TuxMachines

Subscribe to TuxMachines feed
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 13 min 3 sec ago

The November 2018 Issue of the PCLinuxOS Magazine

Sun, 2018-11-04 16:25

The PCLinuxOS Magazine staff is pleased to announce the release of the November 2018 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community.

read more

FreeBSD 12.0-BETA3 Now Available

Sun, 2018-11-04 03:19
  • FreeBSD 12.0-BETA3 Now Available

    The third BETA build of the 12.0-RELEASE release cycle is now available.

  • FreeBSD 12.0 Beta 3 Brings Bhyve Update, NUMA Disabling Via sysctl

    Another weekly beta release of FreeBSD 12 is now available for testing with the official release still being several weeks out.

    FreeBSD 12.0 Beta 3 now allows NUMA support to be disabled via a new vm.numa.disabled sysctl tunable, the Bhyve hypervisor can now allow the VNC server to listen for incoming IPv6 connections, various hardware driver updates, and SPE exception handling for PowerPCSPE architecture.

read more

Security: WireGuard, SamSam and New PortSmash Hyper-Threading CPU Vulnerability

Sat, 2018-11-03 21:24

read more

OpenBSD on a Laptop

Sat, 2018-11-03 21:21

It's been almost a year since I've posted any articles, and I'm afraid I have a confession to make...I've joined the dark side! Most people know my site from the How to Run a Mail Server post, which targeted FreeBSD. A few months ago, I converted all that infrastructure to an automated OpenBSD platform. Turns out OpenBSD was so much easier, I decided to run it as a desktop too.

You won't find nearly as many online resources about setting up OpenBSD, because honestly, you really don't need any. Unlike much of Linux and FreeBSD, the included manuals are high quality, coherent, and filled with practical examples. You also need very little third party software to do basic tasks—almost everything you need is well-integrated into the base system.

You'll notice that many features that require toil to achieve on FreeBSD, such as suspend on lid close, working volume buttons, and decent battery life, work out of the box on OpenBSD. You can tell the developers actually use this thing on their personal devices.

read more

Ubuntu 19.04 Release Date & Planned Features

Sat, 2018-11-03 19:41

The Ubuntu 19.04 release date is scheduled for April 18, 2019.

This date appears on the draft release schedule for Ubuntu 19.04 (named the ‘Disco Dingo’), which was recently added to the official Ubuntu Wiki.

read more

Wayland: SDL2 and Weston Is In Severe Need Of More Development Help

Sat, 2018-11-03 19:31
  • SDL2 Nukes Its Mir Support With Wayland Compatibility In Great Shape

    Following this week's release of SDL 2.0.9, Ryan Gordon has gone ahead and removed the Mir back-end from this portability/abstraction layer commonly used by cross-platform games.

    This removal is expected with Mir now offering great Wayland compatibility and in fact Mir's developers encouraging the support of the Wayland protocol and projects that did adopt the direct Mir APIs to instead go the Wayland route as it ends up being better for everyone -- Mir included.

  • Wayland's Weston Is In Severe Need Of More Development Help

    If you want to dive into the world of Wayland development or the Linux graphics stack as a possible career move, beginning with Weston would be a wise choice and they could really benefit from all the development resources they can receive.

    While many Linux desktop environments and other projects are working on their shiny new Wayland compositors, the Weston reference compositor hasn't been receiving much help aside from Collabora and a few other developers/organizations. This reference compositor where new Wayland technologies are often experimented with is in even more need of help now that Samsung restructured their Open-Source Group and looks like they'll no longer be contributing to Wayland/Weston. Samsung OSG had several developers working on Wayland, including often serving as release managers for the project.

read more

12 Firefox Add-ons for Developers & Designers

Sat, 2018-11-03 19:29

Just recently, we released a post on the 12 Google Chrome Extensions for Developers & Designers and while some of those extensions are available on Firefox, I wouldn’t repeat any here.

In the same way, some of the extensions listed below are available on Chrome so consider such apps as bonuses for the respective browsers.

Also: Daniel Lange: Firefox asking to be made the default browser again and again

read more

today's leftovers

Sat, 2018-11-03 18:32
  • The Monitoring Issue

    In 1935, Austrian physicist, Erwin Schrödinger, still flying high after his Nobel Prize win from two years earlier, created a simple thought experiment.

  • PodCTL #53 – The Internal Build vs Buy Discussion

    This week we had a great listener question that went something like this:

    “I work at a large company and we currently run a production Kubernetes (vendor-centric) environment. Some other groups in our company have some homegrown platforms that do similar functionality. How do we convince those other groups to work more closely with us, including potentially getting those group to switch over to our platform?”

  • How to Install and Use Chrony in Linux

    Chrony is a flexible implementation of the Network Time Protocol (NTP). It is used to synchronize the system clock from different NTP servers, reference clocks or via manual input.

    It can also be used NTPv4 server to provide time service to other servers in the same network. It is meant to operate flawlessly under different conditions such as intermittent network connection, heavily loaded networks, changing temperatures which may affect the clock of ordinary computers.

  •  

  • FPgM report: 2018-44
  • 20+ MongoDB Alternatives You Should Know About

    As MongoDB® has changed their license from AGPL to SSPL many are concerned by this change, and by how sudden it has been. Will SSPL be protective enough for MongoDB, or will the next change be to go to an altogether proprietary license? According to our poll, many are going to explore MongoDB alternatives. This blog post provides a brief outline of technologies to consider.

  • Antoine Beaupré: October 2018 report: LTS, Monkeysphere, Flatpak, Kubernetes, CD archival and calendar project

    As discussed last month, one of the options to resolve the pending GnuTLS security issues was to backport the latest 3.3.x series (3.3.30), an update proposed then uploaded as DLA-1560-1. I after a suggestion, I've included an explicit NEWS.Debian item warning people about the upgrade, a warning also included in the advisory itself.

    The most important change is probably dropping SSLv3, RC4, HMAC-SHA384 and HMAC-SHA256 from the list of algorithms, which could impact interoperability. Considering how old RC4 and SSLv3 are, however, this should be a welcome change. As for the HMAC changes, those are mandatory to fix the targeted vulnerabilities (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846).

  • Intel updates embedded toolsuite — but says it’s scaling back its IoT effort

    Intel launched Intel System Studio 2019, updating the Linux-friendly embedded toolsuite with improved performance and enhanced I/O analysis. Meanwhile, due to soaring demand for Intel’s Core and Xeon sales, it’s scaling back its lower-end IoT business.

    Intel has a habit of launching and the discontinuing special projects outside its core processor business, but one experiment that has stuck around is Intel System Studio. A lot has changed since we last checked on the Intel System Studio (ISS) development toolsuite when it launched in 2013. For example, while initially targeting both mobile and embedded software development for Linux and Android running on Intel processors, with the dissolution of Intel’s mobile business, it is now focused on optimizing embedded IoT applications running on its Atom, Core, and Xeon processors.

read more

GNOME: GNOME Translation Editor 3.30.0 and WebKit/WebKitGTK+ Updates

Sat, 2018-11-03 18:28
  • GNOME Translation Editor 3.30.0

    This new release isn't yet in flathub, but I'm working on it so we'll have a flatpak version really soon. Meantime you can test using the gnome nightly flatpak repo.

  • WebKitGTK+ 2.22.2 and 2.22.3, Media Source Extensions, and YouTube

    Last month, I attended the Web Engines Hackfest (hosted by Igalia in A Coruña, Spain) and also the WebKit Contributors Meeting (hosted by Apple in San Jose, California). These are easily the two biggest WebKit development events of the year, and it’s always amazing to meet everyone in person yet again. A Coruña is an amazing city, and every browser developer ought to visit at least once. And the Contributors Meeting is a no-brainer event for WebKit developers.

    One of the main discussion points this year was Media Source Extensions (MSE). MSE is basically a way for browsers to control how videos are downloaded. Until recently, if you were to play a YouTube video in Epiphany, you’d notice that the video loads way faster than it does in other browsers. This is because WebKitGTK+ — until recently — had no support for MSE. In other browsers, YouTube uses MSE to limit the speed at which video is downloaded, in order to reduce wasted bandwidth in case you stop watching the video before it ends. But with WebKitGTK+, MSE was not available, so videos would load as quickly as possible. MSE also makes it harder for browsers to offer the ability to download the videos; you’ll notice that neither Firefox nor Chrome offer to download the videos in their context menus, a feature that’s been available in Epiphany for as long as I remember.

  • On WebKit Build Options (Also: How to Accidentally Disable Important Security Features!)

    When building WebKitGTK+, it’s a good idea to stick to the default values for the build options. If you’re building some sort of embedded system and really know what you’re doing, then OK, it might make sense to change some settings and disable some stuff. But Linux distros are generally well-advised to stick to the defaults to avoid creating problems for users.

    One exception is if you need to disable certain features to avoid newer dependencies when building WebKit for older systems. For example, Ubuntu 18.04 disables web fonts (ENABLE_WOFF2=OFF) because it doesn’t have the libbrotli and libwoff2 dependencies that are required for that feature to work, hence some webpages will display using subpar fonts. And distributions shipping older versions of GStreamer will need to disable the ENABLE_MEDIA_SOURCE option (which is missing from the below feature list by mistake), since that requires the very latest GStreamer to work.

read more

OSS: LibreOffice ODF, Jahia DX 7.3 and TYPO3 v9 Released, ChRIS, EuroBSDcon 2018 and FSF Awards

Sat, 2018-11-03 18:25
  • LibreOffice ODF Document Processing Information Disclosure Vulnerability [CVE-2018-10583]

    A vulnerability in LibreOffice could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

    The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by persuading a user to open an OpenDocument Format (ODF) file containing an embedded Server Message Block (SMB) link. A successful exploit could cause the software to initiate the SMB connection, which the attacker could use to access sensitive information.

  • Jahia DX 7.3 and TYPO3 v9 Released, More Open Source News

    TYPO3 version 9 has been released and is now available for download. This latest version comes with 160 new features and approximately 720,000 new lines of PHP code.

    TYPO v9 is an LTS (Long Term Support) release that will be supported until October 2021, see development roadmap for further details. In addition, the ELTS (Extended Long Term Support), which TYPO3 GmbH offers is supported until October 2024.

    The new features in TYPO3 v9 offer a number of improvements for both business users and developers.

  • Intro to UX design for the ChRIS Project – Part 1

    One of the driving reasons for ChRIS’ creation was to allow for hospitals to own and control their own data without needing to give it up to the industry. How do you apply the latest cloud-based rapid data processing technology without giving your data to one of the big cloud companies? ChRIS has been built to interface with cloud providers such as the Massachusetts Open Cloud that have consortium-based data governance that allow for users to control their own data. I want to emphasize the cloud-based computing piece here because it’s important – ChRIS allows you [to] run image processing tools at scale in the cloud, so elaborate image processing that typically days, weeks, or months to complete could be completed in minutes. For a patient, this could enable a huge positive shift in their care – rather than have to wait for days to get back results of an imaging procedure (like an MRI), they could be consulted by their doctor and make decisions about their care that day.

  • EuroBSDcon 2018 Conference Recap

    The ”Hallway Track” is probably where I get the most value from attending these types of conferences. It is where I spend most of my time talking to company representatives about what work they’d like to see happen, finding out what their pain points are, and more importantly stressing how important it is for them to support the Project by making a financial contribution to the Foundation. In addition, during the conference, other Foundation Team and Board members gave tutorials, presentations, and had similar discussions with community members.

  • Last chance to submit your nominations for the FSF Awards!

    Is there someone who you think has advanced the progress of computing freedom, someone you think of as a free software hero? How about a great project that uses free software principles to benefit society? Now is your chance to nominate them for a Free Software Foundation (FSF) Award. The deadline to submit your nominations of individuals or projects for the FSF Awards is Sunday, November 4th, 2018 at 23:59 UTC.

    Each year the FSF gives out two awards at the LibrePlanet conference; the Award for the Advancement of Free Software and the Award for Projects of Social Benefit. The winners of the 2018 awards will be announced at LibrePlanet 2019, happening on March 23rd and 24th, 2019, in the Greater Boston Area.

    The FSF Award for the Advancement of Free Software is presented annually to an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software. Last year's award was accepted by Karen Sandler, the executive director of the Software Freedom Conservancy, as well as a perennial LibrePlanet speaker. Previous winners include Alexandre Oliva, Matthew Garrett, Alan Cox, Larry Lessig, Guido van Rossum, Miguel de Icaza and Larry Wall.

read more

GNU/Linux Distros: Parrot 4.2.2 Release and OSMC Update

Sat, 2018-11-03 17:23
  • Parrot 4.2.2 release notes

    We are proud to announce the release of Parrot 4.2.

    It was a very problematic release for our team because of the many important updates under the hood of a system that looks almost identical to its previous release, except for a new background designed by Federica Marasà and a new graphic theme (ARK-Dark).

  • OSMC's October update is here

    OSMC's October update is here with a large number of improvements. In particular, we've added support for new Raspberry Pi hardware and made a number of playback improvements for Vero 4K / Vero 4K +. HDR and bit depth switching should now work well without any manual configuration by users. Users should notice improved picture quality on these devices. We have now caught up on the Vero shipping backlog and we are offering prompt dispatch for all orders.

    Team Kodi have now announced that they have started the official beta release cycle for Kodi v18 (Leia). Test builds for Raspberry Pi and Vero devices are available in our forums.

read more

OSS Leftovers

Sat, 2018-11-03 15:23
  • The React Native team shares their open source roadmap, React Suite hits 3.4.0

    Yesterday, the React Native team shared further plans for React Native to provide a better support to its users and collaborators outside of Facebook. The team is planning to open source some of the internal tools and improve the widely used tools in the open source community. In order to ensure no breaking code is open sourced, they are also improving their testing infrastructure.

  • SD Times open-source project of the week: Infosys DevOps Platform

    Infosys has released what it calls a enterprise-class integrated DevOps platform into open source. According to the company’s Chief Operating Officer Pravin Rao, “enterprises pursuing digital transformation require Agile and DevOps at scale to rapidly adopt new technologies, transform legacy systems and respond swiftly to new requirements.” The Infosys DevOps Platform is meant to address this.

  • Is Open Source Project Participation Worthwhile?

    Community Involvement Keeps You Moving Forward

    Before we do a deep dive into some of the specific benefits of contributing to an open source project, let’s talk inertia. Inertia brings to mind the proverbial unyielding boulder, but Newton’s first law -- or law of inertia -- also states that a body in motion tends to stay in motion. Contributing to an open source project creates an “inertial moment” where moving forward becomes your new resting state. Switching between work and an open source project can increase your mental endurance. You can work longer and with better results, minus the burnout.

  • Embracing the Open Source Security Paradox [Ed: WhiteSource is a FUD source against FOSS security though  and it is close to Microsoft, as usual (still attacking FOSS by proxy)...]

    On this edition of the SecurityIntelligence podcast, we’re tackling the paradox of open source security. Sharing their expertise are Rami Elron, senior director of product management at WhiteSource, and David Marshak, senior offering manager for application security at IBM Security. Both Elron and Marshak are industry veterans with deep knowledge of open source issues, advantages and future trends.

  • Google open-sources BERT, a state-of-the-art pretraining technique for natural language processing

    Natural language processing (NLP) — the subcategory of artificial intelligence (AI) that spans language translation, sentiment analysis, semantic search, and dozens of other linguistic tasks — is easier said than done. Procuring diverse datasets large enough to train text-parsing AI systems is an ongoing challenge for researchers; modern deep learning models, which mimic the behavior of neurons in the human brain, improve when trained on millions, or even billions, of annotated examples.

    One popular solution is pretraining, which refines general-purpose language models trained on unlabeled text to perform specific tasks. Google this week open-sourced its cutting-edge take on the technique — Bidirectional Encoder Representations from Transformers, or BERT — which it claims enables developers to train a “state-of-the-art” NLP model in 30 minutes on a single Cloud TPU (tensor processing unit, Google’s cloud-hosted accelerator hardware) or a few hours on a single graphics processing unit.

  • Enterprises want more open source yet won't pay developers to work on it

    There's a big disconnect between developers and their employers, and the employers are going to lose as a result. According to a new DigitalOcean survey of more than 4,300 developers, 55% of those developers surveyed contribute to open source projects, but only 34% of companies afford them work time to do so. At least, if we define it as "open source related to their employment."

    [...]

    And even if it doesn't, those people who contribute most, learn most. And things that a developer learns supporting parts of Debian, for example, just might be directly applicable to her work supporting the company's dependence on Linux.

    It's great that companies increasingly recognize the value of open source to their businesses. It's less great that they can't seem to make the connection on the need for developers to be able to work on open source code as much or more than they write internal, proprietary code. As developer Matt Quirion put it to me, "I honestly have no idea how I'd even do my job without open source. That's been true for at least 10 years."

  • Revolutionizing democracy through blockchain and open-source technology

    The 34-year-old Siri grew up in Buenos Aires, where he lived for 30 years. Raised in an upper-middle-class neighborhood, he encountered an Argentina obsessed with finance, politics and soccer (or football if you’re anything other than American). 

    Siri began his career by creating a video game that simulated the experience of coaching and managing a soccer team. It was the first PC game to be published internationally from Argentina. The game was about much more than sports. It dealt with a lot of ethical decisions. As coach, you could bribe the referee or send in the hooligans. It was really a game about corruption.

  • #MoreThanCode: Technology for social justice

    There has long been a symbiotic relationship between the open source software movement and social justice champions. A recent research report, #MoreThanCode: Practitioners reimagine the landscape of technology for justice and equity, offers valuable advice to anyone interested in leveraging technology to support a cause.

    Produced by the Tech for Social Justice Project and co-led by Research Action Design (RAD) and the Open Technology Institute at New America (OTI), together with their research partners, #MoreThanCode aims to use technology to make heard the voices of diverse practitioners working for social justice.

  • New Keynote Speakers Announced for Hyperledger Global Forum

    With over 75 sessions, keynotes, hands-on technical workshops, social activities, evening events, and more, Hyperledger Global Forum gives you a unique opportunity to collaborate with the Hyperledger community, make new connections, learn about the latest production deployments, and further advance your blockchain skills. I

read more

Security: Election Cracking, FIFA Cracked, FDA Also Failing

Sat, 2018-11-03 15:19
  • We’re Still Way Too Vulnerable to Election [Cracking]

    Over the years, as paperless voting machines experienced problems around the country and election officials came to realize the folly of paperless elections, many counties and states switched to optical-scan machines. Today, about 80 percent of voters cast ballots either with optical-scan machines or on DRE machines outfitted with printers that produce a paper trail. Five states — Georgia, Louisiana, South Carolina, New Jersey, and Delaware — still use paperless systems exclusively, and nine states — Texas, Pennsylvania, Kansas, Tennessee, Florida, Arkansas, Indiana, Kentucky, and Mississippi — use paperless systems in some of their jurisdictions.

    But even though most machines now use paper ballots or produce a voter-verifiable paper backup, the election integrity problem has not been solved. Many states never look at the paper backup to verify the digital tallies, or they check only at a small percentage.

  • FIFA [crack] threatens further embarrassment to football's governing body
  • Infantino expects release of info from cyberattack on FIFA

    FIFA President Gianni Infantino is braced for a release of private information gained by [crack] after world soccer’s governing body said its computer network was subject to another cyberattack.

    The disclosure comes in the same month the U.S. Department of Justice and the FBI said Russia’s military intelligence body was responsible for a [crack] on FIFA in 2016, which led to evidence from anti-doping investigations and lab results being published.

  • FDA isn't doing enough to prevent medical device [cracking], HHS report says

    The report came after the inspector general's office identified cybersecurity in medical devices as one of the top management problems for Health and Human Services. The FDA is the division responsible for the safety of these devices.

    The report says policies did not adequately address medical device cybersecurity problems, the FDA had not sufficiently tested its ability to respond to emergencies, and it did not have written standard operating procedures.

    According to the report, the FDA had not adequately assessed the risk that cybersecurity in medical devices can pose, which is what led to these weaknesses.

read more

Future of KDE in Perspective

Sat, 2018-11-03 07:15
  • KDE has been deprecated in RHEL 7.6 and future version of RHEL

    Red Hat is moving KDE to EPEL (Extra Packages for Enterprise Linux) repo. To install KDE on a CentOS or RHEL or Fedora, you need to setup EPE repo. Fedora act as a test bed and upstream distro for RHEL. However, Red Hat is not going to put engineering and Software quality assurance (SQA) resources in KDE.

  • Red Hat killing off KDE [Ed: Misleading headline, I think by intention (author's history is a giveaway)]

    Red Hat appears to have used the news of its takeover by IBM to bury the news that it was killing off KDE.

    In the RHEL 7.6 changelog the following appears Red Hat said that KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated.

    'Deprecated' as used in Red Hat Enterprise Linux is a warning that certain functionality may be removed or replaced in the future.

  • Nitrux: Linux, KDE Plasma 5, Qt and Nomad Desktop

    This sounds very similar to Elementary OS, but instead of Gnome and Gtk+-oriented, it's built around Qt and KDE technologies. I like distributions that try to do something more interesting than being just another random Gnome or KDE distribution, and I especially like how the open source Linux community seems to be focusing more and more on polish, design, and simplicity lately. Very welcome additions to the Linux world.

read more

Ubuntu & Deja Dup - Get up, backup

Sat, 2018-11-03 07:05

Deja Dup is a deceptively clever tool. It looks too simple - blame Gnome for that - but it has an extensive set of options and features. In my testing, it was reliable. But then, Deja Dup can also be improved. Better and more fine-grained control of backup data (file control), better scheduling (exact times and/or conditions for when the backup ought to run), and slightly more clarity around backup retention. I am also not sure regarding encryption, and whether backup passwords actually mean exactly that. Lastly, the support for additional cloud services would be a nice thing, because there's no reason for any particular one or two to be featured and for the rest to be excluded. Duplicity does support numerous cloud platforms, there's no reason for Deja Dup to behave differently.

All that said, most Linux distributions do not promote backups well enough, and/or do not necessarily include simple and practical tools that even less skilled users can try with confidence. Ubuntu backups are not a new thing, of course, but I finally got around to testing the functionality, and I'm glad I did. This seems like a nice compromise between nothing and other, somewhat more difficult rsync frontends. Simple use, password protection and multi-location support are the main selling points. If you don't have your own robust backup mechanism in place, this is a good choice to start. Definitely worth checking out. Take care.

read more

Pages