Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 20 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Red Hat Patch Warning

Filed under
Red Hat
Security
  • We Didn't Pull CPU Microcode Update to Pass the Buck
  • Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues

    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.

    "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.

    "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Security: Updates, SOS Fund, IR, ME, and WPA

Filed under
Security
  • Security updates for Friday
  • Seeking SOS Fund Projects

    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.

  • Strong Incident Response Starts with Careful Preparation

    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.

  • The Intel Management Engine: an attack on computer users' freedom

    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.

  • What Is WPA3, and When Will I Get It On My Wi-Fi?

    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.

First Impressions: Asus Tinkerboard and Docker

Filed under
Linux
Hardware

The board's standard OS is TinkerOS - a Linux variant of Debian 9. I've also read that Android is available but that doesn't interest us here. While Android may use forms of containerisation under the hood it doesn't mix with Docker containers.

Rather than trying TinkerOS I flashed Armbian's release of Ubuntu 16.04.03. The stable build on the download page contains a full desktop, but if you want to run the board headless (like I do) then you can find a smaller image on the "other downloads" link.

I initially used the stable image but had to swap to the nightly build due to a missing kernel module for Kubernetes networking. Having looked this up on Google I found the nightly build contained the fix to turn on the missing module.

Read more

PlayOnLinux For Easier Use Of Wine

Filed under
Linux

PlayOnLinux is a free program that helps to install, run, and manage Windows software on Linux. It can also manage virtual C: drives (known as Wine prefixes), and download and install certain Windows libraries for getting some software to run on Wine properly. Creating different drives using different Wine versions is also possible. It is very handy because what runs well in one version may not run as well (if at all) on a newer version. There is PlayOnMac for macOS and PlayOnBSD for FreeBSD.

Read<br />
more

Linux Kernel: KPTI, SEV, CBS

Filed under
Linux
  • Experimental KPTI Support For x86 32-bit Linux

    For the Kernel Page Table Isolation (KPTI) support currently within the Linux kernel for addressing the Meltdown CPU vulnerability it's currently limited to 64-bit on the x86 side, but for the unfortunate souls still running x86 32-bit operating systems, SUSE is working on such support.

  • AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16

    With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline.

    Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.

  • Deadline scheduler part 2 — details and usage

    Linux’s deadline scheduler is a global early deadline first scheduler for sporadic tasks with constrained deadlines. These terms were defined in the first part of this series. In this installment, the details of the Linux deadline scheduler and how it can be used will be examined.

    The deadline scheduler prioritizes the tasks according to the task’s job deadline: the earliest absolute deadline first. For a system with M processors, the M earliest deadline jobs will be selected to run on the M processors.

    The Linux deadline scheduler also implements the constant bandwidth server (CBS) algorithm, which is a resource-reservation protocol. CBS is used to guarantee that each task will receive its full run time during every period. At every activation of a task, the CBS replenishes the task’s run time. As the job runs, it consumes that time; if the task runs out, it will be throttled and descheduled. In this case, the task will be able to run only after the next replenishment at the beginning of the next period. Therefore, CBS is used to both guarantee each task’s CPU time based on its timing requirements and to prevent a misbehaving task from running for more than its run time and causing problems to other jobs.

Graphics: Mesa and AMDGPU

Filed under
Graphics/Benchmarks
  • Mesa 17.3.3 Released With RADV & ANV Vulkan Driver Fixes

    Mesa 17.3.3 is now available as the latest point release for the Mesa 17.3 stable series.

    This bi-weekly point release to Mesa presents several RADV Vega/GFX9 fixes, various Intel ANV Vulkan driver fixes, a DRI3 fix, and random fixes to the OpenGL drivers like RadeonSI, Etnaviv, and even Swrast.

  • R600g "Soft" FP64 Shows Signs Of Life, Enabling Older GPUs To Have OpenGL 4 In 2018

    Most pre-GCN AMD graphics cards are still limited to OpenGL 3.3 support at this time due to not supporting FP64. Only the HD 5800/6900 series on R600g currently have real double-precision floating-point support working right now so at present they are on OpenGL 4.3 rather than 3.3, but those other generations may be catching up soon thanks to the "soft" FP64 code.

  • AMDGPU DC Gets More Raven Ridge Improvements, Audio Fixes

    Harry Wentland of AMD has sent out the latest batch of patches for the AMDGPU DC display code stack. Fortunately it lightens up the DRM driver by about six thousand lines thanks to removing some unused code.

    Besides gutting out a chunk of unused code, the DC code has a few audio fixes (no word yet on supporting newer audio formats with DC), fixes on driver unload, a "bunch" of continued Raven Ridge display updates, and various other code clean-ups.

  • AMDGPU Firmware Blobs Updated For Video Encode/Decode

    There are updated AMDGPU microcode/firmware files now available for recent Radeon GPUs.

    The updated firmware files now available via the main linux-firmware.git repository are centered around the video blocks: UVD video decoding, VCE video encode, and the new VCN video encode/decode block with Raven Ridge.

Games: DRAG, Geneshift, Balloonatics and More

Filed under
Gaming

Tumbleweed Update

Filed under
SUSE
  • Tumbleweed Rolls Forward with New versions of Mesa, Squid, Xen

    This week provided a pretty healthy amount of package updates for openSUSE’s rolling distribution Tumbleweed.

    There were three snapshots released since the last blog and some of the top packages highlighted this week are from Mesa, Squid, Xen and OpenSSH.

    The Mesa update from version 17.2.6 to 17.3.2 in snapshot 20180116 provided multiple fixes in the RADV Vulkan driver and improvements of the GLSL shader cache. The Linux Kernel provides some fixes for the security vulnerabilities of Meltdown in version 4.14.13 and added a prevent buffer overrun on memory hotplug during migration for KVM with s390. The snapshot had many more package updates like openssh 7.6p1, which tightened configuration access rights. A critical fix when updating Flatpak packages live was made with the gnome-software version 3.26.4 update. File systems package btrfsprogs 4.14.1 provided cleanups and some refactoring while wireshark 2.4.4 made some fixes for dissector crashes. Xen 4.10.0_10 added a few patches. Rounding out the snapshot, ModemManager 1.6.12 fixed connection state machine when built against libqmi and blacklisted a few devices to include some Pycom devices.

  • openSUSE Tumbleweed Rolls To Mesa 17.3, Linux 4.14.13

    OpenSUSE has continued rolling in the new year with several key package updates in January.

    Exciting us a lot is that openSUSE Tumbleweed has migrated from Mesa 17.2 to now Mesa 17.3. Mesa 17.3.2 is the version currently in openSUSE's rolling-release.

Compact Quark-based embedded computer sells for $120

Filed under
Linux

Advantech’s “UBC-222” is an embedded computer that runs Yocto Linux on an Intel Quark X1000 with up to 1GB DDR3, dual 10/100 LAN ports, and a mini-PCIe socket with LTE-ready SIM slot.

Read more

Press Coverage About Wine 3.0

Filed under
Microsoft
Software
  • Windows apps on Linux: Wine 3.0 is out now with Direct3D 10, 11 support

    Wine 3.0 is now available to help you run Windows applications and games on Linux, macOS, and BSD systems.

    Wine -- or 'Wine is Not an Emulator' -- is a compatibility layer that implements the Windows API on top of Unix and Linux, to help you run Windows apps when needed.

    Currently, about 25,000 applications are compatible with Wine, with the most popular all being games, including Final Fantasy XI, Team Fortress 2, EVE, and StarCraft.

  • Wine 3.0 is here to run Windows software on your Linux box

    When people make the switch from Windows to Linux, they often experiment with Wine. If you aren’t familiar, it is a compatibility layer that can sometimes get Windows software to run on Linux and BSD. I say "sometimes" because it isn’t a flawless experience. In fact, it can be quite frustrating to use. I suggest using native Linux software as an alternative, but understandably, that isn’t always possible.

    If you depend on Wine, or want to start trying it out, I am happy to say that version 3.0 is finally available. It is quite the significant update too, as it features over 6,000 changes!

  • Have three WINEs this weekend, because WINE 3.0 has landed

    Version 3.0 of Wine Is Not an Emulator – aka WINE – has arrived, and offers all sorts of new emulation-on-Android possibilities.

    WINE lets users run Windows applications on Linux, MacOS, Solaris, and FreeBSD, plus other POSIX-compliant operating system. To do so it “translates Windows API calls into POSIX calls on-the-fly”, an arrangement its developers rate as more efficient than virtualization while “allowing you to cleanly integrate Windows applications into your desktop.”

  • Wine 3.0 Released To Run Windows Apps On Linux Efficiently — Download It Here

    Just recently, we told you that the support for Linux distros in VirtualBox is about to get a lot better with the release of Linux kernel 4.16. But, what if you wish to run Windows apps on your host Linux system? For that, Wine has got your back.

Top 6 open source desktop email clients

Filed under
OSS

Mobile and web technologies still haven't made the desktop obsolete, and despite some regular claims to the contrary, desktop clients don't seem to be going away anytime soon.

And with good reason. For many, the preference for a native application (and corresponding native performance), easy offline use, a vast array of plugins, and meeting security needs will long outweigh pressures to switch to a webmail email client. Whether you're sticking with a desktop email client because of a corporate mandate or just personal preference, there are still many great options to choose from. And just because you may be stuck on Windows doesn't mean Outlook is your only option; many open source clients are cross-platform.

Read more

The 5 Best Linux Distributions for Development

Filed under
Linux

When considering Linux, there are so many variables to take into account. What package manager do you wish to use? Do you prefer a modern or old-standard desktop interface? Is ease of use your priority? How flexible do you want your distribution? What task will the distribution serve?

It is that last question which should often be considered first. Is the distribution going to work as a desktop or a server? Will you be doing network or system audits? Or will you be developing? If you’ve spent much time considering Linux, you know that for every task there are several well-suited distributions. This certainly holds true for developers. Even though Linux, by design, is an ideal platform for developers, there are certain distributions that rise above the rest, to serve as great operating systems to serve developers.

Read more

Meltdown and Spectre Linux Kernel Status - Update

Filed under
Linux
Security

I keep getting a lot of private emails about my previous post previous post about the latest status of the Linux kernel patches to resolve both the Meltdown and Spectre issues.

These questions all seem to break down into two different categories, “What is the state of the Spectre kernel patches?”, and “Is my machine vunlerable?”

Read more

today's leftovers

Filed under
Misc

OSS: Jio, VMware Openwashing, and Testing Jobs

Filed under
OSS
  • Jio is committed to use open source technology: Akash Ambani

    Speaking at the India Digital Open Summit 2018, Akash Ambani, Director of Reliance Jio Infocomm, said that open source is very important for his company.

    “The year 2017 was the tipping point for AR and VR globally. In India, AR and VR are in the initial stages of adoption but at Jio, we believe it will grow at a 50 percent compounded rate for the next five years,” Akash said.

    He also spoke on the evolution of artificial intelligence and blockchain.

  • VMware and Pivotal’s PKS Distribution Marries Kubernetes with BOSH [Ed: It looks like the author has been reduced to Microsoft propaganda and other openwashing puff pieces sponsored by proprietary software giants. We have given up on several writers who used to support GNU/Linux. Seeing their activity, it seems as though they ended up with neither gigs nor credibility (used to get far more writing assignments from LF, often for Microsoft openwashing).]
  • Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter

    Ethical hacking to find security flaws appears to pay better, albeit less regularly, than general software engineering.

    And while payment remains one of the top rationales for breaking code, hackers have begun citing more civic-minded reasons for their activities.

    A survey of 1,700 bug bounty hunters from more than 195 countries and territories by security biz HackerOne, augmented by the company's data on 900 bug bounty programs, has found that white-hat hackers earn a median salary that's 2.7 times that of typical software engineers in their home countries.

    In some places, the gap is far more pronounced. In India, for example, hackers make as much as 16 times the median programmer salary. In the US, they earn 2.4 times the median.

Security: Spectre and Meltdown, Industrial System Sabotage, VDP, Windows in Healthcare

Filed under
Security
  • Some thoughts on Spectre and Meltdown

     

    Contrast that with what happened this time around. Google discovered a problem and reported it to Intel, AMD, and ARM on June 1st. Did they then go around contacting all of the operating systems which would need to work on fixes for this? Not even close. FreeBSD was notified the week before Christmas, over six months after the vulnerabilities were discovered. Now, FreeBSD can occasionally respond very quickly to security vulnerabilities, even when they arise at inconvenient times — on November 30th 2009 a vulnerability was reported at 22:12 UTC, and on December 1st I provided a patch at 01:20 UTC, barely over 3 hours later — but that was an extremely simple bug which needed only a few lines of code to fix; the Spectre and Meltdown issues are orders of magnitude more complex.  

  • Menacing Malware Shows the Dangers of Industrial System Sabotage

     

    At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment. Hackers [sic] were initially able to introduce malware into the plant because of flaws in its security procedures that allowed access to some of its stations, as well as its safety control network.

  • 25 per cent of hackers don't report bugs due to lack of disclosure policies

     

    One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).

  • 'Professional' hack [sic] on Norwegian health authority compromises data of three million patients [iophk: "Windows TCO"]
Syndicate content

More in Tux Machines

First Impressions: Asus Tinkerboard and Docker

The board's standard OS is TinkerOS - a Linux variant of Debian 9. I've also read that Android is available but that doesn't interest us here. While Android may use forms of containerisation under the hood it doesn't mix with Docker containers. Rather than trying TinkerOS I flashed Armbian's release of Ubuntu 16.04.03. The stable build on the download page contains a full desktop, but if you want to run the board headless (like I do) then you can find a smaller image on the "other downloads" link. I initially used the stable image but had to swap to the nightly build due to a missing kernel module for Kubernetes networking. Having looked this up on Google I found the nightly build contained the fix to turn on the missing module. Read more

today's howtos

PlayOnLinux For Easier Use Of Wine

PlayOnLinux is a free program that helps to install, run, and manage Windows software on Linux. It can also manage virtual C: drives (known as Wine prefixes), and download and install certain Windows libraries for getting some software to run on Wine properly. Creating different drives using different Wine versions is also possible. It is very handy because what runs well in one version may not run as well (if at all) on a newer version. There is PlayOnMac for macOS and PlayOnBSD for FreeBSD. Read
more

Linux Kernel: KPTI, SEV, CBS

  • Experimental KPTI Support For x86 32-bit Linux
    For the Kernel Page Table Isolation (KPTI) support currently within the Linux kernel for addressing the Meltdown CPU vulnerability it's currently limited to 64-bit on the x86 side, but for the unfortunate souls still running x86 32-bit operating systems, SUSE is working on such support.
  • AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16
    With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline. Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.
  • Deadline scheduler part 2 — details and usage
    Linux’s deadline scheduler is a global early deadline first scheduler for sporadic tasks with constrained deadlines. These terms were defined in the first part of this series. In this installment, the details of the Linux deadline scheduler and how it can be used will be examined. The deadline scheduler prioritizes the tasks according to the task’s job deadline: the earliest absolute deadline first. For a system with M processors, the M earliest deadline jobs will be selected to run on the M processors. The Linux deadline scheduler also implements the constant bandwidth server (CBS) algorithm, which is a resource-reservation protocol. CBS is used to guarantee that each task will receive its full run time during every period. At every activation of a task, the CBS replenishes the task’s run time. As the job runs, it consumes that time; if the task runs out, it will be throttled and descheduled. In this case, the task will be able to run only after the next replenishment at the beginning of the next period. Therefore, CBS is used to both guarantee each task’s CPU time based on its timing requirements and to prevent a misbehaving task from running for more than its run time and causing problems to other jobs.