Language Selection

English French German Italian Portuguese Spanish

June 2018

today's leftovers

Filed under
Misc
  • Microsoft quietly cuts off Win7 support for older Intel computers

    If you have a Pentium III, for example, you may no longer be able to install Win7 Monthly Rollups or Security-only patches, in spite of Microsoft's promise to support you until January 2020. It’s all about SSE2 and some retroactively fudged documentation. Will anybody notice?

  • Tracy Rosenberg on ICE’s Corporate Collaborators, Patty Lovera on the Undercovered Farm Bill

    This week on CounterSpin: “As a company, Microsoft is dismayed by the forcible separation of children from their families at the border,” the global tech company declared in a statement. “Family unification has been a fundamental tenet of American policy and law since the end of World War II.” The same Microsoft bragged a few months ago about ICE’s use of its Azure cloud computing services to “accelerate facial recognition and identification” of immigrants, though the post has since been altered to omit the phrase “we’re proud to support this work with our mission-critical cloud.”

  • SUSE Linux Enterprise 15 Announced As a Modular Operating System for Businesses

    SUSE announced the release of the long-anticipated SUSE Linux Enterprise 15 operating system for businesses and organizations of all sizes, bringing new features, updated components, and state-of-the-art GNU/Linux technologies.

  • Fedora To Deprecate YUM in Fedora 29 Release

    Many Linux users familiar with Fedora, CentOS, and Red Hat Enterprise Linux are familiar with YUM, but are oblivious to its origins in the much lesser known Yellowdog Linux, a now discontinued PowerPC variant of CentOS. And now, it seems, YUM is heading in the same direction.

  • Fourth GSoC Report

    As announced in the last report, i started looking into SSO solutions and evaluated and tested them. At the begining my focus was on SAML integration, but i soon realized that OAuth2 would be more important.

    I started with installing Lemonldap-NG. LL-NG is a WebSSO solution writting in perl that uses ModPerl or FastCGI for delivering Webcontent. There is a Debian package in stable, so the installation was no problem at all. The configuration was a bit harder, as LL-NG has a complex architecture with different vhosts. But after some fiddling i managed to connect the installation to our test LDAP instance and was able to authenticate against the LL-NG portal. Then i started to research how to integrate an OAuth2 client. For the tests i had on the one hand a gitlab installation that i tried to connect to the OAuth2 providers using the omniauth-oauth2-generic strategy. To have a bit more fine grained control over the OAuth2 client configuration i also used the python requests-oauthlib module and modified the web app example from their documentation to my needs. After some fiddling and a bit of back and forth on the lemonldap-ng mailinglist i managed both test clients to authenticate against LL-NG.

  • Automation & Risk

    Linaro created the LAVA (Linaro Automated Validation Architecture) project in 2010 to automate testing of software using real hardware. Over the seven years of automation in Linaro so far, LAVA has also spread into other labs across the world. Millions of test jobs have been run, across over one hundred different types of devices, ARM, x86 and emulated. Varied primary boot methods have been used alone or in combination, including U-Boot, UEFI, Fastboot, IoT, PXE. The Linaro lab itself has supported over 150 devices, covering more than 40 different device types. Major developments within LAVA include MultiNode and VLAN support. As a result of this data, the LAVA team have identified a series of automated testing failures which can be traced to decisions made during hardware design or firmware development. The hardest part of the development of LAVA has always been integrating new device types, arising from issues with hardware design and firmware implementations. There are a range of issues with automating new hardware and the experience of the LAVA lab and software teams has highlighted areas where decisions at the hardware design stage have delayed deployment of automation or made the task of triage of automation failures much harder than necessary.

OSS Leftovers

Filed under
OSS
  • ASIFA-Hollywood Continues Commitment to Open-Source Animation Technology

    The International Animated Film Society, ASIFA-Hollywood announced its continued commitment to open-source animation technology earlier in June with a special development sponsorship to Synfig, a 2D vector graphics animation program. The amount awarded was $2,000. This grant will help keep their new developer employed full-time, working on bug-fixes and improving stability of the free and open source software.

  • SD Times Open-Source Project of the Week: FLIR Systems

    FLIR Systems is enabling the acceleration of being able to test thermal sensors on autonomous vehicles with the release of its open-source thermal dataset, which features more than 10,000 annotated thermal images of day and nighttime scenarios.

    The company has over a decade of experience within the automotive industry. More than 500,000 FLIR thermal sensors are installed in driver warning systems from various automakers including General Motors, Volkswagen, Audi, BMW, and Mercedes-Benz, according to the company.

    This dataset will enable developers to evaluate thermal sensors on next-generation algorithms. By combining this data with visible light cameras, LiDAR, and RADAR, developers will be able to build a more comprehensive and redundant system for identifying objects on the road.

  • Keeping Ethereum's Promise: CryptoKitties Is Embracing Open-Source

    Announced this week, CryptoKitties debuted a number of new initiatives that will further decentralize its popular ethereum app, which while largely passing under the radar, show the startup is making strides to give users rights. It's been the subject of criticism for the beloved game, which raised $12 million in March with the expectation it would loosen controls on its code in line with the larger crypto ethos.

    Among a slew of updates, CryptoKitties is open-sourcing its API and smart contracts for gameplay in the KittyVerse – a virtual world of experiences including catfights, racing and accessories – through a developer toolkit. Plus, it's updated its user agreements to be more lenient and introduced a players' rights contract called the Nifty License.

  • CryptoKitties Goes Open Source

    One of the most popular ethereum-based dApp projects, CryptoKitties, has announced several changes and new initiatives to further decentralize the premium virtual feline offering, reports CoinDesk.

    [...]

    In addition, it has also raised questions about whether the project really operates in a truly decentralized manner. For instance, it is possible for Kitty Core, the owner of the CryptoKitties project, to edit the underlying algorithm and mutate a popular or high-worth digital kitten despite objections from the kitten's owner. Essentially, the project runs in a centralized manner, with the project owner(s) having the utmost power.

  • What does Microsoft’s acquisition of GitHub mean for the future of open source? [Ed: White Source is a Trojan horse. Now it's perfuming Microsoft entryism]
  • Puppet's Cisco-Led $42M Round Going to Cloud and Containers

Mozilla: Graphs, Ads, VR and Python 3

Filed under
Moz/FF
  • Some More Very Satisfying Graphs

    The power of cleaning up old code: removing 150kb from the average “main” ping sent multiple times per day by each and every Firefox Nightly user.

  • Ad-blocker-blockers hit a new low. What's the solution?

    It may be the wrong day to slam the local newspapers, but this was what greeted me trying to click through to a linked newspaper article this morning on Firefox Android. The link I was sent was from the Riverside Press-Enterprise, but this appears to be throughout the entire network of the P-E's owners, the Southern California News Group (which includes the Orange County Register, San Bernardino Sun and Los Angeles Daily News):

  • This week in Mixed Reality: Issue 11

    This week, we're making great strides in adding new features and making a wide range of improvements and our new contributors are also helping us fix bugs.

  • Python unit tests now running with Python 3 at Mozilla

Programming: LLVM, GCC, RcppArmadillo

Filed under
Development
  • LLVM Gets ARMv8.4 Enablement, GCC Gets Cortex-A76 Support

    It's been another busy week in compiler land for ARM.

    First up, the GCC compiler now officially supports the Cortex-A76. The A76 is the new Cortex processor announced back in May for yielding much better performance and efficiency, especially for AI and machine learning.

  • Compiler fuzzing, part 1

    Much has been written about fuzzing compilers already, but there is not a lot that I could find about fuzzing compilers using more modern fuzzing techniques where coverage information is fed back into the fuzzer to find more bugs.

  • GCC Picks Up Meaningful Bash Completion Support To Help With Compiler Options

    One of the advantages of the LLVM Clang compiler has been better integration with Bash completion support, but now the GCC compiler supports a --completion argument for feeding into the Bash completion script with better matching of supported options/values when typing into a supported terminal.

  • RcppArmadillo 0.8.600.0.0

    A new RcppArmadillo release 0.8.600.0.0, based on the new Armadillo release 8.600.0 from this week, just arrived on CRAN.

    It follows our (and Conrad’s) bi-monthly release schedule. We have made interim and release candidate versions available via the GitHub repo (and as usual thoroughly tested them) but this is the real release cycle. A matching Debian release will be prepared in due course.

Linux Foundation Growing

Filed under
Linux

"Chromebooks with Linux app support will soon be able to install Debian packages" and More Google-Linux Work

Filed under
GNU
Linux
Google
Debian
  • Chromebooks with Linux app support will soon be able to install Debian packages

    Recent code updates indicate forthcoming support for no-fuss Debian .deb package installation on Chrome OS devices that support Linux apps. The forthcoming feature will bring a new flow for installing Linux applications through .deb packages. A string of commits shows that support isn’t simply being turned on, but that all the finicky elements like interacting with the terminal, checking dependencies, and authentication will be hidden from the user.

  • Google aims lower than Android Go with new $22m investment

    KaiOS is one of the fastest growing mobile platforms right now, bringing smart functionality to feature-phones in emerging markets. Google has evidently been paying attention, because the Mountain View firm has made a $22-million investment in the company.

  • LTE-enabled Samsung Chromebook on the way, suggest new commits

    Only days after launching the second version of the Chromebook Plus (V2), Samsung seems to be working on one more variant of the Chromebook. In fact, the South Korean giant is now venturing into the always-connected Chromebook market. XDA Developers have unearthed a Coreboot code commit which shows the introduction of a new SKU of Nautilus (which, if you’re not aware is the codename for the Chromebook Plus V2). The commit clearly shows configuration changes that mention LTE support.

  • Google Updates: More Linux Chromebooks, World Cup tags and 'Better Together'

    Another 18 Chromebooks will be able to run Linux apps soon. The plan to roll out the windowed apps, further making them a viable alternative to Windows, now takes in Chrome OS machines from Lenovo, Acer, Asus and Dell joining the frey.

Linux Driver 'Ousts' AMD Plans

Filed under
Graphics/Benchmarks
Linux

Linux Kernel 4.16 Reaches End of Life and Other Kernel Blurbs

Filed under
Linux
  • Linux Kernel 4.16 Reaches End of Life, Users Are Urged to Upgrade to Linux 4.17

    Just two months after the end of life of the Linux 4.15 kernel series, renowned Linux kernel maintainer Greg Kroah-Hartman announced the end of life of Linux kernel 4.16.

    Back on April 2018, Greg Kroah-Hartman announced the eighteenth point release to the Linux 4.15 kernel series to inform the Linux community that this is the last update that would be released for the branch, urging users to update to the Linux 4.16 kernel series, which appears to have followed the same road.

    Earlier this week, the developer released Linux 4.16.18 as the eighteenth and also the last maintenance update in the series, notifying users that Linux kernel 4.16 is now EOL (End of Life) and won’t receive further updates. Greg Kroah-Hartman urged users to move to a more recent Linux branch, namely the Linux 4.17 kernel series.

  • Linux kernel 4.16 reaches end of life

    Linux kernel maintainer Greg Kroah-Hartman has announced that the Linux 4.16 kernel has reached end of life.

    As reported by Softpedia News, Linux 4.16.18 has been released – and it is the last maintenance update in the series.

    Kroah-Hartman has told users to therefore upgrade to the Linux 4.17 kernel series.

    “This is the LAST 4.16.y kernel release. This branch is now end-of-life. Please move to the 4.17.y kernel now,” he stated in his announcement.

  • Stupid RCU Tricks: Changes to -rcu Workflow
  • Linux Security Summit North America 2018: Schedule Published

Snaps in the Mainstream

Filed under
Ubuntu
  • Is implementing and managing Linux applications becoming a snap?

    Quick to install, safe to run, easy to update, and dramatically easier to maintain and support, snaps represent a big step forward in Linux software development and distribution. Starting with Ubuntu and now available for Arch Linux, Debian, Fedora, Gentoo Linux, and openSUSE, snaps offer a number of significant advantages over traditional application packaging.

  • Fingbox Network Security Appliance Adopts Canonical’s Ubuntu Core Linux & Snaps

    If you’re in the market for a network security appliance running a Linux-based operating system, you should know that Fing’s Fingbox adopted Canonical’s Ubuntu Core embedded operating system for IoT devices and its Snappy technologies for seamless software updates.

    Fingbox is a plug’n play network security appliance and mobile application for Android and iOS that promises to help you protect your smart home from a wide range of online attacks. To achieve this goal, Fingbox uses the Ubuntu Core operating system, a slimed-down variant of the world’s most popular Linux-based operating system used by millions of computer users worldwide.

More in Tux Machines

Security Leftovers

  • Cryptojacking Code Found in 11 Open Libraries, Thousands Infected

    A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times. Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

  • Malicious cryptojacking code found in 11 Ruby libraries

    Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people. The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.

  • Cryptojacking Scripts Found in 11 Open-Source Code Libraries

    According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.

  • First‑of‑its‑kind spyware sneaks into Google Play
  • Open-source spyware bypasses Google Play defenses — twice

    Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017. Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores. While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

  • 61 impacted versions of Apache Struts left off security advisories

    Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework. The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.

  • Sectigo Sponsors Automated Certificate Issuance and Renewal in Electronic Frontier Foundation’s Certbot Open Source Software Tool

    Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.

GNU Parallel 20190822 ('Jesper Svarre') released [stable]

GNU Parallel 20190822 ('Jesper Svarre') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

KDE ISO Image Writer – Release Announcement

My GSoC project comes to an end and I am going to conclude this series of articles by announcing the release of a beta version of KDE ISO Image Writer. Read more Also: How I got a project in Labplot KDE

Linux Foundation: Automotive Grade Linux Announcement and Calling Surveillance Operations "Confidential Computing"

  • Automotive Grade Linux Announces New Instrument Cluster Expert Group and UCB 8.0 Code Release

    Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0. The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020. “AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”

  • Shhh! Microsoft, Intel, Google and more sign up to the Confidential Computing Consortium

    The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data. The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing. The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.

  • Tech giants come together to form cloud security watchdog

    Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others. The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services. At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”

  • Tech firms join forces to boost cloud security

    Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. [...] “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

  • Google, Intel and Microsoft form data protection consortium
  • Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing

    Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.

  • Confidential Computing: How Big Tech Companies Are Coming Together To Secure Data At All Levels

    Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry. The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

  • IT giants join forces for full-system data security

    Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors. Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.

  • Google, Intel, and Microsoft partner to improve cloud security

    Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.

  • Alibaba, Baidu, Google, Microsoft, Others Back Confidential Computing Consortium

    The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.

  • Microsoft, Intel and others are doubling down on open source Linux security

    In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.

  • Microsoft, Intel, and Red Hat Back Confidential Computing

    The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants. Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.