Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 18 Sep 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 15/09/2018 - 7:12pm
Story Troubleshooting With Git - Git Series Part 3 Mohd Sohail 15/09/2018 - 11:39am
Story A Summary of deepin 15.6 and 15.7 Roy Schestowitz 15/09/2018 - 10:01am
Story Behind the GNOME 3.30 Release Video Roy Schestowitz 15/09/2018 - 9:55am
Story Android Leftovers Roy Schestowitz 15/09/2018 - 8:27am
Story today's leftovers Roy Schestowitz 15/09/2018 - 6:43am
Story Debian-based Liberado MiniNo Queiles 3.1 LTS, Early Look at Debian-based Elive 3.0 and a DD's Request Roy Schestowitz 15/09/2018 - 5:47am
Story OSS Leftovers Roy Schestowitz 15/09/2018 - 5:39am
Story today's howtos Roy Schestowitz 15/09/2018 - 5:27am
Story How Kubernetes' Founder is Building an Un-Distribution at Heptio Roy Schestowitz 15/09/2018 - 5:22am

Create and publish video with open source Kaltura editor

Filed under
OSS

Video has long been an integral part of education—back in the day, movies shown on huge reel-to-reel projectors were wheeled into classrooms to supplement teaching. Today, even the youngest students demonstrate their knowledge with multimedia video presentations recorded and edited on smartphones or Chromebooks, the "flipped classroom" (where students watch video lectures for homework and do assignments in class) is taking hold in K-12 schools, and professors make live video recordings of their classes available online for motivated students who want to review a lecture they attended (or for lazy learners who can't quite make it to their morning biology class).

Video software-as-a-service provider Kaltura offers a platform that helps businesses, cloud TV providers, and—increasingly—educators make video available to their audiences. The company started in 2006 as a business-to-consumer (B2C) platform for open video collaboration. Of the company's beginnings, Zohar Babin, Kaltura's vice president of platform and growth, says, "we built a platform where people from all around the world could collaborate to create online video shows. The platform would enable anyone to integrate video into their show and have the ability to edit and publish episodes all via the browser."

Read more

The (awesome) economics of open source

Filed under
OSS

The more things change, the more they stay the same. Consider how changed a world we live in today when The Economist openly questions the bulk behavior of capitalists as evil bureaucratic rent-seekers and suggests that perhaps Karl Marx has something to teach after all. But the world remains stubbornly the same, as expert after supposed expert attempts to argue that open source software makes no economic sense and that a company like Red Hat cannot, therefore, exist (the latest example being this article on Medium.com).

Arrgh!

W. Edwards Deming said "experience teaches nothing without theory," so I'm going to explain the theory that I believe underlies the 30+ years of experience I've witnessed in the world of successful open source software. A disclaimer: I didn't develop this theory. Credit goes to Ronald Coase (Nobel Prize in Economics, 1991), Oliver Williamson (Nobel Prize in Economics, 2009), and others. And indeed, I was unaware of this theory when I started Cygnus Support, the world's first company to provide commercial support for free software back in 1989. But I did joke, in all seriousness, that someday an economist would win the Nobel Prize in Economics for explaining the theoretical basis of that company. Open source exceeded expectations yet again when not one, but two economists were so honored. And so I begin with a lengthy paraphrase of Coase's Nobel Prize lecture to set up the theory.

Read more

today's leftovers

Filed under
Misc
  • Have You Ever Considered Replacing Windows with Linux? [Ed: Microsoft propagandist (for over a decade) Bogdan Popa continues to provoke GNU/Linux users]
  • Windows file sharing comes to Chromebooks

    You can run Android apps on Chromebooks. You can run Linux programs on Chromebooks. Heck, you can even run Windows programs on Chromebooks. But one thing you couldn't do natively on a Chromebook is read and write files on a Windows PCs or Windows and Samba servers. Things change. With the forthcoming release of Chrome OS 70, you can access network file shares from Chromebooks.

    To do this, once Chrome OS 70 is available to all users, open Settings, look for "Network File Shares", click the "Add File Share" button, and enter your user name and password. Then, click "Add" button and open the Files app to browse your newly mounted shared folder. That's all there is to it.

  • 5 examples of Prometheus monitoring success

    Prometheus is an open source monitoring and alerting toolkit for containers and microservices. The project is a hit with lots of different organizations regardless of their size or industrial sector. The toolkit is highly customizable and designed to deliver rich metrics without creating a drag on system performance. Based on the organizations that have adopted it, Prometheus has become the mainstream, open source monitoring tool of choice for those that lean heavily on containers and microservices.

    Conceived at SoundCloud in 2012, Prometheus became part of the Cloud Native Computing Foundation (CNCF) in 2016 and in August 2018, CNCF announced Prometheus was the second "graduated" project in the organization's history.

    Prometheus provides a key component for a modern DevOps workflow: keeping watch over cloud-native applications and infrastructure, including another popular CNCF project, Kubernetes.

  • Unique RTS game 'Circle Empires' to get Linux support later this month

    Publisher Iceberg Interactive sent word today that the unique RTS game Circle Empires from developer Luminous is heading to Linux. They didn't give an exact date other than "Later this month Circle Empires will also receive full Linux support.".

    Since I'm a big fan of RTS games, I was instantly quite surprised with how Circle Empires works. The map is literally split into circles, with you battling for control of each one of them.

  • Timespinner, a metroidvania featuring time travel, is set to be released September 25th

    Fans of metroidvanias will be getting a new game to sink their teeth into soon enough. A new trailer shows off what you can expect from the story and gameplay.

  • TensorFlow on Debian/sid (including Keras via R)

    I have been struggling with getting TensorFlow running on Debian/sid for quite some time. The main problem is that the CUDA libraries installed by Debian are CUDA 9.1 based, and the precompiled pip installable TensorFlow packages require CUDA 9.0 which resulted in an unusable installation. But finally I got around and found all the pieces.

  • Skylake mini-PC has dual M.2 slots and up to 32GB DDR4

    Aaeon has launched a Linux-ready “Nano-002N” mini-PC with a 6th Gen Core CPU, up to 32GB DDR4, 2x GbE, 2x HDMI, and 4x USB 3.0 ports, plus dual M.2 slots.

    Aaeon’s Nano-002N upgrades its Intel 5th Gen Nano-001N from 2015 with a dual-core, 6th Gen “Skylake” U-series CPU and additional new features. These include a serial port and twice the maximum memory for up to 32GB DDR4, among other enhancements. The mini-PC is well suited for media player, digital signage and POS, as well as other “tough applications in the factory, office, and off-site locations.”

OSS Leftovers

Filed under
OSS
  • linuxdev-br: a Linux international conference in Brazil

    linuxdev-br second edition just happened end of last month in Campinas, Brazil. We have put a nice write-up about the conference on the link below. Soon we will start planning next year’s event. Come and join our community!

  • FreeYourGIS: Open Source or Commercial GIS, or both [Ed: Promoting the fiction (FUD) that "Open Source" and "Commercial" are opposites. They should say proprietary, i.e. secret and untrustworthy.]

    I’m a big fan of open source software, including geospatial software, such as QGIS and GeoServer, and it’s not just because it can be used without paying a license fee. The best thing about open source is the community of users that share their code and support one another through shared applications, documentation, tips, and tricks. This is the same spirit that exists in the Pitney Bowes user community (Li360), ESRI’s GeoNET, and the countless other software communities of practice.

  • Another Open-Source IPO Shows the Market Power of "Free" Software
  • LPGPU2 Tools Aiming For Better Power Efficiency On Low-Power GPUs

    With a multi-API video player, as an example, they were able to deliver performance gains up to 25% and energy use reduced up to 25% as well.

    Their tool suite for analysis is based upon AMD's open-source CodeXL program. The code is open-source on GitHub.

Security and Android Leftovers

Filed under
Security
  • 4 Practical Measures to Improve Election Security Now

    It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.

    In the past, a midterm election season would pass without much fanfare. These have been torpid affairs with low voter turnout and few big-ticket issues, which historically has meant incumbents rather predictably hold their seats.

    If midterms made for few headlines then, they're making up for it now. At the recent Black Hat and DEF CON conferences, election security was a foremost concern.

    I was able to visit the DEF CON Voting Village, where actual voting machines were being hacked. But more importantly, there were independent experts and state government voting officials that you could talk to about the voting process.

  • Injecting chaos experiments into security log pipelines

    Security teams depend on high-quality logs for most preventative security efforts. Preventing an incident from occurring requires observable insight into where the failure might come from, and logs are one important source for such insights. When an incident occurs, organizations must be able to respond and contain them as quickly as possible. Logs are not only essential to find the source of a problem, but they also help identify appropriate countermeasures.

    But what happens when an organization doesn’t have the right log data? When an unknown or unforeseeable event occurs, how can we gain insights into why we didn’t see it coming?

    Consider this scenario: You go to work as a security incident response engineer one fine Monday morning. As soon as you walk into your office, you are informed that the HR department has suddenly lost access to the content, which includes some highly sensitive data, on their shared network drives. Further examination shows that all of the files and directories on the drive have been renamed to .exe. At this point, you are almost certain that it is the result of some kind of a malware and you have a security incident on your hands.

  • Top 10 Ubuntu Network Tools

    Ubuntu is the most popular choice for underlying Operating System due to its ease of use and powerful shell system. Due to more and more network access needed in most of the distributed applications today, the restrictions which need to be applied for network access and monitoring has only increased. In this lesson, we will study the ten most popular Network Tools for Ubuntu OS which can be used to monitor network usage with visualization as well.

  • Android Apps Riskier Than Ever: Report [Ed: Better put: proprietary software cannot be trusted. Pretty much all these 'apps' are secret code. ]

    Widespread use of unpatched open source code in the most popular Android apps distributed by Google Play has caused significant security vulnerabilities, suggests an American Consumer Institute report released Wednesday.

  • Scan reveals known open source vulnerabilities in popular Android apps [Ed: Well, they're actually proprietary software (the 'apps'... so the headline is misleading to say the least.]

    Widespread use of unpatched open source code in popular Android apps is causing significant security vulnerabilities, warns the non-profit American Consumer Institute Center for Citizen Research (ACI).

    ACI’s research team used Insignary’s Clarity binary code scanner to examine the ten most popular applications in the 33 main app categories in Google Play Store, and found that 105 out of 330 contained known (CVE-numbered) vulnerabilities in their open source components.

  • Moto G6 Plus Launched In India: Here Are Specs, Features, And Price
  • Samsung Health 6.0 offers updated health and fitness tools with a more personalized digital health forum

Software: Cool-Retro-Term, USB Stick Formatter, Fstransform, digest and Copyu

Filed under
Software
  • Cool-Retro-Term is a great Mimic of old Command Lines, Install in Ubuntu/Linux Mint

    Cool-retro-term is a free terminal emulator developed by Filippo Scognamiglio, it mimics the look and feel of the old cathode tube screens. If you are tired of your current terminal than it comes in hand as eye-candy, it is customizable and reasonably lightweight terminal emulator. It uses the Konsole engine which is powerful and mature, it requires Qt 5.2 or higher to run terminal emulator.
    It has pre-configured templates so you can use them with just one click, profiles includes: Amber, Green, Scanlines, Pixelated, Apple ][, Vintage, IBM Dos, IBM 3287, and Transparent Green. Further more you can create your own profile and use it.
    It's preferences offers a lot of customization: you can adjust brightness, contrast, and opacity; font; font scaling and width; cool effects for terminal; and you can control FPS, texture quality, scanlines quality, and bloom quality. Further more you can dive into settings to change colors, shadows etc.

  • Easily Format A USB Flash Drive On Ubuntu 18.04 Using USB Stick Formatter

    If you're looking for an easy, straightforward way of formatting an USB flash drive in Ubuntu or Debian, similar to the one available in Microsoft Windows, you can use the USB Stick Formatter utility.

  • Fstransform – Optimus Tux

    File system conversion is not an everyday thing. For that matter, it’s not even an every year thing. But when you do need to convert from one format to another, the operation is usually long, tedious and sometimes destructive. Most often, you would copy files to a backup location, re-format the partition, then copy the data back. The notion of being able to do a seamless, live conversion sounds like a cool thing.

    Fstranform is a tool designed to offer in-place file system conversions without a need for a backup. This program does its magic by mounting several loopback devices and uses them to shuffle bytes to and fro while it restructures the file system layout. The advantages – if proven successful, of course – are in that you do not need to worry about backup devices (could be many terabytes), and you could potentially save time. Sold! Let’s see how it works.

  • digest 0.6.17

    digest version 0.6.17 arrived on CRAN earlier today after a day of gestation in the bowels of CRAN, and should get uploaded to Debian in due course.

  • Copyu – A Text Editor-Like Weekly Planner

    Copyu is a free, cross-platform, and open-source productivity app for planning all your weekly tasks using a sizeable app window.

    Copyu is as simple as a To-Do app can be and it is easy to set up and get straight to using. It combines your calendar app with a todo list and you are to make entries based on your weekly plans.

    Its modern, distraction-free main screen allows you to see the whole week’s agenda and to-do’s as it displays a single week per page.

    Tasks are in the form of bullet lists that have strike-through lines when completed. You can write notes next to tasks and you can interact with your lists using drag and drop.

KDE and GNOME: Elisa, Krita, Five or More and Canta

Filed under
KDE
GNOME
  • 0.3 Beta Release of Elisa Music Player

    This feature improves two different cases. The first is to allow usage of Elisa with a small window. In this case, only minimal information is shown in a possibly small window. The second is to implement the “party” mode that was originally designed by Andrew Lake.

  • KDE Bugsquad – Kickoff with Krita! – Part 1 on September 15th, 2018

    More long and thoughtful posts like the prior one will be coming. But right now I have an important announcement! I have resurrected the KDE Bugsquad, and we have our first official Bug Day on Saturday!

    The KDE Bugsquad is back! We can think of no better way to celebrate than joining forces with the Krita team as part of their Squash All the Bugs fundraiser!

  • Introducing Digital Atelier: a painterly brush preset pack by Ramon Miranda with tutorial videos!

    Over the past months, Ramon Miranda, known for his wonderful introduction to digital painting, Muses, has worked on creating a complete new brush preset bundle: Digital Atelier. Not only does this contain over fifty new brush presets, more than thirty new brush tips and twenty patterns and surfaces.

  • Five or More GSoC
  • Canta: Best Theme And Icons Pack Around For Ubuntu/Linux Mint

    If you are a person who changes themes on your Linux system frequently then you are on the right page. Today, we present you best theme under development so far for Ubuntu 18.04/Linux Mint 19, it has variants in light and dark with different styles: normal, compact and square. If you are a fan of material design or not, most probably you are going to like this theme and icons pack. The initial release of Canta was back in March, 2018 and released under GNU General Public License V3. Canta theme is based on Materia Gtk theme.

Red Hat and Fedora Leftovers

Filed under
Red Hat
  • [Podcast] PodCTL #49 – Security & Service Meshes

    As we use PodCTL to help educate the market on Containers, Kubernetes and associated technologies, we’ve found that Service Meshes (and Istio) are one of the most popular topics. While it’s still a newer technology, just recently achieving v1.0 GA, we find that many people want to learn more. So this week we went deeper on how the discussion around Security begins to integration with Service Meshes, with John Morello (CTO, Twistlock).

  • Red Hat infrastructure platforms to data analytics workloads: "Welcome!"

    You’ve heard the adage that every company now is a software company. The fuel that drives it is data.

    By the same token, many enterprises are considering cloud-native technologies based on Kubernetes and microservices for business innovation. However many enterprises dealing with extremely large data sets have not been able to run data analytics applications on the same IT infrastructure running the rest of their workloads.

  • Deploying a React App with an Express Backend on OpenShift
  • Flock- 2018

    I attended Flock this year which is the Fedora Project's annual contributor-focused conference. This was my first Flock and it turned out be one of the best conferences I have attended so far.

Linux Foundation and Kernel Events, Developments

Filed under
Development
  • Top 10 Reasons to Join the Premier European Open Source Event of the Year [Ed: LF advertises this event where Microsoft is Diamond sponsor (highest level). LF is thoroughly compromised, controlled by Linux's opposition.]
  • AT&T Spark conference panel highlights open source road map and needs [Ed: Linux Foundation working for/with a surveillance company]

    The telecommunications industry has been around for 141 years, but the past five have been the most disruptive, according to the Linux Foundation's Arpit Joshipura.

    Joshipura, general manager, networking and orchestration, said on a panel during Monday's AT&T Spark conference in San Francisco that the next five years will be marked by deployment phases across open source communities and the industry as a whole.

    "Its (telecommunications) been disrupted in just the last five years and the speed of innovation has skyrocketed in just the last five years since open source came out," Joshipura said.

  • A Hitchhiker’s Guide to Deploying Hyperledger Fabric on Kubernetes

    Deploying a multi-component system like Hyperledger Fabric to production is challenging. Join us Wednesday, September 26, 2018 9:00 a.m. Pacific for an introductory webinar, presented by Alejandro (Sasha) Vicente Grabovetsky and Nicola Paoli of AID:Tech.

  • IDA: simplifying the complex task of allocating integers

    It is common for kernel code to generate unique integers for identifiers. When one plugs in a flash drive, it will show up as /dev/sdN; that N (a letter derived from a number) must be generated in the kernel, and it should not already be in use for another drive or unpleasant things will happen. One might think that generating such numbers would not be a difficult task, but that turns out not to be the case, especially in situations where many numbers must be tracked. The IDA (for "ID allocator", perhaps) API exists to handle this specialized task. In past kernels, it has managed to make the process of getting an unused number surprisingly complex; the 4.19 kernel has a new IDA API that simplifies things considerably.

    Why would the management of unique integer IDs be complex? It comes down to the usual problems of scalability and concurrency. The IDA code must be able to track potentially large numbers of identifiers in an efficient way; in particular, it must be able to find a free identifier within a given range quickly. In practice, that means using a radix tree (or, soon, an XArray) to track allocations. Managing such a data structure requires allocating memory, which may be difficult to do in the context where the ID is required. Concurrency must also be managed, in that two threads allocating or freeing IDs in the same space should not step on each other's toes.

RK3399 based 96Boards SBC starts at $99

Filed under
Linux
Hardware

Vamrs has begun shipping the “Rock960” — the first 96Boards SBC based on the hexa-core Rockchip RK3399. The community-backed SBC sells for $99 (2GB/16GB) or $139 (4GB/32GB).

Shortly before Shenzhen-based Vamrs Limited launched a Rockchip RK3399 Sapphire SBC in Nov. 2017, the company announced a similarly open-spec Rock960 SBC that uses the same Rockchip RK3399 SoC, but instead adopts the smaller, 85 x 55mm 96Boards CE form factor. The Rock960 was showcased in March along with other AI-enabled boards as part of Linaro’s 96Boards.ai initiative announcement.

Read more

Also: Bixel, An Open Source 16×16 Interactive LED Array

Ubuntu: SchoolTool, Lubuntu Development Newsletter, and Patches

Filed under
Ubuntu
  • How to install School tool on Ubuntu 18.04 LTS

    SchoolTool is a free and open source suite of free administrative software for schools that can be used to create a simple turnkey student information system, including demographics, gradebook, attendance, calendaring and reporting for primary and secondary schools. You can easily build customized applications and configurations for individual schools or states using SchoolTool. SchoolTool is a web-based student information system specially designed for schools in the developing world, with support for localization, translation, automated deployment and updates via the Ubuntu repository.

  • Lubuntu Development Newsletter #11

    We have swapped out SMPlayer for VLC, Nomacs for LXImage-Qt, and the KDE 5 LibreOffice frontend instead of the older KDE 4 frontend. We are working on installer slideshow updates to reflect these changes.

    Walter Lapchynski is working on packaging Trojitá; that will be done soon.

    Lastly, we fixed a bug in the daily which did not properly set the GTK 3 theme when configured if no GTK theme had been configured before.

  • The First Beta of the /e/ OS to Be Released Soon, Canonical's Security Patch for Ubuntu 18.04 LTS, Parrot 4.2.2 Now Available, Open Jam 2018 Announced and Lightbend's Fast Data Platform Now on Kubernetes

    Canonical yesterday released a Linux kernel security patch for Ubuntu 18.04 LTS that addresses two recnetly discovered vulnerabilities.

Programming: Julia, Go, and Perl

Filed under
Development
  • An introduction to the Julia language, part 2

    Part 1 of this series introduced the Julia project's goals and development process, along with the language syntax, including the basics of control flow, data types, and, in more detail, how to work with arrays. In this part, user-defined functions and the central concept of multiple dispatch are described. It will also survey Julia's module and package system, cover some syntax features, show how to make plots, and briefly dip into macros and distributed computing.

  • Learning about Go internals at GopherCon

    GopherCon is the major conference for the Go language, attended by 1600 dedicated "gophers", as the members of its community like to call themselves. Held for the last five years in Denver, it attracts programmers, open-source contributors, and technical managers from all over North America and the world. GopherCon's highly-technical program is an intense mix of Go internals and programming tutorials, a few of which we will explore in this article.

    Internals talks included one on the scheduler and one on memory allocation; programming talks included why not to base your authorization strategy on hash-based message authentication codes (HMACs). But first, here's a little about upcoming changes to Go itself.

  • How subroutine signatures work in Perl 6

    In the first article in this series comparing Perl 5 to Perl 6, we looked into some of the issues you might encounter when migrating code into Perl 6. In the second article, we examined how garbage collection works in Perl 6, and in the third article, we looked at how containers replaced references in Perl 6. Here in the fourth article, we will focus on (subroutine) signatures in Perl 6 and how they differ from those in Perl 5.

GNOME Podcasts – podcast client for the GNOME desktop

Filed under
GNOME

Podcasts are shows, similar to radio or TV shows, that are produced by professionals or amateurs and made available on the internet to stream and/or download. They are a popular source of entertainment. There’s lots of great podcasts that are Linux-centric, which I surveyed in this review.

It’s true that any music player worth its salt plays podcasts. But there’s still a call for dedicated players. I’ve looked at podcasts built with web technologies as well as an interesting command-line podcast player. To add to the mix, let’s consider a further podcast player designed with the GNOME desktop in mind.

The application is called GNOME Podcasts, a native GTK app. Its design is inspired by GNOME Music and Vocal. You don’t need a PhD to realize GNOME Podcasts is a podcast client. It used to be called Hammond, after Allan Moore’s character Evey Hammond from the graphic novel V for Vendetta.

Read more

Looking at Firefox performance 57 vs 63

Filed under
Graphics/Benchmarks
Moz/FF

Last November we released Firefox v.57, otherwise known as Firefox Quantum. Quantum was in many ways a whole new browser with the focus on speed as compared to previous versions of Firefox.

As I write about many topics on my blog which are typically related to my current work at Mozilla, I haven’t written about measuring or monitoring Performance in a while. Now that we are almost a year out I thought it would be nice to look at a few of the key performance tests that were important for tracking in the Quantum release and what they look like today.

First I will look at the benchmark Speedometer which was used to track browser performance primarily of the JS engine and DOM.

Read more

AMD's Latest Linux and Free Software Work

Filed under
Linux
Hardware
  • AMD Sends Out Initial Open-Source Linux Graphics Support For "Picasso" APUs

    Adding to the exciting week for AMD open-source Linux graphics is that in addition to the long-awaited patch update for FreeSync/Adaptive-Sync/VRR, patches for the Linux kernel were sent out prepping the graphics upbringing for the unreleased "Picasso" APUs.

    Picasso APUs are rumored to be similar to Raven Ridge APUs and would be for the AM4 socket. Picasso might launch in Q4 but intended as a 2019 platform for AM4 desktops as well as a version for notebooks. It's not expected that Picasso will be too much greater than the current Raven Ridge parts.

  • AMD's Marek Olšák Is Dominating Mesa Open-Source GPU Driver Development This Year

    With Q3 coming towards an end, here is a fresh look at the Mesa Git development trends for the year-to-date. Mesa on a commit basis is significantly lower than in previous years, but there is a new top contributor to Mesa.

    Mesa as of today is made up of 6,101 files that comprise of 2,492,887 lines of code. Yep, soon it will break 2.5 million lines. There have been 104,754 commits to Mesa from roughly 900 authors.

  • AMD Lands Mostly Fixes In Latest Batch Of AMDVLK/XGL/PAL Code Updates

    The AMD developers maintaining their "AMDVLK" Vulkan driver have pushed out their latest batch of code comprising this driver including the PAL abstraction layer, XGL Vulkan bits, and LLPC LLVM-based compiler pipeline.

LWN on Security: Updates, fs-verity, Spectre, Qubes OS/CopperheadOS

Filed under
Linux
Security
  • Security updates for Wednesday
  • Protecting files with fs-verity

    The developers of the Android system have, among their many goals, the wish to better protect Android devices against persistent compromise. It is bad if a device is taken over by an attacker; it's worse if it remains compromised even after a reboot. Numerous mechanisms for ensuring the integrity of installed system files have been proposed and implemented over the years. But it seems there is always room for one more; to fill that space, the fs-verity mechanism is being proposed as a way to protect individual files from malicious modification.

    The core idea behind fs-verity is the generation of a Merkle tree containing hashes of the blocks of a file to be protected. Whenever a page of that file is read from storage, the kernel ensures that the hash of the page in question matches the hash in the tree. Checking hashes this way has a number of advantages. Opening a file is fast, since the entire contents of the file need not be hashed at open time. If only a small portion of the file is read, the kernel never has to bother reading and checking the rest. It is also possible to catch modifications made to the file after it has been opened, which will not be caught if the hash is checked at open time.

  • Strengthening user-space Spectre v2 protection

    The Spectre variant 2 vulnerability allows the speculative execution of incorrect (in an attacker-controllable way) indirect branch predictions, resulting in the ability to exfiltrate information via side channels. The kernel has been reasonably well protected against this variant since shortly after its disclosure in January. It is, however, possible for user-space processes to use Spectre v2 to attack each other; thus far, the mainline kernel has offered relatively little protection against such attacks. A recent proposal from Jiri Kosina may change that situation, but there are still some disagreements around the details.

    On relatively recent processors (or those with suitably patched microcode), the "indirect branch prediction barrier" (IBPB) operation can be used to flush the branch-prediction buffer, removing any poisoning that an attacker might have put there. Doing an IBPB whenever the kernel switches execution from one process to another would defeat most Spectre v2 attacks, but IBPB is seen as being expensive, so this does not happen. Instead, the kernel looks to see whether the incoming process has marked itself as being non-dumpable, which is typically only done by specialized processes that want to prevent secrets from showing up in core dumps. In such cases, the process is deemed to be worth protecting and the IBPB is performed.

    Kosina notes that only a "negligible minority" of the code running on Linux systems marks itself as non-dumpable, so user space on Linux systems is essentially unprotected against Spectre v2. The solution he proposes is to use IBPB more often. In particular, the new code checks whether the outgoing process would be able to call ptrace() on the incoming process. If so, the new process can keep no secrets from the old one in any case, so there is no point in executing an IBPB operation. In cases where ptrace() would not succeed, though, the IBPB will happen.

  • Life behind the tinfoil curtain

    Security and convenience rarely go hand-in-hand, but if your job (or life) requires extraordinary care against potentially targeted attacks, the security side of that tradeoff may win out. If so, running a system like Qubes OS on your desktop or CopperheadOS on your phone might make sense, which is just what Konstantin Ryabitsev, Linux Foundation (LF) director of IT security, has done. He reported on the experience in a talk [YouTube video] entitled "Life Behind the Tinfoil Curtain" at the 2018 Linux Security Summit North America.

    He described himself as a "professional Russian hacker" from before it became popular, he said with a chuckle. He started running Linux on the desktop in 1998 (perhaps on Corel Linux, which he does not think particularly highly of) and has been a member of the LF staff since 2011. He has been running Qubes OS on his main workstation since August 2016 and CopperheadOS since September 2017. He stopped running CopperheadOS in June 2018 due to the upheaval at the company, but he hopes to go back to it at some point—"maybe".

GNU: GNU Tools Cauldron 2018 Conference and FisicaLab for Windows

Filed under
GNU
  • Slides From The GNU Tools Cauldron 2018 Conference

    Taking place last weekend over in Manchester was the annual GNU Tools Cauldron conference where toolchain developers spent a few days discussing the latest open-source compiler work.

    Talks this year included the state of C++ modules, libgccjit for GCC JIT'ing, the state of RISC-V, using the GCC regression suite suite for LLVM, GDB, the GNU C Library, and much more. It was also at the GNU Tools Cauldron where we learned more about the AMD GCN back-end.

  • New release of FisicaLab for Windows

    Due to some problems reported by Windows users, I decide to release a new Windows installer of FisicaLab with the alternative interface using IUP. This version is the number 0.3.5.1 and you can download it here. I will add some new features before release the version 0.4.0. If you have some problem with this new installer please write me.

Openwashing and EEE

Filed under
OSS
  • Altair Introduces Open Source and Free Basic Editions for Model-Based Development Offerings

    Altair (Nasdaq: ALTR) announces the release and immediate availability of free Basic Editions of its Model-Based Development suite and its open matrix language (OML) source code. To help innovators everywhere accelerate the time-to-benefits from Model-Based Development (MBD) and to make MBD more open and accessible, Altair is taking the following steps:

    Building upon its strong reputation of providing open-architecture simulation solutions by open-sourcing its open-source computational programming language, OML. Interested users and contributors can download the source code from the OpenMatrix website.

    Introducing Basic Editions of its MBD suite of software products – Altair Compose™, Altair Activate™, and Altair Embed™ – available to everybody at no cost, with free training videos available online via Altair’s open Learning Center. There are no license fees, nor any subscription or maintenance fees.

  • GitHub Foreshadows Big Open Source Announcements at GitHub Universe
  • Ending PHP Support, and The Future Of Hack [Ed: Facebook EEE]
  • Facebook's Last HHVM Release With PHP Support Set For December

    HHVM that started out as Facebook's project for a high-performance PHP implementation and morphed into the basis of their Hack programming language will cease to support PHP.

    As was decided months ago, Facebook developers will be working on HHVM just for Hack and no longer for PHP compatibility. That's being done in part since PHP7, the official PHP implementation has gotten a lot faster and Facebook has meanwhile migrated more of their internal code to be Hack-based.

Syndicate content

More in Tux Machines

PostgreSQL adopts a code of conduct

The PostgreSQL community has, after an extended discussion, announced the adoption of a code of conduct "which is intended to ensure that PostgreSQL remains an open and enjoyable project for anyone to join and participate in". Read more

Android Leftovers

Microsoft EEE and Openwashing/'Open' PR Tactics

Today in Techrights