Language Selection

English French German Italian Portuguese Spanish

Development

OpenBSD Development News

Filed under
Development
BSD
  • t2k17 Hackathon report: Ken Westerback on dhclient progress, developer herding
  • A return-oriented programming defense from OpenBSD

    Stack-smashing attacks have a long history; they featured, for example, as a core part of the Morris worm back in 1988. Restrictions on executing code on the stack have, to a great extent, put an end to such simple attacks, but that does not mean that stack-smashing attacks are no longer a threat. Return-oriented programming (ROP) has become a common technique for compromising systems via a stack-smashing vulnerability. There are various schemes out there for defeating ROP attacks, but a mechanism called "RETGUARD" that is being implemented in OpenBSD is notable for its relative simplicity.

    In a classic stack-smashing attack, the attack code would be written directly to the stack and executed there. Most modern systems do not allow execution of on-stack code, though, so this kind of attack will be ineffective. The stack does affect code execution, though, in that the call chain is stored there; when a function executes a "return" instruction, the address to return to is taken from the stack. An attacker who can overwrite the stack can, thus, force a function to "return" to an arbitrary location.

Programming: Survey of build Systems and Remote Imports for Python

Filed under
Development
  • A tale of three build systems

    As you might have noticed, meson is the new kid on the block. Step by step I am currently converting some projects to it, spearheading Shotwell. Since Shotwell only “recently” became an autotools project, you may ask why. Shotwell had a hand-written makefile system. This made some tasks that would have been incredibly easy with autotools, such as mallard documentation handling, more complicated than it should be. Since autotools provides all the nice features that you want for your GNOME environment, it made sense to leverage that.

  • Remote imports for Python?

    Importing a module into a Python program is a pretty invasive operation; it directly runs code in the current process that has access to anything the process can reach. So it is not wildly surprising that a suggestion to add a way to directly import modules from remote sites was met with considerable doubt—if not something approaching hostility. It turns out that the person suggesting the change was not unaware of the security implications of the idea, but thought it had other redeeming qualities; others in the discussion were less sanguine.

Everyone loves programming in Python! You disagree? But it's the fastest growing, says Stack Overflow

Filed under
Development

Python, which ranks consistently as one of the most popular programming languages, is the fastest growing major programming language, according to coding community site Stack Overflow.

Stack Overflow's metric here is visits to website posts tagged "Python" compared to posts tagged with other programming languages – specifically JavaScript, Java, C#, C++ and PHP.

"June 2017 was the first month that Python was the most visited tag on Stack Overflow within high-income nations," said David Robinson, a data scientist at Stack Overflow, in a blog post. "This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time."

Read more

JSON Introduced, Programming Paradigms

Filed under
Development
  • What is JSON? JavaScript Object Notation explained

    JavaScript Object Notation is a schema-less, text-based representation of structured data that is based on key-value pairs and ordered lists. Although JSON is derived from JavaScript, it is supported either natively or through libraries in most major programming languages. JSON is commonly, but not exclusively, used to exchange information between web clients and web servers.

    Over the last 15 years, JSON has become ubiquitous on the web. Today it is the format of choice for almost every publicly available web service, and it is frequently used for private web services as well.

  • Programming Paradigms and the Procedural Paradox

    I'm a collector of perspectives. I think each perspective we have within reach is another option we have to solve problems. We should all learn as many as possible. Each one increases the number and quality of solutions we can create.

    Programming paradigms are different perspectives on solving a problem with software. Each of the paradigms is valuable. But they seem so hard to define. People will discuss endlessly what each paradigm means, trying to be inclusive of what they consider important and what they don't. To take an example, we get definitions of functional programming which are satisfying to the definer but not to everyone. And we get people pointing fingers, saying "that's not real object-oriented programming". These discussions are unsatisfying because they rehash the same tired ideas and never reach any firm conclusions.

BSD: LLVM 5.0.0, Android NDK, FreeBSD/TrueOS

Filed under
Development
BSD

     
     

  • LLVM 5.0.0 Release

    This release is the result of the community's work over the past six months, including: C++17 support, co-routines, improved optimizations, new compiler warnings, many bug fixes, and more.

  • LLVM 5.0 Released With C++17 Support, Ryzen Scheduler, AMDGPU Vega & Much More

    After delays pushed its release back by about one month, LLVM 5.0 was just released a few minutes ago along with its associated sub-projects like the Clang 5.0 C/C++ compiler.

    LLVM 5.0 features a number of improvements to the ARM and MIPS targets, greater support for the POWER ISA 3.0 in the PowerPC target, the initial AMD Ryzen (znver1) scheduler support (already improved in LLVM 6.0 SVN), support for Intel Goldmont CPUs, greater AVX-512 support, improved Silvermont/Sandybridge/Jaguar schedulers, and initial Radeon Vega (GFX9) support within the AMDGPU target.

  • Android NDK r16: Developers Should Start Using LLVM's libc++ With GCC On The Way Out

    Google has announced the availability today of the Android Native Development Kit (NDK) Release 16. This release is worth mentioning in that Google is now encouraging developers to start using libc++ as their C++ standard library.

    Moving forward, Google will only be supporting LLVM's libc++ as the C++ standard library and not supporting other STLs. The Android platform has already been using libc++ since Lollipop and now they are looking to get more application developers using this STL.

  • Google publishes its documentation style guide for developers

    Documentation is often an afterthought — especially for open-source projects. That can make it harder for newcomers to join a project, for example, and sometimes badly written documentation is worse than having no documentation at all. To help developers write better documentation, Google this week opened up its own developer-documentation style guide.

  • Trying Out FreeBSD/TrueOS On The Xeon Scalable + Tyan GT24E-B7106 Platform

    While we have tested a number of Linux distributions on Intel's new Xeon Scalable platform, here are some initial BSD tests using two Xeon Gold 6138 processors with the Tyan GT24E-B7106 1U barebones server.

  • FreeBSD Developers Tackle AMD Zen/Ryzen Temperature Monitoring Before Linux

    While Linux users of AMD's new Zen-based Ryzen/Threadripper/Epyc processors are still waiting for thermal driver support to hit the mainline Linux kernel, FreeBSD developers have already managed to produce the Zen "Family 17h" CPU thermal monitoring support on their own.

    From this FreeBSD bug report, developers have managed to get the AMD CPU temperature monitoring working for Zen processors under Linux with their existing temperature driver.

Programming: Python, DevSecOps Skills Gap, Go Programming, Java EE, GNU Tools Cauldron and GnuCOBOL

Filed under
Development
GNU
  • Improving security through data analysis and visualizations

        

    My last tip is that in recent years, there have been a lot of new tools that make designing nice visualizations much easier. In fact, many really prevent you from creating the disasters that you’d find here: https://www.reddit.com/r/dataisugly/. If you are a Python user, you really should take a look at Seaborn, YellowBrick, and Altair as they are all really impressive libraries.

  • The DevSecOps Skills Gap
  •  

  • How I learned Go Programming

    Go is a relatively new programming language, and nothing makes a developer go crazier than a new programming language, haha! As many new tech inventions, Go was created as an experiment. The goal of its creators was to come up with a language that would resolve bad practices of others while keeping the good things. It was first released in March 2012. Since then Go has attracted many developers from all fields and disciplines.

  • Must go faster, must go faster! Oracle lobs Java EE into GitHub, vows rapid Java SE releases

    Oracle plans to accelerate the pace of Java SE releases – and has moved Java EE's code repository to GitHub in keeping with its avowed desire to step back from managing the beast.

    Java SE has been on a two-year release cycle. That's no longer fast enough, according to Mark Reinhold, chief architect of Oracle’s Java platform group.

    Java competes with other platforms that get updated more often, he explained.

  • GNU Tools Cauldron 2017 Kicks Off Tomorrow

    The annual GNU Tools Cauldron conference focused around the GNU compiler toolchain will kickoff tomorrow, 8 September, in Prague.

  • GnuCOBOL 2.2 Released To Let COBOL Code Live On As C

    For those of you still maintaining COBOL code-bases, GnuCOBOL 2.2 is now available as what was formerly OpenCOBOL and also the project's first stable release in nearly one decade.

    GnuCOBOL has been living under the GNU/FSF umbrella for a few years while today's GnuCOBOL 2.2 release is the first stable release since OpenCOBOL 1.1 back in 2009. (Since then was the GnuCOBOL 1.1 release, but just for renaming the project.)

  • GnuCOBOL 2.2 released

    Version 2.2 of the GNU COBOL compiler is out. Changes include a relicensing to GPLv3, a set of new intrinsic functions, a direct call interface for C functions, and more.

GNOME: GNOME Mutter, GNOME 3.26, and Support more than one Build System (Meson and Autotools)

Filed under
Development
GNOME
  • GNOME Mutter 3.25.92 Adds Built-In Screencast / Remote Desktop Capabilities

    GNOME Mutter 3.25.92 has been released and it incorporates some interesting changes for the end of the GNOME 3.26 development cycle.

  • GNOME 3.26 Desktop Environment Up to RC State, Launches on September 13

    GNOME Project's Javier Jardón announced a few moments ago that the GNOME 3.25.92 milestone of the forthcoming GNOME 3.26 desktop environment is now available for public testing, marking the end of the development cycle.

    GNOME 3.26 has been in development since early April, and it's now up to RC (Release Candidate) state, which means that the development cycle is over and the team will begin preparations for the final release of the highly anticipated desktop environment for GNU/Linux distributions.

  • Support more than one Build System

    I’ve tried to add Meson build system to MyHTML, but fail. They prefer the one is used today. That’s OK.

    Support two build systems increase burden on project maintenance, this is the main reason to reject my pull request and is OK. As for GXml, we have both Autotools and Meson. I’m trying to keep both in sync, as soon as a new file is added, but you may forget one or the other.

    While I use GXml on my Windows programs, I need to make sure it will work properly out of the box, like Autotools does, before to remove the later.

Development Tools: Java IDEs, Qt Creator, C++17

Filed under
Development
  • What is your favorite open source Java IDE?

    That developers have strong opinions about the tools they use is no secret, and perhaps some of the strongest opinions come out around integrated development environments.

    When we asked our community what their favorite Python IDE is, more than 10,000 of you responded. Now, it's time for Java developers to get their turn.

  • Qt Creator 4.4 Open-Source IDE Released with C++ and CMake Improvements, More

    The Qt Company's Eike Ziller announced the release of the Qt Creator 4.4.0 free and open-source IDE (Integrated Development Environment) software for all supported platforms, including GNU/Linux, macOS, and Microsoft Windows.

    More than two months in the making, Qt Creator 4.4 introduces new inline annotations in the build-in editor, which could come in handy if you're using Clang code model or bookmarks, along with the ability for the editor to display Clang errors, bookmarks errors, as well as other warnings at the end of the corresponding text line. The feature can be enabled under Options -> Text Editor -> Display.

  • C++17 Formally Approved, Just Waiting On ISO Publication

    C++17 (formerly C++1z) is ready for its debut. C++17 has been formally approved by its committee and is just waiting on ISO publishing.

    Back in March we reported on "C++17 being done" while work on C++20 is already underway. C++17 hasn't changed since while the last major ballot has now passed with 100% approval and they are now ready to officially publish this latest C++ standard. They just need to make a few editorial comments to the standard for spelling/formatting and then send the firmed up document to the ISO for publishing.

Programming: Java EE, "The Node.js world is imploding" and 'DevOps' Success

Filed under
Development
  • Java EE Is Now Available Via GitHub

    Oracle has been looking to divest somewhat from Java and while OpenJDK has been available for the past decade as open-source, Oracle up to now has kept its hands relatively tight around Java EE. But now it looks like all of Java EE is up on GitHub, though as of writing I have yet to find any official announcement from Oracle.

  • The Node.js world is imploding

    A close-knit tech community has fallen into disarray over a debate that started around a Code of Conduct and quickly spiraled into a referendum on diversity initiatives.

    Ashley Williams, an outspoken advocate for diversity in tech and a member of the Node Foundation Board of Directors, the volunteer leadership organization for the popular open source Node.js technology, is being accused of “hateful speech,” “promoting sex and race based prejudice and stereotypes,” and “promoting violence (homicide) towards men,” according to an anonymous Reddit post that rose to the top of the Node subreddit one week ago.

    Williams, her anonymous critics say, is guilty of the very crime she has railed against: making the community, which is made up of more than 1,500 contributors, less inclusive in ways that violate the community’s code of conduct. Her anonymous critic cited her tweets as evidence, including the time someone tweeted a photo of a contest at the security convention DEF CON with the sarcastic caption: “Hacker Jeopardy. Category is ‘Dicks’. Men play. Women give them beers. Why aren't there more women in security?" and Williams quote-tweeted them with the phrase “kill all men.” This was cited as “Promoting violence (homicide) towards men.”

  • The Forgotten Secret to DevOps Success: Measurement

FOSS Development: Qbs 1.9, Stack Overflow, and GPL Compliance

Filed under
Development
  • Qbs 1.9 released

    Qbs (pronounced “Cubes”) is The Qt Company’s latest build tool, which is planned to be the replacement for qmake in the Qt build system. In addition to its use within Qt, for our customers Qbs will also provide faster build times coupled with a rich feature set in order to reduce build engineering complexity and decrease time to market.

  • Qbs 1.9 Released, Still Advancing To Be The Qt6 Build System

    Besides releasing Qt Creator 4.4 today, The Qt Company also announced the release of Qbs 1.9, the Qt Build System.

  • Cast survey: whatever happened to software accountability?

    Cast this year says it has found that 56% of respondents feel the most important languages to master in the next five years are Java and JavaScript, followed by C++ (38%), Python (35%) and SQL (30%).

    Also as a comment on the open source sphere, Stack Overflow and GitHub are not the preferred destinations for learning.

  • Allegation of Open Source Non-Compliance Leads to Anti-Competitive Practice Lawsuit

    Many of today’s hottest new enterprise technologies – IoT, Healthcare, AI - are centered on open-source technology. The free and open source software movement has moved well out of grassroots into mainstream – and license compliance issues and enforcement have followed.

    Until recently, most instances of open source noncompliance were led by nonprofit entities such as Software Freedom Conservancy, gpl-violations.org or the individual project owners. Compliance disputes were typically resolved without outside government legal processes. However, as open source becomes more widely used, disputes involving private parties have increased.

Syndicate content

More in Tux Machines

today's leftovers

  • [LabPlot] Improved data fitting in 2.5
    Until now, the fit parameters could in principle take any values allowed by the fit model, which would lead to a reasonable description of the data. However, sometimes the realistic regions for the parameters are known in advance and it is desirable to set some mathematical constrains on them. LabPlot provides now the possibility to define lower and/or upper bounds for the fit parameters and to limit the internal fit algorithm to these regions only.
  • [GNOME] Maps Towards 3.28
    Some work has been done since the release of 3.26 in September. On the visual side we have adapted the routing sidebar to use a similar styling as is used in Files (Nautilus) and the GTK+ filechooser.
  • MX 17 Beta 2
  • MiniDebconf in Toulouse
    I attended the MiniDebconf in Toulouse, which was hosted in the larger Capitole du Libre, a free software event with talks, presentation of associations, and a keysigning party. I didn't expect the event to be that big, and I was very impressed by its organization. Cheers to all the volunteers, it has been an amazing week-end!
  • DebConf Videoteam sprint report - day 0
    First day of the videoteam autumn sprint! Well, I say first day, but in reality it's more day 0. Even though most of us have arrived in Cambridge already, we are still missing a few people. Last year we decided to sprint in Paris because most of our video gear is stocked there. This year, we instead chose to sprint a few days before the Cambridge Mini-Debconf to help record the conference afterwards.
  • Libre Computer Board Launches Another Allwinner/Mali ARM SBC
    The Tritium is a new ARM single board computer from the Libre Computer Board project. Earlier this year the first Libre Computer Board launched as the Le Potato for trying to be a libre and free software minded ARM SBC. That board offered better specs than the Raspberry Pi 3 and aimed to be "open" though not fully due to the ARM Mali graphics not being open.
  • FOSDEM 2018 Will Be Hosting A Wayland / Mesa / Mir / X.Org Developer Room
    This year at the FOSDEM open-source/Linux event in Brussels there wasn't the usual "X.Org dev room" as it's long been referred to, but for 2018, Luc Verhaegen is stepping back up to the plate and organizing this mini graphics/X.Org developer event within FOSDEM.
  • The Social Network™ releases its data networking code
    Facebook has sent another shiver running up Cisco's spine, by releasing the code it uses for packet routing. Open/R, its now-open source routing platform, runs Facebook's backbone and data centre networks. The Social Network™ first promised to release the platform in May 2017. In the post that announced the release, Facebook said it began developing Open/R for its Terragraph wireless system, but since applied it to its global fibre network, adding: “we are even starting to roll it out into our data center fabrics, running inside FBOSS and on our Open Compute Project networking hardware like Wedge 100.”
  • Intel Icelake Support Added To LLVM Clang
    Initial support for Intel's Icelake microarchitecture that's a follow-on to Cannonlake has been added to the LLVM/Clang compiler stack. Last week came the Icelake patch to GCC and now Clang has landed its initial Icelake enablement too.
  • Microsoft's Surface Book 2 has a power problem
     

    Microsoft’s Surface Book 2 has a power problem. When operating at peak performance, it may draw more power than its stock charger or Surface Dock can handle. What we’ve discovered after talking to Microsoft is that it’s not a bug—it’s a feature.

Kernel: Linux 4.15 and Intel

  • The Big Changes So Far For The Linux 4.15 Kernel - Half Million New Lines Of Code So Far
    We are now through week one of two for the merge window of the Linux 4.15 kernel. If you are behind on your Phoronix reading with the many feature recaps provided this week of the different pull requests, here's a quick recap of the changes so far to be found with Linux 4.15:
  • Intel 2017Q3 Graphics Stack Recipe Released
    Intel's Open-Source Technology Center has put out their quarterly Linux graphics driver stack upgrade in what they are calling the latest recipe. As is the case with the open-source graphics drivers just being one centralized, universal component to be easily installed everywhere, their graphics stack recipe is just the picked versions of all the source components making up their driver.
  • Intel Ironlake Receives Patches For RC6 Power Savings
    Intel Ironlake "Gen 5" graphics have been around for seven years now since being found in Clarkdale and Arrandale processors while finally now the patches are all worked out for enabling RC6 power-savings support under Linux.

Red Hat: OpenStack and Financial News

Security: Google and Morgan Marquis-Boire

  • Google: 25 per cent of black market passwords can access accounts

    The researchers used Google's proprietary data to see whether or not stolen passwords could be used to gain access to user accounts, and found that an estimated 25 per cent of the stolen credentials can successfully be used by cyber crooks to gain access to functioning Google accounts.

  • Data breaches, phishing, or malware? Understanding the risks of stolen credentials

    Drawing upon Google as a case study, we find 7--25\% of exposed passwords match a victim's Google account.

  • Infosec star accused of sexual assault booted from professional affiliations
    A well-known computer security researcher, Morgan Marquis-Boire, has been publicly accused of sexual assault. On Sunday, The Verge published a report saying that it had spoken with 10 women across North America and Marquis-Boire's home country of New Zealand who say that they were assaulted by him in episodes going back years. A woman that The Verge gave the pseudonym "Lila," provided The Verge with "both a chat log and a PGP signed and encrypted e-mail from Morgan Marquis-Boire. In the e-mail, he apologizes at great length for a terrible but unspecified wrong. And in the chat log, he explicitly confesses to raping and beating her in the hotel room in Toronto, and also confesses to raping multiple women in New Zealand and Australia."