Omaha and helped to start CHAOSS, which was first announced at the 2017 OSSNA held in Los Angeles. When CHAOSS got started, he said, there was no bar as to what the project was interested in. "We developed a long list of metrics, they were really unfiltered and uncategorized, so it wasn't doing a lot of good for people," Germonprez admitted.

Programming: Biases, Markdown, LLVM and PyCharm

Filed under
Development
  • Bias and ethical issues in machine-learning models

    The success stories that have gathered around data analytics drive broader adoption of the newest artificial-intelligence-based techniques—but risks come along with these techniques. The large numbers of freshly anointed data scientists piling into industry and the sensitivity of the areas given over to machine-learning models—hiring, loans, even sentencing for crime—means there is a danger of misapplied models, which is earning the attention of the public. Two sessions at the recent MinneBOS 2019 conference focused on maintaining ethics and addressing bias in machine-learning applications.

    To define a few terms: modern analytics increasingly uses machine learning, currently the most popular form of the field broadly known as artificial intelligence (AI). In machine learning, an algorithm is run repeatedly to create and refine a model, which is then tested against new data.

    MinneBOS was sponsored by the Twin Cities organization Minne Analytics; the two sessions were: "The Ethics of Analytics" by Bill Franks and "Minding the Gap: Understanding and Mitigating Bias in AI" by Jackie Anderson. (Full disclosure: Franks works on books for O'Reilly Media, which also employs the author of this article.) Both presenters pointed out that bias can sneak into machine learning at many places, and both laid out some ways to address the risks. There were interesting overlaps between the recommendations of Franks, who organized his talk around stages, and of Anderson who organized her talk around sources of bias.

    When we talk about "bias" we normally think of it in the everyday of sense of discrimination on the basis of race, gender, income, or some other social category. This focus on social discrimination is reinforced by articles in the popular press. But in math and science, bias is a technical term referring to improper data handling or choice of inputs. And indeed, the risks in AI go further than protected categories such as race and gender. Bias leads to wrong results, plain and simple. Whether bias leads to social discrimination or just to lost business opportunities and wasted money, organizations must be alert and adopt ways to avoid it.

  • An introduction to Markdown

    For a long time, I thought all the files I saw on GitLab and GitHub with an .md extension were written in a file type exclusively for developers. That changed a few weeks ago when I started using Markdown. It quickly became the most important tool in my daily work.

    Markdown makes my life easier. I just need to add a few symbols to what I'm already writing and, with the help of a browser extension or an open source program, I can transform my text into a variety of commonly used formats such as ODT, email (more on that later), PDF, and EPUB.

  • Intel Tightens Up Its AVX-512 Behavior For The LLVM Clang 10 Compiler

    When targeting Skylake-AVX512, Icelake-Client, Icelake-Server, Cascadelake, or Cooperlake with the LLVM Clang compiler where AVX-512 is supported, it will now default to preferring the 256-bit vector width rather than 512-bit with AVX-512. Unless 512-bit intrinsics are used in the source code, 512-bit ZMM registers will not be used since those operations lead to most processors running at a lower frequency state. On current generation processors, the performance gains of AVX-512 can often times be negated due to the AVX-512 frequency hits.

  • 2019.3 EAP 1

    The first Early Access Program (EAP) for PyCharm 2019.3 is now available to be downloaded from our website!

Top 20 Funny Steam Games For Kids To Play Right Now [on Linux]

Filed under
GNU
Linux
Gaming

There are ample of funny steam games for kids available on the store for the Linux system. A couple of years back, gaming on the Linux was almost impossible. Nevertheless, a vast range of games are now available in different Linux distros, thanks to steam. Moreover, playing games on Linux is no more difficult. However, many games even available for free. Additionally, there are different genres of games, such as indie, action, adventure, casual, strategy, simulation, RPG, Early Access, single-player, violent, and sports. Linux users can play all these genres of games on steam for absolutely free or spending a little buck.

Read more

GNOME 3.34

Filed under
GNOME
  • Introducing GNOME 3.34: “Thessaloniki”

    GNOME 3.34 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 23929 changes, made by approximately 777 contributors.
    3.34 has been named “Thessaloniki” in recognition of this year’s GUADEC organizing team. GUADEC is GNOME’s primary annual conference and is only possible due to the amazing work of local volunteers. This year’s event was held in Thessaloniki, Greece, and was a big success. Thank you, Team Thessaloniki!

  • GNOME 3.34 Released

    The latest version of GNOME 3 has been released today. Version 3.34 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features.

  • GNOME 3.34 released
    The GNOME Project is proud to announce the release of GNOME 3.34, Θεσσαλονίκη
    (Thessaloniki).
    
    This release brings performance improvements in the shell, Drag-And-Drop in
    the overview, improved mouse and keybord accessibility, previews in the
    background panel, support for systemd user sessions, and more.
    
    Improvements to core GNOME applications include new icons, sandboxed browsing
    in Web, gapless playback in Music, support for bidirectional text in the
    Terminal, more featured applications in Software, and more.
    
    For more information about the changes in GNOME 3.34, you can visit
    the release notes:
    
     https://help.gnome.org/misc/release-notes/3.34/
    
    GNOME 3.34 will be available shortly in many distributions. If you want
    to try it today, you can use the Fedora 31 beta that will be available soon
    or the openSUSE nightly live images which include GNOME 3.34.
    
     https://www.gnome.org/getting-gnome/
     http://download.fedoraproject.org/pub/fedora/linux/development/31/Workstation/x86_64/iso/
     http://download.opensuse.org/repositories/GNOME:/Medias/images/iso/?P=GNOME_Next*
    
    To try the very latest developments in GNOME, you can also use Fedora
    Silverblue, whose rawhide branch always includes the latest GNOME packages.
    
     https://kojipkgs.fedoraproject.org/compose/rawhide/latest-Fedora-Rawhide/compose/Silverblue/x86_64/iso/
    
    If you are interested in building applications for GNOME 3.34, you can
    use the GNOME 3.34 Flatpak SDK, which is available in the sdk.gnome.org
    repository.
    
    This six-month effort wouldn't have been possible without the whole
    GNOME community, made of contributors and friends from all around the
    world: developers, designers, documentation writers, usability and
    accessibility specialists, translators, maintainers, students, system
    administrators, companies, artists, testers and last, but not least,
    our users.
    
    GNOME would not exist without all of you. Thank you to everyone!
    
    Our next release, GNOME 3.36, is planned for March 2020. Until then,
    enjoy GNOME 3.34!
    
     the GNOME Release Team
    
  • GNOME 3.34 Released With Its Many Performance Improvements & Better Wayland Support

    Red Hat developer Matthias Clasen has just announced the release of GNOME 3.34 as this widely anticipated update to the GNOME 3 desktop environment.

    Making GNOME 3.34 particularly exciting is the plethora of optimizations/fixes in tow with this six-month update. Equally exciting are a ton of improvements and additions around the Wayland support to ensure its performance and feature parity to X11. GNOME 3.34 also brings other improvements line sandboxed browsing with Epiphany, GNOME Music enhancements, GNOME Software improvements, nd a ton of other refinements throughout GNOME Shell, Mutter, and the many GNOME applications.

  • GNOME 3.34 Desktop Environment Officially Released, Here's What's New

    The GNOME Project announced today the release and general availability of the highly anticipated GNOME 3.34 desktop environment for Linux-based operating systems.

    GNOME 3.34 is dubbed "Thessaloniki" after the host city of the GUADEC (GNOME User and Developer European Conference) 2019 event and it's a major release that adds numerous new features and improvements. It's been in development of the past six months and comes as a drop-in replacement for the GNOME 3.32 "Taipei" desktop environment series with many new features.

    "The latest version of GNOME 3 has been released today. Version 3.34 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features," reads today's announcement. "Highlights from this release include visual refreshes for a number of applications, including the desktop itself. The background selection settings also received a redesign, making it easier to select custom backgrounds."

  • GNOME 3.34 Released with “Drastically Improved” Responsiveness

    And it’s here; the new GNOME 3.34 release is now officially available, six months after development first began.

    And the biggest change on offer in GNOME 3.34 isn’t one you can see, but it is one you can feel: speed.

    Now, yes: each new release of this particular desktop environment comes carrying claims of “faster” or “better performance”. And those claims don’t always feel accurate.

Graphics: NVIDIA, Mesa and AMD

Filed under
Graphics/Benchmarks
  • NVIDIA 430.50 Linux Driver Brings Color Fix For Pre-Turing GPUs

    While the NVIDIA 435 series is now stable, for those sticking to the previous NVIDIA 430 driver series that is their current "long-lived" driver branch, a new version is available.

    NVIDIA 430.50 was released on Wednesday as the latest Linux driver release in this driver series supported for an extended period of time. The only listed change for the NVIDIA 430.50 Linux driver is fixing the display color range handling for pre-Turing GPUs. When limiting the color range via the NVIDIA-Settings GUI, the output pixel values will now be properly clamped to the CTA range.

  • Mesa 19.2-RC3 Released While Final Release Expected Around Month's End

    The third release candidate of the belated Mesa 19.2 is now available while a fourth and likely final RC is expected next week while the stable release of this quarterly Mesa3D update should be out at month's end.

    Mesa 19.2-RC3 back-ports the new support for DriConf in Intel's Vulkan driver (for a workaround with GfxBench), various NIR fixes, a GLX segmentation fault is fixed, a few RADV and RadeonSI fixes (including Navi/GFX10 fixes for RadeonSI), and the Intel glthread crash fix for KDE's KWin.

  • AMDGPU Driver Looking To Re-Enable Performance-Boosting "Bulk Moves" Functionality

    AMD developers are looking at finally re-enabling the LRU bulk moves functionality in their AMDGPU Linux kernel graphics driver that has the ability to help with performance.

    The LRU bulk moves patches were posted back in August of 2018 with the ability to help improve OpenCL and Vulkan performance for Radeon graphics. But prior to the release of the Linux 5.0 kernel that functionality was disabled for bugs.

today's leftovers

Filed under
Misc
  • Ubuntu?s New Look: Are You a Fan? [Poll]

    As mentioned in yesterday?s new report, Ubuntu?s community design team have elected to change the look of Ubuntu. The dark header bars used in the ?current? Yaru GTK theme (Ubuntu 19.04) have been replaced by lighter, greyer (though apparently bluer) ones.

    The new lighter header bars are said be in keeping with the upstream Adwaita GTK theme (on which Yaru is based). Additionally, the lighter look is said to resolve and address a number of usability issues resulting from the ?mixed? theme set-up.

  • Fairphone 3 Gets a Perfect 10 in iFixit Repairability Score

    ...Launched just a few weeks ago, Fairphone 3 is a socially responsible phone that aims to be modular, easy to repair...

  • Raspberry Pi clone sports 1.84GHz Intel Cherry Trail processor

    Radxa has posted specs for a new member of its community backed “Rock Pi” Raspberry Pi lookalike SBC family, this time with an Intel Cherry Trail Atom x5-Z8300, USB 3.0, MicroSD, HDMI, eDP/MIPI, and GbE, plus optional WiFi and Bluetooth 4.2 LE.

    In June, Radxa unveiled its Rock Pi S SBC that runs Linux on a RK3308 and updated its RK3399-based Rock Pi 4 with extra memory. Now, Radxa is preparing to add to that family of Raspberry Pi pseudo clones with an SBC called Rock Pi X, based on the Intel “Cherry Trail” Atom x5-Z8300. We learned about the new board from our friends at Hackerboards, who added the Rock Pi X to its database yesterday.

  •  

  • Which Compression Format to Use for Archiving

                   

                     

    The last criteria is the most important; the format has to be resilient. It has to expect that damage will happen, and have a strategy for dealing with that damage. Or at least work around the damage.  

  • Announcing Linux Autumn 2019

    Summer is not yet over (in my climate zone) but it’s time to think about the autumn. Yes, I mean the Linux Autumn, the annual Polish conference of Linux and free software enthusiasts organized by PLUG. I wrote about this event many times in the past, I don’t want to make you bored by the same things again. This year we hope to invite more foreign guests and make the conference more international, possibly with one day full of English talks.

    [...]

    Remember that the conference is paid for attendees. The money is spent to pay for the accommodation and food for everyone. Why do I ever write in the article for Fedora Planet about a paid and not strictly Fedora-oriented event? First of all, the participation (including accommodation and food) is fully refunded for speakers. I’m not encouraging you to attend a paid event, although if you want you are most welcome. I’m encouraging you to give your talks and participate in a three-days long event for free. Second, this is a Linux event and Fedora is still a Linux distribution. Third, as we all know, many Fedora contributors live and work in the Czech Republic, especially in Brno, and this event is organized in Poland just across the Czech border. It cannot be closer.

today's howtos and programming bits

Filed under
Development
HowTos

GNOME and KDE Leftovers

Filed under
KDE
GNOME
  • GNOME Shell Picks Up Performance Improvements For Extensions

    While days too late for squeezing into GNOME 3.34.0, the GNOME Shell has landed a one year old merge request providing various fixes and performance improvements to its extension system.

    This MR was finally honored providing performance improvements around extensions, particularly those with a longer setup/start-up process.

  • Kate got submitted to the Windows Store

    Since a few years Kate is working well on Windows. You can grab fresh installers since then from our download page.

    But the visibility of it was very low for Windows users.

  • FOSS painting program Krita now has the Linux version on Steam

    Okay, not exactly gaming news but good to see anyway. Krita, the high quality FOSS painting program now has a Linux version available on Steam.

    They made a bit of a splash about releasing the Linux version on Steam too, in their announcement they mentioned how they're proud of it being "free, open source and community-driven software" with the Steam release meant as another direct way to support the development since it requires a purchase.

Video/Audio: Self-Hosted, CubicleNate Noodlings, LibreOffice Conference 2019

Filed under
Interviews
  • The First One | Self-Hosted 1

    You’ve been wanting to host a Nextcloud instance (or anything else) for your family for a while now. Where on Earth do you start? We share some hard learned lessons about self-hosting, discuss the most important things to consider when building a home server, and Chris gives Alex a hard time about Arch as a Server OS.

  • CubicleNate Noodlings | Episode 02 Desktops and Window Managers, BDLL and openSUSE News

    I view KDE Plasma as the pinnacle of all things that are the Desktop and portal into your digital life. This is of course my own opinion but really, what else can do as much as Plasma, in as little resources and be as flexible as it is.

    Xfce is the GTK desktop that is, in my estimation, the benchmark to which all GTK desktops should be measured against. It is what I would call a “classic” Redmond style interface that is familiar to nearly everybody.

  • Video: Opening session of LibreOffice Conference 2019

    Here’s the opening session – there’s a quick introduction in Spanish, followed by English at 00:40...

International Day Against DRM (IDAD): Defending the right to read on Oct. 12

Filed under
GNU

A global community of students, teachers, and activists are taking part in the Defective by Design campaign's 13th annual International Day Against DRM. Though from different backgrounds, countries, and perspectives, participants in the campaign share the common cause of opposing Digital Restrictions Management (DRM), a widespread technology that places heavy restrictions on how people access digital media.

On Saturday, October 12th, there will be two events held in Boston: a protest outside of the Pearson Education offices at 501 Boylston Street, followed by an evening "hackathon," or collaboration session, on unrestricted and truly shareable educational materials at the offices of the Free Software Foundation (FSF) at 51 Franklin Street.

Read more

Server: Kubeflow + OpenShift Container Platform, SUSE's SLES and More

Filed under
Server

Starship Is A Minimal And Fast Shell Prompt Written In Rust

Filed under
Software

Over the years I've tried various fancy shell prompts, but I've always come back to the plain default username@host because I found the others too distracting and cluttered, or too slow for my taste.

Until I came across Starship, a cross-shell / cross-platform prompt. Using the defaults is simple but also very useful, providing extra information only when it's needed. It's highly customizable too, and you can make it look as fancy as you like, but I only made some minor changes for my needs: I made it show the prompt on a single line, and disabled the new line it adds above the start of the prompt, because that needs more scrolling.

Read more

Games: Harvested, Hotel Magnate and War Thunder

Filed under
Gaming
  • Harvested, a game that blends city-building strategy with a top-down shooter

    Nice to see more games blend entirely different genres together. Harvested has you build a city like a strategy game and become a soldier on the field in a top-down shooter style.

    Speaking to the developer on Steam, Vashta Entertainment, they confirmed Linux support is planned. Their previous game, Trenches of War, is also available on Linux.

  • Hotel design and management sim Hotel Magnate should be on Linux at release

    After a successful crowdfunding campaign, it looks like Hotel Magnate will actually be coming to Linux. A few days ago their Kickstarter campaign ended, with over $70K Australian Dollars pulled in from over a thousand backers.

  • War Thunder 1.91 'Night Vision' is out with the Chinese nation, new sound engine and Easy Anti-Cheat

    The online free to play combat sim War Thunder just had a huge new release, adding in an entirely new nation with China and plenty of upgrades elsewhere.

    Some highlights include: Night Vision and Thermal Sight devices; Chinese air and ground forces; a map rotation filter; a new sound engine; three new locations; new ground vehicles, helicopters, naval vessels and aircraft for various nations, plus numerous fixes and updates for existing machines and game mechanics.

Security Leftovers

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk).

  • Android 10 Gets Its First Security Patch, 49 Security Vulnerabilities Fixed

    Google has released the Android Security Patch for September 2019 to address the most important security vulnerabilities and bugs discovered since August 2019, which also happens to be the first security patch for the recently released Android 10 operating system.

    Consisting of the 2019-09-01 and 2019-09-05 security patch levels, the Android Security Patch for September 2019 addresses a total of 49 security vulnerabilities across various core Android components, including Framework, Media framework, System, kernel components, Nvidia components, and Qualcomm components, including closed-source ones. The most critical flaw fixed in this patch may allow remote attackers to execute code.

  • Infrastructure Updates

    This is a post to the developers and other people who contribute to the IPFire project and have an account on our infrastructure.

    Since we have rolled out loads of changes recently, some change in client configuration is required. This was announced on the development mailing list, but for those who have missed it, here is a little blog post.

  • Accessing SELinux policy documentation

    There are many excellent man pages for the confined domains included with SELinux policy. These man pages describe booleans and context types for each domain. They also include sample semanage commands for adding context mappings, changing booleans, and more.

    Unfortunately for the sysadmin getting started with SELinux configuration, these man pages are often not installed by default. The SELinux policy man pages are available from two locations. The upstream Reference Policy repo has a handful of pre-built man pages. The rest can be generated from the policy content with a tool found in the policycoreutils-devel package.

Debian: Norbert Preining, Thomas Lange, Jonas Meurer and Ben Hutchings

Filed under
Debian
  • Norbert Preining: TeX Services at texlive.info

    I have been working over the last weeks to provide four more services for the TeX (Live) community: an archive of TeX Live’s network installation directory tlnet, a git repository of CTAN, a mirror of the TeX Live historic archives, and a new tlpretest mirror. In addition to the services that have already been provided before on my server, this makes a considerable list, and I thought it is a good idea to summarize all of the services.

  • FAI.me service now support backports for Debian 10 (buster)

    The FAI.me service for creating customized installation and cloud images now supports a backports kernel for stable release Debian 10 (aka buster). If you enable the backports option, you will currently get kernel 5.2. This will help you if you have newer hardware that is not support by the default kernel 4.19. The backports option is also still available for the images when using the old Debian 9 (stretch) release.

  • Jonas Meurer: debian lts report 2019.08

    This month I was allocated 10 hours. Unfortunately, I didn't find much time to work on LTS issues, so I only spent 0.5 hours on the task listed below. That means that I carry over 9.5 hours to September.

  • Ben Hutchings: Debian LTS work, August 2019

    I prepared and, after review, released Linux 3.16.72, including various security and other fixes. I then rebased the Debian package onto that. I uploaded that with a small number of other fixes and issued DLA-1884-1. I also prepared and released Linux 3.16.73 with another small set of fixes.

KDE Plasma 5.18 Desktop Environment Will Be Next LTS Series, Lands February 2020

Filed under
KDE

The current LTS (Long Term Support) series of the KDE Plasma desktop environment is KDE Plasma 5.12 LTS, which recently got its last scheduled maintenance update, KDE Plasma 5.12.9, which means that it actually reached end of life and will no longer receive point release except only if critical security issues or bugs need to be addressed.

Therefore, the KDE Project talked with various GNU/Linux distribution vendors about which next LTS series of the KDE Plasma desktop environment will suit them, and two of the biggest distros requested that the next long-term supported KDE Plasma series will be KDE Plasma 5.18, which was slated for release early next year.

Read more

Syndicate content

More in Tux Machines

Nostalgia is a GNOME Wallpaper App with a Twist

Nostalgia a free GTK app for the Linux desktop that enables you to browse through official GNOME desktop wallpapers, and quickly set them as your desktop background. Like Ubuntu, each new release of the GNOME desktop comes bearing its own unique wallpaper (which, again like Ubuntu, tend to stay within a loose theme). While GNOME’s default wallpapers aren’t as well known or as revered as Ubuntu’s default wallpapers (by lieu of the fact they’re usually not used by default, i.e. so fewer people see them) they’re still high-quality pieces of art. Read more

Raspberry Pi 4 vs Raspberry Pi 3: Which is Faster in Kali Linux Booting?

Everyone already knows that Pi 4 is obviously more powerful than Pi 3 but we would like to see how fast it is. Therefore we are expecting that Kali Linux can boot faster on Pi 4. Young Youtube channel CyberJunkie would like to challenge both single-board computers with Kali Linux booting. Before seeing results it would be great to see a comparison between Pi 3 and Pi 4. Which one is the quickest? As we can see on the image Pi 4 executed the booting faster than its prequel. Around extra 3 seconds needed for Pi 3 to catch up with the opponent. Again the sequel proves its superiority. Read more

Android Leftovers

Intel's Gallium3D Driver Is Running Much Faster Than Their Current OpenGL Linux Driver With Mesa 19.3

Last month I did some fresh benchmarks of Intel's new open-source OpenGL Linux driver with Mesa 19.2 and those results were looking good as tested with a Core i9 9900K. Since then, more Intel Gallium3D driver improvements have landed for what will become Mesa 19.3 next quarter. In taking another look at their former/current and new OpenGL drivers, here are fresh benchmarks of the latest code using a Core i7 8700K desktop as well as a Core i7 8550U Dell XPS laptop. This month so far Intel's new Gallium3D OpenGL driver has seen OpenGL 4.6 support added, an optimization to help the Java OpenGL performance (one of the deficiencies noted by our earlier rounds of benchmarks), and other performance work. For some weekend benchmarking fun I tested the Core i7 8700K desktop and Dell XPS 13 laptop with Core i7 8550U graphics while comparing the OpenGL driver options. The driver state for both the i965 and Iris Gallium3D drivers were of Mesa 19.3-devel Git as of this week and also running with the near-final Linux 5.3 kernel. Read more