Manjaro has finally released a stable version of Manjaro 18.0 also codenamed “Illyria“. Manjaro always provided a lot of lot of emphasis on a user-friendly experience and Illyria is lived upto that to a great extent. The open source operating system is designed in such a way that it work completely out of the box straight away as it comes with a lot of pre-installed software. So once complete the installation of Manjaro 18.0, you don’t need to go installing other software that is needed for your day to day tasks. And Manjaro 18.0 has come out with fixes for a lot of issues and some improvements as well. Manjaro Linux 18.0 is certainly one of the easy-to-use and simple Arch Linux desktop version.

• QOwnNotes 18.11.3

  QOwnNotes is a open source (GPL) plain-text file notepad with markdown support and todo list manager for GNU/Linux, Mac OS X and Windows, that (optionally) works together with the notes application of ownCloud (or Nextcloud). So you are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device (like with CloudNotes) or the ownCloud web-service. The notes are stored as plain text files and you can sync them with your ownCloud sync client. Of course other software, like Dropbox, Syncthing, Seafile or BitTorrent Sync can be used too.

 

• Getting Started with Scilab

• Huawei’s New Stance On Bootloader Lockdown Is An Unpopular One, Here’s How You Can Bypass It

  Let’s start with the basics. What do you mean by a bootloader? In simple words, Bootloader is a piece of code that runs before any operating system is running. Bootloader is used to boot other operating systems and usually each operating system has a set of bootloaders specific to it. Alternatively, the bootloader can start up recovery mode. When a phone is in recovery, it can execute large pieces of code that totally rewrite the Android operating system. The bootloader is important because it loads up both of these pieces of software. Without a working bootloader, your phone is a useless brick. A locked or unlocked bootloader is what gives you access to “root.” “Root” is another big word in the Android community. If you “root” a device, it means you have “superuser” access or “administrator” access to the operating system that runs on your phone. With an unlocked bootloader, you can install boot images that aren’t signed by the device maker. That includes custom images needed to boot an AOSP-based ROM, boot images patched to support Magisk root, and more.

  Now as handy and efficient as this might seem, it’s not a popular option publicised or encouraged by smartphone manufacturers. While companies like OnePlus and Google make it seamless by just having to enable “OEM unlocking” in Developer Options, and then entering a few fastboot (fastboot is a protocol for sending commands from a PC to the bootloader of your device) commands while your phone is in the bootloader menu; companies like Huawei or Honor (Huawei sub-brand) have stopped providing forms for allowing users to unlock their bootloader. That means there’s no longer an official way to get the bootloader unlock code for your Huawei or Honor smartphone or tablet. Nobody has yet figured out how these bootloader unlock codes are generated, so it’s impossible to generate one yourself.

• Google’s Wear OS Version H Announced; Brings Battery Saver Mode

  Google quietly announced its Wear OS Version H (it’s basically version 2.2 of Wear OS) for smart wearables this morning. The new update will be rolled out as a system update and majorly, brings battery llife-related improvements to Wear OS watches.

 

• The Huge Security Problem With C/C++ And Why You Shouldn’t Use It

  Alex Gaynor gives an example of a program that has a list of 10 numbers. Theoretically, in an event where someone asks for the 11th element, the program is expected to show an error of some sort, or at least that’s what a “memory safe” programming language (like Python or Java) would do.

  However, in case of a memory unsafe language like C/C++, the program looks for the 11th element wherever it is supposed to be (if it existed) and accesses its content. This is called a “buffer-overflow” vulnerability that is exploited by bugs like HeartBleed to access up to 60 KB data past the end of a list — that often includes passwords and other sensitive data.

• The Power of Web Components

  As a group, the standards are known as Web Components. In the year 2018 it’s easy to think of Web Components as old news. Indeed, early versions of the standards have been around in one form or another in Chrome since 2014, and polyfills have been clumsily filling the gaps in other browsers.

  After some quality time in the standards committees, the Web Components standards were refined from their early form, now called version 0, to a more mature version 1 that is seeing implementation across all the major browsers. Firefox 63 added support for two of the tent pole standards, Custom Elements and Shadow DOM, so I figured it’s time to take a closer look at how you can play HTML inventor!

  Given that Web Components have been around for a while, there are lots of other resources available. This article is meant as a primer, introducing a range of new capabilities and resources. If you’d like to go deeper (and you definitely should), you’d do well to read more about Web Components on MDN Web Docs and the Google Developers site.

  Defining your own working HTML elements requires new powers the browser didn’t previously give developers. I’ll be calling out these previously-impossible bits in each section, as well as what other newer web technologies they draw upon.

• OpenStack regroups

  Only a few years ago, OpenStack was the hottest open-source project around, with a bustling startup ecosystem to boot. The project, which gives enterprises the tools to run the equivalent of AWS in their own private data centers, ran into trouble as it tried to tackle too many individual projects at the same time and enterprises took longer than expected to adopt it. That meant many a startup floundered or was acquired before it was able to gain traction while the nonprofit foundation that manages the project started to scale back its big tent approach and refocused on its core services.

• SD Times news digest: Docker and MuleSoft’s partnership, ActiveState’s open-source language automation category, and Instana’s automatic Python instrumentation

  Docker and MuleSoft have announced a new partnership to modernize applications and accelerate digital transformation. As part of the partnership, the companies will work together to deliver new capabilities for legacy apps with APIs, legacy apps without APIs and new apps created in Docker. In addition, MuleSoft’s Anypoint platform will be combined with Docker Enterprise.

• ActiveState Creates Open Source Language Automation Category

• New open source cloud discovery tool arrives from Twistlock

  Cloud Discovery connects to cloud providers' native platform APIs to discover services such as container registries, managed Kubernetes platforms, and serverless services, and requires only read permissions. Other key features include:

• Google Open-Sources "Amber" Multi-API Shader Test Framework

  The newest open-source graphics project out of Google is called Amber and it's a multi-API shader testing framework focused on capturing and communicating of shader bugs.

  Google's Amber tries to make it easier to capture/communicate shader bugs with a scripting-based workflow. The captured shaders can be in binary form, SPIR-V assembly, or a higher-level shading language. Amber is currently focused on supporting the Vulkan and Dawn graphics APIs.

• Microsoft allies with Facebook on AI software [Ed: Evil likes/attracts evil. Now they can do their crimes together while blaming "AI". Longtime Microsoft propagandist Jordan Novet has decided to add the Microsoft lie (PR campaign) "Microsoft loves Linux" (in photo form) to an article that has nothing to do with Linux.]

• Microsoft alliance with Facebook signals shift in AI approach

• Samsung Galaxy S9 users can now try out Android Pie – but not in the UK

• Samsung will only allow free themes to be used for 14 days starting with Android 9 Pie update

• The Thunder Purple OnePlus 6T is probably my favorite Android phone of 2018

• Android Without* Google: Where I'm At

• Android vs. iPhone: How To Decide Which Phone To Buy

• Review: HiSense H9E Plus makes Android TV look and sound amazing

• Android introduces new Wear OS update version “H” with new power save feature

• Sony Xperia XZ2 Premium receiving Android 9.0 Pie

• Sony Xperia XZ2 Premium Reportedly Receiving Android 9.0 Pie Update

• Firefox Will Now Show You Data Breach Alert If You Visit Hacked Sites

  Mozilla has announced a new security feature in its Firefox Quantum web browser to alert users when they visit a website that was recently reported in a data breach.

  So if you happen to stumble upon a website that was breached in the past 12 months, Firefox will send you a handy little notification.

  But Mozilla knows better than to throw too many notifications at you, so they have promised that the alerts will “appear at most once per site.”

  After sending you the first notification, Firefox will repeat such an alert only if you visit a site that was breached within the past two months and added to the database of breached sites.

• Russian hackers are accused of infecting three Eastern European companies with malware

• Hackers with Russian Ties Hit 3 E. European Companies: Cyber Security Firm

• Japan's cyber security minister admits he has never used a computer

• Adding Linux To A PDP-11

  The UNIBUS architecture for DEC’s PDPs and Vaxxen was a stroke of genius. If you wanted more memory in your minicomputer, just add another card. Need a drive? Plug it into the backplane. Of course, with all those weird cards, these old UNIBUS PDPs are hard to keep running. The UniBone is the solution to this problem. It puts Linux on a UNIBUS bridge, allowing this card to serve as a memory emulator, a test console, a disk emulator, or any other hardware you can think of.

  The key to this build is the BeagleBone, everyone’s second-favorite single board computer that has one feature the other one doesn’t: PRUs, or a programmable real-time unit, that allows you to blink a lot of pins very, very fast. We’ve seen the BeagleBone be used as Linux in a terminal, as the rest of the computer for an old PDP-10 front panel and as the front end for a PDP-11/03.

• Chrome OS Linux apps will soon be able to access your entire Downloads folder and Google Drive

  Google is working hard to turn Chrome OS into more than just a browser, but a real, functional operating system for consumers of all kinds. Most recently, they’ve invited developers to the platform with Linux app support that enables all of their tools, including Android Studio, to work as expected. Soon, your Chrome OS and Google Drive files will be even more accessible to your Linux apps.

  [...]

  According to a new commit on the Chromium Gerrit, that’s all about to change. The commit primarily pertains to a new dialog that will be shown when sharing ‘root’ folders like My Drive or Downloads with your Chrome OS Linux apps (internally known as Crostini) container. The dialog is intended to forewarn you that sharing a root folder is a bit more serious than just sharing a sub-folder, and to be sure you know what you’re doing.

• Samsung Note 9 and Tab S4 owners can run a full Ubuntu Desktop – Linux on Dex

  We have come a long way as an industry and if this is not one of the biggest milestones in personal computing, I don’t know what else qualifies. Over the past decade of smartphones being around, we have seen an exponential increase in the power that our smartphones pack. I mean, flagships from the past few years spot more RAM and processing power than most laptops out there, but the small form factor has always been a hindrance to the utilization of this power. I mean you can only do so much on a 5.5-inch display.

  Samsung has launched its “Linux on Dex” app in beta and is inviting geeks and tinkerers to register and help test and develop it. The app lets owners of specific Samsung devices “run” a full Ubuntu desktop on their device alongside Android.

Over the 10+ years I've been involved with open source, I've been part of small projects with innovative ideas that grew into large projects with solid communities. I've also witnessed the way dysfunctional communities can suck the energy from projects.

I've also recently become active in blockchain by writing and contributing to projects. I've noticed that blockchain projects are like startups with open development and open business models. Therefore, to be successful, blockchain startups must learn how to build communities the open source way.

Congatec announced two industrial, Linux-ready modules equipped with NXP’s dual- or quad-A35 i.MX8X SoC: the Conga-QMX8X (Qseven) with optional PoE and the Conga-SMX8X (SMARC 2.0) with optional WiFi.

When either Variscite or Congatec announces a computer-on-module based on a new processor, the other company typically follows suit shortly thereafter. After Variscite announced its NXP i.MX8X-based VAR-SOM-MX8X module on Nov. 13, Congatec followed up with a pair of i.MX8X Qseven and SMARC 2.0 modules: the Conga-QMX8X and Conga-SMX8X. None of these COMs have announced ship dates (or prices), so it’s unclear which will arrive first, or whether they’ll be beaten to market by the phyCORE-i.MX 8X module, announced back in March.

Akash is a fan of the GNOME 3 desktop environment. He loves most of the goodies and bells and whistles the OS can throw in for getting basic tasks done.

For practical reasons he prefers a fresh installation as a way of upgrading to the latest Fedora version. He thinks Fedora 29 is arguably the the best workstation out there. Akash says this has been backed up by reviews of various tech evangelists and open source news sites.

Enterprises have embraced the cloud; and now they’re focusing on open source.

Open source lends itself to innovation, something competing enterprises need to seriously tap into, by allowing different developers from across the world to create and modify software to solve current challenges and open new avenues.

To find out more about how open source is venturing into the enterprise community and spurring digital innovation, Information Age spoke to Stephan Fabel, director of product at Canonical, the company behind Ubuntu.

• Raphaël Hertzog: Freexian’s report about Debian Long Term Support, October 2018

  Like each month, here comes a report about the work of paid contributors to Debian LTS.

• OpenStack Summit Berlin 2018, Mark Shuttleworth keynote

  The OpenStack community has, and attracts, amazing people and amazing technology, however, that won’t be meaningful if it doesn’t deliver for everyday businesses. “I say that representing the company which doesn’t just publish Ubuntu and the reference OpenStack distribution on Ubuntu, we actually manage more OpenStack clouds for more different industries, more different architectures than any other company,” said Shuttleworth.

  There are things that have to be right – we have to support every single OpenStack release with upgrades. That means when Stein and Train are released, we will deploy, as part of the test process, Icehouse on 14.04, then deploy workloads on Kubernetes on Icehouse. With that running in the cloud, and without losing a workload, the version is then upgraded up to Mitaka. We then take the running cloud and upgrade to 16.04 under the hood, then upgrade to Queens, then upgrade to 18.04 and on to Rocky, Stein and beyond, as standard.

• Ubuntu Podcast from the UK LoCo: S11E36 – Thirty-Six HoursUbuntu Podcast from the UK LoCo: S11E36 – Thirty-Six Hours

  This week we’ve been resizing partitions. We interview Andrew Katz and discuss open souce and the law, bring you a command line love and go over all your feedback.

  It’s Season 11 Episode 36 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

• How AT&T Is Using OpenStack to Deploy 5G Networks

  The next generation of wireless networks known as 5G is being enabled at AT&T through a series of open source efforts, including the OpenStack cloud platform.

  At the OpenStack Summit in Berlin, Germany, executives from AT&T discussed how they are building out 5G networks and also demonstrated a live 5G phone call running on top of an OpenStack deployment.

  "5G is a revolution. The capabilities that 5G will enable are things that will be a step function increase in latency, in reliability and resiliency with ultra-low latency and at very high speeds." Amy Wheelus, vice president, Network Cloud at AT&T, said. "5G Is really more than just another generation; it's more than just another G, because 5G is going to enable new services, new products, and even new industries that you and I haven't even thought about that today."

  She noted that among the 5G application use cases are smart factories and autonomous vehicles. AT&T also expects that 5G will be used for augmented reality, not just for entertainment, but also for critical functions, such as search and rescue or troubleshooting at the top of a tower.

• OpenStack Expands Focus to Enable Open Infrastructure

  The OpenStack Foundation is no longer exclusively focused on its namesake cloud platform as the open-source effort is now expanding to enable the broader realm of open infrastructure.

  In a video interview at the OpenStack Summit here, Mark Collier, chief operating officer, and Jonathan Bryce, executive director of the OpenStack Foundation, detailed the group's new approach. It's an approach that now includes four pilot projects outside of the core OpenStack cloud platform—the Airship code deployment, Kata containers, StarlingX edge compute and Zuul continuous integration projects.

• [Podcast] PodCTL #55 – Kubernetes as the new Application Server

• Video: The Beginning, Present, and Future of Sysadmins

• Uber Joins the Linux Foundation as a Gold Member

  Uber has been an active and committed member of the open source community, leveraging, contributing, and developing open source solutions across our tech stack since launching our platform nearly 10 years ago. Announced today during Uber Open Summit 2018, we extend our commitment by joining the Linux Foundation as a Gold Member, continuing to support the open source community through the Linux Foundation.

  [...]

  “Open source technology is the backbone of many of Uber’s core services and as we continue to mature, these solutions will become ever more important,” said Thuan Pham, Uber CTO. “The Linux Foundation not only provides homes to many significant open source projects, but also creates an open environment for companies like Uber to work together on developing these technologies. We are honored to join the Linux Foundation to foster greater collaboration with the open source community.”

• CNCF Survey: Cloud Usage in Asia Has Grown 135% Since March 2018 [Ed: They just call every server "cloud" because they call themselves "cloud"]

  The bi-annual CNCF survey takes a pulse of the community to better understand the adoption of cloud native technologies. This is the second time CNCF has conducted its cloud native survey in Mandarin to better gauge how Asian companies are adopting open source and cloud native technologies. The previous Mandarin survey was conducted in March 2018. This post also makes comparisons to the most recent North American / European version of this survey from August 2018.

• AI in the Real World

  We are living in the future – it is just unevenly distributed with “an outstanding amount of hype and this anthropomorphization of what [AI] technology can actually provide for us,” observed Hilary Mason, general manager for machine learning at Cloudera, who led a keynote on “AI in the Real World: Today and Tomorrow,” at the recent Open FinTech Forum.

  [...]

  As progress is made in the development of AI, machine learning and deep learning, there are still things we need to keep in mind, Mason said. “One of the biggest topics in our field right now is how we incorporate ethics, how we comply with expectations of privacy in the practice of data science.”
  She gave a plug to a short, free ebook called “Data Driven: Creating a Data Culture,” that she co-authored with DJ Patil, who worked as chief data scientist for President Barack Obama. Their goal, she said, is “to try and get folks who are practicing out in the world of machine learning and data science to think about their tools [and] for them to practice ethics in the context of their work.”
  Mason ended her presentation on an optimistic note, observing that “AI will find its way into many fundamental processes of the businesses that we all run. So when I say, ‘Let’s make it boring,’ I actually think that’s what makes it more exciting.’”

• Introducing rpm-macros-virtualenv 0.0.1

  This is a small set of RPM macros, which can be used by the spec files to build and package any Python application along with a virtualenv. Thus, removing the need of installing all dependencies via dnf/rpm repository. One of the biggest usecase will be to help to install latest application code and all the latest dependencies into a virtualenv and also package the whole virtualenv into the RPM package.

  This will be useful for any third part vendor/ISV, who would want to package their Python application for Fedora/RHEL/CentOS along with the dependencies. But, remember not to use this for any package inside of Fedora land as this does not follow the Fedora packaging guidelines.

• Program Synthesis is Possible in Rust

  Program synthesis is the act of automatically constructing a program that fulfills a given specification. Perhaps you are interested in sketching a program, leaving parts of it incomplete, and then having a tool fill in those missing bits for you? Or perhaps you are a compiler, and you have some instruction sequence, but you want to find an equivalent-but-better instruction sequence? Program synthesizers promise to help you out in these situations!

  I recently stumbled across Adrian Sampson’s Program Synthesis is Possible blog post. Adrian describes and implements minisynth, a toy program synthesizer that generates constants for holes in a template program when given a specification. What fun! As a way to learn more about program synthesis myself, I ported minisynth to Rust.

• The devil makes work for idle processes

  TLDR: in Endless OS, we switched the IO scheduler from CFQ to BFQ, and set the IO priority of the threads doing Flatpak downloads, installs and upgrades to “idle”; this makes the interactive performance of the system while doing Flatpak operations indistinguishable from when the system is idle.

  At Endless, we’ve been vaguely aware for a while that trying to use your computer while installing or updating apps is a bit painful, particularly on spinning-disk systems, because of the sheer volume of IO performed by the installation/update process. This was never particularly high priority, since app installations are user-initiated, and until recently, so were app updates.

• Rcpp now used by 1500 CRAN packages

  Right now Rcpp stands at 1500 reverse-dependencies on CRAN. The graph is on the left depicts the growth of Rcpp usage (as measured by Depends, Imports and LinkingTo, but excluding Suggests) over time. What an amazing few days this has been as we also just marked the tenth anniversary and the big one dot oh release.

• Python in RHEL 8

  Ten years ago, the developers of the Python programming language decided to clean things up and release a backwards-incompatible version, Python 3. They initially underestimated the impact of the changes, and the popularity of the language. Still, in the last decade, the vast majority of community projects has migrated to the new version, and major projects are now dropping support for Python 2.

  In Red Hat Enterprise Linux 8, Python 3.6 is the default. But Python 2 remains available in RHEL 8.

• How to stand out, and get hired, at Grace Hopper Celebration

  During the 2018 Grace Hopper Celebration of Women in Computing (GHC), attendees flooded the George Brown Convention Center in Houston Texas to network, learn and share information in celebration of women technologists. For students at GHC, the expo hall also doubled as a career fair. Here’s how to stand out when you’re trying to leave GHC with opportunities to chart your own path in technology.

  Recruiters, engineers, scientists and technologists were stationed at company booths to talk about their workplaces. They screened resumes, interviewed candidates and shared their experiences.

  This year I was able to attend GHC for the first time, not as a student seeking a position but as an employee of Red Hat. At Red Hat we do many things differently, interviewing at GHC is one of those things. Red Hat is seeking associates who possess both a strong technical aptitude as well as a passion for our products and services.

• Vim in the Future

   

  I have learned Vim as a programming-centric tool, but I use it for other tasks, too. This post assumes a reader isn’t necessarily a programmer but is curious about how tech things get done.

• Red Hat talks upgrades and bare metal with its new OpenStack Platform

  Red Hat used this week's OpenStack Summit to announce the impending arrival of its OpenStack Platform 14. We had a chat with Red Hat's Nick Barcet about cadence, Kubernetes, and most definitely not IBM.

  It's been a while coming, but Red Hat has taken the latest OpenStack release, Rocky, and folded it into its OpenStack Platform, with version 14 due to hit a waiting world in the next few weeks.

  The goal of Red Hat's take is, as ever, to make life easier for admins tasked with setting up the occasionally challenging OpenStack platform. Simplifying cloud-native application adoption and getting containers on bare metal is the name of the game here.

  OpenShift, of course, gets a look-in as well as Red Hat continues to tightly integrate the container platform with OpenStack to bring more Kubernetes-based goodness to the party. Red Hat has pointed to Gartner research which claimed that 75 per cent of organisations will have either a multi-cloud or hybrid environment by 2020, meaning that OpenStack's private cloud infrastructure is likely to play a part. And Red Hat would be very happy to help set that up for you, for a fee.

• Carahsoft Receives the Red Hat Public Sector Distribution Partner of the Year Award

• Red Hat launches mobile app to enable partners to save time and build connections

• Supporting support: How TAMs bring stronger value to customers by collaborating with support delivery

  Red Hat Technical Account Managers (TAMs) have many responsibilities, all of which center around meeting customers’ needs and ultimately working to help customers succeed. One major responsibility for a TAM is providing support for the products that customers have purchased through subscriptions.

  Each of Red Hat’s products has a skilled and specialized support engineering team, dedicated to provide assistance for Red Hat’s customers. TAM customers receive the added benefit of having someone they know personally standing by, ready to assist them to get issues resolved as quickly as possible. Through close relationships, Technical Account Managers play a key role in providing that necessary support.

• Chrooted Drop Bear SSH Server HowTo

• How to Install Elgg Social Network on Ubuntu 18.04 LTS

• How to find a Word in Vim or vi text editor

• How to install Tomcat 9 on CentOS 7

• Install TLPUI In Ubuntu Or Linux Mint From PPA

• Upgrading Charmed Kubernetes
  

• Video: Solving All the Problems with systemd

• HSTR Makes Searching Your Bash Or Zsh Command History Easy

• RADV Vulkan Driver To Enable Vega Primitive Binning By Default - Helps Performance

  The RadeonSI OpenGL driver offered Vega primitive binning support the past year followed by the RADV Vulkan driver, but it hadn't been enabled by default. Those working on the RADV driver are now planning on unconditionally enabling this Vega performance optimization for up to a few percent performance boost.

  It seems the primitive binning driver support for RADV is mature enough that it can be flipped on by default and at least doesn't appear to be hurting any prominent Vulkan-powered Linux games. Samuel Pitoiset of Valve's Linux driver team sent out the patch today for flipping it on by default. On that patch message he describes this Vega feature as helping out some games by a few percent, "After doing a bunch of benchmarks, primitive binning helps some games like The Talos Principle (+5%) or Serious Sam 2017 (+3%). For other titles, either it doesn't change anything or it hurts very few (less than 1%)."

• NVIDIA 410.78 Linux Driver Fixes Vulkan Corruption, Adds Quadro RTX 4000 Support

  For those using the NVIDIA long-lived 410 Linux driver series over the in-beta 415.xx driver series, the 410.78 driver release is out today as the newest stable binary driver build.

  The NVIDIA 410.78 rolls out with official support for the Quadro RTX 4000 graphics card and a handful of bug fixes. The bug fixes include addressing a possible X Server hang when using legacy VGA mode, mode-setting failure with SDI output, and Vulkan rendering corruption.

• [Mesa-dev] [ANNOUNCE] mesa 18.2.5

  A patch for nine state tracker that fixes several crashes using nine's thread_submit feature. There are other patches to other state trackers.

  A couple of patches for Meson build system, as well as for autotools.

  In the drivers side, there are a couple of fixes for RADV, one regarding subgroups and another regarding conditional rendering. There are also fixes for virgl, r600, and i965.

• Mesa 18.2.5 Brings Fixes For Direct3D 9 State Tracker, RADV Vulkan Driver

  For those sticking to the Mesa stable release train, Mesa 18.2.5 is now available ahead of the Mesa 18.3 quarterly feature release due out in the weeks ahead.

  As is the case for Mesa point releases, Mesa 18.2.5 is geared to deliver the latest bug/regression fixes. this 18.2.5 release has around three dozen changes, including fixes for the Gallium "Nine" D3D9 state tracker when using its thread-submit functionality, Meson build system updates, RADV Vulkan driver fixes, and also some basic fixes/tweaks to the common NIR, Mesa, and Intel code. There is no particular standout prominent fixes unless you were personally affected by one of the bugs.

• Firefox Nightly now with experimental Wayland support

  As of last nightly (20181115100051), Firefox now supports Wayland on Linux, thanks to the work from Martin Stransky and Jan Horak, mostly.

  Before that, it was possible to build your own Firefox with Wayland support (and Fedora does it), but now the downloads from mozilla.org come with Wayland support out of the box for the first time.

  However, being experimental and all, the Wayland support is not enabled by default, meaning by default, you’ll still be using XWayland. To enable wayland support, first set the GDK_BACKEND environment variable to wayland.

• AMD Radeon RX 590 Launches, Linux Support Presumably Okay

  While it comes as no surprise given all the leaks in recent weeks, today AMD officially announced the Radeon RX 590 graphics card as another update to Polaris.

  The new Polaris PCI ID addition we spotted back in September indeed turned out to be for a new high-end Polaris refresh. The Radeon RX 590 is this new high-end Polaris graphics card that is manufactured on a 12nm FinFET process.

• Python and Qt: 3,000 hours of developer insight

  With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences.

  [...]

  The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds.

  I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said.

  After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.

• Inkscape Dark Theme on KDE Plasma

  On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.

• Atelier at Maker Faire and QtCon 2018!

  On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

• Security updates for Thursday

• A Systematic Evaluation of Transient Execution Attacks and Defenses

  [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

• New IoT Security Regulations

  Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

  The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet.

  But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.

• University Researchers Publish Paper On GPU Side-Channel Attacks

  University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown.

  With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

• Announcement: VirtualBox 6.0 Beta 2 released

  Please do NOT use this VirtualBox Beta release on production machines!
  A VirtualBox Beta release should be considered a bleeding-edge release
  meant for early evaluation and testing purposes.

  You can download the binaries here:

  http://download.virtualbox.org/virtualbox/6.0.0_BETA2

  Please do NOT open bug reports at our public bugtracker but use our
  VirtualBox Beta Feedback forum at

  https://forums.virtualbox.org/viewforum.php?f=15

  to report any problems with the Beta. Please concentrate on reporting
  regressions since VirtualBox 5.2!

  Version 6.0 will be a new major release. Please see the forum at

  https://forums.virtualbox.org/viewtopic.php?f=15&t=90315

  for an incomplete list of changes.

  Thanks for your help!
  Michael

• VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder

  Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features.

  VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.