Odprtokodni pogled

Opensource view

tuxmachines.org

Syndicate content
Your source for Linux and Open Source news, reviews, and howtos.
Posodobljeno: 24 min 3 sec nazaj

Security: Updates, US Weapons Systems, and Voting Risks

Čet, 10/11/2018 - 19:24
  • Security updates for Thursday
  • US Weapons Systems Are Easy Cyberattack Targets, New Report Finds

    Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report states. And yet, perhaps more alarmingly, the officials who oversee those systems appeared dismissive of the results.

  • Election security groups warn of cyber vulnerabilities for emailed ballots

    Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.

read more

Games: Commodore 64, Steam, OCTOPTICOM, Geneshift, RimWorld, Unreal Engine, XCOM, Robocraft, Cities: Skylines - Industries

Čet, 10/11/2018 - 19:20
  • Internet Archive launches repository of 15,000 playable Commodore 64 games

    The Commodore 64 becomes the third in-browser collection after the Commodore Amiga and a range of arcade games from LCD pocket to full cabinet were released over the last few years.

    The site uses an adaptation of the Vice emulator, compiled in Emscripten, and there are already 10,500 titles available, which the Archive confirms is a growing number. In fact, at time of writing it already seems to have exceeded 15,000.

  • The recent Steam Play beta is now out for everyone, plus a minor beta update

    If it doesn't show up for you, restart Steam. Hopefully in future the stable updates won't require this, I imagine an improved update flow will be worked on eventually although it's not much hassle to quickly restart Steam.

    Additionally, there's a very minor 3.7-8 beta available which only notes that it has "Minor compatibility fixes in preparation for future Proton versions.". While minor, the wording has piqued my interest to see what they're going to be doing.

  • Programming puzzler 'OCTOPTICOM' adds Linux support

    For those of you who love programming and puzzle games, OCTOPTICOM looks like it might actually be quite good.

  • Geneshift has expanded the Battle Royale mode to support playing with a friend

    Geneshift, the top-down shooter recently gained a Battle Royale mode that's really damn fun and the developer has continued to roll out improvements.

  • RimWorld 1.0 is going to release on October 17th next week

    After being in development for over five years, the developer has now announced the final release. They've said that the game will be save-compatible going from the most recent version as long as you haven't installed any mods. It's not going to be much different to the most recent beta, since it will largely be a bug-fix release. Although, they did mention "a new food restriction system", which lets you restrict what your colonists and any prisoners are allowed to eat.

  • Epic Games have rolled out Unreal Engine 4.21 preview, with Linux improvements

    Overall, it seems like a pretty good step up for Unreal Engine with a lot of new features, bug fixes and general code cleanups. It has improved IPv6 support, improvements to DDoS Detection and Mitigation, experimental support for the SteamVR Input subsystem, improved performance of the Unreal asset cooking process, loads of animation system updates and the list goes on and on.

  • The XCOM 2 'Tactical Legacy Pack' DLC shows how much love Firaxis has for the series and the fans

    As a long time XCOM fan, the Tactical Legacy Pack for XCOM 2 certainly feels like fan service and it's really quite good. XCOM 2 was already good, difficult as hell but engrossing. The War of the Chosen expansion released last year expanded the game in a lot of ways and it became an even better experience. This was especially true, because of all the new story elements to the game which changed the direction of it quite a lot.

    Now we have the Tactical Legacy Pack which includes new game modes, new maps, new weapons and armour and plenty more it's certainly not short on features. While not a complete game changer, it offers up enough to make it worth a purchase in my opinion. Enough to make me put down my new addiction to Rocket League for quite a number of hours, it's just that good.

  • Free to play robot battler 'Robocraft' adds a wave-based singleplayer mode

    Robocraft, the rather good free to play robot building and battling game just added a an early version of their wave-based campaign mode.

    I've tried it out and it's actually not bad at all, a pretty good way to really test your design skills against increasing waves of difficult enemies along with some more powerful boss robots.

  • Cities: Skylines - Industries expansion announced, releasing October 23rd

    Paradox have announced the Cities: Skylines - Industries expansion due for release on October 23rd and as usual the DLC will work fine on Linux.

    From the press release we got sent:

    “With this expansion, players can make more meaningful choices in their cities’ industry by managing their production chains from grain to bread.” said Sandra Neudinger, Product Manager from Paradox Interactive. “The players have been asking for an industrial expansion for a while, so we’re excited to finally offer a full featured approach.”

read more

Git GUI Front-Ends And IDE Support - Git Series Part 4

Čet, 10/11/2018 - 18:48

Developers have created third-party software (free or otherwise) that gives users a GUI to use for interacting with a repository. Here is an overview of a few programs that you can use. This is so you can have an idea of what you can expect from a GUI git client.

more" title="Read the rest of this article" />

read more

Plex Media Server Is Now Available as a Snap App for Ubuntu, Other Linux Distros

Čet, 10/11/2018 - 17:19

Already available as binary packages for Debian- and Red Hat-based operating systems using the DEB and RPM package format, the Plex Media Server over-the-top (OTT) media service used by millions worldwide is now easier to install across a multitude of GNU/Linux distributions as a Snap app from Canonical's Snap Store.

"The biggest appeal of Snaps is the simple installation mechanism," said Tamas Szelei, Software Engineer at Plex. "Canonical's Snap Store provides an easy and secure way to distribute our software to an increasing number of consumers. What's more, Snaps help cater to the more technical Plex user, who benefits from confined applications and the added sense of software security."

read more

Hands On & Initial Benchmarks With An Ampere eMAG 32-Core ARM Server

Čet, 10/11/2018 - 17:09

Especially with Qualcomm's Centriq efforts going quiet in recent months, one of the most interesting ARM server efforts at the moment is Ampere Computing -- the company founded by former Intel president Renee James and with several other ex-Intel employees on staff. They started off with the acquired assets from what was AppliedMicro and their X-Gene ARMv8 IP and for the past year have been improving it into their recently announced eMAG processors.

The eMAG processors announced back in September by Ampere are up to 32-core with a 3.3GHz turbo while having a launch price of $850 USD. Their second processor is a 16-core model with 3.3GHz turbo for $550. Both processors support eight DDR4-2667MHz memory channels, SATA 3.0 storage connectivity, 42 PCI Express 3.0 lanes, and these 16nm FinFET processors have a 125 Watt TDP. Lenovo and other ODMs will be manufacturing servers with eMAG processors although the expected pricing information isn't yet announced.

read more

Debian-Based Raspbian OS Gets Raspberry Pi PoE HAT Support, Latest Updates

Čet, 10/11/2018 - 17:07

Running the long-term supported Linux 4.14.71 kernel, the Raspbian 2018-10-09 release comes with support for Raspberry Pi Foundation's Raspberry Pi PoE (Power over Ethernet) HAT, a small accessory for the Raspberry Pi 3 Model B+ SBC that allows users to power the board via an Ethernet cable.

Raspbian 2018-10-09 also updates the startup wizard by implementing support for assigning keyboard layouts by country, a new option to use the US keyboard layout in preference to country-specific option, the ability to display the computer's IP address on first page, and support for checking for Wi-Fi networks.

Also: Raspberry Pi's Raspbian OS Updated With New Kernel, Startup Wizard Improvements

read more

Linux Kernel 4.14 LTSI Is Now Officially Available for All Hardware Vendors

Čet, 10/11/2018 - 17:03

The Long Term Support Initiative (LTSI) project aims to provide hardware vendors using the Linux kernel in their products with support for at least 2-3 years, which is the typical lifetime of a consumer device, in an attempt to remove the fragmentation of the various Linux kernel versions used by device vendors and GNU/Linux distributions.

It also makes it easier for device vendors to upstream their improvements into the main Linux kernel branches more easily. Coming a year after the Linux 4.9 kernel series, which was released as an LTSI kernel on September 21, 2017, the Linux 4.14.75 LTS kernel is now the latest and most advanced LTSI kernel for hardware vendors.

read more

FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid

Čet, 10/11/2018 - 17:00

Seven years ago, we started building Tutanota, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, we felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

As developers, we know how easy it is to spy on email that travels through the web. Email, with its federated setup is great, and that's why it has become the main form of online communication and still is. However, from a security perspective, the federated setup is troublesome—to say the least.

End-to-end encrypted email is difficult to handle on desktops (with key generation, key sharing, secure storing of keys and so on), and it's close to impossible on mobile devices. For the average, not so tech-savvy internet user, there are a lot of pitfalls, and the probability of doing something wrong is, unfortunately, rather high.

read more

Kernel: LWN Coverage (No Longer Paywalled) and Initial HDMI 2.0 Support With Nouveau Slated For The Next Linux Kernel

Čet, 10/11/2018 - 12:32
  • Revenge of the modems

    Back in the halcyon days of the previous century, those with a technical inclination often became overly acquainted with modems—not just the strange sounds they made when connecting, but the AT commands that were used to control them. While the AT command set is still in use (notably for GSM networks), it is generally hidden these days. But some security researchers have found that Android phones often make AT commands available via their USB ports, which is something that can potentially be exploited by rogue USB devices of various sorts.

    A paper [PDF] that was written by a long list of researchers (Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, and Kevin R. B. Butler) and presented at the 27th USENIX Security Symposium described the findings. A rather large number of Android firmware builds were scanned for the presence of AT commands and many were found to have them. That's not entirely surprising since the baseband processors used to communicate with the mobile network often use AT commands for configuration. But it turns out that Android vendors have also added their own custom AT commands that can have a variety of potentially harmful effects—making those available over USB is even more problematic.

    They started by searching through 2018 separate Android binary images (it is not clear how that number came about, perhaps it is simply coincidental) from 11 different vendors. They extracted and decompressed the various pieces inside the images and then searched those files for AT command strings. That process led to a database of 3500 AT commands, which can be seen at the web site for ATtention Spanned—the name given to the vulnerabilities.

  • XFS, LSM, and low-level management APIs

    The Linux Security Module (LSM) subsystem allows security modules to hook into many low-level operations within the kernel; modules can use those hooks to examine each requested operation and decide whether it should be allowed to proceed or not. In theory, just about every low-level operation is covered by an LSM hook; in practice, there are some gaps. A discussion regarding one of those gaps — low-level ioctl() operations on XFS filesystems — has revealed a thorny problem and a significant difference of opinion on what the correct solution is.

    In late September Tong Zhang pointed out that xfs_file_ioctl(), the 300-line function that dispatches the various ioctl() operations that can be performed on an XFS filesystem, was making a call to vfs_readlink() without first consulting the security_inode_readlink() LSM hook. As a result, a user with the privilege to invoke that operation (CAP_SYS_ADMIN) could read the value of a symbolic link within the filesystem, even if the security policy in place would otherwise forbid it. Zhang suggested that a call to the LSM hook should be added to address this problem.

  • Initial HDMI 2.0 Support With Nouveau Slated For The Next Linux Kernel

    Days after Nouveau DRM maintainer Ben Skeggs began staging changes for this open-source NVIDIA driver ahead of the next kernel cycle, this evening Ben Skeggs submitted the DRM-Next pull request to queue this work for the Linux 4.20/5.0 kernel cycle.

    As covered in that previous article, there isn't a whole lot on the Nouveau kernel driver front at this time. Skeggs summed up these open-source NVIDIA driver changes as: "Just initial HDMI 2.0 support, and a bunch of other cleanups."

  • Device-to-device memory-transfer offload with P2PDMA

    One of the most common tasks carried out by device drivers is setting up DMA operations for data transfers between main memory and the device. Often, data read into memory from one device will be immediately written, unchanged, to another device. Common examples include carrying the image between the camera and screen on a mobile phone, or downloading files to be saved on a disk. Those transfers have an impact on the CPU even if it does not use the data directly, due to higher memory use and effects like cache trashing. There are cases where it is possible to avoid usage of the system memory completely, though. A patch set (posted by Logan Gunthorpe with contributions by Christoph Hellwig and Steve Wise) has been in the works for some time that addresses this case for PCI devices using peer-to-peer (P2P) transfers, with a focus on offering an offload option for the NVMe fabrics target subsystem.

read more

Graphics: Proton/RADV, AMD, NVIDIA/Vulkan and X.Org Developers Conference (XDC)

Čet, 10/11/2018 - 12:29
  • Proton 3.7 Updated, More RADV Fixes To Help Steam Play Gaming

    Overnight Valve promoted their Proton 3.7-7 build with better alt-tab handling and full-screen behavior for many games. There is also fixed mouse behavior and DXVK 0.80 is now used for the Direct3D-11-over-Vulkan translation to yield better Steam Play gaming performance.

    Steam Play 3.7-8 is also now available in beta with minor compatibility fixes, which Valve says is in preparation for future Proton versions.

  • AMD Stages A Number Of Fixes Ahead Of Linux 4.20~5.0 - Plus Vega 20 "MGPU Fan Boost"

    Following several interesting and exciting feature pull requests for the next Linux kernel (to be released as either version 4.20 or 5.0), AMD developers have moved onto stabilizing this massive amount of new feature code.

    The first "fixes" pull request was submitted today to DRM-Next focusing on stabilizing and fixing issues stemming from all this new code. As a reminder, that feature code ranges from AMD Picasso APU support along with Raven 2, a lot of Vega 20 enablement code including compute support, initial xGMI support, VCN dynamic power gating, DC display code enhancements, VCN JPEG engine support, Raven Ridge GFXOFF support, GPUVM virtual memory performance improvements, and a variety of other interesting work.

  • NVIDIA's Guide For Getting Started With RTX Ray-Tracing In Vulkan

    Last month's Vulkan 1.1.85 release brought NVIDIA's experimental ray-tracing extension (VK_NVX_raytracing) while for those curious how this fits into the Vulkan workflow, NVIDIA today published a guide for getting started with ray-time ray-tracing in the Vulkan space.

  • Freedesktop.org: its past and its future

    At the 2018 X.Org Developers Conference (XDC) in A Coruña, Spain, Daniel Stone gave an update on the status of freedesktop.org, which serves multiple projects as a hosting site for code, mailing lists, specifications, and more. As its name would imply, it started out with a focus on free desktops and cross-desktop interoperability, but it lost that focus—along with its focus in general—along the way. He recapped the journey of fd.o (as it is often known) and unveiled some idea of where it may be headed in the future.

    The talk was billed with Keith Packard as co-presenter, but Packard could not make it to XDC; Stone said that he sent Packard a copy of the slides and heard no complaints, so he left Packard on the slide deck [PDF]. Stone wanted to start with the history of fd.o, because there are lots of new contributors these days—"which is great"—who may not know about it.

read more

Exploring the Linux kernel: The secrets of Kconfig/kbuild

Čet, 10/11/2018 - 12:16

The Linux kernel config/build system, also known as Kconfig/kbuild, has been around for a long time, ever since the Linux kernel code migrated to Git. As supporting infrastructure, however, it is seldom in the spotlight; even kernel developers who use it in their daily work never really think about it.

To explore how the Linux kernel is compiled, this article will dive into the Kconfig/kbuild internal process, explain how the .config file and the vmlinux/bzImage files are produced, and introduce a smart trick for dependency tracking.

read more

Qt Creator 4.8 Beta released

Čet, 10/11/2018 - 12:12

In Qt Creator 4.8 we’ll introduce experimental support for the language server protocol. For many programming languages there is a “language server” available, which provides IDEs with a whole lot of information about the code, as long as they support communicating via the protocol.

This means that by providing a client for the language server protocol, Qt Creator gets (some) support for many programming languages “for free”. Currently Qt Creator supports code completion, highlighting of the symbol under cursor, and jumping to the symbol definition, as well as integrates diagnostics from the language server. Highlighting and indentation are still provided by our generic highlighter, since they are not provided via the language server protocol.

Also: Qt Creator 4.8 Rolls Into Beta With C++ Improvements, Language Server Protocol Support

read more

After 16 Years of Development, The First Beta of Haiku is Finally Here

Čet, 10/11/2018 - 11:33

Haiku’s history begins with the now defunct Be Inc. Be Inc was founded by former Apple executive Jean-Louis Gassée after he was ousted by CEO John Sculley. Gassée wanted to create a new operating system from the ground up. BeOS was created with digital media work in mind and was designed to take advantage of the most modern hardware of the time. Originally, Be Inc attempted to create their own platform encompassing both hardware and software. The result was called the BeBox. After BeBox failed to sell well, Be turned their attention to BeOS.

In the 1990s, Apple was looking for a new operating system to replace the aging Classic Mac OS. The two contenders were Gassée’s BeOS and Steve Jobs’ NeXTSTEP. In the end, Apple went with NeXTSTEP. Be tried to license BeOS to hardware makers, but in at least one case Microsoft threatened to revoke a manufacturer’s Windows license if they sold BeOS machines. Eventually, Be Inc was sold to Palm in 2001 for $11 million. BeOS was subsequently discontinued.

read more

Open Invention Network is a Proponent of Software Patents -- Just Like Microsoft -- and Microsoft Keeps Patents It Uses to Blackmail Linux Vendors

Čet, 10/11/2018 - 01:16

OIN loves Microsoft; OIN loves software patents as well. So Microsoft’s membership in OIN is hardly a surprise and it’s not solving the main issue either, as Microsoft can indirectly sue and “Microsoft has not included any patents they might hold on exfat into the patent non-aggression pact,” according to Bradley M. Kuhn

read more

Control Flow Integrity in the Android kernel

Čet, 10/11/2018 - 01:04

Android's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks.

Google's Pixel 3 will be the first Android device to ship with LLVM's forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.

read more

today's leftovers

Sre, 10/10/2018 - 22:41
  • Add It Up: FaaS ≠ Serverless

    Using FaaS for isolated use cases or playing with it test environments does not require an organization to rethink the way it writes code or manages infrastructure. But, without re-factoring an application, FaaS can easily increase computing costs when scaled for production use. With many other challenges arising when FaaS moves into production, it is not surprising that almost all organizations with broad deployments are using unique architectures for serverless applications.

  • Cleaning up the Cruft in KDE’s Bugzilla

    We know this is a problem, and some steps have been taken recently to attempt to reduce this. Not long ago, Nate Graham proposed a cleanup of our plasma4 product, which closed 4,000+ bugs. Most of the bugs there were very old and no longer relevant, due to the introduction of Plasma 5 four years ago. While that was a good step in the right direction, we have many, many more products.

  • Usability testing with Outreachy

    I've volunteered with Allan and Jakub to mentor more GNOME usability testing in the next cycle of Outreachy, from December 4, 2018 to March 4, 2019. Outreachy expressly invites applicants from around the world who are women (both cis and trans), trans men, and genderqueer people.

    Interns will work with the GNOME team and mentor(s) to do usability testing on GNOME. The goal is to perform several cycles of usability testing on prototypes of new designs, and provide usability testing results and feedback to the GNOME team so a new iterative design can be updated based on those results. We would like to use a "test what you've got" approach where we set up a testing schedule, and the intern tests whatever prototype or model is ready at that time. So if "test day" is Thursday, we could nail down what to test by Monday, and have the intern post results on Friday or the weekend.

  • The ASUS ROG Phone Wants To Be Your Game Console And PC, Too

    This massively powerful Android phone was announced way back in June, but it’s going up for pre-order in the US on October 18th. The $900 price tag sounds ridiculous, or at least it would have a couple of years ago, before Apple, Google, and Samsung decided that the ceiling on phone prices was more like a stratosphere. If you’re wondering, “ROG” stands for “Republic of Gamers,” ASUS’ dedicated gaming sub-brand a la Dell’s Alienware.

  • The Next Essential Phone Will Be AI Powered, Smart Enough To Email, Book Appointments And Text

read more

OSS Leftovers

Sre, 10/10/2018 - 22:38
  • POA Network launches BlockScout, an open-source Ethereum block explorer

    POA Network, the Ethereum-based platform offering an open-source framework for smart contracts, has unveiled BlockScout, a full-featured block explorer tool for the Ethereum ecosystem. BlockScout is an easy-to-use and secure tool that lets users search and explore transactions, addresses, and balances on the Ethereum, Ethereum Classic, and POA Network blockchains.

  • BlockScout is a New Ethereum Blockchain Explorer Tool by POA Network

    The Ethereum based platform, the POA Network that is offering an open-source platform for smart contracts has established a block explorer that is fully futured called BlockScout for the Ethereum ecosystem. BlockScout is a secure tool that is easy to use allowing users to explore and search transaction, balances and addresses on the Ethereum, POA Network and Ethereum Classic blockchains.

  • POA Network launches open-source Ethereum block explorer tool

    POA Network, the Ethereum-based platform offering an open-source framework for smart contracts, has just announced that it has unveiled BlockScout, the first full featured open-source block explorer tool for the Ethereum ecosystem. BlockScout is a secure tool that lets users search and explore transactions, addresses, and balances on the Ethereum, Ethereum Classic, and POA Network blockchains.

  • BlockScout: The first full-featured open-source Ethereum blockchain explorer
  • Ethereum Based POA Network Launches Open-Source Block Explorer for ETH, ETC and POA

    The team at the POA Network have unveiled the first full featured open-source block explorer tool for the Ethereum ecosystem. This new block explorer is called BlockScout. It is an easy-to-use  and secure tool that allows users to search and explore transactions, addresses, and balances on the three blockchains of Ethereum (ETH), Ethereum Classic (ETC) and POA Network.

  • Asterisk 16.0.0 Now Available
  • Asterisk 16.0 VoIP / PSTN PBX Open-Source Software Released

    Version 16.0 of the long-standing, open-source Asterisk VoIP/PSTN telephony software is now available for voice communication deployments.

    Asterisk 16.0 brings improved media playback via reading the file type from the HTTP header, support for systemd socket activation, and fixes ten security issues ranging from Asterisk crashes to possible DoS vulnerabilities and stack corruption.

  • Sangoma Reaffirms Open Source Communications Commitment and Leadership at AstriCon

    Sangoma Technologies Corporation (TSX VENTURE: STC), a trusted leader in value-based Unified Communications (UC) and UC as a Service (UCaaS) solutions and the world's largest provider of open source communications solutions, today at the annual AstriCon users and developers conference, announced Asterisk 16 and FreePBX 15, the next major releases of the world's two most popular open source communications projects.

  • 5 Tips for Deploying Open-Source Software

    While the democratic ideals and distributed development model of open source are appealing to developers, some elements of that model are less attractive in production systems. The biggest drawback is that community control means distributed responsibility. Implementing pure open source can create problems and burdens that are less likely with systems have professional sales and service organizations behind them.

    In short, with an open-source system, there is no throat to choke and IT professionals can be left with only community support when something goes awry.

    That doesn’t mean that implementing open-source software is a bad idea. Doing so just requires taking a different approach to planning than you would with a proprietary software roll out. To help alleviate some of the problems, here are five things to remember when implementing open-source software.

  • Industry Voices—Doyle: The promise of open source and the current state of telecom adoption

    The adoption of open source software for NFV deployments by CSPs has largely failed to live up to industry expectations. 

    Open source software has been installed in communication service providers' IT departments, some tactical parts of the network and is being widely tested in the labs of the leading CSPs. Despite the hype around “cloud-native” advancements, open source is unlikely to “bend the cost curve” of deploying new network elements – at least not in the next several years.

  •  

  • I have resigned as the WordPress accessibility team lead. Here is why.

    After several years of working on WordPress and accessibility and being part of the accessibility team, I have taken the very difficult decision to leave the WordPress accessibility team. I owe it to the team to explain why I have made this decision and how I hope things can improve for the future.

read more

sfy39587f05