Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 20 Oct 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

OSS Leftovers

Filed under
OSS
  • We already have nice things, and other reasons not to write in-house ops tools

    When I was an ops consultant, I had the "great fortune" of seeing the dark underbelly of many companies in a relatively short period of time. Such fortune was exceptionally pronounced on one client engagement where I became the maintainer of an in-house deployment tool that had bloated to touch nearly every piece of infrastructure—despite lacking documentation and testing. Dismayed at the impossible task of maintaining this beast while tackling the real work of improving the product, I began reviewing my old client projects and probing my ops community for their strategies. What I found was an epidemic of "not invented here" (NIH) syndrome and a lack of collaboration with the broader community.

  • Open Source Program Benefits Survey Results

    There are many organizations out there, from companies like Red Hat to internet scale giants like Google and Facebook that have established an open source programs office (OSPO). The TODO Group, a network of open source program managers, recently performed the first ever annual survey of corporate open source programs and revealed some interesting findings on the actual benefits of open source programs.

  • LLVM Still Proceeding With Their Code Relicensing

    It's been three years since the original draft proposal for relicensing the LLVM compiler code was sent out and while there hasn't been a lot to report on recently about the effort, they are making progress and proceeding.

    Since 2015 LLVM developers have been discussing relicensing to an Apache 2.0 license to help motivate new contributors, protect users of LLVM code, better protect existing contributors, ensure that LLVM run-time libraries can be used by both other open-source and proprietary compilers.

  • Automating upstream releases with release-bot

    Good news: We have developed a tool called release-bot that automates the process. All you need to do is file an issue into your upstream repository and release-bot takes care of the rest. But let’s not get ahead of ourselves. First, let’s look at what needs to be set up for this automation to happen. I’ve chosen the meta-test-family upstream repository as an example.

Security: Facebook, GNU Binutils and Epson/HP

Filed under
Security
  • What To Do If Your Account Was Caught in the Facebook Breach

    Keeping up with Facebook privacy scandals is basically a full-time job these days. Two weeks ago, it announced a massive breach with scant details. Then, this past Friday, Facebook released more information, revising earlier estimates about the number of affected users and outlining exactly what types of user data were accessed. Here are the key details you need to know, as well as recommendations about what to do if your account was affected.

    30 Million Accounts Affected

    The number of users whose access tokens were stolen is lower than Facebook originally estimated. When Facebook first announced this incident, it stated that attackers may have been able to steal access tokens—digital “keys” that control your login information and keep you logged in—from 50 to 90 million accounts. Since then, further investigation has revised that number down to 30 million accounts.

    The attackers were able to access an incredibly broad array of information from those accounts. The 30 million compromised accounts fall into three main categories. For 15 million users, attackers access names and phone numbers, emails, or both (depending on what people had listed).

  • GNU Binutils read_reloc Function Denial of Service Vulnerability [CVE-2018-18309]
  • Security Updates Are Even Breaking Your Printer (On Purpose)

    Printer manufacturers hate third-party ink cartridges. They want you buying the expensive, official ones. Epson and HP have issued sneaky “updates” that break these cheaper cartridges, forcing you to buy the expensive ones.

    HP pioneered this technique back in 2016, rolling out a “security update” to its OfficeJet and OfficeJet Pro printers that activated a helpful new feature—helpful for HP’s bottom line, at least. Now, before printing, the printer would verify you’re using new HP ink cartridges. If you’re using a competitor’s ink cartridge or a refilled HP ink cartridge, printing would stop. After some flaming in the press, HP sort-of apologized, but not really.

Kernel: Keeping Control in the Hands of the User and KUnit

Filed under
Linux
  • Keeping Control in the Hands of the User

    Various efforts always are underway to implement Secure Boot and to add features that will allow vendors to lock users out of controlling their own systems. In that scenario, users would look helplessly on while their systems refused to boot any kernels but those controlled by the vendors.

    The vendors' motivation is clear—if they control the kernel, they can then stream media on that computer without risking copyright infringement by the user. If the vendor doesn't control the system, the user might always have some secret piece of software ready to catch and store any streamed media that could then be shared with others who would not pay the media company for the privilege.

    Recently, Chen Yu and other developers tried to submit patches to enhance Secure Boot so that when the user hibernated the system, the kernel itself would encrypt its running image. This would appear to be completely unnecessary, since as Pavel Machek pointed out, there is already uswsusp (userspace software suspend), which encrypts the running image before suspending the system. As Pavel said, the only difference was that uswusp ran in userspace and not kernel space.

  • Google Engineer Proposes KUnit As New Linux Kernel Unit Testing Framework

    Google engineer Brendan Higgins sent out an experimental set of 31 patches today introducing KUnit as a new Linux kernel unit testing framework to help preserve and improve the quality of the kernel's code.

    KUnit is a unit testing framework designed for the Linux kernel and inspired by the well known JUnit as well as Googletest and other existing unit testing frameworks for designing unit tests and related functionality.

DragonFlyBSD Continues Squeezing More Performance Out Of AMD's Threadripper 2990WX

Filed under
Graphics/Benchmarks

DragonFlyBSD 5.4 should be a really great release if you are a BSD user and have an AMD Threadripper 2 box, particularly the flagship Threadripper 2990WX 32-core / 64-thread processor.

The project leader of this long ago fork from FreeBSD, Matthew Dillon, has been quite outspoken about the Threadripper 2990WX since he purchased one earlier this summer. This prolific BSD developer has been praising the performance out of the Threadripper 2990WX since he got the system working on the current DragonFlyBSD 5.3 development builds.

Since getting DragonFlyBSD running on the Threadripper 2 hardware in August, he's routinely been making performance tuning optimizations to DragonFly's kernel to benefit the 2990WX given its NUMA design.

Read more

Arm Launches Mbed Linux and Extends Pelion IoT Service

Filed under
Linux

Politics and international relations may be fraught with acrimony these days, but the tech world seems a bit friendlier of late. Last week Microsoft joined the Open Invention Network and agreed to grant a royalty-free, unrestricted license of its 60,000-patent portfolio to other OIN members, thereby enabling Android and Linux device manufacturers to avoid exorbitant patent payments. This week, Arm and Intel kept up the happy talk by agreeing to a partnership involving IoT device provisioning.

Arm’s recently announced Pelion IoT Platform will align with Intel’s Secure Device Onboard (SDO) provisioning technology to make it easier for IoT vendors and customers to onboard both x86 and Arm-based devices using a common Peleon platform. Arm also announced Pelion related partnerships with myDevices and Arduino (see farther below).

Read more

Programming: Version Control With Git, 5 Things Your Team Should Do to Make Pull Requests Less Painful and More GitHub Workflow Automation

Filed under
Development
  • How to Use Git Version Control System in Linux [Comprehensive Guide]

    Version Control (revision control or source control) is a way of recording changes to a file or collection of files over time so that you can recall specific versions later. A version control system (or VCS in short) is a tool that records changes to files on a filesystem.

    There are many version control systems out there, but Git is currently the most popular and frequently used, especially for source code management. Version control can actually be used for nearly any type of file on a computer, not only source code.

  • 5 Things Your Team Should Do to Make Pull Requests Less Painful

    A user story is a short description of a unit of work that needs doing. It’s normally told from the perspective of the user, hence the name. The journey towards a good pull request starts with a well-written user story. It should be scoped to a single thing that a user can do in the system being built.

  • More GitHub workflow automation

    The more you use computers, the more you see the potentials for automating everything. Who doesn't love that? By building Mergify those last months, we've decided it was time bring more automation to the development workflow.

today's howtos

Filed under
HowTos

Games: Cultist Simulator, Planetary Annihilation: TITANS, CrossOver 18, Updated Proton 3.16 Beta, Descenders, Bridge Constructor Portal, Train Valley 2, Sipho

Filed under
Gaming

Security: Stamos, E-mail and RAT Arrest

Filed under
Security

Browsing the web with Min, a minimalist open source web browser

Filed under
OSS
Web

Does the world need another web browser? Even though the days of having a multiplicity of browsers to choose from are long gone, there still are folks out there developing new applications that help us use the web.

One of those new-fangled browsers is Min. As its name suggests (well, suggests to me, anyway), Min is a minimalist browser. That doesn't mean it's deficient in any significant way, and its open source, Apache 2.0 license piques my interest.

Read more

Security: Patches, FUD and Voting Machines

Filed under
Security
  • libssh 0.8.4 and 0.7.6 security and bugfix release

    libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

  • A Cybersecurity Weak Link: Linux and IoT [Ed: Blaming "Linux" for companies that put default passwords on all their products? Windows has back doors.]
  • Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

    But University of Michigan grad student Matt Bernhard has demonstrated that he can bypass the tamper-evident seals in seconds, using a shim made from a slice of a soda can. The bypass is undetectable and doesn't damage the seal, which can be resecured after an attacker gains access to the system.

  • Security Seals Used to Protect Voting Machines Can Be Easily Opened With Shim Crafted from a Soda Can

    Bernhard, who is an expert witness for election integrity activists in a lawsuit filed in Georgia to force officials to get rid of paperless voting machines used in that state, said the issue of security ties and seals came up in the lawsuit earlier this year when Fulton County Elections Director Richard Barron told the court that his Georgia county relies on tamper-evident metal and plastic ties to seal voting machines and prevent anyone with physical access to the machines from subverting them while they sit in polling places days before an election.

    [...]

    He noted that defeating ties and seals in non-tamper-evident ways isn’t the only method to wreak havoc on an election in Michigan. The state has a unique law that prohibits ballots from being used in a recount if the number of voters doesn't match the number of ballots cast at a precinct or if the seal on a ballot box is broken or has a different serial number than what it should have. Someone who wanted to wreak havoc on an election or alter an election outcome in Michigan could purposely tamper with ballot box seals in a way that is evident or simply replace them with a seal bearing a different serial number in order to get ballots excluded from a recount. The law came into sharp relief after the 2016 presidential election when Green Party candidate Jill Stein sought to get a statewide recount in Michigan and two other critical swing states and found that some precincts in Wayne County couldn't be recounted because the number of voters who signed the poll books—which get certified with a seal signed by officials—didn't match the number of ballots scanned on the voting machines.

OSS: Hedera Hashgraph, Service Providers, and Renaming the Bro Project

Filed under
OSS
  • Hedera Hashgraph Distributed Ledger Technology Shares New Open-Source SDK [Ed: Hedera needs to delete GitHub, however, as the new head of GitHub killed Java projects like Hedera's]

    Hedera Hashgraph, one of the DApp facilitators within the blockchain industry recently announced that it has released its Software Development Kit (SDK) in Java.

  • Service Providers Should Adapt to Open Source World

    Finding differing opinions on open source with the telecom industry isn't hard to do, especially where orchestration is concerned. That's why a panel discussion on open source and MANO at the Light Reading NFV-Carrier SDN event in Denver seemed an odd place to find such outspoken agreement on that topic, but there it was.

    Four smart guys, none shy with their opinions, all seemed to agree on key points around open source, the need for standards, the role of vendors and the lack of internal software skills. But they also agreed that telecom service providers are struggling a bit to understand how to proceed in an open source world and still need some fundamental internal changes.

  • Renaming the Bro Project

    More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now the name "Bro" is alas much more of a distraction than a reminder.

    On the Leadership Team of the Bro Project, we heard clear concerns from the Bro community that the name "Bro" has taken on strongly negative connotations, such as "Bro culture". These send a sharp, anti-inclusive - and wholly unintended and undesirable - message to those who might use Bro. The problems were significant enough that during BroCon community sessions, several people have mentioned substantial difficulties in getting their upper management to even consider using open-source software with such a seemingly ill-chosen, off-putting name.

Back End: Apache Kafka, 'Serverless'

Filed under
Server
OSS

Microsoft Lies and Openwashing

Filed under
Microsoft
OSS

Red Hat Leftovers

Filed under
Red Hat

Why MX Linux Is the Windows Alternative You’ve Been Waiting For

Filed under
GNU
Linux

If you’re looking for a Windows alternative but have shied away from Linux, MX Linux may be the solution you’ve been waiting for.

Linux distributions have always held promise for Windows users to migrate away from an expensive OS. Even Windows 10 has enough quirks and issues that a truly robust and functional Linux alternative could easily entice longtime Windows users to switch.

Let’s take a closer look at MX Linux from the perspective of a longtime Windows user.

Read more

Chromebox and Chrome 'Hacks'

Filed under
Google
  • CTL’s New CBX1 Chromebox is a Powerhouse at a Great Price

    Chromeboxes are really great desktops for users who have moved their workflow into a web browser, especially at lower prices. You don’t need higher specs inside a Chromebox for it to work well, but it can help.

    For those who want a supercharged Chromebox on the cheap, Oregon-based CTL has just the thing for you. Its new Chromebox—the CBX1—has all the high-end parts you could want, at a comparatively low price.

  • How to Install Progressive Web Apps (PWAs) in Chrome

    Chrome 70, available now, lets you install “Progressive Web Apps,” or PWAs, on Windows. When you visit a website with a PWA, like Twitter or Spotify, you can now “install” it to make it behave more like a normal desktop application.

  • How to Stop Chrome From Automatically Signing You Into the Browser

    With Chrome 69, Google began automatically signing you into the Chrome browser whenever you signed into a Google website like Gmail. Chrome 70, available now, has a hidden option to disable this feature.

    We don’t think most Chrome users will care about this. But, if you do care, Google now gives you a choice. And that’s good news.

Syndicate content

More in Tux Machines

Stable kernels 4.18.16, 4.14.78, 4.9.135 and 4.4.162

Mostly Hotly Sought-After Linux Skills

The 2018 Open Source Technology Jobs Report shows rapid growth in the demand for open source technical talent, with Linux skills a must-have requirement for entry-level positions. The seventh annual report from The Linux Foundation and Dice, released Wednesday, identifies Linux coding as the most sought-after open source skill. Linux-based container technology is a close second. The report provides an overview of open source career trends, factors motivating professionals in the industry, and ways employers attract and retain qualified talent. As with the last two open source jobs reports, the focus this year is on all aspects of open source software and is not limited to Linux. This year's report features data from more than 750 hiring managers at corporations, small and medium businesses, and government organizations and staffing agencies across the globe. It is based on responses from more than 6,500 open source professionals worldwide. Linux skills rank as the most sought-after skills in the 2018 report, with 80 percent of hiring managers looking for tech professionals with Linux expertise. Linux is required knowledge for most entry-level open source careers, likely due to the strong popularity of cloud and container technologies, as well as DevOps practices, all of which typically are based on Linux, according to the report. Read more

Programming: BASIC, LLVM's Clang C++17, and Mozilla

  • So I wrote a basic BASIC
    So back in June I challenged myself to write a BASIC interpreter in a weekend. The next time I mentioned it was to admit defeat. I didn't really explain in any detail, because I thought I'd wait a few days and try again and I was distracted at the time I wrote my post.
  • LLVM C++14/C++17 BoF
  • LLVM's Codebase Will Likely Move To C++17 Next Year
    While LLVM's Clang compiler already supports C++17, what this change is about is the LLVM code itself and for sub-projects like Clang can begin making use of C++17 code itself. This in turn ups the requirements for being able to compile the code-base.  As it stands now LLVM requires C++11 for being able to build the compiler stack, but at this week's LLVM Developers' Meeting in San Jose they discussed upping that requirement. While they could move to C++14, the unofficial consensus is they should just move directly to C++17. This enables LLVM developers to take advantage of all these modern C++ features.
  • Don't rely on the shape of (Native)Error.prototype.message
  • The Rust Programming Language Blog: Update on the October 15, 2018 incident on crates.io
    A user called cratesio was created on crates.io and proceeded to upload packages using common, short names. These packages contained nothing beyond a Cargo.toml file and a README.md instructing users that if they wanted to use the name, they should open an issue on the crates.io issue tracker. The rate at which this user uploaded packages eventually resulted in our servers being throttled by GitHub, causing a slowdown in all package uploads or yanks. Endpoints which did not involve updating the index were unaffected.

Red Hat Leftovers

  • Red Hat Awards Crossvale Commercial Application Platform Partner of the Year.
    Crossvale was presented with the 2018 North America Commercial Application Platform Partner of the Year award by Red Hat. The announcement was made at the Red Hat North America Partner Conference held in Maryland on October 10th.
  • [Podcast] PodCTL #52 – OpenShift 3.11 and OpenShift Container Engine
    Last week Red Hat announced the general availability of OpenShift Container Platform 3.11. This is an important release because it incorporates the first wave of technology from the CoreOS acquisition. This includes new visibility for Operations teams through the Cluster Console and integrated Prometheus monitoring and Grafana dashboards. It also added support for a number of Operators, both from Red Hat and ISV partners (supporting the Operator Framework). This is important, as Operators will continue to play a more critical role in both the OpenShift platform, as well as for applications running on OpenShift. Finally, we discussed the recently released OpenShift Container Engine, and how it offers flexibility for customers that want Enterprise Kubernetes from OpenShift, but may want flexibility in certain areas of their deployments.
  • Knative: Building your Serverless Service
    In the Part-1 of Knative Serving blog series, you were introduced on how to build and deploy your first serverless service using Knative Serving. In this blog you will be introduced to another Knative component called Knative Build.
  • Agile Integration: Enterprise integration from a necessary evil to building competitive advantage
    Business success can be increasingly based on an organization’s ability to react to change. As new disruptive players enter markets and technology upends what consumers expect, organizations often need to change plans in shorter cycles. Modern software architectures and processes can help make organizations more effective at dealing with this change and emerge as leaders in their markets. "Planning as we know it is dead," was the keynote message delivered by Jim Whitehurst, Red Hat president and CEO, at the 2017 Red Hat Summit. "Planning harder in a less-known environment just isn’t the answer." In today’s world, the pace of innovation and disruption is accelerating in business. With that comes change, which can jar or break plans quickly and, in some instances, be extremely costly. Hence, the ability to react to change quickly can be a necessity. Enterprise integration can be at the heart of an organization's IT architecture. It may be necessary. But it is often a bottleneck.
  • Red Hat CEO Whitehurst sells $709000 in Hatter shares