Language Selection

English French German Italian Portuguese Spanish

Debian

Raspbian 2018-11-13 Brings Hardware-Accelerated VLC Media Player

Filed under
Debian

After releasing the Raspberry Pi 3 Model A+ yesterday, the Raspberry Pi Foundation today announced Raspbian 2018-11-13 as the latest update to their Debian-based Linux distribution for these low-cost ARM SBCs.

Most notable with the Raspbian November 2018 update is shipping VLC as its default media player application. The VLC build in Raspbian comes with working hardware acceleration using Broadcom's VideoCore engine for H.264 / MPEG-2 / VC-1 video formats. But the MPEG-2 and VC-1 support requires purchasing the codec licenses.

Read more

Debian and Ubuntu: Raphaël Hertzog's Report, Mark Shuttleworth's Keynote, and Ubuntu Podcast from the UK LoCo

Filed under
Debian
Ubuntu
  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, October 2018

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • OpenStack Summit Berlin 2018, Mark Shuttleworth keynote

    The OpenStack community has, and attracts, amazing people and amazing technology, however, that won’t be meaningful if it doesn’t deliver for everyday businesses. “I say that representing the company which doesn’t just publish Ubuntu and the reference OpenStack distribution on Ubuntu, we actually manage more OpenStack clouds for more different industries, more different architectures than any other company,” said Shuttleworth.

    There are things that have to be right – we have to support every single OpenStack release with upgrades. That means when Stein and Train are released, we will deploy, as part of the test process, Icehouse on 14.04, then deploy workloads on Kubernetes on Icehouse. With that running in the cloud, and without losing a workload, the version is then upgraded up to Mitaka. We then take the running cloud and upgrade to 16.04 under the hood, then upgrade to Queens, then upgrade to 18.04 and on to Rocky, Stein and beyond, as standard.

  • Ubuntu Podcast from the UK LoCo: S11E36 – Thirty-Six HoursUbuntu Podcast from the UK LoCo: S11E36 – Thirty-Six Hours

    This week we’ve been resizing partitions. We interview Andrew Katz and discuss open souce and the law, bring you a command line love and go over all your feedback.

    It’s Season 11 Episode 36 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

Deepin 15.8 - Attractive and Efficient, Excellent User Experience

Filed under
Debian

Deepin is an open source GNU/Linux operating system, based on Linux kernel and desktop applications, supporting laptops, desktops and all-in-ones. deepin preinstalls Deepin Desktop Environment (DDE) and nearly 30 deepin native applications, as well as several applications from the open source community to meet users’ daily learning and work needs. In addition, about a thousand of applications are offered in Deepin Store to meet your more needs. deepin, developed by a professional operating system R&D team and deepin technical community (www.deepin.org), is from the name of deepin technical community - “deepin”, which means deep pursuit and exploration of the life and the future.

Compared with deepin 15.7, the ISO size of deepin 15.8 has been reduced by 200MB. The new release is featured with newly designed control center, dock tray and boot theme, as well as improved deepin native applications, hoping to bring users a more beautiful and efficient experience.

Read more

Limiting the power of package installation in Debian

Filed under
Debian

There is always at least a small risk when installing a package for a distribution. By its very nature, package installation is an invasive process; some packages require the ability to make radical changes to the system—changes that users surely would not want other packages to take advantage of. Packages that are made available by distributions are vetted for problems of this sort, though, of course, mistakes can be made. Third-party packages are an even bigger potential problem because they lack this vetting, as was discussed in early October on the debian-devel mailing list. Solutions in this area are not particularly easy, however.

Lars Wirzenius brought up the problem: "when a .deb package is installed, upgraded, or removed, the maintainer scripts are run as root and can thus do anything." Maintainer scripts are included in a .deb file to be run before and after installation or removal. As he noted, maintainer scripts for third-party packages (e.g. Skype, Chrome) sometimes add entries to the lists of package sources and signing keys; they do so in order to get security updates to their packages safely, but it may still be surprising or unwanted. Even simple mistakes made in Debian-released packages might contain unwelcome surprises of various sorts.

He suggested that there could be a set of "profiles" that describe the kinds of changes that might be made by a package installation. He gave a few different examples, such as a "default" profile that only allowed file installation in /usr, a "kernel" profile that can install in /boot and trigger rebuilds of the initramfs, or "core" that can do anything. Packages would then declare which profile they required. The dpkg command could arrange that package's install scripts could only make the kinds of changes allowed by its profile.

Read more

Debian Packages To Eliminate Vendor-Specific Patches, Affecting Downstreams Like Ubuntu

Filed under
Debian

Debian packages have supported the concept of vendor-specific patches whereby when DPKG unpacks a source package on different operating systems / distributions (such as Debian vs. Ubuntu), different patches could be selectively applied. Ubuntu is one of the main benefactors of this feature while effective immediately these vendor-specific patches to source packages will be treated as a bug and will be unpermitted following the Debian 10 "Buster" release.

This vendor-specific patch behavior for DPKG is mainly to help downstreams of Debian such as Ubuntu (not to be confused with vendor-specific hardware patches, etc). This vendor-specific patching has been used where say Ubuntu wishes to make some customizations to a Debian package that are minor in nature or basic alterations, they could land the changes in upstream Debian as a vendor-specific patch that would then be applied to the source package when building on Ubuntu... But keeping the package unpatched on Debian, or vice-versa. It reduces the maintenance burden for those wanting to selectively make basic changes to a package without having to maintain multiple largely redundant packages.

Read more

Debian in Events: Reproducible Builds and X2Go

Filed under
Debian
  • Chris Lamb: Review: The "Trojan Room" coffee

    I was recently invited to give a seminar at the Cambridge University's Department of Computer Science and Technology on the topic of Reproducible Builds.

  • Results produced while at "X2Go - The Gathering 2018" in Stuttgart

    Over the last weekend, I have attended the FLOSS meeting "X2Go - The Gathering 2018" [1]. The event took place at the shackspace make spacer in Ulmerstraße near S-Bahn station S-Untertürckheim. Thanks to the people from shackspace for hosting us there, I highly enjoyed your location's environment. Thanks to everyone who joined us at the meeting. Thanks to all event sponsors (food + accomodation for me). Thanks to Stefan Baur for being our glorious and meticulous organizer!!!

    Thanks to my family for letting me go for that weekend.

    Especially, a big thanks to everyone, that I was allowed to bring our family dog "Capichera" with me to the event. While Capichera adapted quite ok to this special environment on sunny Friday and sunny Saturday, he was not really feeling well on rainy Sunday (aching joints, unwilling to move, walk interact).

Updated Debian 9: 9.6 released

Filed under
Debian

The Debian project is pleased to announce the sixth update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old stretch media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Read more

Fedora Community and Debian Work

Filed under
Red Hat
Debian

Debian Package Analysis and More

Filed under
Debian

Init system support in Debian

Filed under
Debian

The "systemd question" has roiled Debian multiple times over the years, but things had mostly been quiet on that front of late. The Devuan distribution is a Debian derivative that has removed systemd; many of the vocal anti-systemd Debian developers have switched, which helps reduce the friction on the Debian mailing lists. But that seems to have led to support for init system alternatives (and System V init in particular) to bitrot in Debian. There are signs that a bit of reconciliation between Debian and Devuan will help fix that problem.

The Devuan split was acrimonious, much like the systemd "debate" that preceded it. Many bits were expended in describing the new distribution as a waste of time (or worse), while the loudest Devuan proponents declared that systemd would cause the end of Debian and Linux as a whole. Over time, that acrimony has mostly been reduced to random potshots (on both sides); there is clearly no love lost between the pro and anti sides (whether those apply to systemd, Devuan, or both). Some recent developments have shown that perhaps a bit of thawing in relations is underway—that can only be a good thing for both sides and the community as a whole.

Holger Levsen alerted the debian-devel mailing list that the Debian "Buster" (i.e. Debian 10) release was in danger of shipping with only partial support for running without systemd. The problem is that two packages needed for running with System V init (sysvinit-core and systemd-shim) are not really being maintained. The shim is completely unmaintained and sysvinit-core has been languishing even though it has two maintainers listed.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Programming: Flask, Agile, Rust and Python

  • How to build an API for a machine learning model in 5 minutes using Flask
    As a data scientist consultant, I want to make impact with my machine learning models. However, this is easier said than done. When starting a new project, it starts with playing around with the data in a Jupyter notebook. Once you’ve got a full understanding of what data you’re dealing with and have aligned with the client on what steps to take, one of the outcomes can be to create a predictive model. You get excited and go back to your notebook to make the best model possible. The model and the results are presented and everyone is happy. The client wants to run the model in their infrastructure to test if they can really create the expected impact. Also, when people can use the model, you get the input necessary to improve it step by step. But how can we quickly do this, given that the client has some complicated infrastructure that you might not be familiar with?
  • What is Small Scale Scrum?
    Agile is fast becoming a mainstream way industries act, behave, and work as they look to improve efficiency, minimize costs, and empower staff. Most software developers naturally think, act, and work this way, and alignment towards agile software methodologies has gathered pace in recent years. VersionOne’s 2018 State of Agile report shows that scrum and its variants remain the most popular implementation of agile. This is in part due to changes made to the Scrum Guide’s wording in recent years that make it more amenable to non-software industries.
  • This Week in Rust 269
  • Async IO in Python: A Complete Walkthrough
    Async IO is a concurrent programming design that has received dedicated support in Python, evolving rapidly from Python 3.4 through 3.7, and probably beyond. You may be thinking with dread, “Concurrency, parallelism, threading, multiprocessing. That’s a lot to grasp already. Where does async IO fit in?” This tutorial is built to help you answer that question, giving you a firmer grasp of Python’s approach to async IO.

Security: Updates, Reproducible Builds and More

  • Security updates for Wednesday
  • Reproducible Builds: Weekly report #194
    Here’s what happened in the Reproducible Builds effort between Sunday January 6 and Saturday January 12 2019...
  • ES File Explorer Has A Hidden Web Server; Data Of 500 Million Users At Risk
  • The Evil-Twin Framework: A tool for testing WiFi security
    The increasing number of devices that connect over-the-air to the internet over-the-air and the wide availability of WiFi access points provide many opportunities for attackers to exploit users. By tricking users to connect to rogue access points, hackers gain full control over the users' network connection, which allows them to sniff and alter traffic, redirect users to malicious sites, and launch other attacks over the network.. To protect users and teach them to avoid risky online behaviors, security auditors and researchers must evaluate users' security practices and understand the reasons they connect to WiFi access points without being confident they are safe. There are a significant number of tools that can conduct WiFi audits, but no single tool can test the many different attack scenarios and none of the tools integrate well with one another. The Evil-Twin Framework (ETF) aims to fix these problems in the WiFi auditing process by enabling auditors to examine multiple scenarios and integrate multiple tools. This article describes the framework and its functionalities, then provides some examples to show how it can be used.
  • KDE Plasma5 – Jan ’19 release for Slackware
    Here is your monthly refresh for the best Desktop Environment you will find for Linux. I just uploaded “KDE-5_19.01” to the ‘ktown‘ repository. As always, these packages are meant to be installed on a Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2. It looks like Slackware is not going to be blessed with Plasma5 any time soon, so I will no longer put an artificial limitation on the dependencies I think are required for a solid Plasma5 desktop experience. If Pat ever decides that Plasma5 has a place in the Slackware distro, he will have to make a judgement call on what KDE functionality can stay and what needs to go.

MongoDB "open-source" Server Side Public License rejected

MongoDB is open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL). Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux (RHEL) 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution. Read more