TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 18 min 37 sec ago

Graphics: AMD, Xilinx, Nouveau

Fri, 2018-01-05 17:27
  • AMD Posts Last KFD Kernel Patches For Discrete GPUs, Needed For Upstream ROCm

    AMD has posted their remaining patches for now for getting the discrete GPU support upstream in the AMDKFD "Kernel Fusion Driver" that is part of their ROCm compute stack.

  • Xilinx ZynqMP DisplayPort DRM/KMS Driver Posted

    Xilinx is interested in contributing the latest DRM/KMS driver upstream.

    Xilinx has developed a new DRM/KMS driver for their DisplayPort sub-system that is part of their ZynqMP SoC. The Xilinx ZynqMP SoC has a full display pipeline and two planes and DisplayPort 1.2 encoder.

  • Tessellation Shaders Land For RadeonSI NIR Backend

    The work led by Valve Linux driver developer Timothy Arceri on adding tessellation shader support to RadeonSI's NIR code-path has been merged to Mesa 17.4-dev Git.

    RadeonSI Gallium3D has been working on a NIR back-end for eventually supporting SPIR-V ingestion as needed for OpenGL 4.6 compliance with code sharing with the RADV Vulkan code. Eventually though RadeonSI may eventually switch to using NIR completely as its intermediate representation. But before that can happen, the RadeonSI NIR support needs to get to parity with its existing OpenGL support when tied to TGSI IR.

  • Red Hat's Latest Nouveau Developer Posts Updated NIR Code

    Not only is RadeonSI working on NIR support but Red Hat has begun working on NIR support for the open-source NVIDIA "Nouveau" driver as part of a compute effort and possible Vulkan support in the future.

    As written about last month, longtime Nouveau contributor Karol Herbst has joined Red Hat and his first public-facing project is developing NIR support for Nouveau. In the original patch series Karol explained he's working on NIR support for Nouveau in order to get SPIR-V (the Vulkan / OpenCL IR) support moving. Their expressed focus right now is on SPIR-V compute support but this would also be a step towards Vulkan for this open-source, reverse-engineered NVIDIA Linux graphics driver.

  • Broadcom's Open-Source VC5 OpenGL & Vulkan Support Improving

    Broadcom open-source driver developer Eric Anholt has written his first status update on the VC5 driver activities of the new year.

    VC5 is the new Broadcom GPU capable of Vulkan and much greater OpenGL capabilities than the VC4 graphics processor most well known for being within current-generation Raspberry Pi devices. Eric has been working on the bring-up of the open-source VC5 driver stack for the past half-year and he continues making progress on getting the VC5 OpenGL Gallium3D driver closer to parity to the long-standing VC4 driver as well as working on "BCMV" as the new Broadcom Vulkan driver still in its early stages.

read more

The Best Linux Distributions for 2018

Fri, 2018-01-05 17:08

It’s a new year and the landscape of possibility is limitless for Linux. Whereas 2017 brought about some big changes to a number of Linux distributions, I believe 2018 will bring serious stability and market share growth—for both the server and the desktop.

For those who might be looking to migrate to the open source platform (or those looking to switch it up), what are the best choices for the coming year? If you hop over to Distrowatch, you’ll find a dizzying array of possibilities, some of which are on the rise, and some that are seeing quite the opposite effect.

So, which Linux distributions will 2018 favor? I have my thoughts. In fact, I’m going to share them with you now.

Similar to what I did for last year’s list, I’m going to make this task easier and break down the list, as follows: sysadmin, lightweight distribution, desktop, distro with more to prove, IoT, and server. These categories should cover the needs of any type of Linux user.

With that said, let’s get to the list of best Linux distributions for 2018.

read more

Elive 2.9.22 beta released

Fri, 2018-01-05 16:49

The Elive Team is proud to announce the release of the beta version 2.9.22
This new version includes:

Keyboard typing to support special languages like Korean, Japanese, Chinese, Vietnamese. If you need an extra Ibus configuration contact us with the details needed
Network access to your local machines using hostname.local
Numpad always enabled option in installation
Desktop right click is assigned to an amazing launcher
Designs shadow fix, borders more white, less pixelated icons in menus, much improved menus and userfriendly, misc overall improvements
Userfriendly better organized menus, more friendly icons and names, improved description for the dock launchers

read more

Catalog of Linux Devices

Fri, 2018-01-05 16:38
  • January 2018 catalog of hacker-friendly SBCs

    This catalog accompanies our January 2018 round-up of hacker-friendly SBCs. Here, we provide brief descriptions, specs, pricing, and links to further details for all 103 SBCs.

    Our January 2018 hacker-friendly single board computer round-up comprises three resources: an overview of recent SBC market trends; this catalog, which provides descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates the key features and pricing for all 103 boards. Links to all three parts of our round-up are in the box below.

  • Ringing in 2018 with 103 hacker-friendly SBCs

    Welcome to our latest biannual round-up of hacker-friendly single board computers that run Linux or Android. Included are a brief review of recent SBC market trends, a catalog with key features, specs, and pricing of each SBC, and a table comparing them all.

    Relative to our June report, which was accompanied by a reader survey co-sponsored with Linux.com, our latest hacker-friendly single board computer (SBC) round-up has grown from 98 to 103 boards. Although there’s no survey here, we invite your comments in the discussion area at the bottom of this post.

    There are three parts to this round-up: this post, which provides an overview of recent SBC market trends and discusses our latest crop of hacker-friendly SBCs in general terms; a catalog post with brief descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates key features and pricing for all 103 boards. Links to each are in the box below.

read more

Red Hat Leftovers

Fri, 2018-01-05 16:31
  • Grab scales to meet business demands with open source IT automation and management

    By deploying Red Hat Ansible Tower, an enterprise open source IT automation and management solution, Grab increased its app uptime to 99.99%, reduced development and deployment time, and streamlined infrastructure management with role-based access and automated deployments. As a result, Grab’s users can access the app when needed, and its IT teams can ensure systems are stable and scale to match feature and user base growth.

  • Beta Testing in the Ever-Changing World of Automation

    The International Standards Organization (ISO) has been focused on the standards around quality versus usability over time. In 1998 ISO identified efficiency, effectiveness and satisfaction as major attributes of usability. In 1999 a quality model was proposed, involving an approach to measure quality in terms of software quality and external factors. In 2001 the ISO/IEC 9126-4 standard suggested that the difference between usability and the quality in use is a matter of context of use. ISO/IEC 9126-4 also distinguished external quality versus internal quality and defined related metrics. Metrics for external quality can be obtained only by executing the software product in the system environment for which the product is intended.

    This shows that without usability/human computer interaction (HCI) in the right context, the
    quality process is incomplete. The context referred to here is fundamental to a beta test where you have real users in a real environment, thereby making the case of the beta test stronger.

    Beta Testing Challenges

    Now that we know why beta testing is so very critical, let’s explore the challenges that are involved with a beta stage.

    Any time standards are included, including ISO/IEC 9126, most of these models are static and none of them accurately describe the relationship between phases in the product development cycle and appropriate usability measures at specific project milestones. Any standard also provides relatively few guidelines about how to interpret scores from specific usability metrics. And specific to usability as a quality factor, it is worth noting that usability is that aspect of quality where the metrics have to be interpreted.

  • OpenShift Commons Briefing #112: Kubernetes 1.9 Release Update with Derek Carr (Red Hat)

    In this briefing, Red Hat’s Derek Carr talks us through the recent Kubernetes 1.9 release features and functions and reviews what is in the works for release 1.10. The briefing is a great guide to the 1.9 Release which went out the door at the very end of 2017. The 1.9 release had a strong focus on fixing bugs, maturing existing features to beta or stable. For Kubernetes 1.9, “Stability” is a key feature with an emphasis on refining, polishing, scale, and tightening up production matters.

  • Alyeska Investment Group LP Has Cut Red Hat (RHT) Holding; Trimble (TRMB) Sellers Decreased By 25.66% Their Shorts
  • Red Hat Inc (RHT) Shares Sold by Sterling Capital Management LLC
  • Evercore ISI Boosts Red Hat (RHT) Price Target to $140.00

read more

Games: The Station, Dead Maze, Valve and Wine

Fri, 2018-01-05 16:28
  • Sci-fi first-person exploration game 'The Station' launch delayed, Linux at release confirmed

    The Station [Steam, Official Site] is an upcoming sci-fi first-person exploration game surrounding the discovery of a sentient alien civilization, it's had a slight release delay but the good news is that Linux will be a same-day release.

  • We have over 150 beta keys of the co-op MMO 'Dead Maze' to give away
  • Valve Kicks Off 2018 with Massive SteamOS Beta Update, Adds Linux Kernel 4.14

    Valve is kicking off 2018 with a new beta update of its Debian-based SteamOS gaming operating system that adds some of the latest GNU/Linux technologies.

    Powered by the Linux 4.14.3 kernel and using the Mesa 17.2.4 graphics stack for Intel and AMD Radeon GPUs, as well as the Nvidia 387.22 proprietary graphics driver for Nvidia GPUs, the SteamOS 2.141 Beta update is apparently a massive and complex one that updates numerous components like libdrm, libglvnd, and glx-alternatives to support new graphics drivers.

    "Happy New Year, SteamOS fans! We are kicking off 2018 with a massive SteamOS beta update. This includes a new 4.14 Linux kernel, Nvidia 387.22 graphics driver, and Mesa 17.2.4 for AMD and Intel," says John Vert. "This is a very large and complex update. Please let us know if you find any problems updating or any regressions, particularly around hardware support or graphics."

  • Wine Performance May Be Impacted By Linux KPTI Patches

    Besides VM performance and databases and heavy I/O taking a performance hit in the "Kernel Page Table Isolation" patches in the wake of the Spectre and Meltdown attack, it looks like Wine's performance may also be impaired.

    Phoronix reader "R00KIE" pointed out that one of the page table isolation patches does mention a possible performance hit for Wine.

read more

Hardware Security Fiasco: The Latest

Fri, 2018-01-05 14:04
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

read more

Fedora 28 To Work On Better VirtualBox Integration, Hardening Packages & Stronger Crypto

Fri, 2018-01-05 14:02

With more developers returning to their activities after the holidays, feature work on Fedora 28 is heating up.

Recently proposed for Fedora 28 include:

VirtualBox Guest Integration - This is aobut having the VirtualBox guest drivers and tools ship by default in Fedora Workstation. This is part of an effort by Red Hat for getting more of the VirtualBox drivers mainlined in the Linux kernel. Basically if all goes well this means a smoother out-of-the-box experience when running Fedora on top of Oracle VM VirtualBox.

Also: ABRT team: Link to FAF directly from Fedora Packages

read more

Games: Croteam, 25 Coolest Linux Games of 2017, Dead Ground, SteamOS

Fri, 2018-01-05 13:56
  • The Talos Principle going Fusion, Croteam dropping OpenGL & Serious Sam 4 still coming

    A bit of Croteam news to start the day with and there's multiple interesting items to go over in regards to their games.

    I love how active Croteam are with their community, they're constantly replying to all sorts of random questions from players of their games. Thanks to this, we've been able to learn a few things about their plans.

    Firstly, their fantastic puzzle game The Talos Principle is going to be moving over to their newer Fusion engine, they said it will be "Hopefully very soon". The VR version is actually already on it, so that's not surprising.

  • The 25 Coolest Linux Games of 2017

    The last time we compiled a list of Linux Games was approximately 10 months ago back in 2017 – The 25 Best Games for Linux and Steam Machines. Since we’re in 2018 it is only fair that we compile another list Linux gamers can refer to as they prepare to storm Steam’s (and other game services’) servers.

    The games are listed in no particular order; And even though some of them featured on the previous list I advise you to check that one out here before proceeding.

  • Like Roguelikes? How about Tower Defense? Dead Ground merges them together

    Another night endlessly browsing for new Linux games and I came across Dead Ground [Steam], a game that blends a Roguelike with Tower Defense.

  • Valve Ships Its First SteamOS Brewmaster Beta Of 2018

    While SteamOS has felt like it's just been on life-support the past year, Valve is starting off 2018 by a fairly sizable SteamOS Brewmaster Beta update.

    This latest beta of their Debian-based Linux gaming OS update is mostly about bringing their packages up-to-date. This update issued on Friday upgrades to the Linux 4.14 kernel, NVIDIA 387.22 driver, and Mesa 17.2.4. These are some fairly big updates compared to their older versions although a pity Mesa 17.3 (or even 17.4-dev Git) isn't used.

read more

Linux KPTI Tests Using Linux 4.14 vs. 4.9 vs. 4.4

Fri, 2018-01-05 11:26

Yet another one of the avenues we have been exploring with our Linux Page Table Isolation (KPTI) testing has been looking at any impact of this security feature in the wake of the Meltdown vulnerability when testing with an older Linux Long Term Support (LTS) release. In particular, when using a kernel prior to the PCID (Process Context Identifier) support in the Linux kernel that is used to lessen the impact of KPTI.

read more

An interview with the developer of space sim Helium Rain who says ‘Linux gaming is alive and well’

Fri, 2018-01-05 11:20

I love space, I love how mysterious and dangerous it is and to be able to fly around in a game like Helium Rain [Steam] is fantastic. I decided to have a chat with the developer and they’re very positive about Linux gaming.

We’ve covered Helium Rain here a few times before, so hopefully some of you will be familiar with it. Without further rambling, let's begin!

read more

What Every Linux Users Must Know About Meltdown and Spectre Bugs

Fri, 2018-01-05 10:12

Meltdown and Spectre are two vulnerabilities that impact almost all computers, tablets and smartphones on the earth. Does it mean you can be hacked? What can you, a Linux user, do about it?

read more

today's leftovers

Fri, 2018-01-05 08:07
  • Houston-based Linux Journal is rescued and reborn

    Linux Journal, the Houston-based publication that covered and championed the open-source computer operating system for 23 years, won't shut down after all.

    Publisher Carlie Fairchild said Monday in a post to the Linux Journal website that the online magazine has been "rescued" by Private Internet Access VPN, a company owned by London Trust Media of Denver.

  • Dell Rolls Out New XPS 13 Laptop For 2018

    Just ahead of the Consumer Electronics Show (CES) in Las Vegas, Dell has unveiled a new XPS 13 high-end laptop.

    The new XPS 13 makes use of Intel's 8th Gen CPUs, the laptop chassis has been improved upon, and the battery life is said to be better than last year's model. From a far the laptop looks similar to the previous XPS 13 but is now a little bit thinner and lighter with a 2.68 pound weight and measures in at 11.9 x 7.8 x 0.46 inches. The bezel on this new laptop comes in at just 4mm.

  • Amazon changes cloud computing strategy with launch of Linux 2

    Amazon has released its own version of the open-source Linux operating system for enterprise customers who use its cloud offering – Amazon Web Services – which will run both on clients’ computers as well as in the cloud.

    This marks a shift in Amazon’s cloud computing strategy as it earlier did not allow similar operating systems to run on its clients’ servers, but rather on Amazon-owned data centres. Reports suggest the company will allow its cloud customers to rent access to its new operating system, which it calls Linux 2, but will also allow clients to install the new OS on its own servers.

  • [Podcast] PodCTL Basics – Understanding Service Meshes

    We’re back and excited about all the cool new innovation happening around microservice architectures. We kick off 2018 with an introductory discussion about “Service Mesh” technologies, such as Istio, Envoy and Linkerd, and how they apply to modern application architectures.

  • Debian/TeX Live 2017.20180103-1

    The new year has arrived, but in the TeX world not much has changed – we still get daily updates in upstream TeX Live, and once a month I push them out to Debian. So here is roughly the last month of changes.

read more

KDE and GNOME

Fri, 2018-01-05 08:05
  • Qt Cloud Messaging API Available for Embedded Systems

    Challenges with cloud messaging for embedded devices has inspired the Kaltiot & SnowGrains teams to create a cross-platform Qt API which enables easy push messaging from and to embedded devices. The API is called the Qt Cloud Messaging API and it is built with flexibility and extensibility in mind.

    We have decided to target other Qt areas, too, and make the API easily extensible to any service provider instead of being for embedded only. This enables developers to use the same API for both mobile and desktop development.

  • Zanshin 0.5.0 is out: 2018 will be organized!

    We are happy and proud to announce the immediate availability of Zanshin 0.5.0.

    After 0.4.0 one year and a half ago and 0.4.1 last year (which wasn't publicly announced), this new release introduce new features. The 0.4 series was mostly about the Qt 5 port and stabilization, now we can be a bit more ambitious again.

  • GNOME 3.28 Removes Option to Put Icons on the Desktop

    If you’re among the many GNOME Shell users who like to put icons on the desktop, brace yourself for change

    Developers working on the next major release of the GNOME desktop environment have removed the ‘desktop’ feature currently used to display and manage files, folders and attached drives kept on the desktop workspace.

read more

Devices: Linux Conference, Tizen and Android

Fri, 2018-01-05 08:05

read more

OSS: Mapzen, Gentoo at FOSDEM, Mozilla and Hortonworks

Fri, 2018-01-05 07:58
  • An Open Source Startup Dies as Mapping Gets Hotter Than Ever

    For at least one startup, 2018 opened with a thud. On Tuesday, the open source mapping company Mapzen announced it would shut down at the end of the month, with its hosted APIs and support services going dark on February 1.

    That’s a real pain for Mapzen users, whose ranks include civic tech organizations like Code for America, app developers, and government agencies like the Portland-area transportation agency TriMet. And it’s a bummer for those who contributed to Mapzen’s wide-ranging data sets, which included detailed info on public transportation.

  • Gentoo News: FOSDEM 2018

    Put on your cow bells and follow the herd of Gentoo developers to Université libre de Bruxelles in Brussels, Belgium. This year FOSDEM 2018 will be held on February 3rd and 4th.

    Our developers will be ready to candidly greet all open source enthusiasts at the Gentoo stand in building K. Visit this year’s wiki page to see which developer will be running the stand during the different visitation time slots. So far seven developers have specified their attendance, with most-likely more on the way!

  • New flexbox guides on MDN

    In preparation for CSS Grid shipping in browsers in March 2017, I worked on a number of guides and reference materials for the CSS Grid specification, which were published on MDN. With that material updated, we thought it would be nice to complete the documentation with similar guides for Flexbox, and so I updated the existing material to reflect the core use cases of Flexbox.

  • January’s Featured Extensions
  • Open source’s security scalability and flexibility [Ed: Hortonworks, which is NSA-connected, continues to pay this NSA-friendly site for sponsored puff pieces like this one]

    In order to stop sophisticated modern threats, organizations need to be flexible and scalable with the way they handle their data. Network flows and data need to be collected and examined at cloud scale in order to let defenders identify anomalous behavior, but getting to that stage is a heavy lift.

    Henry Sowell, technical director for Hortonworks, spoke with CyberScoop on how open source systems allow for that flexibility and scalability, especially at a time where the onslaught of threats has never been greater.

read more

Meltdown/Spectre 'Damage Control'

Fri, 2018-01-05 07:22
  • Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
  • Massive Intel Chip Security Flaw Threatens Computers

    A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports. The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer's protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.

  • What Linux Users Must Know About Meltdown and Spectre Bugs Impacting CPUs

    While these bugs impact a huge number of devices, there has been no widespread attacks so far. This is because it’s not straightforward to get the sensitive data from the kernel memory. It’s a possibility but not a certainty. So you should not start panicking just yet.

  • Loose threads about Spectre mitigation

    KPTI patches are out from most vendors now. If you haven't applied them yet, you should; even my phone updated today (the benefits of running a Nexus phone, I guess). This makes Meltdown essentially like any other localroot security hole (ie., easy to mitigate if you just update, although of course a lot won't do that), except for the annoying slowdown of some workloads. Sorry, that's life.

    Spectre is more difficult. There are two variants; one abuses indirect jumps and one normal branches. There's no good mitigation for the last one that I know of at this point, so I won't talk about it, but it's also probably the hardest to pull off. But the indirect one is more interesting, as there are mitigations popping up. Here's my understanding of the situation, based on random browsing of LKML (anything in here may be wrong, so draw your own conclusions at the end):

    Intel has issued microcode patches that they claim will make most of their newer CPUs (90% of the ones shipped in the last years) “immune from Spectre and Meltdown”. The cornerstone seems to be a new feature called IBRS, which allows you to flush the branch predictor or possibly turn it off entirely (it's not entirely clear to me which one it is). There's also something called IBPB (indirect branch prediction barrier), which seems to be most useful for AMD processors (which don't support IBRS at the moment, except some do sort-of anyway, and also Intel supports it), and it works somewhat differently from IBRS, so I don't know much about it.

  • The disclosure on the processor bugs

    The rumored bugs in Intel (and beyond) processors have now been disclosed: they are called Meltdown and Spectre, and have the requisite cute logos. Stay tuned for more.

    See also: this Project Zero blog post. "Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01."

    See also: this Google blog posting on how it affects users of Google products in particular. "[Android] devices with the latest security update are protected. Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices. Supported Nexus and Pixel devices with the latest security update are protected."

  • How the Meltdown Vulnerability Fix Was Invented

    A major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others. Unusually, the exploit, called Meltdown, takes advantage of the processors’ hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

  • Why Intel x86 must die: Our cloud-centric future depends on open source chips

    Two highly publicized security flaws in the Intel x86 chip architecture have now emerged. They appear to affect other microprocessors made by AMD and designs licensed by ARM.

    And they may be some of the worst computer bugs in history -- if not the worst -- because they exist in hardware, not software, and in systems that number in the billions.

    These flaws, known as Meltdown and Spectre, are real doozies. They are so serious and far-reaching that the only potential fix in the immediate future is a software workaround that, when implemented, may slow down certain types of workloads as much as 30 percent.

  • Intel Acknowledges Chip-Level Security Vulnerability In Processors

    Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.

  • ​How Linux is dealing with Meltdown and Spectre

    He's not the only one unhappy with Intel. A Linux security expert is irked at both Google and Intel. He told me that Google Project Zero informed Intel about the security problems in April. But neither Google nor Intel bothered to tell the operating system vendors until months later. In addition, word began to leak out about the patches for these problems. This forced Apple, the Linux developers, and Microsoft to scramble to deliver patches to fundamental CPU security problems.

    The result has been fixes that degrade system performance in many instances. While we don't know yet how badly macOS and Windows will be affected, Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel's Meltdown flaw.

  • [Fedora] Protect your Fedora system against Meltdown

    You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack.

  • Today's CPU vulnerability: what you need to know

    The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

  • Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices

    Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

    The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

  • Intel CEO Sold $24 Million In Stocks After Google Exposed 10 Year Old Vulnerabilities

    In the month of November last year, Intel CEO Brian Krzanich sold off a big chunk of his company stocks worth $24 million (245,743 shares). The stocks were valued at $11 million back then. Now, the CEO is left with just 250,000 shares which fulfill the minimum requirement to continue his job.

  • “Meltdown” And “Spectre” Flaws: Affecting Almost All Devices With Intel, AMD, & ARM CPUs

    Just yesterday, a report from The Register disclosed a massive security screwup on behalf of Intel, which impacted nearly all chips manufactured in the past ten years. It was also reported that future patches released by the developers of Windows and Linux kernel could reduce the performance of devices up to 5-30%. That’s a lot.

  • Security updates for Thursday

    As might be guessed, a fair number of these updates are for the kernel and microcode changes to mitigate Meltdown and Spectre. More undoubtedly coming over the next weeks.

  • A collection of Meltdown/Spectre postings
  • Mitigations landing for new class of timing attack

    Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

  • Is PowerPC susceptible to Spectre? Yep.

    Meltdown is specific to x86 processors made by Intel; it does not appear to affect AMD. But virtually every CPU going back decades that has a feature called speculative execution is vulnerable to a variety of the Spectre attack. In short, for those processors that execute "future" code downstream in anticipation of what the results of certain branching operations will be, Spectre exploits the timing differences that occur when certain kinds of speculatively executed code changes what's in the processor cache. The attacker may not be able to read the memory directly, but (s)he can find out if it's in the cache by looking at those differences (in broad strokes, stuff in the cache is accessed more quickly), and/or exploit those timing changes as a way of signaling the attacking software with the actual data itself. Although only certain kinds of code can be vulnerable to this technique, an attacker could trick the processor into mistakenly speculatively executing code it wouldn't ordinarily run. These side effects are intrinsic to the processor's internal implementation of this feature, though it is made easier if you have the source code of the victim process, which is increasingly common.

read more

Programming: Rust 1.23, Machine Learning, Agile, PHP on Fedora/Red Hat, Perl

Fri, 2018-01-05 07:19
  • Announcing Rust 1.23

    The Rust team is happy to announce a new version of Rust, 1.23.0. Rust is a systems programming language focused on safety, speed, and concurrency.

  • Source{d} Applies Machine Learning to Help Companies Manage Their Code Bases

    If you go to GitHub, the most popular developer platform today, and search for a piece of code, it is a plain-text search.

    “It’s like how we used to search on the web in 1996,” said Eiso Kant, CEO and co-founder at source{d}, a startup focused on applying machine learning on top of source code.

    “We have been writing trillions of lines of source code across the world, but none of the systems or developer tools or programming languages we’ve designed actually learn from all the source code we have written.”

  • What is agile methodology? Modern software development explained

    Every software development organization today seems to practice the agile software development methodology, or a version of it. Or at least they believe they do. Whether you are new to application development or learned about software development decades ago using the waterfall software development methodology, today your work is at least influenced by the agile methodology.

    But what exactly is agile methodology, and how should it be practiced in software development?

  • PHP version 5.6.33, 7.0.27, 7.1.13 and 7.2.1

    RPM of PHP version 7.2.1 are available in the remi-php72 repository for Fedora 25-27 and Enterprise Linux ≥ 6 (RHEL, CentOS) and as Software Collection in the remi-safe repository.

  • What is Perl?

    Perl is a bit battle-scarred, but it’s battle-tested, too. If you want to experiment with the latest, flashiest technologies, Perl may not be your first choice. However, if your business depends on having solid software with a track record of getting things done, Perl’s often a great choice.

read more

Pages