Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 23 Oct 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

  • 07/07/2019 - 5:40pm
    JamieCull
  • 04/07/2019 - 7:09pm
    ksanaj
  • 18/07/2018 - 6:58am
    arindam1989
  • 14/08/2017 - 5:04pm
    2daygeek
  • 11/07/2017 - 9:36am
    itsfoss
  • 04/05/2017 - 11:58am
    Variscite
  • 09/04/2017 - 4:47pm
    mwilmoth
  • 11/01/2017 - 12:02am
    tishacrayt
  • 11/01/2017 - 12:01am
    lashayduva
  • 10/01/2017 - 11:56pm
    neilheaney

System76 Releases Pop!_OS 19.10 with Many Improvements, Based on Ubuntu 19.10

Filed under
OS
Ubuntu

Based on Canonical's recently released Ubuntu 19.10 (Eoan Ermine) operating system, Pop!_OS Linux 19.10 ships with the latest GNOME 3.34 desktop environment and introduces a new upgrade process that supports offline upgrades, which will be used from now on to upgrade between Pop!_OS releases.

"When an upgrade becomes available, it is downloaded to your computer. Then, when you decide to upgrade to the newest version of your OS, the upgrade will overwrite the current version of your software. However, this is not to be confused with an automatic update," writes Systems76 on their blog.

Read more

Also: Theme Updates, Offline Upgrades Headline New Additions to Pop!_OS 19.10

Firefox Preview/GeckoView Add-ons Support

Filed under
Development
Moz/FF

Back in June, Mozilla announced Firefox Preview, an early version of the new browser for Android that is built on top of Firefox’s own mobile browser engine, GeckoView. We’ve gotten great feedback about the superior performance of GeckoView so far. Not only is it faster than ever, it also opens up many opportunities for building deeper privacy features that we have already started exploring, and a lot of users were wondering what this step means for add-ons.

We’re happy to confirm that GeckoView is currently building support for extensions through the WebExtensions API. This feature will be available in Firefox Preview, and we are looking forward to offering a great experience for both mobile users and developers.

Read more

Red Hat Enterprise Linux 7 and CentOS 7 Get Important Kernel Security Update

Filed under
Red Hat
Security

Marked as important by Red Hat Product Security, the new Linux kernel security patch is here to fix a use-after-free flaw (CVE-2018-20856) discovered in the __blk_drain_queue() function in block/blk-core.c, as well as a heap overflow issue (CVE-2019-3846) discovered in the mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c.

It also addresses a heap overflow issue (CVE-2019-10126) discovered in the mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c and a Bluetooth flaw (CVE-2019-9506) that may lead to BR/EDR encryption key negotiation attacks (KNOB).

Read more

Purism: Supplying the Demand

Filed under
Linux

Thank you all for the continued support and remarkable demand for the Librem 5.

As we’ve shared earlier, we are iterating through shipping batches. The purpose of doing so is to increment and improve with each batch toward mass production and share that story publicly. As a result, these earlier batches are limited in quantity as we move toward mass production. Publicly releasing iterated hardware at this level of transparency is extremely uncommon, but in nearly everything we do we try to lead by example. Forming as a Social Purpose Corporation, open sourcing all our software, having PureOS be FSF endorsed, securing the lower layers of computing, or manufacturing a revolutionary mobile phone from scratch… all have required sacrifice but are well worth it to provide people with a values-driven alternative to Big Tech.

Read more

Also: Purism Provides Update On Librem 5 Shipping, Known Issues

KDE Plasma 5.17 Desktop Environment Gets First Point Release with 40 Bug Fixes

Filed under
KDE
Security

Released last week on October 15th, the KDE Plasma 5.17 desktop environment introduces Night Color support on X11, fractional scaling on Wayland, HiDPI and multi-screen improvements, as well as the ability to support for managing and configuring Thunderbolt devices in System Settings.

It also improves the notification system with a new Do Not Disturb mode that automatically detects presentations, Breeze GTK theme support for the Google Chrome and Chromium web browsers, Nvidia GPU stats in System Settings, and color scheme support for GTK and GNOME apps in the Breeze GTK theme.

Read more

Arm unveils two lightweight NPUs for edge AI

Filed under
Linux

Arm renamed its 4-TOP Arm ML NPU as the Ethos-N77 and launched small-footprint, low-power Ethos-N57 (2-TOP) and Ethos-N37 (1-TOP) models for edge AI supported with the Linux-based Arm NN SDK. Arm also unveiled a Mali-G57 GPU and a tiny Mali-D37 VPU.

Tiny, stripped-down AI co-processors for the edge seem to be a thing these days. Arm’s new power-efficient Ethos-N57 (2-TOP) and Ethos-N37 (1 TOP) neural processing units (NPUs) may not be as minimalist as Kneron’s KL520 AI SoC, available on Aaeon’s AI Edge Computing Modules, which delivers 0.3 TOP NPU performance on only half a Watt. Yet they offer lower-power embedded and mobile alternatives to Arm’s newly renamed, 4-TOP Ethos-N77, formerly known as the Arm Machine Learning (ML). The NPUs are supported via the Linux-based Arm NN SDK (see farther below).

Read more

Plasma 5.17 review - The show must go on (and be good)

Filed under
KDE
Reviews

It's happened again. The KDE team has released a new version of their desktop environment. Seemingly a small increment, based on the numbering scheme, it still brings a wealth of changes, improvements and whatnot to the desktop scene. That means there's only one reasonable outcome: some proper testing.

And so I did. I fired up my neon instance sitting cozily in the eight-boot Windows-and-Linux setup on my G50 laptop, let the system run a whole bunch of updates, and an hour later, I had the Plasma 5.17 desktop up and running. Now, let's see how it fares and what it offers. After me.

Read more

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News

PostgreSQL

THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

Security and BSD Leftovers

Filed under
Security
BSD
  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).

  • os-release file appears

    There’s now (well, for DragonFly 5.7 users) an /etc/os-release file to show the installed DragonFly version.

  • samsung ativ book 9

    Physically, it’s in the ultraportable category with a 12 inch screen and weighing about two pounds. It’s a completely fanless design, using an M-5Y31 CPU (Broadwell generation). My model came with 8GB RAM and 256GB SSD, but it’s possible to find some with half that. Everything is a bit tiny and compromised, so in my opinion it wouldn’t make for a good all around machine (like the Carbon X1), but if space and weight is at a premium, it’s a good substitute.

    I immediately installed OpenBSD 6.6 when it arrived and have been using it for a few days. I have a few complaints, and I’m not confident in recommending it, but no regrets.

Ubuntu Touch OTA-11 Release

Filed under
Ubuntu
Gadgets

Kugi has outdone himself this time. With this update you'll find a new way to edit text via the Ubuntu Touch on-screen keyboard: the Advanced Text Functions. Using this feature, you can move around your typed text, undo and redo actions, move around a text selection rectangle, and use the cut/copy/paste commands, all from the same overlay. To get started, press and hold the space bar!

We are still unsure about the discoverability of this feature, so stay tuned for changes that will make it even easier to find and use!

This update also adds the option of a Dvorak keyboard layout for the refined OSK user. The PR included fixes to allow multiple keyboard layouts to share the same correction dictionary and word overrides. Huge thanks, zoenb!

Rounding off the updates to the keyboard are improvements to the Polish layout, removing some diacritics that are not used in the language (Thanks, Daniel20000522!); the same treatment for the French-Swiss layout (Thanks, wilfridd!); and a tweak to the Japanese layout so that it respects your settings better (Thanks, Fuseteam!). If you'd like to get in on the keyboard-improving action, Tallero added instructions for building and testing the keyboard to its Readme at https://github.com/ubports/keyboard-component.

Read more

Also: UBports' Ubuntu Touch OTA-11 Released

Khadas VIM3L SBC Review with Android 9 Firmware

Filed under
Android
Hardware
Reviews

As you may remember (or not), VIM3L ships either as a bare board pre-loaded with Android 9 or as an HTPC kit with the board running CoreELEC.

Read more

Events: Indico, XDC2019 and CCC

Filed under
OSS
  • Testing Indico opensource event management software

    After orgnazing a bunch of conferences in the past years I found some communities had problems choosing a conference management software. One alternative or others had some limitations in one way or another. In the middle I collected a list of opensource alternatives and recently I’m very interested in Indico. This project is created and maintained by the CERN (yes, those guys who invented the WWW too).

  • XDC2020 X.Org/Wayland/Mesa Conference To Be Hosted In Gdansk, Poland

    At the XDC2019 X.Org Developers Conference earlier this month in Montreal they named the location of XDC2020 in Europe.

    As is their usual rhythm, each XDC they flip between hosting it at a location in the Americas and in Europe. With XDC2019 having been in Canada, for XDC2020 they selected a proposal putting it in Gdansk, Poland. Gdansk is on the Baltic coast and serves as the country's primary seaport. Gdansk has an international airport as well as plenty of railway connections.

  • 36th Chaos Communication Congress to take place in Leipzig

    We would like to fill our approximately 120 curated talk slots with high-quality content and therefore today solicit your submissions with our Call for Participation.

    On four days, in addition to the curated talks in five large halls, there will be a widely varied program of self-organised workshops at the stages of our assemblies distributed throughout the event venue. There will also be lots of art & beauty with exhibitions, light installations, bars and parties.

    We want to stress the unusually short submission deadline this year: 26 October 2019. No excuses, please.

AMD: CPU Microcode, RADV, Blender Foundation and AMDVLK

Filed under
Graphics/Benchmarks
Linux
  • Updated AMD Zen CPU Microcode Lands In Linux-Firmware Tree

    But as is often the case with new additions to linux-firmware.git, the changes to said microcode/firmware binaries aren't usually described in any level of detail. Though with this Zen CPU microcode update it ultimately shouldn't mean too much assuming you are punctual with your motherboard firmware updates that generally ship with the new AMD CPU microcode revisions, in which case the older (in-tree) firmware isn't loaded.

  • RADV Lands More Fixes + Performance Improvements Into Mesa 19.3

    It's always great waking up and to find RADV improvements in Mesa Git for this open-source Radeon Vulkan driver that is particularly popular with Linux gamers.

    Hitting Mesa 19.3 overnight was re-enabling fast depth/stencil clears with separate aspects for GFX10/Navi. This was disabled before for causing "weird issues" on GFX10 but no longer appears to be the case. This path also works fine when tested with Feral's new Shadow of Mordor Vulkan beta.

  • AMD Joins The Blender Foundation With An Emphasis On Vulkan

    Just earlier this month NVIDIA announced their funding of the Blender Foundation at the flagship "patron" level and now AMD has followed them in backing this foundation for assisting the development of this leading 3D creation software.

    AMD now joins NVIDIA and Epic Games at the patron level, which means contributing at least €120k per year to the foundation.

  • AMDVLK 2019.Q4.1 Vulkan Driver Brings Performance Tuning, Reworked Pipeline Cache

    AMD has been off their weekly release regiment for their open-source AMDVLK Vulkan driver but this morning they issued their first new release in just about one month.

    AMDVLK 2019.Q4.1 is this first AMDVLK source drop for the fourth quarter. Given the four weeks since the last Linux Vulkan driver source update, there have been many changes/improvements. Some of the large work items include supporting host mapped foreign memory (VKI_EXT_HOST_MAPPED_FOREIGN_MEMORY), reworking of its Vulkan pipeline cache and other cache improvements, and tuning the shader performance for F1 2017 and The Talos Principle.

SUSE/OpenSUSE: Name Change, YaST, MicroOS and More

Filed under
SUSE
  • openSUSE project: vote on name change

    The openSUSE project informed it's members by mail to vote for a potential name change. The vote ends on 07.11.2019 at 23:59 UTC. In a Wiki article the openSUSE Board and Election Committee have gathered the most important arguments for and against a name change for all members.

  • Highlights of YaST Development Sprint 87

    As you may know, we have recently extended YaST to support additional encryption mechanisms like volatile encryption for swap devices or pervasive encryption for data volumes. You can find more details in our blog post titled "Advanced Encryption Options Land in the YaST Partitioner".

    Those encryption mechanisms offer the possibility of adjusting the sector size of the encryption layer according to the sector size of the disk. That can result in a performance boost with storage devices based on 4k blocks. To get the best of your systems, we have instructed YaST to set the sector size to 4096 bytes whenever is possible, which should improve the performance of the encrypted devices created with the recently implemented methods.

    Additionally, we took the time to improve the codebase related to encryption, based on the lessons we learned while implementing volatile and pervasive encryption. We also performed some additional tests and we found a problem that we are already fixing in the sprint that has just started.

  • toolbox - bring your own (debugging) utilities with you

    Our Container Host OS openSUSE MicroOS and our Kubernetes platform openSUSE Kubic are both using transactionl-update to apply patches to the system. This implies that a read-only root filesystem is used. While this has big advantages, like it allows to update a cluster automatically in a safe way, this has one drawback: you need to reboot to activate new installed packages. But what if you want to debug a problem and the utility you need is not installed? Who says, that the problem is still debuggable after a reboot?

  • Why software-defined storage is right for the hybrid cloud

    Beyond being an intermediate step, hybrid cloud isn’t particularly well defined. If you took a random selection of three CIOs, they’d each likely explain it differently. It’s a bit like asking three people to imagine a farmyard animal: one thinks “pig”, one thinks “hen” and the other thinks “cow”. All three are right, but all three are imagining something very different. The National Institute of Standards and Technology (NIST) have given us an official hybrid cloud definition but not everyone agrees that this is that helpful. Lauren Nelson, principle analyst at Forrester, described this definition as “far from reality”. We’re at the top of the hype cycle and Nelson was making a fair point: NIST’s definition calls for active bursting from one environment into another, and while most enterprises would see themselves as hybrid, cross environment bursting is in practice nearly as rare as real unicorns.

  • A “Silly Season Blog” – Have Fun with Sapstartsrv and Pacemaker

    This blog is about a funny integration of a plain Linux service into the SAP start framework sapstartsrv and SUSEs High Availability solution based on pacemaker. This solution is not intended to run in productive environments but should demonstrate how to integrate special services.

Red Hat: Universal Base Image (UBI), OpenShift, Enable Sysadmin, Smart Management

Filed under
Red Hat
  • Engineering compatibility with the Red Hat Universal Base Image

    The Red Hat Universal Base Image (UBI) has an end user license agreement which allows partners, customers and community members to deploy it anywhere, but it takes a lot more than a license to create a container base image that's suitable for your enterprise applications. In part, suitability for enterprise deployments comes from the compatibility guarantees of a Linux operating system. No Linux container base image can claim compatibility or supportability everywhere. Compatibility must be engineered into a system like OpenShift, from Kubernetes down to the Linux kernel on the container host.

    People often confuse portability with compatibility. Linux containers are generally considered "portable" because you can often run binaries built for one Linux distribution on another distribution of the same architecture. It's often possible to run containers built from one distribution's userland on another Linux distribution.. This can be described as portability.

    Portability is a design characteristic of operating systems and the filesystems that they use to store files. Engineers have to design this portability into file systems that they work on, it’s not free. But, portability is not the same thing as compatibility.

  • OpenShift 4.2: The New Cluster Overview Dashboard

    Red Hat OpenShift 4.2 is a significant release that brings a number of great enhancements to the Web Console UI, but you’ll notice one of the biggest changes as soon as you log in.

    The Cluster Overview Dashboard is the new default landing page of the OpenShift Console and provides a birds-eye view of your cluster’s current health, inventory, capacity, utilization, and activity to make identifying problems and resolving issues easier and faster.

    This post will briefly cover what this dashboard is made of, but we know from using it ourselves these past few months that static screenshots won’t quite do it justice. We’re really excited for you to try this new dashboard out in your own clusters, and our User Experience Design team would love to hear any feedback and suggestions you have for future improvements.

  • Writing Summary - late summer 2019

    I've done some (ok, very little) writing for opensource.com in the past and I still have some notes for more articles that keep getting pushed aside. This site is almost 10 years old, community driven (with Red Hat Sponsorship), and tries to cover a variety of open topics, products, projects, and distributions.

    This summer, some of the staff from that project switched over to help Red Hat start a new blog for system administrators called Enable Sysadmin. As the name implies it is focused on system administration topics and as a corporate blog it can also be a bit more Red Hat product specific. In addition to a small staff, a few part time contractors, and a number of Red Hat employee contributors, they do accept and encourage community contributions.

  • Red Hat Smart Management October 2019 release

    At Red Hat Summit in May 2019 we introduced Red Hat Smart Management. Red Hat Smart Management combines the flexible and powerful infrastructure management capabilities of Red Hat Satellite with the simplicity of cloud management services for Red Hat Enterprise Linux. It helps users more securely manage any environment supported by Red Hat Enterprise Linux—from physical machines to hybrid multiclouds.

    As IT environments continue to grow in complexity, spanning from enterprise datacenters to multiple public clouds, organizations need management solutions that can keep pace with rapidly changing infrastructure. Traditional management solutions often lack the flexibility and oversight needed to manage today’s IT, which can result in organizations using unintegrated tools and processes and struggling to stay proactive in the face of systems management, security and compliance.

A Raspberry Pi-Like Board and Running a Web Site on Raspberry Pi

Filed under
GNU
Linux
Hardware
  • Google's Raspberry Pi-like Coral: AI board with TPU is ready for business

    Google unveiled its Coral edge kit in March, offering developers a Raspberry Pi-like board with an attachable Google Edge TPU machine-learning accelerator. The kit is aimed at engineers and researchers who want to run TensorFlow models at the edge of a network, outside the data center.

    The Coral Dev Board itself costs $149, which includes a detachable Coral system-on-module (SoM) that can now be bought as a standalone product for $114. The SoM includes Google's Edge TPU with the NXP IMX8M SoC, Wi-Fi and Bluetooth, memory, and storage.

  • The little Raspberry Pi that could (serve a web site)

    Yesterday, I asked folks following me on my Mastodon, if they’d help me blow up my Raspberry Pi Zero W...

Septor 2019.6

Filed under
GNU
Linux
Debian

Tor Browser is fully installed (9.0)
System upgrade from Debian Buster repos as of October 22, 2019
Update Thunderbird to 60.9.0.1
Update Onionshare to 2.2
Update firmwares to 20190114-2
Update openjdk-11-jre to 11.0.5
Update youtube-dl to 2019.10.16

Read more

Syndicate content