Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 20 Mar 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Games: More on Stadia, OpenXR, Albion Online Roy Schestowitz 20/03/2019 - 11:52am
Story Security: Elsevier Left Users’ Passwords Exposed Online and Norsk Hydro of Norway Got Windows Cracked Roy Schestowitz 20/03/2019 - 11:10am
Story GnuPG 2.2.14 and Kiwi TCMS 6.6 Roy Schestowitz 20/03/2019 - 10:32am
Story Today in Techrights Roy Schestowitz 20/03/2019 - 10:28am
Story Android Leftovers Rianne Schestowitz 20/03/2019 - 10:08am
Story Raspberry Pi 3 Model B+ First Impressions Rianne Schestowitz 20/03/2019 - 10:01am
Story GNOME Desktop: Parental Controls and More Roy Schestowitz 20/03/2019 - 8:25am
Story Android Leftovers Rianne Schestowitz 20/03/2019 - 8:18am
Story Managing changes in open source projects Rianne Schestowitz 20/03/2019 - 8:02am
Story Servers: Google, Kubernetes, Red Hat and SUSE Roy Schestowitz 20/03/2019 - 7:37am

Games: More on Stadia, OpenXR, Albion Online

Filed under
Gaming
  • Stadia, A Gaming Platform From Google

    Google has launched much-anticipated game streaming service Stadia. The announcement was made during the company’s keynote at the GDC (Game Developers Conference) in San Francisco.

  • Vulkan 1.1.105 Adds New Extensions For Google Games Platform (Stadia)

    While Vulkan 1.1.104 was just released on Sunday with new extensions ahead of this week's Game Developers Conference, today marks the availability of Vulkan 1.1.105 with new extensions for the "Google Games Platform", a.k.a. their just announced Stadia cloud game streaming platform.

    Google Games Platform is a new Vulkan platform and dubbed GGP. This Vulkan update comes immediately following Google announcing Stadia as a Linux/Vulkan-powered game streaming platform that sounds quite interesting and will be interesting to learn more over the weeks ahead. Today's Vulkan 1.1.105 update has added the VK_GGP_frame_token and VK_GGP_stream_descriptor_surface extensions.

  • OpenXR from The Khronos Group and Monado from Collabora could unify VR & AR

    The Khronos Group recently announced a provisional specification of OpenXR, a royalty-free open-standard aimed at unifying access to VR and AR (collectively known as XR) devices. Also, Collabora announced Monado, a fully open source OpenXR runtime for Linux.

    [...]

    Sounds like OpenXR is already gaining pretty good industry support too with Epic Games, Microsoft, Oculus, HTC, Tobii, Unity and more giving their backing to it. Hopefully this means it really will become a standard that's actually used preventing more fragmentation. Since no one headset has truly taken over just yet, with so many already throwing their support around for OpenXR it's looking pretty good.

  • The MMO Albion Online is officially going free to play next month

    Sandbox Interactive just announced that their MMO Albion Online, which currently requires an initial purchase to access it is going free to play on April 10th.

    They say their business model isn't changing, with Premium accounts that can be purchased with in-game money or real money, as well as cosmetic items. Free accounts will have full access to everything, since they don't lock any actual content behind any walls with this free to play release.

Security: Elsevier Left Users’ Passwords Exposed Online and Norsk Hydro of Norway Got Windows Cracked

Filed under
Security
  • Education and Science Giant Elsevier Left Users’ Passwords Exposed Online

    It’s not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.

  • Norwegian aluminium firm goes manual after Windows ransomware attack

    Norwegian aluminium maker Norsk Hydro has been under what it describes as "an extensive cyber attack" that has affected several areas of the company's operations. The malware affecting the firm is believed to the LockerGoga ransomware that attacks Windows systems.

  • “Severe” ransomware attack cripples big aluminum producer

    Norsk Hydro of Norway said the malware first hit computers in the United States on Monday night. By Tuesday morning, the infection had spread to other parts of the company, which operates in 40 countries. Company officials responded by isolating plants to prevent further spreading. Some plants were temporarily stopped, while others, which had to be kept running continuously, were switched to manual mode when possible. The company’s 35,000 employees were instructed to keep computers turned off but were allowed to use phones and tablets to check email.

GnuPG 2.2.14 and Kiwi TCMS 6.6

Filed under
Software

Raspberry Pi 3 Model B+ First Impressions

Filed under
Linux

I have always been curious about the tiny computer called Raspberry Pi but I didn’t have the time or opportunity to buy one until now. I got the latest version (Raspberry Pi 3 Model B+) along with bundled accessories from AliExpress for $65. I think it was a good deal considering what I got which I will explain to you later on. But before that and for your convenience, here are some quick facts about Raspberry Pi that I got from Wikipedia...

Read more

GNOME Desktop: Parental Controls and More

Filed under
GNOME
  • Parental controls & metered data hackfest: days 1 & 2

    I’m currently at the Parental Controls & Metered Data hackfest at Red Hat’s office in London. A bunch of GNOME people from various companies (Canonical, Endless, elementary, and Red Hat) have gathered to work out a plan to start implementing these two features in GNOME. The first two days have been dedicated to the parental control features. This is the ability for parents to control what children can do on the computer. For example, locking down access to certain applications or websites.

    Day one began with presentations of the Endless OS implementation by Philip, followed by a demonstration of the Elementary version by Cassidy. Elementary were interested in potentially expanding this feature set to include something like Digital Wellbeing – we explored the distinction between this and parental controls. It turns out that these features are relatively similar – the main differences are whether you are applying restrictions to yourself or to someone else, and whether you have the ability to lift/ignore the restrictions. We’ve started talking about the latter of these as “speed bumps”: you can always undo your own restrictions, so the interventions from the OS should be intended to nudge you towards the right behaviour.

    After that we looked at some prior art (Android, iOS), and started to take the large list of potential features (in the image above) down to the ones we thought might be feasible to implement. Throughout all of this, one topic we kept coming back to was app lockdown. It’s reasonably simple to see how this could be applied to containerised apps (e.g. Snap or Flatpak), but system applications that come from a deb or an rpm are much more difficult. It would probably be possible – but still difficult – to use an LSM like AppArmor or SELinux to do this by denying execute access to the application’s binary. One obvious problem with that is that GNOME doesn’t require one of these and different distributions have made different choices here… Another tricky topic is how to implement website white/blacklisting in a robust way. We discussed using DNS (systemd-resolved?) and ip/nftables implementations, but it might turn out that the most feasible way is to use a browser extension for this.

  • GNOME ED Update – February

    Another update is now due from what we’ve been doing at the Foundation, and we’ve been busy!

    As you may have seen, we’ve hired three excellent people over the past couple of months. Kristi Progri has joined us as Program Coordinator, Bartłomiej Piorski as a devops sysadmin, and Emmanuele Bassi as our GTK Core developer. I hope to announce another new hire soon, so watch this space…

    There’s been quite a lot of discussion around the Google API access, and GNOME Online Accounts. The latest update is that I submitted the application to Google to get GOA verified, and we’ve got a couple of things we’re working through to get this sorted.

Managing changes in open source projects

Why bother having a process for proposing changes to your open source project? Why not just let people do what they're doing and merge the features when they're ready? Well, you can certainly do that if you're the only person on the project. Or maybe if it's just you and a few friends.

But if the project is large, you might need to coordinate how some of the changes land. Or, at the very least, let people know a change is coming so they can adjust if it affects the parts they work on. A visible change process is also helpful to the community. It allows them to give feedback that can improve your idea. And if nothing else, it lets people know what's coming so that they can get excited, and maybe get you a little bit of coverage on Opensource.com or the like. Basically, it's "here's what I'm going to do" instead of "here's what I did," and it might save you some headaches as you scramble to QA right before your release.

Read more

Servers: Google, Kubernetes, Red Hat and SUSE

Filed under
Server
  • Google Open-sources Sandboxed API, a tool that helps in automating the process of porting existing C and C++ code

    Yesterday, the team at Google open-sourced Sandboxed API, a tool that Google has been using internally for its data centers for years. It is a project for sandboxing C and C++ libraries running on Linux systems. Google has made the Sandboxed API available on GitHub.

    Sandboxed API helps coders to automate the process of porting their existing C and C++ code in order to run on top of Sandbox2, which is Google’s custom-made sandbox environment for Linux operating systems. Sandbox2 has also been open-sourced and is included with Sandboxed API GitHub repository.

    Christian Blichmann & Robert Swiecki, from Google’s ISE Sandboxing team, said, “Many popular software containment tools might not sufficiently isolate the rest of the OS, and those which do, might require time-consuming redefinition of security boundaries for each and every project that should be sandboxed.”

  • Google open-sources its Sandboxed API tools for isolating application processes

    Google LLC has open-sourced a new tool for developers that lets them sandbox C and C++ libraries that run on Linux-based operating systems.

    Developed internally by Google, the Sandboxed API has been used in its data centers for several years already, the company said in a blog post Monday announcing the move. Google has made Sandboxed API available to download on GitHub, together with its documentation that describes how to get it up and running.

  • Init Container Build Pattern: Knative build with plain old Kubernetes deployment

    With Kubernetes evolving at supersonic speed and seeing a lot of adoption in the enterprise world, the developer community is now looking for solutions to common Kubernetes problems, such as patterns. In this article, I will explore a new Kubernetes pattern using Init Containers.

    Let’s start with the use case that gave birth to this problem: Quarkus—Supersonic and Subatomic Java—has excited the Java developer community with its amazing speed and all new native build artifact for Java applications. As one of those excited developers, I want to quickly build and deploy a Quarkus application on to Kubernetes.

  • KubeEdge, a Kubernetes Native Edge Computing Framework

    Open source edge computing is going through its most dynamic phase of development in the industry. So many open source platforms, so many consolidations and so many initiatives for standardization! This shows the strong drive to build better platforms to bring cloud computing to the edges to meet ever increasing demand. KubeEdge, which was announced last year, now brings great news for cloud native computing! It provides a complete edge computing solution based on Kubernetes with separate cloud and edge core modules. Currently, both the cloud and edge modules are open sourced.

    Unlike certain light weight kubernetes platforms available around, KubeEdge is made to build edge computing solutions extending the cloud. The control plane resides in cloud, though scalable and extendable. At the same time, the edge can work in offline mode. Also it is lightweight and containerized, and can support heterogeneous hardware at the edge. With the optimization in edge resource utlization, KubeEdge positions to save significant setup and operation cost for edge solutions. This makes it the most compelling edge computing platform in the world currently, based on Kubernetes!

  • Red Hat Security: The Product Security Blog has moved!

    Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog. This move provides a wider variety of important Security topics, from experts all over Red Hat, in a more modern and functional interface. We hope everyone will enjoy the new experience!

  • From virtualization to emerging workloads: How Red Hat and NVIDIA are driving enterprise innovation

    Innovations like artificial intelligence (AI), machine learning (ML) and other emerging workloads present a vision of IT’s future, one where intelligent solutions can more effectively analyze and address evolving business needs. But this vision can be limited by current IT infrastructure, which can often require significant investments in order to enable new workloads.

    One answer to this challenge is through workload acceleration, which uses specialized computational resources, like graphic processing units (GPUs) to tackle intense computing tasks. Established in scientific and research computing, GPUs such as those offered by NVIDIA are now catching the attention of enterprise IT as a technology that can accelerate compute-intensive operations found in data science and AI, extending their reach to a broader range of end users.

  • SUSE Enterprise Storage 6 Beta Program

    SUSE Enterprise Storage 6, the upcoming release from SUSE, enables IT organizations to seamlessly adapt to changing business demands while reducing IT operational expense with new features focused on containerized and cloud workload support, improved integration with public cloud and enhanced data protection capabilities. This release of SUSE Enterprise Storage will be available for first customer ship in early June. However, you can download a BETA version today and give release 6 a test drive. It is built on the upstream Ceph release: Nautilus and updated to run on SUSE Linux Enterprise Server 15 SP1 BETA. There are a lot of new features in SUSE Enterprise Storage 6.

  • From Paris with Love

    Last week, I had the great pleasure of being among the team representing SUSE at HPE’s Technology and Solutions Summit (aka HPE TSS) in Paris. HPE’s largest and most comprehensive technical and solutions knowledge transfer event is aimed at presales consultants and solutions architects from HPE and their partners, bringing together teams from within HPE and their partner community all with the aim of sharing knowledge about their products and services.

    Around 3,000 delegates converged upon the City of Lights to learn, exchange ideas and have a little fun in the city that is home to Notre Dame Cathedral, the Louvre Museum, the legendary Eiffel Tower, and of course the many creperies serving up delicious treats to hungry visitors!

Development on Devices: Aaeon, Nageru on GPUs, CircuitPython Hacking by Keith Packard, Coreboot and More

Filed under
Development
  • Latest UP board combines Whiskey Lake with AI Core X modules

    Aaeon has posted specs for a Linux-ready “UP Xtreme” SBC with a 15W, 8th Gen Whiskey Lake-U CPU, up to 16GB DDR4 and 128GB eMMC, 2x GbE, 6x USB, SATA, and optional AI Core X modules via M.2 and mini-PCIe.

    Aaeon’s community-backed UP project, which most recently brought us the Intel Apollo Lake based Up Squared and UP Core Plus SBCs, has announced an UP Xtreme hacker board built around Intel’s 8th Gen Whiskey Lake U-series Core processors. This is likely the fastest open-spec, community-backed SBC around, depending on your definition.

  • When your profiler fools you

    If you've been following my blog, you'll know about Nageru, my live video mixer, and Futatabi, my instant replay program with slow motion. Nageru and Futatabi both work on the principle that the GPU should be responsible for all the pixel pushing—it's just so much better suited than the CPU—but to do that, the GPU first needs to get at the data.

    Thus, in Nageru, pushing the data from the video card to the GPU is one of the main CPU drivers. (The CPU also runs the UI, does audio processing, runs an embedded copy of Chromium if needed—we don't have full GPU acceleration there yet—and not the least encodes the finished video with x264 if you don't want to use Quick Sync for that.) It's a simple task; take two pre-generated OpenGL textures (luma and chroma) with an associated PBO, take the frame that the video capture card has DMAed into system RAM, and copy it while splitting luma from chroma. It goes about as fast as memory bandwidth will allow.

    [...]

    Seemingly after a little more tuning of freelist sizes and such, it could sustain eight 1080p59.94 MJPEG inputs, or 480 frames per second if you wanted to—at around three cores again. Now the profile was starting to look pretty different, too, so there were more optimization opportunities, resulting in this pull request (helping ~15% of a core). Also, setting up the command buffers for the GPU copy seemingly takes ~10% of a core now, but I couldn't find a good way of improving it. Most of the time now is spent in the original memcpy to NVIDIA buffers, and I don't think I can do much better than that without getting the capture card to peer-to-peer DMA directly into the GPU buffers (which is a premium feature you'll need to buy Quadro cards for, it seems). In any case, my original six-camera case now is a walk in the park (leaving CPU for a high-quality x264 encode), which was the goal of the exercise to begin with.

    So, lesson learned: Sometimes, you need to look at the absolutes, because the relative times (which is what you usually want) can fool you.

  • Keith Packard: metro-snek

    When I first mentioned Snek a few months ago, Phillip Torrone from Adafruit pointed me at their Metro M0 board, which uses an Arduino-compatible layout but replaces the ATMega 328P with a SAMD21G18A. This chip is an ARM Cortex M0 part with 256kB of flash and 32kB of RAM. Such space!

    Even though there is already a usable MicroPython port for this board, called CircuitPython, I figured it would be fun to get Snek running as well. The CircuitPython build nearly fills the chip, so the Circuit Python boards all include an off-chip flash part for storing applications. With Snek, there will be plenty of space inside the chip itself for source code, so one could build a cheaper/smaller version without the extra part.

  • Intel Working On Some Interesting Coreboot Improvements: Multi-CPU Support, SMM

    Last week during Facebook's Open Compute Project (OCP) Summit, some interesting details were revealed by Intel and their work on this open-source hardware initialization effort alternative to proprietary BIOS/firmware.

    One is that Intel is working on multi-CPU support within Coreboot for multi-socket server platforms. The code for this has yet to be published.

  • gym-gazebo2 toolkit uses ROS 2 and Gazebo for reinforcement learning

    The first gym-gazebo was a successful proof of concept, which is being used by multiple research laboratories and many users of the robotics community. Given its positive impact, specially regarding usability, researchers at Acutronic Robotics have now freshly launched gym-gazebo2.

Sway – A Tiling Wayland i3-Compatible Compositor

Filed under
GNU
Linux

I have covered window tiling editors/managers previously with apps like herbstluftwm and Tilix so check them out if you haven’t already.

Sway is a free and open source tiling Wayland compositor that is compatible with the i3 window manager, uses the same configuration syntax, and works with most of the software designed for i3.

Sway makes use of all the available space on your screen and automatically adjusts window sizes as you open more apps and you can navigate between apps with your keyboard.

App windows can be arranged horizontally, vertically, stacked, or tabbed and you can change their size as well as split windows into containers of several windows all without touching your mouse. You could, however, use your mouse to rearrange windows and even take windows out of the tiling grid and manipulate them.44

Read more

Graphics: RADV/Radeon and Nvidia Ray-Tracing Demos

Filed under
Graphics/Benchmarks
  • RADV Vulkan Driver Gets Patches For VK_KHR_8bit_storage

    The Mesa Radeon "RADV" Vulkan driver has a series of patches pending for introducing VK_KHR_8bit_storage support.

    Rhys Perry of the Nouveau crowd worked on the VK_KHR_8bit_storage support for RADV back in February while it's now being carried forward by Valve Linux developer Samuel Pitoiset. The VK_KHR_8bit_storage extension as implied by the name allows for using 8-bit types in uniform and storage buffers as well as push constant blocks.

  • xf86-video-ati / xf86-video-amdgpu 19.0.1 Released To Better Deal With DP MST Displays

    Radeon DDX wrangler Michel Dänzer of AMD has announced the releases today of xf86-video-amdgpu 19.0.1 and the xf86-video-ati 19.0.1 release for older Radeon hardware.

    The lone change with the xf86-video-amdgpu X.Org driver update is support for the RandR output tile properties in better dealing with DisplayPort Multi-Stream Transport (DP MST) displays. This was the change that landed last week in these X.Org drivers and ushering out these new point releases to ship this support finally -- years after the support was added to the X.Org Server and xf86-video-modesetting.

  • Nvidia ray traces the heck out of Quake II… launching for free in April

    Nvidia has been working behind the scenes on Q2VKPT with creator Christoph Schied to build Quake II RTX: a cutting-edge reimagining of the old school classic. While Schied has been working on a ray-traced version of Quake II for some time, and doing a grand job of it too, Nvidia has lent its expertise to bring the classic shooter into 2019 and utilise all that ray tracing has to offer.

Games: GNU/Linux-powered Stadia, Humble Curve Digital Bundle and More on GNU/Linux-powered Atari VCS

Filed under
Gaming
  • Google announce ‘Stadia’, their new cloud gaming service built on Linux and Vulkan

    Google have now finally unveiled their new cloud gaming service named Stadia, offering instant access to play games in Google Chrome.

    What they joked was the worst-kept secret in the industry (no kidding), sounds like quite an interesting service. Certainly one that could eventually end up redefining what gaming is. A little hyperbolic maybe? I'm not so sure considering how easy this should be to jump into a game. On top of that, they very clearly talked about how it's built on Linux (Debian specifically) and Vulkan with custom GPUs from AMD.

  • Google’s Stadia Is “Netflix For Games” — Play Any Game Without Installation

    everaging the network of its highly efficient and scalable server infrastructure, Google has finally launched its much-anticipated game streaming service called Stadia. The announcement took place at the company’s keynote at the Game Developers Conference in San Francisco.

  • Stadia is Google’s New Gaming Service Powered by Linux & Open-Source Tech

    Stadia, a brand new game streaming service from Google, has been revealed — and it’s powered by open source technology.

    Long rumoured, but only formally announced at Games Developer Conference (GDC) 2019, the cloud gaming service promises to let gamers game from pretty much anywhere they want.

    There’s no Stadia console; no box you buy and hook up to your TV. Instead, games run from a datacenter and are streamed to you via the internet. Games can be streamed at up to 4k at 60fps, depending on your connection, of course.

    So folks, the dream of playing AAA games on Stadia on your crummy downstairs TV; your mid-range Android; or a potato laptop running Linux and Google Chrome, is now real.

  • Stadia Is Google's Cloud Gaming Service Using Linux, Vulkan & A Custom AMD GPU

    Google used the annual Game Developers Conference (GDC 2019) to officially unveil "Stadia" as their cloud-based game streaming service formerly known as Project Stream.

    To little surprise these days, the Google Stadia streaming service is built on Linux servers. Also to not a lot of surprise, Vulkan is their graphics API of choice for streaming right now up to 4K at 60FPS while they plan to expand to 8K at 120FPS in the future.

  • The Humble Curve Digital Bundle is out with four nice Linux games

    Now that the dust has settled on the Google Stadia news, here's something entirely different: the Humble Curve Digital Bundle.

  • Atari VCS Release Delayed – But There’s a Good Reason Why

    Remember the Atari VCS, aka the crowd-funded Linux-based games console that is totally not vapourware and will absolutely be released?

    Well, its release just got delayed.

    Those who backed the (very successful) IndieGoGo campaign won’t receive their units until late 2019 at the earliest. The console had originally planned to ship to backers in the summer of 2019, and go on general sale soon after.

    But although this delay is disappointing development for fans of this particular vintage gaming icon, there is an upside.

    Yup, it turns there is a very good reason for the delay…

Google Removed the KDE Connect App from the Play Store (Update: It’s Back)

Filed under
KDE
Google

The official KDE Connect Android app was briefly removed from the Google Play Store for “violating” app permission policies.

Google yanked the phone-side companion app, which works with desktop tools like GSconnect, from its Android app store on March 19. It said the app did not adhere to its new rules on apps that can access to SMS messages.

Read more

Debian members afraid to make or propose change, says leadership contender

Filed under
Debian

Michlmayr made the comments as part of his platform for the leadership elections; he and four others are contesting for leader of the project, with the campaigning period running until 6 April. Nominees also take part in online debates as part of pushing their claims to the post of leader.

He said that he had not been active in Debian of late but believed that the role of DPL should have three sides to it: administrator, facilitator and leader.

Having been the DPL in 2003 and 2004, Michlmayr said he was familiar with the role. "If I didn't believe in Debian, I wouldn't run in this DPL election. I acted as DPL before and know how difficult being the DPL can be sometimes. Yes, I see severe problems in Debian, but I firmly believe that together we can solve them!" he added.

Read more

Security: Updates, Trust, IPFire 2.21 and Superuserss

Filed under
Security
  • 40 Linux Server Hardening Security Tips [2019 edition]
  • Why Trust Is Key for Cyber-Security Risk Management

    "Trust" is an often-overused term, but according to Rohit Ghai, president of RSA Security, trust is the key to understanding and managing digital risk.

    In a video interview with eWEEK, Ghai discusses his views on trust, where the concept of an artificial intelligence "digital twin" fits in and why there could well be a need to redefine industry cyber-security categories to better reflect how risk management technologies should work. He also provides insight into how RSA Security's products, including Archer, Netwitness and SecurID, fit together to help organizations provide trust and manage risk.

    "As long as we pay attention to the idea of risk and trust co-existing and taking a risk orientation to security, I think we'll be fine," Ghai said. "Trust is important. We are living in an era where people are losing faith or trust in technology, and we have to act now to restore it."

  • IPFire 2.21 - Core Update 129 is ready for testing

    The next release is available for testing - presumably going to be last release in the 2.21 series before we bring some bigger changes. This update has a huge number and significant changes for IPsec as well as many updates to the core system and various smaller bug fixes.

  • Superuser accounts: What they are and how to secure them

    Most security technologies are helpless in protecting against superusers because they were developed to protect the perimeter – but superusers are already on the inside. Superusers may be able to change firewall configurations, create backdoors and override security settings, all while erasing traces of their activity.

    Insufficient policies and controls around superuser provisioning, segregation and monitoring further heighten risks. For instance, database administrators, network engineers and application developers are frequently given full superuser-level access. Sharing of superuser accounts among multiple individuals is also a rampant practice, which muddles the audit trail. And in the case of Windows PCs, users often log in with administrative account privileges –far broader than what is needed.

Python Programming Leftovers

Filed under
Development

New From RMS: Install Fests: What to Do about the Deal with the Devil

Filed under
GNU
Linux

Install fests invite users to bring their computers so that experts can install GNU/Linux on them. This is meant to promote the idea of free software as well as the use of free software. In practice, these two goals conflict: users that want to reject nonfree software entirely need to choose their computers carefully to achieve that goal.

The problem is that most computers can't run with a completely free GNU/Linux distro. They contain peripherals, or coprocessors, that won't operate unless the installed system contains some nonfree drivers or firmware. This happens because hardware manufacturers refuse to tell us how to use their products, so that the only way to figure out how is by reverse engineering, which in most cases has not yet been done.

This presents the install fest with a dilemma. If it upholds the ideals of freedom, by installing only free software from 100%-free distros, partly-secret machines won't become entirely functional and the users that bring them will go away disappointed. However, if the install fest installs nonfree distros and nonfree software which make machines entirely function, it will fail to teach users to say no for freedom's sake. They may learn to like GNU/Linux, but they won't learn what the free software movement stands for. In effect, the install fest makes a tacit deal with the devil that suppresses the free software movement's message about freedom and justice.

The nonfree software means the user sacrifices freedom for functionality. If users had to wrestle with this choice, they could draw a moral lesson from it, and maybe get a better computer later. But when the install fest makes the compromise on the user's behalf, it shelters the user from the moral dimension; the user never sees that something other than convenience is at stake. In effect, the install fest makes the deal with the devil, on the user's behalf, behind a curtain so the user doesn't recognize that it is one.

I propose that the install fest show users exactly what deal they are making. Let them talk with the devil individually, learn the deal's bad implications, then make a deal—or refuse!

As always, I call on the install fest itself to install only free software, taking a strict stance. In this way it can set a clear moral example of rejecting nonfree software.

My new idea is that the install fest could allow the devil to hang around, off in a corner of the hall, or the next room. (Actually, a human being wearing sign saying “The Devil,” and maybe a toy mask or horns.) The devil would offer to install nonfree drivers in the user's machine to make more parts of the computer function, explaining to the user that the cost of this is using a nonfree (unjust) program.

Read more

Also: RMS article: "Install fests: What to do about the deal with the devil"

Syndicate content

More in Tux Machines

Today in Techrights

Android Leftovers

Raspberry Pi 3 Model B+ First Impressions

I have always been curious about the tiny computer called Raspberry Pi but I didn’t have the time or opportunity to buy one until now. I got the latest version (Raspberry Pi 3 Model B+) along with bundled accessories from AliExpress for $65. I think it was a good deal considering what I got which I will explain to you later on. But before that and for your convenience, here are some quick facts about Raspberry Pi that I got from Wikipedia... Read more

GNOME Desktop: Parental Controls and More

  • Parental controls & metered data hackfest: days 1 & 2
    I’m currently at the Parental Controls & Metered Data hackfest at Red Hat’s office in London. A bunch of GNOME people from various companies (Canonical, Endless, elementary, and Red Hat) have gathered to work out a plan to start implementing these two features in GNOME. The first two days have been dedicated to the parental control features. This is the ability for parents to control what children can do on the computer. For example, locking down access to certain applications or websites. Day one began with presentations of the Endless OS implementation by Philip, followed by a demonstration of the Elementary version by Cassidy. Elementary were interested in potentially expanding this feature set to include something like Digital Wellbeing – we explored the distinction between this and parental controls. It turns out that these features are relatively similar – the main differences are whether you are applying restrictions to yourself or to someone else, and whether you have the ability to lift/ignore the restrictions. We’ve started talking about the latter of these as “speed bumps”: you can always undo your own restrictions, so the interventions from the OS should be intended to nudge you towards the right behaviour. After that we looked at some prior art (Android, iOS), and started to take the large list of potential features (in the image above) down to the ones we thought might be feasible to implement. Throughout all of this, one topic we kept coming back to was app lockdown. It’s reasonably simple to see how this could be applied to containerised apps (e.g. Snap or Flatpak), but system applications that come from a deb or an rpm are much more difficult. It would probably be possible – but still difficult – to use an LSM like AppArmor or SELinux to do this by denying execute access to the application’s binary. One obvious problem with that is that GNOME doesn’t require one of these and different distributions have made different choices here… Another tricky topic is how to implement website white/blacklisting in a robust way. We discussed using DNS (systemd-resolved?) and ip/nftables implementations, but it might turn out that the most feasible way is to use a browser extension for this.
  • GNOME ED Update – February
    Another update is now due from what we’ve been doing at the Foundation, and we’ve been busy! As you may have seen, we’ve hired three excellent people over the past couple of months. Kristi Progri has joined us as Program Coordinator, Bartłomiej Piorski as a devops sysadmin, and Emmanuele Bassi as our GTK Core developer. I hope to announce another new hire soon, so watch this space… There’s been quite a lot of discussion around the Google API access, and GNOME Online Accounts. The latest update is that I submitted the application to Google to get GOA verified, and we’ve got a couple of things we’re working through to get this sorted.