Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 24 min 43 sec ago

Leftovers: Software

Fri, 2016-10-21 12:57
  • Easy, Automated Benchmarking On Linux With PTS

    It's easy to run benchmarks on Linux as well as Solaris, BSD, and other operating systems, using our own Phoronix Test Suite open-source benchmarking software.

    For those that haven't had the opportunity to play with the Phoronix Test Suite for Linux benchmarking, it's really easy to get started. Aside from the official documentation, which is admittedly limited due to time/resource constraints, there are a few independent guides, Wiki pages, and other resources out there to get started.

  • LibreOffice 5.3 Alpha Tagged, New Features Inbound

    The first alpha release of the upcoming LibreOffice 5.3 open-source office suite was tagged a short time ago in Git.

    LibreOffice 5.3 is a major update to this distant fork of OpenOffice.org. LibreOffice 5.3.0 is planned to be officially released in late January or early February while this week's alpha one is just the first step of the process. The hard feature freeze on 5.3 is at the end of November followed by a series of betas and release candidates. Those interested in more details on the release schedule can see this Wiki page.

  • MPV 0.21 Player Adds CUDA, Better Raspberry Pi Support

    MPV Player 0.21 is now available as the latest version of this popular fork of MPlayer/MPlayer2.

    MPV 0.21 adds support for CUDA and NVDEC (NVIDIA Decode) as an alternative to VDPAU. The NVIDIA decode support using CUDA was added to make up for VDPAU's current lack of HEVC Main 10 profile support. Those unfamiliar with NVDEC can see NVIDIA's documentation.

  • MPV 0.21.0 Media Player Adds Nvidia CUDA Support, Raspberry Pi Hardware Decoding

    Today, October 20, 2016, MPV developer Martin Herkt proudly announced the release of another maintenance update of the very popular MPV open-source and cross-platform media player software based on MPlayer.

    Looking at the release notes, which we've also attached at the end of the story for your reading pleasure, MPV 0.21.0 is a major update that adds a large amount of new features, options and commands, but also addresses dozens of bugs reported by users since the MPV 0.20.0 release, and introduces other minor enhancements.

    Among the most important new features, we can mention the ability to allow profile forward-references in the default profile, as well as support for Nvidia CUDA and cuvid/NvDecode, which appears to be a welcome addition to GNU/Linux distributions where HEVC Main 10 support is missing.

  • anytime 0.0.4: New features and fixes

    A brand-new release of anytime is now on CRAN following the three earlier releases since mid-September. anytime aims to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and does so without requiring a format string. See the anytime page for a few examples.

read more

KDE Leftovers

Fri, 2016-10-21 12:56
  • Choose Your Own Experience in Plasma 5.8 and beyond

    One of the key points of Plasma is while giving a simple default desktop experience, not limiting the user to that single, pre-packed one size fits all UI.

  • KDevelop 5.0.2 released for Windows and Linux

    Four weeks after the release of KDevelop 5.0.1, we are happy to announce the availability of KDevelop 5.0.2, a second stabilization release in the 5.0 series. We highly recommend to update to version 5.0.2 if you are currently using version 5.0.1 or 5.0.0.

  • Wayland improvements since Plasma 5.8 release

    Two weeks have passed since the Plasma 5.8 release and our Wayland efforts have seen quite some improvements. Some changes went into Plasma 5.8 as bug fixes, some changes are only available in master for the next release. With this blog post I want to highlight what we have improved since Plasma 5.8.

  • Wayland For KDE Plasma 5.9 Should Shape Up Quite Nicely

    Plasma 5.8 was only released at the beginning of October but already there has been a number of Wayland improvements queuing up for the next milestone, Plasma 5.9.

    KWin maintainer Martin Gräßlin wrote a blog post yesterday about some of the early Wayland changes coming for Plasma 5.9. Some of this early work for the next KDE Plasma 5 release includes resize-only borders, global shortcut handling, support for keyboard LEDs via libinput, relative pointer support, the color scheme syncing to the window decoration, window icon improvements, multi-screen improvements, panel imporvements, and more.

  • Autumn Sale in the Krita Shop
  • .

read more

Linux/FOSS Events

Fri, 2016-10-21 12:55
  • FOSDEM Desktops DevRoom 2016 all for Participation

    FOSDEM is one of the largest (5,000+ hackers!) gatherings of Free Software contributors in the world and happens each February in Brussels (Belgium, Europe).

    Once again, one of the tracks will be the Desktops DevRoom (formerly known as “CrossDesktop DevRoom”), which will host Desktop-related talks.

    We are now inviting proposals for talks about Free/Libre/Open-source Software on the topics of Desktop development, Desktop applications and interoperability amongst Desktop Environments. This is a unique opportunity to show novel ideas and developments to a wide technical audience.

  • LatinoWare

    Yesterday, Wednesday 19 oct, was the first day of LatinoWare thirteen edition hosted in the city of Foz do Iguaçu in Parana state with presence of 5155 participants and temperature of 36ºC. Currently this is the biggest event of free software in Brazil.

  • Attending a FUDcon LATAM 2016

    From my experience I will share my days at FUDcon 2016 held on Puno last week. There were 3 core days, and 2 more days to visit around.

read more

Games for GNU/Linux

Fri, 2016-10-21 12:40

read more

Linux Foundation and Linux

Fri, 2016-10-21 12:37
  • Intel Turbo Boost Max 3.0 Patches Updated For Linux 4.9

    Intel has updated its currently out-of-tree Turbo Boost Max Technology 3.0 patches for compatibility against the Linux 4.9-rc1 kernel plus made other improvements to the code.

    These patches have been worked on the past few months after Intel PR initially claimed no TBM 3.0 Linux support. The patches have gone through several public revisions but sadly didn't make it for integration into the mainline Linux 4.9 kernel.

  • Linux 4.9 Is Showing A Performance Boost On More Systems

    Earlier this week I posted some benchmarks of a Core i7 6800K Broadwell-E system seeing performance boosts under Linux 4.9 and it turns out it's looking more widespread than just affecting a niche system or two. When testing a more traditional Intel Haswell desktop, Linux 4.9 Git is seeing more wins over Linux 4.8 and 4.7 kernels.

    Following that earlier 4.9 Git benchmarking I set out to do a fairly large Linux kernel comparison on a Haswell system to go back three or so years worth of kernel releases. That big kernel comparison will be finished up and posted in the days ahead, but already from this Core i7 4790K Devil's Canyon system I am seeing some performance improvements with 4.9 Git to share over 4.7.0 and 4.8.0 stock kernels...

  • Linux Foundation Welcomes JavaScript Community

    Kris Borchers, executive director of the foundation, announced the news, saying that the JavaScript Foundation aims "to support a vast array of technologies that complement projects throughout the entire JavaScript ecosystem."

    This includes both client and server side application libraries, mobile application testing frameworks, and JavaScript engines.

    All jQuery Foundation projects will also be united within the JS Foundation including jQuery, Lodash, ESLint, Esprima, Grunt, RequireJS, jQuery UI, Globalize, Sizzle, Jed, and Dojo.

read more

OpenStack in the Headlines

Fri, 2016-10-21 12:23
  • Mirantis and NTT Com Double Down on OpenStack

    Mirantis continues to drive forward with new partnerships focused on the OpenStack cloud computing platform. The company and NTT Communications Corporation (NTT Com) have announced that they will partner to offer fully managed Private OpenStack as a service in NTT Com Enterprise Cloud and its data center services across the globe. NTT Com, in becoming Mirantis’ first data center services partner, says it will offer Mirantis Managed OpenStack on NTT Com Enterprise Cloud’s Metal-as-a-Service.

  • Using metrics effectively in OpenStack development

    At the OpenStack summit taking place this month in Barcelona, Ildikó Váncsa will be speaking on metrics in her talk Metrics: Friends or Enemies? She will discuss OpenStack metrics and how they can be used in software development processes, both for the individual developer and manager.

    I caught up with Ildikó before her talk to learn more about how metrics in OpenStack help guide developers and companies, and how they also drive evolution of the OpenStack community itself.

read more

Patten: How to exorcise Windows from your old computer

Fri, 2016-10-21 12:17

You may have heard of Linux (also known as GNU/Linux), but only as something that hackers use. It has a reputation for being unwieldy and hard. That reputation is deserved … sometimes.

But anyone can learn it. And if it’s good enough for Barbie, it should be good enough for you.

The best part: It’s free, free, free.

Linux is actually a kind of operating system, just as a mammal is a kind of animal. Linux systems are all similar or identical at the core (also known as the kernel). But they come in a lot of varieties, or distros. (Fun fact: Much of the Android operating system is based on Linux.)

The hard part about Linux isn’t learning. It’s choosing.

Also: Kodi-fying an old computer

read more

Dirty Cow, Ubuntu @ 12, Save a Penguin

Fri, 2016-10-21 12:02

Dirty Cow is a local privilege vulnerability that can allow one to gain root access. Specifically, "race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." Linus signed off and pushed the patch to git a few days ago and distributions are currently updating their products. This is considered a critical bug and users are encouraged to update as soon as possible because researchers have found code in the wild to exploit it. Worse still, the exploit leaves little or no trace of being compromised. So, keep an eye on your update applets or security advisories over the next few days. Since this bug has been in existence for so long, Kees Cook had to revise his critical bug lifetime average from 3.3 to 5.2 years, while the overall average for all bugs increased only slightly.

read more

CVE-2016-5195 Patched

Fri, 2016-10-21 11:51
  • Linux Kernels 4.8.3, 4.7.9 & 4.4.26 LTS Out to Patch "Dirty COW" Security Flaw

    Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability.

    Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.

  • Canonical Patches Ancient "Dirty COW" Kernel Bug in All Supported Ubuntu OSes

    As reported earlier, three new Linux kernel maintenance releases arrived for various Linux-based operating systems, patching a critical and ancient bug popularly known as "Dirty COW."

    We already told you that the kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.

read more

Mad Max Now on GNU/Linux

Fri, 2016-10-21 11:46
  • Mad Max Open World Action-Adventure Video Game Released for Linux, SteamOS & Mac

    After teasing us earlier this month, today, October 20, 2016, Feral Interactive had the great pleasure of announcing the release of the Mad Max open world action-adventure video game for the SteamOS, Linux, and Mac platforms.

    Feral Interactive is well known for bringing AAA titles to the Linux and Mac gaming world, and after porting the Tomb Raider 2013 reboot last year to our beloved platforms, which continue to get more fans by the day, now the UK-based video games publisher delights us with the superb Mad Max title developed by Avalanche Studios and published by Warner Bros.

  • Mad Max Launches For Linux

    Feral Interactive's port of Mad Max to Linux (and macOS) is now officially out and can be found on Steam.

    Feral announced their Mad Max port at the beginning of October while today it's ready to ship. As mentioned in that original article, the Linux system requirements are fairly stiff with only listing NVIDIA hardware under Linux and the minimum being a GTX 660 while the recommendation is at least a GTX 970.

  • Mad Max Appears To Work Fine With RadeonSI Gallium3D

    This morning's release of the Mad Max game for Linux lists only NVIDIA graphics as supported, but it does turn out at least for newer AMD GPUs using the RadeonSI Gallium3D driver things should work -- well, assuming you are using the latest open-source driver code.

  • Mad Max released for Linux, port report and review available

    Mad Max is the latest Linux port from Feral Interactive, probably one of the titles I have been most excited about so hopefully it lives up to the promise.

    It has only been a few weeks since Feral Interactive released Dawn of War II, Chaos Rising and Retribution on Linux, and now we have a real whopper with Mad Max.

    Something Linux lacks is a reasonable amount of high quality open-world story-based games. We started getting a few with Borderlands 2 and Shadow of Mordor, but another top quality game like this is a must for us to keep the interest up.

read more

Red Hat and Fedora

Fri, 2016-10-21 10:54
  • Red Hat – the open source conglomerate

    As successful companies grow, they accumulate products; new ones are developed and additional ones are acquired. Managing diverse portfolios is a challenge, not least when it comes to putting it all together on a single presentation slide to make it appear there is an overall coherent product strategy.

  • Ericsson Embraces Red Hat OpenStack Platform

    Ericsson and Red Hat today announced a broad alliance to work together on network functions virtualization (NFV) products. And the telco infrastructure provider will now support the Red Hat OpenStack Platform.

    Ericsson already has a longstanding distribution partnership with Red Hat that includes Red Hat Enterprise Linux and Red Hat JBoss Middleware. The existing distribution partnerships define not only commercial terms, but also joint support models, co-engineering and certification testing, and joint go-to-market collaboration.

  • Raleigh's Red Hat teams up with Ericsson

    Open-source software firm Red Hat (NYSE: RHT) has teamed up with Ericsson (Nasdaq: ERIC) on what the companies are calling a “broad alliance” aimed at transforming the information and communications technology market.

    Red Hat, headquartered at downtown Raleigh’s Red Hat Tower, announced that its new partnership with Ericsson would allow the duo to deliver fully open-source and production-ready cloud infrastructure, spanning OpenStack, software-defined networking and software-defined infrastructure.

  • FCAIC in the House

    The job is like many other roles called “Community Manager” or “Community Lead.” That means there is a focus on metrics and experiences. One role is to try ensure smooth forward movement of the project towards its goals. Another role is to serve as a source of information and motivation. Another role is as a liaison between the project and significant downstream and sponsoring organizations.

    In Fedora, this means I help the Fedora Project Leader. I try to be the yen to his yang, the zig to his zag, or the right hand to his right elbow. In all seriousness, it means that I work on a lot of the non-engineering focused areas of the Fedora Project. While Matthew has responsibility for the project as a whole I try to think about users and contributors and be mechanics of keeping the project running smoothly.

  • keepalived: Simple HA

    We have been using keepalived in Fedora Infrastructure for a while now. It’s a pretty easy to use and simple way to do some basic HA. Keepalived can keep track of which machine is “master” for a IP address and quickly fail over and back when moving that IP address around. You can also run scripts on state change. Keepalived uses VRRP and handles updating arp tables when IP addresses move around. It also supports weighting so you can prefer one or another server to “normally” have the master IP/scripts.

  • What does Factory 2.0 mean for Modularity?

    This blog now has a drop-down category called Modularity. But, many arteries of Modularity lead into a project called Factory 2.0. These two are, in fact, pretty much inseparable. In this post, we’ll talk about the 5 problems that need to be solved before Modularity can really live.

    The origins of Factory 2.0 go back a few years, when Matthew Miller started the conversation at Flock. The first suggested names were “Fedora Rings”, “Envs and Stacks”, and Alephs.

  • varnish-5.0, varnish-modules-0.9.2 and hitch-1.4.1, packages for Fedora and EPEL

    The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL.

    varnish-5.0 has configuration changes, so the updated package has been pushed to rawhide, but will not replace the ones currently in EPEL nor in Fedora stable. Those who need varnish-5.0 for EPEL may use my COPR repos at https://copr.fedorainfracloud.org/coprs/ingvar/varnish50/. They include the varnish-5.0 and matching varnish-modules packages, and are compatible with EPEL 5, 6, and 7.

  • Installroot in DNF-2.0

read more

Security News

Fri, 2016-10-21 10:52
  • Security advisories for Thursday
  • More information about Dirty COW (aka CVE-2016-5195)

    The security hole fixed in the stable kernels released today has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.

  • CVE-2016-5195

    My prior post showed my research from earlier in the year at the 2016 Linux Security Summit on kernel security flaw lifetimes. Now that CVE-2016-5195 is public, here are updated graphs and statistics. Due to their rarity, the Critical bug average has now jumped from 3.3 years to 5.2 years. There aren’t many, but, as I mentioned, they still exist, whether you know about them or not. CVE-2016-5195 was sitting on everyone’s machine when I gave my LSS talk, and there are still other flaws on all our Linux machines right now. (And, I should note, this problem is not unique to Linux.) Dealing with knowing that there are always going to be bugs present requires proactive kernel self-protection (to minimize the effects of possible flaws) and vendors dedicated to updating their devices regularly and quickly (to keep the exposure window minimized once a flaw is widely known).

  • “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)

    While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

  • Linux users urged to protect against 'Dirty COW' security flaw

    Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'.

    This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild.

    Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used.

    "The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.

  • Hackers Hit U.S. Senate GOP Committee

    The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC).


    Dataflow markets itself as an “offshore” hosting provider with presences in Belize and The Seychelles. Dataflow has long been advertised on Russian-language cybercrime forums as an offshore haven that offers so-called “bulletproof hosting,” a phrase used to describe hosting firms that court all manner of sites that most legitimate hosting firms shun, including those that knowingly host spam and phishing sites as well as malicious software.

    De Groot published a list of the sites currently present at Dataflow. The list speaks for itself as a collection of badness, including quite a number of Russian-language sites selling synthetic drugs and stolen credit card data.

    According to De Groot, other sites that were retrofitted with the malware included e-commerce sites for the shoe maker Converse as well as the automaker Audi, although he says those sites and the NRSC’s have been scrubbed of the malicious software since his report was published.

    But De Groot said the hackers behind this scheme are continuing to find new sites to compromise.

    “Last Monday my scans found about 5,900 hacked sites,” he said. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.”

  • Thoughts on the BTB Paper

    The Branch Target Buffer (BTB) whitepaper presents some interesting information. It details potential side-channel attacks by utilizing timing attacks against the branch prediction hardware present in Intel Haswell processors. The article does not mention Intel processors later than Haswell, such as Broadwell or Skylake.

    Side-channel attacks are always interesting and fun. Indeed, the authors have stumbled into areas that need more research. Their research can be applicable in certain circumstances.

    As a side-note, KASLR in general is rather weak and can be considered a waste of time[1]. The discussion why is outside the scope of this article.

read more

Android Leftovers

Fri, 2016-10-21 10:52

read more

Debian-Based Parsix GNU/Linux 8.15 "Nev" Gets First Test Build, Ships GNOME 3.22

Fri, 2016-10-21 10:28

Today, October 21, 2016, the developers of the Debian-based Parsix GNU/Linux operating system proudly announced the availability for download of the first test build of the upcoming Parsix GNU/Linux 8.15 "Nev" release.

read more

Open source where possible in Polish Gdańsk

Fri, 2016-10-21 10:26

The city of Gdańsk, Poland’s sixth largest city, is using open source software applications where possible. Open source is called an ‘important element’ in the Operational Programmes, made public in August. This document describes the tasks and activities set out by the city to achieve the goals it defined in the Gdańsk 2030 Plus Development Strategy.

read more

Fedora 26 Linux to Retire the Synaptics Driver for a Better Touchpad Experience

Fri, 2016-10-21 10:15

Today, October 20, 2016, Red Hat's Fedora Program Manager Jan Kurik informed the Fedora Linux community about an upcoming system-wide change proposal for the Fedora 26 release.

read more

Meet Remix IO, All-in-One Android 7 Nougat-Powered PC, TV Box & Gaming Console

Fri, 2016-10-21 10:13

Today, October 20, 2016, Softpedia was informed by Jide Technology, the team behind the popular Android-x86-based Remix OS operating system, about an upcoming device called Remix IO.

read more

Top 8 Linux Distributions Of 2016

Fri, 2016-10-21 10:11

There are quite a number of linux distribution out there and new ones are being added as the days go by. This means picking a distro amongst the lot becomes quite a difficulty. Luckily for you, I have hand-picked the best linux distributions in 2016 for you. These are the top distributions targeting very different uses and users and I bet at least one is going to appeal to you. So let’s get started.

read more

Red Hat's Software Collections 2.3 and Developer Toolset 6 Suites Enter Beta

Fri, 2016-10-21 02:14

Today, October 20, 2016, Red Hat had the pleasure of announcing the release and immediate availability of the Beta builds of its upcoming Software Collections 2.3 and Developer Toolset 6 collections of tools for developers.

read more