Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 24 May 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Red Hat and the rise of RHEL Rianne Schestowitz 22/05/2019 - 6:57pm
Story Red Hat, Fedora and SUSE/OpenStack Roy Schestowitz 22/05/2019 - 6:55pm
Story Programming: KubeCon, PHP, Python, GitLab, and Rust Roy Schestowitz 22/05/2019 - 6:51pm
Story today's howtos Roy Schestowitz 22/05/2019 - 6:45pm
Story Drill: New Desktop File Search Utility That Uses Clever Crawling Instead Of Indexing Roy Schestowitz 22/05/2019 - 6:30pm
Story Amp Up Your Linux Music Library With DeaDBeeF Roy Schestowitz 22/05/2019 - 5:30pm
Story AMD Radeon VII Linux Performance vs. NVIDIA Gaming On Ubuntu For Q2'2019 Rianne Schestowitz 22/05/2019 - 4:54pm
Story Android Leftovers Rianne Schestowitz 22/05/2019 - 4:49pm
Story An Early Look At Some PHP 7.4 Performance Benchmarks Rianne Schestowitz 22/05/2019 - 4:41pm
Story Bringing the Benefits of Linux Containers to Operational Technology Rianne Schestowitz 22/05/2019 - 4:38pm

Google’s latest smart glasses power up with Snapdragon XR1

Filed under
Android

Google has launched a $999 “Glass Enterprise Edition 2” headset that runs Android Oreo on a faster, quad-core, 1.7GHz Snapdragon XR1 SoC with an 8MP camera, WiFi-ac, BT 5.x, a USB Type-C port, and longer battery life.

After backing away from its consumer Google Glass eyewear due in part to complaints about privacy, in 2017 Google parent company Alphabet announced a more business- and industrial focused Glass Enterprise Edition as a $1,500 developer platform. Now, Google has brought the Glass unit inhouse, and has returned with a Glass Enterprise Edition 2 designed for mass production. The new eyeware device has a faster processor, longer battery life, improved camera and wireless features, and a reduced $999 price.

Read more

Games: Super Powered Battle Friends, Geneshift, OBS Studio, DASH

Filed under
Gaming
  • 2D indie platform brawler 'Super Powered Battle Friends' is now up on Steam and itch.io

    Super Powered Battle Friends from Cache Grab Studios is a new platform fighter, with both local and online play and it's now in Early Access. As promised on the rather unsuccessful Kickstarter campaign, it was release with same-day Linux support.

  • Geneshift gets a GTA2-inspired update with civilians, an expanded demo, better maps for driving and more

    Geneshift continues to evolve into a very interesting top-down action game, mixing in a single-player/co-op campaign, various traditional multiple modes and a Battle Royale.

    The developer, Nik Nak Studios, said they're celebrating ten years since Geneshift first came online (originally under other names). This latest update pulls in some inspiration from GTA2, adding in roaming civilians you can take down which will eventually become aggressive towards you. The more you kill, the higher their aggression rating and loot dropping will be giving the various online modes like Deathmatch and Battle Royale a little mini-game.

  • Video recording and livestreaming software OBS Studio has a new 23.2 Release Candidate out

    For those who create videos and livestreams, OBS Studio is for the most part all you need. It continues advancing too, with a Release Candidate out for OBS 23.2.

    New features this time around include a hotkey to toggle the preview, the ability to preview scene transitions, the ability to estimate recording time available based on disk space (not that I've seen it, might be Windows only), a "luma" key video filter, the ability to copy and paste filter to/from scenes in addition to sources, the ability to centre items vertically or horizontally in the transform menus, a message when there's no sources included in a scene to help new users and numerous other enhancements.

  • DASH, the fast-paced platformer where you create the levels is launching in June with a new trailer

    Best get your running shoes, you're going to need them to compete in DASH: Danger Action Speed Heroes. This fast-paced competitive platformer from Baby Duka and Schubell IT will also let your creative juices flow since a lot of the levels are made by people like you and me.

Security Leftovers

Filed under
Security
  • Why Are Cryptographers Being Denied Entry into the US?

    Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know.

  • Security Engineering: Third Edition

    Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

    There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

  • Google halts some business with China's Huawei: report

    Huawei will reportedly no longer be able to access Android updates, the Gmail app, the Google Play store and new versions of Google phones outside of China.

  • Google restricts Huawei's use of Android

    Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services.

    But when Google launches the next version of Android later this year, it may not be available on Huawei devices.

    Future Huawei devices may no longer have apps such as YouTube and Maps.

  • Forget Huawei, The Internet Of Things Is The Real Security Threat

    We've noted for a while how a lot of the US protectionist security hysteria surrounding Huawei isn't supported by much in the way of hard data. And while it's certainly possible that Huawei helps the Chinese government spy, the reality is that Chinese (or any other) intelligence services don't really need to rely on Huawei to spy on the American public. Why? Because people around the world keep connecting millions of internet of broken things devices to their home and business networks that lack even the most rudimentary of security and privacy protections.

    Week after week we've documented how these devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors.

A Look At The MDS Cost On Xeon, EPYC & Xeon Total Impact Of Affected CPU Vulnerabilities

Filed under
Graphics/Benchmarks

This weekend I posted a number of benchmarks looking at the performance impact of the new MDS/Zombieload vulnerabilities that also included a look at the overall cost of Spectre/Meltdown/L1TF/MDS on Intel desktop CPUs and AMD CPUs (Spectre). In this article are similar benchmarks but turning the attention now to Intel Xeon hardware and also comparing those total mitigation costs against AMD EPYC with its Spectre mitigations.

This article offers a look at the MDS/Zombieload mitigations on a 1st Gen Skylake Xeon Scalable server as well as a Kabylake Xeon E3 server for reference. Following that is a look at the total CPU vulnerability mitigation costs for 1st Gen Xeon Scalable, 2nd Gen Xeon Scalable (Cascade Lake), and an AMD EPYC 2P server as well for its Spectre mitigations.

As expected given Intel's guidance last week of their latest Xeon processors being mitigated for MDS, indeed, the dual Xeon Platinum 8280 Cascade Lake server reported it was not affected by the MDS mitigations and thus not enabled. So for the MDS tests up first it's just some reference results using a dual Xeon Gold 6138 Skylake server running Ubuntu 19.04 with the Linux 5.0 patched kernel and reference results side-by-side for a separate Xeon E3-1275 v6 server.

Read more

Four new Arduino Nano boards break price/performance/size barriers

Filed under
Linux

Arduino expanded its line of 45 x 18mm Nano boards with a $10 “Arduino Nano Every” model, a faster WiFi/BT-enabled IoT model, and two BLE boards. The new models offer price, performance, and size improvements over earlier Arduinos.

At the start of this weekend’s Bay Area Maker Faire, which could be its last in that locale (see farther below), Arduino opened pre-orders for four new 45 x 18mm Nano form-factor boards to join its earlier, Nano 3. Shipments are due in mid-June for the Arduino Nano Every replacement for the Nano 3, as well as the higher-end, WiFi-enabled Nano 33 IoT. There’s a mid-July ship date for the Bluetooth-equipped Nano 33 BLE and Nano 33 BLE Sense wearable modules.

Read more

The Two Solitudes of GNOME and KDE

Filed under
KDE
GNOME

Novelist Hugh MacLennan once described Canada as “two solitudes” — an English-speaking one and a French-speaking one, neither of which had much to do with the other. The description is decades out-dated, and today a dozen solitudes might be more accurate. However, the phrase echoes in my mind whenever I think of the gulf today between GNOME technologies and KDE software compilations. Although both are based on the Linux kernel, the expectations and philosophies are different enough that they might almost be different operating systems.

The difference has not always existed. When GNOME and KDE began in the late 1990s, both were scrambling hard to match desktops on other operating systems. Widgets aside, the differences were minimal. For years the two graphical interfaces regularly traded places on reader surveys, with perhaps a slight edge for GNOME, depending on the magazine or site conducting the survey. Flame wars could be fierce, but like many flame wars, the fierceness reflected how trivial the differences mostly were — at least, after KDE’s Qt toolkit became free software. The difference was largely one of branding.

Still, GNOME and KDE each slowly developed its own ecosystem of applications. A few applications like OpenOffice.org were shared, presumably because developing alternative for large applications was difficult. Moreover, the popularity of some apps like Firefox overwhelmed native alternatives like KDE’s Konqueror. But in categories like music-players, archivers, and CD burners, each slowly started to developed its own set of tools.

Read more

4 New Arduino Nano Boards Are Here: More Powerful Than Before

Filed under
Linux
Hardware

The open source Arduino Project was started long back in 2003 as a program for students to help them tinker with sensors and their applications without spending tons of money. Over the course of time, this open source platform evolved and facilitated the launch of various versions of the Arduino hardware.

Adding another chapter to Arduino’s hardware journey, the Italian boardmakers have announced the launch of four new products that will remind you of the classic Arduino Nano 3. The 4 Arduino product in the lineup serve different purposes, so let’s briefly tell you about them:

Read more

Direct: What’s new at Maker Faire Bay Area 2019

Games: Google Stadia and More Ports to GNU/Linux

Filed under
Gaming
  • Google Stadia GPU To Be Based on 14nm AMD Vega Architecture

    The details of Google Stadia GPU have been leaked online. The streaming console from Google will use a Vega Graphics from AMD, instead of the speculated Navi.

    The information comes from the Khronos’ Vulcan API product listings. The Google Stadia is listed as “Google Games Platform Gen 1 AMD GCN 1.5)”

  • A quick look at some fun games & expansions released with Linux support in 2019 so far

    We’re closing in on the midway point of 2019 so let’s slow down for a moment, take a step back and look at some of the top games released with Linux support so far this year.

    Note: I am not counting Early Access or in-Beta titles and only including games that support Linux, so for those looking for something new you can expect a full completable experience with any of these titles. Also, it’s in no particular order as this isn’t meant as a best to worse compilation. Also, some may have had their official Linux releases later than the other platforms.

  • Oxygen Not Included release delayed until July, Klei making sure it's nicely polished

    Klei Entertainment have decided to delayed the full release of Oxygen Not Included, with it moving to July.

    They're going to have open testing around the end of June, sounds like it's all going well but sometimes extra time is just needed. Game development is complicated and Oxygen Not Included needs some more testing and polishing. They said "We’re feeling good about the content of this final update and we really think you will like what we have cooking but if we launch as scheduled, the update would not have seen much testing and it’s just not as polished as we (or you) would like.".

  • Terraria has sold 27 million copies, 12 million on PC and it continues to expand

    Re-Logic have announced that Terraria has officially sold a massive 27 million copies, 12 million of those being on PC and they're not stopping.

    Sounds like it's going to be a big year for Terraria, they're teasing some big updates for the PC version. Sounds like they might be showing some new stuff off during the 2019 PC Gaming Show next month, although they made it clear they're "not going to be the latest Epic exclusive" and they will stay on Steam like they've been since the beginning.

  • Point & click adventure 'Lord Winklebottom Investigates' fully funded and coming to Linux

    Lord Winklebottom Investigates, a very quirky murder mystery, point and click adventure has managed to get funding and so it's coming to Linux.

  • Minimalistic puzzle game 'Simple Dot' looks rough but it's an interesting experience overall

    Simple Dot has a simple idea, balls drop from a bucket and you have to draw lines to get them into a bucket somewhere else. It's out now with same-day Linux support and I gave it a run to see if it's worth your time.

Software: k3OS and Moving to Free Software

Filed under
Software
  • k3OS Takes Kubernetes to the Edge

    In the tradition of embedded Linux comes k3OS, an open source project for managing Kubernetes instances on embedded platforms at the edge. k3OS combines a Linux distro with a k3s Kubernetes distro in one. It simplifies the path to quickly stand up clusters and maintain them over time. Let’s explore how two paths meet taking Kubernetes to the edge, and how you can get started running it today.

  • What proprietary tool do you need open source alternative to?

    Taking the plunge from easy and familiar proprietary tools we use every day to unknown and open source tools can be a challenge. When do you find the time to do the research to choose the right option for you? How do you choose? What will be daily repercussions be? Will the positive outweigh the negative?

    To help take some of the guesswork out of it for you, we've been writing articles that present you with some open source alternatives and how they work. We hope this will give you some insight into what the daily cost and benefits could be for you given your unique needs and lifestyle.

  • Health Port: Creates Holistic Solution for Open Source Electronic Health Records

    The medical industry has been slow to embrace modern record-keeping technology. Health Port is bringing next-generation blockchain technology to Electronic Health Records (EHR). The idea behind Health Port is simple; make EHR technology simple, safe, and open source.

    Around the time that the internet bubble was in full swing, there is a good chance that your local doctors were still writing health care records by hand. The internet has been a big force in the world of data, but the medical industry has been left out of the internet data revolution.

    [...]

    The most important reason why EHRs need to be open is patient care. A person should have easy access to their medical history. When a person changes location or healthcare providers, making sure their medical records go with them shouldn’t be a hassle.

    An EHR isn’t special from a data handling perspective. Much like other sensitive personal information, it should be easy to share with authorized agents. In an emergency care scenario, this aspect of EHRs is even more important.

SUSE and Fedora Leftovers

Filed under
Red Hat
SUSE
  • Introducing SUSE Enterprise Storage 6

    SUSE Enterprise Storage 6 enables IT organizations to seamlessly adapt to changing business demands while reducing IT operational expense by transforming their enterprise storage infrastructure with our intelligent software-defined storage solution.

    Based on the Ceph Nautilus release and built on SUSE Linux Enterprise Server 15 SP1, SUSE Enterprise Storage 6 enables IT organizations to seamlessly adapt to changing business demands while reducing IT operational expense with new features focused on containerized and cloud workload support, improved integration with public cloud, and enhanced data protection capabilities

  • Introducing Fedora Summer Coding Class of Summer 2019

    Starting today, interns from the Fedora Summer Coding (F.S.C.) class of Summer 2019 start working on their projects. Three interns selected for Outreachy begin today, and another five interns selected for Google Summer of Code begin on Monday, May 27. The Fedora CommOps and Diversity and Inclusion teams worked together to interview all eight interns. This week on the Fedora Community Blog, we’ll introduce two interns each day of this week!

  • Getting set up with Fedora Project services

    In addition to providing an operating system, the Fedora Project provides numerous services for users and developers. Services such as Ask Fedora, the Fedora Project Wiki and the Fedora Project Mailing Lists provide users with valuable resources for learning how to best take advantage of Fedora. For developers of Fedora, there are many other services such as dist-git, Pagure, Bodhi, COPR and Bugzilla that are involved with the packaging and release process.

    These services are available for use with a free account from the Fedora Accounts System (FAS). This account is the passport to all things Fedora! This article covers how to get set up with an account and configure Fedora Workstation for browser single sign-on.

Kernel: Ted Tso is Switching to Hugo, Linux's vmalloc Seeing "Large Performance Benefits" With 5.2 Kernel Changes

Filed under
Linux
  • Ted Tso: Switching to Hugo

    With the demise of Google+, I’ve decided to try to resurrect my blog. Previously, I was using Wordpress, but I’ve decided that it’s just too risky from a security perspective. So I’ve decided my blog over to Hugo.

    A consequence of this switch is that all of the Wordpress comments have been dropped, at least for now.

  • Linux's vmalloc Seeing "Large Performance Benefits" With 5.2 Kernel Changes

    On top of all the changes queued for Linux 5.2 is an interesting last-minute performance improvement for the vmalloc code.

    The Linux kernel's vmalloc code has the potential of performing much faster on Linux 5.2, particularly with embedded devices. Vmalloc is used for allocating contiguous memory in the virtual address space and saw a nice optimization merged today on the expected final day of the Linux 5.2 merge window.

Security: CBS FUD, .NET Push and Intel Disaster Due to Defects

Filed under
Security
  • Security researchers discover Linux version of Winnti malware [Ed: This targets already-vulnerable servers and GNU/Linux has little to do with that. It can be proprietary software on top of it.]

    Chronicle says it discovered this Linux variant after news broke last month that Bayer, one of the world's largest pharmaceutical companies, had been hit by Chinese hackers, and the Winnti malware was discovered on its systems.

  • Microsoft's Attack Surface Analyzer now works on Macs and Linux, too [Ed: Microsoft is now pushing .NET in the name of "security"]
  • Intel Loses 5X More Average Performance Than AMD From Mitigations: Report

    Intel has published its own set of benchmark results for the mitigations to the latest round of vulnerabilities, but Phoronix, a publication that focuses on Linux-related news and reviews, has conducted its own testing and found a significant impact. Phoronix's recent testing of all mitigations in Linux found the fixes reduce Intel's performance by 16% (on average) with Hyper-Threading enabled, while AMD only suffers a 3% average loss. Phoronix derived these percentages from the geometric mean of test results from its entire test suite.

    From a performance perspective, the overhead of the mitigations narrow the gap between Intel and AMD's processors. Intel's chips can suffer even more with Hyper-Threading (HT) disabled, a measure that some companies (such as Apple and Google) say is the only way to make Intel processors completely safe from the latest vulnerabilities. In some of Phoronix's testing, disabling HT reduced performance almost 50%. The difference was not that great in many cases, but the gap did widen in almost every test by at least a few points.

Licensing: Companies That Close Down FOSS 'in the Cloud' and Latest GPL Compliance at OnePlus

Filed under
OSS
Legal
  • Confluent says it has the first cloud-native Kafka streaming platform

    Open-source unicorn Confluent Inc. is ready to go head-to-head with cloud computing giants with the release of a cloud-native and fully managed service based upon the Apache Kafka streaming platform.

  • For open source vs. proprietary, AWS might have it both ways [Ed: Mac Asay, Adobe, proponent of calling proprietary "open". IDG has just received money from Adobe (“BrandPost Sponsored by Adobe”) and Asay is now publishing articles owing to his employer paying the media. He’s is some kind of editor at InfoWorld (IDG). So the corporations basically buy ‘journalism’ (their staff as editors) at IDG.]
  • Why Open Source Should Remain Open

    On one hand, the validation that comes along with major tech players offering open source fuels growth in the software. On the other, it also changes the platform from one that’s always been free and available to one that is only available with limitations and has red tape all around it. As some of these companies join in the open source community, they’re losing sight of the original goal and community. Instead, they are building artificial walls and shutting down many parts of what makes open source open. This isn’t a unique occurrence, it’s happening more and more frequently and is something that will completely rearrange the core of open source as we know it.

  • BREAKING: OnePlus 7 Pro root achieved on global and Indian variants, kernel source codes released

    OnePlus phones are known for their developer friendliness as well as strong aftermarket development community. The Chinese OEM prefers to mandate GPL and push kernel source codes in a timely manner, which is a godsend compared to most of their competitors.

  • OnePlus 7 / 7 Pro kernel source code is now out, expect custom ROMs soon

    OnePlus announced the most-awaited OnePlus 7 and OnePlus 7 Pro last week. Both the smartphones are already on sale and can be bought in all the countries they are available. Even the OnePlus 7 Pro received its maiden update which brings April security patch and more. As usual, the kernel source for the OnePlus 7 series is now out too in a timely manner. Thus, users can expect custom ROMS sooner than later.

Audiocasts/Shows: Python Podcast, Linux Gaming News Punch, GNU World Order, Open Source Security and Linux Action News

Filed under
Interviews
  • Podcast.__init__: Hardware Hacking Made Easy With CircuitPython

    Learning to program can be a frustrating process, because even the simplest code relies on a complex stack of other moving pieces to function. When working with a microcontroller you are in full control of everything so there are fewer concepts that need to be understood in order to build a functioning project. CircuitPython is a platform for beginner developers that provides easy to use abstractions for working with hardware devices. In this episode Scott Shawcroft explains how the project got started, how it relates to MicroPython, some of the cool ways that it is being used, and how you can get started with it today. If you are interested in playing with low cost devices without having to learn and use C then give this a listen and start tinkering!

  • Linux Gaming News Punch - Episode 13, your weekly round-up podcast is here

    Grab a cup of coffee and come listen to some news you may have missed over the last week or so, as the Linux Gaming News Punch - Episode 13 has arrived.

    As always, if you read GamingOnLinux every day this will all seem rather familiar. This bite-sized podcast is aimed at everyone who doesn't have the time for that.

  • GNU World Order_13x21
  • Open Source Security Podcast: Episode 146 - What the @#$% happened to Microsoft? [Ed: New PR strategy, same old EEE. Some people are easily fooled.]

    Josh and Kurt talk about Microsoft. They're probably not the bad guys anymore, which is pretty wild. They're adding a Linux kernel to Window. Can we declare open source the unquestionable winner now?

  • Linux Action News 106

    ZombieLoad's impact on Linux, AMP to start hiding Google from the URL, and the huge Linux switch underway.

    Plus the impact of Google suspending business with Huawei, the recent ChromeOS feature silently dropped, and more.

Programming Leftovers

Filed under
Development
  • Richard W.M. Jones: NBD’s state machine

    Eric and I are writing a Linux NBD client library. There were lots of requirements but the central one for this post is it has to be a library callable from programs written in C and other programming languages (Python, OCaml and Rust being important), and we don’t control those programs so they may be single or multithreaded, or may use non-blocking main loops like gio and glib.

    An NBD command involves sending a request over a socket to a remote server and receiving a reply. You can also have multiple requests “in flight” and the reply can be received in multiple parts. On top of this the “fixed newstyle” NBD protocol has a complex multi-step initial handshake. Complicating it further we might be using a TLS transport which has its own handshake.

    It’s complicated and we mustn’t block the caller.

    There are a few ways to deal with this in my experience — one is to ignore the problem and insist that the main program uses a thread for each NBD connection, but that pushes complexity onto someone else. Another way is to use some variation of coroutines or call/cc — if we get to a place where we would block then we save the stack, return to the caller, and have some way to restore the stack later. However this doesn’t necessarily work well with non-C programming languages. It likely won’t work with either OCaml or Ruby’s garbage collectors since they both involve stack walking to find GC roots. I’d generally want to avoid “tricksy” stuff in a library.

  • PyDev of the Week: Adrienne Tacke

    This week we welcome Adrienne Tacke (@AdrienneTacke) as our PyDev of the Week! Adrienne is the author of Coding for Kids: Python: Learn to Code with 50 Awesome Games and Activities and her book came out earlier this year.

  • Python Programming - if, else and elif
  • Subsecond deployment and startup of Apache Camel applications

    The integration space is in constant change. Many open source projects and closed source technologies did not withstand the tests of time and have disappeared from the middleware stacks for good. After a decade, however, Apache Camel is still here and becoming even stronger for the next decade of integration. In this article, I’ll provide some history of Camel and then describe two changes coming to Apache Camel now (and later to Red Hat Fuse) and why they are important for developers. I call these changes subsecond deployment and subsecond startup of Camel applications.

  • Best Free Books to Learn about Lua

    Lua is a lightweight, small, compact, and fast programming language designed as an embeddable scripting language. This cross-platform interpreted language has a simple syntax with powerful data description constructs. It has automatic memory management and incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping. Lua tries to help you solve problems with only hundreds of lines, or even less. To achieve this aim, Lua relies on extensibility.

    In the popularity stakes, Lua lags behind say Python, Perl, or Ruby for scripting purposes. As a barometer of its popularity, Lua is currently ranked in 33rd place on the TIOBE Index.

    Lua is not designed to develop standalone software. But Lua excels as a secondary language. Witness Lua cropping up in kernels, tools, and games. Lua was designed, from the beginning, to be integrated with software written in C and other conventional languages. But it’s also used as a standalone language.

    This language is free software distributed under the terms of the MIT license. Lua’s developers consist of a team at PUC-Rio, the Pontifical Catholic University of Rio de Janeiro in Brazil. The language has been in development for 26 years.

    This article recommends free books to help you master programming in Lua. As the range of good free books is fairly limited, I close the article with a few carefully selected tutorials that are genuinely useful.

Linux kernel RDS flaw affects Red Hat, Ubuntu, Debian and SUSE

Filed under
Linux

If you're not in the habit of keeping up to date with the latest version of the Linux kernel, now might be a good time to think about doing so. Systems based on versions of the kernel older than 5.0.8 suffer from a severe flaw in the implementation of RDS over TCP.

Left unpatched, the flaw could enable an attacker to compromise a system. The National Vulnerability Database entry says: "There is a race condition leading to a use-after-free, related to net namespace cleanup".

Red Hat, Ubuntu, Debian and SUSE are all affected by the flaw, and security advisories have been issued for each Linux distro. It is worth noting that the "attack complexity" is rated as being "high", so while the impact of the security hole could be serious, the changes of a successful attack are relatively slim.

Read more

Louis-Philippe Véronneau: Am I Fomu ?

Filed under
Linux
Hardware

A few months ago at FOSDEM 2019 I got my hands on a pre-production version of the Fomu, a tiny open-hardware FPGA board that fits in your USB port. Building on the smash hit of the Tomu, the Fomu uses an ICE40UP5K FPGA instead of an ARM core.

I've never really been into hardware hacking, and much like hacking on the Linux kernel, messing with wires and soldering PCB boards always intimidated me. From my perspective, playing around with the Fomu looked like a nice way to test the water without drowning in it.

Since the bootloader wasn't written at the time, when I first got my Fomu hacker board there was no easy way to test if the board was working. Lucky for me, Giovanni Mascellani was around and flashed a test program on it using his Raspberry Pi and a bunch of hardware probes. I was really impressed by the feat, but it also seemed easy enough that I could do it.

Read more

Also: ItsyBitsy Snek — snek on the Adafruit ItsyBitsy

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

  • Zombieload, Nextcloud, Peppermint 10, KDE Plasma, IPFire, ArcoLinux, LuneOS | This Week in Linux 67
    On this episode of This Week in Linux, we’ll check out some Distro News from Peppermint OS, ArcoLinux, LuneOS & IPFire. We got a couple apps to talking about like Nextclou0…d and a new Wallpaper tool that has quite a bit of potential. We’ll take a look at what is to come with the next version of KDE Plasma. Intel users have gotten some more bad news regarding a new security vulnerability. Later in the show, we’ll cover some interesting information regarding a couple governments saving money by switching to Linux. Then finally we’ll check out some Linux Gaming News. All that and much more on your Weekly Source for Linux GNews!
  • Ubuntu Podcast: S12E07 – R-Type
    This week we’ve been installing Lineage on a OnePlus One and not migrating Mastodon accounts to ubuntu.social. We round up the Ubuntu community news from Kubuntu, Ubuntu MATE, Peppermint OS and we discuss some tech news. It’s Season 12 Episode 07 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.
  • OpenGL 4.6 / SPIR-V Support Might Be Inching Closer For Mesa Drivers
    We're quickly approaching the two year anniversary of the OpenGL 4.6 release and it's looking like the Intel/RadeonSI drivers might be inching towards the finish line for that latest major revision of the graphics API.  As we've covered many times, the Mesa drivers have been held up on OpenGL 4.6 support due to their SPIR-V ingestion support mandated by this July 2017 version of the OpenGL specification. While there are the Intel and Radeon RADV Vulkan drivers already with the SPIR-V support that is central to Vulkan, it's taken a long time re-fitting the OpenGL drivers for the likes of ARB_gl_spriv. Then again, there aren't many (actually, any?) major OpenGL games requiring version 4.6 of the specification even with its interoperability benefits thanks to SPIR-V.

Software: Left, Samba, LaTeX, PyRadio and More

  • Left Is A Minimalist, Distraction-Free Text Editor For Writers
    Left is a free and open source distraction-free text editor for Linux, Windows and Mac. The main goal of Left is to get you to focus on writing. It comes with writing essentials like autocomplete, synonym suggestions and writing statistics, but it doesn't support text formatting, and doesn't have all the bells and whistles found in applications like LibreOffice Writer or Microsoft Office Word. This minimalist text editor may not be particularly exciting, and it's not for everyone, but if you're working on a long writing project, a clean interface that allows you to focus exclusively on your work may be for you.
  • Samba 4.10.4 Released With 40 Bug fixes
    The Samba Team announced the availability of Samba 4.10.4. This is the latest stable release of the Samba 4.10 release series. Also, they released a patch against Samba 4.10.3. This release comes with close to 40 bug fixes.
  • 8 Best latex editors for Linux, Windows or MacOS
    LaTeX project is a programming language with which scientific and mathematical texts can be created. The full form of LaTeX here is Lamport TeX. In simple words, it is a document preparation system for high-quality typesetting but for special purposes where you need scientific and mathematical texts like scientific formulas for some academic books or PDF… Using packages or libraries, you can extend the scope of functions to create graphics and formulas. Now, what exactly is the LaTex editor? In simple words, the editor that supports LaTeX programming to create documents is called LaTeX editors. Thus, it is not like our normal word editor where we get formatted text in WYSIWYG (“what you see is what you get”) such as OpenOffice, LibreOffice or Microsoft Office. LaTeX is totally opposite uses a command line interface to format text for books or documents need an extensive text system that is intended for books, scientific papers and articles. Particularly in the mathematical-technical area, the system offers itself because of the formulas contained. You can simply install LaTeX on your system and then text can be entered in a simple editor and saved in a source text file, similar to a script. This text is supplemented by LaTeX commands, which, for example, identify chapters, sections, headings, and quotes. In addition, a LaTeX document can be spread over several files, so that each chapter is a separate file. However, there are a good number of best LaTeX backed editors are available for online to download with both open sources as well as a free license for Windows, Linux and MacOS. Thus, here we are with some best open source or free LaTeX editors but before installing them remember they are not simple text editors and to operate them, first, you must get familiar with the LaTeX commands…
  • PyRadio – curses based internet radio player
    On my roadmap is to review all actively maintained internet radio players. To date, I’ve covered odio, Shortwave, and Radiotray-NG. While there’s lots to admire in these projects, I feel that an internet radio player meeting all my requirements is still out there waiting to be discovered. For this review, I’ll run through PyRadio. Unlike the other radio players I’ve covered, PyRadio is curses based software.
  • Insync 3 Beta Available With OneDrive Syncing Support On Linux [Ed: Give all your files to Microsoft (which bribes officials to dump GNU/Linux, puts back doors in everything arrests whistleblowers etc.)]
  • GNOME 3.34's Mutter Gets Important Fix To Avoid Stuttering / Frame Skips
    In addition to GNOME's Mutter compositor / window manager seeing an important fix recently lowering the output lag under X11 so it matches GNOME's Wayland performance, another important Mutter fix also landed. The Mutter/Clutter change to avoid skipping over the next frame to render has landed. This is yet another big deal contribution by Canonical's Daniel van Vugt as part of their GNOME desktop enhancements.
  • Firefox brings you smooth video playback with the world’s fastest AV1 decoder
    Tuesday’s release of Firefox 67 brought a number of performance enhancing features that make this our fastest browser ever. Among these is the high performance, royalty free AV1 video decoder dav1d, now enabled by default on all desktop platforms (Windows, OSX and Linux) for both 32-bit and 64-bit systems. With files more than 30% smaller than today’s most popular web codec VP9 [1], and nearly 50% smaller than its widely deployed predecessor H.264 [2], AV1 allows high-quality video experiences with a lot less network usage, and has the potential to transform how and where we watch video on the Internet. However, because AV1 is brand new and more sophisticated, some experts had predicted that market adoption would wait until 2020 when high-performance hardware decoders are expected. Dav1d in the browser upends these predictions.
  • GNU Binutils Begins Landing eBPF Support
    The GNU Binutils is finally getting wired up around the Extended BPF (eBPF) as the modern, in-kernel virtual machine that stretches the Berkeley Packet Filter beyond the networking subsystem.  Compiling for eBPF has most commonly been done by the LLVM eBPF back-end to allow compiling C into the eBPF bytecode but it looks like the GNU toolchain developers are looking to increase their support around the increasingly common eBPF use-cases for this in-kernel VM.

Distros: Draco in Sparky, Fedora Issues and Optional Dependencies in Debian

  • Draco Desktop
    There is a new desktop available for Sparkers: Draco
  • Archiving 26 500 community Q&As from Ask Fedora
    Ask Fedora is the Fedora Linux community’s questions-and-answers portal, and it recently transitioned from a forum software called Askbot to Discourse. Changing the underlying forum software doesn’t have to be destructive but Ask Fedora decided to go with a nuke-and-pave migration strategy: They decided to start from scratch instead of copying user accounts and the user-contributed content to the new software. The first time I learned of the migration was a few days after it had happen. I’d run into an issue with my Fedora installation and went online looking for solutions. Every useful search result was from the old Ask Fedora site and every link returned an HTTP 404 Not Found error message as those answers hadn’t been migrated to the new Ask Fedora website.
  • Attention epel6 and epel7 ppc64 users
    If you are a epel6 or epel7 user on the ppc64 platform, I have some sad news for you. If you aren’t feel free to read on for a tale of eol architectures. ppc64 (the big endian version of power) was shipped with RHEL6 and RHEL7 and Fedora until Fedora 28. It’s been replaced by the ppc64le (little endian) version in Fedora and RHEL8.
  • Optional dependencies don’t work
    In the i3 projects, we have always tried hard to avoid optional dependencies. There are a number of reasons behind it, and as I have recently encountered some of the downsides of optional dependencies firsthand, I summarized my thoughts in this article. [...] Software is usually not built by end users, but by packagers, at least when we are talking about Open Source. Hence, end users don’t see the knob for the optional dependency, they are just presented with the fait accompli: their version of the software behaves differently than other versions of the same software. Depending on the kind of software, this situation can be made obvious to the user: for example, if the optional dependency is needed to print documents, the program can produce an appropriate error message when the user tries to print a document. Sometimes, this isn’t possible: when i3 introduced an optional dependency on cairo and pangocairo, the behavior itself (rendering window titles) worked in all configurations, but non-ASCII characters might break depending on whether i3 was compiled with cairo. For users, it is frustrating to only discover in conversation that a program has a feature that the user is interested in, but it’s not available on their computer. For support, this situation can be hard to detect, and even harder to resolve to the user’s satisfaction.