Language Selection

English French German Italian Portuguese Spanish

February 2019

Best 15 Linux Painting Tools for Professionals and Digital Artists

Filed under
Software

Painting tools have been a must and an essential part of our daily life. From personal to professional purposes, it has an immense area to employ. Whether you wish to retouch your family photos or finalize the product photos for your business, painting software has been turned into an extraordinary source in all the platforms. Today I am going to discuss some vital Linux painting tools for professionals and digital artists.

Like the other operating systems, Linux has all the facilities with a great working environment. It is a stable and secure platform where you can use some excellent painting tools for your professional and personal purposes. You can get natural paint on a digital canvas with the help of different artistic tools.

Read more

Indie Makers Using Single-Board Computers

Filed under
Linux
Interviews

Two such projects have really caught my attention lately: the Noodle Pi and the TinyPi.

The Noodle Pi is a simple, handheld computer (about the size of a deck of playing cards). And, when I say simple, I mean simple. It's got a micro-USB charging port, another for plugging in USB devices, a touch screen and a battery. Think of it like an old-school PDA without any buttons (other than a small power toggle) and the ability to run a full Linux-based desktop.

Read more

MiyoLinux: A Lightweight Distro with an Old-School Approach

Filed under
Linux

If you’re itching to throw it back to a time when Linux offered you a bit of challenge to your daily grind, MiyoLinux might be just the operating system for you. It’s a lightweight operating system that makes good use of a minimal set of tools. Anyone who likes their distributions to be less modern and more streamlined will love this take on the Linux desktop. However, if you prefer your desktop with the standard bells and whistles, found on modern distributions, you’ll probably find MiyoLinux nothing more than a fun distraction from the standard fare.

Read more

KDE Chat on Matrix

Filed under
KDE
OSS

KDE and open source in general has used IRC since the 90s but times change and these days people expect more than text with lots of internals exposed to the user. So KDE has set up a Matrix server which talks to other Matrix server and importantly also talks to IRC servers and their channels because some people will never change. The bridging to IRC isn’t perfect but it works much neater than on e.g. Telegram where the IRC user is one bot, here the IRC user is an individual user and you can set it up to use the same nickname you’ve been using since 1995. Unless you use square brackets in your nickname in which case I’ve no sympathy.

But it still requires a bit of understanding and setup. For one thing you need an app to talk to it, and the more common apps seem to be Riot web and Riot Android. KDE has its own setup of Riot web called webchat.kde.org and you can get the Android client from F-Droid or Google Play. Once you make an account you also need to tick some boxes (including one saying you are over 16 which vexes somewhat but it doesn’t be beyond the ability of most 15 year old to work out how to work around it).

Read more

today's leftovers

Filed under
Misc
  • Sparky news 2019/02

    The 2nd monthly report of 2019 of the Sparky project

  • MX Linux and SystemRescueCD
  • Scaling PostgreSQL with Kubernetes Operators

    Crunchy Data's open source Crunchy PostgreSQL Operator is an Operator for PostgreSQL that is used in many production environments. It provides a simple yet powerful command-line interface that lets users deploy their own database-as-a-service system on any Kubernetes-enabled platform.

    For example, with the pgo create command, which is used to provision a database, you can set up a distributed, high-availability PostgreSQL cluster with full disaster recovery support along with a database monitoring sidecar powered by pgMonitor. In other words, in lieu of a complicated multi-step process or having to write your own scripts, you can create the type of PostgreSQL system required for production from a single command.

    While this may seem to be overkill if you are managing a handful of database clusters, the value of an Operator scales significantly if you need to support hundreds or thousands of different clusters. Having a standardized set of commands with the ability to flexibly deploy clusters for different workloads both eases the administration burden and provides more options for how a team can develop and deploy workloads into production.

  • Today's Context Demands Use of OER

    This movement is the most exciting thing to happen to higher ed in my lifetime. It brings together the humanity, respect for students (and instructors!) and impetus to make a positive change in students’ lives from thinkers like bell hooks, Paulo Freire and John Dewey with the technological know-how and thirst for openness, access and justice of Seymour Papert, Richard M. Stallman and Aaron Swartz.

    There is no point in my parodying the eloquence of the expositors of open pedagogy cited above -- please go read them right now, if you haven’t yet. But one thing I can do is add a small point I haven’t see those authors emphasize, in the spirit (following Green) of exploring what motivates faculty. One thing that faculty members love (perhaps particularly at primarily research institutions, where they may be worried about something with enormous impact on pedagogy but which will require a large investment of their time) is their academic freedom.

  • AMDGPU LLVM Backend Seeing A Number Of Fixes In Recent Days

    If you habitually use the latest open-source graphics drivers, you may want to pull down the latest LLVM code from SVN/Git as there has been a number of fixes to the AMDGPU back-end in recent days.

    For those that haven't upgraded in a while or perhaps still on the LLVM 8 code-base, the latest LLVM 9 development code has been seeing a number of AMDGPU commits during the second half of February. There's been enabling of function calls by default that fixes some crashes, other crash fixes, implementing various features, enabling the DPP combiner pass by default, and other bits.

  • PyCharm 2019.1 EAP 6

    A variable viewer for our native Jupyter Notebook support, an interpreter indicator in the status bar, and more. Try the PyCharm 2019.1 EAP now, you can download the latest version on our website.

  • Include the currency name into the forex application

    Hello and welcome back to this new python forex application project. In the previous chapter, we have successfully retrieved the name and the id pair for all the conbase supported currencies, and in this chapter, we will use that information to add the currency name beside each currency id when we are comparing that currency to the USD. Below is the modify version of this program.

  • IRC vs IRL: How to run a good IRC meeting

    There's an art to running a meeting in any format. Many people have learned to run in-person or telephone meetings, but Internet Relay Chat (IRC) meetings have unique characteristics that differ from "in real life" (IRL) meetings. This article will share the advantages and disadvantages of the IRC format as well as tips that will help you lead IRC meetings more effectively.

    Why IRC? Despite the wealth of real-time chat options available today, IRC remains a cornerstone of open source projects. If your project uses another communication method, don't worry. Most of this advice works for any synchronous text chat mechanism, perhaps with a few tweaks here and there.

AV1 Image File Format (AVIF), Awful Intel Standards, and Linux Kernel at LWN

Filed under
Graphics/Benchmarks
Linux
  • AV1 Image File Format v1.0 Finalized

    The AV1 Image File Format (AVIF) appears solid now with it having been promoted to version 1.0.0. 

    The AV1 Image File Format (AVIF) is the specification for storing images and image sequences (animated images) compressed via AV1 in the HEIF High-Efficiency Image File Format. AV1, of course, being the promising royalty-free video coding format competing with the likes of HEVC/H.265. This is to AV1 as the WebP image format is to VP9/WebM. 

    The AV1 Image File Format continues making inroads and being worked on by the likes of Netflix and Microsoft, among other tech companies. Back in December, Netflix began publishing sample AVIF sample images here.

  • USB 3.2 Is Here To Make Things More Confusing For Everyone

    But with the introduction of USB 3.2, things have become even more confusing.

    The USB standards body has now rebranded 5Gb/s devices as “USB 3.2 Gen 1,” 10Gb/s devices as “USB 3.2 Gen 2” and the latest standard offering 20Gb/s speed has been dubbed “USB 3.2 Gen 2×2” because two 10Gb/s connections run parallelly in the wire.

  • The Intel-Developed Vulkan Overlay Layer Picks Up New Features, Dump FPS To File

    It was just one week ago that developers from the Intel Open-Source Technology Center contributed their new Vulkan Overlay later to Mesa 19.1 for providing various performance metrics/statistics of use to application/driver developers. This Vulkan overlay continues being improved upon as well as making it more applicable to gamers/enthusiasts.

  • The case of the supersized shebang

    Regressions are an unavoidable side effect of software development; the kernel is no different in that regard. The 5.0 kernel introduced a change in the handling of the "#!" (or "shebang") lines used to indicate which interpreter should handle an executable text file. The problem has been duly fixed, but the incident shows how easy it can be to introduce unexpected problems and highlights some areas where the kernel's development process does not work as well as we might like.
    By longstanding Unix convention, an attempt to execute a file that does not have a recognized binary format will result in that file being passed to an interpreter. By default, the interpreter is a shell, which will interpret the file as a shell script. If, however, the file starts with the characters "#!", the remainder of the first line will be treated as the name of the interpreter to use (and possibly arguments to be passed to that interpreter). This mechanism allows programs written in almost any interpreted language to be executed directly; the user need never know which interpreter is actually doing the work behind the scenes.

  • Per-vector software-interrupt masking

    Software interrupts (or "softirqs") are one of the oldest deferred-execution mechanisms in the kernel, and that age shows at times. Some developers have been occasionally heard to mutter about removing them, but softirqs are too deeply embedded into how the kernel works to be easily ripped out; most developers just leave them alone. So the recent per-vector softirq masking patch set from Frederic Weisbecker is noteworthy as an exception to that rule. Weisbecker is not getting rid of softirqs, but he is trying to reduce their impact and improve their latency.
    Hardware interrupts are the means by which the hardware can gain a CPU's attention to signal the completion of an I/O operation or some other situation of interest. When an interrupt is raised, the currently running code is (usually) preempted and an interrupt handler within the kernel is executed. A cardinal rule for interrupt handlers is that they must execute quickly, since they interfere with the other work the CPU is meant to be doing. That usually implies that an interrupt handler will do little more than acknowledge the interrupt to the hardware and set aside enough information to allow the real processing work to be done in a lower-priority mode.

    The kernel offers a number of deferred-execution mechanisms through which that work can eventually be done. In current kernels, the most commonly used of those is workqueues, which can be used to queue a function call to be run in kernel-thread context at some later time. Another is tasklets, which execute at a higher priority than workqueues; adding new tasklet users tends to be mildly discouraged for reasons we'll get to. Other kernel subsystems might use timers or dedicated kernel threads to get their deferred work done.

Security: GNOME Security Internship, Supply Chain Security Talk, SHAREit is 'Cracked'

Filed under
Security
  • GNOME Security Internship - The end?

    The first part regarding protecting the system from potentially unwanted new USB devices can be considered completed. Probably now it will requires just bug fixing and minor changes, if necessary. The required merge requests are up.

    The second part regarding limiting the number of usable keys for untrusted keyboards reached a working stage. However it’s still under evaluation which is the best way to achieve it, because even if with the current solution works it doesn’t mean that this is the desirable way to do it.

  • Supply Chain Security Talk [iophk: "warning for Microsoft event; maybe don't want to [attend] despite Bunnie presenting"]

    In the talk, I relay some of my personal trials authenticating my supply chains, then I go into the why of the supply chain attacks to establish some scenarios for evaluating different approaches. The talk attempts to broadly categorize the space of possible attacks, ranging from attacks that cost a penny and a few seconds to pull off to hundreds of thousands of dollars and months. Finally, I try to outline the depth of the supply chain attack surface, highlighting the overall TOCTOU (time of check, time of use) problem that is the supply chain.

  • Critical SHAREit Flaw Gives Attackers Full Access To Device Files

    Data sharing apps like SHAREit and Xender have transformed the way files are shared, since their release a few years ago. The apps transfer files over wifi which is much faster compared to sending files using Bluetooth.

  • High-Severity SHAREit App Flaws Open Files for the Taking

    SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim’s device.

    Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism – and ultimately download content and arbitrary files from the victim’s device, along with a raft of data such as Facebook tokens and cookies.

Forget Windows Use Linux – A Distro Designed to Work with Android

Filed under
OS
GNU
Linux
Microsoft

Over a year ago, we published a list of the Top 10 Open Source Distros You Haven’t Heard About, and while we also had good suggestions in the comments but the subject of our article today was nowhere in our radar. It goes by the name of FWUL which, interestingly, stands for Forget Windows, Use Linux.

FWUL (Forget Windows Use Linux) is a lightweight open-source Operating System based on Arch Linux that started as an initiative to create a smooth Android-like User Experience for desktop users who had issues with Microsoft Windows.

The same FWUL has an interesting name for an Operating System is the same way it has an interesting back story. The developer always pointed users to Linux whenever the complained about their issues with Windows because he believed that most of them were fixable in Linux.

However, popular distros like Ubuntu and Linux Mint didn’t include everything Android users need. For example, Ubuntu users still need to enter commands to install some apps, flashing Android phones requires the installation of certain drivers, etc.

Read more

Mozilla and Mycroft: WebRender and Voice Recognition

Filed under
Moz/FF
  • Mozilla GFX: WebRender newsletter #41

    Welcome to episode 41 of WebRender’s newsletter.

    WebRender is a GPU based 2D rendering engine for web written in Rust, currently powering Mozilla’s research web browser Servo and on its way to becoming Firefox‘s rendering engine.

    Today’s highlights are two big performance improvements by Kvark and Sotaro. I’ll let you follow the links below if you are interested in the technical details.
    I think that Sotaro’s fix illustrates well the importance of progressively rolling out this type of project a hardware/OS configuration at a time, giving us the time and opportunity to observe and address each configuration’s strengths and quirks.

  • Sharing our Common Voices – Mozilla releases the largest to-date public domain transcribed voice dataset

    Mozilla crowdsources the largest dataset of human voices available for use, including 18 different languages, adding up to almost 1,400 hours of recorded voice data from more than 42,000 contributors.

    From the onset, our vision for Common Voice has been to build the world’s most diverse voice dataset, optimized for building voice technologies. We also made a promise of openness: we would make the high quality, transcribed voice data that was collected publicly available to startups, researchers, and anyone interested in voice-enabled technologies.

    Today, we’re excited to share our first multi-language dataset with 18 languages represented, including English, French, German and Mandarin Chinese (Traditional), but also for example Welsh and Kabyle. Altogether, the new dataset includes approximately 1,400 hours of voice clips from more than 42,000 people.

  • Securing privacy with Mycroft, an Open AI voice assistant

    Voice-assisted technologies are extremely popular; already there are 2.5 billion such devices in use and that's expected to triple to 8 billion by 2023. This growth appears to be unstoppable—despite the privacy and security vulnerabilities in mainstream voice-assisted technology.

    One of these is the "open-window" vulnerability where, for example, a malicious person walks by an open window and shouts, "Hey, unlock the door!" and gains access to the house. Researchers have also identified thousands of false-positive wake words for Alexa and Google, potential attack vectors to inject malicious commands. Some people bring up the risk of subsonic commands injected over TV. Amazon may already be using frequency manipulations to keep Alexa from activating during its commercials. And, as with any web-connected computer device, there's the potential for backdoors and other common vulnerabilities.

Development: LibreOffice Asia Conference 2019, Fedora Development Docs, GNOME Online Accounts (GOA) and Another Developer Gathering for Devuan

Filed under
OS
LibO
  • LibreOffice Asia Conference 2019, Tokyo: Call for Papers is open

    Call for Papers for LibreOffice Asia Conference 2019, held at the Nihonbashi Tokyo Tower (at Cyboze, Inc., Tokyo Office) on May 25th (Sat) and 26th (Sun), is now open.

    LibreOffice Asia Conference will be the first event gathering LibreOffice users, advocates and contributors (not only development, but also localization, PR/marketing, documentation, quality assurance, … etc.) from different countries in Asia, to exchange and share experiences and knowledge.

    During the conference, we will discuss LibreOffice related business such as supporting and training, migrating to LibreOffice and the ODF true standard format, developing, and any other community activity in Asia. In addition, we will have guests from the core team at The Document Foundation, which is a charitable foundation and the home of LibreOffice.

  • Fedora IoT Docs are Live

    Design ideas: My focus was on technical content. The basic layout is dictated by the Fedora Docs project but a bit of design work on the welcome page and the addition of any IoT specific logos would be nice. Also, there are a few screenshots that could use a pointer or box to highlight the area described in the text.

    Verify links for downloads and upgrades: The working group now has regular updated images available in a CDN and the next downloadable image is in progress along with the final version of the landing page for downloads. Once the update and release schedule process is smoothed out, the documentation needs to be verified.

    Get ready for F30: When Fedora 30 is ready, the site will need some Release Notes and the User Guide will need some updates to cover new features. You can submit suggestions as iot-docs issues in pagure.

  • Some challenges for GNOME online accounts

    The cynical among us might be tempted to think that an announcement from the GNOME project about the removal of a feature — a relatively unused feature at that — would be an unremarkable event. In practice, though, Debarshi Ray's announcement that the GNOME Online Accounts (GOA) subsystem would no longer support the "documents" access point touched off a lengthy discussion within the project itself. The resulting discussion revealed a few significant problems with GOA and, indeed, with the concept of online-account management in any sort of open-source umbrella project like GNOME.

    GOA is meant to provide a single sign on system integrating GNOME applications with web-based services. Any application that, for example, wants to access files stored in Google Drive would ordinarily have to ask the user for credentials and log into Drive separately, which gets tiresome for users running a lot of applications. By routing this access through GOA, the GNOME developers hope to simplify the process of using those services. GOA includes a number of different "integration points" for different types of services, including files, email, calendars, contacts, and more.

    The "documents" point was used by the Documents application, which is meant to help users manage their documents. It has suffered, though, from a lack of both users and developers and lacks basic features; Michael Catanzaro described it as "basically just 'bad evince'". That certainly restricts its prospects for success; as Ray put it: "it doesn't stand any chance of adoption unless it can open files like /usr/bin/evince". Documents has duly been removed from the core set of GNOME applications. Since it was the only core application using the "documents" integration point, that point is now being removed.

  • Systemd-Free Debian "Devuan" Planning Their First Developer Gathering This Spring

    For fans of Devuan, the downstream of Debian focused on "init system independence" or just "Debian without systemd", their first-ever conference is happening in just over one month.

More in Tux Machines

Security Leftovers

  • Cryptojacking Code Found in 11 Open Libraries, Thousands Infected

    A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times. Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

  • Malicious cryptojacking code found in 11 Ruby libraries

    Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people. The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.

  • Cryptojacking Scripts Found in 11 Open-Source Code Libraries

    According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.

  • First‑of‑its‑kind spyware sneaks into Google Play
  • Open-source spyware bypasses Google Play defenses — twice

    Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017. Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores. While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

  • 61 impacted versions of Apache Struts left off security advisories

    Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework. The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.

  • Sectigo Sponsors Automated Certificate Issuance and Renewal in Electronic Frontier Foundation’s Certbot Open Source Software Tool

    Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.

GNU Parallel 20190822 ('Jesper Svarre') released [stable]

GNU Parallel 20190822 ('Jesper Svarre') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

KDE ISO Image Writer – Release Announcement

My GSoC project comes to an end and I am going to conclude this series of articles by announcing the release of a beta version of KDE ISO Image Writer. Read more Also: How I got a project in Labplot KDE

Linux Foundation: Automotive Grade Linux Announcement and Calling Surveillance Operations "Confidential Computing"

  • Automotive Grade Linux Announces New Instrument Cluster Expert Group and UCB 8.0 Code Release

    Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0. The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020. “AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”

  • Shhh! Microsoft, Intel, Google and more sign up to the Confidential Computing Consortium

    The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data. The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing. The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.

  • Tech giants come together to form cloud security watchdog

    Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others. The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services. At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”

  • Tech firms join forces to boost cloud security

    Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. [...] “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

  • Google, Intel and Microsoft form data protection consortium
  • Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing

    Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.

  • Confidential Computing: How Big Tech Companies Are Coming Together To Secure Data At All Levels

    Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry. The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

  • IT giants join forces for full-system data security

    Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors. Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.

  • Google, Intel, and Microsoft partner to improve cloud security

    Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.

  • Alibaba, Baidu, Google, Microsoft, Others Back Confidential Computing Consortium

    The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.

  • Microsoft, Intel and others are doubling down on open source Linux security

    In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.

  • Microsoft, Intel, and Red Hat Back Confidential Computing

    The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants. Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.