Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 16 Oct 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Testing Ubuntu 18.10 and Lubuntu 18.10 Roy Schestowitz 15/10/2018 - 3:00am
Story KaOS 2018.10 Roy Schestowitz 14/10/2018 - 5:39pm
Story Android Leftovers Rianne Schestowitz 14/10/2018 - 5:38pm
Story Today in Techrights Roy Schestowitz 14/10/2018 - 5:25pm
Story Red Hat Financial News Roy Schestowitz 14/10/2018 - 11:26am
Story Servers: Containers, Xen and Databases Roy Schestowitz 14/10/2018 - 10:54am
Story Weekend Game Suggestions, Crusader Kings II: Holy Fury a Month Away Roy Schestowitz 14/10/2018 - 10:51am
Story KDE: Kubuntu RC, Usability & Productivity, LaKademy 2018 Roy Schestowitz 14/10/2018 - 10:49am
Story Celebrating KDE’s 22nd Birthday with Some Inspiring Facts from its Glorious Past! itsfoss 14/10/2018 - 9:43am
Story Debian dev forks Redis modules that are under Commons Clause licence Roy Schestowitz 14/10/2018 - 3:31am

BSD: Michael W. Lucas Talks FreeBSD, Tor on OpenBSD, Call for Testing of OpenSSH 7.9

Filed under
BSD
  • Michael W. Lucas talks FreeBSD (and whatever else he wants)
  • Tor part 1: how-to use Tor

    Installing tor is really easy on OpenBSD. We need to install it, and start its daemon. The daemon will listen by default on localhost on port 9050. On others systems, it may be quite similar, install the tor package and enable the daemon if not enabled by default.

  • Tor part 2: hidden service

    In this second Tor article, I will present an interesting Tor feature named hidden service. The principle of this hidden service is to make available a network service from anywhere, with only prerequisites that the computer must be powered on, tor not blocked and it has network access.

  • Call for testing: OpenSSH 7.9

    OpenSSH 7.9p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release.

Mozilla/Firefox News

Filed under
Moz/FF
  • Slimmer and simpler static atoms

    In Firefox’s code we use the term atom rather than intern, and atom table rather than string intern pool. I don’t know why; those names have been used for a long time.

    Furthermore, Firefox distinguishes between static atoms, which are those that are chosen at compile time and can be directly referred to via an identifier, and dynamic atoms, which are added on-demand at runtime. This post is about the former.

  • Home Monitoring with Things Gateway 0.6

    When it comes to smart home devices, protecting the safety and security of your home when you aren’t there is a popular area of adoption. Traditional home security systems are either completely offline (an alarm sounds in the house, but nobody is notified) or professionally monitored (with costly subscription services). Self monitoring of your connected home therefore makes sense, but many current smart home solutions still require ongoing service fees and send your private data to a centralised cloud service.

  • WebRender newsletter #25

    As usual, WebRender is making rapid progress. The team is working hard on nailing the remaining few blockers for enabling WebRender in Beta, after which focus will shift to the Release blockers. It’s hard to single out a particular highlight this week as the majority of bugs resolved were very impactful.

  • DevEdition 63 Beta 14 Testday, October 12th

    We are happy to let you know that Friday, October 12th, we are organizing Firefox 63 Beta 14 Testday. We’ll be focusing our testing on: Flash Compatibility and Block Autoplay V2.

  • Mozilla B-Team: happy bmo push day!Mozilla B-Team: happy bmo push day!
  • Mozilla B-Team: happy bmo push day (last friday)
  • Firefox removes core product support for RSS/Atom feeds

    from Firefox 64 onwards, RSS/Atom feed support will be handled via add-ons, rather than in-product.

    [...]

    By virtue of being baked into the core of Firefox, these features have long had outsized maintenance and security costs relative to their usage. Making sure these features are as well-tested, modern and secure as the rest of Firefox would take a surprising amount of engineering work, and unfortunately the usage of these features does not justify such an investment: feed previews and live bookmarks are both used in around 0.01% of sessions.

    As one example of those costs, “live bookmarks” use a very old, very slow way to access the bookmarks database, and it would take a lot of time and effort to bring it up to the performance standards we expect from Quantum. Likewise, the feed viewer has its own “special” XML parser, distinct from the main Firefox one, and has not had a significant update in styling or functionality in the last seven years. The engineering work we’d need to bring these features, in their current states, up to modern standards is complicated by how few automated tests there are for anything in this corner of the codebase.

  • Firefox Reality 1.0.1 - with recline mode

    Firefox Reality 1.0.1 is now available for download in the Viveport, Oculus, and Daydream app stores. This is a minor point release, focused on fixing several performance issues and adding crash reporting UI and (thanks to popular request!) a reclined viewing mode.

Linux 4.14 LTSI Kernel Released For Longer-Term Support

Filed under
Linux

The Linux Foundation LTSI initiative has finished baking its first Linux 4.14-based kernel for longer-term support.

LTSI is the Long-Term Support Initiative hosted by the Linux Foundation that's focused on longer-term kernel support for the likes of consumer electronics. LTSI is apart from the long-term kernels maintained as well by Greg KH and other stakeholders.

Previously LTSI had been tracking the Linux 4.9 kernel and before that Linux 4.1, Linux 3.14, 3.10, 3.4, and 3.0.

Read more

Also: LTSI-4.14 is now released

Security: National Security at Stake, Too

Filed under
Security
  • Supermicro boards were so bug ridden, why would hackers ever need implants?
  • New U.S. Weapons Systems Are a Hackers’ [sic] Bonanza, Investigators Find

    The report by the Government Accountability Office concluded that many of the weapons, or the systems that control them, could be neutralized within hours. In many cases, the military teams developing or testing the systems were oblivious to the hackingi [sic].

  • Cool Cool Cool Oversight Office Says It's Incredibly Easy To Hack The Defense Dept.'s Weapons Systems

    The GAO points out the DOD has spent more time locking down its accounting systems than its weapons systems, even as the latter has increasingly relied on computer hardware and software to operate. The systems used by the DOD are a melange of commercial and open-source software, which relies on vendors to provide regular updates and patch vulnerabilities. (Unfortunately for the DOD, some vulnerabilities may not have been disclosed to software/hardware vendors by other government agencies like the NSA.) But the DOD gives itself a 21-day window to apply patches and some remote weapons systems may go months without patching because they often need to return from deployment to be patched properly.

    The end result is a network of defense systems riddled with security holes. The GAO says it doesn't take much to commandeer weapons of mass destruction.

Ubuntu 18.10 (Cosmic Cuttlefish) Is Now in Final Freeze, Launches October 18

Filed under
Ubuntu

With just one week left until the final release, Ubuntu 18.10, dubbed Cosmic Cuttlefish, has reached the final step in its development cycle, Final Freeze. This means that from this point until the final release only critical bugs that affect the ISO images or installers are admitted in the archives.

Of course, the Ubuntu engineers would need community's help to test the ISO images before they hit the stable channels, so they are working on releasing the Release Candidate (RC) images in the coming days on the official ISO tracker for Ubuntu and probably all other official flavors.

Read more

Teal One drone runs Linux on a Jetson TX1 and flies at 60 mph

Filed under
Linux

Teal has launched a $1,200 “Teal One” drone that runs Linux on a Jetson TX1 module and an Ambarella SoC with PX4 support. The quadcopter can fly at up to 60 mph for 15 minutes and shoot [email protected] video.

Salt Lake City based Teal was launched by CEO George Matus at the age of 17 to pursue his love of FPV drone racing. The company launched a Teal Sport FPV racing drone that runs on an MCU-based KISS flight controller and sells for $499 for a barebones model and $799 fully accessorized. Now, at age 21, Matus has followed up with his promised Teal One, a higher-end, all-purpose, semi-autonomous camera quadcopter.

Read more

today's leftovers

Filed under
Misc
  • AMDGPU DC Gets "PERF_TRACE" To Help With Performance Profiling

    Published on Wednesday was the latest batch of AMDGPU DC display code changes for its eventual inclusion into the AMDGPU DRM driver for mainline past the 4.20~5.0 cycle with that feature merge window being over. The most notable change with this latest AMDGPU DC haul is a new "PERF_TRACE" addition.

    The 26 patches sent out on Wednesday refactor the DCE clock code as well as the DC to SMU interface. Most interesting to us though is this PERF_TRACE feature on Linux. This PERF_TRACE functionality isn't to be confused with the perf subsystem nor the perf-trace user-space utility.

  • Removing my favorite feature

    So in a decision that was long overdue, I’m removing the real-time graph from Builder 3.32. I never did a great job of porting that code to optimal Wayland use anyway. It was really designed with Xrender/Xshm in mind where XCopyArea() was cheap and done on the GPU.

  • Debian/TeX Live updates 20181009

    During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.

OSS Leftovers

Filed under
OSS
  • Spinnaker is the next big open source project to watch

    Spinnaker is an open source continuous delivery (CD) platform from Netflix and Google, though it now also has the backing of other major software companies. Spinnaker 1.0 launched last July, so it’s not the newest kid on the block, but the service is slowly but surely gaining momentum now, with users that include Target, Adobe, Daimler and Capital One, as well as a growing ecosystem of vendors who support it.

    Today, after a few years of working on the project without any formal structure in place, the Spinnaker project announced that it is growing up and putting a formal governance system in place at the project’s second community summit in Seattle this week.

  • Andy Wingo: heap object representation in spidermonkey

    I was having a look through SpiderMonkey's source code today and found something interesting about how it represents heap objects and wanted to share.

    I was first looking to see how to implement arbitrary-length integers ("bigints") by storing the digits inline in the allocated object. (I'll use the term "object" here, but from JS's perspective, bigints are rather values; they don't have identity. But I digress.) So you have a header indicating how many words it takes to store the digits, and the digits follow. This is how JavaScriptCore and V8 implementations of bigints work.

    Incidentally, JSC's implementation was taken from V8. V8's was taken from Dart. Dart's was taken from Go. We might take SpiderMonkey's from Scheme48. Good times, right??

    When seeing if SpiderMonkey could use this same strategy, I couldn't find how to make a variable-sized GC-managed allocation. It turns out that in SpiderMonkey you can't do that! SM's memory management system wants to work in terms of fixed-sized "cells". Even for objects that store properties inline in named slots, that's implemented in terms of standard cell sizes. So if an object has 6 slots, it might be implemented as instances of cells that hold 8 slots.

    Truly variable-sized allocations seem to be managed off-heap, via malloc or other allocators. I am not quite sure how this works for GC-traced allocations like arrays, but let's assume that somehow it does.

  • Pocket Offers New Features to Help People Read, Watch and Listen across iOS, Android and Web

    We know that when you save something to Pocket, there is a reason why. You are saving something you want to learn about, something that fascinates you, something that will help shape and change you. That’s why we’ve worked hard to make Pocket a dedicated, quiet place to focus so that you can come back and absorb what you save when you are ready.

    The trick is, in the reality of our lives, it’s not always that simple. Our lives don’t always have a quiet moment with a coffee cup in hand with Pocket in the other. We have work to do, kids to take care of, school to attend. But with Pocket we’ve always worked hard to ensure that Pocket gives you tools to fit content around your life, freeing you from the moment of distraction and putting you in control.

  • OpenBSD's unveil()

    One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.

    The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process's actual job.

  • digest 0.6.18

    Earlier today, digest version 0.6.18 arrived on CRAN. It will get uploaded to Debian in due course.

    digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64 and murmur32 algorithms) permitting easy comparison of R language objects.

  • Did your first pull request get accepted?
  • Clazy 1.4 released

    Clazy 1.4 has been released and brings 10 new checks.

    Clazy is a clang compiler plugin which emits warnings related to Qt best practices. We’ll be showing Clazy at Qt World Summit in Boston, Oct 29-30, where we are a main Sponsor.

  • I'd like to interject for a moment

    Mastodon is merely an implementation of Fediverse. As it happens, only one of my Fediverse channels runs on Mastodon (the Japanese language one at Pawoo). Main one still uses Gnusocial, the anime one was on Gnusocial and migrated to Pleroma a few months ago. All of them are communicating using the OStatus protocol, although a movement is afoot to switch to ActivityPub. Hopefully it's more successful than the migration from RSS to Atom was.

    Yet, I noticed that a lot of people fall to the idea that Mastodon is an exclusive brand. Rarely one has to know or care what MTA someone else uses. Microsoft was somewhat successful in establishing Outlook as such a powerful brand to the exclusion of the compatible e-mail software. The maintainer of Mastodon is doing his hardest to present it as a similar brand, and regrettably, he's very successful at that.

  • How to level up your organization's security expertise

    IT security is critical to every company these days. In the words of former FBI director Robert Mueller: “There are only two types of companies: Those that have been hacked, and those that will be.”

    At the same time, IT security is constantly evolving. We all know we need to keep up with the latest trends in cybersecurity and security tooling, but how can we do that without sacrificing our ability to keep moving forward on our business priorities?

    No single person in your organization can handle all of the security work alone; your entire development and operations team will need to develop an awareness of security tooling and best practices, just like they all need to build skills in open source and in agile software delivery. There are a number of best practices that can help you level up the overall security expertise in your company through basic and intermediate education, subject matter experts, and knowledge-sharing.

Red Hat and Fedora Leftovers

Filed under
Red Hat

PostgreSQL 11 Almost Ready

Filed under
Server
OSS
  • PostgreSQL 11 RC1 Released!

    The PostgreSQL Global Development Group announces that the first release candidate of PostgreSQL 11 is now available for download. As a release candidate, PostgreSQL 11 RC 1 should be identical to the initial release of PostgreSQL 11, though some more fixes may be applied prior to the general availability of PostgreSQL 11.

  • PostgreSQL 11 RC1 Released Ahead Of Stable Release Next Week

    -
    One week from today will hopefully mark the release of the PostgreSQL 11 stable database server release.

    PostgreSQL 11.0 delivers more performance tuning optimizations with that work being never-ending. There are also various other improvements.

Getting started with Minikube: Kubernetes on your laptop

Filed under
HowTos

Minikube is advertised on the Hello Minikube tutorial page as a simple way to run Kubernetes for Docker. While that documentation is very informative, it is primarily written for MacOS. You can dig deeper for instructions for Windows or a Linux distribution, but they are not very clear. And much of the documentation—like one on installing drivers for Minikube—is targeted at Debian/Ubuntu users.

Read more

Tumbleweed Gets Plasma 5.14, Frameworks 5.50

Filed under
SUSE

Four openSUSE Tumbleweed snapshots this week brought new versions of software along with new versions of KDE’s Plasma and Frameworks as well as python-setuptools and many other packages.

The most recent snapshot, 20181009, updated KDE’s Plasma 5.14. The new Plasma version has several new features like the new Display Configuration widget for screen management, which is useful for presentations. The Audio Volume widget has a built in speaker test feature moved from Phonon settings and the Network widget now works for SSH VPN tunnels again. The Global menu now supports GTK applications as well. Mozilla Firefox 62.0.3 fixed a few Common Vulnerabilities and Exposures including a vulnerability in register allocation of JavaScript that can lead to type confusion, which allows for an arbitrary read and write. The cpupower package, which is a collection of tools to examine and tune power, was updated to version 4.19 and deleted some patches that are now part of the mainline. Source-control-management system mercurial 4.7.2 fixed a potential out-of-bounds read in manifest parsing C code. Other packages including in the snapshot were inxi 3.0.26, lftp 4.8.4, libinput 1.12.1, okteta 0.25.4 and vm-install 0.10.04

Snapshot 20181004 included several package updates as well. NetworkManager-openvpn 1.8.6 fixed an endless loop checking for encrypted certificate. The open source antivirus engine clamav 0.100.2 disabled the opt-in minor feature of OnAccess scanning on Linux systems and will re-enabled in a future release. Users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. The Linux Kernel was updated to 4.18.11 and had several fixes for Ext4. Developers using python-setuptools 40.4.3 will see a few changes from the previous 40.2.0 version that was in Tumbleweed like the vendored pyparsing in pkg_resources to 2.2.1. Those using Samba will see a fix for cluster CTDB configuration with the 4.9.1 version. Caching proxy squid 4.3 updated systemd dependencies in squid.service and vlc 3.0.4 improve support for broken HEVC inside MKV.

Read more

Librem 5 ❤️ GNOME 3.32

Filed under
GNOME

I am glad to announce that the tooling I am working on since the beginning of the year is ready to be used!

Thanks to new features introduced into libhandy 0.0.3 and 0.0.4 and thanks to a few fixes to Adwaita in GTK+ 3.24.1, you can make GTK+ 3 apps adaptive to work both on the desktop and on the upcoming GNOME-based Librem 5 phone.

Read more

Also: Purism's Privacy-Focused Librem 5 Linux Phone Will Ship with GNOME 3.32 Desktop

Purism Is Hoping GNOME 3.32 Will Be In Great Shape For Their Librem 5 Smartphone

Krita 4.1.5 Released

Filed under
KDE

Coming hot on the heels of Krita 4.1.3, which had an unfortunate accident to the TIFF plugin, we’re releasing Krita 4.1.5 today! There’s a lot more than just that fix, though, since we’re currently celebrating the last week of the Krita Fundraiser by having a very productive development sprint in Deventer, the Netherlands.

Read more

Openwashing Leftovers

Filed under
Microsoft
OSS

Security: Updates, US Weapons Systems, and Voting Risks

Filed under
Security
  • Security updates for Thursday
  • US Weapons Systems Are Easy Cyberattack Targets, New Report Finds

    Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report states. And yet, perhaps more alarmingly, the officials who oversee those systems appeared dismissive of the results.

  • Election security groups warn of cyber vulnerabilities for emailed ballots

    Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.

Syndicate content

More in Tux Machines

Ubuntu: Eurotech, LogMeIn Snap and Ubuntu Weekly Newsletter Issue 549

  • Canonical collaborates with Eurotech on edge computing solutions
    Coinciding with IoT World Solutions Congress in Barcelona this week, Canonical is pleased to announce a dual-pronged technological partnership with Eurotech to help organisations advance their internet of things enablement. Eurotech is a long time leader in embedded computing hardware as well as providing software solutions to aid enterprises to deliver their IoT projects either end to end or by providing intervening building blocks. As part of the partnership, Canonical has published a Snap for the Eclipse Kura project – the popular, open-source Java-based IoT edge framework. Having Kura available as a Snap – the universal Linux application packaging format – will enable a wider availability of Linux users across multiple distributions to take advantage of the framework and ensure it is supported on more hardware. Snap support will also extend on Eurotech’s commercially supported version; the Everywhere Software Framework (ESF). By installing Kura as a Snap on a device, users will benefit with automatic updates to ensure they are always working from the latest version while with the reassurance of a secure, confined environment.
  • Self-containing dependencies LogMeIn to publish their first Snap
  • Ubuntu Weekly Newsletter Issue 549
    Welcome to the Ubuntu Weekly Newsletter, Issue 549 for the week of October 7 – 13, 2018.

today's howtos

Fedora: Flock, Flatpaks, Fedora/RISC-V and More

  • CommOps takeaways from Flock 2018
    The annual Fedora contributor conference, Flock, took place from August 8-11, 2018. Several members of the Community Operations (CommOps) team were present for the conference. We also held a half-day team sprint for team members and interested people to participate and share feedback with the team.
  • Flatpaks, sandboxes and security
    Last week the Flatpak community woke to the “news” that we are making the world a less secure place and we need to rethink what we’re doing. Personally, I’m not sure this is a fair assessment of the situation. The “tl;dr” summary is: Flatpak confers many benefits besides the sandboxing, and even looking just at the sandboxing, improving app security is a huge problem space and so is a work in progress across multiple upstream projects. Much of what has been achieved so far already delivers incremental improvements in security, and we’re making solid progress on the wider app distribution and portability problem space. Sandboxing, like security in general, isn’t a binary thing – you can’t just say because you have a sandbox, you have 100% security. Like having two locks on your front door, two front doors, or locks on your windows too, sensible security is about defense in depth. Each barrier that you implement precludes some invalid or possibly malicious behaviour. You hope that in total, all of these barriers would prevent anything bad, but you can never really guarantee this – it’s about multiplying together probabilities to get a smaller number. A computer which is switched off, in a locked faraday cage, with no connectivity, is perfectly secure – but it’s also perfectly useless because you cannot actually use it. Sandboxing is very much the same – whilst you could easily take systemd-nspawn, Docker or any other container technology of choice and 100% lock down a desktop app, you wouldn’t be able to interact with it at all.
  • Fedora/RISC-V now mirrored as a Fedora “alternative” architecture
  • PSA: System update fails when trying to remove rtkit-0.11-19.fc29

GNU Guile and FSF Forum

  • GNU Guile 2.9.1 beta released JIT native code generation to speed up all Guile programs
    GNU released Guile 2.9.1 beta of the extension language for the GNU project. It is the first pre-release leading up to the 3.0 release series. In comparison to the current stable series, 2.2.x, Guile 2.9.1 brings support for just-in-time native code generation to speed up all Guile programs.
  • [FSF] Introducing our new associate member forum!
    I'm excited to share that we've launched a new forum for our associate members. We hope that you find this forum to be a great place to share your experiences and perspectives surrounding free software and to forge new bonds with the free software community. If you're a member of the FSF, head on over to https://forum.members.fsf.org to get started. You'll be able to log in using the Central Authentication Service (CAS) account that you used to create your membership. (Until we get WebLabels working for the site, you'll have to whitelist its JavaScript in order to log in and use it, but rest assured that all of the JavaScript is free software, and a link to all source code can be found in the footer of the site.) Participation in this forum is just one of many benefits of being an FSF member – if you're not a member yet, we encourage you to join today, for as little as $10 per month, or $5 per month for students. The purpose of this member forum is to provide a space where members can meet, communicate, and collaborate with each other about free software, using free software. While there are other places on the Internet to talk about free software, this forum is unique in that it is focused on the common interests of FSF members, who care very much about using, promoting, and creating free software. The forum software we chose to use is Discourse.