Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 17 Jul 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Red Hat Enterprise Linux 6 & CentOS 6 Patched Against Spectre V4, Lazy FPU Flaws Roy Schestowitz 15/07/2018 - 6:38am
Story openSUSE Tumbleweed Users Get LibreOffice 6.1, Mozilla Firefox 61, and FFmpeg 4 Roy Schestowitz 15/07/2018 - 6:36am
Story Today in Techrights Roy Schestowitz 15/07/2018 - 6:23am
Story today's leftovers Roy Schestowitz 15/07/2018 - 2:16am
Story Linux Kernel/Foundation Roy Schestowitz 15/07/2018 - 2:15am
Story OSS Leftovers Roy Schestowitz 15/07/2018 - 2:09am
Story Nintendo Found a Way to Patch an Unpatchable Coldboot Exploit in Nintendo Switch Roy Schestowitz 15/07/2018 - 1:47am
Story Winds – RSS and Podcast software created using React / Redux / Node Roy Schestowitz 15/07/2018 - 1:44am
Story GNOME: Pitivi, Gitlab CI, Flatpak and Mutter Roy Schestowitz 15/07/2018 - 1:34am
Story Release of KDE Frameworks 5.48.0 Roy Schestowitz 15/07/2018 - 1:31am

Games: Counter-Strike: Global Offensive and More

Filed under
Gaming
  • The new Counter-Strike: Global Offensive Panorama UI is now available on Linux

    After waiting for a bit of extra time, Linux gamers can now enjoy the brand new Panorama UI update in Counter-Strike: Global Offensive.

    To activate it, you need to add "-panorama" as a launch option on Steam. Simply right right on the game in your Steam library, hit properties and then hit the set launch options button and paste it in there.

  • Action racing game 'Road Redemption' updated with improved physics

    Annoyingly, they messed up the executable naming for the Linux & Mac versions. You can launch it directly from the installed folder, but not from Steam directly until they fix this. Sadly, that means the Steam Controller doesn't work as a gamepad, even when using SC Controller the buttons were all messed up so it's keyboard only until they fix it up.

  • Fallout inspired ATOM RPG has another sizeable update

    ATOM RPG, the rough but very promising Fallout inspired game has another sizeable update that's live on Steam.

  • Kalypso Media buy the rights to the Commandos IP, a new game is coming plus updates to older titles

    Kalypso Media now officially own the rights to the Commandos IP which could mean good things for Linux gamers.

    Kalypso Media have been pretty good to Linux gamers in recent years, with them publishing Linux titles like Sudden Strike 4, Railway Empire, Dungeons 3, Tropico 6 (coming soon) and plenty more.

  • Valve have revamped the Upcoming Releases section on Steam

    Valve are continuing their Steam store updated, with the latest section to get a makeover being the Upcoming games section.

    Originally, it was a very basic list of all games to be released on Steam for whatever platform you had selected to view. Instead, it's now a "Popular Upcoming" list that takes into account pre-release interest in a game using wishlists and other data.

  • Twin-stick shooter 'NeuroVoider' is now on GOG

    Flying Oak Games first title NeuroVoider is an action packed twin-stick shooter RPG and it's now available DRM free on GOG.

Debian Joins KDE's Advisory Board

Filed under
KDE
Debian

Since the KDE Advisory Board was created in 2016, we have been encouraging more and more organizations to join it, either as patrons or as non-profit partner organizations. With Ubuntu (via Canonical) and openSUSE (via SUSE) we already had two popular Linux distributions represented in the Advisory board. They are now joined by one of the biggest and oldest purely community-driven distributions: Debian.

KDE has a long-standing and friendly relationship with Debian, and we are happy to formalize it now. Having Debian on our Advisory Board will allow us to learn from them, share our experience with them, and deepen our collaboration even further.

Read more

Security: BGP Hijack Factory, IDN, Microsoft Windows Back Doors and Intel Defects

Filed under
Security
  • Shutting down the BGP Hijack Factory

    It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global [I]nternet?

    This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the [I]nternet.

  • Malformed Internationalized Domain Name (IDN) Leads to Discovery of Vulnerability in IDN Libraries

    The Punycode decoder is an implementation of the algorithm described in section 6.2 of RFC 3492. As it walks the input string, the Punycode decoder fills the output array with decoded code point values. The output array itself is typed to hold unsigned 32-bit integers while the Unicode code point space fits within 21 bits. This leaves a remainder of 11 unused bits that can result in the production of invalid Unicode code points if accidentally set. The vulnerability is enabled by the lack of a sanity check to ensure decoded code points are less than the Unicode code point maximum of 0x10FFFF. As such, for offending input, unchecked decoded values are copied directly to the output array and returned to the caller.

  • GandCrab ransomware adds NSA tools for faster spreading

    "It no longer needs a C2 server (it can operate in airgapped environments, for example) and it now spreads via an SMB exploit -- including on XP and Windows Server 2003 (along with modern operating systems)," Beaumont wrote in a blog post. "As far as I'm aware, this is the first ransomware true worm which spreads to XP and 2003 -- you may remember much press coverage and speculation about WannaCry and XP, but the reality was the NSA SMB exploit (EternalBlue.exe) never worked against XP targets out of the box."

  • Intel Discloses New Spectre Flaws, Pays Researchers $100K

    Intel disclosed a series of vulnerabilities on July 10, including new variants of the Spectre vulnerability the company has been dealing with since January.

    Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, who detailed their findings in a publicly released research paper tilted, "Speculative Buffer Overflows: Attacks and Defenses."

    "We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows," the researchers wrote. "We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes."

today's howtos

Filed under
HowTos

Red Hat News

Filed under
Red Hat
  • Top Indian carriers taking "open telco" approach to build future networks for new services: Red Hat

    Top Indian telecom service providers are taking “Open Telco” approach in building next-generation networks using networks functions virtualisation technology to bring flexibility to offer new services, and to prepare for 5G in coming years, according to the US-based open source solutions provider, Red Hat.

    Ben Panic, Director of Sales, Asia Pacific Region (Telecommunications) at Red Hat told ET that Indian telcos have already deployed open source technology-based solutions in the core functions of their mobile networks. “The target goal of NFV is to open, be multi-vendor, be flexible and agile,” he said.

  • Celebrating Red Hat’s 25th anniversary: How partners play an important role [Ed: reposted from Red Hat's site]

    As Red Hat celebrates 25 years, I would be remiss not to mention the role Red Hat partners have played in our company’s story. Partners have been an important multiplier for Red Hat and building our customer success. They are important to our future.

    Early endeavours in the channel

    In 2006, I joined Red Hat to expand the partner ecosystem. I’d been working in the channel since Moses was around, or at least since 1981. Although we were mainly selling direct, there was growing confidence that we could make the transformation to support a robust partner ecosystem.

  • Analysts Set Red Hat Inc (RHT) Target Price at $157.79
  • Buy Red Hat, An Attractive Cloud Computing Play

How developers can get involved with open source networking

Filed under
OSS

There have always been integration challenges with open source software, whether in pulling together Linux distributions or in mating program subsystems developed by geographically distributed communities. However, today we're seeing those challenges writ large with the rise of large ecosystems of projects in areas such as networking and cloud-native computing.

Integration was one topic of my conversation with Heather Kirksey, the VP of Community and Ecosystem Development at the Linux Foundation, recorded for the Cloudy Chat podcast. We also talked about modularity and how developers can get involved with open source networking. For the past three years, Kirksey has directed the Linux Foundation's Open Platform for Network Functions Virtualization (OPNFV), which is now part of the LF Networking Fund that's working to improve collaboration and efficiency across open source networking projects.

Read more

Top 5 MMORPGs for Linux

Filed under
GNU
Linux
Gaming

If you think Linux is only for servers and people who don't like watching YouTube videos or playing games, you're wrong! Linux is one of the most versatile operating systems in the world and is quickly developing into a beautiful environment where cool games can run natively.

For instance, Steam is now native to Linux! Not to mention, there are plenty of Linux-compatible games to try and most of them feature commercial quality. Sadly, MMORPGs are still a bit behind when it comes to Linux, but not for long! Still, there is a way around this as there are several cool games to try even when all you have is the dear old Linux. Below we'll list five of the most fun and entertaining MMORPGs that run natively on Linux.

Read more

today's leftovers

Filed under
Misc
  • Top 10 Reasons Why Desktop Linux Failed

    1) Linux isn't pre-installed - No matter how much we may debate it, having Windows pre-installed on PCs means that's what people are likely to end up using. In order for someone to move over to Linux on the desktop, there must be a clear reason to do so. There is the problem. The only time I've personally seen users make the switch over to Linux from Windows comes down to frustration with Windows or a desire to advance their skills into an IT field.

    My own Linux story, for example, was a mixture of the two examples above. First off, I was just done with Windows. I had already been dabbling with Linux at the time I completely switched, but I become disenfranchised with the Microsoft way of doing things. So for me, the switch to Linux was based out of frustration.

    Had I not experienced any frustrations with Windows, I might not have ever thought to jump ship over to an alternative. Even when I built my own PCs myself, the OS offered at computer stores was Windows only. This is a huge hurdle for Linux adoption on the desktop.

    2) Linux freedom vs convenience - It's been my experience that people expect a user experience that's consistent and convenience. How one defines this depends on the individual user. For some, it's a matter of familiarity or perceived dependability. For more advanced PC users, a consistent convenience may mean a preferred workflow or specific applications.

    The greater takeaway is that when people are aware of other operating systems, they will usually stick with that they've used the longest. This presents a problem when getting people to try Linux. When using a desktop platform for a long time, you develop habits and expectations that don't lend themselves well to change.

  • How to be efficient and cost effective (or not)

    It's the mid-1990s, and this big corporation is working on a major development project to replace most of its critical systems, says a Unix admin pilot fish working there.

  • [Podcast] PodCTL #41 – Dissecting Kubernetes Surveys

    In a world of open source projects, privately funded companies, one-off cloud services and a mix of public companies, it can often be difficult to determine hype from trends from real usage.

  • PodCTL Podcast #38 – A Beginner’s Guide to Kubernetes
  • Optimizing a Python application with C++ code

    I’ve been working lately in a command line application called Bard which is a music manager for your local music collection. Bard does an acoustic fingerprinting of your songs (using acoustid) and stores all song metadata in a sqlite database. With this, you can do queries and find song duplicates easily even if the songs are not correctly tagged. I’ll talk in another post more about Bard and its features, but here I wanted to talk about the algorithm to find song duplicates and how I optimized it to run around 8000 times faster.

    [...]

    An obvious improvement I didn’t do yet was replacing the map with a vector so I don’t have to convert it before each for_each call. Also, vectors allow to reserve space in advance, and since I know the final size the vector will have at the end of the whole algorithm, I changed to code to use reserve wisely.

    This commit gave the last increase of speed, to 7998x, 36680 songs/second and would fully process a music collection of 1000 songs in just 13 seconds..

  • How A KDE Developer Used C++17 & Boost.Python For About A 8,000x Speed-Up

    Open-source developer Antonio Larrosa who contributes to KDE and openSUSE has been developing a command-line music manager called Bard. He's written an interesting post about how he sped up some of his operations by around eight-thousand times faster.

    In particular, Antonio was focused on speeding up the process of finding song/music duplicates in the user's local music collection. What started out as Python code was morphed into optimized C++ code. Little surprise, the C++ code once tuned was immensely faster than Python -- but the blog post is interesting for those curious about the impact of the various steps he took for tuning this implementation.

  • GLib 2.58 Is Looking Good With Portability Improvements, Efficient Process Launching

    The GLib low-level GNOME library while being quite mature is seeing a significant update with its version 2.58 release due out this September for GNOME 3.30.

    Two of the biggest GLib 2.58 changes we have covered up to now on Phoronix has been the new generic reference counting API and more efficient app launching. The reference counting API has been in the works for 6+ years to help GLib's bindings/integration with languages utilizing automatic memory management / garbage collection. The more efficient process launching via the use of posix_nspawn() is also exciting for better performance, particularly on systems suffering from memory pressure.

  • Taiwan Travel Blog - Day 2 & 3

    My Taiwan Travel blog continues! I was expecting the weather to go bad on July 10th, but the typhoon arrived late and the rain only started around 20:00. I'm pretty happy because that means I got to enjoy another beautiful day of hiking in Taroko National Park.

    I couldn't find time on the 10th to sit down and blog about my trip, so this blog will also include what I did on the 11th.

  • Canonical Releases Minimal Ubuntu, Optimised for Multicloud

    Canonical, the company behind popular Linux system Ubuntu, has released Minimal Ubuntu, a pared-back, significantly faster iteration of its server operating system (OS).

  • Nokia signs billion-euro network tech deal with China Mobile

     

    Nokia said over the one-year framework agreement it will deliver mobile radio access, fixed access, IP routing and optical transport systems as well as other services to the Chinese mobile operator.  

  •  

Software and Games: Wego, Cockpit, Samba, Podman, Humble Store's Square Enix Publisher Week and GOG

Filed under
Software
Gaming
  • wego – ASCII weather app for the terminal

    I spend an inordinate amount of time at the command line. I almost live on the command line because of its convenience. It’s probably because I love terminal apps.

    wego is another gem of a terminal application. It’s open source weather software written in the Go programming language and designed for the terminal. It displays the weather in a variety of visually attractive ways. It’s a lightweight way to keep an eye on the weather without requiring a web browser. The information is SSL-encrypted for transmission to the local computer.

    You may have been using the software without knowing it. wttr.in is a web frontend for wego that you can access using curl to provide weather information from a terminal. If you’ve already got curl on your system, there’s nothing to install. It’s got lots of options; you can find out about them from curl wttr.in/:help

  • Cockpit 172

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 172.

  • Samba 4.9 Is Working On Many Improvements, New Features

    Developers behind Samba, the open-source SMB/CIFS implementation for providing integration with the Windows Server Domain and Windows clients, is preparing for their next 4.9 release.

    In stepping towards their first preview release of Samba 4.9, their news file has been getting filled in over the past couple days to reflect all of the changes that have been staged in Samba Git since the Samba 4.9 branching at the beginning of the year.

  • Using podman for containers

    Podman is one of the newer tool in the container world, it can help you to run OCI containers in pods. It uses Buildah to build containers, and runc or any other OCI compliant runtime. Podman is being actively developed.

    I have moved the two major bots we use for dgplug summer training (named batul and tenida) under podman and they are running well for the last few days.

  • The Humble Store 'Square Enix Publisher Week' has some great Linux games on offer

    For those after some of the bigger Linux games, you should take a look at Humble Store's Square Enix Publisher Week.

  • The updated release of 'Desperados: Wanted Dead or Alive' that has Linux support is now on GOG

    As a reminder, the updated release from THQ Nordic doesn't just add Linux support. It also adds language support for French, German, Spanish, Italian, Russian and English to the main game. It also adds in the lost demo level, with more limited language support.

Linux Kernel, Linux Foundation and Graphics

Filed under
Graphics/Benchmarks
Linux
  • The final step for huge-page swapping

    For many years, Linux system administrators have gone out of their way to avoid swapping. The advent of nonvolatile memory is changing the equation, though, and swapping is starting to look interesting again — if it can perform well enough. That is not the case in current kernels, but a longstanding project to allow the swapping of transparent huge pages promises to improve that situation considerably. That work is reaching its final stage and might just enter the mainline soon.

    The use of huge pages can improve the performance of the system significantly, so the kernel works hard to make them available. The transparent huge pages mechanism collects application data into huge pages behind the scenes, and the memory-management subsystem as a whole works hard to ensure that appropriately sized pages are available. When it comes time to swap out a process's pages, though, all of that work is discarded, and a huge page is split back into hundreds of normal pages to be written out. When swapping was slow and generally avoided, that didn't matter much, but it is a bigger problem if one wants to swap to a fast device and maintain performance.

  • Revisiting the MAP_SHARED_VALIDATE hack

    One of the the most commonly repeated mistakes in system-call design is a failure to check for unknown flags wherever flags are accepted. If there is ever a point where callers can get away with setting unknown flags, then adding new flags becomes a hazardous act. In the case of mmap(), though, developers found a clever way around this problem. A recent discussion has briefly called that approach into question, though, and raised the issue of what constitutes a kernel regression. No changes are forthcoming as a result, but the discussion does provide an opportunity to look at both the specific hack and how the kernel community decides whether a change is a regression or not.

    Back in 2017, several developers were trying to figure out a way to safely allow direct user-space access to files stored on nonvolatile memory devices. The hardware allows this memory to be addressed directly by the processor, but any changes could go astray if the filesystem were to move blocks around at the same time. The solution that arose was a new mmap() flag called MAP_SYNC. When a file is mapped with this flag set (and the file is stored on a nonvolatile memory device), the kernel will take extra care to ensure that access to the mapping and filesystem-level changes will not conflict with each other. As far as applications are concerned, using this flag solves the problem.

  • Take Our Survey on Open Source Programs

    Please take eight minutes to complete this survey. The results will be shared publicly on The New Stack, and The Linux Foundation’s GitHub page.

  • Mesa 18.1.4 release candidate

    Mesa 18.1.4 is planned for release this Friday, July 13th, at or around 10 AM PDT.

  • Mesa 18.1.4 Being Prepared With Intel Fixes & A Couple For Radeon

    Another routine Mesa 18.1. point release is being prepared while waiting for the August debut of the Mesa 18.2 feature update.

    Dylan Baker, the Mesa 18.1 release manager and his first stab at the task, has announced the Mesa 18.1.4 release candidate today. In its current form, Mesa 18.1.4 is comprised of just over two dozen patches.

  • Pre-AMDGPU xf86-video-ati X.Org Driver Sees A Round Of Improvements

    It's rare in recent years to have anything to report on xf86-video-ati, the X.Org driver for the display/2D experience for pre-GCN Radeon graphics cards. But this week has been a large batch of fixes and improvements for those using this DDX driver with pre-HD7000 series hardware.

    Longtime Radeon Linux driver developer Michel Dänzer has landed a number of commits already this week of various fixes/cleanups, some of which were inspired by the xf86-video-amdgpu DDX driver that is used for current-generation hardware with the AMDGPU kernel driver (unless using xf86-video-modesetting...).

Red Hat News, Scientific Linux, and Fedora 29 Dropping GCC From Their Default Build Root

Filed under
Red Hat
  • Red Hat OpenStack platform adopted by Fujitsu

    Red Hat recently announced that Fujitsu has adopted Red Hat OpenStack Platform as an Infrastructure-as-a-Service (IaaS) component of Fujitsu Cloud Service for OSS, its global hybrid cloud service offering.

    As a backbone for an open hybrid cloud, Fujitsu Cloud Service for OSS is designed to help enterprises more quickly develop cloud-native and traditional applications and services in an environment built from innovative, more reliable, and more secure open technologies.

    This announcement shows the continued, long-standing collaboration between Red Hat and Fujitsu to offer hybrid cloud solutions based on open source.

  • Fujitsu Adopts Red Hat OpenStack Platform for Fujitsu Cloud Service for OSS
  • Entando Announces OEM Agreement with Red Hat on Modern Applications

    Entando, a leader in open source Digital Experience Platforms, today announced that Red Hat has agreed to include access to a set of Entando’s open source low-code tools as part of Red Hat’s newly launched Red Hat Process Automation Manager. Entando has optimized the tools to run effectively on Red Hat Process Automation Manager. Together, these technologies offer customers expanded next-generation business process automation capabilities native to Red Hat OpenShift Container Platform and a user experience (UX) designed to help them create cloud-native applications faster.

  • STT Connect builds webscale private cloud infrastructure on Red Hat

    To build its cloud on a flexible, supported open source platform, STT Connect partnered with Red Hat to deploy Red Hat OpenStack Platform, Red Hat Ansible Tower, and other enterprise Red Hat software.

    These solutions helped the company create an agile and efficient — yet secure — webscale cloud infrastructure. STT Connect became the first cloud company in Singapore to achieve the highest level Multi-Tier Cloud Security (MTCS) certification with an OpenStack private cloud.

  • The Final Build of Scientific Linux 6.10 Legacy Branch Released

    Scientific Linux has announced that the 6.10 release will be the final build of their legacy branch based on Red Hat 6.10. It will only receive security updates and major bug fixes and will be supported until November 2020.

    Fermi National Accelerator Laboratory (Fermilab) and European Organization for Nuclear Research (CERN) co-develop Scientific Linux with the aim of creating a stable operating system that is supplied with packages and applications that support scientific research. They also list using “the free exchange of ideas, designs, and implementations to prepare a computing platform for the next generation of scientific computing” as one of their goals.

  • ISVs in APAC Showcase Increased Red Hat OpenShift Adoption Across Verticals
  • Should You Buy Red Hat, Inc. (RHT) or Marsh & McLennan Companies, Inc. (MMC)?
  • Red Hat, Inc. (RHT) P/E ratio is noted at 62.01
  • Is this stock Risky for You?: Red Hat, Inc. (RHT)
  • Analyst Buzz: Red Hat, Inc. (NYSE:RHT)
  • Red Hat: Ready For Multiple Expansion
  • Fedora 29 Dropping GCC From Their Default Build Root Has Been Causing A Heated Debate

    One of the surprisingly controversial changes being implemented for Fedora 29 is dropping GCC and GCC-C++ from the default BuildRoot for assembling Fedora packages with Koji and Mock.

    Up to now it's always just been implied that GCC (including the GCC C++ compiler) is there by default with every build-root. But these days with more packages being written in languages like Go, Rust, Python, Node.js, and other modern languages, the proportion of C/C++ applications is decreasing. As such, the GCC C/C++ support is no longer being implied with the default build environments in Koji/Mock, which in turn should help package build times for non-C/C++ packages as they will no longer need to pull in the gcc/gcc-c++ packages and in turn a cleaner buildroot environment too.

OSS Leftovers

Filed under
OSS
  • Open Source GraphQL Engine Launched

    An open source GraphQL Engine has been launched that can be used with applications based on Postgres without the need for backend GraphQL processing code.

    The new GraphQL as a service can be used by front-end developers to build scaleable GraphQL apps on Postgres.

    Hasura’s GraphQL Engine automates the implementation and linking of databases to the graph. The APIs can be used to choose tables from new or existing database for use with GraphQL and link those existing tables into a graph. The engine has built-in authorization and authentication with granular authentication and a dynamic access control system that integrates with existing authentication systems such as Auth0 or custom implementations. The engine is also lightweight, consuming only 50MB of RAM even while serving more than a thousand requests per second.

  • Hasura Launches Open Source GraphQL Engine That Provides Instant GraphQL-as-a-Service on Any Existing Postgres Application
  • R3 has commercially launched its open-source blockchain platform

    Blockchain consortium R3 has commercially rolled out its open-source blockchain platform, dubbed Corda Enterprise, which aims to enable more businesses to leverage blockchain technologies. This comes after R3 launched version 1.0 of the platform in October 2017.

  • Algo Development 2.0 Looks to Open Source, Cloud & Big Data

    While the financial services industry was an early adopter of open source software going back to the Linux operating system in 1991 and the FIX Protocol in the late 1990s, financial firms may have restrictions on contributing code back to the wider open source community.

    “When it comes to trading algorithms there is a secret sauce embedded there that I don’t think people ever want to open source,” said Bill Harts, senior advisor to the Modern Markets Initiative, who moderated the panel. Harts, who has been an early adopter of algorithmic trading at Citi, Goldman Sachs and Bank of America, said: “That’s how they make money. Where do you draw the line?” asked Harts.

  • 5 open source principles that help DevOps teams excel

    While open source has more than a decade head start on DevOps, the two have steadily converged over time. As a CIO, you can support the use of some key open source cultural values to empower your organization’s DevOps team and ensure maximum success.  

  • Open source hasn't made tech more open

    Democratic ideals have given way to governments and corporate giants.

  • Event management with Indico

    There are many things to love about the Linux Plumbers Conference (LPC), but the event's web site has not often been considered one of them. This year, your editor took on the task of finding a new system to handle proposal submission, review, and scheduling, despite his own poor track record when it comes to creating attractive web sites. The search finally settled on a system called Indico; read on for some impressions of this interesting free event-management system.

    There are a number of free systems out there for handling the needs of conferences. Among the others that were considered are Symposion, which is used by linux.conf.au, and OSEM, the openSUSE event-management system. Both are capable systems, but neither seems to have been developed with the idea that others might want to pick it up and run it. In particular, every Symposion installation seems to require a fair amount of low-level customization. The installation documentation for both is, to put it charitably, a bit scant. Indico, instead, comes with a nice installation manual that makes the task something that is, if not actually easy, at least achievable without having to actually learn the entire code base first. 

    [...]

     Events in Indico have most of the features needed to track their life cycle. Each event has a home page with a reasonable degree of customization; pages of information can be attached to the home page. There is an elaborate mechanism for proposal submission and review. Events can be split into tracks and sessions, with a different coordinator for each session; the schedule for the whole thing can be managed in a reasonably straightforward way. For those who need it, Indico also offers a registration system, though LPC is not using it.

  •  

Codecs and Patents

Filed under
Moz/FF
OSS
Legal
  • An Invisible Tax on the Web: Video Codecs

    Here’s a surprising fact: It costs money to watch video online, even on free sites like YouTube. That’s because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec.

    A codec is a piece of software that lets engineers shrink large media files and transmit them quickly over the internet. In browsers, codecs decode video files so we can play them on our phones, tablets, computers, and TVs. As web users, we take this performance for granted. But the truth is, companies pay millions of dollars in licensing fees to bring us free video.

    It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.

  • AV1, Opportunity or Threat for POWER and ARM Servers?

    While I haven’t seen an official announcement, Phoronix reported that the AV1 git repository was tagged 1.0, so the launch announcement is imminent. If you haven’t heard about it already, AOMedia Video 1 (AV1) is an open, royalty-free video coding format by the Alliance for Open Media.

  • VP9 & AV1 Have More Room To Improve For POWER & ARM Architectures

    Luc Trudeau, a video compression wizard and co-author of the AV1 royalty-free video format, has written a piece about the optimization state for video formats like VP9 and AV1 on POWER and ARM CPU architectures.

Open Hardware: RISC-V FUD and DIY Guns

Filed under
Hardware
  • ARM Takes Down Boneheaded Website Attacking Open-Source Rival

    ARM, the incredibly successful developer of CPU designs, appears to be getting a little nervous about an open-source rival that’s gaining traction. At the end of June, ARM launched a website outlining why it’s better than its competitor’s offerings and it quickly blew up in its face. Realizing the site was a bad look, ARM has now taken it down.

    For the uninitiated, ARM Holdings designs various architectures and cores that it licenses to major chipmakers around the world. Its tech can be found in over 100 billion chips manufactured by huge names like Apple and Nvidia as well as many other lesser-known players in the low-power market. If ARM is Windows, you can think of RISC-V as an early Linux. Like ARM, it’s an architecture based on reduced instruction set computing (RISC), but it’s free to use and open to anyone to contribute or modify. While ARM has been around since 1991, RISC-V just got started in 2010 but it’s gaining a lot of ground and ARM’s pitiful website could easily be seen as a legitimizing moment for the tech.

  • A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

     

    Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First.

     

    "If code is speech, the constitutional contradictions are evident," Wilson explained to WIRED when he first launched the lawsuit in 2015. "So what if this code is a gun?”

Programming: Rust and Python

Filed under
Development
  • This Week in Rust 242

    Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

  • Kindness and open-source projects

    Brett Cannon is a longtime Python core developer and member of the open-source community. He got to check off one of his bucket-list items when he gave a keynote [YouTube video] at PyCon 2018. That keynote was a rather personal look at what he sees as some problem areas in the expectations of the users of open-source software with respect to those who produce it. While there is lots to be happy for in the open-source world, there are some sharp edges (and worse) that need filing down.

    He started with his background as a way to show that he has the experience to give this talk. He is the development lead on the Python extension for Visual Studio Code, which is Microsoft's cross-platform open-source code editor. He noted that the two qualifiers for the editor are probably shocking to some. It was originally a community open-source project; Microsoft hired the developer behind it and it is now "corporate open source", Cannon said. That means there is a company backstopping the project; if the community fell away, the project would continue.

    He has been a Python core developer since April 2003; he got the commit bit shortly after attending the first PyCon (and he has attended every PyCon since as well). In contrast, Python is community open source; if the community disappeared, the project "would probably collapse within a month". He has contributed to over 80 open-source projects along the way; many of those were simply typo fixes of various sorts, but it has given him exposure to a lot of different development processes. "I've been lucky enough to have a broad range of exposure to open source overall."

  • Python and the web

    Dan Callahan is a developer advocate at Mozilla and no stranger to PyCon (we covered a talk of his at PyCon 2013). He was also the champion at Mozilla for the grant that helped revamp the Python Package Index (PyPI). At PyCon 2018, he gave a keynote talk [YouTube video] that focused on platforms of various sorts—and where Python fits into the platforms of the future.

    He began with a slide showing the IBM PCjr, which was the first computer IBM made for the home market. It was released in 1984 and immediately drew a bad reaction from the public and the press (Time magazine called it "one of the biggest flops in the history of computing"). Commercially and even objectively, the PCjr was a bad platform, he said.

    But when he was old enough to become interested in computers, that was the computer that was available to him—his father had bought one during the roughly one year they were available. He learned BASIC as his first language because the PCjr came with BASIC. He didn't think about it at the time, but his first language was chosen for him; he didn't get to consider what features he wanted or how the language's community was. His platform had determined the tool he would use.

    Fast-forward a few years to when he was in high school and had his own computer; even though he had access to Linux, PHP, and Perl, he still found himself programming in BASIC. This was the pre-smartphone era, so when he was bored in class, he had to find some other way to distract himself; he and his friends turned to TI-82 graphing calculators. Those were programmable in BASIC, so even though he had more sophisticated tools available to him, if he wanted to share something with his friends, it would have to be written in BASIC for the TI-82. That platform also dictated the tool that he would use.

Security: Updates, GNU/Linux, Spectre and DRM

Filed under
Security
  • Security updates for Wednesday
  • Another Linux distro poisoned with malware

    Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.

  • Arch Linux AUR packages found to be laced with malware

    Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

  • ​The return of Spectre

    The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

    Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

    These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.

  • Mercury Security Introduces New Linux Intelligent Controller Line

    Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

    The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.

  • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission

    Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

    Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.

  • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire

    The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.

Syndicate content

More in Tux Machines

Linux Foundation and Linux Development

  • Linux Foundation launches LF Energy open source platform
    Launched with support from Europe’s biggest transmission power systems provider and other organizations, LF Energy aims to streamline everything from system operator smart assistants to smart grid control software. It will serve as an umbrella organization that supports collaboration among vendors in the energy sector to advance information and communication technologies (ICT) that impact the energy balance and brings about economic value.
  • FPGA Device Feature List Framework Coming For Linux 4.19
    There's already a new framework coming to Linux 4.19 in the form of Google's Gasket while queued this week is now another new framework: the FPGA Device Feature List.
  • AMDGPU Firmware Updated From 18.20, Vega M Blobs Added
    The latest AMDGPU firmware/microcode binary images for Radeon GPUs have landed in the Linux-Firmware Git tree. Hitting linux-firmware.git minutes ago was the latest batch of AMDGPU firmware files from Bonaire and Hawaii up through Vega 10, Polaris, and Raven hardware. The updated firmware images are the same as what AMD recently shipped with the Radeon Software 18.20 hybrid driver package. No change-logs of what is different about these updated firmware images are currently available, but most of the time it's mostly routine and mundane fixes/updates.
  • Nvidia 390.77 Linux Graphics Driver Improves Compatibility with Latest Kernels
    Nvidia released a new version of its long-lived proprietary display driver for GNU/Linux, FreeBSD, and Solaris systems to add compatibility with recent Linux kernels and fix various bugs. While not a major release, the Nvidia 390.77 proprietary graphics driver brings better compatibility with the latest Linux kernels. However, Nvidia didn't mention if it's now possible to compile its proprietary display drivers with the upcoming Linux 4.18 kernel series or just with the recent Linux 4.17 point releases. In addition to improving compatibility with recent Linux kernels, the Nvidia 390.77 proprietary display driver for Linux-based operating systems addresses a random hang issue that could occur for some users when running Vulkan apps in full-screen mode and flipping was allowed.

today's howtos

Ballerina reinvents cloud-native programming

Ballerina has been inspired by Java, Go, C, C++, Rust, Haskell, Kotlin, Dart, TypeScript, JavaScript, Swift, and other languages. It is an open source project, distributed under the Apache 2.0 license, and you can find its source code in the project's GitHub repository. Read more

Games: Stranded Deep, Ion Maiden and More