The Raspberry Pi Foundation has announced a new Raspberry Pi 4 with 8GB of RAM...

Gaming on Linux got a thorough kickstart in 2013 when Valve announced that their own SteamOS would be written on top of Linux. Since then, Linux users could realistically expect to play high-grade games that, in the past, required the purchase of a Windows computer or gaming console. The experience got off to a modest start, with just a few brave companies like CD Projekt Red, Deep Silver, Valve itself, and others putting the Linux penguin icon in their compatibility list, but eventually, even Gearbox and Square Enix were releasing their biggest titles on Linux. Today, Valve's Proton project helps ensure that even titles with no formal Linux release still work on SteamOS and other Linux distributions.

read more

A webcam is a video capture device that is either connected to a computer directly (typically by USB) or over a computer network. Many modern netbooks and laptops have a built-in webcam.

Webcams spice up online communication by offering real-time video chat and webcasting. These tiny cameras enable users to chat in realtime with friends and family, send video email around the world, to videoconference with co-workers and clients, and even to broadcast a TV-like channel over the net. Other people use a webcam as part of a security system, making use of motion detection to receive image and video intrusion alerts, both interior and exterior, of a building or home.

read more

About a decade ago, the JavaScript developer community began to witness fierce battles emerging among JavaScript frameworks. In this article, I will introduce some of the most well-known of these frameworks. And it's important to note that these are all open source JavaScript projects, meaning that you can freely utilize them under an open source license and even contribute to the source code and communities.

If you prefer to follow along as I explore these frameworks, you can watch my video.

read more

The Raspberry Pi 4 Model B was launched in June 2019 with Broadcom BCM2711 Arm Cortex-A72 processor coupled with either 1, 2, or 4GB LPDDR4 RAM.

But there were expectations that a Raspberry Pi 4 with 8GB RAM or an 8GB eMMC flash may be eventually launched, as some of the user guides read “Product name: Raspberry Pi 4 Model B 1 GB, 2 GB, 4 GB + 8 GB variants”. We now know the answer as the Raspberry Pi Foundation has just introduced Raspberry Pi 4 with 8GB RAM.

read more

Reload is the process refreshing the information of download sources in an Ubuntu system. If you observe, you will find that actually Ubuntu downloads several dozen megabytes of data when reloading and in fact you can reduce up to half size. This article supplies you information to tinker with that with sources.list configuration and APT command. You will see best of this in an experiment-dedicated system if you have. Lastly, I practiced this on Ubuntu 20.04 Focal Fossa and you can practice this also on other versions. Enjoy tinkering!

read more

I recently reviewed the Beaker Browser. About a week after that review was published, the devs released Beaker 1.0 Beta. And that changes almost everything I had observed in the previous article.

This made me do an entire article on the new Beaker Browser.Here’s what’s been changed!

One of the most significant changes to Beaker is the introduction of a new protocol. Up to now, Beaker has used the Dat protocol to distribute content. Beta 1.0 replaces Dat with Hypercore.

One of the components is Hyperdrive version 10, which was released the same days as Beaker. Hyperdrive is “a POSIX-like filesystem implementation, written in Node.js, that’s designed to be the storage layer for fast, scalable, and secure peer-to-peer applications.”

read more

I typically use LibreOffice Impress for my talks, much to some folks' surprise. Yes, you can make slides look okay with free software! But there's one annoying caveat that has bothered me for ages.

Impress makes it nearly impossible to enter presenter mode with a single display, while also displaying slides. I have never understood this limitation, but it's existed for a minimum of seven years.

I've tried all sorts of workarounds over the years, including a macro that forces LibreOffice into presenter mode, which I never was able to figure out how to reverse once I ran it...

read more

We are almost half of the year 2020, we thought it right to share with Linux enthusiasts out there the most popular distributions of the year so far. In this post, we will review the top 10 most popular Linux distributions, the ones with most page hits during the last 6 months as per Distrowatch.

First published on 31 May 2001, DistroWatch has been the most reliable source of information about open-source operating systems, with a particular focus on Linux distributions and flavors of BSD. It collects and presents a wealth of information about Linux distributions consistently to make it easier to access.

Although it is not a good indicator of a distribution’s popularity or usage, DistroWatch remains the most accepted measure of popularity within the Linux community. It uses Page Hit Ranking (PHR) statistics to measure the popularity of Linux distributions among the visitors of the website.

read more

With the upcoming Linux 5.8 kernel merge window one of the features you still won't find in the mainline kernel is the VC4 DRM kernel driver supporting the Broadcom BCM2711 SoC and in turn the Raspberry Pi 4 open-source display support...

Following recent announcements, Red Hat is now ready in fully supporting Quarkus to enhance its Kubernetes support...

• AMD Lines Up Another Batch Of Radeon Graphics Fixes For Linux 5.8

  Linux 5.8 features for the Radeon "AMDGPU" kernel driver include the likes of Navi soft recovery and better handling of critical thermal faults on Radeon GPUs as well as enabling TMZ support. With feature work being capped off already on the DRM graphics front for Linux 5.8, AMD developers have been tidying up the code and readying more fixes for all of the new code set to premiere with this imminent merge window.

• Google Engineers Are Becoming Concerned Over Some Arm Platforms Lacking Spectre V2 Mitigations

  As a result of at least "a few AArch64 platforms" lacking firmware support for mitigating Spectre Variant Two, Google engineers are evaluating the possibility of Retpolines for the 64-bit Arm architecture.

  Google's Anthony Steinhauser raised concerns that with these 64-bit Arm systems lacking their firmware support for mitigating Spectre V2, they could be compromised. Steinhauser noted, "In particular, on those systems, we believe the speculated targets of indirect branches in kernel code could potentially be controlled by userspace code."

• Bao: a lightweight static partitioning hypervisor

  Developers of safety-critical systems tend to avoid Linux kernels for a number of fairly obvious reasons; Linux simply was not developed with that sort of use case in mind. There are increasingly compelling reasons to use Linux in such systems, though, leading to a search for the best way to do so safely. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), José Martins described Bao, a minimal hypervisor aimed at safety-critical deployments.

• Evaluating vendor changes to the scheduler

  The kernel's CPU scheduler does its best to make the right decisions for just about any workload; over the years, it has been extended to better handle mobile-device scheduling as well. But handset vendors still end up applying their own patches to the scheduler for the kernels they ship. Shipping out-of-tree code in this way leads to a certain amount of criticism from the kernel community but, as Vincent Donnefort pointed out in his session at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), those patches are applied for a reason. He looked at a set of vendor scheduler patches to see why they are being used.

• Scheduler benchmarking with MMTests

  The MMTests benchmarking system is normally associated with its initial use case: testing memory-management changes. Increasingly, though, MMTests is not limited to memory management testing; at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Dario Faggioli talked about how he is using it to evaluate changes to the CPU scheduler, along with a discussion of the changes he had to make to get useful results for systems hosting virtualized guests.

• The many faces of "latency nice"

  A task's "nice" value describes its priority within the completely fair scheduler; its semantics have roots in ancient Unix tradition. Last August, a "latency nice" parameter was proposed to provide similar control over a task's response-time requirements. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Parth Shah, Chris Hyser, and Dietmar Eggemann ran a discussion about the latency nice proposal; it seems that everybody agrees that it would be a useful feature to have, but there is a wide variety of opinions about what it should actually do.

• Utilization inversion and proxy execution

  Over the years, the kernel's CPU scheduler has become increasingly aware of how much load every task is putting on the system; this information is used to make smarter task placement decisions. Sometimes, though, this logic can go wrong, leading to a situation that Valentin Schneider describes as "utilization inversion". At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), he described the problem and some approaches that are being considered to address it.

• Testing scheduler thermal properties for avionics

  Linux is not heavily used in safety-critical systems — yet. There is an increasing level of interest in such deployments, though, and that is driving a number of initiatives to determine how Linux can be made suitable for safety-critical environments. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Michal Sojka shone a light on one corner of this work: testing the thermal characteristics of Linux systems with an eye toward deployment in avionics systems.

• The weighted TEO cpuidle governor

  Life gets complicated for the kernel when there is nothing for the system to do. The obvious response is to put the CPU into an idle state to save power, but which one? CPUs offer a wide range of sleep states with different power-usage and latency characteristics. Picking too shallow a state will waste energy, while going too deep hurts latency and can impact the performance of the system as a whole. The timer-events-oriented (TEO) cpuidle governor is a relatively new attempt to improve the kernel's choice of sleep states; at the 2020 Power Management and Scheduling in the Linux Kernel Summit, Pratik Sampat presented a variant of the TEO governor that tries to improve its choices further.

read more

• Disrupted CVE Assignment Process

  Due to an invalid TLS certificate on MITRE’s CVE request form, I have — ironically — been unable to request a new CVE for a TLS certificate verification vulnerability for a couple weeks now. (Note: this vulnerability does not affect WebKit and I’m only aware of one vulnerable application, so impact is limited; follow the link if you’re curious.) MITRE, if you’re reading my blog, your website’s contact form promises a two-day response, but it’s been almost three weeks now, still waiting.

  [....]

  We could have a debate on TLS certificate verification and the various benefits or costs of the Firefox vs. Chrome approach, but in the end it’s an obvious misconfiguration and there will be no further CVE requests from me until it’s fixed. No, I’m not bypassing the browser security warning, even though I know exactly what’s wrong. We can’t expect users to take these seriously if we skip them ourselves.

• June 10 webinar: Cloud-native development for continuous integration with IBM Wazi

  IBM Wazi for Red Hat CodeReady workspaces simplifies hybrid application development. Developers can leverage open and familiar development tools, deliver a CI/CD pipeline that integrates z/OS into a multi-cloud architecture, and transform testing on mainframes by shifting left transaction-level testing. Be sure to catch the June 10 webinar, Cloud Native Development for Continuous Integration with IBM Wazi, to learn about this new technology. Rosalind Radcliffe, IBM Distinguished Engineer in System Enterprise DevOps, and Mitch Ashley, CEO and Managing Analyst of Accelerated Strategies Group, Inc., give you all the details.

• Using container technology to make a more secure pipeline

  In our last post we talked about using Multi-Category Security (MCS) instead of Multi-Level Security (MLS) to provide isolation on systems with different levels of sensitivity. In this post we'll cover creating a more secure pipeline via containers.

  A common pattern in MLS environments is to have a series of processes to guarantee the flow of information between networks at different levels, but to guarantee that no information gets accidentally leaked. These pipelines are sometimes called dirty word filters.

  Imagine an MLS environment, where you have two networks connected to a machine. One of the networks is at Top Secret and the other network is at Secret. Now you might have a process downloading content from the Top Secret Network, another process, the filter process, examining the downloaded content and moving approved data from the Top Secret content to the Secret content. Finally you have a third process that is taking the Secret content and sending it out the Secret network.

• The advantages of microservices for financial industries

  Forces ranging from technological disruption, to demographic shifts, will change the way banking is done, according to the 2020 Banking and Capital Markets Outlook from Deloitte Insights. The report says that banking will increasingly be more open and transparent, more intelligent and tailored, and more secure and seamless.

  Achieving this state of financial services - one in which there is greater internal collaboration and is synchronized to market demands - won’t be without challenges, the report says, pointing to "technical debt, or the lack of technology system modernization, which is a huge impediment to transformation."

• Red Hat Shares ― Special edition: Red Hat Summit 2020 Virtual Experience recap

  Red Hat Summit 2020, like most things this year, looked a little different than in the past. This year's theme was "From here, anywhere." But the shift from an in-person to a virtual event resulted in a Summit perhaps better characterized as "From anywhere, here." While we weren’t able to gather in San Francisco as originally planned, the virtual event gave us the privilege of connecting with so many more open source enthusiasts (56,063* so far, to be exact) worldwide.

• How to be prepared for changes in Red Hat Smart Management and Satellite

  In my work as a Red Hat Technical Account Manager (TAM), one of my responsibilities is ensuring my customers are aware of the roadmap for various Red Hat products. This includes informing customers of upcoming changes to products, such as features being deprecated, and helping them plan for these changes.

  The Satellite 6.7 release notes listed that several items are deprecated and would be removed in a future release of Satellite. This post will cover several of these items, and what customers can do to prepare for these changes. I would recommend reviewing the release notes to see if any of the other items might affect your Satellite environment.

read more

• Ubuntu Podcast from the UK LoCo: S13E08.5 – When a broken clock chimes

  We announce the Ubuntu Podcast crowd-funder on Patreon and why, after 13 years, we are seeking your support.

  It’s Season 13 Episode 8.5 of the Ubuntu Podcast! Mark Johnson and Martin Wimpress are connected and speaking to your brain.

• FLOSS Weekly 580: Sysdig

  Sysdig is an open-source system monitoring and troubleshooting tool for Linux, with cross-platform capabilities on Windows and Mac OS. You can manage security and compliance for Kubernetes and have an open platform with embed security and validate compliance.

• 2020-05-27 | Linux Headlines

  Ardour 6 is out with major changes under the hood, CoreOS Container Linux is officially unmaintained, TeleIRC version 2.0.0 lands with a complete rewrite, the FIDO Alliance launches an instructional campaign, and PeerTube outlines its newest fundraising goals.

read more

• The PEPs of Python 3.9

  With the release of Python 3.9.0b1, the first of four planned betas for the development cycle, Python 3.9 is now feature-complete. There is still plenty to do in terms of testing and stabilization before the October final release. The release announcement lists a half-dozen Python Enhancement Proposals (PEPs) that were accepted for 3.9. We have looked at some of those PEPs along the way; there are some updates on those. It seems like a good time to fill in some of the gaps on what will be coming in Python 3.9

• How to Write an Installable Django App

  In the Django framework, a project refers to the collection of configuration files and code for a particular website. Django groups business logic into what it calls apps, which are the modules of the Django framework. There’s plenty of documentation on how to structure your projects and the apps within them, but when it comes time to package an installable Django app, information is harder to find.

  In this tutorial, you’ll learn how to take an app out of a Django project and package it so that it’s installable. Once you’ve packaged your app, you can share it on PyPI so that others can fetch it through pip install.

• Pros and Cons of Python: A Definitive Python Web Development Guide

  Python is a powerful programming language for mobile and web development projects. It is also the most popular programming language for AI in 2020. RedI Python development’s use cases in scientific computing, statistics, and education make it one of the highly preferred programming languages for Python programmers.

  The open-source programming language launched in 1992 is now on the verge of becoming the most popular and used programming language. Due to the rise in demand for AI and ML applications, Python web programming is now the first thing that comes to mind for coding such applications.

  But is Python for web development even worth it? It definitely is. Some of the top companies use Python web programming in their technology stack.

read more

• Fedora 32 elections voting now open
• FESCo election: Interview with Michal Novotný (clime)
• FESCo election: Interview with Frantisek Zatloukal (frantisekz)
• Council election: Interview with Till Maas (till)
• Council election: Interview with James Cassell (cyberpear)
• Council election: Interview with Aleksandra Fedorova (bookwar)
• Council election: Interview with Alberto Rodriguez Sanchez (bt0dotninja)
• Mindshare election: Interview with Alessio Ciregia (alciregi)
• Mindshare election: Interview with Daniel Lara (danniel)
• Mindshare election: Interview with Maria Leandro (tatica)
• Mindshare election: Interview with Sumantro Mukherjee (sumantrom)

read more

Hi all, I'd like to announce Mesa 20.1.0, the first release for the 20.1 branch. Being the first release of this new branch, there can be issues that will be discovered now that the new code will be widely used, so you may want to stay on the 20.0.x releases until the 20.1.1 release, scheduled for 14 days from now on 2020-06-10. One already known issue that I want to point out is that Unreal Engine 4 has a bug in its usage of glDrawRangeElements() causing it to be called with a number of vertices in place of the `end` parameter, that was recently revealed. This is an annoying bug that we haven't worked around yet. For more details: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2917 Eric --- Andrii Simiklit (1): i965/vec4: Ignore swizzle of VGRF for use by var_range_end() Bas Nieuwenhuizen (4): radv/winsys: Remove extra sizeof multiply. radv: Handle failing to create .cache dir. radv: Do not close fd -1 when NULL-winsys creation fails. radv: Implement vkGetSwapchainGrallocUsage2ANDROID. D Scott Phillips (1): anv/gen11+: Disable object level preemption Danylo Piliaiev (3): meson: Disable GCC's dead store elimination for memory zeroing custom new mesa: Fix double-lock of Shared->FrameBuffers and usage of wrong mutex intel/fs: Work around dual-source blending hangs in combination with SIMD16 Dave Airlie (1): llvmpipe: compute shaders work better with all the threads. Eric Engestrom (4): .pick_status.json: Update to a91306677c613ba7511b764b3decc9db42b24de1 tree-wide: fix deprecated GitLab URLs docs: Add release notes for 20.1.0 VERSION: bump to 20.1.0 release Erik Faye-Lund (1): zink: use general-layout when blitting to/from same resource Gert Wollny (1): r600: Fix duplicated subexpression in r600_asm.c Hanno Böck (1): Properly check mmap return value Icecream95 (1): panfrost: Fix background showing when using discard Jason Ekstrand (3): nir/lower_double_ops: Rework the if (progress) tree nir/opt_deref: Report progress if we remove a deref nir/copy_prop_vars: Record progress in more places Kristian Høgsberg (1): freedreno: Use the right amount of &'s Nataraj Deshpande (1): dri_util: Update internal_format to GL_RGB8 for MESA_FORMAT_R8G8B8X8_UNORM Pierre-Eric Pelloux-Prayer (1): amd/addrlib: fix forgotten char -> enum conversions Rhys Perry (1): nir: fix lowering to scratch with boolean access Rob Clark (1): freedreno: clear last_fence after resource tracking Samuel Pitoiset (2): radv: handle different Vulkan API versions correctly radv: update the list of allowed Android extensions Timothy Arceri (2): glsl: stop cascading errors if process_parameters() fails glsl: fix slow linking of uniforms in the nir linker Vinson Lee (3): r600/sfn: Initialize VertexStageExportForGS m_num_clip_dist member variable. r600/sfn: Use correct setter method. freedreno: Add missing va_end. git tag: mesa-20.1.0

Also: Mesa 20.1 Released With Numerous Linux Graphics Driver Improvements

read more

If you read this blog regularly enough you’ll be familiar with scrcpy, an ace root-free way to mirror your Android smartphone on your Ubuntu desktop and interact with it.

Scrcpy is free, it’s open source, it’s awesome.

Oh yeah, and it’s updated regularly!

Which is what this post is about: telling you what’s new and notable in the latest release, scrcpy 1.14 — so let’s get to it!

read more

• Display Pressed Keys In Screencasts With Screenkey (Now With Python 3 And GTK 3 Support)

  Screenkey is a tool that shows keystrokes on the screen, great if you're recording screencasts, video reviews or demos.

• Twin-panel File Manager Sunflower 0.4 Released with GTK3 Port

  Small and highly customizable twin-panel Sunflower file manager released version 0.4 after many years of development.

  Sunflower 0.4 brings new interface based on GTK3. The code is ported to Python3. As a result of this rewrite performance has gone up as well.

  There are still many issues in the new release. Emblems are completely missing, drag and drop is broken and keyboard shortcuts are broken due to some upstream problems. And these will be fixed in upcoming weeks.

read more

• Security updates for Wednesday

  Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird).

• Security flaw in ARMv7 allows hackers to gain control over smart cars

  Security vulnerabilities are quite commonly found in autonomous and semi-autonomous vehicles that feature a number of smart technologies and applications to improve vehicle safety and driving experience. Last week, security researcher Till Kottmann discovered a misconfiguration in the Git web portal of Daimler AG, the automotive company behind the Mercedes-Benz car brand, that allowed him to create an account on Daimler's code-hosting portal and download more than 580 Git repositories containing the source code of onboard logic units (OLUs) installed in Mercedes vans.

  According to Kottmann, there wasn’t any account confirmation process in the company's official GitLab server, which allowed him to register an account using a non-existent Daimler corporate email. He was able to download 580 Git repositories from the company's server and made it publicly available by uploading the files in several locations such as file-hosting service MEGA, the Internet Archive, and on his own GitLab server.

  Last year, researchers at Pan Test Partners uncovered critical security holes in popular car alarms that could have been exploited by cyber criminals to unlock car doors, activate car alarms, and turn on car engines, all of which could allow criminals to steal cars with great ease.

  The firm found how certain third-party car alarms, whose sellers claim to offer enhanced security to owners of keyless entry cars, featured gaping security holes that allowed criminals to geo-locate cars in real time, find out the car type and details of their owners, disable car alarms, unlock cars, disable immobilisers, and even kill car engines when they were running.

• Meet unc0ver, the new jailbreak that pops shell—and much more—on any iPhone

  Unc0ver, by contrast, works on any device running any version of iOS released since September 2017 or later. The flaw the new jailbreak exploits is located in the OS kernel. That means that unc0ver is less capable then Checkm8 is of disabling or bypassing certain iOS restrictions and security mechanisms. For example: the unc0ver provides no access to JTAG, an interface for debugging and emulating processors.

• Josh Bressers: Broken vulnerability severities

  This blog post originally started out as a way to point out why the NVD CVSS scores are usually wrong. One of the amazing things about having easy access to data is you can ask a lot of questions, questions you didn’t even know you had, and find answers right away. If you haven’t read it yet, I wrote a very long series on security scanners. One of my struggles I have is there are often many “critical” findings in those scan reports that aren’t actually critical. I wanted to write something that explained why that was, but because my data took me somewhere else, this is the post you get. I knew CVSSv3 wasn’t perfect (even the CVSS folks know this), but I found some really interesting patterns in the data. The TL;DR of this post is: It may be time to start talking about CVSSv4.

  It’s easy to write a post that made a lot of assumptions and generally makes facts up that suit whatever argument I was trying to make (which was the first draft of this). I decided to crunch some data to make sure my hypothesis were correct and because graphs are fun. It turns out I learned a lot of new things, which of course also means it took me way longer to do this work. The scripts I used to build all these graphs can be found here if you want to play along at home. You can save yourself a lot of suffering by using my work instead of trying to start from scratch.

read more