Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 19 Jul 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 07/07/2019 - 5:40pm
    JamieCull
  • 04/07/2019 - 7:09pm
    ksanaj
  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney

Spectre Mitigation Performance Impact Benchmarks On AMD Ryzen 3700X / 3900X Against Intel

Filed under
Graphics/Benchmarks

AMD Zen 2 processors feature hardware-based mitigations for Spectre V2 and Spectre V4 SSBD while remaining immune to the likes of Meltdown and Zombieload. Here are some benchmarks looking at toggling the CPU speculative execution mitigations across various Intel and AMD processors.

For this round of testing are some mitigation comparison tests on the Core i7 8700K, Core i9 9900K, Core i9 7960X, Ryzen 7 2700X, Ryzen 9 2950X, Ryzen 9 2990WX, Ryzen 7 3700X, and Ryzen 9 3900X. On each processor, the tests were done when booting the Linux 5.2 kernel with the default/out-of-the-box mitigations for Spectre/Meltdown/Foreshadow/Zombieload (all CPU speculative execution mitigations to date) and then again when making use of the "mitigations=off" kernel parameter for disabling these run-time-toggleable mitigations. Basically the tests are the equivalent of mitigations=off vs. mitigations=auto (default) comparison.

Read more

Q4OS 3.8 Centaurus, stable

Filed under
OS
KDE

We are proud to announce the immediate availability of the brand new stable Q4OS 3.8 version, codenamed 'Centaurus'. This is a long-term support LTS release, to be supported for at least five years with security patches and software updates.

The primary Q4OS aim is stability. As we want to provide as stable as possible operating system for companies as well as for individuals, once installed and configured, Q4OS will work reliably in a long standing way, getting security fixes and updates. Adopting a new feature into the core system could be committed in a highly exceptional cases only. We treat such possible cases as best as possible, doing testing and investigating consequences carefully before such a change.

Q4OS Centaurus is based on Debian Buster 10 and Plasma 5.14, optionally Trinity 14.0.6, desktop environment, and it's available for 64bit and 32bit/i686pae computers, as well as for older i386 systems without PAE extension. We are working hard to bring it for ARM devices too.

Read more

Also: Q4OS 3.8 Released As A Traditional Desktop Linux Distribution Built Atop Debian 10.0

I2Som PanGu, an STM32MP1 powered Raspberry Pi Linux alternative that costs ~US$72.50

Filed under
Linux
Hardware

The 105.5 x 70 mm SBC is based on the STMicroelectronics STM32MP1, a dual-core MPU that integrates two ARM Cortex A7 cores, along with a Cortex M4 chip. I2Som has included 512 MB RAM too, which it complements with 4 GB of eMMC flash storage. You could expand upon this with a microSD card though, should 4 GB not be enough for your needs.

The PanGu also has several USB ports, HDMI, a parallel port and a MIPI DSI. Moreover, the board has a 3.5 mm stereo headphone jack, an 80-pin board-to-board connector and a 30-pin 2.0 mm pin with support for ADC, CAN, FMC, GPIO, I2C, SDIO, SPI, TIM, UART and USB. The PanGu has an Ethernet port too.

The board runs Debian Jesse and Yocto Linux, with Stephen Vicinanza of CNX Software stressing that it offers features that are "lighter, more robust and have the developer in mind with multilanguage capabilities" than other comparable SBCs. I2Som has a wiki for the board, although this is currently only available in Chinese. You can order the PanGu from Taobao for 499 RMB (~US$72.50).

Read more

Also: Solectrix SX Mobile Device Kit Runs Linux or Android on NXP i.MX8M Mini Processor

Best Linux Distro for Windows 7 Refugees: Manjaro KDE

Filed under
GNU
Linux
Microsoft

Manjaro is based off of Arch Linux, but I like to describe it to people as the “Ubuntu of Arch” for its user-friendly design choices and its particular attention to helping new Linux users to learn what they are doing. Another great perk of the Arch foundation underneath Manjaro is the use of the Arch Linux Wiki.

The Arch wiki is easily one of the largest resources of help, information, and know-how for all Linux users— regardless of distribution, many of the articles found can be applied.

Back in the spring of 2017 I wrote a series of articles discussing various Desktop Environments for Linux systems, such as Cinnamon and KDE just to name a couple, and overall for Windows users who have decided to take the plunge, I’m recommending KDE.

Regardless of distribution, KDE is filled with eye candy, is highly-customizable, one of the most powerful file-browsers available (Dolphin), and is deeply documented with a long-standing history (KDE was created in 1996).

Read more

Games: Epic Games, Taste of Power, RetroArch, Space Rabbits in Space, CoreCtrl, NOTES, Streets of Rogue, Code This Game's Author

Filed under
Gaming
  • Epic Games' Tim Sweeney talks Linux and gaming some more, says Linux is "great"

    Tim Sweeney, the Founder and CEO of Epic Games took to Twitter again recently to answer some questions about Linux and gaming.

    Why? Well, it seems the previously incorrect reports about Easy Anti-Cheat dropping Linux support like to reappear and people end up spreading it around. Even though it has since been clarified, people still end up spreading it.

  • Real-time strategy game "Taste of Power" leaving Early Access next month with Linux support

    Taste of Power, a real-time strategy game from developer OneOcean is gearing up for a full release on August 27th. It's been in Early Access now for around seven months, so hopefully they've managed to polish it up.

  • RetroArch, the front-end app for emulators and more is heading to Steam

    RetroArch, a popular front-end application for running emulators, game engines and much more is now officially coming to Steam.

    This FOSS application is pretty popular, along with the Libretro API enabling you to get a rather pretty-looking PS3-styled interface to deal with all sorts, although as I understand most just use it for emulators.

  • The Linux version of "Space Rabbits in Space" now appears to be live

    Space Rabbits in Space, a 2d parkour skill-based platformer has now officially released for Linux on Steam. Developed by Ventilator Shark, a small independent game studio based in Zagreb, Croatia.

    A game I mentioned back in February, after speaking to the developer they did confirm it was coming they just didn't know exactly when. With no announcement I can find, the Linux version went live a few days ago!

  • CoreCtrl, a new FOSS Linux tool to help you control your PC with application profiles

    Quite an interesting one this, CoreCtrl from developer Juan Palacios aims to be a "game changer" in letting you setup your hardware to do things automatically when a program is launched and more. The developer tagged us on Twitter about it and it does seem pretty sweet.

  • NOTES, a small puzzle game based on connecting musical notes

    Here's a sweet recent release for fans of small puzzle games. Miro Jankura recently released NOTES on Steam and looks like a nice relaxing puzzler.

    It released only recently, on July 11th with same-day Linux support. While it's based on musical notes, the developer does say no musical knowledge is required.

  • The developer of Streets of Rogue recently commented about supporting Linux

    With Streets of Rogue having left Early Access recently, I'm sure plenty were wondering how it's done on Linux. Turns out the developer, Matt Dabrowski, actually made some interesting comments about it.

    Curiously, the comment from Dabrowski turned up at a place I didn't quite expect. A dubious website offering free download links to various games, where it seems Dabrowski turned up to warn people away from it and instead try the older version on itch.io to get a feel for it.

  • Mike Driscoll: PyDev of the Week: Meg Ray

    This week we welcome Meg Ray (@teach_python) as our PyDev of the Week! Meg teaches programming to other teachers and has developed Python-related curriculum. Meg is also the author of Code This Game, a book which will be coming out in August 2019. Let’s take some time to get to know her better!

today's leftovers

Filed under
Misc
  • A Modern Open Source Project Management Platform

    Project management is a discipline that has been through many incarnations, spawning an entire industry of businesses and tools. The challenge is to build a platform that is sufficiently powerful and adaptable to fit the workflow of your teams, while remaining opinionated enough to be useful. It also helps to have an open and extensible platform that can be customized as needed. In this episode Pablo Ruiz Múzquiz explains the motivation for creating the open source tool Taiga, how it compares to the other options in the market, and how you can use it for your own projects. He also discusses the challenges inherent to project management tools, his philosophies on what makes a project successful, and how to manage your team workflows to be most effective. It was helpful learning from Pablo's long experience in the software industry and managing teams of various sizes.

  • GNU World Order 13x29
  • RetroArch Emulation Platform Is Coming To Steam On July 30

    There will be no difference in the functionality of the RetroArch when it launches on Steam in two weeks from now. The Steam version will not have Steamworks SDK functionality or additional Steam features at the time of the launch.

    After the launch, the company will explore options to incorporate Steam’s functionality into the emulator platform.

    Moreover, the open source company has said that it will initially launch the Windows version. macOS and Linux versions will be released later.

  • Linux Weekly Roundup #34

    Hello and welcome to this week's Linux Roundup.  Thank you so much for your time.

    We had another good week of Linux Releases.

    Sparky Linux 4.11, Linux Mint 19.2 Beta (well kind of, please read below how their release process works), Feren OS 19.07 and Feren OS Next Beta has been released.

    Other distros I have been looking at this week is Clear Linux with Gnome 3.32 and Artix Linux 20190609.

    About the Linux Mint release method, when all the development is done, the ISO is being tested by a Linux Mint team and Clem, the main guy of Linux Mint will approve all the ISOs when he feels they are ready, when all of the ISOs are approved, the ISOs are being pushed into all the Linux Mint Download Mirrors, after all the mirrors are being updated, Linux Mint writes their release notes.  
    We are currently at the point where all the ISOs has been approved and already being pushed into the Download Mirrors.

  • Porfirio A. Páiz - porfiriopaiz: repos

    Rawhide is the name given to the current development version of Fedora. It consists of a package repository called "rawhide" and contains the latest build of all Fedora packages updated on a daily basis. Each day, an attempt is made to create a full set of 'deliverables' (installation images and so on), and all that compose successfully are included in the Rawhide tree for that day.

    It is possible to install its repository files and just temporarily enable it for just a single transaction, let us say, to simple install or upgrade a single package and its dependencies, maybe, to give a try to its new version that is not currently available on any of the stable and maintained versions of Fedora.

    This is useful when a bug was fixed on Rawhide but it has not landed yet on the stable branch of Fedora and the urge for it cannot wait.

Kernel, LF and Graphics

Filed under
Graphics/Benchmarks
Linux
  • Linux's UBIFS File-System Picks Up Support For Zstd Compression

    The UBIFS file-system for usage on un-managed flash memory devices now has support for Zstd compression.

    Zstd file-system compression was added to UBIFS as providing a means of being faster than the existing LZO compression, including for embedded Arm hardware, while still offering a good compression rate. This new UBIFS Zstd compression can be enabled via the UBIFS_FS_ZSTD Kconfig switch for building the UBIFS module with this Zstd support.

  • EdgeX Foundry’s Edinburgh release provides framework for IoT

    The internet of things gets a lot of flak for its fragmentation, but attempts are being made to rectify the situation. Case in point: The EdgeX Foundry on Thursday announced the availability of its Edinburgh release, created for IoT use cases across vertical markets.

    It’s not going to completely eliminate fragmentation—that would be an impractical challenge to mount. But whereas a few years ago everybody was trying to do edge and IoT implementations in a proprietary manner, “I would say open source is ready for prime time from an edge perspective,” said Arpit Joshipura, general manager, Networking, Edge and IoT with the Linux Foundation, in an interview.

  • Vulkan 1.1.115 Released With Another Batch Of Corrections

    Vulkan has been sticking to its weekly release regiment this summer. While recent weekly updates have introduced new Vulkan extensions, with today's Vulkan 1.1.115 release there are not any new extensions in tow.

Software: KDE and GNOME Applications, Proprietary Software

Filed under
Software
  • Kate LSP Client Continued

    The new LSP client by Mark Nauwelaerts made nice progress since the LSP client restart post last week.

    [...]

    Both are aimed to improve the support of the Rust LSP server. As you can see, they got already reviewed and merged.

  • Pitivi Video Editor Gets Better Thanks to Google Summer of Code

    The Pitivi video editor is getting some (arguably overdue) love and attention as part of this year’s Google Summer of Code (GSoC).

    New features, interface adjustments, and improved clip editing are among the changes the open-source non-linear video editing app is in line to pick up.

    Two recent updates from GSoC 2019 students reveal a bit more about the enhancements that are underway.

    Millan Castro reports on his ‘first month working in Pitivi‘. His goal: ‘implement an interval time system”.

  • Microsoft Office 365: Banned in German schools over privacy fears
  • FreeOffice July Update Adds MS Office 2019 Support, Classic Interface Option

    A major update to FreeOffice by SoftMaker, a gratis set of productivity apps modelled after Microsoft Office, is now available to download.

    Dubbed the “anniversary update”, the latest version of this office suite intros compatibility with the latest Microsoft Office file formats.

    All three apps in the family, TextMaker, PlanMaker and Presentations, are said to be fully compatible with the latest Microsoft Office file formats, allowing users to open, edit and save in native Office formats like .docx.

    The suite now lets users choose an interface layout, with the standard “Ribbon” interface mode and a more traditional menu-based UI available.

  • Microsoft Office Clone ‘SoftMaker Office 2018’ Sees Summer Update

    Do keep in mind that SoftMaker Office 2018 is not free software so you will need to buy a subscription or make a one-off purchase to use it longterm.

OSS Leftovers

Filed under
OSS
  • CBA discloses NetBank's open source components

    One update explained that NetBank had started to make use of Google Safetynet, a service billed as “a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.”

    “The Google Safetynet feature does not involve CommBank sharing data with Google, but rather, the Android device shares some data with Google in order to provide an assessment of the device security, which we then use to detect certain types of fraud and cybercrime," a CBA spokesperson told iTnews.

    The second update to NetBank added open source licences, which the bank's spokesperson said was “a decision to acknowledge the use of third party components within our apps, where appropriate”.

    The spokesperson added that “this transparency, if anything, benefits security.”

    “We take security seriously,” the spokesperson added.

    “Every version of the CommBank app, including the open source components, is rigorously scrutinised and scanned by our engineering and cyber security teams for any potential vulnerabilities, and to ensure it is safe to use."

  • InAccel releases open-source Logistic Regression IP core for FPGAs

    Machine learning algorithms are extremely computationally intensive and time consuming when they must be trained on large amounts of data. Typical processors are not optimized for machine learning applications and therefore offer limited performance. Therefore, both academia an industry is focused on the development of specialized architectures for the efficient acceleration of machine learning applications.

  • Eradani Bridges The Gap Between Legacy And Open Source

    In this publication, legacy is not a dirty word or even remotely pejorative. Rather, “legacy” is just a shorthand way of delineating between applications that encapsulate decades of the evolution of a business and the transactions it processes, and all of the other new stuff that this business is also doing and perhaps coding with newer tools and programming languages.

    A new company, called Eradani, has been founded by some experts in both the IBM i world and the open source world with the express purpose of building a technical bridge so these two different cultures can see a unified, hybrid system without knowing all of the details of both sides of that system. This is a lot easier than having heated arguments about how things should be done or whose software stack is better or worse.

    Eradani, which is named after the sun around which the planet Vulcan orbits in the Star Trek science fiction series and which is actually a constellation in the southern hemisphere with several stars bearing that name (but spelled Eridani), was founded by Dan Magid, who was most recently in charge of the modernization labs and sales specialists teams at Rocket Software. Magid came to Rocket Software back in 2011, when that software conglomerate acquired software change management tool maker Aldon Software, where Magid was its long-time chief executive officer. Aldon was co-founded by Albert Magid, his father, and Don Parr back in 1979 in the wake of the System/38 launch, so the Magid family has deep, deep roots in the IBM i world. (Aldon had previously sold itself to private equity firm in 2007.)

  • Open source plays leading role in getting driverless cars on the road

    pen source is playing an increasingly important role in the race to develop fully-functional, totally driverless cars capable of handling all traffic conditions – and investors are lining up to support these efforts.

    Last week, Japan-based open source company Tier IV announced it had raised a further $100 million to facilitate commercialisation of self-driving technology for what it called `private, depopulated and urban’ areas. This brings the amount of money investors have pumped into the company to around $230million.

    However, Tier IV, which was spun out of Japan’s Nagoya University by Shinpei Kato and which counts Yamaha Motor Corporation among its backers, is not the only open source company in the self-driving vehicle starting line-up.

  • AV Mapping Startup Carmera Joins Baidu's Open-Source Apollo Platform

    The company also maintains Baidu Apollo, an open-source software platform launched in 2017 that allows software developers, researchers, and the company’s 130 enterprise partners, including Nvidia (NASDAQ: NVDA), Ford (NYSE: F), Velodyne Lidar, and Toyota (NYSE: TM), to build their own AV systems. The Apollo technology stack has more than 12,000 GitHub developers, and earlier this month, Baidu released Apollo 5.0, the latest version. Other mobility players maintain open-source development platforms—Nvidia, for example—but they aren’t as comprehensive as Apollo.

  • NEC Embraces Open Source Frameworks for SX-Aurora Vector Computing

    In this video from ISC 2019, Dr. Erich Focht from NEC Deutschland GmbH describes how the company is embracing open source frameworks for the SX-Aurora TSUBASA Vector Supercomputer.

    NEC recently opened the Vector Engine Data Acceleration Center (VEDAC) at its Silicon Valley facility. VEDAC is focused on fostering big data innovations using NEC’s emerging technologies while tapping into Silicon Valley’s rich ecosystem.

  • Four misconceptions about open source technology - Acquia

    Despite widespread adoption around the globe, open source technology continues to generate questions about its security and performance.

    Detractors question whether it’s a suitable basis for enterprise projects and platforms; their scepticism due, in no small part, to a series of myths and misconceptions which surround the technology.

    In an era in which cyber-crime and hacking attacks are so frequent, they’ve ceased to be newsworthy, some of these concerns spring from a genuine fear that open source means open to all comers.

    Others have their roots in inertia and the deep comfort of the familiar. Many IT managers would prefer to stick with the tried and true – proprietary technologies whose performance is known and for which they’re happy to be accountable, rather than the unknown quantity which is open source.

  • Google Releases Open Source Cryptographic Tool

    Google has made available an open-source cryptographic tool called Private Join and Compute. The tool uses secure multi-party computation (MPC) to augment the core PSI protocol.

    The product combines two cryptographic techniques - private set intersection and homomorphic encryption. Private set intersection is a technique that finds common identifiers in two sets of data without either data owner needing to show the other owner the underlying data. Google uses an oblivious variant which only marks encrypted identifiers without learning any of the identifiers.

  • Haiku monthly activity report - 06/2019

    We are now in beta phase, and besides the usual bugfixes, it's time to start investigating performance bottlenecks in Haiku. Waddlesplash has been hard at work in that area this month, starting with tuning of the newly integrated rpmalloc allocator.

    He also started benchmarking the uses of the allocator and found various opportunities to save memory, and use dedicated object caches instead of the generic malloc allocator, helping reduce memory fragmentation. The first patches have just started to land (in packagefs), there will likely be more. Ideally beta2 will be able to boot and install with 256MB of RAM or maybe even less thanks to this work.

    Meanwhile, waddlesplash is also auditing the code and starting to work towards making APIs more restricted (allowing some things only for the root user, for example), in order to provide some more privilege separation. Haiku has so far been largely a single user system, and did not worry too much about the usual attack vectors for an UNIX system. But modern computers are often online and we should try to keep our user's data reasonably safe. We have a long way to go, but we have to start with something.

  • Maintaining Independent Infrastructure

    One thing I end up embarassing myself about sometimes in the Ubuntu Podcast telegram chatter is that I end up buying and selling tiny amounts of shares on the US stock markets. All I can say is that I got spooked by the 35 day "government shutdown" at the start of the calendar year when I was stuck working without pay as a federal civil servant. Granted I did get back pay but the Human Capital Office at work is still fiddling with things even now in terms of getting payroll records and other matters fixed. I generally buy shares in companies that pay dividends and then I take the dividends as cash. At work we refer to that as "unearned income" especially as it is taxed at a rate different from the one applied to my wages.

    My portfolio is somewhat weird. I am rather heavily invested in shipping whether it happens to be oil tankers or dry bulk cargo ships. In contrast I have almost nothing invested in technology companies. There aren't many "open source" companies available on the open stock market and the ones out there either I can't afford to buy a single share of or they violate my portfolio rule that stocks held must pay a divided of some sort. Too many companies in the computer tech world appear to make money but don't send any profits back to shareholders as their dividends are stuck at USD$0.00.

  • Mozilla figures out how users can avoid online ads and sites can still make money

    I've written for websites that depended on every single impression and click generated by viewers. Some viewers complained about ads and some stayed silent. However, the owner of the site knew that without those advertisements the site would go dark.

    And so, I go about my daily life without the help of ad blockers—assuming that, at some point in time, someone would come up with a way to make both sides of the coin happy.

    That time has finally come. And it should be of no surprise that those behind the solution are from within the open source community—specifically, Mozilla (which may or may not be in conjunction with a new venture, namely Scroll).

    How are they solving this little conundrum (that has perplexed the masses for years)? With a new service they're calling Ad-free Internet. Just what is this new service? It's as equally brilliant as it is simple (and surprising that no one else has realized this solution already).

  • Online Data Science Learning with Tech’s Biggest Names Through edX

    The main advantage of attending a prestigious name-brand data science certification program is the reputation of that esteemed organization that it carries with it. Other than providing tech students and rookies with better opportunities to find an entry-level job at that company (such as Microsoft), it’s a great badge for the more experienced professionals as well.

    However, there are several high-level courses available, such as the ones through edX at IBM, Microsoft, MIT, UC San Diego and Harvard. Each one is different, and tailored to fit the needs of a variety of different professionals at many levels. In this article, we will take a look at these different programs, summarize their most important characteristics, the skills you’re going to acquire (as well as those you need before taking the course), and why you should choose one of them over another.

Programming: C++, Python, Rust and DocKnot

Filed under
Development
  • Introducing Photon Micro GUI: An open-source, lightweight UI framework with reusable declarative C++ code

    Photon Micro is an open-source, lightweight and modular GUI, which comprises of fine-grained and flyweight ‘elements’. It uses a declarative C++ code with a heavy emphasis on reuse, to form deep element hierarchies.

    Photon has its own HTML5 inspired canvas drawing engine and uses Cairo as a 2D graphics library. Cairo supports the X Window System, Quartz, Win32, image buffers, PostScript, PDF, and SVG file output.

    Joel de Guzman, the creator of Photon Micro GUI, and the main author of the Boost.Spirit Parser library, the Boost.Fusion library and the Boost.Phoenix library says, “One of the main projects I got involved with when I was working in Japan in the 90s, was a lightweight GUI library named Pica. So I went ahead, dusted off the old code and rewrote it from the ground up using modern C++.”

  • Initializing all local variables with Clang-Tidy

    A common source of all kinds of bugs is using variables without properly initializing them. Out of all security problems this one is the simplest to fix, just convert all declarations of type int x; to int x=0;. The main reason for not doing that is laziness, manually going through existing code bases and adding initialization statements is boring and nobody wants to do that.

    Fortunately nowadays we don't have to. Clang-tidy provides a nice toolkit for writing source code refactoring tools for C and C++. As an exercise I wrote a checker to do this. It is submitted upstream and is undergoing code review. Implementing it was fairly straightforward. There were only two major problems. The first one was that existing documentation consists mostly of reference manuals. There is no easy to follow tutorials, only Doxygen pages. But if you dig around on the net and work on it a bit, you can get it working.

    The second, and bigger, obstacle is that doing anything in the LLVM code base is sloooow. Everything in LLVM and Clang is linked to single, huge, monolithic libraries which take forever to link. Because of reasons I started doing this work on my secondary machine, which is a 4 core i5 with 16 gigs of RAM. I had to limit simultaneous linker jobs to 2 because otherwise it would just crash spectacularly to an out of memory error. Presumably it is impossible to compile the code base on a machine that has only 8 gigs of RAM. It seems that if you want to do any real development on LLVM you need a spare data center to run the compilations, which is unfortunate.

  • LibreOffice Appliances project (GSoC 2019)

    What happened lately: the lid hinges of my laptop broke for the second time, so I decided to buy a new (used) laptop. As always I didn’t back up my files properly (installed new OS on same disk), so had some transition issues.

    Apparently I hadn’t saved my username+password for the Wekan board, so I’ve created a new one...

  • Weekly Check-In #6
  • Weekly Check In
  • PSF GSoC students blogs: weeklyCheckIn[7]
  • Weekly check-in #6 (week 7): 08/07 to 14/07
  • Coding Period: Week 7
  • A quarter in review - Halfway to 2020

    My work with Rustup continues, though in the past month or so I've been pretty lax because I've had to travel a lot for work. I continue to be as heavily involved in Rust as I can be -- I've stepped up to the plate to lead the Rustup team, and that puts me into the Rust developer tools team proper. I attended a conference, in part to represent the Rust developer community, and I have some followup work on that which I still need to complete.

    I still hang around on the #wg-rustup Discord channel and other channels on that server, helping where I can, and I've been trying to teach my colleagues about Rust so that they might also contribute to the community.

    Previously I gave myself an 'A' but thought I could manage an 'A+' if I tried harder. Since I've been a little lax recently I'm dropping myself to an 'A-'.

  • DocKnot 3.01

    The last release of DocKnot failed a whole bunch of CPAN tests that didn't fail locally or on Travis-CI, so this release cleans that up and adds a few minor things to the dist command (following my conventions to run cppcheck and Valgrind tests). The test failures are moderately interesting corners of Perl module development that I hadn't thought about, so seem worth blogging about.

    First, the more prosaic one: as part of the tests of docknot dist, the test suite creates a new Git repository because the release process involves git archive and needs a repository to work from. I forgot to use git config to set user.email and user.name, so that broke on systems without Git global configuration. (This would have been caught by the Debian package testing, but sadly I forgot to add git to the build dependencies, so that test was being skipped.) I always get bitten by this each time I write a test suite that uses Git; someday I'll remember the first time.

What is POSIX? Richard Stallman explains

Filed under
GNU
Interviews

What is POSIX, and why does it matter? It's a term you've likely seen in technical writing, but it often gets lost in a sea of techno-initialisms and jargon-that-ends-in-X. I emailed Dr. Richard Stallman (better known in hacker circles as RMS) to find out more about the term's origin and the concept behind it.

Richard Stallman says "open" and "closed" are the wrong way to classify software. Stallman classifies programs as freedom-respecting ("free" or "libre") and freedom-trampling ("non-free" or "proprietary"). Open source discourse typically encourages certain practices for the sake of practical advantages, not as a moral imperative.

The free software movement, which Stallman launched in 1984, says more than advantages are at stake. Users of computers deserve control of their computing, so programs denying users control are an injustice to be rejected and eliminated. For users to have control, the program must give them the four essential freedoms...

Read more

todays howtos

Filed under
HowTos

Openwashing of Facebook Surveillance

Filed under
OSS

Security Leftovers

Filed under
Security
  • EAP-pwd security issues – SAE (Simultaneous Authentication of Equals) WPA3-Personal – potential full password recovery with weak passwords – CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

    it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but:

    your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, just saying… nobody wants meltdown vulnerability of CPUs to actually be able to cause a meltdown)

  • RIP Fernando “Corby” Corbató, inventor of the password (1926-2019)

    Last Friday, legendary MIT computer scientist Fernando “Corby” Corbató passed away at his home in Newton, Massachusetts. He was 93.

    The Oakland-born researcher was responsible for several pivotal advances in the computer science space, most notably the password, which he invented during his pioneering work in computer time sharing.

  • GE Aviation Passwords, Source Code Exposed in Open Jenkins Server [Ed: 'Windows shop' GE needs to hire actual FOSS and GNU/Linux people who know how to properly set up and maintain things. This one is a shot in one's foot.]

    A DNS misconfiguration resulted in an open Jenkins server being available to all.

    A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.

    GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.

  • Open Source Genomic Analysis Software Flaw Patched

    A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.

Blockchains and FOSS

Filed under
OSS
  • Open-Source Platform Lets Users Build Their Own Blockchain in Under 10 Min

    An out-of-the-box solution says it enables anyone, even with no experience, to build their own blockchain in under 10 minutes.
    According to Nuls, businesses are going through a similar evolution as they did with the early internet, when every company wanted their own website: They now want their own blockchain. And although these firms may not fully understand how to deploy blockchain technology, they are aware of how their business may benefit from it.
    Nuls aims is to “dismantle some of the biggest barriers” that are stopping individuals and companies of all sizes from creating their own blockchains. Hurdles for adoption include the need to ensure that networks are fully secure and the sheer cost of bringing them to fruition. On top of this, it can be an incredibly time-consuming process — not least because there aren’t enough skilled developers to keep on top of demand.

  • Open-Source Tool Lets Anyone Experiment With Cryptocurrency Blockchains

    Blockchain technology records information to a ledger shared between thousands of nodes. In the technology’s purest form, those nodes are not controlled by any central authority, and information cannot be changed once written to the ledger. Because of the security and autonomy this technology offers (in theory at least), blockchains now underpin many popular cryptocurrencies such as Bitcoin.

    But as Kazuyuki Shudo, an associate professor at the Tokyo Institute of Technology, points out, "It has been nearly impossible to test improvements on real-world blockchain networks, because that would mean having to update the software of all the thousands of nodes on a network."

  • Blockchain founders raised $822m by Q2 – with enterprises focused on open source

    According to the latest State of Blockchains report from Outlier Ventures, blockchain startups raised $822 million by Q2 – but the ecosystem continues to lag behind the 2017 and early 2018 peak.

    $822m was raised across 279 deals over the second quarter of 2019, with more than half of them being seed stage deals indicating continued fresh talent into the space.

    Yet while the numbers may be lower, the scope is much more advanced – particularly with how enterprises are associating with the technology.

    The report explores case studies which will be familiar to readers of this publication. Last month The Block reported that retailer Target had posted a job advert for a blockchain engineer, with the right candidate being able to contribute to ConsenSource, a certificate registry blockchain application based on Hyperledger Sawtooth. The company’s interest in blockchain has been noted, working with agribusiness provider Cargill on a Hyperledger-built project around the supply chain.

    [...]

    The Block spoke with Burke at the Blockchain Expo Global event in London around the data and platform monopolies which exist today.

CHIPS Alliance Brings Powerful Players into Open Source Hardware Collaboration

Filed under
Hardware
OSS

Will open source hardware become as ubiquitous as open-source software, such as Linux and Android?
Linux changed the world with its open approach to operating systems. The Linux Foundation has now partnered with a new initiative, CHIPS Alliance, to bring the same open source ethos to hardware design.

All About Circuits had a chance to speak to Ted Marena, Interim Director of CHIPS Alliance, about CHIPS Alliance, its mission, and its inaugural event this June, which was hosted by Linux, itself.

Read more

Review: Debian 10 "Buster"

Filed under
Debian

Debian is one of the world's oldest Linux distributions and, in terms of the number of developers involved, also one of the largest. Around 1,300 contributors worked on Debian 10, which was released on July 6th.

Debian 10 offers package upgrades across the entire operating system, but the main changes for this release include enabling AppArmor by default and running GNOME Shell on Wayland. (GNOME running on X.Org is available as an alternative desktop session.) The project's release announcement also mentions nftables can be used to manage the operating system's firewall and Secure Boot is enabled for some architectures. This version of Debian will receive a total of five years of support, thanks to the project's long-term support team.

The new version of Debian, codenamed "Buster", runs on over half a dozen CPU architectures and is available in net-install, full DVD install, and seven live desktop editions. This gives users many install options and avenues for trying the distribution. Though not mentioned in the distribution's release announcement Debian's media does not include non-free firmware which is often required to connect with wireless networks. People who need wireless networking have the option of downloading unofficial live images with non-free firmware.

Some more experimental users may be interested in knowing that Debian not only has a Linux flavour, but also offers builds with alternative kernels. The Debian GNU/Hurd team published new install media alongside the main Linux editions.

I ended up downloading the DVD install media, which is 3.6GB in size. I also downloaded the official live GNOME edition which is 2.3GB. My observations in this review come from installing and running Debian based on the install DVD media, unless otherwise specified.

Read more

Best free email program for Windows, Mac and Linux

Filed under
Moz/FF

You’ve got mail! Who doesn’t these days? With the number of business and consumer emails sent and received every day expected to exceed 293 billion this year, according to the Radicati Group, it seems everyone’s got mail.

One downside to such a volume of email is that most inboxes are cluttered and unmanageable. While many email users opt for utilizing multiple services such as Gmail, Outlook, or Yahoo to tame the mess and keep personal emails from getting mixed up with work emails, it is still a challenge.

One method for reigning in emails and keeping your accounts separate without the hassles many email clients come with is using a free email program that Kim recommends, Mozilla Thunderbird. This handy tool works across all platforms, including Windows, Mac, Linux systems, and Android and Apple devices.

Read more

Syndicate content

More in Tux Machines

Security: EvilGnome Scaremongering, Intel Defects, New Patches and the "Desktop Security Nightmare"

  • EvilGnome Is A Linux Spyware That Records Audio And Steals Your Files [Ed: FOSSBytes has moved on from pushing non-FOSS misinformation to actually doing anti-FOSS FUD. Painting malware one needs to actually install as a real threat.]
  • CPU vulnerability mitigations keeping Linux devs busy: SUSE's Pavlík [Ed: Intel defects now waste software developers' time. They should just replace/recall those billions of defective chips]

    A veteran Linux kernel developer at Germany-based SUSE says the one thing that keeps him and his team busy these days is CPU vulnerability mitigations...

  • Security updates for Friday

    Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).

  • The Desktop Security Nightmare

    Many of us have extremely sensitive data on our systems. Emails to family, medical or bank records, Bitcoin wallets, browsing history, the list goes on. Although we have isolation between our user account and root, we have no isolation between applications that run as our user account. We still, in effect, have to be careful about what attachments we open in email. Only now it’s worse. You might “npm install hello-world”, and audit hello-world itself, but get some totally malicious code as well. How many times do we see instructions to gem install this, pip install that, go get the other, and even curl | sh? Nowadays our risky click isn’t an email attachment. It’s hosted on Github with a README.md. Not only that, but my /usr/bin has over 4000 binaries. Have every one been carefully audited? Certainly not, and this is from a distro with some of the highest quality control around. What about the PPAs that people add? The debs or rpms that are installed from the Internet? Are you sure that the postinst scripts — which run as root — aren’t doing anything malicious when you install Oracle Virtualbox? [...] One thing a person could do would be to keep the sensitive data on a separate, ideally encrypted, filesystem. (Maybe even a fuse one such as gocryptfs.) Then, at least, it could be unavailable for most of the time the system is on. Of course, the downside here is that it’s still going to be available to everything when it is mounted, and there’s the hassle of mounting, remembering to unmount, password typing, etc. Not exactly transparent. I wondered if mount namespaces might be an answer here. A filesystem could be mounted but left pretty much unavailable to processes unless a proper mount namespace is joined. Indeed that might be a solution. It is somewhat complicated, though, since nsenter requires root to work. Enter sudo, and dropping privileges back to a particular user — a not particularly ideal situation, and complex as well. Still, it might well have some promise for some of these things.

Audiocasts/Shows: Ubuntu Podcast, Python Podcasts, User Error

  • Ubuntu Podcast: S12E15 – Diablo

    This week we’ve been buying a new phone and playing with QEMU. We discuss the release fo Debian 10, Ubuntu users saying “Thank you”, Nvidia drivers, WSL and Ubuntu MATE for the GPD MicroPC. We also round up some events and tech news. It’s Season 12 Episode 15 of the Ubuntu Podcast! Mark Johnson, Martin Wimpress and Stuart Langridge are connected and speaking to your brain.

  • Episode #139: f"Yes!" for the f-strings
  • Episode #221: Empowering developers by embedding Python

    How do we get kids excited about programming? Make programming tangible with embedded devices. Did you know that after kids learned to code with the BBC micro:bit, 90% of kids "thought coding was for everyone" and 86% said it made CS topics more interesting?

  • Old and Insecure | User Error 70

    Whether Linux is inherently secure, the next phase of online interaction, and wasting our free time. Plus where to focus your contributions, and a tricky hypothetical question.

Graphics: Nouveau, Wayland's Weston and Libinput

  • The Open-Source NVIDIA "Nouveau" Driver Gets A Batch Of Fixes For Linux 5.3

    Originally on Thursday was finally the Nouveau-next 5.3 pull request that offered improvements to the display color management, fixes to Secure Boot on newer hardware, and Turing TU116 mode-setting support. But that was rejected by the DRM maintainers for being way too late as usually the cut-off for new feature material is when hitting RC6 on the previous cycle, just not days before the end of the current merge window. Not that those changes were all too exciting or notable, but this pushes back the color management and other work to Linux 5.4. Nouveau DRM maintainer Ben Skeggs of Red Hat as a result today sent in Nouveau-fixes 5.3. This pull request has support still for the TU116 GPU since that shouldn't regress any existing support as well as having fixes around KMS, a memory leak, and a few other basic fixes.

  • Wayland's Weston Lands A Pipewire Plug-In As New Remote Desktop Streaming Option

    Wayland's Weston compositor for the past year has provided a remoting plug-in for virtual output streaming that was built atop RTP/GStreamer. Now though a new plug-in has landed in the Weston code-base making use of Red Hat's promising PipeWire project. The PipeWire plug-in was merged into Weston today and is similar to the GStreamer-powered remoting plug-in but instead leverages PipeWire. The compositor's frames are exported to PipeWire and the same virtual output API is shared between these plug-ins. The virtual outputs can be configured using the weston.ini configuration file. Any PipeWire client in turn can read these frames.

  • Libinput 1.14 RC Arrives With Better Thumb Detection & Dell Canvas Totem Support

    Linux input expert Peter Hutterer of Red Hat shipped the much anticipated release candidate today for libinput 1.14, the open-source input handling library used by both X.Org and Wayland systems.

  • libinput 1.13.901
    The first RC for libinput 1.14 is now available.
    
    We have new and improved thumb detection for touchpads, thanks to Matt
    Mayfield. On Clickpad devices this should make interactions where a thumb is
    resting on the touchpad or dropped during an interaction more reliable. A
    summary of the changes can be found here:
    https://who-t.blogspot.com/2019/07/libinputs-new-thumb-detection-code.html
    
    The Dell Canvas Totem is now supported by libinput. It is exposed as a new
    tool type through the tablet interface along with two new axes. Note that
    this is only low-level support, the actual integration of the totem needs
    Wayland protocol changes and significant changes in all applications that
    want to make use of it. A summary of the changes can be found here:
    https://who-t.blogspot.com/2019/06/libinput-and-dell-canvas-totem.html
    
    Touch-capable tablets now tie both devices together for rotation. If you set
    the tablet to left-handed, the touchpad will be rotated along with the
    tablet. Note that this does not affect the left-handed-ness of the touchpad,
    merely the rotation. 
    
    Tablet proximity out handling for tablets that are unreliably sending
    proximity out events is now always timeout-based. It is no longer necessary
    to add per-device quirks to enable this feature and it is completely
    transparent on devices that work correctly anyway. A summar of the
    changes can be found here:
    https://who-t.blogspot.com/2019/06/libinput-and-tablet-proximity-handling.html
    
    Tablets that send duplicate tools (BTN_TOOL_PEN and BTN_TOOL_ERASER) now
    ignore the latter. This is an intermediate fix only but at least makes those
    tablets more usable than they are now. Issue #259 is the tracker for this
    particular behaviour if you are affected by it.
    
    The handling of kernel fuzz has been slightly improved. Where our udev rule
    fails to reset the fuzz on the kernel device, we disable the hysteresis and
    rely on the kernel now to handle it. Previously our hysteresis would take
    effect on top of the kernel's, causing nonresponsive behaviour.
    
    Note to distribitors: the python-evdev dependency has been dropped, the
    tools that used it are now using python-libevdev instead.
    
    And of course a random assortment of fixes, improvements, etc. Many thanks
    to all contributors and testers.
    
    As usual, the git shortlog is below.
    

Powered by Plasma: ALBA Synchrotron in Barcelona, Spain

As you go about your daily tasks, you’re probably unaware that Plasma runs on the computers in one of Europe’s largest research facilities. We were also oblivious – until we met Sergi Blanch-Torné at FOSDEM 2019. We’re always looking for interesting stories from people who use KDE software at their workplace, in school, or in government institutions. You can imagine our delight, then, when we met Sergi Blanch-Torné at this year’s FOSDEM. Sergi is a Controls Software Engineer at ALBA, a KDE user, and a Free software advocate and contributor. Not only was he willing to tell us about his favorite KDE apps, but he also works at one of the most amazing places on Earth! In this interview, he tells us what it’s like to work at ALBA, and answers the burning question: “what even is a synchrotron?”. ALBA is a third-generation synchrotron radiation facility in the Barcelona Synchrotron Park, in Cerdanyola del Vallès, Spain. Managed by the Consortium for the Construction, Equipping and Exploitation of the Synchrotron Light Source (CELLS), it is jointly funded by the Spanish and the Catalonian Administration. Read more