Odprtokodni pogled

Opensource view

Tuja odprtokodna scena

Security Leftovers

tuxmachines.org - Sob, 03/30/2019 - 15:24
  • Security researcher pleads guilty to [breaking] into Microsoft and Nintendo

    Prosecutors revealed that Clark had gained access to a Microsoft server on January 24th, 2017 using an internal username and password, and then uploaded a web shell to remotely access Microsoft’s network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft’s network, upload files, and download data.

  • Removing PF

    There have been internal discussions about removing PF from NetBSD. Currently,
    NetBSD's PF is 11 years old, has received no maintenance, and has accumulated
    bugs and vulnerabilities that were fixed upstream but not in NetBSD. The
    latest examples are two vulnerabilities recently discovered in PF, that
    haven't been fixed in NetBSD's PF by lack of interest.

    Importing recent versions of PF in scalable/performant kernels is a huge work
    because of PF's legacy design, and there have been reports that FreeBSD is
    also considering dropping PF.

    Just like other kind of dead wood, NetBSD's PF consumes APIs, makes stuff
    harder to change, and has now reached a point where it is lagging behind
    upstream way too much to still be considered a functional or secure firewall
    on NetBSD.

    NetBSD provides NPF, a clean, secure and scalable firewall, enabled by default,
    that can be used instead, even if it doesn't have all the features PF has
    for now. It is to be noted that IPF too is present in NetBSD, although its
    use is not recommended (for other reasons).

    Given NPF's advanced design and good integration in the NetBSD kernel, trying
    to maintain PF seems like a huge effort for little benefit, and the resources
    would be better spent on NPF.

    Even if we overcame the effort needed to import a new version of PF, we would
    still have to maintain it and regularly synchronize against upstream. Overall,
    it is not viable to keep PF, and has already proven not to be in the past,
    given the state its code finds itself in today.

  • Office Depot slapped with $25m fine over fake malware scans [iophk: "How much money was actually brought in? The fines need to be much larger to make the scam unprofitable."]

    The scans, run in conjuction with partner Support.com, warned customers that their PC was infested with malware and was used to scam them into buying malware removal, security and other software. Support.com was fined $10m for its part.

  • HTTPS Isn't Always As Secure As It Seems

    In analysis of the web's top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs, (of which there are many) in TLS and its predecessor, Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.

  • Five simple steps to stop your car being stolen by 'keyless' thieves: Insurers pay out a record £1m per DAY due to 'worrying' surge in crime

    The rapid rise in crime has been blamed on keyless cars being exploited. Criminals - who usually operate in pairs - will hold a device up against the car, which captures the signal it sends out to the key.

    This then 'boosts' the signal to another device which relays the signal to the key inside a home.

    The car and key is fooled into thinking they are within the two metre range of operation, which allows the car to be unlocked and started.

read more

The Thermal Performance Of NVIDIA's Jetson Nano $99 Developer Board

Phoronix - Sob, 03/30/2019 - 13:00
One of the exciting product launches for this month has been the introduction of the NVIDIA Jetson Nano as a $99 Arm developer board offering four Cortex-A57 cores that isn't too special itself but packing in a 128-core Maxwell NVIDIA GPU makes this board interesting for the price. Out-of-the-box the Jetson Nano is just passively cooled by a small aluminum heatsink, but does it work any better if actively cooled to avoid any potential thermal throttling? Here are some thermal benchmarks.

Radeon VII & Linux 5.0 Excited Open-Source Enthusiasts In Q1

Phoronix - Sob, 03/30/2019 - 12:47
With the first quarter wrapping up, here is a look back at the most popular content of our 903+ original news articles in Q1 as well as 70 featured Linux hardware reviews / featured benchmark articles...

ZFS On Linux Lands TRIM Support Ahead Of ZOL 0.8

Phoronix - Sob, 03/30/2019 - 08:18
While we have been quite looking forward to ZFS On Linux 0.8 with its many additions, this next release will be even better as it now supports SSD TRIM...

Arm's Komeda DRM Driver Picking Up Support For The Mali D71

Phoronix - Sob, 03/30/2019 - 06:28
With the Linux 5.1 kernel there is Arm's new "Komeda" direct rendering manager driver while patched in as new material for Linux 5.2 is support for the Mali D71 display processor with this new driver...

Proprietary: Publishing, Microsoft and Patents

tuxmachines.org - Sob, 03/30/2019 - 05:43
  • Best DTP software 2019: top desktop publishing apps [Ed: Proprietary for the most part, but Scribus got a mention]

    If you're after real desktop publishing power, free of charge, then nothing can compete with Scribus, and it's our pick for the best free DTP software. It's an open source application, which means it's completely free for anyone to use, and you don't need a licence to use it as a business. The program is packed with professional features - CMYK and spot colours, ICC colour management, direct editing of vector drawings, extensive PDF support and more - and provides everything you need to produce flyers, brochures, newspapers, books and more.

    All this power does take quite some time to master, though, and while the developers have tried to help (and there is plenty of documentation to point you in the right direction) you'll need to be patient: the sheer volume of features means there's still a significant learning curve.

  • Chromium-based Edge: Linux support and IE integration [Ed: Why would any GNU/Linux users choose to actually install proprietary software from Micosoft to just browse the Web?]

    Probably the best indicator that Microsoft Edge will be available for Linux is found in Microsoft Edge itself. Load edge://flags and look at the compatibility information that is displayed next to each experiment.

  • New Microsoft NTFS for Linux by Paragon Software [Ed: Software patents Trojan horse for Microsoft inside Linux. Avoid this proprietary software with Microsoft patent tax.]

    Paragon Software Group, a recognized data storage expert, releases Microsoft NTFS for Linux by Paragon Software– a tool that boosts your performance by granting full access to NTFS and HFS+ volumes from Linux devices. The transfer rate is the same for native Linux file systems and in some cases even better. Use HFS+ file system and its native journaling support for better file system integrity, when transferring files between Linux PC and Mac. Microsoft NTFS for Linux by Paragon Software includes additional utilities that lets you format any volume as NTFS or HFS+, check the formatted volumes for integrity and fix errors.

read more

Servers: IBM, Red Hat and SUSE

tuxmachines.org - Sob, 03/30/2019 - 05:40
  • Don't count out IBM virtualization on the Z platform
  • IBM-Red Hat merger timing, fairness in question

    Red Hat posted 2019 year-end financial results this week that exceeded analyst expectations, but the company said nothing about its pending $34 billion purchase by IBM as industry experts question the value to Linux users and whether the deal will actually close in the second half of this year.

    While major roadblocks to the IBM-Red Hat merger have yet to become public, its sheer size has some industry observers in speculation mode.

    "If this deal doesn't go through, it wouldn't be a problem for anyone except IBM," said Dana Gardner, principal analyst at Interarbor Solutions LLC in Gilford, N.H. "People are quite happy with an independent Red Hat overseeing the development of an important product like Linux along with a cloud software infrastructure stack."

    For the most part, IT pros weren't excited about the deal because of what IBM brings to Red Hat, but what Red Hat brings to IBM, Gardner said. This is reflected in the "staggering" $34 billion IBM paid for Red Hat, he added.

  • Going to SUSECON ’19? Get $5!

    Have you been coveting your very own SUSE chameleon? How about a pair of SUSE socks? Or maybe it’s a notebook that you want to take home? The options to turn your office green are endless. And to jumpstart your journey, the Support team wants to give you $5!

  • Six First Impressions of SUSE Cloud Application Platform

    While I’ve been developing for Kubernetes for a few years now, I am pretty new to both SUSE and Cloud Foundry. I’ve got to say that both have been great experiences! SUSE is a fantastic place to work and our Cloud Foundry distribution (SUSE Cloud Application Platform) makes my development life easier.

  • A Syllabus to SUSE CaaS Platform at SUSECON

    NASHVILLE, BABY!!! That’s right, I’m hitting my old college stomping grounds for SUSECON!!
    Returning to Nashville brings me memories of housing Ben and Jerry’s Stephen Colbert Americone Dream from the Piggly Wiggly after learning that Kevin Garnett and Paul Pierce were traded away from the Celtics, finding the single Dunkin’ Donuts in Nashville and moving into the apartment building next to it, blasting Jay Z’s Reasonable Doubt out of my dorm room windows, and paying more attention to the girl who sat next to me in ECON 2 than my professor (Sorry, Dr. C…)

    Ah man. Those were the days…

    Anyway, SUSECON! I’m the PMM for SUSE CaaS Platform! That’s what I’m here to write about!

  • Is Kubernetes The Next Big Enterprise App Platform? That Depends On How Many Apps Can Run On It

read more

Programming: 'The Cloud', Java, CI/CD and Interrupting Coders

tuxmachines.org - Sob, 03/30/2019 - 05:37
  • IFTTT GMail Options Removed [Ed: When your stuff depends on "the cloud" you're at the mercy of someone else.]

    Most of the integration of Gmail features in IFTTT are being removed on March 31. IFTTT apps will still be able to send an email, but will no longer be able to trigger actions based on emails received.

    Google is removing the means to carry out such actions as a side effect of its larger plans to tighten security. The overall plans were announced back in October when Google said it was reviewing all third party applications to see that they conform to stricter security settings.

  • What should developers use? Java EE, Jakarta EE, MicroProfile, or maybe all of them!

    So many options, so little time. How can developers choose between Java EE, Jakarta EE, and Eclipse Microprofile? In this article, Sebastian Daschner goes over the options and explains why a mix of all three is the best of all worlds for resilient, cloud-native apps.
    It seems that more and more enterprise technology is emerging that is based on Java EE. There are a lot of options to choose from, between Java EE (now referred to as Jakarta EE), MicroProfile, and combinations of their APIs. If we look at available application containers, the number of possibilities is even higher. Which platforms, particular standards, and runtimes should enterprise developers base their applications on in year 2019?

  • SREs Wish Automation Solved All Their Problems

    Although automation is the top technical skill needed by SREs according to last year’s report, the reality is that the day-to-day responsibilities of IT operations cannot always be eliminated by writing a new script or creating an improved infrastructure configuration. It turns out that automating the CI/CD process is just one of many SRE responsibilities.

  • Interrupting Coders Isn’t So Bad

    Here’s a hot take: disrupting coders isn’t all that bad.

    Some disruptions are certainly bad but they usually aren’t. The coder community has overblown the impact. A disruption can be a good thing. How harmful disruption might be a symptom of other problems.

    There are different kinds of disruptions. They are caused by other coders on your team, managers and other non-coders, or meetings throughout the day.

read more

HTML5 Broadway Backend Is Seeing Renewed Attention Ahead Of GTK 4.0

Phoronix - Sob, 03/30/2019 - 05:07
It's been a while since last hearing anything about the GNOME/GTK Broadway back-end that provides HTML5-based user-interfaces for rendering within web browsers. The HTML5 Broadway work has been revived ahead of the GTK 4.0 tool-kit release...

A Look at the New Gentoo Based Sabayon 19.03 and Gentoo Based ChromeOS

tuxmachines.org - Sob, 03/30/2019 - 04:56
  • Sabayon 19.03 overview | The beginner-friendly Gentoo-based Linux distribution.

    In this video, i am going to show an overview of Sabayon 19.03 and some of the applications pre-installed.

  • Google I/O 2019 schedule goes live with sessions on Stadia, Dark Mode, Linux on Chrome OS, and more

    Google I/O is one of the biggest developer conferences held by Google every year, wherein they announce upcoming changes to Google services and how developers should react in order to prepare themselves for these changes. Google I/O 2019 is scheduled to begin on May 7, 2019 at the Shoreline Amphitheatre in Mountain View, California (USA), and now, Google has posted the initial schedule for the conference.

    As expected, I/O 2019 will kick off with the main Google keynote at 10AM PDT, and will be hosted by key Google executives, including Mr. Sundar Pichai, in all likelihood. As it does every year, this event will provide an overview of upcoming changes to Google products and services, including Android and its next version, Android Q. This event will be livestreamed, so you won’t be missing out on too much if you did not manage to score a ticket.

  • 4K Video Editing on Chromebooks May Be Possible Soon

    If Google’s Stadia project ends up delivering the way it promises, there will be a totally viable gaming solution for Chromebooks. For photo and graphic editing, there are options like Pixlr, Gravit Designer on the web and Photoshop or Lightroom on Android. Add to that a very workable solution in GIMP and Inkscape in Linux and you have most of your photo and graphic editing needs met.

read more

Kernels, the Linux Foundation and Its TAB

tuxmachines.org - Sob, 03/30/2019 - 04:54
  • Containers vs. Unikernels: An Apples-to-Oranges Comparison

    I was asked recently to write a containers-versus-unikernels article, and I said, “Sure, but it won’t be the article you think it is because I share Per Buer’s sentiment that unikernels are not simply containers 2.0.” I seem them as apples and oranges. I think a lot of the confusion stemmed from the acquisition of Unikernel Systems by Docker a few years ago; they were the team that coined the term, after all. What the company might not have intended was to spawn birth to more than 10 different unikernel implementations that exist today. Indeed, there were already projects that could’ve been called a “unikernel” before their papers came out, and some projects—while not adopting the moniker—talk, act and walk like a unikernel, so here we are today.


    Also, I’ve been using the word “process” intentionally. A program that might be installed in a container potentially could have many processes. Forking new processes was an older way to scale in the ’90s but it’s much slower than threading. Many interpreted languages scale via pre-forking through a web server or by running many app instances behind a load balancer. That’s because a lot of interpreted languages don’t have true threading support—many will just implement “green threads” if at all. The container is more like a padded room in which you can do whatever you want and you won’t disturb your neighbors (although this is proving to be mostly untrue), but a unikernel will only execute one process, and if you want another one you need to spin up a new unikernel. There are many unikernels that support multi-threading, though, and this is good. This single-process nature though is where unikernels get a lot of their security and performance.

  • R9B Announces Partnership with the Linux Foundation to Extend HUNT Training Reach

    R9B, a leading provider of advanced cybersecurity training, products, and services announced today it has joined the Linux Foundation as a silver member and will be working on a new global training delivery system. Since 2011, R9B has provided cybersecurity training to both private and governmental organizations, including mission qualification testing (MQT) for the United States Department of Defense. In joining the Linux Foundation, the company will be able to extend the reach of its popular HUNT Linux training module, one in a three-part HUNT training series that also focuses on threat hunting for Windows and networks.

  • Service on the TAB

    The first question everyone seems to ask is "What exactly does the TAB do?" The answer to that is tied to the history of the TAB. Most of this happened well before my time and is probably better documented elsewhere but the short summary is the TAB came about from the creation of the Linux Foundation from OSDL. There really wasn't a good forum where kernel developers could have a voice, thus the TAB was born. While the name is "Technical Advisory Board", it's designed to cover the kernel community. The TAB Chair also has a seat on the Linux Foundation Board. Over the years, the TAB has worked on everything from UEFI to encouraging corporate participation to combating GPL trolling. As time passes and problems get solved, what the TAB spends its time on also changes. The TAB has sometimes been compared to other open source project boards but one important note is that the TAB is not responsible for technical decisions directly. It's not the place of the TAB to sign off or approve architecture changes.


    This is all still incredibly hand wavy but the point is the TAB is there if people need it. It's useful to have a single body of people to ask questions and help guide people If you have ideas of things the TAB should work on, I'd welcome the chance to hear it.

read more

Security: KVM, Cisco, Passwords, WhiteSource FUD, Huawei FUD and FireEye's Latest Nonsense

tuxmachines.org - Sob, 03/30/2019 - 04:50

read more

Why Linux Mint Is Better and Ubuntu Leftovers

tuxmachines.org - Sob, 03/30/2019 - 04:48
  • Top 5 Reasons Why Linux Mint Is Better

    Top 5 Reasons Why Linux Mint Is Better. In this video why I think Linux Mint is better. Not saying Linux Mint the best distro, I’m saying that it’s often times better than that “other” OS most people are using. I also think it’s better than some other distros out there. In future videos, I’ll be offering the same Linux distro insights on why I think the distro I’m featuring is better than its alternatives and why.

  • Artificial intelligence receiving huge Kubernetes boost

    There has been a 14-times increase in the amount of Artificial Intelligence (AI) start-ups launching since the turn of the century, according to a study by Stanford University. In the UK alone, says Carmine Rimi, AI product manager at Canonical – the company behind Ubuntu, AI developers witnessed a 200% spike in venture capital funding in the past year alone; as the transformative potential of AI smashes all boundaries.
    The creation of AI applications to enhance ways of doing business and, indeed, people’s lives is a huge task. These applications are complicated to develop and build, as they involve such varying types of data; making porting to different platforms troublesome.

  • Sick of Slow Snap App Startup Times? The Cause Has Been Identified

    The slow start-up time of newly installed Snap apps has been a point of contention for many Ubuntu Linux users for a while.

    But developers behind the fledgling app format have announced that a noticeable improvement in first-run loading times is on the way.


    Graphical Snap apps, like VLC, VSCode, etc, query the font-cache on start-up.

    An app will start-up promptly if a valid font-cache is available and accessible. If it isn’t, one has to be generated.

    It’s this task that Igor blames for the the slow start-up, continuing:

    “[Font cache generation] can take a long time, especially if there is a large number of fonts that needs to be enumerated […] during which the GUI application may not render on the screen, and users will interpret this delay as a slow application startup.”

    By leveraging ‘font cache binaries’ in Snapd, the underlying “engine” that powers the Snap system, startup times have been improved by as much as 6x.

    Linux users running Snapd 2.36.2 (or later) automatically benefit from this tweak — and it’s not the only fix ’em up on the way.

  • Full Circle Magazine: Full Circle Magazine #143

    This month:
    * Command & Conquer
    * How-To : Python, Freeplane, and Darktable
    * Graphics : Inkscape
    * Ubuntu Devices: OTA-8
    * My Opinion: GDPR Pt3
    * Linux Loopback: BSD
    * Book Review: Practical Binary Analysis
    * Interview: Simon Quigley (Lubuntu)
    * Ubuntu Games: This Is The Police 2
    plus: News, The Daily Waddle, Q&A, and more.

read more

today's howtos

tuxmachines.org - Sob, 03/30/2019 - 02:49

read more

Wine 4.5 Released

tuxmachines.org - Sob, 03/30/2019 - 02:47

read more

4 best Microsoft Access Alternatives for Linux users

tuxmachines.org - Sob, 03/30/2019 - 02:36

Microsoft Office comes with Microsoft Access, a database management program that users can use to create databases. Unfortunately, this program does not work on Linux. So, those that have recently switched to Linux but require a robust database program are out of luck.

In this list, we’ll go over some of the best Microsoft Access alternatives for Linux. We’ll also show you how to download them, and talk about some compelling features of each app on this list.

read more

Handshake donates $300,000 USD to Debian

tuxmachines.org - Sob, 03/30/2019 - 02:22

In 2018 the Debian project received a donation of $300,000 USD from Handshake, an organization developing an experimental peer-to-peer root domain naming system.

This significant financial contribution will help Debian to continue the hardware replacement plan designed by the Debian System Administrators, renewing servers and other hardware components and thus making the development and community infrastructure of the Project more reliable.

read more

Valve Is Teasing "Index" - Its Own VR Headset

Phoronix - Sob, 03/30/2019 - 01:55
While Valve has long been collaborating with HTC and others on VR headsets and other ecosystem work to enhance virtual reality gaming as well as bringing VR support to Linux, the company is finally preparing to release its own high-end VR headset: the Valve Index...

Courtès: Connecting reproducible deployment to a long-term source code archive

LWN.net - Pet, 03/29/2019 - 23:45
On the Guix blog, Ludovic Courtès writes about connecting reproducible builds for the Guix package manager with the Software Heritage archive. "It quickly became clear that reproducible builds had 'reproducible source code downloads', so to speak, as a prerequisite. The Software Heritage archive is the missing piece that would finally allow us to reproduce software environments years later in spite of the volatility of code hosting sites. Software Heritage’s mission is to archive essentially 'all' the source code ever published, including version control history. Its archive already periodically ingests release tarballs from the GNU servers, repositories from GitHub, packages from PyPI, and much more. We quickly settled on a scheme where Guix would fall back to the Software Heritage archive whenever it fails to download source code from its original location. That way, package definitions don’t need to be modified: they still refer to the original source code URL, but the downloading machinery transparently goes to Software Heritage when needed."
Syndicate content