Odprtokodni pogled

Opensource view

Tuja odprtokodna scena

GNOME Annual Report 2018

tuxmachines.org - Čet, 06/27/2019 - 18:46

We are very excited to share with you some of our best moments, achievements, and great conferences/events which happened throughout the year in our annual report.

Also: GNOME Foundation Issues 2018 Annual Report - Massive Increase In Funding

read more

Krita 4.2.2 Released

tuxmachines.org - Čet, 06/27/2019 - 18:13

Within a month of Krita 4.2.1, we’re releasing Krita 4.2.2.

read more

today's howtos

tuxmachines.org - Čet, 06/27/2019 - 18:09

read more

Google Releases Chrome OS 75 to Let Linux Apps Access Android Devices over USB

tuxmachines.org - Čet, 06/27/2019 - 18:02

Chrome OS 75 has been promoted to the stable channel as version 75.0.3770.102 (Platform version: 12105.75.0) for most Chromebook devices. This release introduces a new parental control feature that lets parents limit the time to their kids spend on Chrome OS devices, and it also enables kid-friendly Assistant for child accounts.

While still in beta, the support for Linux apps is improving with every release, and Chrome OS 75 introduces support for Linux apps to access Android devices over USB connections. Moreover, the Files app has been enhanced with support for third-party file provider apps, implementing the Android DocumentsProvider APIs.

read more

Intel Xeon Cascade Lake Compiler Performance - GCC 9/10 vs. LLVM Clang 8/9

Phoronix - Čet, 06/27/2019 - 18:00
At least for the newest Intel Xeon "Cascade Lake" processors, the LLVM Clang compiler is running incredibly well compared to the long-standing GNU Compiler Collection (GCC). Overall, LLVM clang is now nearly at performance parity to GCC 9 and the in-development GCC 10 compilers. Here are some Linux compiler benchmarks using the dual Intel Xeon Platinum 8280 server built around the Gigabyte S3461-3R0.

Games Leftovers

tuxmachines.org - Čet, 06/27/2019 - 17:54
  • An interview with Bearded Giant Games about Linux, development and their game Space Mercs

    Today we have another interview for you, with Bearded Giant Games who are currently making the extreme space shooter Space Mercs.

  • Bird by Example is quite possibly the weirdest game I've played in a long time

    I'm thoroughly confused and also slightly amused with Bird by Example, what the developer says is a "mock RPG where all the other occupants are horrifying birds who mimic your behaviour with deep learning".

    I will admit currently the game goes a bit over my head, I don't quite get it. However, I've toyed around with it for a while and eventually it could be something special. There's something really unnerving about a group of really buff birds, that start copying you.

  • Classic open source RTS "Seven Kingdoms: Ancient Adversaries" has a brand new release out

    Seven Kingdoms: Ancient Adversaries, a proper classic RTS that's open source continues living on with a fresh release now available to download.

    Originally released way back in the 90's, Enlight Software later decided to open source it in 2009 and since then it's seen quite a number of updates as well as a Linux port which works rather nicely.

  • DOSBox is still alive, with a new bug fix release available

    Compatibility for this release should be no different to 0.74 and 0.74-2, so you should be able to upgrade without seeing any issues appear. They're also still working on the next major release with DOSBox 0.75, but some bugs are currently holding back a release.

    I love DOSBox, before OpenXcom became fully playable for the classic X-COM experience I used it quite regularly. Cannon Fodder is also a rather guilty pleasure of mine, a true classic. What are some of your favourites you still play thanks to DOSBox?

  • It’s a tough time to be an indie developer, with Steam’s new sale event causing wishlist deletions

    As an unintentional side effect of Valve's latest sales event, the Steam Grand Prix, it seems a lot of users have begun cleaning out their Steam Wishlists.

    Why? Well, it gives you the chance to win an item from your Steam Wishlist but only from the top three slots, it's not random. Valve's rules are pretty clear on how it all works but it still seems to have caused a lot of wishlist deletions. Removing games doesn't actually improve your chances, but likely will affect your future purchases of games you're no longer following as a result of it.

  • OXXO is the next puzzler from the developer of Zenge, Art Of Gravity, PUSH and more

    Hamster On Coke Games are at it again, with a new puzzle game on the way called OXXO that promises an experience that evolves as you play it.

    They previously made Scalak, Zenge, PUSH, Art Of Gravity and more and their games are always quite highly rated. Personally, I played through Scalak back in 2018 and thoroughly enjoyed it so I'm happy to see more unique puzzle games from the same developer come to Linux.

  • The Colonists is a city-builder that's worth your time with cute little robot workers

    Now that the dust has settled with the Linux version of The Colonists out in the wild, I spent some time playing it and came away quite impressed by it.

read more

Security Leftovers

tuxmachines.org - Čet, 06/27/2019 - 17:07
  • Chinese hackers accused of 'mass-scale attack' on mobile operators

    The cyberespionage campaign, dubbed Operation Soft Cell, was first noticed a year ago. Since then, hackers been attacking various mobile operators to gain access to their networks and obtain call detail records (CDRs) of their targets from the database.

  • OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass

    The more technical explanation: Cavallarin noted that macOS treats apps loaded from a network share differently than apps downloaded from the Internet. By creating a symbolic link (or "symlink"—similar to an alias) to an app hosted on an attacker-controlled Network File System (NFS) server, and then creating a .zip archive containing that symlink and getting a victim to download it, the app would not be checked by Apple's rudimentary XProtect bad-download blocker.

  • Apple macOS Gatekeeper security flaw exploited out in the wild

    Cavallarin noted that he alerted Apple to the problem in February, and Cupertino's code wranglers were meant to have fixed it with macOS 10.14.5. But that doesn't appear to have happened, as security company Intego has discovered an example of it being used.

  • An 14-year-old's Internet-of-Things worm is bricking shitty devices by the thousands

    A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices' firewall rules and removes its network config and triggers a restart -- this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device's firmware.

  • scripting sudo's digest functions

    At my last job I wrote a couple perl scripts to build platform-specific digest-checking sudoers files for all programs in system directories. I've cleaned them up some and added Linux support. They're not on github because once I do that other folks might find them, and I'm not convinced this is a good thing. But I'd like some feedback, so I'm posting here.

  • VideoLAN Patches Critical Vulnerability in VLC Media Player

    Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp).

    This could then be leveraged to execute arbitrary code on the vulnerable system, the researcher says.

  • Double-Free RCE in VLC

    I spent three months working on VLC using Honggfuzz, tweaking it to suit the target. In the process, I found five vulnerabilities, one of which was a high-risk double-free issue and merited CVE-2019-12874.

    Here’s the VLC advisory https://www.videolan.org/security/sa1901.html.

    Here’s how I found it. I hope you find the how-to useful and it inspires you to get fuzzing.

  • PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

    As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.

    However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims.

    Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago.

  • How I [Cracked] the Microsoft Outlook Android App and Found CVE-2019-1105

    In a web browser, it’s possible to run JavaScript code by using a URL that starts javascript:. But in a web browser, JavaScript in an iframe on a separate domain shouldn’t have access to the data in the rest of the page. In Outlook on the Android, there is no such restriction. My iframe JavaScript had full access to cookies, tokens and even some emails. Not only that, I could send them back out to a remote attacker.

    This kind of vulnerability could be exploited by an attacker sending an email with JavaScript in it. The server escapes that JavaScript and does not see it because it’s within an iframe. When delivered, the mail client automatically undoes the escaping and the JavaScript runs on the client device. Bingo – a stored XSS. This code can do whatever the attacker desires, up to and including stealing information and/or sending data back out. An attacker can send you an email and just by you reading it, they could steal the contents of your inbox. Weaponized, this can turn into a very nasty piece of malware.

  • More than 400 737 Max pilots are suing Boeing over an 'unprecedented cover-up' of flaws in the plane's design

    More than 400 Boeing 737 Max pilots are suing the company over what they allege was an "unprecedented cover-up" of "known design flaws" in the plane, and over the financial losses they face as the plane remains grounded after two fatal crashes.

    A class-action lawsuit was filed against Boeing on Friday "for financial and other losses arising from the circumstances and grounding of the MAX fleet," according to the two law firms representing the pilots, based in Chicago and Australia.

  • US Public Might Not Be Told About Foreign Efforts to Alter Next Election

    With the 2020 presidential campaign getting under way, intelligence agencies, along with the Department of Homeland Security and FBI, have set about briefing the candidates and making them aware of the resources available should their campaign come under attack.

  • US election security: still a dumpster fire

    There's some progress on eliminating the voting-machine business altogether, with a free/open source system emerging from Los Angeles County's election authorities -- LA County is a national leader in election security and inclusiveness, with an 11-day voting window, available paper ballots for all, and a slate of accessibility features in its machines.

    But LA County is an exception, and between the poor-quality systems in place nationwide, intransigence from Senate Republicans on allocating funds for election security, and the diplomatic chaos that has failed to produce any international norms on election meddling, 2020 is looking like a potential shitshow to put 2016 to shame.

  • [Older] Securing Our Cyber Future

    This study seeks to provide a partial substitute for such a commission report. Building on the abovementioned research and investigations, our report begins by summarizing in Chapter One what the Kremlin did in 2016 and why. Chapters Two through Eight then offer concrete prescriptions for protecting the integrity and independence of U.S. elections, focusing in particular on strengthening resiliency before the 2020 presidential election. Our recommendations are practical, concrete, and achievable before 2020— but they demand action now.

  • A Likely Chinese [Attacker] Crew Targeted 10 Phone Carriers to Steal Metadata

    On Monday night, researchers at Boston-based cybersecurity firm Cybereason revealed the results of tracking a years-long cyberespionage campaign they've called Operation Soft Cell, which they say targeted the networks of at least 10 cellular providers around the world. And while researchers' visibility into that [attack] campaign is incomplete, they say it appears to be a prolific but highly targeted espionage campaign likely based in China. In one of the 10 breaches that affected a Cybereason customer, the researchers say they found that the [attackers] had gained deep access to the victim's network and stolen gigabytes of metadata related to 20 specific individuals' phone usage and location.

  • The Bug That Crashed New York’s Wireless Network

    The simple remedy involved some necessary upgrades.

    Yet somehow, New York City’s technology managers were caught completely off guard, and did nothing to prepare for the calendar reset of the centralized Global Positioning System.

    As a result, a wireless network used by city agencies crashed in April, crippling many services that relied on it, including some Police Department license plate readers and a system to remotely control traffic lights. It took 10 days to get the network running again.`

  • Sheryl Crow: Universal Studios fire destroyed all my master tapes

    "And secondly, I can't understand how you could make safeties [back-up copies] and have them in the same vault. I mean, what's the point?

    "And thirdly, I can't understand how it's been 11 years," she added. "I mean, I don't understand the cover-up."

    Crow, who had seven US top 10 albums between 1995 and 2008, is the first artist to confirm the loss of their recordings since the New York Times' investigation was published two weeks ago.

  • Windows 10 USB-C glitch is causing sluggish shutdowns

    While a minute might not seem like a long time, despite the protestations of some, when one is working on the move and needs to quickly pack up a laptop to so they can hop off a train, for example, 60 whole full-fat seconds can seem like a drag.

    It's also disconcerting when a computer takes a long time to shut down as well, given you don't know if it's suddenly going to throw up a blue screen of death.

read more

[$] Providing wider access to bpf()

LWN.net - Čet, 06/27/2019 - 15:56
The bpf() system call allows user space to load a BPF program into the kernel for execution, manipulate BPF maps, and carry out a number of other BPF-related functions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of program loaded, are capable of creating various types of mayhem. As a result, most BPF operations, including the loading of almost all types of BPF program, are restricted to processes with the CAP_SYS_ADMIN capability — those running as root, as a general rule. BPF programs are useful in many contexts, though, so there has long been interest in making access to bpf() more widely available. One step in that direction has been posted by Song Liu; it works by adding a novel security-policy mechanism to the kernel.

Stable kernels 4.14.131, 4.9.184, and 4.4.184

tuxmachines.org - Čet, 06/27/2019 - 15:50
  • Linux 4.14.131

    I'm announcing the release of the 4.14.131 kernel.

    All users of the 4.14 kernel series must upgrade.

    The updated 4.14.y git tree can be found at:
    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y
    and can be browsed at the normal kernel.org git web browser:
    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

  • Linux 4.9.184
  • Linux 4.4.184

read more

Stable kernels 4.14.131, 4.9.184, and 4.4.184

LWN.net - Čet, 06/27/2019 - 15:40
Greg Kroah-Hartman has released the 4.14.131, 4.9.184, and 4.4.184 stable kernels. Each contains a single patch that fixes a problem in the TCP SACK panic fixes that was commonly seen by the Steam gaming community.

Security updates for Thursday

LWN.net - Čet, 06/27/2019 - 15:01
Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat).

AMD Navi Support Makes It Into DRM-Next For Linux 5.3, AMDGPU Hits Two Million Lines

Phoronix - Čet, 06/27/2019 - 14:31
With the Linux kernel driver support for the upcoming "Navi" graphics cards only having been sent out last week for AMDGPU/AMDKFD, given it was more than 450 patches and more than 400 thousand lines of code (granted much of that automated header files), there was some risk it could be postponed given the imminent cut-off of new material to DRM-Next for Linux 5.3 given the rigid release cycle. Fortunately, that pull request has been honored...

CentOS 8 To Arrive At The End Of June: All You Need To Know

tuxmachines.org - Čet, 06/27/2019 - 13:56

Red Hat Enterprise Linux 8 (RHEL 8) made its way into the market last month, which may have prompted a lot of people to expect the release of CentOS 8. according to recent reports, a major redesign is needed in the bundles; installer manufactures frameworks to make it ready to work with the more up to date working frameworks all the more proficiently. Here's all the info we've managed to scraped about the upcoming CentOS.

As indicated by the most recent reports, the fundamental form framework for the task has been finished, and at present, the group is focusing on the work of art. Additionally, the fabricate circles likewise need work to have the option to help the majority of the bundles of CentOS.

read more

Qt 3D Studio 2.4 Released

tuxmachines.org - Čet, 06/27/2019 - 13:41

We are happy to announce the Qt 3D Studio 2.4 release is now available via the online and offline installers. Here’s a quick summary of the new features and functions in 2.4. For detailed information about the Qt 3D Studio, visit the online documentation page or see the older blog posts.

Also: Qt 3D Studio 2.4 Released With Massive Performance Boost - By Switching Away From Qt 3D

read more

FreeDOS's Linux Roots

tuxmachines.org - Čet, 06/27/2019 - 13:37

I discovered Linux in 1993 and instantly recognized it as a Big Deal. Linux had a command line that was much more powerful than MS-DOS, and you could view the source code to study the Linux commands, fix bugs and add new features. I installed Linux on my computer, in a dual-boot configuration with MS-DOS. Since Linux didn't have the applications I needed as a working college student (a word processor to write class papers or a spreadsheet program to do physics lab analysis), I booted into MS-DOS to do much of my classwork and into Linux to do other things. I was moving to Linux, but I still relied on MS-DOS.

In 1994, I read articles in technology magazines saying that Microsoft planned to do away with MS-DOS soon. The next version of Windows would not use DOS. MS-DOS was on the way out. I'd already tried Windows 3, and I wasn't impressed. Windows was not great. And, running Windows would mean replacing the DOS applications that I used every day. I wanted to keep using DOS. I decided that the only way to keep DOS was to write my own. On June 29, 1994, I announced my plans on the Usenet discussion group comp.os.msdos.apps, and things took off from there...

read more

Qt 3D Studio 2.4 Released With Massive Performance Boost - By Switching Away From Qt 3D

Phoronix - Čet, 06/27/2019 - 12:30
The Qt Company has released Qt 3D Studio 2.4 as the latest release of its 3D user-interface creation suite...

GNOME Foundation Issues 2018 Annual Report - Massive Increase In Funding

Phoronix - Čet, 06/27/2019 - 12:29
The GNOME Foundation has issued their 2018 annual report that is particularly notable due to a massive rise in their income following two large donations...

today's leftovers

tuxmachines.org - Čet, 06/27/2019 - 10:22
  • Chrome OS 75 rolling out with Linux improvements, playing DRM video on external displays

    After rolling out to Android, Mac, Windows, and Linux, version 75 of Chrome OS is now available. Notable features include Linux improvements and more parental control options with Family Link.

    Linux on Chrome OS pick up support for Android devices over USB and VPN connections. Linux apps can access Android devices connected over USB, with this particularly useful for Android developers debugging and pushing APKs.

    Meanwhile, Linux applications can utilize existing Android or Chrome OS VPNs. All traffic from the Linux VM will automatically be routed through an established connection.

  • New laptop: ThinkPad X390

    The 13” 1920x1080 screen at ~160 dpi is a bit uncomfortable to use with my poor eyesight, so first I tried to use GNOME Tweaks to scale fonts to 120%. This worked okay-ish (a shame that Firefox ignores this and I had to tweak it separately) until I plugged in an external monitor (~80 dpi) where the large fonts were cartoonishly too large. Next, I enabled GNOME’s experimental fractional scaling support (I use a Ubuntu on Wayland session instead of the default one) and (after a reboot) set the zoom level on the internal screen to 125% (after resetting font scaling back to 100%, of course). Wayland apps look nice and crisp, X11 apps (Firefox) look fuzzy, but shrug at least I can read the text without squinting.

  • Concurrent Real-Time Introduces RedHawk Linux for NVIDIA's Jetson AGX Xavier

    In supporting the AGX Xavier, RedHawk Linux is well positioned for embedded applications in aerospace, defense, automotive, industrial and medical markets that require high-performance, low-power consumption and deterministic response. RedHawk provides a guaranteed response time of less than 50 microseconds on the AGX Xavier.

  • IGEL Drives the Rapid Growth of Linux OS-Based Devices at the Edge

    ...in 2018 Linux, for the first time, surpassed Windows shipments for thin clients, growing 6% per annum from 2015 to 2018 while Windows OS shrank 5% per annum during the same period.

  • LinuxQuestions.org Turns Nineteen

    I'm proud to announce that LQ turned 19 yesterday! I'd like to once again thank each and every LQ member for their participation and feedback. While there is always room for improvement, that LQ has remained a friendly and welcoming place for new Linux members despite its constantly growing member-base and geographic distribution is a testament to the community.

    To say that feedback has been absolutely critical to our success is an understatement. As has become tradition, I'd like to use this thread to collect as much feedback as possible about LQ. What are we doing well and where can we improve? Where are we failing? What can we do to ensure long time members remain engaged and willing to help? What can we do to ensure new members feel welcome? What should we be doing differently?

    As part of our 19 year anniversary, we'll be randomly selecting 19 posts from this thread and upgrading that member to "Contributing Member" status for one year. Stay tuned, and thanks again for being a member. Together, I think we can make LQ even better.

  • Flea Madness sound like a ridiculously fun multiplayer game where you eat your enemies

    Flea Madness, currently in development by Priple is a fast-paced multiplayer action game that looks good and the idea sounds pretty amusing too.

    Each player assumes the role of an alien flea, a biological weapon with a singular purpose—eat everything. As you hunt and eat others, you evolve into a more dangerous creature too. Spread across the maps, you will find insects to eat, which will also give you various abilities although not all of them good for you. Some might speed you up, turn you invisible or reverse your controls.

  • Steam’s Summer Sale 2019 Is Live With A New Way To Earn Free Games

    Steam’s annual event, which PC gamers eagerly await each year, has finally started. The Steam Summer Sale 2019 is now live and will run through July 9, offering gamers a seemingly endless list of games to choose from.

    “Start your engines, everybody… the Steam Summer Sale has begun! For the next 14 days, enjoy great savings on a huge selection of games and join in the Steam Grand Prix 2019 event until July 7th 10AM PDT,” Steam says in a blog post.

    Thousands of games across various genres are now available on discount, so if you don’t have a Steam wishlist, it could prove difficult to choose the games you want. However, to help you make a choice, we have listed some of the best deals from the Steam Summer Sale 2019.

  • GCC 10 Lands Support For Intel Tiger Lake's AVX-512 VP2INTERSECT

    Similar to the recent LLVM compiler work, the in-development GCC 10 compiler also now has support for the AVX-512 VP2INTERSECT instructions being introduced on Intel Tiger Lake CPUs.

  • DisplayPort 2.0 Published For 3x Increase In Data Bandwidth Performance

    VESA announced their first major update to the DisplayPort interface in three years.

    DisplayPort 2.0 provides for a three fold increase in data bandwidth performance compared to DP 1.4a, support beyond 8K resolutions, higher refresh rates and HDR at higher resolutions, and other enhancements. DisplayPort 2.0 will work both on DisplayPort connectors and USB Type-C with backwards compatibility.

  • SiFive CEO Says RISC-V Servers are 'Five Years Away'

    Last year he thought smartphones and servers were five and 10 years away, respectively, but he's had to "pull in his targets."

read more

Syndicate content
sfy39587f05