Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 27 Jun 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 25/06/2019 - 12:32pm
Story 5 Best and Free Desktop Email Clients for Linux and Windows arindam1989 25/06/2019 - 12:23pm
Story Today in Techrights Roy Schestowitz 25/06/2019 - 11:52am
Story Android Leftovers Rianne Schestowitz 25/06/2019 - 9:52am
Story 5 tiny Linux distros to try before you die Rianne Schestowitz 25/06/2019 - 9:43am
Story The Ecuadorean Authorities Have No Reason to Detain Free Software Developer Ola Bini Roy Schestowitz 15 25/06/2019 - 7:18am
Story today's leftovers Roy Schestowitz 25/06/2019 - 3:31am
Story Proprietary Software and Games: OnlyOffice, Total War: THREE KINGDOMS and Underspace From Pastaspace Roy Schestowitz 25/06/2019 - 3:30am
Story Ubuntu/Debian Leftovers Roy Schestowitz 25/06/2019 - 3:24am
Story Programming Leftovers Roy Schestowitz 25/06/2019 - 3:18am

today's howtos and programming bits

Filed under
Development
HowTos

Debian vs. Ubuntu: Best Linux Distro for Laptops, Desktops, and Servers

Filed under
Debian
Ubuntu

There is a seemingly endless list of distributions to choose from if you’re interested in Linux. That said, one of the most popular distributions is Ubuntu. If you’ve heard of Linux, chances are you’ve heard of Ubuntu.

You may have heard that Ubuntu is based on another distribution, Debian. Which one should you choose? Is it a matter of preference, or is easy distribution better suited to different use cases?

Read more

AMD Navi and Linux

Filed under
Graphics/Benchmarks
Linux
Hardware
  • More AMD Navi GPUs show up in a Linux driver

    A since-deleted commit for a Linux driver update hints at 4 new AMD Navi GPUs.

  • Libdrm Picks Up Support For AMD Navi

    As another one of the prerequisites for landing the AMD Radeon RX 5000 series "Navi" support in Mesa, the libdrm bits have just been merged.

    Libdrm is the Mesa DRM library that is needed for sitting between the Linux kernel Direct Rendering Manager (DRM) interfaces and the user-space components (depending upon the driver, as is required by like RadeonSI). Libdrm also ends up being used by the DDX drivers like xf86-video-amdgpu and other components as well depending upon the driver. As of a short time ago, the Navi bits landed in libdrm Git.

    The Navi support here isn't all that exciting and mostly boilerplate code for a new generation for a new family ID, a new member for a tile steering override for GFX10, GDDR6 as a new video memory type, and the largest addition is simply the new tests for VCN 2.0 video decode support.

Fedora 30 Elections Results

Filed under
Red Hat

The Fedora 30 election cycle has concluded. Here are the results for each election. Congratulations to the winning candidates, and thank you all candidates for running in this election!

Read more

You Can Now Buy Linux Notebooks Powered by Zorin OS from Star Labs

Filed under
GNU
Linux
Hardware

The makers of the Zorin OS Linux operating system announced today that they partnered with a computer manufacturer to offer users notebooks powered by Zorin OS.

The wait is over, as Zorin OS has partnered with Star Labs, a UK-based computer manufacturer specialised in selling Linux-powered notebooks, to offer you two new laptops running the latest version of Zorin OS, fully customized and optimised for these powerful and slick notebooks.

"Creating a Linux desktop experience that’s accessible to everyone has always been our mission at Zorin OS," reads today's announcement. "Today we’re taking the next step in this mission by making Zorin OS easier for the masses to access: on new computers powered by Zorin OS."

Read more

Release of Wine 4.11

Filed under
Software
  • Wine Announcement
    The Wine development release 4.11 is now available.
    
    What's new in this release (see below for details):
      - Updated version of the Mono engine, including Windows.Forms.
      - More DLLs are built as PE files by default.
      - Faster implementation of Slim Reader/Writer locks on Linux.
      - Initial support for enumerating display devices.
      - Various bug fixes.
  • Whose Wine is it anyway? Wine 4.11 is out

    It's not quite the the Wine o'clock news but it will do, Wine 4.11 is officially out. The Wine team continues progressing on and it's looking tasty.

  • Wine 4.11 Brings Ability To Enumerate Display Devices, Updated Mono

    Wine 4.11 is out tonight as the latest bi-weekly development release for running Windows games/applications on Linux and other platforms.

    With Wine 4.11 is initial support for enumerating display devices. In particular, a Xinerama display device handler is added to the Wine X11 driver and the ability to handle display device changes.

    Wine 4.11 also ships with an updated version of the Mono engine, more DLLs are now built as PE files by default (continuing a recent trend), there is a faster implementation of slim reader/write locks on Linux, and various bug fixes.

FreeBSD 11.3-RC2 Now Available

Filed under
BSD

The second RC build of the 11.3-RELEASE release cycle is now available.

Installation images are available for:

o 11.3-RC2 amd64 GENERIC
o 11.3-RC2 i386 GENERIC
o 11.3-RC2 powerpc GENERIC
o 11.3-RC2 powerpc64 GENERIC64
o 11.3-RC2 sparc64 GENERIC
o 11.3-RC2 armv6 BANANAPI
o 11.3-RC2 armv6 BEAGLEBONE
o 11.3-RC2 armv6 CUBIEBOARD
o 11.3-RC2 armv6 CUBIEBOARD2
o 11.3-RC2 armv6 CUBOX-HUMMINGBOARD
o 11.3-RC2 armv6 RPI-B
o 11.3-RC2 armv6 RPI2
o 11.3-RC2 armv6 PANDABOARD
o 11.3-RC2 armv6 WANDBOARD
o 11.3-RC2 aarch64 GENERIC

Note regarding arm SD card images: For convenience for those without
console access to the system, a freebsd user with a password of
freebsd is available by default for ssh(1) access.  Additionally,
the root user password is set to root.  It is strongly recommended
to change the password for both users after gaining access to the
system.

Installer images and memory stick images are available here:

    https://download.freebsd.org/ftp/releases/ISO-IMAGES/11.3/

The image checksums follow at the end of this e-mail.

If you notice problems you can report them through the Bugzilla PR
system or on the -stable mailing list.

If you would like to use SVN to do a source based update of an existing
system, use the "releng/11.3" branch.

A summary of changes since 11.3-RC1 includes:

o Updates to the ixl(4) and ixlv(4) drivers.

A list of changes since 11.2-RELEASE is available in the releng/11.3
release notes:

    https://www.freebsd.org/releases/11.3R/relnotes.html

Please note, the release notes page is not yet complete, and will be
updated on an ongoing basis as the 11.3-RELEASE cycle progresses.

=== Virtual Machine Disk Images ===

VM disk images are available for the amd64, i386, and aarch64
architectures.  Disk images may be downloaded from the following URL
(or any of the FreeBSD download mirrors):

    https://download.freebsd.org/ftp/releases/VM-IMAGES/11.3-RC2/

The partition layout is:

    ~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label)
    ~ 1 GB  - freebsd-swap GPT partition type (swapfs GPT label)
    ~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label)

The disk images are available in QCOW2, VHD, VMDK, and raw disk image
formats.  The image download size is approximately 135 MB and 165 MB
respectively (amd64/i386), decompressing to a 21 GB sparse image.

Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI
loader file is needed for qemu-system-aarch64 to be able to boot the
virtual machine images.  See this page for more information:

    https://wiki.freebsd.org/arm64/QEMU

To boot the VM image, run:

    % qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt  \
	-bios QEMU_EFI.fd -serial telnet::4444,server -nographic \
	-drive if=none,file=VMDISK,id=hd0 \
	-device virtio-blk-device,drive=hd0 \
	-device virtio-net-device,netdev=net0 \
	-netdev user,id=net0

Be sure to replace "VMDISK" with the path to the virtual machine image.

=== Amazon EC2 AMI Images ===

FreeBSD/amd64 EC2 AMIs are available in the following regions:

  eu-north-1 region: ami-091a9d377d956c519
  ap-south-1 region: ami-0fa381eb7dd65b236
  eu-west-3 region: ami-0888c48fcbc7ec3b9
  eu-west-2 region: ami-01d9ee1b7ba0aaf87
  eu-west-1 region: ami-072313e0a896f9fc3
  ap-northeast-2 region: ami-081a9854f2575823e
  ap-northeast-1 region: ami-027ab7629095b2419
  sa-east-1 region: ami-0ed1e9346b072b7fa
  ca-central-1 region: ami-0effcf973bbde0b80
  ap-southeast-1 region: ami-06fc8fd0e39f4a6e8
  ap-southeast-2 region: ami-0e68f9d80df9828aa
  eu-central-1 region: ami-042016143d5bf5261
  us-east-1 region: ami-0ad4a06d874497067
  us-east-2 region: ami-0efb20b4a888c1bd1
  us-west-1 region: ami-0b5b96c925cec68fe
  us-west-2 region: ami-0f672651aa001cc97

=== Vagrant Images ===

FreeBSD/amd64 images are available on the Hashicorp Atlas site, and can
be installed by running:

    % vagrant init freebsd/FreeBSD-11.3-RC2
    % vagrant up

=== Upgrading ===

The freebsd-update(8) utility supports binary upgrades of amd64 and i386
systems running earlier FreeBSD releases.  Systems running earlier
FreeBSD releases can upgrade as follows:

	# freebsd-update upgrade -r 11.3-RC2

During this process, freebsd-update(8) may ask the user to help by
merging some configuration files or by confirming that the automatically
performed merging was done correctly.

	# freebsd-update install

The system must be rebooted with the newly installed kernel before
continuing.

	# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new
userland components:

	# freebsd-update install

It is recommended to rebuild and install all applications if possible,
especially if upgrading from an earlier FreeBSD release, for example,
FreeBSD 11.x.  Alternatively, the user can install misc/compat11x and
other compatibility libraries, afterwards the system must be rebooted
into the new userland:

	# shutdown -r now

Finally, after rebooting, freebsd-update needs to be run again to remove
stale files:

	# freebsd-update install

Read more

Security Leftovers

Filed under
Security

Red Hat: Fedora BoF at Red Hat Summit, Volume Cloning Alpha for Kubernetes, Dell/EMC

Filed under
Red Hat
  • Fedora BoF at Red Hat Summit

    Every year, Red Hat holds a conference for customers, partners, and open source contributors — Red Hat Summit.This year’s was last month, in Boston, Massachusetts, and of course Fedora was there. We had our booth in the “Community Central” area of the expo floor, and ran a birds-of-a-feather (BoF) session for open discussion with community members. I was joined by Brian Exelbierd, Ben Cotton, Adam Šamalík, and a dozen members of the Fedora community.

    We used a “lean coffee” format to drive the topics, letting the attendees propose and vote on what we discussed. (It’s basically the same format we use for Fedora Council’s open floor meetings, but in person rather than via IRC.) I expected a lot of questions about the new features of Fedora 30, which was released eight days before. But the community members who came to the BoF seemed pretty well-informed on this. Instead, the most-voted topic was Fedora Modularity.

  • Introducing Volume Cloning Alpha for Kubernetes

    Kubernetes v1.15 introduces alpha support for volume cloning. This feature allows you to create new volumes using the contents of existing volumes in the user’s namespace using the Kubernetes API.

  • How Dell EMC and Red Hat work together on joint solutions

    From virtualization and cloud to enterprise IT optimization and performance, Red Hat and Dell EMC deliver open, cost-effective and highly reliable solutions. Our jointly designed and architected solutions blend the best of Red Hat technology with Dell EMC’s customer-driven innovation to create solutions and services that address real-world needs.

Games: Dota Underlords, Streets of Rogue, Jupiter Hell

Filed under
Gaming
  • What deals Linux fans should look out for this weekend

    Here's a little rundown of some good deals going for Linux users, if you're after something new come and have a look. That is, if you can pull yourself away from the free Dota Underlords from Valve which is currently pulling in masses of players (over 150K right now!).

  • Streets of Rogue, one of my favourite games is leaving Early Access on July 12th

    I don't know where to start with Streets of Rogue, it starts off pretty tame and as you get further into it the whole game just becomes mental.

    What is it? Well, it's hard to properly pin it down to a genre because it's such a tasty mix. It takes inspiration from games like The Binding of Isaac, Nuclear Throne and Deus Ex to create something entirely unique. It all takes place in a procedurally generated city, one where anything can happen. One minute you're stick in the middle of rival gangs, another you're being chased by cannibals. The AI interactions can be seriously amusing too, very fun to mess with them.

  • You can now try the pre-release demo of the brutal roguelike Jupiter Hell for the weekend

    ChaosForge are giving you a chance to play the demo of Jupiter Hell before everyone else, just for the weekend.

    What is it? A crowdfunded turn-based sci-fi roguelike with modern 3D graphics and an incredible atmosphere. Seriously, while it is turn-based it has the ferocious intensity of a real-time game, it's pretty amazing. It's one I personally pledged towards, although I've been given earlier access by the developer. I've had a seriously good time with it, as shown off before multiple times here on GamingOnLinux (like here and here).

Good List of 5 Open Source Remote Desktop Software

Filed under
OSS

First, you should know that in order for two machines to communicate together, they need what’s known as a “protocol”. A remote desktop protocol is a way of transferring the instructions from one computer to another so that you can graphically control the other system.

There are many famous remote desktop protocols, such as RDP (Remote Desktop Protocol) which is a proprietary protocol designed by Microsoft and implemented in its Windows operating system, and the VNC (Virtual Network Computing) protocol, which is a free and open source protocol to do the same task, and you can additionally connect to the remote host via SSH, NX protocols and others.

Now, away from protocols, you’ll of course need a program to access the remote desktop. In general, people are using the proprietary TeamViewer program to do that. But there are many other open source alternatives to TeamViewer that you can use.

Read more

today's howtos

Filed under
HowTos

Top 20 Best Linux Video Conferencing Software in 2019

Filed under
GNU
Linux

Technology has brought our world closer by curating out a continuous set of innovative tools. Video conferencing solutions are great examples of this fact. They allow individuals or businesses to conduct seamless communication across the globe without experience the limitation of geographical distance. They can be used for both one to one and group communications. The latter makes them a suitable choice for freelance business owners or corporations who have employees or agents all over the world. Linux, being the industry leader in powering corporate systems, offers a plethora of robust Linux video conferencing software that enables trouble-free video conferencing.

Read more

today's leftovers

Filed under
Misc
  • Episode 21: From Mac to Linux

    Katherine Druckman and Doc Searls talk to Linux Journal Editor at Large, Petros Koutoupis, about moving from Mac to Linux.

  • Delete Your Community | User Error 68

    Two #AskError specials in a row! Advice for our younger selves, leaving communities, our listening habits, and hoarding.

    Plus the most serious question that’s ever been asked on the show, and more.

  • 18 letters from readers that we loved

    In the news article titled ‘What's in a Name?’ in the November 2002 issue, Linux was addressed as “Linus Torvalds’ operating system” and you mentioned that Richard Stallman wants it to be ‘renamed’ as GNU/Linux. The OS we know today as Linux was born out of the GNU project, conceived by Stallman in 1984. It is very strange how Torvalds, who only contributed in creating the kernel, is today considered to be the creator of the entire Linux system. The whole ideology behind the Linux OS remains concealed from the users—that of software created free, by and for the masses. In that context, I think there is complete justification in calling the system GNU/Linux to give credit where it is due.

  • Finally, An Open Source Multimeter

    This build is based on the STM32F103 microcontroller, uses an old Nokia phone screen, and unlike so many other multimeters, this thing is small. It’s very small. More than small enough to fit in your pocket and forget about it, unlike nearly every other multimeter available. There’s one thing about multimeters, and it’s that the best multimeter is the one that you have in your hands when you need it, and this one certainly fits the bill.

  • The OS/2 Operating System Didn't Die… It Went Underground

    One problem with building things using state-of-the-art techniques is that sometimes those that look like they will be “the next big thing” turn out to be dead ends. Next thing you know, that hot new part or piece of software is hard to get or unmaintained. This is especially true if you are building something with a long life span. A case in point is the New York City subway system. Back in the 1990s the transit authority decided to adopt IBM’s new OS/2 operating system. Why not? It was robust and we used to always say “no one ever got fired for buying IBM.”

    There was one problem. OS/2 was completely eclipsed by other operating systems, notably Windows and — mostly — has sunk from the public view. [Andrew Egan’s] post covers just how the conversion to a card-based system pushed OS/2 underground all over the Big Apple, and it is an interesting read.

    The choice of OS/2 might seem odd today. However, you have to remember the operating system landscape back then. Unix wasn’t very commercial, for the most part, and the commercial versions like Xenix and SCO were often encumbered with odd and changing licensing arrangements. MSDOS was hardly suitable for any sort of reliable system, with a patchwork of hacks to get more memory, and multitasking including early versions of Windows which were little more than shells over MSDOS.

  • NZ’s Termius raises $2.7m in seed round backed by Silicon Valley VCs

    Termius has developed an SSH client system to allow secure login into a remote computer. The startup said its system is used by more than 11,000 network engineers and DevOps — from companies such as SpaceX, Disney, and Cisco — as they manage their IT infrastructure.

  • Facebook contributes open-source tech to boost web browser performance [Ed: Merely an API, not anything else]

Red Hat and SUSE Leftovers

Filed under
Red Hat
SUSE
  • How a service mesh helps manage distributed microservices

    A service mesh brings security, resiliency, and visibility to service communications, so developers don’t have to

  • RHEL 8: 'the foundation for digital transformation'
  • 7 infrastructure performance and scaling tools you should be using

    Sysadmins, site reliability engineers (SREs), and cloud operators all too often struggle to feel confident in their infrastructure as it scales up. Also too often, they think the only way to solve their challenges is to write a tool for in-house use. Fortunately, there are options. There are many open source tools available to test an infrastructure's performance. Here are my favorites.

  • Future of CRDs: Structural Schemas

    Authors: Stefan Schimanski (Red Hat)

    CustomResourceDefinitions were introduced roughly two years ago as the primary way to extend the Kubernetes API with custom resources. From the beginning they stored arbitrary JSON data, with the exception that kind, apiVersion and metadata had to follow the Kubernetes API conventions. In Kubernetes 1.8 CRDs gained the ability to define an optional OpenAPI v3 based validation schema.

    By the nature of OpenAPI specifications though—only describing what must be there, not what shouldn’t, and by being potentially incomplete specifications—the Kubernetes API server never knew the complete structure of CustomResource instances. As a consequence, kube-apiserver—until today—stores all JSON data received in an API request (if it validates against the OpenAPI spec). This especially includes anything that is not specified in the OpenAPI schema.

  • Redis 5 now available on Red Hat Enterprise Linux 7

    Red Hat Software Collections supply the latest, stable versions of development tools for Red Hat Enterprise Linux via two release trains per year. As part of the latest Software Collections 3.3 release, we are pleased to announce that Redis 5 is now generally available and supported on RHEL 7.

    The new Red Hat Software Collection includes Redis 5.0.3. Redis 5 is an open source in-memory data structure store, used as a database, cache and/or message broker. This version provides multiple enhancements and bug fixes over version 3.2 distributed with an earlier Red Hat Software Collections release. Most notably, the redis-trib cluster management tool has been implemented in the Redis command-line interface.

    The primary addition in Redis 5 is Streams—a new log-like data structure for storing multiple fields and string value with automatic sequencing. For detailed changes in Redis, see the upstream release notes for version 4.0 and version 5.0.

  • Mentoring new system administrators

    While this article is geared toward senior system administrators taking a more active role in the development of newer team members, those readers who are new might find interest in a different view of the world of working with newer systems administrators.

    As a system administrator who has been in the role for a long time, it’s easy to shake a proverbial cane at those newer team members who bother you with inane questions lacking the technical detail needed to provide a complete answer. It would be so easy to gruffly utter a few words to get them to go away, or point out the lack of specificity of the question in such a way as to make them feel so small that they won't talk to you again. I’ve been there, and—being frank—done exactly that.

    I was recently reading a discussion forum where there was an administrator who appeared inexperienced and, apparently, all on his or her own to figure things out. That caused me to think back to my first system administration job, and realize how thankful I am that when I started, I had someone senior who was willing to invest time in helping me become better. This better didn’t come in the form of drilling me with commands or syntax, but with a more Socratic method to help me develop skills that I use almost every day.

    When I first started with the group, whenever I hit an issue, I would go down to Chris’ office with my notepad and pencil and ask him about the problem (sometimes multiple times a day). After about a week of this, I came into his office, as usual, to ask about a system call or something. He didn’t look at me and put his hand up, signaling me to stop.

    After he finished whatever it was he was working on, he turned to me and said, “What research have you done about this question? Man pages? Google searches? -h output?”

    I said, “No, I just came down here to ask you.”

  • SUSE now member of iRODS, Sponsor of User Group Meeting

    This month, SUSE became a member of the iRODS (integrated Rule-Oriented Data System) consortium which is an open source data management software used by research organizations and government agencies worldwide.

    [...]

    iRODS UGM will host 25+ presentations from the user community and the core development team, including use case presentations, live demonstrations, and open discussions about requested iRODS features. They anticipate an audience of 150 participants representing dozens of academic, government, and commercial institutions.

GNOME Asia Summit 2019 Announced for GNOME 3.36 "Gresik" Desktop in Indonesia

Filed under
GNOME

Every year, the GNOME developers and contributors gather together for the GUADEC (GNOME Users And Developers European Conference) and GNOME Asia Summit events to plan the next major release of their beloved, open-source desktop environment for Linux-based operating systems.

While the GUADEC 2019 conference will kick off this summer between August 23rd and 28th, in Thessaloniki, Greece, for the upcoming GNOME 3.34 "Thessaloniki" desktop environment, the GNOME Asia Summit 2019 event will take place between October 11th and 13th, 2019, in Gresik, Indonesia.

Read more

CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws

Filed under
Red Hat
Security

The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value.

"While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented," reads Red Hat's security advisory. "Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments."

Read more

Security: Updates, Holes, FUD and Primers

Filed under
Security
  • Security updates for Friday
  • Critical Firefox vulnerability fixed in 67.0.3
  • NASA Lab Hacked Using A $25 Raspberry Pi Computer

    Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.

    The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen.

    [...]

    Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.

  • DragonFlyBSD 5.6.1 Released To Fix TTM & OpenSSH Problems

    There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel.

    That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.

  • Google Accidentally Releases July 2019 Pixel Update In June

    Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly.

    As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.

  • 100 Million Dell [Microsoft Windows-laden] PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software

    The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.

    Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.

  • Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs [Ed: Attributing dumb people installing malicious files on their disk to "Linux".]

    One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.

    The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.

  • New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

    A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.

  • Understanding Public Key Infrastructure and X.509 Certificates

    Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates.

    This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors.

    As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.

Syndicate content

More in Tux Machines

Fedora Workstation 31, AAC Support

  • Fedora Workstation 31 to come with Wayland support, improved core features of PipeWire, and more

    On Monday, Christian F.K. Schaller, Senior Manager for Desktop at Red Hat, shared a blog post that outlined the various improvements and features coming in Fedora Workstation 31. These include Wayland improvements, more PipeWire functionality, continued improvements around Flatpak, Fleet Commander, and more.

  • Fedora's AAC Support Finally Seeing Audio Quality Improvements

    Fedora's version of the FDK-AAC library that they began shipping in 2017 to finally provide AAC audio support strips out what was patented encumbered functionality. But that gutting of the code did cause some problems like audio playback glitches that are now being addressed. Fortunately, better AAC support is on the way to Fedora. There is this F30 update pending to provide an updated AAC implementation with quality enhancements.

Mozilla: Firefox's Gecko Media Plugin & EME Architecture, Accessibility, Firefox 68 Beta 10 Testday Results

  • Chris Pearce: Firefox's Gecko Media Plugin & EME Architecture

    For rendering audio and video Firefox typically uses either the operating system's audio/video codecs or bundled software codec libraries, but for DRM video playback (like Netflix, Amazon Prime Video, and the like) and WebRTC video calls using baseline H.264 video, Firefox relies on Gecko Media Plugins, or GMPs for short. This blog post describes the architecture of the Gecko Media Plugin system in Firefox, and the major class/objects involved, as it looked in June 2019. For DRM video Firefox relies upon Google's Widevine Content Decryption Module, a dynamic shared library downloaded at runtime. Although this plugin doesn't conform to the GMP ABI, we provide an adapter to allow it to be run through the GMP system. We use the same Widevine CDM plugin that Chrome uses. For decode and encode of H.264 streams for WebRTC, Firefox uses OpenH264, which is provided by Cisco. This plugin implements the GMP ABI.

  • Hacks.Mozilla.Org: How accessibility trees inform assistive tech

    The web is accessible by default. It was designed with features to make accessibility possible, and these have been part of the platform pretty much from the beginning. In recent times, inspectable accessibility trees have made it easier to see how things work in practice. In this post we’ll look at how “good” client-side code (HTML, CSS and JavaScript) improves the experience of users of assistive technologies, and how we can use accessibility trees to help verify our work on the user experience.

  • QMO: Firefox 68 Beta 10 Testday Results

    As you may already know, Friday June 14th – we held a new Testday event, for Firefox 68 Beta 10.

Security Leftovers/FUD

  • New Linux Worm Attacks IoT Devices [Ed: How to blame "Linux" for default passwords in devices (and some now also blame "Iran", citing a CIA 'proxy' Recorded Future in relation to this because they want war)]

    Silex has 'bricked' more than 2000 Linux-based IoT devices so far.

  • Your server remote login isn't root:password, right? Cool. You can keep your data. Oh sh... your IoT gear, though? [Ed: All this "Silex" 'news' tries to blame Iran for cracking by guessing default passwords; but this is attempted every day by dozens of nations, every minute in a lot of cases. Any political motivation behind this Iran angle?]

    Earlier this week, infosec outfit Recorded Future claimed a Tehran-backed group known as Elfin, or APT33, has been increasingly active in recent months, largely targeting industrial facilities and companies within Saudi Arabia that do business with the US and other Western countries.
  • 'Silex' Malware Renders Internet-of-Things Devices Useless. Here's How to Prevent It [Ed: War lovers' media, e.g. Fortune (see parent) and CBS (through ZDNet) push this whole "Iran" angle, manufactured in part by Recorded Future, which works with the CIA. This is the source of all these "Iran is cracking your gear" stories (every large nation does it all the time, so why the focus on Iran all of a sudden?)]
  • Silex malware targeting IoT devices spotted by security researchers
  • Daily News Roundup: Hackers Broke into Ten Telecom Networks [Ed: Definitely sounds like they used Windows, which executes malware without obstructing the users (who might just open an E-mail or click on a link)]

    Security researchers have revealed hackers spent years burrowing into ten different telecoms. Using a common method of an email with a link leading to malware, the hackers then used sophisticated techniques to target specific individuals. Security researchers at Cybereason revealed details of years-long attempts to break into telecom services (cell phone carriers). Starting in 2017, and possibly before, hackers sent emails to unsuspecting telecom employees with malicious links. The initial payload gave the hackers access to the telecom networks. Once in, the hackers ultimately compromised the network, gaining administrative privileges, and even creating a VPN on the system that let hackers access large amounts of data and empowered them even to shut down the telecom network entirely. The hackers had so much power that Amit Serper, Principal Security Researcher at Cybereason, described them as essentially a “de facto shadow IT department of the company.”

Kernel: LWN's Latest (SACK etc.) and Phoronix on Saitek R440 Force Racing Wheel Support Coming to Linux

  • The TCP SACK panic

    Selective acknowledgment (SACK) is a technique used by TCP to help alleviate congestion that can arise due to the retransmission of dropped packets. It allows the endpoints to describe which pieces of the data they have received, so that only the missing pieces need to be retransmitted. However, a bug was recently found in the Linux implementation of SACK that allows remote attackers to panic the system by sending crafted SACK information. Data sent via TCP is broken up into multiple segments based on the maximum segment size (MSS) specified by the other endpoint—or some other network hardware in the path it traversed. Those segments are transmitted to that endpoint, which acknowledges that it has received them. Originally, those acknowledgments (ACKs) could only indicate that it had received segments up to the first gap; so if one early segment was lost (e.g. dropped due to congestion), the endpoint could only ACK those up to the lost one. The originating endpoint would have to retransmit many segments that had actually been received in order to ensure the data gets there; the status of the later segments is unknown, so they have to be resent. In simplified form, sender A might send segments 20-50, with segments 23 and 37 getting dropped along the way. Receiver B can only ACK segments 20-22, so A must send 23-50 again. As might be guessed, if the link is congested such that segments are being dropped, sending a bunch of potentially redundant traffic is not going to help things.

  • Short waits with umwait

    If a user-space process needs to wait for some event to happen, there is a whole range of mechanisms provided by the kernel to make that easy. But calling into the kernel tends not to work well for the shortest of waits — those measured in small numbers of microseconds. For delays of this magnitude, developers often resort to busy loops, which have a much smaller potential for turning a small delay into a larger one. Needless to say, busy waiting has its own disadvantages, so Intel has come up with a set of instructions to support short delays. A patch set from Fenghua Yu to support these instructions is currently working its way through the review process. The problem with busy waiting, of course, is that it occupies the processor with work that is even more useless than cryptocoin mining. It generates heat and uses power to no useful end. On hyperthreaded CPUs, a busy-waiting process could prevent the sibling thread from running and doing something of actual value. For all of these reasons, it would be a lot nicer to ask the CPU to simply wait for a brief period until something interesting happens. To that end, Intel is providing three new instructions. umonitor provides an address and a size to the CPU, informing it that the currently running application is interested in any writes to that range of memory. A umwait instruction tells the processor to stop executing until such a write occurs; the CPU is free to go into a low-power state or switch to a hyperthreaded sibling during that time. This instruction provides a timeout value in a pair of registers; the CPU will only wait until the timestamp counter (TSC) value exceeds the given timeout value. For code that is only interested in the timeout aspect, the tpause instruction will stop execution without monitoring any addresses.

  • Dueling memory-management performance regressions

    The 2019 Linux Storage, Filesystem, and Memory-Management Summit included a detailed discussion about a memory-management fix that addressed one performance regression while causing another. That fix, which was promptly reverted, is still believed by most memory-management developers to implement the correct behavior, so a patch posted by Andrea Arcangeli in early May has relatively broad support. That patch remains unapplied as of this writing, but the discussion surrounding it has continued at a slow pace over the last month. Memory-management subsystem maintainer Andrew Morton is faced with a choice: which performance regression is more important? The behavior in question relates to the intersection of transparent huge pages and NUMA policy. Ever since this commit from Aneesh Kumar in 2015, the kernel will, for memory areas where madvise(MADV_HUGEPAGE) has been called, attempt to allocate huge pages exclusively on the current NUMA node. It turns out that the kernel will try so hard that it will go into aggressive reclaim and compaction on that node, forcing out other pages, even if free memory exists on other nodes in the system. In essence, enabling transparent huge pages for a range of memory has become an equivalent to binding that memory to a single NUMA node. The result, as observed by many, can be severe swap storms and a dramatic loss of performance. In an attempt to fix this problem, Arcangeli applied a patch in November 2018 that loosened the tight binding to the current node. But, it turned out, some workloads want that binding behavior. Local huge pages will perform better than huge pages on a remote node; even local small pages tend to be better than remote huge pages. For some tasks, the performance penalty for using remote pages is high enough that it is worth going to great lengths — even enduring a swap storm at application startup — to avoid it. No such workload has been publicly posted, but the patch was reverted by David Rientjes in December after a huge discussion.

  • Rebasing and merging in kernel repositories

    What follows is a kernel document I have been working on for the last month in the hope of reducing the number of subsystem maintainers who run into trouble during the merge window. If all goes according to plan, this text will show up in 5.3 as Documentation/maintainer/rebasing-and-merging.txt. On the off chance that some potentially interested readers might not be monitoring additions to the nascent kernel maintainer's handbook, I'm publishing the text here as well. Maintaining a subsystem, as a general rule, requires a familiarity with the Git source-code management system. Git is a powerful tool with a lot of features; as is often the case with such tools, there are right and wrong ways to use those features. This document looks in particular at the use of rebasing and merging. Maintainers often get in trouble when they use those tools incorrectly, but avoiding problems is not actually all that hard. One thing to be aware of in general is that, unlike many other projects, the kernel community is not scared by seeing merge commits in its development history. Indeed, given the scale of the project, avoiding merges would be nearly impossible. Some problems encountered by maintainers result from a desire to avoid merges, while others come from merging a little too often.

  • Years Late But Saitek R440 Force Racing Wheel Support Is On The Way For Linux

    If you happen to have a Saitek R440 Force Wheel or looking to purchase a cheap and used racing wheel for enjoying the various Linux racing game ports or even the number of games working under Steam Play like F1 2018 and DiRT Rally 2.0, Linux support is on the way. The Saitek R440 Force Wheel can still be found from the likes of eBay for those wanting a cheap/used PC game racing wheel. Now coming soon to the Linux kernel is support for this once popular gaming wheel -- which was originally released back in 2004. The Linux kernel patch originally adding the Saitek R440 was sent last year only to be resent out recently in an attempt for mainline acceptance.