Odprtokodni pogled

Opensource view

Tuja odprtokodna scena

Security: Wireshark 3.0, Yubikey, Android TV Bug, Debian ELTS, Open Source Security Podcast and More

tuxmachines.org - Tor, 03/05/2019 - 11:50
  • Wireshark 3.0 Released as World’s Most Popular Network Protocol Analyzer

    The Wireshark Foundation released a new major version of their widely-used network protocol analyzer software, Wireshark 3.0, for GNU/Linux, macOS, and Windows platforms.
    As its version number suggests, Wireshark 3.0 is a massive update to the world's most popular network protocol analyzer designed for network troubleshooting and analysis, software and communications protocol development, as well as education purposes, which introduces numerous new features and improvements.

    Highlights of Wireshark 3.0 include re-enablement and modernization of the IP map feature, support for the long-term supported Qt 5.12 application framework for macOS and Windows systems, initial support for using PKCS #11 tokens for RSA decryption in TLS, support for reproducible builds, and support for Swedish, Ukrainian, and Russian languages.

  • Using a Yubikey as smartcard for SSH public key authentication

    I did not like that very much. GnuPG's user interface is a disaster, and reading its documentation is a pain. Working with OpenBSD has taught me that good documentation is a must, because without that, how can you use the software safely? The documentation also shows how much the developers care. So gpg is out, at least for SSH authentication.

    However, ssh(1) has another method to talk to smartcards. It can load a PKCS#11 library that contains the functions to access the SmartCard. On OpenBSD, this library is provided by the opensc package. In turn, it needs the pcsc-lite package, that actually talks to a smartcard reader.

  • Android TV Bug May Expose Your Personal Google Photos to Other Users

    A Twitter user from India has discovered a new bug in the Android TV OS that could potentially expose personal photos of users to others that own the same Android TV device. When @wothadei tried to access his Vu Android TV through the Google Home app, he could see the linked accounts of several other individuals who owned the same television. Unfortunately, however, this is not the only bug that he has discovered.

    The Twitter user found that he could view personal photos linked to the accounts of other owners of the Android TV device on Google Photos through the Ambient Mode screensaver settings. Another Twitter user has pointed out that the problem may be solved by performing a reset and linking your Google account to the Android TV device. Quite clearly, the bug puts the privacy of several Android TV users at risk.

  • Mike Gabriel: My Work on Debian LTS/ELTS (February 2019)

    In February 2019, I have worked on the Debian LTS project for 6 hours (of originally planned 10 hours) and on the Debian ELTS project for another 6 hours as a paid contributor. The non-worked 4 LTS hours I will carry over into March 2019

  • Open Source Security Podcast: Episode 136 - How people feel is more important than being right

    Josh and Kurt talk about github blocking the Deepfakes repository. There's a far bigger discussion about how people feel, and sometimes security fails to understand that making people feel happy or safer is more important than being right.

  • March Intro | Roadmap to Securing Your Infrastructure

    March is upon us as we continue with our roadmap to securing your infrastructure. Hopefully, February’s posts reignited your passion for security. This month, we’ll discuss some topics that are typically overlooked or taken for granted. We often wear many hats in our jobs and tend to get busy, but we must stay vigilant in our efforts.

    In the information security industry, one thing we cannot do is become stagnant. The minute we let our guard down or say, “Someone else will take care of that” is the moment we relinquish control to those we have so diligently defended against.

read more

KDE Krita and Plasma Leftovers

tuxmachines.org - Tor, 03/05/2019 - 11:41
  • Creating a Python Plugin for Krita: Guest Article by Zlatko Mašek

    Ever since Krita allowed scripting in Python, I was eyeing what I could do with it. Since it’s using QT and I had no previous experience with it, I wanted to learn a bit about it because I’m programming with Python as my day job. Doing image manipulation to transform images for different usages between different systems is always a fun challenge. I wanted to switch from direct image scripting to a plug-in based workflow so I didn’t have to do too much context switching between work-time and hobby-time. Krita being cross-platform also helped because I didn’t have to deal with installing Python on operating systems that don’t have it pre-installed. The plug-in I made is simple enough. It slices the image and prepares tiles for the usage in a tiling library like Leaflet. You need to make sure that you have a flattened image saved beforehand and it’s the last thing you do when preparing for an export. Also make sure that the image is rectangular if you don’t want the plug-in to crop it by itself. The plug-in is fired up by going to the Tools -> Scripts -> Krita – Leaflet in the menu bar.

  • KDE Plasma 5.14.90 (the beta for Plasma 5.15) is available for testing

    Are you using Kubuntu 18.10, our current Stable release? Or are you already running our daily development builds?

    We currently have Plasma 5.14.90 (Plasma 5.15 Beta) available in our Beta PPA for Kubuntu 18.10 and in our daily Disco ISO images.

  • Plasma desktop kstart: cannot connect to X server - What now?

    Here's an interesting little problem. I was merrily using my Plasma desktop when suddenly it went kaput. But kaput in a bad way, not a good way. This translates into windows decorations being all gone and nothing really responding to mouse clicks. And here comes the conundrum train, nonstop to Foobar. I wanted to restart the Plasma shell and just get back to working - after all, I mentioned this workaround a couple of times in the past, like my Slimbook & Kubuntu combat reports. Indeed. Except ...

    This didn't work. In the virtual console (the only thing that actually was working), I had the kstart: cannot connect to X server error. At this point, a reboot or magic were needed, and I really wanted to have to avoid rebooting. In general, rebooting is a lazy way of fixing issues, and it should be done sparingly. So let's talk about a better, less destructive way.

read more

Resource Scale for Fractional Scaling support in GNOME Shell 3.32

tuxmachines.org - Tor, 03/05/2019 - 11:29

The news spread out quite quickly, once last Friday Jonas pressed the button and that triggered the last-second merge for the relevant proposals we prepared for Mutter and GNOME Shell in order to get this available for GNOME 3.32.

As someone might recall, we started this work some years ago (ouch!) and lead to an Hackfest in Taipei, but in between other work to do and priorities which caused this to be delayed a bit. While the first iteration was ready for some time now. But at every review we improved things fixing bugs (like missing scaled widgets) and optimizing some code paths, so hopefully this time helped in serving better quality .

We’ve still quite a lot of work to do (see these issues for mutter and shell) and some fixes that we have in queue already, but the main task is there. So starting from now the shell will paint all its elements properly and in good visual quality at any fractional scaled value, and independently for every monitor.

read more

Graphics: DAV1D, Collabora, and AMD

tuxmachines.org - Tor, 03/05/2019 - 11:23
  • DAV1D v0.2 AV1 Video Decoder Released With SSSE3 & NEON Optimizations

    The DAV1D open-source AV1 video decoder is now much more capable on older PCs and ARM mobile devices with its second release.

    DAV1D 0.2.0 was released today, three months after the original dav1d 0.1 release. While the initial release offered up hand-written AVX2 code for running faster than the reference decoder on modern Intel/AMD CPUs, this release has focused on helping out older desktop CPUs as well as mobile devices.

    DAV1D 0.2.0 features SSSE3 support for processors not supporting AVX2. Additionally, there is NEON SIMD support now for ARM hardware.

  • Panfrost update: A new kernel driver

    Following two months of work to develop a driver for Midgard and Bitfrost GPUs, Panfrost is now using a new kernel driver that is in a form close to be acceptable in the mainline Linux kernel.

  • Collabora Posts New DRM Kernel Driver For Open-Source Arm Mali Graphics

    Collabora's Tomeu Vizoso has posted an initial set of patches he's been working on along with Rob Herring on developing a new open-source kernel DRM driver for Arm's Bifrost and Midgard graphics hardware.

    This Panfrost DRM driver goes in-step with the Panfrost Gallium3D driver that was recently merged to mainline Mesa and continues quickly advancing for providing open-source OpenGL support for these two recent generations of Arm Mali GPUs while being developed through reverse-engineering without the official blessing of Arm.

  • Enabling AMD Radeon FreeSync On Linux 5.0

    One of the most asked questions in recent weeks has been how to enable the newly added support for FreeSync on Linux. Now with Linux 5.0 out there, here is a quick guide.

    Of course, you first need a supported display and graphics card that are capable of supporting FreeSync/Adaptive-Sync... Fortunately, there are a lot of FreeSync displays out there these days, including many at affordable prices. As for GPUs, any recent AMD Radeon graphics card on the AMDGPU kernel driver should end up working out.

  • AMDVLK 2019.Q1.7 Offers Up Fixes To AMD's Official Open-Source Vulkan Driver

    AMD is back on course for their weekly code drops of the AMDVLK sources that make up their official open-source Vulkan Linux driver.

    AMDVLK 2019.Q1.7 is out to succeed last Tuesday's 2019.Q1.6 release. There aren't any notable features introduced in this fresh code drop but a number of fixes. There are a few notable fixes including for transform feedback, support for min/max stencil resolve using the compute pipeline, memory leak fix, corruption with Fiji GPUs running under Wayland, and other corruption issues.

read more

Python and Django Programming

tuxmachines.org - Tor, 03/05/2019 - 11:21
  • Connecting Raspberry Pi to the Alibaba Cloud IoT Platform Using Python

    Join us at the Alibaba Cloud ACtivate Online Conference on March 5-6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.

  • “Everything is Awesome”: Python Meets Plastic Bricks

    If you stay in the field of software development long enough, you might be lucky enough to work a project like we are working on. It is the type of project that makes you think, “I can’t believe they pay me to do this.” Two years ago, our company hired us to develop an Industrial Control System/Supervisory Control and Data Acquisition (ICS/SCADA) program for cyber teams. Cody was hired as a Constructive Modeler, making a variety of real and synthetic models for various projects. Scott was hired as an ICS/SCADA Engineer, designing and building the control systems that power the models.

  • Python + Memcached: Efficient Caching in Distributed Applications

    When writing Python applications, caching is important. Using a cache to avoid recomputing data or accessing a slow database can provide you with a great performance boost.

    Python offers built-in possibilities for caching, from a simple dictionary to a more complete data structure such as functools.lru_cache. The latter can cache any item using a Least-Recently Used algorithm to limit the cache size.

    Those data structures are, however, by definition local to your Python process. When several copies of your application run across a large platform, using a in-memory data structure disallows sharing the cached content. This can be a problem for large-scale and distributed applications.

  • Contributing to classiness (in Django)

    A couple weeks ago I ran a poll on Twitter asking people whether they’d ever used, or considered using, the contribute_to_class() method to write something that attaches to or hooks into a Django ORM model class, and if so what their thoughts were. There was also a “don’t know what that is” option, which won by a large margin, and I promised I’d provide an explanation.

    Unfortunately, that was around the time I suffered a kitchen accident which left me without full use of my left hand for a bit. Full healing will take a little while longer, but it’s at the point where I can mostly type normally again, so it’s time to provide the explanation.

  • Ansible Cranked to 11

    On the Building SaaS with Python and Django Twitch stream, I tried out a new tool to see if it would improve my deploy time. We configured Ansible to use Mitogen and it was an incredible success.

read more

Btrfs For Linux 5.1 Brings Configurable Zstd Compression Level, A Number Of Fixes

tuxmachines.org - Tor, 03/05/2019 - 11:14

The initial feature updates were sent in a short time ago for the Btrfs file-system changes targeting the Linux 5.1 kernel cycle.

One of the main changes to the Btrfs file-system support is now offering configurable Zstd file compression support. Btrfs has offered Zstd as part of its native and transparent compression support going back to Linux 4.14, but now with Linux 5.1 is the ability to adjust the Zstandard compression level for either greater compression or faster compression speeds. The Zstd compression level also impacts how much system memory is needed besides the higher levels being more taxing on the CPU.

Also: Automotive Linux in Tokyo

read more

Alpine 3.9.2 released

tuxmachines.org - Tor, 03/05/2019 - 11:10

The Alpine Linux project is pleased to announce the immediate availability of version 3.9.2 of its Alpine Linux operating system.

This is a bugfix release of the v3.9 stable branch, which fixes a regression introduced in 3.9.1 that caused setup-alpine to break.

read more

Linux 5.0-ad1 Patch Lets You Build The Kernel With "-march=native"

Phoronix - Tor, 03/05/2019 - 10:54
While the upstream Linux kernel developers may not be interested in adding all of the CPU compiler tuning optimizations carried by Gentoo for their kernel builds, if you are after just "-march=native" compiler tuning to optimize your kernel build for the CPU being used, an updated patch is now available...

Fwupd+LVFS Begins Eyeing The Enterprise For Easier Linux Firmware Updates

Phoronix - Tor, 03/05/2019 - 09:40
Now that the Linux Vendor Firmware Service (LVFS) and Fwupd updating mechanism for firmware/BIOS updates is supported by all major vendors and has already served up more than five million firmware files, their newest focus is on easing the roll-out of firmware updates in enterprise settings...

Linux 5.1 Networking Changes See Intel 22260 WiFi Support

Phoronix - Tor, 03/05/2019 - 07:05
The networking subsystem is busy as always and not any different pace with the in-development Linux 5.1 kernel...

GNU Linux-libre 5.0-gnu

tuxmachines.org - Tor, 03/05/2019 - 06:25
  • GNU Linux-libre 5.0-gnu

    GNU Linux-libre 5.0-gnu sources and tarballs are now available at
    It didn't require any deblobbing changes since -rc6-gnu. Binaries are
    on the way.

    Besides the usual assortment of firmware name updates, a new driver
    (ipu3-imgu) required disabling of blob requests, and a driver that we
    used to deblob (Eicon DIVA ISDN) was removed, so its cleaning up code is
    now gone.

  • GNU Linux-libre 5.0-gnu Released As A Kernel Without Any Binary Blobs/Firmware

    As usual, following yesterday's release of Linux 5.0 the GNU/FSF folks have put out their re-base of their version of the Linux kernel that strips out support for drivers depending upon binary-only firmware, the ability to load non-free (closed-source) kernel modules, and other functionality removed that isn't in strict compliance with open-source standards.

  • GNU Linux-Libre 5.0 Kernel Officially Released for Those Who Seek 100% Freedom

    Based on the recently released Linux 5.0 kernel series, the GNU Linux-Libre 5.0 kernel is here to offer you a Linux kernel that doesn't contain any proprietary code as it deblobbs the new ipu3-imgu driver, removes the Eicon DIVA ISDN driver, and updates the names of several firmware included in the upstream Linux 5.0 kernel.

    "Besides the usual assortment of firmware name updates, a new driver (ipu3-imgu) required disabling of blob requests, and a driver that we used to deblob (Eicon DIVA ISDN) was removed, so its cleaning up code is now gone," said developer Alexandre Oliva in a mailing list announcement.

read more

Wireshark 3.0 Released With New Protocol Support, User Interface Improvements

Phoronix - Tor, 03/05/2019 - 06:02
Quietly released last week was Wireshark 3.0, the open-source packet analyzer software formerly known as Ethereal and previously as a GTK user-interface but now exclusively Qt...

Host Website On Our Own Server - Web Server Setup Series

tuxmachines.org - Tor, 03/05/2019 - 04:04

box-shadow: 5px 5px 5px #222;" />

Today we'll continue our web server setup series. In this series, we've already installed and setup our web server, configured & secured cPanel and point domain name to the server. At any time if you've trouble setting something up something, let me know in the comment section below. In this article, we'll go about hosting a website on our server. Let's do it.

read more

ZFS On Linux 0.7.13 Released With Fixes For Linux 5.0 Kernel Compatibility

Phoronix - Tor, 03/05/2019 - 02:54
While we are very much looking forward to the huge ZFS On Linux 0.8 release, as a new stable release for offering up compatibility with the newly minted Linux 5.0 is now the ZoL 0.7.13 milestone...

Additional MIPS Release 6 Changes Heading Into Linux 5.1

Phoronix - Tor, 03/05/2019 - 02:20
The upstream Linux kernel support for the MIPS architecture continues to be improved upon, which is great news especially with this processor ISA going open-source. With the Linux 5.1 kernel are more MIPS improvements...

today's leftovers

tuxmachines.org - Tor, 03/05/2019 - 01:01
  • The Story of Pinehead the Penguin Part 4 | Adventures of Pinehead Comic

    Meet our lovable mascot, Pinehead the Penguin. He’s on a journey to get to Linux Academy to become a Linux master!

  • Linux In Safety-Critical Systems Is Coming Soon With Project ELISA

    Linux Foundation announced the launch of a new open source project focused on developing applications and Linux based systems for safety-critical systems.

    A safety-critical system is one in which failures could result in property damage, loss of life, environmental damage or injury. First reported by Data Center Knowledge, the project aims at ensuring that such critical Linux-based systems remain failure proof.

  • Krita Interview with Ari Suonpää

    The simplicity, great brush performance, and Linux support although I paint on a Surface Book.

  • More Fun with Kubeadm & Fedora

    I recently wrote about getting up and running with kubeadm and Fedora CoreOS, which I got working, but which sent me into a miniature funk of uncertainly over various little integration issues.

    First, I was getting around the lack of support in rpm-ostree for rpms that place stuff in /opt, which isn’t a traditional place for package managers to put stuff, but which is where kubeadm puts its cni binaries, for historical reasons. I got the Fedora package that provides the cni binaries, containernetworking-plugins, and that doesn’t stick things into /opt, modified to say it provides kubernetes-cni, which is what the upstream kubernetes rpm maintainers call it, but I had to transgress against rpmlint by leaving out the version number. The upstream packagers call explicitly for cni version 0.6.0, while Fedora is shipping version 0.7.4.

    As far as I could tell, the later version worked just fine, but I wasn’t sure I’d get my package change merged while telling that lie of omission. That led me to wonder about whether I should try to convince the upstream packagers to move the cni binaries — kubernetes is hard coded to look for them in opt, but you can specify a different location when you’re setting things up, so getting the binaries moved to /usr/libexec/cni, where Fedora keeps them, could be an option. Or, I’ve played with some symlink-type trickery in the past to make cni binaries appear under /opt while actually installed elsewhere, so maybe I could convince the project to accept something like that.

read more

Syndicate content