Language Selection

English French German Italian Portuguese Spanish

February 2017

today's leftovers

Filed under
Misc

Linux Devices: Tizen and Pi Zero

Filed under
Linux
  • Samsung Z4 SM-Z400F could be the phone that runs Tizen 3.0 out of the box

    It has been over six months since the launch of the last Tizen Smartphone which was the Samsung Z2 and hence we should soon be seeing a successor to refresh the series. Earlier today, we reported on the leaked specifications and features of one such upcoming Tizen device which is the highly anticipated Samsung Z5. Now, we are getting hints on another Tizen device in the making bearing the Model name SM-Z400F which should logically be the Samsung Z4.

  • Smartphone Game: Dinosaur Simulator: Dino World platform Tizen

    Dino Simulator Dino World is a game where you are a dinosaur causing chaos all over the place. There is one objective and that is to kill, destroy, and to destroy more!!! By causing destuction to innocent people’s lives (and proberably killing those innocent people), you get points! (YAY!).

  • Pi Zero Wireless out now for $10

    Today, on the fifth anniversary of the release of the original Raspberry Pi, the Foundation has released Pi Zero W, a Pi Zero with built-in WiFi and Bluetooth, for $10.

    The original Pi Zero was great (and still is!)—but many people found its lack of wireless connectivity an inconvenience. Now with Zero W, you can connect to the Internet without using any adapters, and you can even use a Bluetooth mouse and keyboard rather than wired USB, or use a Bluetooth speaker for audio.

FOSS Licensing: ZFS in Debian and Creative Commons

Filed under
OSS
Legal
  • On ZFS in Debian

    I’m currently over at FOSDEM, and have been asked by a couple of people about the state of ZFS and Debian. So, I thought I’d give a quick post to explain what Debian’s current plan is (which has come together with a lot of discussion with the FTP Masters and others around what we should do).

    [...]

    Debian has always prided itself in providing the unequivocally correct solution to our users and downstream distributions. This also includes licenses – we make sure that Debian will contain 100% free software. This means that if you install Debian, you are guaranteed freedoms offered under the DFSG and our social contract.

  • Complying with Creative Commons license attribution requirements in slides and powerpoint

    When I was at Mozilla and WMF, I frequently got asked how to give proper credit when using Creative Commons-licensed images in slideshows. I got the question again last week, and am working on slides right now, so here’s a quick guide.

Leftovers: OSS and Sharing/Transparency

Filed under
OSS
  • ‘Use open source software for GIS mapping’

    Open sourcing of data for Geographical Information System (GIS) mapping will create a huge potential for employment and transparency in administration, secretary of OSGEO-India V. Ravi Kumar has said.

    Proprietary software for GIS costs up to Rs. .30 lakh. Instead, utilising tools developed using open software and training youth would help in creating employment locally, he said. Money will be spent on those working using GIS but not for the software, he said.

  • ESI Group: Acquisition of Scilab Enterprises, Publisher of Scilab Open Source Analytical Computational Software
  • Release notes for the Genode OS Framework 17.02

    After the revision of Genode's most fundamental protocols in the previous release it was time to move our attention upwards the software stack. The current release largely revisits the integration of the C runtime with the Genode component API as well as the virtual-file-system (VFS) infrastructure. The two biggest challenges were making Genode's VFS capable to perform I/O asynchronously, and to make the C runtime compatible with the state-machine-based execution model of modern Genode components. This line of work is described in detail in Sections Enhanced VFS infrastructure and New execution model of the C runtime. One particularly exciting result is the brand-new ability to plug the Linux TCP/IP stack as a VFS plugin into any libc-using component by the sole means of component configuration.

  • Genode OS 17.02 Released With Improved VFS, New Input Event Processing

    Genode OS 17.02 has been released today as the latest version of this open-source operating system framework.

    Accomplished for Genode OS 17.02 were ABI improvements, a much better virtual file-system (VFS) implementation, new input event processing capabilities, and a dynamic component-composition engine.

  • heads 0.0 is out!

    heads 0.0 is a preview live CD of what heads is going to be about. This release is not intended to be used from a security point of view, but as a showcase and testing point of view.

    I am not even completely sure everything is torified, but hey, that's what testing is for, no?

  • IKEA's Idealistic Open Source Garden Orb
  • Denmark’s draft IT architecture open for comment

    Denmark’s Agency for Digitisation (Digitaliseringsstyrelsen - DIGST) is inviting comments on its draft IT architecture for digitalisation of the public sector. The document sets out the IT principles for the country’s 33 digitisation initiatives.

  • Norway working on first IT procurement frameworks

    Norway’s government procurement centre (ANS) and the Agency for Public Management and e-Government (Difi) are preparing the country’s first procurement frameworks related to IT. The first call, on telephony services, will be published in the next few days. The second call, for telephony and PC workstations, is expected around 24 April. Calls will be published on both Norway’s and Europe’s procurement portals, Doffin and Ted.

  • France prepares next Open Government action plan

    The 2017-2019 Open Government Action Plan is being prepared by the government modernisation unit (Secretariat-General for Government Modernisation, SGMAP). This week, on Tuesday, SGMAP is hosting a public workshop, where it will present a draft of the plan. The final text is expected in September.

  • Make food production data open source, urges MIT Media Lab

    Agriculture production data should be public and the open source movement should be the model for analysing it, according to the Open Agriculture initiative at MIT Media Lab.

    This could involve making the data from every farming IoT sensor public - so you could use the climate data to understand how best to grow what and where, or use other IoT data points to trace where the food has come from across the whole supply chain.

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

Linux and Linux Foundation

Filed under
Linux

GNOME News

Filed under
GNOME
  • Hands on with the new Night Light feature in GNOME 3.24

    We take a look at GNOME Night Light, a blue light filter that is included in the GNOME 3.24 desktop and adjusts the color temperature of the display.

  • New Printers Panel

    As I mentioned in my previous post about the New Users Panel, we are happy to be able to include a new Printers panel in GNOME 3.24.

    The Printers panel is also part of the GNOME Control Center redesign effort which intents to introduce the new shell in 3.26

  • Profiling Flatpak’d applications
  • Attended FOSDEM 2017

    Containerised applications solve these issues. Maybe. He mentioned Flatpak, snappy, and Appimage. The former is the oldest technology dating all the way back to 2003. The solutions have in common that they bundle the app and run it in some kind of container or sandbox. From his criteria, the compatibility issue is solved, because the libraries are in the bundles. Portability is solved, because all dependencies are shipped in the bundle. And the pace of change is up to the app developer.

  • Custom terminal titles are back in Fedora

    Almost four years ago, in GNOME 3.12, the ability to have custom terminal titles was removed from gnome-terminal. As is wont to happen, users who dealt with scores of similar looking terminal tabs and windows were quick to express their grief at this loss.

Red Hat News

Filed under
Red Hat

today's howtos

Filed under
HowTos

Gemini PDA is like a tiny Android/Linux laptop with premium specs (crowdfunding)

Filed under
Android
Linux

Are physical keyboards for mobile devices making a comeback? TCL and BlackBery just launched a new phone with a QWERTY keyboard. A keyboard module for the Moto Z smartphone is generating some buzz. And an Indiegogo campaign for a 7 inch, pocket-sized Windows notebook has raised over $1.7 million (so far).

Now the folks at UK-based Planet Computers want to bring back the idea of a small, clamshell computer. And they’ve partnered with the designer of the classic Psion Series 5 to do it.

Read more

More in Tux Machines

Graphics: RADV Vulkan Driver, Intel Codecs and Defects, NVIDIA Firmware

  • RADV Vulkan Driver Adds Option For Zeroing Out Video Memory

    New to Mesa 20.1-devel is a new option for the Radeon Vulkan "RADV" driver to enable zeroing out video memory allocations. This isn't a new concept with other graphics drivers offering similar functionality for zeroing out the vRAM either for security reasons or working around pesky game/app issues. For example, RadeonSI OpenGL zeros out the vRAM for Rocket League to workaround buggy behavior with that game. But zeroing out the video memory normally isn't done by default for all allocations due to performance reasons. With the new flag to zero vRAM allocations for the RADV Vulkan driver it was done by Valve's Samuel Pitoiset. In this case he mentions it's in part for "future work."

  • Intel Gen12/Xe Graphics To Support 12-Bit HEVC/VP9 Decode

    We are learning more about the media engine capabilities with the forthcoming Intel "Gen12" (Xe) Tiger Lake graphics. The documentation for Intel's open-source media-driver that exposes VA-API capabilities on the Linux desktop was recently updated. That updated Intel VA-API Media Driver points to Intel Gen12 dropping VP8 video capabilities but expanding when it comes to 12-bit codec support.

  • Intel Sends Out Latest Patches For Mitigating Graphics Flaw On Ivybridge/Haswell

    It has been one month and a few days since Intel first made public the need for graphics driver patching of Gen 7/7.5 graphics for older Ivybridge / Haswell hardware to fix a graphics hardware flaw. That vulnerability also affected the common Intel Gen9 graphics but there the mitigation was uneventful and quickly merged without causing any performance hit. But for Ivybridge/Haswell one month later the graphics driver mitigation for CVE-2019-14615 is still being addressed. This vulnerability is also known as iGPU Leak by the researchers that discovered it but for the Gen7/Gen7.5 protection the mitigation has been particularly problematic. With the initial Gen7/Gen7.5 patches posted in mid-January there was a huge hit to the graphics performance while Intel worked towards no performance loss.

  • NVIDIA Posts Firmware Needed For Open-Source GeForce 16 Series Acceleration

    As written about last week, in the works for the Linux 5.7 kernel this spring is open-source NVIDIA "Nouveau" acceleration for the GeForce 16 series. That code is currently sitting in the Nouveau development tree until landing in DRM-Next for Linux 5.7, but NVIDIA has now posted the necessary firmware binaries needed for enabling the hardware acceleration on these Turing GPUs.

EasyOS version 2.2.11 released (Easy Buster version 2.2.11)

EasyOS versions 1.x are the "Pyro" series, the latest is 1.3. Easy Pyro is built with packages compiled from source using 'oe-qky-src', a fork of OpenEmbedded. Consequently, the builds are small and streamlined and integrated. The Pyro series may have future releases, but it is considered to be in maintenance status. The "Buster" series start from version 2.0, and are intended to be where most of the action is, ongoing. Version 2.0 was really a beta-quality build, to allow the testers to report back. The first official release was 2.1. The main feature of Easy Buster is that it is built from Debian 10 Buster DEBs, using WoofQ (a fork of Woof2: Woof-CE is another fork, used to build Puppy Linux). The advantage of Buster over Pyro is access to the large Debian package repositories. That is a big plus. Read more More in: EasyOS version 2.2.11 released Also: Working-partition ext4 filesystem shuts down unclean

Games: Dad Quest, Unrailed, SteamWorld, Dying Light, Steam and SGT Puzzles Collection

  • Children are indestructible weapons in 'Dad Quest' - Linux Beta out now

    Possibly one of the quirkiest platformers I've ever come across, Dad Quest is now officially in Beta for Linux on Steam. A story-based platformer, with what developer Sundae Month claim is their own 'unique brand of comedy'. It's set in a world where children are indestructible weapons, ready to be hurled towards enemies. As a parent, I will admit it sounds amusing. According to the description you will teach your child new combat skills using 'a variety of deadly toys'.

  • Hilarious co-op train track building game 'Unrailed!' is now officially on Linux

    After a little while being in Beta, Indoor Astronaut have today released the Linux (and macOS) versions of Unrailed! so they're officially supported.

  • The full SteamWorld series is heading to Google Stadia "soon"

    While they're seemingly not giving an exact date just yet, Thunderful Publishing and Image & Form announced today that multiple SteamWorld titles are heading to Google Stadia.

  • Dying Light gets a massive update with a 'Story Mode' plus a free weekend

    Techland are keeping their baby alive a while longer (especially after delaying Dying Light 2), and it appears they didn't forget it turned 5 last month with a huge update and celebration. Since Dying Light has been out five years they're kicking off a big celebration. It's having a Free Weekend on Steam for the first time! A really good opportunity to see what the fuss is all about and I sure do fuss about it a lot. It really is a great game! One of my absolute favourites.

  • How to use community control schemes in Steam for Linux

    Sick of plugging your gaming controller into your Linux PC, only to find that the game does not have any gamepad controls set up? As it turns out, Steam has a solution for that. Did you know that you can add custom controller layouts for your Steam games on Linux? It’s true! Thanks to Steam’s stellar controller support on Linux, anyone can bind custom controls to their gaming controller! Follow along to learn how to do it on your system!

  • SGT Puzzles Collection 0.2.5 Released

    SGT Puzzles Collection, or simply sgt-launcher, is a game launcher and wrapper for Simon Tatham’s Portable Puzzle Collection, a popular collection of logic games by the developer of PuTTY. Joining the Xubuntu package set way back in Xubuntu 17.10 "Artful Aardvark", SGT Puzzles Collection has quietly provided Xubuntu users with a variety of distracting games for several releases. If you want to learn more about the project, check out my introductory blog post.

Linux Foundation: LF Networking, Xen Project Outreachy Connected to Microsoft, FUD Against FOSS Connected to Snyk and Synopsys (Black Duck, Microsoft 'Outposts')

  • LF Networking Expands Ecosystem — Adds Members, Leads Initiatives to Automate 5G deployments and accelerate Automation

    LF Networking (LFN), which facilitates collaboration and operational excellence across open networking projects, today announced the addition of nine new members.The project welcomes new Silver members A10 Networks, AMD, Codilime, Mirantis, Robin.io, Solutions by STC, ULAK, and Xilinx, and Associate members University of California San Diego, and University of Surrey. “It’s great to kick off 2020 by welcoming a new swath of global members to the LFN community,” said Arpit Joshipura, general manager, Networking, Edge & IoT, the Linux Foundation. “We’re expanding our member ecosystem in tandem with growth across initiatives that harmonize open source an open standards, enable automated testing and deployment, and further Cloud Native Network Functions as open source becomes more mainstream.” The newest LFN members will work alongside the 100+ existing member organizations to drive development, testing and implementation of LFN’s networking projects, including FD.io, ONAP, OpenDaylight, OpenSwitch, OPNFV, PNDA, SNAS, and Tungsten Fabric.

  • Xen Project is Participating in May 2020 to August 2020 Outreachy Internships Round [Ed: Microsoft continues to 'buy the agenda' of the 'Linux' Foundation]

    The Xen Project is excited to be participating in the Outreachy internship program which supports diversity in free and open source software. The Xen Project’s participation in this round is being sponsored by Microsoft (1 internship). Interns have to make an initial application which primarily verifies eligibility to the Outreachy program by February 25 at 4pm UTC: for more information see here. Applicants with an approved initial application can start to enquire about projects from March 5th and can then formally apply. During the application period, applicants are expected to contribute to the Xen Project while in parallel working on the detailed application. The final application deadline is April 7, 2020 at 4pm UTC. Applicants interested in becoming a Xen Project Intern can see our projects here and here (link not live until March 5th).

  • New Linux Foundation | Harvard Study Reveals Hard Truths, Actionable Steps for Open Source Security [Ed: Linux Foundation now works with Microsoft proxies/allies Snyk and Black Duck to smear FOSS]

    Open source has made its way into almost every server farm, consumer device and service we use, and it’s done so without most people even realizing it. Almost no one knows what is in their phones, apps or business data centers. This is wreaking havoc on the global supply chain, so much so that the U.S. House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation inquiring about it. The Linux Foundation did its best to summarize a very complex situation in its response. So with the help of Harvard researchers and companies like Snyk and Synopsys, we set out to produce our second Census of open source software but this time, with a focus on what open source software projects show up in production applications. At the heart of this is a desire to understand how we take a preventative care approach to security, rather than a reactionary one.