TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 34 min 48 sec ago

DragonFlyBSD Continues Squeezing More Performance Out Of AMD's Threadripper 2990WX

Wed, 2018-10-17 17:37

DragonFlyBSD 5.4 should be a really great release if you are a BSD user and have an AMD Threadripper 2 box, particularly the flagship Threadripper 2990WX 32-core / 64-thread processor.

The project leader of this long ago fork from FreeBSD, Matthew Dillon, has been quite outspoken about the Threadripper 2990WX since he purchased one earlier this summer. This prolific BSD developer has been praising the performance out of the Threadripper 2990WX since he got the system working on the current DragonFlyBSD 5.3 development builds.

Since getting DragonFlyBSD running on the Threadripper 2 hardware in August, he's routinely been making performance tuning optimizations to DragonFly's kernel to benefit the 2990WX given its NUMA design.

read more

Arm Launches Mbed Linux and Extends Pelion IoT Service

Wed, 2018-10-17 17:33

Politics and international relations may be fraught with acrimony these days, but the tech world seems a bit friendlier of late. Last week Microsoft joined the Open Invention Network and agreed to grant a royalty-free, unrestricted license of its 60,000-patent portfolio to other OIN members, thereby enabling Android and Linux device manufacturers to avoid exorbitant patent payments. This week, Arm and Intel kept up the happy talk by agreeing to a partnership involving IoT device provisioning.

Arm’s recently announced Pelion IoT Platform will align with Intel’s Secure Device Onboard (SDO) provisioning technology to make it easier for IoT vendors and customers to onboard both x86 and Arm-based devices using a common Peleon platform. Arm also announced Pelion related partnerships with myDevices and Arduino (see farther below).

read more

Programming: Version Control With Git, 5 Things Your Team Should Do to Make Pull Requests Less Painful and More GitHub Workflow Automation

Wed, 2018-10-17 17:03
  • How to Use Git Version Control System in Linux [Comprehensive Guide]

    Version Control (revision control or source control) is a way of recording changes to a file or collection of files over time so that you can recall specific versions later. A version control system (or VCS in short) is a tool that records changes to files on a filesystem.

    There are many version control systems out there, but Git is currently the most popular and frequently used, especially for source code management. Version control can actually be used for nearly any type of file on a computer, not only source code.

  • 5 Things Your Team Should Do to Make Pull Requests Less Painful

    A user story is a short description of a unit of work that needs doing. It’s normally told from the perspective of the user, hence the name. The journey towards a good pull request starts with a well-written user story. It should be scoped to a single thing that a user can do in the system being built.

  • More GitHub workflow automation

    The more you use computers, the more you see the potentials for automating everything. Who doesn't love that? By building Mergify those last months, we've decided it was time bring more automation to the development workflow.

read more

today's howtos

Wed, 2018-10-17 16:59

read more

Games: Cultist Simulator, Planetary Annihilation: TITANS, CrossOver 18, Updated Proton 3.16 Beta, Descenders, Bridge Constructor Portal, Train Valley 2, Sipho

Wed, 2018-10-17 16:29

read more

Security: Stamos, E-mail and RAT Arrest

Wed, 2018-10-17 10:42

read more

Browsing the web with Min, a minimalist open source web browser

Wed, 2018-10-17 09:47

Does the world need another web browser? Even though the days of having a multiplicity of browsers to choose from are long gone, there still are folks out there developing new applications that help us use the web.

One of those new-fangled browsers is Min. As its name suggests (well, suggests to me, anyway), Min is a minimalist browser. That doesn't mean it's deficient in any significant way, and its open source, Apache 2.0 license piques my interest.

read more

Security: Patches, FUD and Voting Machines

Wed, 2018-10-17 08:40
  • libssh 0.8.4 and 0.7.6 security and bugfix release

    libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

  • A Cybersecurity Weak Link: Linux and IoT [Ed: Blaming "Linux" for companies that put default passwords on all their products? Windows has back doors.]
  • Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

    But University of Michigan grad student Matt Bernhard has demonstrated that he can bypass the tamper-evident seals in seconds, using a shim made from a slice of a soda can. The bypass is undetectable and doesn't damage the seal, which can be resecured after an attacker gains access to the system.

  • Security Seals Used to Protect Voting Machines Can Be Easily Opened With Shim Crafted from a Soda Can

    Bernhard, who is an expert witness for election integrity activists in a lawsuit filed in Georgia to force officials to get rid of paperless voting machines used in that state, said the issue of security ties and seals came up in the lawsuit earlier this year when Fulton County Elections Director Richard Barron told the court that his Georgia county relies on tamper-evident metal and plastic ties to seal voting machines and prevent anyone with physical access to the machines from subverting them while they sit in polling places days before an election.

    [...]

    He noted that defeating ties and seals in non-tamper-evident ways isn’t the only method to wreak havoc on an election in Michigan. The state has a unique law that prohibits ballots from being used in a recount if the number of voters doesn't match the number of ballots cast at a precinct or if the seal on a ballot box is broken or has a different serial number than what it should have. Someone who wanted to wreak havoc on an election or alter an election outcome in Michigan could purposely tamper with ballot box seals in a way that is evident or simply replace them with a seal bearing a different serial number in order to get ballots excluded from a recount. The law came into sharp relief after the 2016 presidential election when Green Party candidate Jill Stein sought to get a statewide recount in Michigan and two other critical swing states and found that some precincts in Wayne County couldn't be recounted because the number of voters who signed the poll books—which get certified with a seal signed by officials—didn't match the number of ballots scanned on the voting machines.

read more

OSS: Hedera Hashgraph, Service Providers, and Renaming the Bro Project

Wed, 2018-10-17 07:30
  • Hedera Hashgraph Distributed Ledger Technology Shares New Open-Source SDK [Ed: Hedera needs to delete GitHub, however, as the new head of GitHub killed Java projects like Hedera's]

    Hedera Hashgraph, one of the DApp facilitators within the blockchain industry recently announced that it has released its Software Development Kit (SDK) in Java.

  • Service Providers Should Adapt to Open Source World

    Finding differing opinions on open source with the telecom industry isn't hard to do, especially where orchestration is concerned. That's why a panel discussion on open source and MANO at the Light Reading NFV-Carrier SDN event in Denver seemed an odd place to find such outspoken agreement on that topic, but there it was.

    Four smart guys, none shy with their opinions, all seemed to agree on key points around open source, the need for standards, the role of vendors and the lack of internal software skills. But they also agreed that telecom service providers are struggling a bit to understand how to proceed in an open source world and still need some fundamental internal changes.

  • Renaming the Bro Project

    More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now the name "Bro" is alas much more of a distraction than a reminder.

    On the Leadership Team of the Bro Project, we heard clear concerns from the Bro community that the name "Bro" has taken on strongly negative connotations, such as "Bro culture". These send a sharp, anti-inclusive - and wholly unintended and undesirable - message to those who might use Bro. The problems were significant enough that during BroCon community sessions, several people have mentioned substantial difficulties in getting their upper management to even consider using open-source software with such a seemingly ill-chosen, off-putting name.

read more

Back End: Apache Kafka, 'Serverless'

Wed, 2018-10-17 07:00

read more

Microsoft Lies and Openwashing

Wed, 2018-10-17 06:58

read more

Red Hat Leftovers

Wed, 2018-10-17 06:57

read more

Why MX Linux Is the Windows Alternative You’ve Been Waiting For

Wed, 2018-10-17 05:38

If you’re looking for a Windows alternative but have shied away from Linux, MX Linux may be the solution you’ve been waiting for.

Linux distributions have always held promise for Windows users to migrate away from an expensive OS. Even Windows 10 has enough quirks and issues that a truly robust and functional Linux alternative could easily entice longtime Windows users to switch.

Let’s take a closer look at MX Linux from the perspective of a longtime Windows user.

read more

Chromebox and Chrome 'Hacks'

Wed, 2018-10-17 05:21
  • CTL’s New CBX1 Chromebox is a Powerhouse at a Great Price

    Chromeboxes are really great desktops for users who have moved their workflow into a web browser, especially at lower prices. You don’t need higher specs inside a Chromebox for it to work well, but it can help.

    For those who want a supercharged Chromebox on the cheap, Oregon-based CTL has just the thing for you. Its new Chromebox—the CBX1—has all the high-end parts you could want, at a comparatively low price.

  • How to Install Progressive Web Apps (PWAs) in Chrome

    Chrome 70, available now, lets you install “Progressive Web Apps,” or PWAs, on Windows. When you visit a website with a PWA, like Twitter or Spotify, you can now “install” it to make it behave more like a normal desktop application.

  • How to Stop Chrome From Automatically Signing You Into the Browser

    With Chrome 69, Google began automatically signing you into the Chrome browser whenever you signed into a Google website like Gmail. Chrome 70, available now, has a hidden option to disable this feature.

    We don’t think most Chrome users will care about this. But, if you do care, Google now gives you a choice. And that’s good news.

read more

MongoDB Becomes More Affero GPL-Like

Wed, 2018-10-17 05:18
  • Fed up with cloud giants ripping off its database, MongoDB forks new open-source license

    After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.

    And, inevitably, some responded by forking the affected code.

    Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.

    "Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.

    Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.

  • MongoDB switches up its open-source license

    MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. To combat this, MongoDB today announced it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.

    Previously, MongoDB used the GNU AGPLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.

  • MongoDB license could push open source deeper into cloud: Is this what industry needs?

    Things just got serious in open source land. Despite the occasional Commons Clause or Fair Source licensing attempt to change the meaning of the words "open source" to include "the right for a private company to make money from its open source efforts," we've stuck to the Open Source Definition, and it has served us well. Open source communities have become the center of the innovation universe, giving us exceptional code like Linux, Kubernetes, Apache Kafka, and more.

  • It's MongoDB's turn to change its open source license

    The old maxim that the nice thing about standards is that there are so many to choose from could well apply to open source licensing. While now nearing a couple years old, the last WhiteSource Software survey of the top 10 open source licenses found close competition between the GPL, MIT, and Apache licenses. While the commercial-friendly Apache license has dominated the world of big data platforms and AI frameworks, MIT and GPL (which has "copyleft" provisions requiring developers to contribute back all modifications and enhancements) continues to be popular. GPL and variants such as the AGPL have been popular amongst vendors that seek to control their own open source projects, like MongoDB.

  • Matthew Garrett: Initial thoughts on MongoDB's new Server Side Public License

    MongoDB just announced that they were relicensing under their new Server Side Public License. This is basically the Affero GPL except with section 13 largely replaced with new text, as follows:

    "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.

    “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

    MongoDB admit that this license is not currently open source in the sense of being approved by the Open Source Initiative, but say:"We believe that the SSPL meets the standards for an open source license and are working to have it approved by the OSI."

    At the broadest level, AGPL requires you to distribute the source code to the AGPLed work[1] while the SSPL requires you to distribute the source code to everything involved in providing the service. Having a license place requirements around things that aren't derived works of the covered code is unusual but not entirely unheard of - the GPL requires you to provide build scripts even if they're not strictly derived works, and you could probably make an argument that the anti-Tivoisation provisions of GPL3 fall into this category.

read more

Graphics: Mesa, DisplayPort's Forward Error Correction and New Driver From NVIDIA

Wed, 2018-10-17 05:12
  • Mesa Vulkan Drivers Move Ahead With PCI Bus Info, Calibrated Timestamps

    With this weekend's release of Vulkan 1.1.88 stealing the show was the Vulkan transform feedback capability to allow projects like DXVK to support Direct3D's Stream Output functionality. But besides VK_EXT_transform_feedback, there are other extensions also being worked on for Mesa ANV / RADV Vulkan driver coverage.

  • Intel DRM Linux Driver Working On DisplayPort Forward Error Correction

    DisplayPort's Forward Error Correction (FEC) is part of the specification since DP 1.4 and is for ensuring reliable, error-free video transport. Forward Error Correction allows for correcting link errors and a "glitch-free visual experience" by using a Reed-Solomon parity/correction check. The DisplayPort sink can detect and correct any small errors in the compressed video stream.

  • NVIDIA GeForce RTX 2070 Linux Benchmarks Will Be Coming

    NVIDIA's embargo for reviews on the GeForce RTX 2070 graphics cards has now expired ahead of the expected retail availability on Wednesday.

  • NVIDIA 410.66 Linux Driver Released With RTX 2070 Support, Vulkan Ray-Tracing, Etc

    NVIDIA has released the 410.66 Linux graphics driver today as their first stable release in the 410 series and comes with support for the new GeForce RTX 2070 graphics card.

    The main addition to the NVIDIA 410 Linux driver series is the initial Turing GPU support with the GeForce RTX 2070/2080 graphics cards. Besides enabling Turing support, the NVIDIA 410 driver has initial RTX ray-tracing support with Vulkan. The NVIDIA driver ships new libnvidia-rtcore.so and libnvidia-cbl.so libraries for this ray-tracing functionality. The OptiX ray-tracing engine is also bundled as libnvoptix.so.

read more

Kernel: Linux 4.19 and Some New/Upcoming Features

Wed, 2018-10-17 05:09
  • The Biggest Features Of Linux 4.19: Intel/AMD, CoC, 802.11ax, EROFS, GPS & GASKET

    With the Linux 4.19 kernel set to be released next weekend, here's a recap of the most prominent features to be found in this next kernel release.

  • Linux's LoRa Is Ready To Deliver Long-Range, Low-Power Wireless

    Adding to the long list of new features for what will be Linux 4.20 or likely renamed to Linux 5.0 per Linus Torvalds' numbering preferences is a new wireless networking subsystem within the kernel's networking code... Meet LoRa.

    LoRa is a long-range, low-power wireless standard with the bits planned for the mainline kernel been in the works for the past number of months. LoRa was developed for IoT use-cases and runs on sub-gigahertz radio frequency bands while aiming for transmissions that can span beyond 10 kilometers (6+ miles). LoRa is designed to be inexpensive and work out well for deployment in rural and remote environments. The frequencies that LoRa operates at also requires no licenses.

  • The Next Linux Kernel Will Bring More Drivers Converted To Use BLK-MQ I/O

    More Linux storage drivers have been converted to the "blk-mq" interfaces for the multi-queue block I/O queuing mechanism for the 4.20~5.0 kernel cycle.

    Blk-mq is capable of delivering much better performance with modern storage devices -- namely NVMe PCI Express SSDs but also SCSI drives. This code that's been part of the Linux kernel the past few years allows mapping I/O to multiple queues and distributing the tasks across multiple CPU threads, thus scaling better with today's multi-core servers, while also supporting multiple hardware queues of capable devices.

read more

The Expected Feature We Didn't See Yet For Ubuntu 18.10 and Ubuntu Server's Latest

Wed, 2018-10-17 05:07
  • The Expected Feature We Didn't See Yet For Ubuntu 18.10

    While Ubuntu 18.10 is set to roll out this week with its new theme and an assortment of package updates and other enhancements, there is one feature Canonical previously talked about for the Ubuntu 18.10 "Cosmic Cuttlefish" cycle that we have yet to see made public.

    After Canonical added a software/hardware survey on new installs for the Ubuntu 18.04 cycle to collect statistics on its users, for the Ubuntu 18.10 cycle is when they were planning on making that mass amount of data public. But unfortunately the 18.10 release is nearing this week and we've heard nothing out of Canonical on making this data public.

  • Ubuntu Server Is Making It Easier To Deploy Let's Encrypt SSL Certificates

    The Ubuntu Server developers are looking to make it easier to deploy free SSL/TLS certificates from Let's Encrypt.

    Robie Basak of Canonical has been working on a Snap package for Certbot, one of the command-line clients for automating the setup process of generating and deploying certificates from Let's Encrypt.

  • Ubuntu Server development summary – 16 Oct 2018

    The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.

read more

Pages