Language Selection

English French German Italian Portuguese Spanish

Microsoft

A Look At The Windows 10 vs. Linux Power Consumption On A Dell XPS 13 Laptop

Filed under
GNU
Graphics/Benchmarks
Linux
Microsoft

With the current-generation Dell XPS 13 XPS9370-7002SLV currently being tested at Phoronix, one of the areas I was most anxious to benchmark was the power consumption... For years it has been a problem of Linux on laptops generally leading to less battery life than on Windows, but in the past ~2+ years there has been some nice improvements within the Linux kernel and a renewed effort by developers at Red Hat and elsewhere on improving the Linux laptop battery life. Here are some initial power consumption numbers for this Dell XPS 13 under Windows 10 and then various Linux distributions.

The Dell XPS 13.3-inch laptop for testing features the Intel Core i7 8550U (quad-core + HT) CPU with UHD Graphics 620, 2 x 4GB RAM, 256GB PM961 NVMe Samsung SSD, and its panel is a 1920 x 1080 resolution. For some initial basic tests I ran Windows 10 out-of-the-box and compared that to fresh installs of Ubuntu 18.04 LTS, Fedora Workstation 28, openSUSE Tumbleweed, and Clear Linux.

Read more

Openwashing and Microsoft

Filed under
Microsoft
OSS

Microsoft, the NSA, and GitHub

Filed under
Gentoo
Microsoft
Security
  • Gentoo hacker's code changes unlikely to have worked

    Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

    Gentoo's Github account was compromised in late June.

    The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

    Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

  • NSA Exploit "DoublePulsar" Patched to Work on Windows IoT Systems

    An infosec researcher who uses the online pseudonym of Capt. Meelo has modified an NSA hacking tool known as DoublePulsar to work on the Windows IoT operating system (formerly known as Windows Embedded).

    The original DoublePulsar is a hacking tool that was developed by the US National Security Agency (NSA), and was stolen and then leaked online by a hacking group known as The Shadow Brokers.

    At its core, DoublePulsar is a Ring-0 kernel mode payload that acts like a backdoor into compromised systems. DoublePulsar is not meant to be used on its own, but together with other NSA tools.

  • Predictable password blamed for Gentoo GitHub organisation takeover [Ed: when Microsoft takes over the NSA gets all these passwords. (NSA PRISM)]

    Gentoo has laid out the cause and impact of an attack that saw the Linux distribution locked out of its GitHub organisation.

    The attack took place on June 28, and saw Gentoo unable to use GitHub for approximately five days.

    Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble.

The 17 years since the Microsoft antitrust case taught us that regulation can spur innovation

Filed under
Microsoft

Seventeen years ago today (June 28), the world’s richest man breathed a sigh of relief.

Bill Gates and Microsoft, the company he dropped out of Harvard to found 25 years prior, were embroiled in a multiyear lawsuit with the US government over antitrust claims. The justice department argued that Windows’s dominance of the computer operating system market let Microsoft unfairly favor its other products, like Internet Explorer.

(If that sounds familiar, similar allegations were made against Google, which was slapped with a $2.7 billion fine from the European Union last year for using its search tool to favor its Google Shopping results over competitors’.)

In June of 2000, a judge in the US district court for the District of Columbia ruled that Microsoft should be broken up into two separate units—one for Microsoft’s operating system and another for its software products. In June of 2001, an appeals court disagreed.

Read more

Goodbye, Microsoft: Deleting Github and Azure

Filed under
Development
Server
Microsoft
  • Why GitLab Is Moving From Azure to Google Cloud Platform

    To old timers in the open source game, it might come as a surprise that a company like GitLab that's proud of it's open source roots would be using Azure to begin with. After all, wasn't distrust of Microsoft's ownership of GitHub the reason behind the mass exodus to GitLab earlier this month? While a "new" and more open source friendly Microsoft was undoubtedly one of the reasons why GitLab would even consider the move to Redmond's cloud -- the motivating factor was money.

  • postmarketOS is #movingtogitlab

    After learning that Microsoft will buy GitHub at the end of 2018, for a lot of people trust in GitHub was shattered like the glass of @opendata26's Sony Xperia Z2 Tablet. But independent of that, GitHub has always had a vendor lock-in with the user's issues and pull requests hidden behind a rate limited API instead of a proper export feature. And even if you managed to export it through that API, you can not host your own GitHub instance and modify it as you like because there is not even a partially open source version of it.

    We want to be in control of our own data. While we can't maintain a self-hosted solution at this point, at least we want to be able to create a public backup of all our > 1500 issues and pull requests once a week. After some discussion we ended up with gitlab.com as alternative, because its API allows to create a whole backups at once and we can import them into our own instance if we want to do that in the future. The workflow is similar to GitHub, so we expect a rather smooth transition compared to using something entirely different.

Amazon Spying on GNU/Linux, Microsoft and the Usual Abuses

Filed under
GNU
Linux
Microsoft
  • Amazon adds cloudy Linux desktops to encourage developers to code for EC2

    Amazon Web Services has added a Linux option to its “WorkSpaces” desktop-as-a-service and pitched the offering as a fine way to develop apps for its own EC2 infrastructure-as-a-service.

    The new desktops run Amazon Linux 2 and includes Firefox, the Evolution email and calendar app, Pidgin for chat and Libre Office for getting stuff done. It’s all based on the MATE desktop environment.

  • Microsoft Women Suing Over Bias Denied Class-Action Status

    U.S. District Judge James L. Robart issued a sealed order Monday denying class certification, without elaborating. The Seattle judge said the ruling won’t be made be public until both sides tell him what needs to be redacted, or kept private.

    The denial deals a near-death blow to the lawsuit filed by three women on behalf of a proposed class of more than 8,630 high-level technical specialists.

  • Judge deals blow to women suing Microsoft over gender discrimination

    In a class certification motion unsealed in March, three Microsoft employees—Katherine Moussouris, Holly Muenchow, and Dana Piermarini—laid out their evidence that Microsoft's corporate culture is systematically hostile to female employees.

  • Tech Employees Revolting Over Government Contracts Reminds Us That Government Needs Tech More than Tech Needs Government

    While we were still in the middle of the heat storm over Donald Trump's decision to enact a zero tolerance border policy that resulted in children being separated from their parents at the border in far greater numbers than previous administrations, there was some interesting background coverage about the employees and customers of big tech companies like Microsoft receiving backlash for contracting with ICE. While much of that backlash came from outside those companies, there was plenty coming from within as well. Microsoft in particular saw throngs of employees outraged that the technology they had helped to develop was now being turned on the innocent children of migrants and asylum-seekers.

  • Open Source TypeScript Cracks Top 100 in TIOBE Programming Language Popularity Report [Ed: Microsoft-connected sites promoting and openwashing a Microsoft-controlled programming language that's irrelevant and virtually nobody uses]

Proprietary Traps and Bait

Filed under
Microsoft
  • Golden Frog VyprVPN (for Linux) [Ed: It's proprietary. Never touch anything proprietorial, certainly not VPN. They probably log, defeating the very purpose of the VPN]
  • Happy birthday, you lumbering MS-DOS-based mess: Windows 98 turns 20 today

    Windows 98 turns 20 today. However, rose-tinted spectacles still don't make a hybrid 16 and 32 bit OS tottering on top of MS-DOS any more appealing.

    While Windows NT 4.0 pointed to a future free from MS-DOS, the majority of the Windows user base simply did not have the hardware to run much more than a jumped-up version of Windows 95. Thus Windows 98 appeared to bridge the gap.

    Codenamed Memphis, the first beta of Windows 98 arrived in 1996 with the final Release To Manufacturing (RTM – remember those?) version appearing two years later. USB support came as standard (and memorably exploded live on stage) along with a range of functions intended as a nod to that World Wide Web thing. Applications such as Outlook Express, FrontPage Express and a personal web server appeared as part of the installation.

  • ​GitLab moves from Azure to Google Cloud Platform

    Andrew Newdigate, GitLab's Google Cloud Platform Migration Project Lead, explained GitLab was making the move to improve the service's performance and reliability.

    Specifically, the company is making the move because it believes Kubernetes is the future. Kubernetes "makes reliability at massive scale possible." GCP was their natural choice because of this desire to run GitLab on Kubernetes. After all, Google invented Kubernetes, and GKE has the most robust and mature Kubernetes support.

Microsoft Mischief and GitLab's Escape From Microsoft

Filed under
Microsoft
  • Microsoft Buys GitHub: Three Weeks Later

    I heard that Microsoft would be buying GitHub just a couple days before it happened when Carlie Fairchild at Linux Journal told me about it. I replied to the news with a solid, “Get! Out!” Needless to say, I had my doubts. As someone who remembers all too well the “Embrace, extend and extinguish" days of Microsoft, the news of this latest embrace did, however briefly, bring back those old memories. When I was asked what I thought, I answered that the optics were bad.A lot of years have passed since, back in 2001, Steve Ballmer declared Linux to be a cancer. These days, Microsoft loves Linux. It says so right on its website. Two years ago, Steve Ballmer also proclaimed his love for Linux. In 2018, Microsoft has its own distribution that it uses in its Azure cloud. Microsoft includes several different flavors of Linux in its app store (the Windows Subsystem for Linux), all of which can be installed on Windows 10. Microsoft develops for Linux. Heck, Microsoft even contributes to the Linux kernel.

    [...]

    But let’s, just for a moment, pretend that Microsoft is in fact up to its old "extend, embrace and extinguish" tricks. Open source can and would survive anything Microsoft could throw at it. Linux withstood SCO (backed at the time by Microsoft) in a long legal battle, and all of Microsoft’s best attempts to frame it as dangerous, not up to the job, unreliable and a cancer. That was back when Linux was the little guy. In 2018, Linux is the Big Man On Campus.

    Linux and open-source software will do just fine, even with Microsoft running the show at GitHub.

  • We’re moving from Azure to Google Cloud Platform

    Improving the performance and reliability of GitLab.com has been a top priority for us. On this front we've made some incremental gains while we've been planning for a large change with the potential to net significant results: moving from Azure to Google Cloud Platform (GCP).

  • EFF Launches STARTTLS Everywhere, GitLab Moving from Azure to Google Cloud, Firefox 61.0 Released, SUSE Linux Enterprise 15 Now Available and More

    The EFF yesterday announced the launch of STARTTLS Everywhere, "EFF's initiative to improve the security of the email ecosystem". The goal with STARTTLS is "to do for email what we've done for web browsing: make it simple and easy for everyone to help ensure their communications aren't vulnerable to mass surveillance." You can find out how secure your current email provider is at https://www.starttls-everywhere.org, and for a more technical deep dive into STARTTLS Everywhere, go here.

    GitLab announced yesterday that it is moving from Azure to Google Cloud. GitLab claims the decision to switch to Google Cloud is "because of our desire to run GitLab on Kubernetes. Google invented Kubernetes, and GKE has the most robust and mature Kubernetes support." The migration is planned for Saturday, July 28, 2018, and GitLab will utilize its Geo product for the migration.

  • Microsoft Pulls Windows 7 Support On Older CPUs After It Couldn’t Fix A Bug

    Windows 7 is already counting its days before Microsoft terminates the extended support cycle for the popular operating system that only receives security updates. Recently, the company pulled official tech support for various product forums including Windows 7.

Microsoft FUD and Openwashing

Filed under
Microsoft
  • Secure Code: You Are the Solution to Open Source’s Biggest Problem [Ed: The mobsters from Microsoft 'proxy' Black Duck are back to attacking FOSS, in order for them to sell proprietary software from Synopsys]
  • Developers shouldn't worry, Microsoft's GitHub acquisition is a win for all [Ed: Microsoft entryism is a "win for all"? Really?]
  • Open source: Why it's time to be more open about how projects are run [Ed: The latest FOSS FUD from Microsoft booster Mary Branscombe]
  • A framework for lightweight open source governance

    Any group of humans needs some form of governance. It’s a set of rules the group follows in order to address issues and take clear decisions. Even the absence the rules (anarchy) is a form of governance! At the opposite end of the spectrum is dictatorship, where all decisions are made by one person. Open source projects are groups of humans, and they are no exception to this. They can opt for various governance models, which I detailed in a previous article four years ago (how time flies!).

    That article compared various overall models in terms of which one would best ensure the long-term survival of the community, avoiding revolutions (or forks). It advocated for a representative democracy model, and since then I've been asked several times for the best recipe to implement it. However there are numerous trade-offs in the exercise of building governance, and the "best" depends a lot on the specifics of each project situation. So, rather than detail a perfect one-size-fits-all governance recipe, in this article I'll propose a framework of three basic rules to keep in mind when implementing it.

    This simple 3-rule model can be used to create just enough governance, a lightweight model that should be sustainable over the long run, while avoiding extra layers of useless bureaucracy.

Will Microsoft’s Embrace Smother GitHub?

Filed under
Microsoft
OSS

Microsoft has had an adversarial relationship with the open-source community. The company viewed the free Open Office software and the Linux operating system—which compete with Microsoft Office and Windows, respectively—as grave threats.

In 2001 Windows chief Jim Allchin said: “Open source is an intellectual-property destroyer.” That same year CEO Steve Ballmer said “Linux is a cancer.” Microsoft attempted to use copyright law to crush open source in the courts.

When these tactics failed, Microsoft decided if you can’t beat them, join them. It incorporated Linux and other open-source code into its servers in 2014. By 2016 Microsoft had more programmers contributing code to GitHub than any other company.

The GitHub merger might reflect Microsoft’s “embrace, extend and extinguish” strategy for dominating its competitors. After all, GitHub hosts not only open-source software and Microsoft software but also the open-source projects of other companies, including Oracle, IBM, and Amazon Web Services.

With GitHub, Microsoft could restrict a crucial platform for its rivals, mine data about competitors’ activities, target ads toward users, or restrict free services. Its control could lead to a sort of surveillance of innovative activity, giving it a unique, macro-scaled insight into software development.

Read more

Syndicate content

More in Tux Machines

Oracle Yields GraphPipe

  • Oracle open sources Graphpipe to standardize machine learning model deployment
    Oracle, a company not exactly known for having the best relationship with the open source community, is releasing a new open source tool today called Graphpipe, which is designed to simplify and standardize the deployment of machine learning models. The tool consists of a set of libraries and tools for following the standard.
  • Oracle open-sources Graphpipe to make it easier to deploy machine learning models
    Oracle today open-sourced Graphpipe, a tool created to make it easy to serve machine learning models in the cloud made by popular frameworks like TensorFlow, MXNet, Caffe2, and PyTorch. Graphpipe was designed to simplify the deployment of machine learning for use on mobile apps and IoT devices, as well as web services for end users or AI for internal use at companies. “Graphpipe is an attempt to standardize the protocol by which you speak to a remotely deployed machine learning model, and it includes some reference servers that allow you to deploy machine learning models from existing frameworks very easily in an efficient way,” Oracle cloud architect Vish Abrams told VentureBeat in a phone interview. Prior to joining Oracle, Abrams led efforts at NASA to open-source the OpenStack cloud computing platform.
  • Oracle open sources GraphPipe, a new standard for machine learning models
    Machine learning is expected to transform industries. However, its adoption in the enterprise has been slower than some might expect because it's difficult for organizations to deploy and manage machine learning technology on their own. Part of the challenge is that machine learning models are often trained and deployed using bespoke techniques, making it difficult to deploy models across servers or within different departments.
  • Oracle offers GraphPipe spec for machine learning data transmission
    Oracle has developed an open source specification for transmitting tensor data, which the company wants to become a standard for machine learning. Called GraphPipe, the specification provides a protocol for network data transmission. GraphPipe is intended to bring the efficiency of a binary, memory-mapped format while being simple and light on dependencies. There also are clients and servers for deploying and querying machine learning models from any framework.
  • Oracle releases GraphPipe, an open-source tool for deploying AI models
    Major tech firms regularly open-source internal software projects, but it’s not often that Oracle Corp.’s name comes up in this context. Today marked one of those occasions. The database giant this morning released GraphPipe, a tool for easing the deployment of machine learning models. Development on the project was led by Oracle cloud architect Vish Abrams, an open-source veteran who previously worked at NASA as part of the team that created the OpenStack data center operating system.
  • Oracle Open Sources GraphPipe for 'Dead Simple' Machine Learning Deployment

A 'Bridge' for GNU/Linux Games

  • Valve seems to be working on tools to get Windows games running on Linux
    Valve appears to be working on a set of "compatibility tools," called Steam Play, that would allow at least some Windows-based titles to run on Linux-based SteamOS systems. Yesterday, Reddit users noticed that Steam's GUI files (as captured by SteamDB's Steam Tracker) include a hidden section with unused text related to the unannounced Steam Play system. According to that text, "Steam Play will automatically install compatibility tools that allow you to play games from your library that were built for other operating systems."
  • Valve could be working on compatibility tools to make gaming on Linux easier than ever
    Something to look forward to: Gaming on Linux has never been the ideal experience, and the lack of AAA game compatibility is one of the main reasons for this. That's where Valve comes in, apparently - the company seems to be quietly working on a compatibility tool of its own, called "Steam Play." It seems Valve could be taking another shot at bringing Linux to the forefront of PC gaming if recently-discovered Steam GUI files are anything to go by. Curious Reddit users dug into Steam database files obtained by Steam Tracker. Recent updates to the database include numerous hints at something called "Steam Play," which is beginning to sound like a compatibility tool of sorts.
  • Steam may be getting tools that will enable Windows games to run in Linux
    Valve announced the Linux-based SteamOS in 2013, just prior to the reveal of the vaguely console-like Steam Machine PCs. It was a big, bold move that ultimately petered out: Valve ditched the Steam Machines section of its website in April, aalthough you can still hit it directly if you know the URL.
  • Looks like Steam’s getting built-in tools to run Windows games on Linux
    A few lines of code uncovered in Steam suggest that Valve is working on compatibility tools to allow users to play games regardless of operating system. Put another way, Steam’s going to let you run Windows games on Mac and Linux with a set of software built directly into the client. Uncovered strings all come under the “Steam_Settings_Compat” header, and all reference back to Steam Play. That’s currently the moniker Valve used to distinguish games that come as a single purchase playable across Windows, Mac, and Linux, but the strings suggest a new definition on the way.
  • Rumour: Valve May Be Adding Windows Steam Game Compatibility to Linux
    In a very interesting move, sleuths over at GamingOnLinux appear to unearthed evidence that Valve is experimenting with tools that could allow Windows Steam games to be playable on Linux operating systems. Up until this point, a game has to be specifically developed for Linux in order to be compatible with Unix-based operating systems. There are workarounds available right now, but it’s notoriously unreliable and a major hassle to get sorted. However, updates posted to the Steam Database github indicates Valve is at least testing an automatic method for running Windows games on Linux. Picking through the github notes, the tool appears to be called ‘Steam Play’, which the compatibility info says “Steam Play will automatically install compatibility tools that allow you to play games from your library that were built for other operating systems.”

Security: Updates, IPSec, Elections, AWS and Surveillance

  • Security updates for Wednesday
  • Cisco, Huawei, ZyXel, and Huawei patch Cryptographic IPSEC IKE Vulnerability
  • 11-year-old shows it’s child’s play to mess with elections
    At the DefCon Voting Village in Las Vegas last year, participants proved it was child’s play to hack voting machines: As Wired reported, within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WinVote machine. This year, it was literally child’s play: the DefCon village this past weekend invited 50 kids between the ages of 8 and 16 to compromise replicas of states’ websites in the so-called “DEFCON Voting Machine Hacking Village.”
  • Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
    Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections. Two 11-year-old budding hackers last week at DEF CON in Las Vegas used SQL injection attack code to break into a replica of the Florida Secretary of State's website within 15 minutes, altering vote count reports on the site. Meanwhile, further down the hall in the adult Voting Machine Hacking Village at Caesars Palace, one unidentified hacker spent four hours trying to break into a replica database that housed the real, publicly available state of Ohio voter registration roll. He got as far as the secured server — penetrating two layers of firewalls with a Khali Linux pen testing tool — but in the end was unable to grab the data from the database, which included names and birthdates of registered voters.
  • How Netflix Secures AWS Cloud Credentials
    Netflix has long been the poster child for being an "all-in-the-cloud" organization. The streaming media service relies on Amazon Web Services (AWS) for infrastructure and computing resources that it uses to operate.
  • Researchers Reveal Security Vulnerabilities in Tracking Apps
    Millions of users around the world regularly install tracker apps on their Android devices to help them keep track of friends and loved ones. Some of those tracker apps, however, contain vulnerabilities that could potentially enable an attacker to track the users of the apps. Researchers from the Fraunhofer Institute for Secure Information Technology detailed 37 vulnerabilities found in 19 mobile tracking apps in a session at Defcon in Las Vegas on Aug. 11. The researchers responsibly disclosed the flaws to Google and noted that, as of the time of their presentation, 12 of the apps had been removed from the Google Play store, leaving seven still publicly available and vulnerable. "In this project it was very easy to find vulnerabilities," security researcher Siegfried Rasthofer said. "There were no sophisticated exploits."

L1TF/Foreshadow News and Benchmarks

  • Three More Intel Chip Exploits Surface
  • Spectre-like “Foreshadow” Flaw In Intel CPUs Can Leak Your Secrets
  • QEMU 3.0 Brings Spectre V4 Mitigation, OpenGL ES Support In SDL Front-End
    QEMU 3.0 is now officially available. This big version bump isn't due to some compatibility-breaking changes, but rather to simplify their versioning and begin doing major version bumps on an annual basis. As an added bonus, QEMU 3.0 comes at a time of the project marking its 15th year in existence. QEMU 3.0 does amount to being a big feature release with a lot of new functionality as well as many improvements. Changes in QEMU 3.0 include Spectre V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on Microsoft Hyper-V, block device support for active mirroring, improved support for AHCI and SCSI emulation, OpenGL ES support within the SDL front-end, improved latency for user-mode networking, various ARM improvements, some POWER9 / RISC-V / s390 improvements too, and various other new bits.
  • How the L1 Terminal Fault vulnerability affects Linux systems
    Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?
  • An Early Look At The L1 Terminal Fault "L1TF" Performance Impact On Virtual Machines
    Yesterday the latest speculative execution vulnerability was disclosed that was akin to Meltdown and is dubbed the L1 Terminal Fault, or "L1TF" for short. Here are some very early benchmarks of the performance impact of the L1TF mitigation on the Linux virtual machine performance when testing the various levels of mitigation as well as the unpatched system performance prior to this vulnerability coming to light.
  • Phoronix Test Suite 8.2 M2 Released With Offline Improvements, L1TF/Foreshadow Reporting
    The second development snapshot of the upcoming Phoronix Test Suite 8.2-Rakkestad to benchmark to your heart's delight on Linux, macOS, Windows, Solaris, and BSD platforms from embedded/SBC systems to cloud and servers.
  • The Linux Benchmarking Continues On The Threadripper 2950X & 2990WX
    While I haven't posted any new Threadripper 2950X/2990WX benchmarks since the embargo expired on Monday with the Threadripper 2 Linux review and some Windows 10 vs. Linux benchmarks, tests have continued under Linux -- as well as FreeBSD. I should have my initial BSD vs. Linux findings on Threadripper 2 out later today. There were about 24 hours worth of FreeBSD-based 2990WX tests going well albeit DragonFlyBSD currently bites the gun with my Threadripper 2 test platforms. More on that in the upcoming article as the rest of those tests finish. It's also been a madhouse with simultaneously benchmarking the new Level 1 Terminal Fault (L1TF) vulnerability and the performance impact of those Linux mitigations on Intel hardware will start to be published in the next few hours.