Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 13 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

10 Best Linux Log File Management Tools

Filed under
Linux

Log file management is essential for apps, operating systems, servers, and anything software related. Realistically, there are some specific file management best practices that are fundamental, and tools which tend to make the process easier while outpacing the rest. We’ll briefly explore ten of these tools in this writing.

Linux and Unix require log management that’s as convenient as possible for best server management. Servers are the core of many businesses in terms of technology, and different businesses have different needs. From Papertrail to Lnav to LOGalyze, there are plenty of worthwhile options. Find those that best fit your business and needs of its tech personnel.

Read more

Linux-on-Jetson SDR board gets major software upgrade

Filed under
GNU
Linux
Hardware

Deepwave Digital’s v0.2 release of the Ubuntu-based AirStack software for its Nvidia TX2 and Artix-7 equipped AIR-T SDR dev board adds variable sample rate, phase locking for MIMO, easier updates, and support for Jetpack 4.2.2, Docker, and the Jetson TX2i.

Philadelphia-based Deepwave Digital has released version 0.2.0 of the Ubuntu-driven stack that drives its Jetson TX2-enabled AIR-T (Artificial Intelligence Radio — Transceiver) board for software defined radio (SDR). AirStack 0.2.0 offers improved hardware support, easier upgrades, and new features like variable sample rate support. The release takes a step toward the company’s eventual goal of turning AIR-T into a field-deployable system, says Deepwave Digital.

Read more

Wine 5.0's first release candidate

Filed under
Software
  • Wine Announcement
    The Wine development release 5.0-rc1 is now available.
    
    This is the first release candidate for the upcoming Wine 5.0. It
    marks the beginning of the yearly code freeze period. Please give this
    release a good testing to help us make 5.0 as good as possible.
    
    What's new in this release (see below for details):
      - Gecko update, with support for running from a global location.
      - Unicode data updated to Unicode version 12.1.
      - Initial version of the MSADO (ActiveX Data Objects) library.
      - Update installation support in the WUSA (Windows Update Standalone) tool.
      - More progress on the kernel32/kernelbase restructuring.
      - Support for signing with ECDSA keys.
      - Various bug fixes.
    
    The source is available from the following locations:
    
      https://dl.winehq.org/wine/source/5.0/wine-5.0-rc1.tar.xz
      http://mirrors.ibiblio.org/wine/source/5.0/wine-5.0-rc1.tar.xz
    
    Binary packages for various distributions will be available from:
    
      https://www.winehq.org/download
    
    You will find documentation on https://www.winehq.org/documentation
    
    You can also get the current source directly from the git
    repository. Check https://www.winehq.org/git for details.
    
    Wine is available thanks to the work of many people. See the file
    AUTHORS in the distribution for the complete list.
    
    
  • Wine 5.0-RC1 Released With Unicode 12.1 Support, Initial ActiveX Data Objects Library

    Making it into Wine 5.0-rc1 is an updated Mozilla Gecko revision, Unicode 12.1 support, an initial MSADO ActiveX Data Objects library implementation, updating the installation support within the WUSA (Windows Update Standalone_ utility, continued Kernel32/Kernelbase restructuring, support for signing with ECDSA keys, and the usual variety of bug fixes.

Pi for Everyone and Everything

Filed under
Development
Hardware

Pi foundation released their first system-on-a-chip (SOC) in 2012, they had no idea how overwhelming the response would be. The credit-card-sized computer once meant to be an easy entry point for British students to get into programming and computer science has burgeoned into a whole community of add-on boards (“hats”), screens and extras that people all around the world are using for all kinds of things.

Raspberry Pi computers have ARM processors on them and most Linux distributions that support those processors will run on them. There are also Windows 10 IOT (Internet of Things) embedded platforms that will run on them as well.

The most popular operating system for it by far is Raspbian, which is a derivative of Debian Linux. The Raspberry Pi foundation also has an OS image called NOOBS, which will allow you to install a number of different options on it as well.

Getting started is as easy as buying a Pi, a case and its accompanying necessities, which you might already own, namely a microSD card, a 5V-2A wall-wart-type supply with a micro USB connection, an HDMI cable and a USB keyboard and mouse.

Several starter kits are available that include cases, power supplies and NOOBS already installed on a microSD card. If you already have access to a microSD card, it is simple enough to go to www.raspberrypi.org and download any of the OS images that they have there. There are also details on how to get the image onto the card.

Read more

Fedora Deciding Whether CD/DVD Installation Issues Should Still Hold Up Releases

Filed under
GNU
Linux
Red Hat

Fedora will continue producing ISO images of their distribution that can be installed to a DVD (or CD in the case of some lightweight spins) or more commonly these days copied to USB flash drives, but they are debating whether any CD/DVD optical media issues should still be considered blocker bugs in 2020 and beyond.

Fedora optical media and any issues pertaining to that would be considered non-blocking for Fedora releases. This reflects the fact a majority of Linux users these days are copying their Linux distributions to USB flash drives and installing from there rather than still burning CDs/DVDs. Particularly with many computers these days lacking CD/DVD drives, not having to worry about optical install issues as blocker bugs would free up resources to deal with more pressing bugs around release time.

Read more

today's leftovers

Filed under
Misc
  • AMDVLK 2019.Q4.4 Released With Navi 14 Fixes, DoW 3 Perf Optimization

    As anticipated, AMD has now formally released a new version of their AMDVLK open-source Vulkan driver following this week's Radeon Software Adrenalin 2020 Windows driver release.

    The changes end up being what I was alluding to yesterday with VK_EXT_pipeline_creation_feedback support, subgroup cluster support, a performance optimization for the Dawn of War 3 game, CTS failure fixes for Navi 14, and other fixes.

  • Dominique Leuenberger: openSUSE Tumbleweed – Review of the week 2019/50

    Another week has passed – and we’re almost at the end of the year. During the last week we have released 4 snapshots for Tumbleweed (1206, 1207, 1210 and 1211) containing those noteworthy changes:

    gpg 2.2.18
    libvirt 5.10.0
    linux-glibc-devel 5.4
    Mozilla Thunderbird 68.3.0
    bluez 5.52
    libxml 2.9.10
    createrepo_c 0.15.4: beware: it is very strict and blocks any snapshot if there is a package with non-UTF8 chars or ASCII < 32 (except 9, 10 and 13) in a changelog. Double check your .changes files before submitting.
    GNOME 3.34.2
    KDE Plasma 5.17.4

  • Why you need to know about Seeed hardware devices

    The microcontroller craze doesn't seem to be dying down—and that's a good thing because these products consistently succeed where the mobile market consistently fails: Users get open software and hardware, a portable form factor, and a wide choice of vendors and products that are built to last.

    Among the best of the open hardware and software vendors is Seeed, the self-proclaimed "IoT Hardware Enabler." I recently started seeing the Seeed logo on projects, so I contacted the company to learn about the interesting things they're doing. In response, they generously sent me one of their latest products: the Seeeduino Nano, a compact board that the company says is fully compatible with the Arduino Nano but at half the price and a quarter the size, along with a sample sensor to get me started.

    I spent a few days with it, and I'm already working on a project to improve my home garden and thinking of several others for home automation. Far from just another Arduino-like product, the Seeeduino Nano solves several problems new makers face when they get a microcontroller and want to use it.

  • Marco Zehe: A quick introduction to using Gutenberg

    Late in November, I published a personal opinion on the state of Gutenberg accessibility. Today, I’d like to give an introduction to Gutenberg from a screen reader user perspective.

    Gutenberg, the WordPress block editor, is the new way to create content and build sites in WordPress. It is a rich web application that uses many modern techniques such as dynamic updates, toolbars, side bars and other items to completely update the posting experience. It can also be quite daunting at first. Let us try to shed a little light on some of the mysteries around it.

  • Pitfalls for OMEMO Implementations – Part 1: Inactive Devices

    Smack’s OMEMO implementation received a security audit a while ago (huge thanks to the Guardian Project for providing the funding!). Radically Open Security, a non-profit pentesting group from the Netherlands focused on free software and ethical hacking went through the code in great detail to check its correctness and to search for any vulnerabilities. In the end they made some findings, although I wouldn’t consider them catastrophically bad (full disclosure – its my code, so I might be biased Big Grin). In this post I want to go over two of the finding and discuss, what went wrong and how the issue was fixed.

  • Support FSF's copyleft and licensing work

    We launched our annual fundraiser with the goal of welcoming 600 new associate members before December 31st. New members are critical to the cause, and by becoming a member you will stand in solidarity with others who care about computer user freedom. As is the case with any social movement, the numbers matter, and it is a very powerful gesture to make for only $10 a month ($5 if you are a student). Please support the work that gives hope for a future with software freedom: make a donation or – better yet -- join us and become a member today.

    The Free Software Foundation is a global leader for copyleft, and the licensing team plays a vital role in disseminating useful knowledge about free software while working to protect it. We accomplish this in part by answering licensing questions from the public and by providing resources like our list of free software licenses. We also increase access to software freedom by managing the Respects Your Freedom certification program, and cataloging free software through our endorsed distributions program and the Free Software Directory. To protect free software, we handle license compliance for the GNU Project, resulting in a stronger community and more respect for the power of copyleft.

    We are proud to accomplish this as just two staff working with our executive director, board, and legal counsel. These resources combined make a potent force for software freedom, and your support will ensure our work continues with the aim to do an even better job in 2020. Let us share a bit about the work we did in 2019 and elaborate on why it is so vital that this work continues.

  • OpenJS Foundation Welcomes Electron As Its New Incubating Project [Ed: OpenJS is run by people from Microsoft]

    Initially developed by GitHub in 2013, today the framework is maintained by a number of developers and organization

  • Twitter Is Funding Effort To Create A 'Decentralized Standard?'For Social Media

    The project is called Bluesky and eventually, it should enable Twitter to "access and contribute to a much larger corpus of public conversation," pushing it to be far more innovative than in the past.

Programming: GAction, Research on Developers, JavaBeans and Python

Filed under
Development
  • Sébastien Wilmet: Providing GActions in a library

    GAction represents an action that the user can do in an application, it’s usually present in a menu item or a button. It’s not just a function to launch, it’s a little more involved than that.

    Overall, providing GActions in a library can be done quite naturally, once the library provides a framework for the application.

    TeplApplication and TeplApplicationWindow both provide GActions in their public API. They are namespaced with the "tepl-" prefix, to avoid conflicts with other libraries or the application; so the full name of the GActions are "app.tepl-something" or "win.tepl-something". And all the GActions are documented in the class description.

    Note that TeplApplication and TeplApplicationWindow are not subclasses of GtkApplication and GtkApplicationWindow, because several libraries might want to extend those GTK classes and an application needs to be able to use all those extensions at the same time. A nice solution that doesn’t require to hold a new object in the application: use this design pattern that I’ve already described on my blog.

  • Research: Developers are trusted by the business but the alignment is not felt evenly across different generations

    Welcome to the first in a series of in-depth articles looking at the developer’s role in the modern organisation. In this first post: a new generation has arrived. As organisations shift to becoming technology-focused, developers’ roles have evolved so that they are now playing a crucial role in decision making across their businesses. However, all this newfound alignment isn’t so keenly felt across the whole developer workforce…

  • Jakarta EE: Creating an Enterprise JavaBeans timer

    Enterprise JavaBeans (EJB) has many interesting and useful features, some of which I will be highlighting in this and upcoming articles. In this article, I’ll show you how to create an EJB timer programmatically and with annotation. Let’s go!

    The EJB timer feature allows us to schedule tasks to be executed according a calendar configuration. It is very useful because we can execute scheduled tasks using the power of Jakarta context. When we run tasks based on a timer, we need to answer some questions about concurrency, which node the task was scheduled on (in case of an application in a cluster), what is the action if the task does not execute, and others. When we use the EJB timer we can delegate many of these concerns to Jakarta context and care more about business logic. It is interesting, isn’t it?

  • Python Dictionary Comprehension

    In this tutorial, we will learn about Python dictionary comprehension and how to use it with the help of examples.

Mozilla and Curl Leftovers

Filed under
Software
Moz/FF
  • Ending QA community events, for now

    QMO events have been around for several years now, with many loyal Mozilla contributors engaged in various types of manual testing activities– some centered around verification of bug fixes, others on trying out exciting new features or significant changes made to the browser’s core ones. The feedback we received through them, during the Nightly and Beta phases, helped us ship polished products with each iteration, and it’s something that we’re very grateful for.

    We also feel that we could do more with the Testday and Bugday events. Their format has remained unchanged since we introduced them and the lack of a fresh new take on these events is now more noticeable than ever, as the overall interest in them has been dialing down for the past couple of years.

    We think it’s time to take a step back, review things and think about new ways to engage the community going forward.

  • Tips to improve your Ring camera security

    We cannot stress this enough. Weak and reused passwords are a serious vulnerability to your personal security and privacy. The software that the Nulled crew is using to tap into Ring feeds can be used to take over other things like, say, a Disney+ account. Or your bank account.

  • The Mozilla Blog: Petitioning for rehearing in Mozilla v. FCC

    Today, Mozilla continues the fight to preserve net neutrality protection as a fundamental digital right. Alongside other petitioners in our FCC challenge, Mozilla, Etsy, INCOMPAS, Vimeo and the Ad Hoc Telecom Users Committee filed a petition for rehearing and rehearing en banc in response to the D.C. Circuit decision upholding the FCC’s 2018 Order, which repealed safeguards for net neutrality.

    Our petition asks the original panel of judges or alternatively the full complement of D.C. Circuit judges to reconsider the decision both because it conflicts with D.C. Circuit or Supreme Court precedent and because it involves questions of exceptional importance.

  • Daniel Stenberg: Reporting documentation bugs in curl got easier

    After I watched a talk by Marcus Olsson about docs as code (at foss-sthlm on December 12 2019), I got inspired to provide links on the curl web site to make it easier for users to report bugs on documentation.

    Starting today, there are two new links on the top right side of all libcurl API function call documentation pages.

    File a bug about this page – takes the user directly to a new issue in the github issue tracker with the title filled in with the name of the function call, and the label preset to ‘documentation’. All there’s left is for the user to actually provide a description of the problem and pressing submit (and yeah, a github account is also required).

Fedora, Red Hat and IBM: Flatpak 1.5.2, Cockpit 209, OpenShift, Java and More

Filed under
Red Hat
  • Flatpak 1.5.2 Continues Work On Authentication Support In Push To Handling Paid Apps

    Introduced last month was the Flatpak 1.5.1 development build that provided initial support for protected/authenticated downloads of Flatpaks as the fundamental infrastructure work towards allowing paid or donation-based applications within Flathub or other Flatpak-based "app stores" on Linux. 

    Flatpak 1.5.2 is out this Friday morning and it has continued work on this focus for authenticated/protected downloads. There has been new API coverage around the authentication code, an OCI authenticator is now bundled, a simple user/password authentication-driven option similar to HTTP-based authentication, and related work towards opening up new use-cases for Flatpak. 

  • Cockpit 209

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 209.

    A new design for the Overview page

    The landing page has been completely redesigned. Information is grouped into easier to understand panels, health information is much more prominent, the resource graphs have been moved to their own page, and the hardware information page should now be easier to find.

  • We’re headed for edge computing

    Every week seems to bring a new report on how edge computing is going to take over the world. This crescendo has been building for the past few years, so it’s no surprise that edge computing sits near the peak on the Gartner hype cycle for emerging technologies. But the question remains—will the edge computing phenomenon take over the world as predicted and, if so, how can businesses benefit from it?

    In this and future articles, we’ll demystify edge computing, examine its motivations, and explore best practices in creating scalable edge deployments and the role of open source at the edge. We’ll also look at 5G and its impact to the telco industry, remote office/branch office, IoT, and other use cases.

  • Persistent data implications for apps and microservices

    Speed and agility are the name of the game, whether you are running track in a triathlon, racing to find cures to the world’s most nefarious diseases, or developing new applications that are changing the way society interacts. Application development teams can have a profound effect, not only on their organizations’ ability to differentiate themselves, but also the world we live in.

    [...]

    While just a few years ago, some organizations were still concerned with the viability of running production workloads in containers, the benefits of capitalizing on faster development cycles has garnered favor among developers. And, with enterprise-class enhancements delivered by platforms such as Red Hat OpenShift Container Platform, containers have grown from nifty developer projects, to scalable, more manageable infrastructure environments that enable DevOps for the hybrid cloud.

  • Cloud Pak for Applications supports IBM Z

    The latest version of Cloud Pak for Applications, Version 4.0, extends support for Red Hat OpenShift Container Platform 4.2 onto the IBM Z platform.

    Now users can extend their hybrid cloud deployments to include Red Hat OpenShift clusters on IBM Z hardware, taking advantage of the container orchestration platform and tools to bring a consistent experience for development of cloud-native workloads.

    Support for OpenShift on IBM Z in this release of IBM Cloud Pak for Applications is limited to the container platform only. IBM runtimes continue to provide support for IBM Z, including container deployments where appropriate.

  • Exploring OpenShift 4.x Cluster

    In this video we will explore the cluster installed during the last video, log into the cluster, configure an authentication provider. We will understand the structure of the cluster and the architecture overview of HA installation. We will get deep understanding of what runs on the master node vs worker node, how the load balancers are setup. We will also look at the cloud provider to see all the infrastructure components that got created by the installer.

  • Celebrating 20 years of enterprise Java: Milestones

    As we celebrate the last 20 years of enterprise Java, it is important to look back at the platform's history to better understand where it came from and how we arrived where we are today.

    Enterprise Java emerged during a pivotal time in the history of enterprise computing. When Java 2 Platform, Enterprise Edition (J2EE) 1.2 was introduced in December 1999, it not only marked the birth of enterprise Java, but also signaled an important shift in how organizations were thinking about the web.

    Roughly five years earlier, in May 1995, the Java programming language had been publicly released. The language was originally developed to address obstacles faced by a stealth innovation team at Sun Microsystems building the Star7, an interactive handheld home entertainment controller; however, after a tepid response from the television industry, the team instead set its sights on the internet.

    Web browsers were making the web more accessible to users, and when the Java language was first announced by Sun, it came with a crucial endorsement: Netscape, one of the leaders in the nascent Web browser market at the time, announced in 1995 that it would include support for Java in its namesake browser.

Videos/Audiocasts/Shows: SkateBIRD, Carrion, Kubuntu 19.10 and More

Filed under
GNU
Linux

Debian: Olivier Berger at Paris Open Source Summit 2019, Molly de Blanc on Autonomy and First Outreachy Post by Anisa Kuci

Filed under
Debian
  • Olivier Berger: Antidote and NRELabs presentation at Paris Open Source Summit 2019

    I’ve just presented Antidote and the NRELabs platform at Paris Open Source Summit 2019. Here are the slides of the presentation : Antidote: virtualized learning labs running over kubernetes

    I made a demo and the speech in front of the few people left, unfortunately, as the conference attendance suffered from the ongoing strikes in France (opposing the pensions system reform).

    In any case, I hope it triggered some interest for the platform and the project.

  • Molly de Blanc: Autonomy

    I’ve been stuck on the question: Why is autonomy an ethical imperative? or, worded another way Why does autonomy matter? I think if we’re going to argue that free software matters (or if I am anyway), there needs to be a point where we have to be able to answer why autonomy matters.

    I’ve been thinking about this in the framing of technology and consent since the summer of 2018, when Karen Sandler and I spoke at HOPE and DebConf 18 on user and software freedom. Sitting with Karen before HOPE, I had a bit of a crisis of faith and lost track of why software freedom matters after I moved to the point that consent is necessary to our continued autonomy. But why does autonomy matter?

  • Outreachy post 1 by Anisa Kuci

    Couple of months ago I decided to apply for the winter 2019-2020 round of Outreachy.

    Outreachy, for those who don’t know, provides internships in Free and Open Source Software (FOSS) with the aim to support underrepresented groups of people. Outreachy internships are open to applicants around the world, and interns are able to work remotely.

    There were quite a few very interesting projects to choose among this round, but since I have been a Debian user and contributor for a while and it is a project I really like, I decided to work towards it. I have been doing small Debian related events or gatherings in the community I was part of. The Debian project I applied for is “Create fundraising material for DebConf20+, document the fundraising processes and support a cycle”.

    The initial tasks were very interesting and applicable to my skill-set, so I was really enjoying working on them. Also the mentor of the project was very responsive and helpful when I would have questions or feel in doubt and quite supportive, which was motivating me to keep contributing in such a great project.

Games: Proton Release and Railway Empire

Filed under
Gaming

KDE Meetings and Conferences

Filed under
KDE
  • Meetings and Conferences

    From there Aleix Pol and I sped off to Belgium for GNU Health CON. Aleix gave a talk on Kirigami and UIs for mobile devices. I might give a talk about Pine64 hardware (which I’m hardly qualified to do, but willing). Until then I’m running the KDE booth at the event, with a Plasma Mobile phone (not a PinePhone).

    One of the things we did for this booth is slap together a presentation to run on the monitor at the booth. This is a miniature QML application that runs a slideshow; the slideshow is easy to extend by adding more Component blocks to the file. It’s not quite the equivalent of reading in a Markdown file, but pretty close. At 8k of QML source (probably 80% of that is spaces for tidy indentation, too) it’s handy to have around. We’ll add it to the promo wiki once we’re done.

    Writing the slides was fun, I got to use the new emoji picker, and Aleix did all the heavy QML lifting. I really need to learn more of that.

  • Linux App Summit 2019!

    I attended the first Linux App Summit cohosted by KDE and GNOME! The conference was held in Barcelona, Spain. The conference was organised by the local team, Barcelona Free Software.

    The conference hosted quality talks all relevant to the subject of the Linux App Ecosystem - people from the entire spectrum of the Linux Desktop came to talk at the conference, right from packaging software like snap and flatpak devs to people involved in core Plasma and GTK - LAS is THE place to be if you want to see where the Linux App Ecosystem is heading to.

    One of my favourite talks was by Tobias Bernard and Jordan Petridis on “There is no ‘Linux’ platform” describing the immense differences we have within the “Linux” platform that we effectively have to call them a separate ‘platform’ itself.

    Another talk that stood out was the Day Two Keynote by Frank Karlitsche: “We all suck” Wink The talk didn’t mince words in saying that the Linux App Ecosystem has a lot to catch up with in terms of organising technology, people, packaging for us, to really compete with the proprietary system and laid a few, I wouldn’t say far-fetched but uneasy solutions (one of them being to merge both KDE and GNOME to form a ‘super’ organisation for all desktop needs (?) )

Plenty of Linux Power Is Built Into Linux Lite 4.6

Filed under
Linux
Reviews

Linux Lite 4.6 offers a great deal of flexibility and usability. Its desktop offers considerably more system controls and configuration options than many of the more modern desktops, such as Enlightenment, GNOME 3 and Budgie.

All of the system controls and settings are located in the Settings option within the main menu display. Windows users will find a close similarity to the Control Panel.

Even recent Linux newcomers will not need much exploring or head-scratching to navigate their way around Linux Lite. The layout is familiar and intuitive. The Welcome panel provides a very useful listing of information and how-to resources for using Linux Lite.

Read more

The LibreOffice Documentation Team Announces the LibreOffice Online Guide

Filed under
LibO

The guide includes content for end-users – as well as for system administrators – for rapid deployment and start of operation. It covers the basic usage of the word processor, spreadsheet and presentation modules, as well as guides for file handling and – one of the major technological achievements of LibreOffice Online – the collaborative editing capability, that allows several users to work on the same document, spreadsheet or presentation at the same time. Users familiar with LibreOffice on the desktop will quickly grasp the operation of LibreOffice Online, except for some specific differences addressed in the guide.

For the system administrator, the guide covers installation and basic operation, and explains deployment in small and limited environments. Professional support and operation services are strongly recommended for large installations and mission critical deployments, available in the LibreOffice business ecosystem.

Read more

Linux Foundation: Microsoft Buying Seats and Another Branch Started for Edge Openwash

Filed under
OSS
  • The 2 Problems Facing Linux (and Open Source) in 2020

    Some of the largest and, arguably, most influential organizations within the Open Source world are heavily funded by companies who are predominantly opposed to Open Source as a concept.

    Microsoft and Facebook fund the Open Source Initiative. Facebook, VMWare, Microsoft, Comcast, and Oracle (all companies that focus on Closed Source almost entirely -- the vast majority of their work is closed and some of these firms take drastic legal action against Open Source projects and their users) all fund the Linux Foundation (and have seats on the Linux Foundation board).

    Some of these seats cost half a million dollars per year.

    Companies don't throw around that kind of money without expecting something in return.

    That's not a conspiracy theory... that's just good, obvious business. If Microsoft, for example, simply wished to be generous, they would donate the half million dollars, issue a press release about how nice they are, and be hands off. Instead, they are paying for board positions to give them greater control over activities and stances of organizations like the Linux Foundation.

    Again. Not a conspiracy. I'm not claiming anything unfounded or unproven. Simply pointing out the business relationships that have formed -- and that companies don't typically pay half a million dollars (per year) for nothing in return.

    I want to also stress this point: None of this makes these companies, like Microsoft, evil. I don't view Microsoft as evil... simply a company focused (primarily) on Closed Source software and with a track record of attacking those that threaten their core businesses. They're just doing the business they do. Looking at how the business needs (real or perceived) of such a company can impact the organizations they have some control over (such as the Open Source Initiative and the Linux Foundation) is, regardless of your views of any of these entities, the prudent thing to do.

    To me, Microsoft buying seats on the Linux Foundation board feels like a cigarette company buying a seat on the board of an organization focused on helping people quit smoking -- in that their interests are not (by and large) aligned. Or Tesla buying a seat on the board of a chain of gas stations.

    Note: I have reached out to both The Linux Foundation and Microsoft repeatedly over the last several months. I genuinely want their viewpoint. To date, no response has been given.

  • Linux Foundation pitches DENT to simplify enterprise edge networks

    The Linux Foundation today announced a new open-source project aimed at simplifying enterprise networking software at the edge.

    The DENT initiative‘s goal is to create a network operating system for disaggregated network switches used in remote enterprise locations such as retail stores. The project is being backed by a number of companies, including Amazon.com Inc., Cumulus Networks Inc., Delta Electronics Inc., Marvell Technology Group, Mellanox Technologies Ltd. and Wistron NeWeb Corp.

    DENT’s founders say they’re trying to facilitate “open networking” at the network edge based on the idea of “disaggregation.” That refers to the evolution of switching and routing appliances from proprietary, closed hardware and software sourced from a single provider toward totally decoupled, open components combined to form a complete switching and routing device.

    [...]

    Analyst Holger Mueller of Constellation Research Inc. said the battle for the edge is in full swing and it’s not surprising that some companies are choosing to wage it on the standards front too.

    “The Foundation has a good track record on standards so far, and enterprise executives want to see cross-vendor endorsed standards win in the marketplace to power their next-generation applications,” he said.

  • DENT Launches To Simplify Enterprise Edge Networking Software

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of DENT, a project to enable the creation of Network OS for Disaggregated Network Switches in campus and remote enterprise locations. Under the Linux Foundation, DENT hopes to unify and grow the community of Silicon Vendors, Original Design Manufacturers (ODM), System Integrators (SI), Original Equipment Manufacturers (OEM) and end users to create an ecosystem of contributors around a full-featured network operating system. The initial use case will focus on the retail industry with premier members including Amazon, Cumulus Networks, Delta Electronics Inc, Marvell, Mellanox, Wistron NeWeb (WNC).

    Networking solutions today are customized for each market and each use case, whether telecom, cloud or enterprise data center markets. They use proprietary silicon (ASIC) for packet processing and closed operating systems to enable workloads and applications on a network switch. Disaggregation is the new way for Open Networking and has been well accepted in data centers and telecom infrastructures. However, in enterprise networking– especially with distributed locations– nothing currently exists for Enterprise Edge properties that fall outside the traditional public cloud as they have very specific requirements to take advantage of disaggregation and the networking stack.

    Remote campus locations and retail stores require a simple networking OS stack that is low cost and Linux-based. DENT is an Open Source project that will enable the community to build this solution without complicated abstractions. It uses the Linux Kernel, Switchdev and other Linux based projects to allow developers to treat networking ASICs and silicon like any other hardware. It simplifies abstractions, APIs, drivers and overheads that currently exist in these switches and on other open software.

Security Leftovers

Filed under
Security
  • This Week In Security: VPNs, Patch Tuesday, And Plundervault

    An issue in Unix virtual private networks was disclosed recently, where an attacker could potentially hijack a TCP stream, even though that stream is inside the VPN. This attack affects OpenVPN, Wireguard, and even IPSec VPNs. How was this possible? Unix systems support all manner of different network scenarios, and oftentimes a misconfiguration can lead to problems. Here, packets sent to the VPNs IP address are processed and responded to, even though they are coming in over a different interface.

    The attack initially sounds implausible, as an attacker has to know the Virtual IP address of the VPN client, the remote IP address of an active TCP connection, and the sequence and ACK numbers of that connection. That’s a lot of information, but an attacker can figure it out one piece at a time, making it a plausible attack.

    The scenario suggested in the disclosure was a rogue access point with multiple clients. An attacker can scan the private address space, 10.*.*.* for example, and discover all the VPN clients on the network. Unless the client’s firewall is configured to block it, the VPN interface will happily respond to that scan when the correct IP address is probed.

  • Microsoft Rolls Out Giant Full-Page Reminders That Windows 7 Is About to Die [Ed: GNU/Linux companies totally MIA. Not interested in exploiting this to advance GNU/Linux on desktops and laptops.]
  • Security updates for Friday

    Security updates have been issued by Fedora (knot-resolver and xen), openSUSE (kernel), and SUSE (haproxy, kernel, and openssl).

  • Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks
  • May the Open Source Force Be with You [Ed: Flexera acting like Microsoft's Black Duck, spreading fear for money/sales]

    One of the challenges is that companies could have multiple versions of the same open source library in their product. Version control is a real issue. The ability to leverage SCA to make sure you have the latest version of a particular library and the version that is approved, safe, has the most desirable license terms according to your policies, and is used consistently across the entire product line is a huge benefit.

  • GitHub Urges “Critical” Updates After Nine Git Vulnerabilities Spotted

    “If you clone untrusted repositories, there is no workaround that avoids the risk of any vulnerabilities disclosed in this post, except for updating”

    [...]

    Among the vulnerabilities was CVE-2019-1350, which through incorrect quoting of command-line arguments allows remote code execution during a recursive clone in conjunction with SSH URLs, the Git project’s Johannes Schindelin said.

    “This is a Windows-only issue, as the vulnerable code is only compiled on Windows. The exploit we found involves a submodule having a name that ends in a backslash, and a maliciously-crafted SSH URL that exploits the bug to pass arbitrary options to `ssh.exe`, allowing remote code to be executed during a recursive clone.”

QEMU 4.2.0

Filed under
Software
Syndicate content

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 14/12/2019 - 1:36am
Story 10 Best Linux Log File Management Tools Rianne Schestowitz 14/12/2019 - 1:19am
Story Linux-on-Jetson SDR board gets major software upgrade Roy Schestowitz 13/12/2019 - 9:58pm
Story Wine 5.0's first release candidate Roy Schestowitz 13/12/2019 - 9:55pm
Story VirtualBox 6.1 Officially Released with Linux Kernel 5.4 Support, Improvements Roy Schestowitz 6 13/12/2019 - 9:51pm
Story Eclipse Foundation launches Edge Native Working Group Roy Schestowitz 1 13/12/2019 - 9:50pm
Story Pi for Everyone and Everything Roy Schestowitz 13/12/2019 - 9:12pm
Story Linux Foundation: Microsoft Buying Seats and Another Branch Started for Edge Openwash Roy Schestowitz 1 13/12/2019 - 9:08pm
Story Google Now Bans Some Linux Web Browsers From Their Services Roy Schestowitz 1 13/12/2019 - 8:58pm
Story Fedora Deciding Whether CD/DVD Installation Issues Should Still Hold Up Releases Roy Schestowitz 13/12/2019 - 8:50pm