Odprtokodni pogled

Opensource view

Tuja odprtokodna scena

GCC 6.5 Is Being Prepared As The Last GCC6 Compiler Release

Phoronix - Pet, 10/12/2018 - 12:07
Version 6.5 of the GNU Compiler Collection will soon be released to end out the GCC6 series...

Mozilla/Firefox News

tuxmachines.org - Pet, 10/12/2018 - 11:27
  • Slimmer and simpler static atoms

    In Firefox’s code we use the term atom rather than intern, and atom table rather than string intern pool. I don’t know why; those names have been used for a long time.

    Furthermore, Firefox distinguishes between static atoms, which are those that are chosen at compile time and can be directly referred to via an identifier, and dynamic atoms, which are added on-demand at runtime. This post is about the former.

  • Home Monitoring with Things Gateway 0.6

    When it comes to smart home devices, protecting the safety and security of your home when you aren’t there is a popular area of adoption. Traditional home security systems are either completely offline (an alarm sounds in the house, but nobody is notified) or professionally monitored (with costly subscription services). Self monitoring of your connected home therefore makes sense, but many current smart home solutions still require ongoing service fees and send your private data to a centralised cloud service.

  • WebRender newsletter #25

    As usual, WebRender is making rapid progress. The team is working hard on nailing the remaining few blockers for enabling WebRender in Beta, after which focus will shift to the Release blockers. It’s hard to single out a particular highlight this week as the majority of bugs resolved were very impactful.

  • DevEdition 63 Beta 14 Testday, October 12th

    We are happy to let you know that Friday, October 12th, we are organizing Firefox 63 Beta 14 Testday. We’ll be focusing our testing on: Flash Compatibility and Block Autoplay V2.

  • Mozilla B-Team: happy bmo push day!Mozilla B-Team: happy bmo push day!
  • Mozilla B-Team: happy bmo push day (last friday)
  • Firefox removes core product support for RSS/Atom feeds

    from Firefox 64 onwards, RSS/Atom feed support will be handled via add-ons, rather than in-product.

    [...]

    By virtue of being baked into the core of Firefox, these features have long had outsized maintenance and security costs relative to their usage. Making sure these features are as well-tested, modern and secure as the rest of Firefox would take a surprising amount of engineering work, and unfortunately the usage of these features does not justify such an investment: feed previews and live bookmarks are both used in around 0.01% of sessions.

    As one example of those costs, “live bookmarks” use a very old, very slow way to access the bookmarks database, and it would take a lot of time and effort to bring it up to the performance standards we expect from Quantum. Likewise, the feed viewer has its own “special” XML parser, distinct from the main Firefox one, and has not had a significant update in styling or functionality in the last seven years. The engineering work we’d need to bring these features, in their current states, up to modern standards is complicated by how few automated tests there are for anything in this corner of the codebase.

  • Firefox Reality 1.0.1 - with recline mode

    Firefox Reality 1.0.1 is now available for download in the Viveport, Oculus, and Daydream app stores. This is a minor point release, focused on fixing several performance issues and adding crash reporting UI and (thanks to popular request!) a reclined viewing mode.

read more

La Frite: A Libre ARM SBC For $5, 10x Faster Than The Raspberry Pi Zero

Phoronix - Pet, 10/12/2018 - 11:21
The folks at the Libre Computer Project who have successfully released the Tritium, Le Potato, and other ARM SBCs while being as open-source friendly as possible have now announced La Frite...

Linux 4.14 LTSI Kernel Released For Longer-Term Support

tuxmachines.org - Pet, 10/12/2018 - 10:56

The Linux Foundation LTSI initiative has finished baking its first Linux 4.14-based kernel for longer-term support.

LTSI is the Long-Term Support Initiative hosted by the Linux Foundation that's focused on longer-term kernel support for the likes of consumer electronics. LTSI is apart from the long-term kernels maintained as well by Greg KH and other stakeholders.

Previously LTSI had been tracking the Linux 4.9 kernel and before that Linux 4.1, Linux 3.14, 3.10, 3.4, and 3.0.

Also: LTSI-4.14 is now released

read more

Ubuntu's Bring-Up Of NVIDIA's Driver With Mir Continues

Phoronix - Pet, 10/12/2018 - 10:19
The Ubuntu developers continuing to work on the Mir display server stack have made headway in their NVIDIA driver enablement effort...

Security: National Security at Stake, Too

tuxmachines.org - Pet, 10/12/2018 - 10:10
  • Supermicro boards were so bug ridden, why would hackers ever need implants?
  • New U.S. Weapons Systems Are a Hackers’ [sic] Bonanza, Investigators Find

    The report by the Government Accountability Office concluded that many of the weapons, or the systems that control them, could be neutralized within hours. In many cases, the military teams developing or testing the systems were oblivious to the hackingi [sic].

  • Cool Cool Cool Oversight Office Says It's Incredibly Easy To Hack The Defense Dept.'s Weapons Systems

    The GAO points out the DOD has spent more time locking down its accounting systems than its weapons systems, even as the latter has increasingly relied on computer hardware and software to operate. The systems used by the DOD are a melange of commercial and open-source software, which relies on vendors to provide regular updates and patch vulnerabilities. (Unfortunately for the DOD, some vulnerabilities may not have been disclosed to software/hardware vendors by other government agencies like the NSA.) But the DOD gives itself a 21-day window to apply patches and some remote weapons systems may go months without patching because they often need to return from deployment to be patched properly.

    The end result is a network of defense systems riddled with security holes. The GAO says it doesn't take much to commandeer weapons of mass destruction.

read more

GNOME 3.31.1 Released As The First Step Towards GNOME 3.32

Phoronix - Pet, 10/12/2018 - 10:00
GNOME 3.31.1 was released on Thursday as the first step towards the GNOME 3.32 desktop update due out in March...

XDC2019 X.Org / Mesa / Wayland Conference To Be Hosted In Montreal

Phoronix - Pet, 10/12/2018 - 02:03
The X.Org Foundation Board of Directors decided today that their next annual X.Org/Mesa/Wayland conference will be held in Montreal, Canada...

Ubuntu 18.10 (Cosmic Cuttlefish) Is Now in Final Freeze, Launches October 18

tuxmachines.org - Pet, 10/12/2018 - 01:07

With just one week left until the final release, Ubuntu 18.10, dubbed Cosmic Cuttlefish, has reached the final step in its development cycle, Final Freeze. This means that from this point until the final release only critical bugs that affect the ISO images or installers are admitted in the archives.

Of course, the Ubuntu engineers would need community's help to test the ISO images before they hit the stable channels, so they are working on releasing the Release Candidate (RC) images in the coming days on the official ISO tracker for Ubuntu and probably all other official flavors.

read more

Teal One drone runs Linux on a Jetson TX1 and flies at 60 mph

tuxmachines.org - Pet, 10/12/2018 - 01:02

Teal has launched a $1,200 “Teal One” drone that runs Linux on a Jetson TX1 module and an Ambarella SoC with PX4 support. The quadcopter can fly at up to 60 mph for 15 minutes and shoot [email protected] video.

Salt Lake City based Teal was launched by CEO George Matus at the age of 17 to pursue his love of FPV drone racing. The company launched a Teal Sport FPV racing drone that runs on an MCU-based KISS flight controller and sells for $499 for a barebones model and $799 fully accessorized. Now, at age 21, Matus has followed up with his promised Teal One, a higher-end, all-purpose, semi-autonomous camera quadcopter.

read more

today's leftovers

tuxmachines.org - Čet, 10/11/2018 - 22:57
  • AMDGPU DC Gets "PERF_TRACE" To Help With Performance Profiling

    Published on Wednesday was the latest batch of AMDGPU DC display code changes for its eventual inclusion into the AMDGPU DRM driver for mainline past the 4.20~5.0 cycle with that feature merge window being over. The most notable change with this latest AMDGPU DC haul is a new "PERF_TRACE" addition.

    The 26 patches sent out on Wednesday refactor the DCE clock code as well as the DC to SMU interface. Most interesting to us though is this PERF_TRACE feature on Linux. This PERF_TRACE functionality isn't to be confused with the perf subsystem nor the perf-trace user-space utility.

  • Removing my favorite feature

    So in a decision that was long overdue, I’m removing the real-time graph from Builder 3.32. I never did a great job of porting that code to optimal Wayland use anyway. It was really designed with Xrender/Xshm in mind where XCopyArea() was cheap and done on the GPU.

  • Debian/TeX Live updates 20181009

    During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.

read more

OSS Leftovers

tuxmachines.org - Čet, 10/11/2018 - 22:53
  • Spinnaker is the next big open source project to watch

    Spinnaker is an open source continuous delivery (CD) platform from Netflix and Google, though it now also has the backing of other major software companies. Spinnaker 1.0 launched last July, so it’s not the newest kid on the block, but the service is slowly but surely gaining momentum now, with users that include Target, Adobe, Daimler and Capital One, as well as a growing ecosystem of vendors who support it.

    Today, after a few years of working on the project without any formal structure in place, the Spinnaker project announced that it is growing up and putting a formal governance system in place at the project’s second community summit in Seattle this week.

  • Andy Wingo: heap object representation in spidermonkey

    I was having a look through SpiderMonkey's source code today and found something interesting about how it represents heap objects and wanted to share.

    I was first looking to see how to implement arbitrary-length integers ("bigints") by storing the digits inline in the allocated object. (I'll use the term "object" here, but from JS's perspective, bigints are rather values; they don't have identity. But I digress.) So you have a header indicating how many words it takes to store the digits, and the digits follow. This is how JavaScriptCore and V8 implementations of bigints work.

    Incidentally, JSC's implementation was taken from V8. V8's was taken from Dart. Dart's was taken from Go. We might take SpiderMonkey's from Scheme48. Good times, right??

    When seeing if SpiderMonkey could use this same strategy, I couldn't find how to make a variable-sized GC-managed allocation. It turns out that in SpiderMonkey you can't do that! SM's memory management system wants to work in terms of fixed-sized "cells". Even for objects that store properties inline in named slots, that's implemented in terms of standard cell sizes. So if an object has 6 slots, it might be implemented as instances of cells that hold 8 slots.

    Truly variable-sized allocations seem to be managed off-heap, via malloc or other allocators. I am not quite sure how this works for GC-traced allocations like arrays, but let's assume that somehow it does.

  • Pocket Offers New Features to Help People Read, Watch and Listen across iOS, Android and Web

    We know that when you save something to Pocket, there is a reason why. You are saving something you want to learn about, something that fascinates you, something that will help shape and change you. That’s why we’ve worked hard to make Pocket a dedicated, quiet place to focus so that you can come back and absorb what you save when you are ready.

    The trick is, in the reality of our lives, it’s not always that simple. Our lives don’t always have a quiet moment with a coffee cup in hand with Pocket in the other. We have work to do, kids to take care of, school to attend. But with Pocket we’ve always worked hard to ensure that Pocket gives you tools to fit content around your life, freeing you from the moment of distraction and putting you in control.

  • OpenBSD's unveil()

    One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.

    The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process's actual job.

  • digest 0.6.18

    Earlier today, digest version 0.6.18 arrived on CRAN. It will get uploaded to Debian in due course.

    digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64 and murmur32 algorithms) permitting easy comparison of R language objects.

  • Did your first pull request get accepted?
  • Clazy 1.4 released

    Clazy 1.4 has been released and brings 10 new checks.

    Clazy is a clang compiler plugin which emits warnings related to Qt best practices. We’ll be showing Clazy at Qt World Summit in Boston, Oct 29-30, where we are a main Sponsor.

  • I'd like to interject for a moment

    Mastodon is merely an implementation of Fediverse. As it happens, only one of my Fediverse channels runs on Mastodon (the Japanese language one at Pawoo). Main one still uses Gnusocial, the anime one was on Gnusocial and migrated to Pleroma a few months ago. All of them are communicating using the OStatus protocol, although a movement is afoot to switch to ActivityPub. Hopefully it's more successful than the migration from RSS to Atom was.

    Yet, I noticed that a lot of people fall to the idea that Mastodon is an exclusive brand. Rarely one has to know or care what MTA someone else uses. Microsoft was somewhat successful in establishing Outlook as such a powerful brand to the exclusion of the compatible e-mail software. The maintainer of Mastodon is doing his hardest to present it as a similar brand, and regrettably, he's very successful at that.

  • How to level up your organization's security expertise

    IT security is critical to every company these days. In the words of former FBI director Robert Mueller: “There are only two types of companies: Those that have been hacked, and those that will be.”

    At the same time, IT security is constantly evolving. We all know we need to keep up with the latest trends in cybersecurity and security tooling, but how can we do that without sacrificing our ability to keep moving forward on our business priorities?

    No single person in your organization can handle all of the security work alone; your entire development and operations team will need to develop an awareness of security tooling and best practices, just like they all need to build skills in open source and in agile software delivery. There are a number of best practices that can help you level up the overall security expertise in your company through basic and intermediate education, subject matter experts, and knowledge-sharing.

read more

AMD Posts Latest Open-Source Linux Patches For FreeSync / Adaptive-Sync / VRR

Phoronix - Čet, 10/11/2018 - 21:34
One of the few features not yet provided by the mainline open-source Radeon Linux graphics driver will soon be crossed off the list... FreeSync / Adaptive-Sync / HDMI Variable Refresh Rate support...

Red Hat and Fedora Leftovers

tuxmachines.org - Čet, 10/11/2018 - 21:13

read more

PostgreSQL 11 Almost Ready

tuxmachines.org - Čet, 10/11/2018 - 20:48
  • PostgreSQL 11 RC1 Released!

    The PostgreSQL Global Development Group announces that the first release candidate of PostgreSQL 11 is now available for download. As a release candidate, PostgreSQL 11 RC 1 should be identical to the initial release of PostgreSQL 11, though some more fixes may be applied prior to the general availability of PostgreSQL 11.

  • PostgreSQL 11 RC1 Released Ahead Of Stable Release Next Week

    -
    One week from today will hopefully mark the release of the PostgreSQL 11 stable database server release.

    PostgreSQL 11.0 delivers more performance tuning optimizations with that work being never-ending. There are also various other improvements.

read more

Linux 4.14 LTSI Kernel Released For Longer-Term Support

Phoronix - Čet, 10/11/2018 - 20:38
The Linux Foundation LTSI initiative has finished baking its first Linux 4.14-based kernel for longer-term support...

Getting started with Minikube: Kubernetes on your laptop

tuxmachines.org - Čet, 10/11/2018 - 20:37

Minikube is advertised on the Hello Minikube tutorial page as a simple way to run Kubernetes for Docker. While that documentation is very informative, it is primarily written for MacOS. You can dig deeper for instructions for Windows or a Linux distribution, but they are not very clear. And much of the documentation—like one on installing drivers for Minikube—is targeted at Debian/Ubuntu users.

read more

Tumbleweed Gets Plasma 5.14, Frameworks 5.50

tuxmachines.org - Čet, 10/11/2018 - 20:23

Four openSUSE Tumbleweed snapshots this week brought new versions of software along with new versions of KDE’s Plasma and Frameworks as well as python-setuptools and many other packages.

The most recent snapshot, 20181009, updated KDE’s Plasma 5.14. The new Plasma version has several new features like the new Display Configuration widget for screen management, which is useful for presentations. The Audio Volume widget has a built in speaker test feature moved from Phonon settings and the Network widget now works for SSH VPN tunnels again. The Global menu now supports GTK applications as well. Mozilla Firefox 62.0.3 fixed a few Common Vulnerabilities and Exposures including a vulnerability in register allocation of JavaScript that can lead to type confusion, which allows for an arbitrary read and write. The cpupower package, which is a collection of tools to examine and tune power, was updated to version 4.19 and deleted some patches that are now part of the mainline. Source-control-management system mercurial 4.7.2 fixed a potential out-of-bounds read in manifest parsing C code. Other packages including in the snapshot were inxi 3.0.26, lftp 4.8.4, libinput 1.12.1, okteta 0.25.4 and vm-install 0.10.04

Snapshot 20181004 included several package updates as well. NetworkManager-openvpn 1.8.6 fixed an endless loop checking for encrypted certificate. The open source antivirus engine clamav 0.100.2 disabled the opt-in minor feature of OnAccess scanning on Linux systems and will re-enabled in a future release. Users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. The Linux Kernel was updated to 4.18.11 and had several fixes for Ext4. Developers using python-setuptools 40.4.3 will see a few changes from the previous 40.2.0 version that was in Tumbleweed like the vendored pyparsing in pkg_resources to 2.2.1. Those using Samba will see a fix for cluster CTDB configuration with the 4.9.1 version. Caching proxy squid 4.3 updated systemd dependencies in squid.service and vlc 3.0.4 improve support for broken HEVC inside MKV.

read more

Syndicate content
sfy39587f05